From 59faa42d9d6ced2d5e802bc33c4e420f18a0c892 Mon Sep 17 00:00:00 2001 From: "Marc G. Fournier" Date: Tue, 22 Oct 1996 22:52:37 +0000 Subject: [PATCH] Last time I trust 'sucess's on a non-context diff... Pointed out by: Bill Fenner --- libexec/mail.local/mail.local.c | 45 +++++++++++++++++---------------- 1 file changed, 23 insertions(+), 22 deletions(-) diff --git a/libexec/mail.local/mail.local.c b/libexec/mail.local/mail.local.c index 733762add9fa..91871bc49225 100644 --- a/libexec/mail.local/mail.local.c +++ b/libexec/mail.local/mail.local.c @@ -30,7 +30,7 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $Id: mail.local.c,v 1.7 1996/09/22 21:54:07 wosch Exp $ + * $Id: mail.local.c,v 1.8 1996/10/22 21:01:01 scrappy Exp $ */ #ifndef lint @@ -197,13 +197,13 @@ void deliver(fd, name, nobiff) int fd, nobiff; char *name; - uid_t saveeuid; { struct stat fsb, sb; struct passwd *pw; int mbfd, nr, nw, off; char biffmsg[100], buf[8*1024], path[MAXPATHLEN]; off_t curoff; + uid_t saveeuid; /* * Disallow delivery to unknown names -- special mailboxes can be @@ -233,8 +233,6 @@ deliver(fd, name, nobiff) * If we created the mailbox, set the owner/group. If that fails, * just return. Another process may have already opened it, so we * can't unlink it. Historically, binmail set the owner/group at - - saveeuid=geteuid(); * each mail delivery. We no longer do this, assuming that if the * ownership or permissions were changed there was a reason. @@ -242,6 +240,8 @@ deliver(fd, name, nobiff) * XXX * open(2) should support flock'ing the file. */ + + saveeuid=geteuid(); tryagain: if (lstat(path, &sb)) { mbfd = open(path, @@ -249,6 +249,14 @@ tryagain: if (mbfd == -1) { if (errno == EEXIST) + + goto tryagain; + } else if (fchown(mbfd, pw->pw_uid, pw->pw_gid)) { + e_to_sys(errno); + warn("chown %u.%u: %s", pw->pw_uid, pw->pw_gid, name); + return; + } + /* Now that the box is created and permissions are correct, we close it and go back to the top so that we will come in and write as the user. We dont seteuid() before the above @@ -257,12 +265,11 @@ tryagain: close(mbfd); goto tryagain; - goto tryagain; - } else if (fchown(mbfd, pw->pw_uid, pw->pw_gid)) { - e_to_sys(errno); - warn("chown %u.%u: %s", pw->pw_uid, pw->pw_gid, name); - return; - + } else if (sb.st_nlink != 1 || S_ISLNK(sb.st_mode)) { + e_to_sys(errno); + warn("%s: linked file", path); + return; + } else { /* Become the user, so quota enforcement will occur */ if(seteuid(pw->pw_uid) != 0) { @@ -270,22 +277,15 @@ tryagain: return; } - } - } else if (sb.st_nlink != 1 || S_ISLNK(sb.st_mode)) { - e_to_sys(errno); - warn("%s: linked file", path); - return; - } else { mbfd = open(path, O_APPEND|O_WRONLY, 0); - seteuid(saveeuid); if (mbfd != -1 && (fstat(mbfd, &fsb) || fsb.st_nlink != 1 || S_ISLNK(fsb.st_mode) || sb.st_dev != fsb.st_dev || sb.st_ino != fsb.st_ino)) { warn("%s: file changed after open", path); (void)close(mbfd); + seteuid(saveeuid); return; - seteuid(saveeuid); } } @@ -294,6 +294,7 @@ tryagain: e_to_sys(errno); warn("%s: %s", path, strerror(errno)); return; + seteuid(saveeuid); } /* Wait until we can get a lock on the file. */ @@ -327,19 +328,16 @@ tryagain: if (nr < 0) { e_to_sys(errno); warn("temporary file: %s", strerror(errno)); - seteuid(saveeuid); err2: (void)ftruncate(mbfd, curoff); err1: (void)close(mbfd); + seteuid(saveeuid); return; } #ifndef DONT_FSYNC /* Flush to disk, don't wait for update. */ - seteuid(saveeuid); if (fsync(mbfd)) { e_to_sys(errno); - - seteuid(saveeuid); warn("%s: %s", path, strerror(errno)); goto err2; } @@ -349,9 +347,12 @@ err1: (void)close(mbfd); if (close(mbfd)) { e_to_sys(errno); warn("%s: %s", path, strerror(errno)); + seteuid(saveeuid); return; } + seteuid(saveeuid); + if (!nobiff) notifybiff(biffmsg); }