From 9990080334c292192954eecafbed47289f3549c3 Mon Sep 17 00:00:00 2001 From: Timo Sirainen Date: Mon, 29 Feb 2016 13:02:40 +0200 Subject: [PATCH] doveadm-server: Drop privileges only temporarily when running mail commands. This allows running mail commands for multiple users within the same doveadm connection. --- src/doveadm/doveadm-mail.c | 6 ++++++ src/doveadm/doveadm-mail.h | 2 ++ 2 files changed, 8 insertions(+) diff --git a/src/doveadm/doveadm-mail.c b/src/doveadm/doveadm-mail.c index 25235ad90a..be7c3804c1 100644 --- a/src/doveadm/doveadm-mail.c +++ b/src/doveadm/doveadm-mail.c @@ -584,6 +584,10 @@ doveadm_mail_cmd_exec(struct doveadm_mail_cmd_context *ctx, if (ctx->cur_username == NULL) i_fatal_status(EX_USAGE, "USER environment is missing and -u option not used"); + if (!ctx->cli) { + /* we may access multiple users */ + ctx->service_flags |= MAIL_STORAGE_SERVICE_FLAG_TEMP_PRIV_DROP; + } memset(&cctx, 0, sizeof(cctx)); cctx.username = ctx->cur_username; @@ -631,6 +635,7 @@ doveadm_mail_cmd(const struct doveadm_mail_cmd *cmd, int argc, char *argv[]) ctx = doveadm_mail_cmdline_init(cmd); ctx->full_args = (const void *)(argv + 1); + ctx->cli = TRUE; getopt_args = "AF:S:u:"; /* keep context's getopt_args first in case it contains '+' */ @@ -1000,6 +1005,7 @@ doveadm_cmd_ver2_to_mail_cmd_wrapper(struct doveadm_cmd_context *cctx) array_append_zero(&pargv); mctx->args = array_idx(&pargv, 0); mctx->full_args = mctx->args; + mctx->cli = cctx->cli; doveadm_mail_cmd_exec(mctx, wildcard_user); doveadm_mail_cmd_free(mctx); diff --git a/src/doveadm/doveadm-mail.h b/src/doveadm/doveadm-mail.h index 40b59976ee..b33543899f 100644 --- a/src/doveadm/doveadm-mail.h +++ b/src/doveadm/doveadm-mail.h @@ -97,6 +97,8 @@ struct doveadm_mail_cmd_context { unsigned int iterate_single_user:1; /* We're going through all users (not set for wildcard usernames) */ unsigned int iterate_all_users:1; + /* Running from CLI doveadm (not doveadm-server) */ + unsigned int cli:1; }; struct doveadm_mail_cmd {