auth: userdb passwd iteration now skips users not in first/last_valid…

…_gid range Patch by Michal Hlavinka / Red Hat
dovecot · Jun 29, 2016 · ca5b3ec · ca5b3ec
1 parent d080f54
commit ca5b3ec
Show file tree

Hide file tree

Showing 3 changed files with 10 additions and 0 deletions.
diff --git a/src/auth/auth-settings.c b/src/auth/auth-settings.c
@@ -264,6 +264,8 @@ static const struct setting_define auth_setting_defines[] = {
 	DEF_NOPREFIX(SET_BOOL, verbose_proctitle),
 	DEF_NOPREFIX(SET_UINT, first_valid_uid),
 	DEF_NOPREFIX(SET_UINT, last_valid_uid),
+	DEF_NOPREFIX(SET_UINT, first_valid_gid),
+	DEF_NOPREFIX(SET_UINT, last_valid_gid),
 
 	SETTING_DEFINE_LIST_END
 };
@@ -313,6 +315,8 @@ static const struct auth_settings auth_default_settings = {
 	.verbose_proctitle = FALSE,
 	.first_valid_uid = 500,
 	.last_valid_uid = 0,
+	.first_valid_gid = 1,
+	.last_valid_gid = 0,
 };
 
 const struct setting_parser_info auth_setting_parser_info = {

diff --git a/src/auth/auth-settings.h b/src/auth/auth-settings.h
@@ -79,6 +79,8 @@ struct auth_settings {
 	bool verbose_proctitle;
 	unsigned int first_valid_uid;
 	unsigned int last_valid_uid;
+	unsigned int first_valid_gid;
+	unsigned int last_valid_gid;
 
 	/* generated: */
 	char username_chars_map[256];

diff --git a/src/auth/userdb-passwd.c b/src/auth/userdb-passwd.c
@@ -145,6 +145,10 @@ passwd_iterate_want_pw(struct passwd *pw, const struct auth_settings *set)
 		return FALSE;
 	if (pw->pw_uid > (uid_t)set->last_valid_uid && set->last_valid_uid != 0)
 		return FALSE;
+	if (pw->pw_gid < (gid_t)set->first_valid_gid)
+		return FALSE;
+	if (pw->pw_gid > (gid_t)set->last_valid_gid && set->last_valid_gid != 0)
+		return FALSE;
 	return TRUE;
 }