static void main_init(void)
{
struct master_service_connection conn;
if (IS_STANDALONE()) {
memset(&conn, 0, sizeof(conn));
(void)client_create(STDIN_FILENO, STDOUT_FILENO, &conn);
}
dns_client_socket_path = t_abspath(DNS_CLIENT_SOCKET_PATH);
}
int main(int argc, char *argv[])
{
const struct setting_parser_info *set_roots[] = {
&lda_setting_parser_info,
&lmtp_setting_parser_info,
NULL
};
enum master_service_flags service_flags = 0;
enum mail_storage_service_flags storage_service_flags =
MAIL_STORAGE_SERVICE_FLAG_DISALLOW_ROOT |
MAIL_STORAGE_SERVICE_FLAG_USERDB_LOOKUP |
MAIL_STORAGE_SERVICE_FLAG_TEMP_PRIV_DROP |
MAIL_STORAGE_SERVICE_FLAG_NO_LOG_INIT |
MAIL_STORAGE_SERVICE_FLAG_NO_IDLE_TIMEOUT;
int c;
if (IS_STANDALONE()) {
service_flags |= MASTER_SERVICE_FLAG_STANDALONE |
MASTER_SERVICE_FLAG_STD_CLIENT;
} else {
service_flags |= MASTER_SERVICE_FLAG_KEEP_CONFIG_OPEN;
}
master_service = master_service_init("lmtp", service_flags,
&argc, &argv, "D");
while ((c = master_getopt(master_service)) > 0) {
switch (c) {
case 'D':
storage_service_flags |=
MAIL_STORAGE_SERVICE_FLAG_ENABLE_CORE_DUMPS;
break;
default:
return FATAL_DEFAULT;
}
}
if (t_get_current_dir(&base_dir) < 0)
i_fatal("getcwd() failed: %m");
drop_privileges();
master_service_init_log(master_service,
t_strdup_printf("lmtp(%s): ", my_pid));
storage_service = mail_storage_service_init(master_service, set_roots,
storage_service_flags);
restrict_access_allow_coredumps(TRUE);
main_init();
master_service_init_finish(master_service);
master_service_run(master_service, client_connected);
main_deinit();
mail_storage_service_deinit(&storage_service);
master_service_deinit(&master_service);
return 0;
}
static void main_stdio_run(const char *access_user,
const char *const *access_applications)
{
bool debug;
debug = getenv("DEBUG");
access_user = access_user != NULL ? access_user : getenv("USER");
if (access_user == NULL && IS_STANDALONE())
access_user = getlogin();
if (access_user == NULL)
i_fatal("USER environment missing");
(void)client_create_standalone(access_user, access_applications,
STDIN_FILENO, STDOUT_FILENO, debug);
}
static void client_add_input(struct client *client, const buffer_t *buf)
{
struct ostream *output;
if (buf != NULL && buf->used > 0) {
if (!i_stream_add_data(client->input, buf->data, buf->used))
i_panic("Couldn't add client input to stream");
}
output = client->output;
o_stream_ref(output);
o_stream_cork(output);
if (!IS_STANDALONE())
client_send_line(client, "+OK Logged in.");
(void)client_handle_input(client);
o_stream_uncork(output);
o_stream_unref(&output);
}
static int
client_create_from_input(const struct mail_storage_service_input *input,
int fd_in, int fd_out, const buffer_t *input_buf,
const char **error_r)
{
const char *lookup_error_str =
"-ERR [SYS/TEMP] "MAIL_ERRSTR_CRITICAL_MSG"\r\n";
struct mail_storage_service_user *user;
struct mail_user *mail_user;
struct client *client;
const struct pop3_settings *set;
const char *error;
if (mail_storage_service_lookup_next(storage_service, input,
&user, &mail_user, error_r) <= 0) {
if (write(fd_out, lookup_error_str, strlen(lookup_error_str)) < 0) {
/* ignored */
}
return -1;
}
restrict_access_allow_coredumps(TRUE);
set = mail_storage_service_user_get_set(user)[1];
if (set->verbose_proctitle)
verbose_proctitle = TRUE;
if (client_create(fd_in, fd_out, input->session_id,
mail_user, user, set, &client) < 0)
return 0;
if (!IS_STANDALONE())
client_send_line(client, "+OK Logged in.");
if (client_init_mailbox(client, &error) == 0)
client_add_input(client, input_buf);
else {
i_error("%s", error);
client_destroy(client, error);
}
return 0;
}
int main(int argc, char *argv[])
{
static const struct setting_parser_info *set_roots[] = {
&pop3_setting_parser_info,
NULL
};
struct master_login_settings login_set;
enum master_service_flags service_flags = 0;
enum mail_storage_service_flags storage_service_flags = 0;
const char *username = NULL;
int c;
memset(&login_set, 0, sizeof(login_set));
login_set.postlogin_timeout_secs = MASTER_POSTLOGIN_TIMEOUT_DEFAULT;
if (IS_STANDALONE() && getuid() == 0 &&
net_getpeername(1, NULL, NULL) == 0) {
printf("-ERR [SYS/PERM] pop3 binary must not be started from "
"inetd, use pop3-login instead.\n");
return 1;
}
if (IS_STANDALONE()) {
service_flags |= MASTER_SERVICE_FLAG_STANDALONE |
MASTER_SERVICE_FLAG_STD_CLIENT;
} else {
service_flags |= MASTER_SERVICE_FLAG_KEEP_CONFIG_OPEN;
storage_service_flags |=
MAIL_STORAGE_SERVICE_FLAG_DISALLOW_ROOT;
}
master_service = master_service_init("pop3", service_flags,
&argc, &argv, "t:u:");
while ((c = master_getopt(master_service)) > 0) {
switch (c) {
case 't':
if (str_to_uint(optarg, &login_set.postlogin_timeout_secs) < 0 ||
login_set.postlogin_timeout_secs == 0)
i_fatal("Invalid -t parameter: %s", optarg);
break;
case 'u':
storage_service_flags |=
MAIL_STORAGE_SERVICE_FLAG_USERDB_LOOKUP;
username = optarg;
break;
default:
return FATAL_DEFAULT;
}
}
login_set.auth_socket_path = t_abspath("auth-master");
if (argv[optind] != NULL)
login_set.postlogin_socket_path = t_abspath(argv[optind]);
login_set.callback = login_client_connected;
login_set.failure_callback = login_client_failed;
master_service_init_finish(master_service);
master_service_set_die_callback(master_service, pop3_die);
storage_service =
mail_storage_service_init(master_service,
set_roots, storage_service_flags);
/* fake that we're running, so we know if client was destroyed
while handling its initial input */
io_loop_set_running(current_ioloop);
if (IS_STANDALONE()) {
T_BEGIN {
main_stdio_run(username);
} T_END;
} else {
int
verify_user(struct passwd *pw, char *prompt)
{
int counter = def_passwd_tries + 1;
int success = AUTH_FAILURE;
int flags, status, standalone, rval;
char *p;
sudo_auth *auth;
sigaction_t sa, osa;
/* Enable suspend during password entry. */
sigemptyset(&sa.sa_mask);
sa.sa_flags = SA_RESTART;
sa.sa_handler = SIG_DFL;
(void) sigaction(SIGTSTP, &sa, &osa);
/* Make sure we have at least one auth method. */
if (auth_switch[0].name == NULL) {
audit_failure(NewArgv, "no authentication methods");
log_error(0,
_("There are no authentication methods compiled into sudo! "
"If you want to turn off authentication, use the "
"--disable-authentication configure option."));
return -1;
}
/* Make sure we haven't mixed standalone and shared auth methods. */
standalone = IS_STANDALONE(&auth_switch[0]);
if (standalone && auth_switch[1].name != NULL) {
audit_failure(NewArgv, "invalid authentication methods");
log_error(0, _("Invalid authentication methods compiled into sudo! "
"You may mix standalone and non-standalone authentication."));
return -1;
}
/* Set FLAG_ONEANDONLY if there is only one auth method. */
if (auth_switch[1].name == NULL)
SET(auth_switch[0].flags, FLAG_ONEANDONLY);
/* Initialize auth methods and unconfigure the method if necessary. */
for (auth = auth_switch; auth->name; auth++) {
if (auth->init && !IS_DISABLED(auth)) {
if (NEEDS_USER(auth))
set_perms(PERM_USER);
status = (auth->init)(pw, &prompt, auth);
if (status == AUTH_FAILURE)
SET(auth->flags, FLAG_DISABLED);
else if (status == AUTH_FATAL) { /* XXX log */
audit_failure(NewArgv, "authentication failure");
return -1; /* assume error msg already printed */
}
if (NEEDS_USER(auth))
restore_perms();
}
}
while (--counter) {
/* Do any per-method setup and unconfigure the method if needed */
for (auth = auth_switch; auth->name; auth++) {
if (auth->setup && !IS_DISABLED(auth)) {
if (NEEDS_USER(auth))
set_perms(PERM_USER);
status = (auth->setup)(pw, &prompt, auth);
if (status == AUTH_FAILURE)
SET(auth->flags, FLAG_DISABLED);
else if (status == AUTH_FATAL) {/* XXX log */
audit_failure(NewArgv, "authentication failure");
return -1; /* assume error msg already printed */
}
if (NEEDS_USER(auth))
restore_perms();
}
}
/* Get the password unless the auth function will do it for us */
if (standalone) {
p = prompt;
} else {
p = auth_getpass(prompt, def_passwd_timeout * 60,
SUDO_CONV_PROMPT_ECHO_OFF);
if (p == NULL)
break;
}
/* Call authentication functions. */
for (auth = auth_switch; auth->name; auth++) {
if (IS_DISABLED(auth))
continue;
if (NEEDS_USER(auth))
set_perms(PERM_USER);
success = auth->status = (auth->verify)(pw, p, auth);
if (NEEDS_USER(auth))
restore_perms();
if (auth->status != AUTH_FAILURE)
goto cleanup;
}
if (!standalone)
zero_bytes(p, strlen(p));
pass_warn();
}
cleanup:
/* Call cleanup routines. */
for (auth = auth_switch; auth->name; auth++) {
if (auth->cleanup && !IS_DISABLED(auth)) {
if (NEEDS_USER(auth))
set_perms(PERM_USER);
status = (auth->cleanup)(pw, auth);
if (status == AUTH_FATAL) { /* XXX log */
audit_failure(NewArgv, "authentication failure");
return -1; /* assume error msg already printed */
}
if (NEEDS_USER(auth))
restore_perms();
}
}
switch (success) {
case AUTH_SUCCESS:
(void) sigaction(SIGTSTP, &osa, NULL);
rval = TRUE;
break;
case AUTH_INTR:
case AUTH_FAILURE:
if (counter != def_passwd_tries) {
if (def_mail_badpass || def_mail_always)
flags = 0;
else
flags = NO_MAIL;
log_error(flags, ngettext("%d incorrect password attempt",
"%d incorrect password attempts",
def_passwd_tries - counter), def_passwd_tries - counter);
}
audit_failure(NewArgv, "authentication failure");
rval = FALSE;
break;
case AUTH_FATAL:
default:
audit_failure(NewArgv, "authentication failure");
rval = -1;
break;
}
return rval;
}
int main(int argc, char *argv[])
{
static const struct setting_parser_info *set_roots[] = {
&imap_urlauth_worker_setting_parser_info,
NULL
};
enum master_service_flags service_flags = 0;
enum mail_storage_service_flags storage_service_flags =
MAIL_STORAGE_SERVICE_FLAG_USERDB_LOOKUP |
MAIL_STORAGE_SERVICE_FLAG_NO_LOG_INIT;
ARRAY_TYPE (const_string) access_apps;
const char *access_user = NULL;
int c;
if (IS_STANDALONE()) {
service_flags |= MASTER_SERVICE_FLAG_STANDALONE |
MASTER_SERVICE_FLAG_STD_CLIENT;
} else {
service_flags |= MASTER_SERVICE_FLAG_KEEP_CONFIG_OPEN;
storage_service_flags |=
MAIL_STORAGE_SERVICE_FLAG_DISALLOW_ROOT;
}
master_service = master_service_init("imap-urlauth-worker", service_flags,
&argc, &argv, "a:");
t_array_init(&access_apps, 4);
while ((c = master_getopt(master_service)) > 0) {
switch (c) {
case 'a': {
const char *app = t_strdup(optarg);
array_append(&access_apps, &app, 1);
break;
}
default:
return FATAL_DEFAULT;
}
}
if ( optind < argc ) {
access_user = argv[optind++];
}
if (optind != argc) {
i_fatal_status(EX_USAGE, "Unknown argument: %s", argv[optind]);
}
master_service_init_log(master_service,
t_strdup_printf("imap-urlauth[%s]: ", my_pid));
master_service_init_finish(master_service);
master_service_set_die_callback(master_service, imap_urlauth_worker_die);
random_init();
storage_service =
mail_storage_service_init(master_service,
set_roots, storage_service_flags);
/* fake that we're running, so we know if client was destroyed
while handling its initial input */
io_loop_set_running(current_ioloop);
if (IS_STANDALONE()) {
T_BEGIN {
if (array_count(&access_apps) > 0) {
(void)array_append_space(&access_apps);
main_stdio_run(access_user, array_idx(&access_apps,0));
} else {
main_stdio_run(access_user, NULL);
}
} T_END;
} else {
int main(int argc, char *argv[])
{
static const struct setting_parser_info *set_roots[] = {
&imap_setting_parser_info,
NULL
};
struct master_login_settings login_set;
enum master_service_flags service_flags = 0;
enum mail_storage_service_flags storage_service_flags = 0;
const char *username = NULL;
int c;
memset(&login_set, 0, sizeof(login_set));
login_set.postlogin_timeout_secs = MASTER_POSTLOGIN_TIMEOUT_DEFAULT;
login_set.request_auth_token = TRUE;
if (IS_STANDALONE() && getuid() == 0 &&
net_getpeername(1, NULL, NULL) == 0) {
printf("* BAD [ALERT] imap binary must not be started from "
"inetd, use imap-login instead.\n");
return 1;
}
if (IS_STANDALONE()) {
service_flags |= MASTER_SERVICE_FLAG_STANDALONE |
MASTER_SERVICE_FLAG_STD_CLIENT;
} else {
service_flags |= MASTER_SERVICE_FLAG_KEEP_CONFIG_OPEN;
storage_service_flags |=
MAIL_STORAGE_SERVICE_FLAG_DISALLOW_ROOT;
}
master_service = master_service_init("imap", service_flags,
&argc, &argv, "t:u:");
while ((c = master_getopt(master_service)) > 0) {
switch (c) {
case 't':
if (str_to_uint(optarg, &login_set.postlogin_timeout_secs) < 0 ||
login_set.postlogin_timeout_secs == 0)
i_fatal("Invalid -t parameter: %s", optarg);
break;
case 'u':
storage_service_flags |=
MAIL_STORAGE_SERVICE_FLAG_USERDB_LOOKUP;
username = optarg;
break;
default:
return FATAL_DEFAULT;
}
}
master_service_set_die_callback(master_service, imap_die);
/* plugins may want to add commands, so this needs to be called early */
commands_init();
imap_fetch_handlers_init();
random_init();
storage_service =
mail_storage_service_init(master_service,
set_roots, storage_service_flags);
master_service_init_finish(master_service);
/* fake that we're running, so we know if client was destroyed
while handling its initial input */
io_loop_set_running(current_ioloop);
if (IS_STANDALONE()) {
T_BEGIN {
main_stdio_run(username);
} T_END;
} else T_BEGIN {
