void acl_rights_dup(const struct acl_rights *src,
pool_t pool, struct acl_rights *dest_r)
{
memset(dest_r, 0, sizeof(*dest_r));
dest_r->id_type = src->id_type;
dest_r->identifier = p_strdup(pool, src->identifier);
dest_r->rights = src->rights == NULL ? NULL :
p_strarray_dup(pool, src->rights);
dest_r->neg_rights = src->neg_rights == NULL ? NULL :
p_strarray_dup(pool, src->neg_rights);
dest_r->global = src->global;
}
struct imap_urlauth_context *
imap_urlauth_init(struct mail_user *user,
const struct imap_urlauth_config *config)
{
struct imap_urlauth_context *uctx;
unsigned int timeout;
i_assert(*config->url_host != '\0');
uctx = i_new(struct imap_urlauth_context, 1);
uctx->user = user;
uctx->url_host = i_strdup(config->url_host);
uctx->url_port = config->url_port;
if (config->access_anonymous)
uctx->access_user = i_strdup("anonymous");
else
uctx->access_user = i_strdup(config->access_user);
uctx->access_anonymous = config->access_anonymous;
if (config->access_applications != NULL &&
*config->access_applications != NULL) {
uctx->access_applications =
p_strarray_dup(default_pool,
config->access_applications);
timeout = IMAP_URLAUTH_SPECIAL_TIMEOUT_MSECS;
} else {
timeout = IMAP_URLAUTH_NORMAL_TIMEOUT_MSECS;
}
if (config->socket_path != NULL) {
uctx->conn = imap_urlauth_connection_init(config->socket_path,
user, config->session_id, timeout);
}
return uctx;
}
int main(int argc, char *argv[])
{
ARRAY_TYPE(const_string) aenvs;
const char *binary;
const char *const *envs;
int c, i;
master_service = master_service_init("script", 0, &argc, &argv, "+e:");
t_array_init(&aenvs, 16);
while ((c = master_getopt(master_service)) > 0) {
switch (c) {
case 'e':
envs = t_strsplit_spaces(optarg,", \t");
while (*envs != NULL) {
array_append(&aenvs, envs, 1);
envs++;
}
break;
default:
return FATAL_DEFAULT;
}
}
argc -= optind;
argv += optind;
array_append_zero(&aenvs);
accepted_envs = p_strarray_dup(default_pool, array_idx(&aenvs, 0));
master_service_init_log(master_service, "script: ");
if (argv[0] == NULL)
i_fatal("Missing script path");
restrict_access_by_env(RESTRICT_ACCESS_FLAG_ALLOW_ROOT, NULL);
restrict_access_allow_coredumps(TRUE);
master_service_init_finish(master_service);
master_service_set_service_count(master_service, 1);
if (argv[0][0] == '/')
binary = argv[0];
else
binary = t_strconcat(PKG_LIBEXECDIR"/", argv[0], NULL);
i_array_init(&exec_args, argc + 16);
array_append(&exec_args, &binary, 1);
for (i = 1; i < argc; i++) {
const char *arg = argv[i];
array_append(&exec_args, &arg, 1);
}
master_service_run(master_service, client_connected);
array_free(&exec_args);
i_free(accepted_envs);
master_service_deinit(&master_service);
return 0;
}
void script_client_init
(struct script_client *sclient, pool_t pool, const char *path,
const char *const *args, const struct script_client_settings *set)
{
sclient->pool = pool;
sclient->path = p_strdup(pool, path);
if ( args != NULL )
sclient->args = p_strarray_dup(pool, args);
sclient->set = set;
sclient->debug = set->debug;
sclient->fd_in = -1;
sclient->fd_out = -1;
}
void program_client_init
(struct program_client *pclient, pool_t pool, const char *path,
const char *const *args, const struct program_client_settings *set)
{
pclient->pool = pool;
pclient->path = p_strdup(pool, path);
if ( args != NULL )
pclient->args = p_strarray_dup(pool, args);
pclient->set = *set;
pclient->debug = set->debug;
pclient->fd_in = -1;
pclient->fd_out = -1;
}
struct config_export_context *
config_export_init(const char *const *modules, enum config_dump_scope scope,
enum config_dump_flags flags,
config_request_callback_t *callback, void *context)
{
struct config_export_context *ctx;
pool_t pool;
pool = pool_alloconly_create(MEMPOOL_GROWING"config export", 1024*64);
ctx = p_new(pool, struct config_export_context, 1);
ctx->pool = pool;
ctx->modules = modules == NULL ? NULL : p_strarray_dup(pool, modules);
ctx->flags = flags;
ctx->callback = callback;
ctx->context = context;
ctx->scope = scope;
ctx->value = t_str_new(256);
ctx->prefix = t_str_new(64);
hash_table_create(&ctx->keys, ctx->pool, 0, str_hash, strcmp);
return ctx;
}
static void test_p_strarray_dup(void)
{
const char *input[][3] = {
{ NULL },
{ "a", NULL },
{ "foobar", NULL },
{ "a", "foo", NULL }
};
const char **ret;
unsigned int i, j;
test_begin("p_strarray_dup");
for (i = 0; i < N_ELEMENTS(input); i++) {
ret = p_strarray_dup(default_pool, input[i]);
for (j = 0; input[i][j] != NULL; j++) {
test_assert(strcmp(input[i][j], ret[j]) == 0);
test_assert(input[i][j] != ret[j]);
}
test_assert(ret[j] == NULL);
i_free(ret);
}
test_end();
}
static int
mail_storage_service_init_post(struct mail_storage_service_ctx *ctx,
struct mail_storage_service_user *user,
struct mail_storage_service_privileges *priv,
struct mail_user **mail_user_r,
const char **error_r)
{
const struct mail_storage_settings *mail_set;
const char *home = priv->home;
struct mail_user *mail_user;
/* NOTE: if more user initialization is added, add it also to
mail_user_dup() */
mail_user = mail_user_alloc(user->input.username, user->user_info,
user->user_set);
mail_user->_service_user = user;
mail_user_set_home(mail_user, *home == '\0' ? NULL : home);
mail_user_set_vars(mail_user, ctx->service->name,
&user->input.local_ip, &user->input.remote_ip);
mail_user->uid = priv->uid == (uid_t)-1 ? geteuid() : priv->uid;
mail_user->gid = priv->gid == (gid_t)-1 ? getegid() : priv->gid;
mail_user->anonymous = user->anonymous;
mail_user->admin = user->admin;
mail_user->auth_token = p_strdup(mail_user->pool, user->auth_token);
mail_user->auth_user = p_strdup(mail_user->pool, user->auth_user);
mail_user->session_id =
p_strdup(mail_user->pool, user->input.session_id);
mail_user->userdb_fields = user->input.userdb_fields == NULL ? NULL :
p_strarray_dup(mail_user->pool, user->input.userdb_fields);
mail_user->autoexpunge_enabled =
(user->flags & MAIL_STORAGE_SERVICE_FLAG_AUTOEXPUNGE) != 0;
mail_set = mail_user_set_get_storage_set(mail_user);
if (mail_set->mail_debug) {
string_t *str = t_str_new(64);
str_printfa(str, "Effective uid=%s, gid=%s, home=%s",
dec2str(geteuid()), dec2str(getegid()), home);
if (*priv->chroot != '\0')
str_printfa(str, ", chroot=%s", priv->chroot);
i_debug("%s", str_c(str));
}
if ((user->flags & MAIL_STORAGE_SERVICE_FLAG_TEMP_PRIV_DROP) != 0 &&
(user->flags & MAIL_STORAGE_SERVICE_FLAG_ENABLE_CORE_DUMPS) == 0) {
/* we don't want to write core files to any users' home
directories since they could contain information about other
users' mails as well. so do no chdiring to home. */
} else if (*home != '\0' &&
(user->flags & MAIL_STORAGE_SERVICE_FLAG_NO_CHDIR) == 0) {
/* If possible chdir to home directory, so that core file
could be written in case we crash. */
if (chdir(home) < 0) {
if (errno == EACCES) {
i_error("%s", eacces_error_get("chdir",
t_strconcat(home, "/", NULL)));
} if (errno != ENOENT)
i_error("chdir(%s) failed: %m", home);
else if (mail_set->mail_debug)
i_debug("Home dir not found: %s", home);
}
}
if (mail_user_init(mail_user, error_r) < 0) {
mail_user_unref(&mail_user);
return -1;
}
if ((user->flags & MAIL_STORAGE_SERVICE_FLAG_NO_NAMESPACES) == 0) {
if (mail_namespaces_init(mail_user, error_r) < 0) {
mail_user_unref(&mail_user);
return -1;
}
}
*mail_user_r = mail_user;
return 0;
}
static int
mail_storage_service_lookup_real(struct mail_storage_service_ctx *ctx,
const struct mail_storage_service_input *input,
bool update_log_prefix,
struct mail_storage_service_user **user_r,
const char **error_r)
{
enum mail_storage_service_flags flags;
struct mail_storage_service_user *user;
const char *username = input->username;
const struct setting_parser_info *user_info;
const struct mail_user_settings *user_set;
const char *const *userdb_fields, *error;
struct auth_user_reply reply;
const struct setting_parser_context *set_parser;
void **sets;
pool_t user_pool, temp_pool;
int ret = 1;
user_pool = pool_alloconly_create(MEMPOOL_GROWING"mail storage service user", 1024*6);
flags = mail_storage_service_input_get_flags(ctx, input);
if ((flags & MAIL_STORAGE_SERVICE_FLAG_TEMP_PRIV_DROP) != 0 &&
geteuid() != 0) {
/* we dropped privileges only temporarily. switch back to root
before reading settings, so we'll definitely have enough
permissions to connect to the config socket. */
mail_storage_service_seteuid_root();
}
if (mail_storage_service_read_settings(ctx, input, user_pool,
&user_info, &set_parser,
&error) < 0) {
if (ctx->config_permission_denied) {
/* just restart and maybe next time we will open the
config socket before dropping privileges */
i_fatal("%s", error);
}
i_error("%s", error);
pool_unref(&user_pool);
*error_r = MAIL_ERRSTR_CRITICAL_MSG;
return -1;
}
if ((flags & MAIL_STORAGE_SERVICE_FLAG_NO_LOG_INIT) == 0 &&
!ctx->log_initialized) {
/* initialize logging again, in case we only read the
settings for the first above */
ctx->log_initialized = TRUE;
master_service_init_log(ctx->service,
t_strconcat(ctx->service->name, ": ", NULL));
update_log_prefix = TRUE;
}
sets = master_service_settings_parser_get_others(master_service,
set_parser);
user_set = sets[0];
if (update_log_prefix)
mail_storage_service_set_log_prefix(ctx, user_set, NULL, input, NULL);
if (ctx->conn == NULL)
mail_storage_service_first_init(ctx, user_info, user_set);
/* load global plugins */
if (mail_storage_service_load_modules(ctx, user_info, user_set, &error) < 0) {
i_error("%s", error);
pool_unref(&user_pool);
*error_r = MAIL_ERRSTR_CRITICAL_MSG;
return -1;
}
if (ctx->userdb_next_pool == NULL)
temp_pool = pool_alloconly_create("userdb lookup", 2048);
else {
temp_pool = ctx->userdb_next_pool;
ctx->userdb_next_pool = NULL;
pool_ref(temp_pool);
}
if ((flags & MAIL_STORAGE_SERVICE_FLAG_USERDB_LOOKUP) != 0) {
ret = service_auth_userdb_lookup(ctx, input, temp_pool,
&username, &userdb_fields,
error_r);
if (ret <= 0) {
pool_unref(&temp_pool);
pool_unref(&user_pool);
return ret;
}
if (ctx->userdb_next_fieldsp != NULL)
*ctx->userdb_next_fieldsp = userdb_fields;
} else {
userdb_fields = input->userdb_fields;
}
user = p_new(user_pool, struct mail_storage_service_user, 1);
user->service_ctx = ctx;
user->pool = user_pool;
user->input = *input;
user->input.userdb_fields = userdb_fields == NULL ? NULL :
p_strarray_dup(user_pool, userdb_fields);
user->input.username = p_strdup(user_pool, username);
user->input.session_id = p_strdup(user_pool, input->session_id);
if (user->input.session_id == NULL) {
user->input.session_id =
mail_storage_service_generate_session_id(user_pool,
input->session_id_prefix);
}
user->user_info = user_info;
user->flags = flags;
user->set_parser = settings_parser_dup(set_parser, user_pool);
sets = master_service_settings_parser_get_others(master_service,
user->set_parser);
user->user_set = sets[0];
user->gid_source = "mail_gid setting";
user->uid_source = "mail_uid setting";
if ((flags & MAIL_STORAGE_SERVICE_FLAG_DEBUG) != 0)
(void)settings_parse_line(user->set_parser, "mail_debug=yes");
if ((flags & MAIL_STORAGE_SERVICE_FLAG_USERDB_LOOKUP) == 0) {
const char *home = getenv("HOME");
if (home != NULL)
set_keyval(ctx, user, "mail_home", home);
}
if (userdb_fields != NULL) {
auth_user_fields_parse(userdb_fields, temp_pool, &reply);
array_sort(&reply.extra_fields, extra_field_key_cmp_p);
if (user_reply_handle(ctx, user, &reply, &error) < 0) {
i_error("Invalid settings in userdb: %s", error);
*error_r = ERRSTR_INVALID_USER_SETTINGS;
ret = -2;
}
}
if (ret > 0 && !settings_parser_check(user->set_parser, user_pool, &error)) {
i_error("Invalid settings (probably caused by userdb): %s", error);
*error_r = ERRSTR_INVALID_USER_SETTINGS;
ret = -2;
}
pool_unref(&temp_pool);
/* load per-user plugins */
if (ret > 0) {
if (mail_storage_service_load_modules(ctx, user_info,
user->user_set,
&error) < 0) {
i_error("%s", error);
*error_r = MAIL_ERRSTR_CRITICAL_MSG;
ret = -2;
}
}
*user_r = user;
return ret;
}
