const char *acl_rights_export(const struct acl_rights *rights)
{
string_t *str = t_str_new(128);
if (rights->rights != NULL)
str_append(str, t_strarray_join(rights->rights, " "));
if (rights->neg_rights != NULL) {
if (str_len(str) > 0)
str_append_c(str, ' ');
str_append_c(str, '-');
str_append(str, t_strarray_join(rights->neg_rights, " -"));
}
return str_c(str);
}
static void cmd_acl_get_right(const struct acl_rights *rights)
{
const char *id = "";
string_t *str;
switch (rights->id_type) {
case ACL_ID_ANYONE:
id = ACL_ID_NAME_ANYONE;
break;
case ACL_ID_AUTHENTICATED:
id = ACL_ID_NAME_AUTHENTICATED;
break;
case ACL_ID_OWNER:
id = ACL_ID_NAME_OWNER;
break;
case ACL_ID_USER:
id = t_strconcat(ACL_ID_NAME_USER_PREFIX,
rights->identifier, NULL);
break;
case ACL_ID_GROUP:
id = t_strconcat(ACL_ID_NAME_GROUP_PREFIX,
rights->identifier, NULL);
break;
case ACL_ID_GROUP_OVERRIDE:
id = t_strconcat(ACL_ID_NAME_GROUP_OVERRIDE_PREFIX,
rights->identifier, NULL);
break;
case ACL_ID_TYPE_COUNT:
i_unreached();
}
doveadm_print(id);
if (rights->global)
doveadm_print("global");
else
doveadm_print("");
str = t_str_new(256);
if (rights->rights != NULL)
str_append(str, t_strarray_join(rights->rights, " "));
if (rights->neg_rights != NULL) {
if (str_len(str) > 0)
str_append_c(str, ' ');
str_append_c(str, '-');
str_append(str, t_strarray_join(rights->neg_rights, " -"));
}
doveadm_print(str_c(str));
}
static void ldap_lookup_pass(struct auth_request *auth_request,
struct passdb_ldap_request *request)
{
struct passdb_module *_module = auth_request->passdb->passdb;
struct ldap_passdb_module *module =
(struct ldap_passdb_module *)_module;
struct ldap_connection *conn = module->conn;
struct ldap_request_search *srequest = &request->request.search;
const struct var_expand_table *vars;
const char **attr_names = (const char **)conn->pass_attr_names;
string_t *str;
srequest->request.type = LDAP_REQUEST_TYPE_SEARCH;
vars = auth_request_get_var_expand_table(auth_request, ldap_escape);
str = t_str_new(512);
var_expand(str, conn->set.base, vars);
srequest->base = p_strdup(auth_request->pool, str_c(str));
str_truncate(str, 0);
var_expand(str, conn->set.pass_filter, vars);
srequest->filter = p_strdup(auth_request->pool, str_c(str));
srequest->attr_map = &conn->pass_attr_map;
srequest->attributes = conn->pass_attr_names;
auth_request_log_debug(auth_request, "ldap", "pass search: "
"base=%s scope=%s filter=%s fields=%s",
srequest->base, conn->set.scope,
srequest->filter, attr_names == NULL ? "(all)" :
t_strarray_join(attr_names, ","));
srequest->request.callback = ldap_lookup_pass_callback;
db_ldap_request(conn, &srequest->request);
}
static void cmd_stats_dump(int argc, char *argv[])
{
const char *path, *cmd;
int c;
path = t_strconcat(doveadm_settings->base_dir, "/stats", NULL);
while ((c = getopt(argc, argv, "s:")) > 0) {
switch (c) {
case 's':
path = optarg;
break;
default:
help(&doveadm_cmd_stats_dump);
}
}
argv += optind - 1;
if (argv[1] == NULL)
help(&doveadm_cmd_stats_dump);
cmd = t_strdup_printf("EXPORT\t%s\n",
t_strarray_join((const void *)(argv+1), "\t"));
doveadm_print_init(DOVEADM_PRINT_TYPE_TAB);
stats_dump(path, cmd);
}
static void
doveadm_cmd_stats_dump(struct doveadm_cmd_context* cctx)
{
const char *path, *cmd;
const char *args[3] = {0};
if (!doveadm_cmd_param_str(cctx, "socket-path", &path))
path = t_strconcat(doveadm_settings->base_dir, "/stats", NULL);
if (!doveadm_cmd_param_str(cctx, "type", &args[0])) {
i_error("Missing type parameter");
doveadm_exit_code = EX_USAGE;
return;
}
/* purely optional */
if (!doveadm_cmd_param_str(cctx, "filter", &args[1]))
args[1] = NULL;
cmd = t_strdup_printf("EXPORT\t%s\n", t_strarray_join(args, "\t"));
doveadm_print_init(DOVEADM_PRINT_TYPE_TAB);
stats_dump(path, cmd);
return;
}
bool dsync_brain_recv_mailbox_tree(struct dsync_brain *brain)
{
const struct dsync_mailbox_node *remote_node;
struct dsync_mailbox_node *node, *dup_node1, *dup_node2;
const char *const *parts, *name;
struct mail_namespace *ns;
enum dsync_ibc_recv_ret ret;
char sep[2];
bool changed = FALSE;
sep[0] = brain->hierarchy_sep; sep[1] = '\0';
while ((ret = dsync_ibc_recv_mailbox_tree_node(brain->ibc, &parts,
&remote_node)) > 0) {
if (dsync_get_mailbox_name(brain, parts, &name, &ns) < 0) {
i_error("Couldn't find namespace for mailbox %s",
t_strarray_join(parts, sep));
brain->failed = TRUE;
return TRUE;
}
if (brain->debug) {
i_debug("brain %c: Remote mailbox tree: %s %s",
brain->master_brain ? 'M' : 'S',
t_strarray_join(parts, sep),
dsync_mailbox_node_to_string(remote_node));
}
node = dsync_mailbox_tree_get(brain->remote_mailbox_tree, name);
node->ns = ns;
dsync_mailbox_node_copy_data(node, remote_node);
}
if (ret != DSYNC_IBC_RECV_RET_FINISHED)
return changed;
if (dsync_mailbox_tree_build_guid_hash(brain->remote_mailbox_tree,
&dup_node1, &dup_node2) < 0) {
i_error("Remote sent duplicate mailbox GUID %s for mailboxes %s and %s",
guid_128_to_string(dup_node1->mailbox_guid),
dsync_mailbox_node_get_full_name(brain->remote_mailbox_tree,
dup_node1),
dsync_mailbox_node_get_full_name(brain->remote_mailbox_tree,
dup_node2));
brain->failed = TRUE;
}
brain->state = DSYNC_STATE_RECV_MAILBOX_TREE_DELETES;
return TRUE;
}
static void cmd_acl_get_right(const struct acl_rights *rights)
{
string_t *str;
doveadm_print(acl_rights_get_id(rights));
if (rights->global)
doveadm_print("global");
else
doveadm_print("");
str = t_str_new(256);
if (rights->rights != NULL)
str_append(str, t_strarray_join(rights->rights, " "));
if (rights->neg_rights != NULL) {
if (str_len(str) > 0)
str_append_c(str, ' ');
str_append_c(str, '-');
str_append(str, t_strarray_join(rights->neg_rights, " -"));
}
doveadm_print(str_c(str));
}
static struct userdb_iterate_context *
userdb_ldap_iterate_init(struct auth_request *auth_request,
userdb_iter_callback_t *callback, void *context)
{
struct userdb_module *_module = auth_request->userdb->userdb;
struct ldap_userdb_module *module =
(struct ldap_userdb_module *)_module;
struct ldap_connection *conn = module->conn;
struct ldap_userdb_iterate_context *ctx;
struct userdb_iter_ldap_request *request;
const char **attr_names = (const char **)conn->iterate_attr_names;
string_t *str;
ctx = i_new(struct ldap_userdb_iterate_context, 1);
ctx->ctx.auth_request = auth_request;
ctx->ctx.callback = callback;
ctx->ctx.context = context;
ctx->conn = conn;
request = &ctx->request;
request->ctx = ctx;
auth_request_ref(auth_request);
request->request.request.auth_request = auth_request;
str = t_str_new(512);
auth_request_var_expand(str, conn->set.base, auth_request, ldap_escape);
request->request.base = p_strdup(auth_request->pool, str_c(str));
str_truncate(str, 0);
auth_request_var_expand(str, conn->set.iterate_filter,
auth_request, ldap_escape);
request->request.filter = p_strdup(auth_request->pool, str_c(str));
request->request.attr_map = &conn->iterate_attr_map;
request->request.attributes = conn->iterate_attr_names;
request->request.multi_entry = TRUE;
if (global_auth_settings->debug) {
i_debug("ldap: iterate: base=%s scope=%s filter=%s fields=%s",
request->request.base, conn->set.scope,
request->request.filter, attr_names == NULL ? "(all)" :
t_strarray_join(attr_names, ","));
}
request->request.request.callback = userdb_ldap_iterate_callback;
db_ldap_request(conn, &request->request.request);
return &ctx->ctx;
}
static bool
mailbox_special_use_check(struct mailbox_settings *set, pool_t pool,
const char **error_r)
{
const char *const *uses, *str;
unsigned int i;
uses = t_strsplit_spaces(set->special_use, " ");
for (i = 0; uses[i] != NULL; i++) {
if (!mailbox_special_use_exists(uses[i])) {
*error_r = t_strdup_printf(
"mailbox %s: unknown special_use: %s",
set->name, uses[i]);
return FALSE;
}
}
/* make sure there are no extra spaces */
str = t_strarray_join(uses, " ");
if (strcmp(str, set->special_use) != 0)
set->special_use = p_strdup(pool, str);
return TRUE;
}
static const char *
auth_master_reply_hide_passwords(struct auth_master_connection *conn,
const char *str)
{
char **args, *p, *p2;
unsigned int i;
if (conn->auth->set->debug_passwords)
return str;
/* hide all parameters that have "pass" in their key */
args = p_strsplit(pool_datastack_create(), str, "\t");
for (i = 0; args[i] != NULL; i++) {
p = strstr(args[i], "pass");
p2 = strchr(args[i], '=');
if (p != NULL && p < p2) {
*p2 = '\0';
args[i] = p_strconcat(pool_datastack_create(),
args[i], "=<hidden>", NULL);
}
}
return t_strarray_join((void *)args, "\t");
}
static void userdb_ldap_lookup(struct auth_request *auth_request,
userdb_callback_t *callback)
{
struct userdb_module *_module = auth_request->userdb->userdb;
struct ldap_userdb_module *module =
(struct ldap_userdb_module *)_module;
struct ldap_connection *conn = module->conn;
const char **attr_names = (const char **)conn->user_attr_names;
struct userdb_ldap_request *request;
string_t *str;
auth_request_ref(auth_request);
request = p_new(auth_request->pool, struct userdb_ldap_request, 1);
request->userdb_callback = callback;
str = t_str_new(512);
auth_request_var_expand(str, conn->set.base, auth_request, ldap_escape);
request->request.base = p_strdup(auth_request->pool, str_c(str));
str_truncate(str, 0);
auth_request_var_expand(str, conn->set.user_filter, auth_request, ldap_escape);
request->request.filter = p_strdup(auth_request->pool, str_c(str));
request->request.attr_map = &conn->user_attr_map;
request->request.attributes = conn->user_attr_names;
auth_request_log_debug(auth_request, AUTH_SUBSYS_DB, "user search: "
"base=%s scope=%s filter=%s fields=%s",
request->request.base, conn->set.scope,
request->request.filter,
attr_names == NULL ? "(all)" :
t_strarray_join(attr_names, ","));
request->request.request.auth_request = auth_request;
request->request.request.callback = userdb_ldap_lookup_callback;
db_ldap_request(conn, &request->request.request);
}
passwd_file_add(struct passwd_file *pw, const char *username,
const char *pass, const char *const *args)
{
/* args = uid, gid, user info, home dir, shell, extra_fields */
struct passwd_user *pu;
const char *extra_fields = NULL;
char *user;
size_t len;
if (hash_table_lookup(pw->users, username) != NULL) {
i_error("passwd-file %s: User %s exists more than once",
pw->path, username);
return;
}
pu = p_new(pw->pool, struct passwd_user, 1);
user = p_strdup(pw->pool, username);
len = pass == NULL ? 0 : strlen(pass);
if (len > 4 && pass[0] != '{' && pass[0] != '$' &&
pass[len-1] == ']' && pass[len-4] == '[') {
/* password[type] - we're being libpam-pwdfile compatible
here. it uses 13 = DES and 34 = MD5. For backwards
comaptibility with ourself, we have also 56 = Digest-MD5. */
int num = (pass[len-3] - '0') * 10 + (pass[len-2] - '0');
pass = t_strndup(pass, len-4);
if (num == 34) {
pu->password = p_strconcat(pw->pool, "{PLAIN-MD5}",
pass, NULL);
} else if (num == 56) {
pu->password = p_strconcat(pw->pool, "{DIGEST-MD5}",
pass, NULL);
if (strlen(pu->password) != 32 + 12) {
i_error("passwd-file %s: User %s "
"has invalid password",
pw->path, username);
return;
}
} else {
pu->password = p_strconcat(pw->pool, "{CRYPT}",
pass, NULL);
}
} else {
pu->password = p_strdup(pw->pool, pass);
}
pu->uid = (uid_t)-1;
pu->gid = (gid_t)-1;
if (*args == NULL)
;
else if (!pw->db->userdb || **args == '\0') {
args++;
} else {
pu->uid = userdb_parse_uid(NULL, *args);
if (pu->uid == 0 || pu->uid == (uid_t)-1) {
i_error("passwd-file %s: User %s has invalid UID '%s'",
pw->path, username, *args);
return;
}
args++;
}
if (*args == NULL) {
if (pw->db->userdb_warn_missing) {
i_error("passwd-file %s: User %s is missing "
"userdb info", pw->path, username);
}
/* don't allow userdb lookups */
pu->uid = 0;
pu->gid = 0;
} else if (!pw->db->userdb || **args == '\0')
args++;
else {
pu->gid = userdb_parse_gid(NULL, *args);
if (pu->gid == 0 || pu->gid == (gid_t)-1) {
i_error("passwd-file %s: User %s has invalid GID '%s'",
pw->path, username, *args);
return;
}
args++;
}
/* user info */
if (*args != NULL)
args++;
/* home */
if (*args != NULL) {
if (pw->db->userdb)
pu->home = p_strdup_empty(pw->pool, *args);
args++;
}
/* shell */
if (*args != NULL)
args++;
if (*args != NULL && **args == '\0') {
/* old format, this field is empty and next field may
contain MAIL */
args++;
if (*args != NULL && **args != '\0' && pw->db->userdb) {
extra_fields =
t_strconcat("userdb_mail=",
t_strarray_join(args, ":"), NULL);
}
} else if (*args != NULL) {
/* new format, contains a space separated list of
extra fields */
extra_fields = t_strarray_join(args, ":");
}
if (extra_fields != NULL) {
pu->extra_fields =
p_strsplit_spaces(pw->pool, extra_fields, " ");
}
hash_table_insert(pw->users, user, pu);
}
