void pcf_read_master(int fail_on_open_error)
{
const char *myname = "pcf_read_master";
char *path;
VSTRING *buf;
VSTREAM *fp;
const char *err;
int entry_count = 0;
int line_count;
int last_line = 0;
/*
* Sanity check.
*/
if (pcf_master_table != 0)
msg_panic("%s: master table is already initialized", myname);
/*
* Get the location of master.cf.
*/
if (var_config_dir == 0)
pcf_set_config_dir();
path = concatenate(var_config_dir, "/", MASTER_CONF_FILE, (char *) 0);
/*
* Initialize the in-memory master table.
*/
pcf_master_table = (PCF_MASTER_ENT *) mymalloc(sizeof(*pcf_master_table));
/*
* Skip blank lines and comment lines. Degrade gracefully if master.cf is
* not available, and master.cf is not the primary target.
*/
if ((fp = vstream_fopen(path, O_RDONLY, 0)) == 0) {
if (fail_on_open_error)
msg_fatal("open %s: %m", path);
msg_warn("open %s: %m", path);
} else {
buf = vstring_alloc(100);
while (readllines(buf, fp, &last_line, &line_count) != 0) {
pcf_master_table = (PCF_MASTER_ENT *) myrealloc((void *) pcf_master_table,
(entry_count + 2) * sizeof(*pcf_master_table));
if ((err = pcf_parse_master_entry(pcf_master_table + entry_count,
STR(buf))) != 0)
msg_fatal("file %s: line %d: %s", path, line_count, err);
entry_count += 1;
}
vstream_fclose(fp);
vstring_free(buf);
}
/*
* Null-terminate the master table and clean up.
*/
pcf_master_table[entry_count].argv = 0;
myfree(path);
}
static void postmap(char *map_type, char *path_name, int postmap_flags,
int open_flags, int dict_flags)
{
VSTREAM *NOCLOBBER source_fp;
VSTRING *line_buffer;
MKMAP *mkmap;
int lineno;
int last_line;
char *key;
char *value;
struct stat st;
mode_t saved_mask;
/*
* Initialize.
*/
line_buffer = vstring_alloc(100);
if ((open_flags & O_TRUNC) == 0) {
/* Incremental mode. */
source_fp = VSTREAM_IN;
vstream_control(source_fp, CA_VSTREAM_CTL_PATH("stdin"), CA_VSTREAM_CTL_END);
} else {
/* Create database. */
if (strcmp(map_type, DICT_TYPE_PROXY) == 0)
msg_fatal("can't create maps via the proxy service");
dict_flags |= DICT_FLAG_BULK_UPDATE;
if ((source_fp = vstream_fopen(path_name, O_RDONLY, 0)) == 0)
msg_fatal("open %s: %m", path_name);
}
if (fstat(vstream_fileno(source_fp), &st) < 0)
msg_fatal("fstat %s: %m", path_name);
/*
* Turn off group/other read permissions as indicated in the source file.
*/
if ((postmap_flags & POSTMAP_FLAG_SAVE_PERM) && S_ISREG(st.st_mode))
saved_mask = umask(022 | (~st.st_mode & 077));
/*
* If running as root, run as the owner of the source file, so that the
* result shows proper ownership, and so that a bug in postmap does not
* allow privilege escalation.
*/
if ((postmap_flags & POSTMAP_FLAG_AS_OWNER) && getuid() == 0
&& (st.st_uid != geteuid() || st.st_gid != getegid()))
set_eugid(st.st_uid, st.st_gid);
/*
* Open the database, optionally create it when it does not exist,
* optionally truncate it when it does exist, and lock out any
* spectators.
*/
mkmap = mkmap_open(map_type, path_name, open_flags, dict_flags);
/*
* And restore the umask, in case it matters.
*/
if ((postmap_flags & POSTMAP_FLAG_SAVE_PERM) && S_ISREG(st.st_mode))
umask(saved_mask);
/*
* Trap "exceptions" so that we can restart a bulk-mode update after a
* recoverable error.
*/
for (;;) {
if (dict_isjmp(mkmap->dict) != 0
&& dict_setjmp(mkmap->dict) != 0
&& vstream_fseek(source_fp, SEEK_SET, 0) < 0)
msg_fatal("seek %s: %m", VSTREAM_PATH(source_fp));
/*
* Add records to the database.
*/
last_line = 0;
while (readllines(line_buffer, source_fp, &last_line, &lineno)) {
/*
* First some UTF-8 checks sans casefolding.
*/
if ((mkmap->dict->flags & DICT_FLAG_UTF8_ACTIVE)
&& !allascii(STR(line_buffer))
&& !valid_utf8_string(STR(line_buffer), LEN(line_buffer))) {
msg_warn("%s, line %d: non-UTF-8 input \"%s\""
" -- ignoring this line",
VSTREAM_PATH(source_fp), lineno, STR(line_buffer));
continue;
}
/*
* Split on the first whitespace character, then trim leading and
* trailing whitespace from key and value.
*/
key = STR(line_buffer);
value = key + strcspn(key, CHARS_SPACE);
if (*value)
*value++ = 0;
while (ISSPACE(*value))
value++;
trimblanks(key, 0)[0] = 0;
trimblanks(value, 0)[0] = 0;
/*
* Enforce the "key whitespace value" format. Disallow missing
* keys or missing values.
*/
if (*key == 0 || *value == 0) {
msg_warn("%s, line %d: expected format: key whitespace value",
VSTREAM_PATH(source_fp), lineno);
continue;
}
if (key[strlen(key) - 1] == ':')
msg_warn("%s, line %d: record is in \"key: value\" format; is this an alias file?",
VSTREAM_PATH(source_fp), lineno);
/*
* Store the value under a case-insensitive key.
*/
mkmap_append(mkmap, key, value);
if (mkmap->dict->error)
msg_fatal("table %s:%s: write error: %m",
mkmap->dict->type, mkmap->dict->name);
}
break;
}
/*
* Close the mapping database, and release the lock.
*/
mkmap_close(mkmap);
/*
* Cleanup. We're about to terminate, but it is a good sanity check.
*/
vstring_free(line_buffer);
if (source_fp != VSTREAM_IN)
vstream_fclose(source_fp);
}
MASTER_SERV *get_master_ent()
{
VSTRING *buf = vstring_alloc(100);
VSTRING *junk = vstring_alloc(100);
MASTER_SERV *serv;
char *cp;
char *name;
char *host = 0;
char *port = 0;
char *transport;
int private;
int unprivileged; /* passed on to child */
int chroot; /* passed on to child */
char *command;
int n;
char *bufp;
char *atmp;
const char *parse_err;
static char *saved_interfaces = 0;
char *err;
if (master_fp == 0)
msg_panic("get_master_ent: config file not open");
if (master_disable == 0)
msg_panic("get_master_ent: no service disable list");
/*
* XXX We cannot change the inet_interfaces setting for a running master
* process. Listening sockets are inherited by child processes so that
* closing and reopening those sockets in the master does not work.
*
* Another problem is that library routines still cache results that are
* based on the old inet_interfaces setting. It is too much trouble to
* recompute everything.
*
* In order to keep our data structures consistent we ignore changes in
* inet_interfaces settings, and issue a warning instead.
*/
if (saved_interfaces == 0)
saved_interfaces = mystrdup(var_inet_interfaces);
/*
* Skip blank lines and comment lines.
*/
for (;;) {
if (readllines(buf, master_fp, &master_line_last, &master_line) == 0) {
vstring_free(buf);
vstring_free(junk);
return (0);
}
bufp = vstring_str(buf);
if ((cp = mystrtok(&bufp, master_blanks)) == 0)
continue;
name = cp;
transport = get_str_ent(&bufp, "transport type", (char *) 0);
vstring_sprintf(junk, "%s/%s", name, transport);
if (match_service_match(master_disable, vstring_str(junk)) == 0)
break;
}
/*
* Parse one logical line from the configuration file. Initialize service
* structure members in order.
*/
serv = (MASTER_SERV *) mymalloc(sizeof(MASTER_SERV));
serv->next = 0;
/*
* Flags member.
*/
serv->flags = 0;
/*
* All servers busy warning timer.
*/
serv->busy_warn_time = 0;
/*
* Service name. Syntax is transport-specific.
*/
serv->ext_name = mystrdup(name);
/*
* Transport type: inet (wild-card listen or virtual) or unix.
*/
#define STR_SAME !strcmp
if (STR_SAME(transport, MASTER_XPORT_NAME_INET)) {
if (!STR_SAME(saved_interfaces, var_inet_interfaces)) {
msg_warn("service %s: ignoring %s change",
serv->ext_name, VAR_INET_INTERFACES);
msg_warn("to change %s, stop and start Postfix",
VAR_INET_INTERFACES);
}
serv->type = MASTER_SERV_TYPE_INET;
atmp = mystrdup(name);
if ((parse_err = host_port(atmp, &host, "", &port, (char *) 0)) != 0)
fatal_with_context("%s in \"%s\"", parse_err, name);
if (*host) {
serv->flags |= MASTER_FLAG_INETHOST;/* host:port */
MASTER_INET_ADDRLIST(serv) = (INET_ADDR_LIST *)
mymalloc(sizeof(*MASTER_INET_ADDRLIST(serv)));
inet_addr_list_init(MASTER_INET_ADDRLIST(serv));
if (inet_addr_host(MASTER_INET_ADDRLIST(serv), host) == 0)
fatal_with_context("bad hostname or network address: %s", name);
inet_addr_list_uniq(MASTER_INET_ADDRLIST(serv));
serv->listen_fd_count = MASTER_INET_ADDRLIST(serv)->used;
} else {
MASTER_INET_ADDRLIST(serv) =
strcasecmp(saved_interfaces, INET_INTERFACES_ALL) ?
own_inet_addr_list() : /* virtual */
wildcard_inet_addr_list(); /* wild-card */
inet_addr_list_uniq(MASTER_INET_ADDRLIST(serv));
serv->listen_fd_count = MASTER_INET_ADDRLIST(serv)->used;
}
MASTER_INET_PORT(serv) = mystrdup(port);
for (n = 0; /* see below */ ; n++) {
if (n >= MASTER_INET_ADDRLIST(serv)->used) {
serv->flags |= MASTER_FLAG_LOCAL_ONLY;
break;
}
if (!sock_addr_in_loopback(SOCK_ADDR_PTR(MASTER_INET_ADDRLIST(serv)->addrs + n)))
break;
}
} else if (STR_SAME(transport, MASTER_XPORT_NAME_UNIX)) {
serv->type = MASTER_SERV_TYPE_UNIX;
serv->listen_fd_count = 1;
serv->flags |= MASTER_FLAG_LOCAL_ONLY;
} else if (STR_SAME(transport, MASTER_XPORT_NAME_UXDG)) {
serv->type = MASTER_SERV_TYPE_UXDG;
serv->listen_fd_count = 1;
serv->flags |= MASTER_FLAG_LOCAL_ONLY;
} else if (STR_SAME(transport, MASTER_XPORT_NAME_FIFO)) {
serv->type = MASTER_SERV_TYPE_FIFO;
serv->listen_fd_count = 1;
serv->flags |= MASTER_FLAG_LOCAL_ONLY;
#ifdef MASTER_SERV_TYPE_PASS
} else if (STR_SAME(transport, MASTER_XPORT_NAME_PASS)) {
serv->type = MASTER_SERV_TYPE_PASS;
serv->listen_fd_count = 1;
/* If this is a connection screener, remote clients are likely. */
#endif
} else {
fatal_with_context("bad transport type: %s", transport);
}
/*
* Service class: public or private.
*/
private = get_bool_ent(&bufp, "private", "y");
static void postalias(char *map_type, char *path_name, int postalias_flags,
int open_flags, int dict_flags)
{
VSTREAM *NOCLOBBER source_fp;
VSTRING *line_buffer;
MKMAP *mkmap;
int lineno;
int last_line;
VSTRING *key_buffer;
VSTRING *value_buffer;
TOK822 *tok_list;
TOK822 *key_list;
TOK822 *colon;
TOK822 *value_list;
struct stat st;
mode_t saved_mask;
/*
* Initialize.
*/
line_buffer = vstring_alloc(100);
key_buffer = vstring_alloc(100);
value_buffer = vstring_alloc(100);
if ((open_flags & O_TRUNC) == 0) {
/* Incremental mode. */
source_fp = VSTREAM_IN;
vstream_control(source_fp, CA_VSTREAM_CTL_PATH("stdin"), CA_VSTREAM_CTL_END);
} else {
/* Create database. */
if (strcmp(map_type, DICT_TYPE_PROXY) == 0)
msg_fatal("can't create maps via the proxy service");
dict_flags |= DICT_FLAG_BULK_UPDATE;
if ((source_fp = vstream_fopen(path_name, O_RDONLY, 0)) == 0)
msg_fatal("open %s: %m", path_name);
}
if (fstat(vstream_fileno(source_fp), &st) < 0)
msg_fatal("fstat %s: %m", path_name);
/*
* Turn off group/other read permissions as indicated in the source file.
*/
if ((postalias_flags & POSTALIAS_FLAG_SAVE_PERM) && S_ISREG(st.st_mode))
saved_mask = umask(022 | (~st.st_mode & 077));
/*
* If running as root, run as the owner of the source file, so that the
* result shows proper ownership, and so that a bug in postalias does not
* allow privilege escalation.
*/
if ((postalias_flags & POSTALIAS_FLAG_AS_OWNER) && getuid() == 0
&& (st.st_uid != geteuid() || st.st_gid != getegid()))
set_eugid(st.st_uid, st.st_gid);
/*
* Open the database, create it when it does not exist, truncate it when
* it does exist, and lock out any spectators.
*/
mkmap = mkmap_open(map_type, path_name, open_flags, dict_flags);
/*
* And restore the umask, in case it matters.
*/
if ((postalias_flags & POSTALIAS_FLAG_SAVE_PERM) && S_ISREG(st.st_mode))
umask(saved_mask);
/*
* Trap "exceptions" so that we can restart a bulk-mode update after a
* recoverable error.
*/
for (;;) {
if (dict_isjmp(mkmap->dict) != 0
&& dict_setjmp(mkmap->dict) != 0
&& vstream_fseek(source_fp, SEEK_SET, 0) < 0)
msg_fatal("seek %s: %m", VSTREAM_PATH(source_fp));
/*
* Add records to the database.
*/
last_line = 0;
while (readllines(line_buffer, source_fp, &last_line, &lineno)) {
/*
* First some UTF-8 checks sans casefolding.
*/
if ((mkmap->dict->flags & DICT_FLAG_UTF8_ACTIVE)
&& !allascii(STR(line_buffer))
&& !valid_utf8_string(STR(line_buffer), LEN(line_buffer))) {
msg_warn("%s, line %d: non-UTF-8 input \"%s\""
" -- ignoring this line",
VSTREAM_PATH(source_fp), lineno, STR(line_buffer));
continue;
}
/*
* Tokenize the input, so that we do the right thing when a
* quoted localpart contains special characters such as "@", ":"
* and so on.
*/
if ((tok_list = tok822_scan(STR(line_buffer), (TOK822 **) 0)) == 0)
continue;
/*
* Enforce the key:value format. Disallow missing keys,
* multi-address keys, or missing values. In order to specify an
* empty string or value, enclose it in double quotes.
*/
if ((colon = tok822_find_type(tok_list, ':')) == 0
|| colon->prev == 0 || colon->next == 0
|| tok822_rfind_type(colon, ',')) {
msg_warn("%s, line %d: need name:value pair",
VSTREAM_PATH(source_fp), lineno);
tok822_free_tree(tok_list);
continue;
}
/*
* Key must be local. XXX We should use the Postfix rewriting and
* resolving services to handle all address forms correctly.
* However, we can't count on the mail system being up when the
* alias database is being built, so we're guessing a bit.
*/
if (tok822_rfind_type(colon, '@') || tok822_rfind_type(colon, '%')) {
msg_warn("%s, line %d: name must be local",
VSTREAM_PATH(source_fp), lineno);
tok822_free_tree(tok_list);
continue;
}
/*
* Split the input into key and value parts, and convert from
* token representation back to string representation. Convert
* the key to internal (unquoted) form, because the resolver
* produces addresses in internal form. Convert the value to
* external (quoted) form, because it will have to be re-parsed
* upon lookup. Discard the token representation when done.
*/
key_list = tok_list;
tok_list = 0;
value_list = tok822_cut_after(colon);
tok822_unlink(colon);
tok822_free(colon);
tok822_internalize(key_buffer, key_list, TOK822_STR_DEFL);
tok822_free_tree(key_list);
tok822_externalize(value_buffer, value_list, TOK822_STR_DEFL);
tok822_free_tree(value_list);
/*
* Store the value under a case-insensitive key.
*/
mkmap_append(mkmap, STR(key_buffer), STR(value_buffer));
if (mkmap->dict->error)
msg_fatal("table %s:%s: write error: %m",
mkmap->dict->type, mkmap->dict->name);
}
break;
}
/*
* Update or append sendmail and NIS signatures.
*/
if ((open_flags & O_TRUNC) == 0)
mkmap->dict->flags |= DICT_FLAG_DUP_REPLACE;
/*
* Sendmail compatibility: add the @:@ signature to indicate that the
* database is complete. This might be needed by NIS clients running
* sendmail.
*/
mkmap_append(mkmap, "@", "@");
if (mkmap->dict->error)
msg_fatal("table %s:%s: write error: %m",
mkmap->dict->type, mkmap->dict->name);
/*
* NIS compatibility: add time and master info. Unlike other information,
* this information MUST be written without a trailing null appended to
* key or value.
*/
mkmap->dict->flags &= ~DICT_FLAG_TRY1NULL;
mkmap->dict->flags |= DICT_FLAG_TRY0NULL;
vstring_sprintf(value_buffer, "%010ld", (long) time((time_t *) 0));
#if (defined(HAS_NIS) || defined(HAS_NISPLUS))
mkmap->dict->flags &= ~DICT_FLAG_FOLD_FIX;
mkmap_append(mkmap, "YP_LAST_MODIFIED", STR(value_buffer));
mkmap_append(mkmap, "YP_MASTER_NAME", var_myhostname);
#endif
/*
* Close the alias database, and release the lock.
*/
mkmap_close(mkmap);
/*
* Cleanup. We're about to terminate, but it is a good sanity check.
*/
vstring_free(value_buffer);
vstring_free(key_buffer);
vstring_free(line_buffer);
if (source_fp != VSTREAM_IN)
vstream_fclose(source_fp);
}
DICT *dict_cidr_open(const char *mapname, int open_flags, int dict_flags)
{
const char myname[] = "dict_cidr_open";
DICT_CIDR *dict_cidr;
VSTREAM *map_fp = 0;
struct stat st;
VSTRING *line_buffer = 0;
VSTRING *why = 0;
DICT_CIDR_ENTRY *rule;
DICT_CIDR_ENTRY *last_rule = 0;
int last_line = 0;
int lineno;
int nesting = 0;
DICT_CIDR_ENTRY **rule_stack = 0;
MVECT mvect;
/*
* Let the optimizer worry about eliminating redundant code.
*/
#define DICT_CIDR_OPEN_RETURN(d) do { \
DICT *__d = (d); \
if (map_fp != 0 && vstream_fclose(map_fp)) \
msg_fatal("cidr map %s: read error: %m", mapname); \
if (line_buffer != 0) \
vstring_free(line_buffer); \
if (why != 0) \
vstring_free(why); \
return (__d); \
} while (0)
/*
* Sanity checks.
*/
if (open_flags != O_RDONLY)
DICT_CIDR_OPEN_RETURN(dict_surrogate(DICT_TYPE_CIDR, mapname,
open_flags, dict_flags,
"%s:%s map requires O_RDONLY access mode",
DICT_TYPE_CIDR, mapname));
/*
* Open the configuration file.
*/
if ((map_fp = vstream_fopen(mapname, O_RDONLY, 0)) == 0)
DICT_CIDR_OPEN_RETURN(dict_surrogate(DICT_TYPE_CIDR, mapname,
open_flags, dict_flags,
"open %s: %m", mapname));
if (fstat(vstream_fileno(map_fp), &st) < 0)
msg_fatal("fstat %s: %m", mapname);
line_buffer = vstring_alloc(100);
why = vstring_alloc(100);
/*
* XXX Eliminate unnecessary queries by setting a flag that says "this
* map matches network addresses only".
*/
dict_cidr = (DICT_CIDR *) dict_alloc(DICT_TYPE_CIDR, mapname,
sizeof(*dict_cidr));
dict_cidr->dict.lookup = dict_cidr_lookup;
dict_cidr->dict.close = dict_cidr_close;
dict_cidr->dict.flags = dict_flags | DICT_FLAG_PATTERN;
dict_cidr->head = 0;
dict_cidr->dict.owner.uid = st.st_uid;
dict_cidr->dict.owner.status = (st.st_uid != 0);
while (readllines(line_buffer, map_fp, &last_line, &lineno)) {
rule = dict_cidr_parse_rule(vstring_str(line_buffer), lineno,
nesting, why);
if (rule == 0) {
msg_warn("cidr map %s, line %d: %s: skipping this rule",
mapname, lineno, vstring_str(why));
continue;
}
if (rule->cidr_info.op == CIDR_MATCH_OP_IF) {
if (rule_stack == 0)
rule_stack = (DICT_CIDR_ENTRY **) mvect_alloc(&mvect,
sizeof(*rule_stack), nesting + 1,
(MVECT_FN) 0, (MVECT_FN) 0);
else
rule_stack =
(DICT_CIDR_ENTRY **) mvect_realloc(&mvect, nesting + 1);
rule_stack[nesting] = rule;
nesting++;
} else if (rule->cidr_info.op == CIDR_MATCH_OP_ENDIF) {
DICT_CIDR_ENTRY *if_rule;
if (nesting-- <= 0)
/* Already handled in dict_cidr_parse_rule(). */
msg_panic("%s: ENDIF without IF", myname);
if_rule = rule_stack[nesting];
if (if_rule->cidr_info.op != CIDR_MATCH_OP_IF)
msg_panic("%s: unexpected rule stack element type %d",
myname, if_rule->cidr_info.op);
if_rule->cidr_info.block_end = &(rule->cidr_info);
}
if (last_rule == 0)
dict_cidr->head = rule;
else
last_rule->cidr_info.next = &(rule->cidr_info);
last_rule = rule;
}
while (nesting-- > 0)
msg_warn("cidr map %s, line %d: IF has no matching ENDIF",
mapname, rule_stack[nesting]->lineno);
if (rule_stack)
(void) mvect_free(&mvect);
DICT_CIDR_OPEN_RETURN(DICT_DEBUG (&dict_cidr->dict));
}
