static void main_init(void) { struct module_dir_load_settings mod_set; void **sets; sets = master_service_settings_get_others(master_service); dict_settings = sets[0]; if (*dict_settings->dict_db_config != '\0') { /* for berkeley db library */ env_put(t_strconcat("DB_CONFIG=", dict_settings->dict_db_config, NULL)); } memset(&mod_set, 0, sizeof(mod_set)); mod_set.version = master_service_get_version_string(master_service); mod_set.require_init_funcs = TRUE; modules = module_dir_load(DICT_MODULE_DIR, NULL, &mod_set); module_dir_init(modules); /* Register only after loading modules. They may contain SQL drivers, which we'll need to register. */ dict_drivers_register_all(); }
static void main_preinit(void) { struct module_dir_load_settings mod_set; i_zero(&mod_set); mod_set.abi_version = DOVECOT_ABI_VERSION; mod_set.require_init_funcs = TRUE; modules = module_dir_load(STATS_MODULE_DIR, NULL, &mod_set); module_dir_init(modules); restrict_access_by_env(RESTRICT_ACCESS_FLAG_ALLOW_ROOT, NULL); restrict_access_allow_coredumps(TRUE); }
static void main_preinit(void) { struct module_dir_load_settings mod_set; memset(&mod_set, 0, sizeof(mod_set)); mod_set.abi_version = DOVECOT_ABI_VERSION; mod_set.require_init_funcs = TRUE; modules = module_dir_load(STATS_MODULE_DIR, NULL, &mod_set); module_dir_init(modules); restrict_access_by_env(NULL, FALSE); restrict_access_allow_coredumps(TRUE); }
void doveadm_load_modules(void) { struct module_dir_load_settings mod_set; /* some doveadm plugins have dependencies to mail plugins. we can load only those whose dependencies have been loaded earlier, the rest are ignored. */ memset(&mod_set, 0, sizeof(mod_set)); mod_set.abi_version = DOVECOT_ABI_VERSION; mod_set.require_init_funcs = TRUE; mod_set.debug = doveadm_debug; mod_set.ignore_dlopen_errors = TRUE; modules = module_dir_load_missing(modules, DOVEADM_MODULEDIR, NULL, &mod_set); module_dir_init(modules); }
bool dcrypt_initialize(const char *backend, const struct dcrypt_settings *set, const char **error_r) { struct module_dir_load_settings mod_set; const char *error; if (dcrypt_vfs != NULL) { return TRUE; } if (backend == NULL) backend = "openssl"; /* default for now */ if (set == NULL) set = &dcrypt_default_set; const char *implementation = t_strconcat("dcrypt_",backend,NULL); memset(&mod_set, 0, sizeof(mod_set)); mod_set.abi_version = DOVECOT_ABI_VERSION; mod_set.require_init_funcs = TRUE; if (module_dir_try_load_missing(&dcrypt_module, DCRYPT_MODULE_DIR, implementation, &mod_set, &error) < 0) { if (error_r != NULL) *error_r = error; return FALSE; } module_dir_init(dcrypt_module); i_assert(dcrypt_vfs != NULL); if (dcrypt_vfs->initialize != NULL) { if (!dcrypt_vfs->initialize(set, error_r)) { dcrypt_deinitialize(); return FALSE; } } /* Destroy SSL module after(most of) the others. Especially lib-fs backends may still want to access SSL module in their own atexit-callbacks. */ lib_atexit_priority(dcrypt_deinitialize, LIB_ATEXIT_PRIORITY_LOW); return TRUE; }
static int mail_storage_service_next_real(struct mail_storage_service_ctx *ctx, struct mail_storage_service_user *user, struct mail_user **mail_user_r) { struct mail_storage_service_privileges priv; const char *error; unsigned int len; bool disallow_root = (user->flags & MAIL_STORAGE_SERVICE_FLAG_DISALLOW_ROOT) != 0; bool temp_priv_drop = (user->flags & MAIL_STORAGE_SERVICE_FLAG_TEMP_PRIV_DROP) != 0; bool use_chroot; if (service_parse_privileges(ctx, user, &priv, &error) < 0) { i_error("%s", error); return -2; } if (*priv.home != '/' && *priv.home != '\0') { i_error("Relative home directory paths not supported: %s", priv.home); return -2; } /* we can't chroot if we want to switch between users. there's not much point either (from security point of view). but if we're already chrooted, we'll just have to continue and hope that the current chroot is the same as the wanted chroot */ use_chroot = !temp_priv_drop || restrict_access_get_current_chroot() != NULL; len = strlen(priv.chroot); if (len > 2 && strcmp(priv.chroot + len - 2, "/.") == 0 && strncmp(priv.home, priv.chroot, len - 2) == 0) { /* mail_chroot = /chroot/. means that the home dir already contains the chroot dir. remove it from home. */ if (use_chroot) { priv.home += len - 2; if (*priv.home == '\0') priv.home = "/"; priv.chroot = t_strndup(priv.chroot, len - 2); set_keyval(ctx, user, "mail_home", priv.home); set_keyval(ctx, user, "mail_chroot", priv.chroot); } } else if (len > 0 && !use_chroot) { /* we're not going to chroot. fix home directory so we can access it. */ if (*priv.home == '\0' || strcmp(priv.home, "/") == 0) priv.home = priv.chroot; else priv.home = t_strconcat(priv.chroot, priv.home, NULL); priv.chroot = ""; set_keyval(ctx, user, "mail_home", priv.home); } /* create ioloop context regardless of logging. it's also used by stats plugin. */ user->ioloop_ctx = io_loop_context_new(current_ioloop); if ((user->flags & MAIL_STORAGE_SERVICE_FLAG_NO_LOG_INIT) == 0) mail_storage_service_init_log(ctx, user, &priv); if ((user->flags & MAIL_STORAGE_SERVICE_FLAG_NO_RESTRICT_ACCESS) == 0) { if (service_drop_privileges(user, &priv, disallow_root, temp_priv_drop, FALSE, &error) < 0) { i_error("Couldn't drop privileges: %s", error); return -1; } if (!temp_priv_drop || (user->flags & MAIL_STORAGE_SERVICE_FLAG_ENABLE_CORE_DUMPS) != 0) restrict_access_allow_coredumps(TRUE); } /* privileges are dropped. initialize plugins that haven't been initialized yet. */ module_dir_init(mail_storage_service_modules); if (mail_storage_service_init_post(ctx, user, &priv, mail_user_r, &error) < 0) { i_error("User initialization failed: %s", error); return -2; } return 0; }