/* ========================================================================
* Copyright 1988-2008 University of Washington
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
*
* ========================================================================
*/
/*
* Program: UNIX environment routines
*
* Author: Mark Crispin
* UW Technology
* University of Washington
* Seattle, WA 98195
* Internet: MRC@Washington.EDU
*
* Date: 1 August 1988
* Last Edited: 15 May 2008
*/
#include <grp.h>
#include <signal.h>
#include <sys/wait.h>
/* in case stat.h is ancient */
#ifndef S_IRUSR
#define S_IRUSR S_IREAD
#endif
#ifndef S_IWUSR
#define S_IWUSR S_IWRITE
#endif
#ifndef S_IXUSR
#define S_IXUSR S_IEXEC
#endif
#ifndef S_IRGRP
#define S_IRGRP (S_IREAD >> 3)
#endif
#ifndef S_IWGRP
#define S_IWGRP (S_IWRITE >> 3)
#endif
#ifndef S_IXGRP
#define S_IXGRP (S_IEXEC >> 3)
#endif
#ifndef S_IROTH
#define S_IROTH (S_IREAD >> 6)
#endif
#ifndef S_IWOTH
#define S_IWOTH (S_IWRITE >> 6)
#endif
#ifndef S_IXOTH
#define S_IXOTH (S_IEXEC >> 6)
#endif
�
/* c-client environment parameters */
static char *myUserName = NIL; /* user name */
static char *myHomeDir = NIL; /* home directory name */
static char *myServerName = NIL;/* server name */
static char *myLocalHost = NIL; /* local host name */
static char *myNewsrc = NIL; /* newsrc file name */
static char *mailsubdir = NIL; /* mailbox subdirectory name */
static char *sysInbox = NIL; /* system inbox name */
static char *newsActive = NIL; /* news active file */
static char *newsSpool = NIL; /* news spool */
static char *blackBoxDir = NIL; /* black box directory name */
/* black box default home directory */
static char *blackBoxDefaultHome = NIL;
static char *sslCApath = NIL; /* non-standard CA path */
static short anonymous = NIL; /* is anonymous */
static short blackBox = NIL; /* is a black box */
static short closedBox = NIL; /* is a closed box (uses chroot() jail) */
static short restrictBox = NIL; /* is a restricted box */
static short has_no_life = NIL; /* is a cretin with no life */
/* block environment init */
static short block_env_init = NIL;
static short hideDotFiles = NIL;/* hide files whose names start with . */
/* advertise filesystem root */
static short advertisetheworld = NIL;
/* only advertise own mailboxes and #shared */
static short limitedadvertise = NIL;
/* disable automatic shared namespaces */
static short noautomaticsharedns = NIL;
static short no822tztext = NIL; /* disable RFC [2]822 timezone text */
/* client principals include service name */
static short kerb_cp_svr_name = NIL;
static long locktimeout = 5; /* default lock timeout in minutes */
/* default prototypes */
static MAILSTREAM *createProto = NIL;
static MAILSTREAM *appendProto = NIL;
/* default user flags */
static char *userFlags[NUSERFLAGS] = {NIL};
static NAMESPACE *nslist[3]; /* namespace list */
static int logtry = 3; /* number of server login tries */
/* block notification */
static blocknotify_t mailblocknotify = mm_blocknotify;
/* logout function */
static logouthook_t maillogouthook = NIL;
/* logout data */
static void *maillogoutdata = NIL;
/* allow user config files */
static short allowuserconfig = NIL;
/* 1 = disable plaintext, 2 = if not SSL */
static long disablePlaintext = NIL;
static long list_max_level = 20;/* maximum level of list recursion */
/* facility for syslog */
static int syslog_facility = LOG_MAIL;
�
/* Path of the privileged system lock program (mlock). Normally set by
* logic test.
*/
static char *lockpgm = LOCKPGM;
/* Directory used for shared locks. MUST be the same for all users of the
* system, and MUST be protected 1777. /var/tmp may be preferable on some
* systems.
*/
static const char *tmpdir = "/tmp";
/* Do not change shlock_mode. Doing so can cause mailbox corruption and
* denial of service. It also defeats the entire purpose of the shared
* lock mechanism. The right way to avoid shared locks is to set up a
* closed box (see the closedBox setting).
*/
/* shared lock mode */
static const int shlock_mode = S_IRUSR|S_IWUSR|S_IRGRP|S_IWGRP|S_IROTH|S_IWOTH;
/* It is STRONGLY recommended that you do not change dotlock_mode. Doing so
* can cause denial of service with old dot-lock files left lying around.
* However, since dot-locks are only used with traditional UNIX and MMDF
* formats which are not normally shared, it is much less harmful to tamper
* with this than with shlock_mode.
*/
/* dot-lock mode */
static long dotlock_mode = S_IRUSR|S_IWUSR|S_IRGRP|S_IWGRP|S_IROTH|S_IWOTH;
�
/* File/directory access and protection policies */
/* Unlike shlock_mode, the ????_protection modes are intended to be fully
* customizable according to site policy. The values here are recommended
* settings, based upon the documented purposes of the namespaces.
*/
/* user space - only owner can read/write */
static char *myMailboxDir = NIL;/* user space directory name */
/* default file protection */
static long mbx_protection = S_IRUSR|S_IWUSR;
/* default directory protection */
static long dir_protection = S_IRUSR|S_IWUSR|S_IXUSR;
/* user space for user "anonymous" */
/* anonymous home directory */
static char *anonymousHome = NIL;
/* #ftp - everybody can read, only owner can write */
static char *ftpHome = NIL; /* ftp export home directory */
/* default ftp file protection */
static long ftp_protection = S_IRUSR|S_IWUSR|S_IRGRP|S_IROTH;
static long ftp_dir_protection =/* default ftp directory protection */
S_IRUSR|S_IWUSR|S_IXUSR|S_IRGRP|S_IXGRP|S_IROTH|S_IXOTH;
/* #public - everybody can read/write */
static char *publicHome = NIL; /* public home directory */
static long public_protection = /* default public file protection */
S_IRUSR|S_IWUSR|S_IRGRP|S_IWGRP|S_IROTH|S_IWOTH;
/* default public directory protection */
static long public_dir_protection =
S_IRUSR|S_IWUSR|S_IXUSR|S_IRGRP|S_IWGRP|S_IXGRP|S_IROTH|S_IWOTH|S_IXOTH;
/* #shared/ - owner and group members can read/write */
static char *sharedHome = NIL; /* shared home directory */
/* default shared file protection */
static long shared_protection = S_IRUSR|S_IWUSR|S_IRGRP|S_IWGRP;
/* default shared directory protection */
static long shared_dir_protection =
S_IRUSR|S_IWUSR|S_IXUSR|S_IRGRP|S_IWGRP|S_IXGRP;
�
/* OS bug workarounds - should be avoided at all cost */
/* Don't set fcntlhangbug unless you really have to, since it risks mailbox
* corruption. The flocksim.c mechanism is designed to detect NFS access
* and no-op in that cases only, so this flag should be unnecessary.
*/
static short fcntlhangbug = NIL;/* flock() emulator using fcntl() is a no-op */
/* Don't set netfsstatbug unless you really have to, since it dramatically
* slows down traditional UNIX and MMDF mailbox performance.
*/
static short netfsstatbug = NIL;/* compensate for broken stat() on network
* filesystems (AFS and old NFS)
*/
/* Note: setting disableLockWarning means that you assert that the
* so-modified copy of this software will NEVER be used:
* 1) in conjunction with any software which expects .lock files
* 2) to access NFS-mounted files and directories
*
* Unless both of these conditions apply, then do not set this flag.
* Instead, read the FAQ (item 7.10) and either use 1777 protection
* on the mail spool, or install mlock.
*
* In addition, by setting this flag you also agree that you are fully
* legally and morally responsible when (not if) mail files are damaged
* as the result of your choice.
*
* The mlock tool exists for a reason. Use it.
*/
/* disable warning if can't make .lock file */
static short disableLockWarning = NIL;
�
/* UNIX Namespaces */
/* personal mh namespace */
static NAMESPACE nsmhf = {"#mh/",'/',NIL,NIL};
static NAMESPACE nsmh = {"#mhinbox",NIL,NIL,&nsmhf};
/* home namespace */
static NAMESPACE nshome = {"",'/',NIL,&nsmh};
/* UNIX other user namespace */
static NAMESPACE nsunixother = {"~",'/',NIL,NIL};
/* black box other user namespace */
static NAMESPACE nsblackother = {"/",'/',NIL,NIL};
/* public (anonymous OK) namespace */
static NAMESPACE nspublic = {"#public/",'/',NIL,NIL};
/* netnews namespace */
static NAMESPACE nsnews = {"#news.",'.',NIL,&nspublic};
/* FTP export namespace */
static NAMESPACE nsftp = {"#ftp/",'/',NIL,&nsnews};
/* shared (no anonymous) namespace */
static NAMESPACE nsshared = {"#shared/",'/',NIL,&nsftp};
/* world namespace */
static NAMESPACE nsworld = {"/",'/',NIL,&nsshared};
/* only shared and public namespaces */
static NAMESPACE nslimited = {"#shared/",'/',NIL,&nspublic};
#include "write.c" /* include safe writing routines */
#include "crexcl.c" /* include exclusive create */
#include "pmatch.c" /* include wildcard pattern matcher */
/* Get all authenticators */
#include "auths.c"
�
/* Environment manipulate parameters
* Accepts: function code
* function-dependent value
* Returns: function-dependent return value
*/
void *env_parameters (long function,void *value)
{
void *ret = NIL;
switch ((int) function) {
case GET_NAMESPACE:
ret = (void *) nslist;
break;
case SET_USERNAME:
if (myUserName) fs_give ((void **) &myUserName);
myUserName = cpystr ((char *) value);
case GET_USERNAME:
ret = (void *) myUserName;
break;
case SET_HOMEDIR:
if (myHomeDir) fs_give ((void **) &myHomeDir);
myHomeDir = cpystr ((char *) value);
case GET_HOMEDIR:
ret = (void *) myHomeDir;
break;
case SET_LOCALHOST:
if (myLocalHost) fs_give ((void **) &myLocalHost);
myLocalHost = cpystr ((char *) value);
case GET_LOCALHOST:
ret = (void *) myLocalHost;
break;
case SET_NEWSRC:
if (myNewsrc) fs_give ((void **) &myNewsrc);
myNewsrc = cpystr ((char *) value);
case GET_NEWSRC:
ret = (void *) myNewsrc;
break;
case SET_NEWSACTIVE:
if (newsActive) fs_give ((void **) &newsActive);
newsActive = cpystr ((char *) value);
case GET_NEWSACTIVE:
ret = (void *) newsActive;
break;
case SET_NEWSSPOOL:
if (newsSpool) fs_give ((void **) &newsSpool);
newsSpool = cpystr ((char *) value);
case GET_NEWSSPOOL:
ret = (void *) newsSpool;
break;
�
case SET_ANONYMOUSHOME:
if (anonymousHome) fs_give ((void **) &anonymousHome);
anonymousHome = cpystr ((char *) value);
case GET_ANONYMOUSHOME:
if (!anonymousHome) anonymousHome = cpystr (ANONYMOUSHOME);
ret = (void *) anonymousHome;
break;
case SET_FTPHOME:
if (ftpHome) fs_give ((void **) &ftpHome);
ftpHome = cpystr ((char *) value);
case GET_FTPHOME:
ret = (void *) ftpHome;
break;
case SET_PUBLICHOME:
if (publicHome) fs_give ((void **) &publicHome);
publicHome = cpystr ((char *) value);
case GET_PUBLICHOME:
ret = (void *) publicHome;
break;
case SET_SHAREDHOME:
if (sharedHome) fs_give ((void **) &sharedHome);
sharedHome = cpystr ((char *) value);
case GET_SHAREDHOME:
ret = (void *) sharedHome;
break;
case SET_SYSINBOX:
if (sysInbox) fs_give ((void **) &sysInbox);
sysInbox = cpystr ((char *) value);
case GET_SYSINBOX:
ret = (void *) sysInbox;
break;
case SET_SSLCAPATH: /* this can be set null */
if (sslCApath) fs_give ((void **) &sslCApath);
sslCApath = value ? cpystr ((char *) value) : value;
break;
case GET_SSLCAPATH:
ret = (void *) sslCApath;
break;
case SET_LISTMAXLEVEL:
list_max_level = (long) value;
case GET_LISTMAXLEVEL:
ret = (void *) list_max_level;
break;
�
case SET_MBXPROTECTION:
mbx_protection = (long) value;
case GET_MBXPROTECTION:
ret = (void *) mbx_protection;
break;
case SET_DIRPROTECTION:
dir_protection = (long) value;
case GET_DIRPROTECTION:
ret = (void *) dir_protection;
break;
case SET_LOCKPROTECTION:
dotlock_mode = (long) value;
case GET_LOCKPROTECTION:
ret = (void *) dotlock_mode;
break;
case SET_FTPPROTECTION:
ftp_protection = (long) value;
case GET_FTPPROTECTION:
ret = (void *) ftp_protection;
break;
case SET_PUBLICPROTECTION:
public_protection = (long) value;
case GET_PUBLICPROTECTION:
ret = (void *) public_protection;
break;
case SET_SHAREDPROTECTION:
shared_protection = (long) value;
case GET_SHAREDPROTECTION:
ret = (void *) shared_protection;
break;
case SET_FTPDIRPROTECTION:
ftp_dir_protection = (long) value;
case GET_FTPDIRPROTECTION:
ret = (void *) ftp_dir_protection;
break;
case SET_PUBLICDIRPROTECTION:
public_dir_protection = (long) value;
case GET_PUBLICDIRPROTECTION:
ret = (void *) public_dir_protection;
break;
case SET_SHAREDDIRPROTECTION:
shared_dir_protection = (long) value;
case GET_SHAREDDIRPROTECTION:
ret = (void *) shared_dir_protection;
break;
�
case SET_LOCKTIMEOUT:
locktimeout = (long) value;
case GET_LOCKTIMEOUT:
ret = (void *) locktimeout;
break;
case SET_DISABLEFCNTLLOCK:
fcntlhangbug = value ? T : NIL;
case GET_DISABLEFCNTLLOCK:
ret = (void *) (fcntlhangbug ? VOIDT : NIL);
break;
case SET_LOCKEACCESERROR:
disableLockWarning = value ? NIL : T;
case GET_LOCKEACCESERROR:
ret = (void *) (disableLockWarning ? NIL : VOIDT);
break;
case SET_HIDEDOTFILES:
hideDotFiles = value ? T : NIL;
case GET_HIDEDOTFILES:
ret = (void *) (hideDotFiles ? VOIDT : NIL);
break;
case SET_DISABLEPLAINTEXT:
disablePlaintext = (long) value;
case GET_DISABLEPLAINTEXT:
ret = (void *) disablePlaintext;
break;
case SET_CHROOTSERVER:
closedBox = value ? T : NIL;
case GET_CHROOTSERVER:
ret = (void *) (closedBox ? VOIDT : NIL);
break;
case SET_ADVERTISETHEWORLD:
advertisetheworld = value ? T : NIL;
case GET_ADVERTISETHEWORLD:
ret = (void *) (advertisetheworld ? VOIDT : NIL);
break;
case SET_LIMITEDADVERTISE:
limitedadvertise = value ? T : NIL;
case GET_LIMITEDADVERTISE:
ret = (void *) (limitedadvertise ? VOIDT : NIL);
break;
case SET_DISABLEAUTOSHAREDNS:
noautomaticsharedns = value ? T : NIL;
case GET_DISABLEAUTOSHAREDNS:
ret = (void *) (noautomaticsharedns ? VOIDT : NIL);
break;
case SET_DISABLE822TZTEXT:
no822tztext = value ? T : NIL;
case GET_DISABLE822TZTEXT:
ret = (void *) (no822tztext ? VOIDT : NIL);
break;
�
case SET_USERHASNOLIFE:
has_no_life = value ? T : NIL;
case GET_USERHASNOLIFE:
ret = (void *) (has_no_life ? VOIDT : NIL);
break;
case SET_KERBEROS_CP_SVR_NAME:
kerb_cp_svr_name = value ? T : NIL;
case GET_KERBEROS_CP_SVR_NAME:
ret = (void *) (kerb_cp_svr_name ? VOIDT : NIL);
break;
case SET_NETFSSTATBUG:
netfsstatbug = value ? T : NIL;
case GET_NETFSSTATBUG:
ret = (void *) (netfsstatbug ? VOIDT : NIL);
break;
case SET_BLOCKENVINIT:
block_env_init = value ? T : NIL;
case GET_BLOCKENVINIT:
ret = (void *) (block_env_init ? VOIDT : NIL);
break;
case SET_BLOCKNOTIFY:
mailblocknotify = (blocknotify_t) value;
case GET_BLOCKNOTIFY:
ret = (void *) mailblocknotify;
break;
case SET_LOGOUTHOOK:
maillogouthook = (logouthook_t) value;
case GET_LOGOUTHOOK:
ret = maillogouthook;
break;
case SET_LOGOUTDATA:
maillogoutdata = (void *) value;
case GET_LOGOUTDATA:
ret = maillogoutdata;
}
return ret;
}
�
/* Write current time
* Accepts: destination string
* optional format of day-of-week prefix
* format of date and time
* flag whether to append symbolic timezone
*/
static void do_date (char *date,char *prefix,char *fmt,int suffix)
{
time_t tn = time (0);
struct tm *t = gmtime (&tn);
int zone = t->tm_hour * 60 + t->tm_min;
int julian = t->tm_yday;
t = localtime (&tn); /* get local time now */
/* minus UTC minutes since midnight */
zone = t->tm_hour * 60 + t->tm_min - zone;
/* julian can be one of:
* 36x local time is December 31, UTC is January 1, offset -24 hours
* 1 local time is 1 day ahead of UTC, offset +24 hours
* 0 local time is same day as UTC, no offset
* -1 local time is 1 day behind UTC, offset -24 hours
* -36x local time is January 1, UTC is December 31, offset +24 hours
*/
if (julian = t->tm_yday -julian)
zone += ((julian < 0) == (abs (julian) == 1)) ? -24*60 : 24*60;
if (prefix) { /* want day of week? */
sprintf (date,prefix,days[t->tm_wday]);
date += strlen (date); /* make next sprintf append */
}
/* output the date */
sprintf (date,fmt,t->tm_mday,months[t->tm_mon],t->tm_year+1900,
t->tm_hour,t->tm_min,t->tm_sec,zone/60,abs (zone) % 60);
/* append timezone suffix if desired */
if (suffix) rfc822_timezone (date,(void *) t);
}
�
/* Write current time in RFC 822 format
* Accepts: destination string
*/
void rfc822_date (char *date)
{
do_date (date,"%s, ","%d %s %d %02d:%02d:%02d %+03d%02d",
no822tztext ? NIL : T);
}
/* Write current time in fixed-width RFC 822 format
* Accepts: destination string
*/
void rfc822_fixed_date (char *date)
{
do_date (date,NIL,"%02d %s %4d %02d:%02d:%02d %+03d%02d",NIL);
}
/* Write current time in internal format
* Accepts: destination string
*/
void internal_date (char *date)
{
do_date (date,NIL,"%02d-%s-%d %02d:%02d:%02d %+03d%02d",NIL);
}
�
/* Initialize server
* Accepts: server name for syslog or NIL
* /etc/services service name or NIL
* alternate /etc/services service name or NIL
* clock interrupt handler
* kiss-of-death interrupt handler
* hangup interrupt handler
* termination interrupt handler
*/
void server_init (char *server,char *service,char *sslservice,
void *clkint,void *kodint,void *hupint,void *trmint,
void *staint)
{
int onceonly = server && service && sslservice;
if (onceonly) { /* set server name in syslog */
int mask;
openlog (myServerName = cpystr (server),LOG_PID,syslog_facility);
fclose (stderr); /* possibly save a process ID */
dorc (NIL,NIL); /* do systemwide configuration */
switch (mask = umask (022)){/* check old umask */
case 0: /* definitely unreasonable */
case 022: /* don't need to change it */
break;
default: /* already was a reasonable value */
umask (mask); /* so change it back */
}
}
arm_signal (SIGALRM,clkint); /* prepare for clock interrupt */
arm_signal (SIGUSR2,kodint); /* prepare for Kiss Of Death */
arm_signal (SIGHUP,hupint); /* prepare for hangup */
arm_signal (SIGPIPE,hupint); /* alternative hangup */
arm_signal (SIGTERM,trmint); /* prepare for termination */
/* status dump */
if (staint) arm_signal (SIGUSR1,staint);
if (onceonly) { /* set up network and maybe SSL */
long port;
struct servent *sv;
/* Use SSL if SSL service, or if server starts with "s" and not service */
if (((port = tcp_serverport ()) >= 0)) {
if ((sv = getservbyname (service,"tcp")) && (port == ntohs (sv->s_port)))
syslog (LOG_DEBUG,"%s service init from %s",service,tcp_clientaddr ());
else if ((sv = getservbyname (sslservice,"tcp")) &&
(port == ntohs (sv->s_port))) {
syslog (LOG_DEBUG,"%s SSL service init from %s",sslservice,
tcp_clientaddr ());
ssl_server_init (server);
}
else { /* not service or SSL service port */
syslog (LOG_DEBUG,"port %ld service init from %s",port,
tcp_clientaddr ());
if (*server == 's') ssl_server_init (server);
}
}
}
}
�
/* Wait for stdin input
* Accepts: timeout in seconds
* Returns: T if have input on stdin, else NIL
*/
long server_input_wait (long seconds)
{
fd_set rfd,efd;
struct timeval tmo;
FD_ZERO (&rfd);
FD_ZERO (&efd);
FD_SET (0,&rfd);
FD_SET (0,&efd);
tmo.tv_sec = seconds; tmo.tv_usec = 0;
return select (1,&rfd,0,&efd,&tmo) ? LONGT : NIL;
}
�
/* Return UNIX password entry for user name
* Accepts: user name string
* Returns: password entry
*
* Tries all-lowercase form of user name if given user name fails
*/
static struct passwd *pwuser (unsigned char *user)
{
unsigned char *s;
struct passwd *pw = getpwnam (user);
if (!pw) { /* failed, see if any uppercase characters */
for (s = user; *s && ((*s < 'A') || (*s > 'Z')); s++);
if (*s) { /* yes, try all lowercase form */
pw = getpwnam (s = lcase (cpystr (user)));
fs_give ((void **) &s);
}
}
return pw;
}
/* Validate password for user name
* Accepts: user name string
* password string
* argument count
* argument vector
* Returns: password entry if validated
*
* Tries password+1 if password fails and starts with space
*/
static struct passwd *valpwd (char *user,char *pwd,int argc,char *argv[])
{
char *s;
struct passwd *pw;
struct passwd *ret = NIL;
if (auth_md5.server) { /* using CRAM-MD5 authentication? */
if (s = auth_md5_pwd (user)) {
if (!strcmp (s,pwd) || ((*pwd == ' ') && pwd[1] && !strcmp (s,pwd+1)))
ret = pwuser (user); /* validated, get passwd entry for user */
memset (s,0,strlen (s)); /* erase sensitive information */
fs_give ((void **) &s);
}
}
else if (pw = pwuser (user)) {/* can get user? */
s = cpystr (pw->pw_name); /* copy returned name in case we need it */
if (*pwd && !(ret = checkpw (pw,pwd,argc,argv)) &&
(*pwd == ' ') && pwd[1] && (ret = pwuser (s)))
ret = checkpw (pw,pwd+1,argc,argv);
fs_give ((void **) &s); /* don't need copy of name any more */
}
return ret;
}
�
/* Server log in
* Accepts: user name string
* password string
* authenticating user name string
* argument count
* argument vector
* Returns: T if password validated, NIL otherwise
*/
long server_login (char *user,char *pwd,char *authuser,int argc,char *argv[])
{
struct passwd *pw = NIL;
int level = LOG_NOTICE;
char *err = "failed";
/* cretins still haven't given up */
if ((strlen (user) >= NETMAXUSER) ||
(authuser && (strlen (authuser) >= NETMAXUSER))) {
level = LOG_ALERT; /* escalate this alert */
err = "SYSTEM BREAK-IN ATTEMPT";
logtry = 0; /* render this session useless */
}
else if (logtry-- <= 0) err = "excessive login failures";
else if (disablePlaintext) err = "disabled";
else if (!(authuser && *authuser)) pw = valpwd (user,pwd,argc,argv);
else if (valpwd (authuser,pwd,argc,argv)) pw = pwuser (user);
if (pw && pw_login (pw,authuser,pw->pw_name,NIL,argc,argv)) return T;
syslog (level|LOG_AUTH,"Login %s user=%.64s auth=%.64s host=%.80s",err,
user,(authuser && *authuser) ? authuser : user,tcp_clienthost ());
sleep (3); /* slow down possible cracker */
return NIL;
}
�
/* Authenticated server log in
* Accepts: user name string
* authenticating user name string
* argument count
* argument vector
* Returns: T if password validated, NIL otherwise
*/
long authserver_login (char *user,char *authuser,int argc,char *argv[])
{
return pw_login (pwuser (user),authuser,user,NIL,argc,argv);
}
/* Log in as anonymous daemon
* Accepts: argument count
* argument vector
* Returns: T if successful, NIL if error
*/
long anonymous_login (int argc,char *argv[])
{
/* log in Mr. A. N. Onymous */
return pw_login (getpwnam (ANONYMOUSUSER),NIL,NIL,
(char *) mail_parameters (NIL,GET_ANONYMOUSHOME,NIL),
argc,argv);
}
�
/* Finish log in and environment initialization
* Accepts: passwd struct for loginpw()
* optional authentication user name
* user name (NIL for anonymous)
* home directory (NIL to use directory from passwd struct)
* argument count
* argument vector
* Returns: T if successful, NIL if error
*/
long pw_login (struct passwd *pw,char *auser,char *user,char *home,int argc,
char *argv[])
{
struct group *gr;
char **t;
long ret = NIL;
if (pw && pw->pw_uid) { /* must have passwd struct for non-UID 0 */
/* make safe copies of user and home */
if (user) user = cpystr (pw->pw_name);
home = cpystr (home ? home : pw->pw_dir);
/* authorization ID .NE. authentication ID? */
if (user && auser && *auser && compare_cstring (auser,user)) {
/* scan list of mail administrators */
if ((gr = getgrnam (ADMINGROUP)) && (t = gr->gr_mem)) while (*t && !ret)
if (!compare_cstring (auser,*t++))
ret = pw_login (pw,NIL,user,home,argc,argv);
syslog (LOG_NOTICE|LOG_AUTH,"%s %.80s override of user=%.80s host=%.80s",
ret ? "Admin" : "Failed",auser,user,tcp_clienthost ());
}
else if (closedBox) { /* paranoid site, lock out other directories */
if (chdir (home) || chroot (home))
syslog (LOG_NOTICE|LOG_AUTH,
"Login %s failed: unable to set chroot=%.80s host=%.80s",
pw->pw_name,home,tcp_clienthost ());
else if (loginpw (pw,argc,argv)) ret = env_init (user,NIL);
else fatal ("Login failed after chroot");
}
/* normal login */
else if (((pw->pw_uid == geteuid ()) || loginpw (pw,argc,argv)) &&
(ret = env_init (user,home))) chdir (myhomedir ());
fs_give ((void **) &home); /* clean up */
if (user) fs_give ((void **) &user);
}
endpwent (); /* in case shadow passwords in pw data */
return ret; /* return status */
}
�
/* Initialize environment
* Accepts: user name (NIL for anonymous)
* home directory name
* Returns: T, always
*/
long env_init (char *user,char *home)
{
extern MAILSTREAM CREATEPROTO;
extern MAILSTREAM EMPTYPROTO;
struct passwd *pw;
struct stat sbuf;
char tmp[MAILTMPLEN];
/* don't init if blocked */
if (block_env_init) return LONGT;
if (myUserName) fatal ("env_init called twice!");
/* initially nothing in namespace list */
nslist[0] = nslist[1] = nslist[2] = NIL;
/* myUserName must be set before dorc() call */
myUserName = cpystr (user ? user : ANONYMOUSUSER);
/* force default prototypes to be set */
if (!createProto) createProto = &CREATEPROTO;
if (!appendProto) appendProto = &EMPTYPROTO;
dorc (NIL,NIL); /* do systemwide configuration */
if (!home) { /* closed box server */
/* standard user can only reference home */
if (user) nslist[0] = &nshome;
else { /* anonymous user */
nslist[0] = &nsblackother; /* set root */
anonymous = T; /* flag as anonymous */
}
myHomeDir = cpystr (""); /* home directory is root */
sysInbox = cpystr ("INBOX");/* make system INBOX */
}
else { /* open or black box */
closedBox = NIL; /* definitely not a closed box */
if (user) { /* remember user name and home directory */
if (blackBoxDir) { /* build black box directory name */
sprintf (tmp,"%s/%s",blackBoxDir,myUserName);
/* must exist */
if (!((!stat (home = tmp,&sbuf) && (sbuf.st_mode & S_IFDIR)) ||
(blackBoxDefaultHome &&
!stat (home = blackBoxDefaultHome,&sbuf) &&
(sbuf.st_mode & S_IFDIR)))) fatal ("no home");
sysInbox = (char *) fs_get (strlen (home) + 7);
/* set system INBOX */
sprintf (sysInbox,"%s/INBOX",home);
blackBox = T; /* mark that it's a black box */
/* mbox meaningless if black box */
mail_parameters (NIL,DISABLE_DRIVER,(void *) "mbox");
}
nslist[0] = &nshome; /* home namespace */
/* limited advertise namespaces */
if (limitedadvertise) nslist[2] = &nslimited;
else if (blackBox) { /* black box namespaces */
nslist[1] = &nsblackother;
nslist[2] = &nsshared;
}
else { /* open box namespaces */
nslist[1] = &nsunixother;
nslist[2] = advertisetheworld ? &nsworld : &nsshared;
}
}
else {
nslist[2] = &nsftp; /* anonymous user */
sprintf (tmp,"%s/INBOX",
home = (char *) mail_parameters (NIL,GET_ANONYMOUSHOME,NIL));
sysInbox = cpystr (tmp); /* make system INBOX */
anonymous = T; /* flag as anonymous */
}
myHomeDir = cpystr (home); /* set home directory */
}
�
if (allowuserconfig) { /* allow user config files */
dorc (strcat (strcpy (tmp,myHomeDir),"/.mminit"),T);
dorc (strcat (strcpy (tmp,myHomeDir),"/.imaprc"),NIL);
}
if (!closedBox && !noautomaticsharedns) {
/* #ftp namespace */
if (!ftpHome && (pw = getpwnam ("ftp"))) ftpHome = cpystr (pw->pw_dir);
/* #public namespace */
if (!publicHome && (pw = getpwnam ("imappublic")))
publicHome = cpystr (pw->pw_dir);
/* #shared namespace */
if (!anonymous && !sharedHome && (pw = getpwnam ("imapshared")))
sharedHome = cpystr (pw->pw_dir);
}
if (!myLocalHost) mylocalhost ();
if (!myNewsrc) myNewsrc = cpystr(strcat (strcpy (tmp,myHomeDir),"/.newsrc"));
if (!newsActive) newsActive = cpystr (ACTIVEFILE);
if (!newsSpool) newsSpool = cpystr (NEWSSPOOL);
/* re-do open action to get flags */
(*createProto->dtb->open) (NIL);
endpwent (); /* close pw database */
return T;
}
�
/* Return my user name
* Accepts: pointer to optional flags
* Returns: my user name
*/
char *myusername_full (unsigned long *flags)
{
struct passwd *pw;
struct stat sbuf;
char *s;
unsigned long euid;
char *ret = UNLOGGEDUSER;
/* no user name yet and not root? */
if (!myUserName && (euid = geteuid ())) {
/* yes, look up getlogin() user name or EUID */
if (((s = (char *) getlogin ()) && *s && (strlen (s) < NETMAXUSER) &&
(pw = getpwnam (s)) && (pw->pw_uid == euid)) ||
(pw = getpwuid (euid))) {
if (block_env_init) { /* don't env_init if blocked */
if (flags) *flags = MU_LOGGEDIN;
return pw->pw_name;
}
env_init (pw->pw_name,
((s = getenv ("HOME")) && *s && (strlen (s) < NETMAXMBX) &&
!stat (s,&sbuf) && ((sbuf.st_mode & S_IFMT) == S_IFDIR)) ?
s : pw->pw_dir);
}
else fatal ("Unable to look up user name");
}
if (myUserName) { /* logged in? */
if (flags) *flags = anonymous ? MU_ANONYMOUS : MU_LOGGEDIN;
ret = myUserName; /* return user name */
}
else if (flags) *flags = MU_NOTLOGGEDIN;
return ret;
}
/* Return my local host name
* Returns: my local host name
*/
char *mylocalhost ()
{
if (!myLocalHost) {
char *s,tmp[MAILTMPLEN];
char *t = "unknown";
tmp[0] = tmp[MAILTMPLEN-1] = '\0';
if (!gethostname (tmp,MAILTMPLEN-1) && tmp[0]) {
/* sanity check of name */
for (s = tmp; (*s > 0x20) && (*s < 0x7f); ++s);
if (!*s) t = tcp_canonical (tmp);
}
myLocalHost = cpystr (t);
}
return myLocalHost;
}
�
/* Return my home directory name
* Returns: my home directory name
*/
char *myhomedir ()
{
if (!myHomeDir) myusername ();/* initialize if first time */
return myHomeDir ? myHomeDir : "";
}
/* Return my home mailbox name
* Returns: my home directory name
*/
static char *mymailboxdir ()
{
char *home = myhomedir ();
/* initialize if first time */
if (!myMailboxDir && myHomeDir) {
if (mailsubdir) {
char tmp[MAILTMPLEN];
sprintf (tmp,"%s/%s",home,mailsubdir);
myMailboxDir = cpystr (tmp);/* use pre-defined subdirectory of home */
}
else myMailboxDir = cpystr (home);
}
return myMailboxDir ? myMailboxDir : "";
}
/* Return system standard INBOX
* Accepts: buffer string
*/
char *sysinbox ()
{
char tmp[MAILTMPLEN];
if (!sysInbox) { /* initialize if first time */
sprintf (tmp,"%s/%s",MAILSPOOL,myusername ());
sysInbox = cpystr (tmp); /* system inbox is from mail spool */
}
return sysInbox;
}
�
/* Return mailbox directory name
* Accepts: destination buffer
* directory prefix
* name in directory
* Returns: file name or NIL if error
*/
char *mailboxdir (char *dst,char *dir,char *name)
{
char tmp[MAILTMPLEN];
if (dir || name) { /* if either argument provided */
if (dir) {
if (strlen (dir) > NETMAXMBX) return NIL;
strcpy (tmp,dir); /* write directory prefix */
}
else tmp[0] = '\0'; /* otherwise null string */
if (name) {
if (strlen (name) > NETMAXMBX) return NIL;
strcat (tmp,name); /* write name in directory */
}
/* validate name, return its name */
if (!mailboxfile (dst,tmp)) return NIL;
}
/* no arguments, wants mailbox directory */
else strcpy (dst,mymailboxdir ());
return dst; /* return the name */
}
�
/* Return mailbox file name
* Accepts: destination buffer
* mailbox name
* Returns: file name or empty string for driver-selected INBOX or NIL if error
*/
char *mailboxfile (char *dst,char *name)
{
struct passwd *pw;
char *s;
if (!name || !*name || (*name == '{') || (strlen (name) > NETMAXMBX) ||
((anonymous || blackBox || restrictBox || (*name == '#')) &&
(strstr (name,"..") || strstr (name,"//") || strstr (name,"/~"))))
dst = NIL; /* invalid name */
else switch (*name) { /* determine mailbox type based upon name */
case '#': /* namespace name */
/* #ftp/ namespace */
if (((name[1] == 'f') || (name[1] == 'F')) &&
((name[2] == 't') || (name[2] == 'T')) &&
((name[3] == 'p') || (name[3] == 'P')) &&
(name[4] == '/') && ftpHome) sprintf (dst,"%s/%s",ftpHome,name+5);
/* #public/ and #shared/ namespaces */
else if ((((name[1] == 'p') || (name[1] == 'P')) &&
((name[2] == 'u') || (name[2] == 'U')) &&
((name[3] == 'b') || (name[3] == 'B')) &&
((name[4] == 'l') || (name[4] == 'L')) &&
((name[5] == 'i') || (name[5] == 'I')) &&
((name[6] == 'c') || (name[6] == 'C')) &&
(name[7] == '/') && (s = publicHome)) ||
(!anonymous && ((name[1] == 's') || (name[1] == 'S')) &&
((name[2] == 'h') || (name[2] == 'H')) &&
((name[3] == 'a') || (name[3] == 'A')) &&
((name[4] == 'r') || (name[4] == 'R')) &&
((name[5] == 'e') || (name[5] == 'E')) &&
((name[6] == 'd') || (name[6] == 'D')) &&
(name[7] == '/') && (s = sharedHome)))
sprintf (dst,"%s/%s",s,compare_cstring (name+8,"INBOX") ?
name+8 : "INBOX");
else dst = NIL; /* unknown namespace */
break;
�
case '/': /* root access */
if (anonymous) dst = NIL; /* anonymous forbidden to do this */
else if (blackBox) { /* other user access if blackbox */
if (restrictBox & RESTRICTOTHERUSER) dst = NIL;
/* see if other user INBOX */
else if ((s = strchr (name+1,'/')) && !compare_cstring (s+1,"INBOX")) {
*s = '\0'; /* temporarily tie off string */
sprintf (dst,"%s/%s/INBOX",blackBoxDir,name+1);
*s = '/'; /* in case caller cares */
}
else sprintf (dst,"%s/%s",blackBoxDir,name+1);
}
else if ((restrictBox & RESTRICTROOT) && strcmp (name,sysinbox ()))
dst = NIL; /* restricted and not access to sysinbox */
else strcpy (dst,name); /* unrestricted, copy root name */
break;
case '~': /* other user access */
/* bad syntax or anonymous can't win */
if (!*++name || anonymous) dst = NIL;
/* ~/ equivalent to ordinary name */
else if (*name == '/') sprintf (dst,"%s/%s",mymailboxdir (),name+1);
/* other user forbidden if closed/restricted */
else if (closedBox || (restrictBox & RESTRICTOTHERUSER)) dst = NIL;
else if (blackBox) { /* black box form of other user */
/* see if other user INBOX */
if ((s = strchr (name,'/')) && compare_cstring (s+1,"INBOX")) {
*s = '\0'; /* temporarily tie off string */
sprintf (dst,"%s/%s/INBOX",blackBoxDir,name);
*s = '/'; /* in case caller cares */
}
else sprintf (dst,"%s/%s",blackBoxDir,name);
}
else { /* clear box other user */
/* copy user name */
for (s = dst; *name && (*name != '/'); *s++ = *name++);
*s++ = '\0'; /* tie off user name, look up in passwd file */
if ((pw = getpwnam (dst)) && pw->pw_dir) {
if (*name) name++; /* skip past the slash */
/* canonicalize case of INBOX */
if (!compare_cstring (name,"INBOX")) name = "INBOX";
/* remove trailing / from directory */
if ((s = strrchr (pw->pw_dir,'/')) && !s[1]) *s = '\0';
/* don't allow ~root/ if restricted root */
if ((restrictBox & RESTRICTROOT) && !*pw->pw_dir) dst = NIL;
/* build final name w/ subdir if needed */
else if (mailsubdir) sprintf (dst,"%s/%s/%s",pw->pw_dir,mailsubdir,name);
else sprintf (dst,"%s/%s",pw->pw_dir,name);
}
else dst = NIL; /* no such user */
}
break;
�
case 'I': case 'i': /* possible INBOX */
if (!compare_cstring (name+1,"NBOX")) {
/* if restricted, use INBOX in mailbox dir */
if (anonymous || blackBox || closedBox)
sprintf (dst,"%s/INBOX",mymailboxdir ());
else *dst = '\0'; /* otherwise driver selects the name */
break;
}
/* drop into to ordinary name case */
default: /* ordinary name is easy */
sprintf (dst,"%s/%s",mymailboxdir (),name);
break;
}
return dst; /* return final name */
}
�
/* Dot-lock file locker
* Accepts: file name to lock
* destination buffer for lock file name
* open file description on file name to lock
* Returns: T if success, NIL if failure
*/
long dotlock_lock (char *file,DOTLOCK *base,int fd)
{
int i = locktimeout * 60;
int j,mask,retry,pi[2],po[2];
char *s,tmp[MAILTMPLEN];
struct stat sb;
/* flush absurd file name */
if (strlen (file) > 512) return NIL;
/* build lock filename */
sprintf (base->lock,"%s.lock",file);
/* assume no pipe */
base->pipei = base->pipeo = -1;
do { /* make sure not symlink */
if (!(j = chk_notsymlink (base->lock,&sb))) return NIL;
/* time out if file older than 5 minutes */
if ((j > 0) && ((time (0)) >= (sb.st_ctime + locktimeout * 60))) i = 0;
/* try to create the lock */
switch (retry = crexcl (base->lock)) {
case -1: /* OK to retry */
if (!(i%15)) { /* time to notify? */
sprintf (tmp,"Mailbox %.80s is locked, will override in %d seconds...",
file,i);
MM_LOG (tmp,WARN);
}
sleep (1); /* wait 1 second before next try */
break;
case NIL: /* failure, can't retry */
i = 0;
break;
case T: /* success, make sure others can break lock */
chmod (base->lock,(int) dotlock_mode);
return LONGT;
}
} while (i--); /* until out of retries */
if (retry < 0) { /* still returning retry after locktimeout? */
if (!(j = chk_notsymlink (base->lock,&sb))) return NIL;
if ((j > 0) && ((time (0)) < (sb.st_ctime + locktimeout * 60))) {
sprintf (tmp,"Mailbox vulnerable - seizing %ld second old lock",
(long) (time (0) - sb.st_ctime));
MM_LOG (tmp,WARN);
}
mask = umask (0); /* want our lock protection */
unlink (base->lock); /* try to remove the old file */
/* seize the lock */
if ((i = open (base->lock,O_WRONLY|O_CREAT,(int) dotlock_mode)) >= 0) {
close (i); /* don't need descriptor any more */
sprintf (tmp,"Mailbox %.80s lock overridden",file);
MM_LOG (tmp,NIL);
chmod (base->lock,(int) dotlock_mode);
umask (mask); /* restore old umask */
return LONGT;
}
umask (mask); /* restore old umask */
}
�
if (fd >= 0) switch (errno) {
case EACCES: /* protection failure? */
MM_CRITICAL (NIL); /* go critical */
if (closedBox || !lockpgm); /* can't do on closed box or disabled */
else if ((*lockpgm && stat (lockpgm,&sb)) ||
(!*lockpgm && stat (lockpgm = LOCKPGM1,&sb) &&
stat (lockpgm = LOCKPGM2,&sb) && stat (lockpgm = LOCKPGM3,&sb)))
lockpgm = NIL; /* disable if can't find lockpgm */
else if (pipe (pi) >= 0) { /* make command pipes */
long cf;
char *argv[4],arg[20];
/* if input pipes usable create output pipes */
if ((pi[0] < FD_SETSIZE) && (pi[1] < FD_SETSIZE) && (pipe (po) >= 0)) {
/* make sure output pipes are usable */
if ((po[0] >= FD_SETSIZE) || (po[1] >= FD_SETSIZE));
/* all is good, make inferior process */
else if (!(j = fork ())) {
if (!fork ()) { /* make grandchild so it's inherited by init */
/* prepare argument vector */
sprintf (arg,"%d",fd);
argv[0] = lockpgm; argv[1] = arg;
argv[2] = file; argv[3] = NIL;
/* set parent's I/O to my O/I */
dup2 (pi[1],1); dup2 (pi[1],2); dup2 (po[0],0);
/* close all unnecessary descriptors */
for (cf = max (20,max (max (pi[0],pi[1]),max(po[0],po[1])));
cf >= 3; --cf) if (cf != fd) close (cf);
/* be our own process group */
setpgrp (0,getpid ());
/* now run it */
_exit (execv (argv[0],argv));
}
_exit (1); /* child is done */
}
else if (j > 0) { /* parent process */
fd_set rfd;
struct timeval tmo;
FD_ZERO (&rfd);
FD_SET (pi[0],&rfd);
tmo.tv_sec = locktimeout * 60;
grim_pid_reap (j,NIL);/* reap child; grandchild now owned by init */
/* read response from locking program */
if (select (pi[0]+1,&rfd,0,0,&tmo) &&
(read (pi[0],tmp,1) == 1) && (tmp[0] == '+')) {
/* success, record pipes */
base->pipei = pi[0]; base->pipeo = po[1];
/* close child's side of the pipes */
close (pi[1]); close (po[0]);
MM_NOCRITICAL (NIL);/* no longer critical */
return LONGT;
}
}
close (po[0]); close (po[1]);
}
close (pi[0]); close (pi[1]);
}
�
MM_NOCRITICAL (NIL); /* no longer critical */
/* find directory/file delimiter */
if (s = strrchr (base->lock,'/')) {
*s = '\0'; /* tie off at directory */
sprintf(tmp, /* generate default message */
"Mailbox vulnerable - directory %.80s must have 1777 protection",
base->lock);
/* definitely not 1777 if can't stat */
mask = stat (base->lock,&sb) ? 0 : (sb.st_mode & 1777);
*s = '/'; /* restore lock name */
if (mask != 1777) { /* default warning if not 1777 */
if (!disableLockWarning) MM_LOG (tmp,WARN);
break;
}
}
default:
sprintf (tmp,"Mailbox vulnerable - error creating %.80s: %s",
base->lock,strerror (errno));
if (!disableLockWarning) MM_LOG (tmp,WARN);
break;
}
base->lock[0] = '\0'; /* don't use lock files */
return NIL;
}
�
/* Dot-lock file unlocker
* Accepts: lock file name
* Returns: T if success, NIL if failure
*/
long dotlock_unlock (DOTLOCK *base)
{
long ret = LONGT;
if (base && base->lock[0]) {
if (base->pipei >= 0) { /* if running through a pipe unlocker */
ret = (write (base->pipeo,"+",1) == 1);
/* nuke the pipes */
close (base->pipei); close (base->pipeo);
}
else ret = !unlink (base->lock);
}
return ret;
}
�
/* Lock file name
* Accepts: scratch buffer
* file name
* type of locking operation (LOCK_SH or LOCK_EX)
* pointer to return PID of locker
* Returns: file descriptor of lock or negative if error
*/
int lockname (char *lock,char *fname,int op,long *pid)
{
struct stat sbuf;
*pid = 0; /* no locker PID */
return stat (fname,&sbuf) ? -1 : lock_work (lock,&sbuf,op,pid);
}
/* Lock file descriptor
* Accepts: file descriptor
* lock file name buffer
* type of locking operation (LOCK_SH or LOCK_EX)
* Returns: file descriptor of lock or negative if error
*/
int lockfd (int fd,char *lock,int op)
{
struct stat sbuf;
return fstat (fd,&sbuf) ? -1 : lock_work (lock,&sbuf,op,NIL);
}
�
/* Lock file name worker
* Accepts: lock file name
* pointer to stat() buffer
* type of locking operation (LOCK_SH or LOCK_EX)
* pointer to return PID of locker
* Returns: file descriptor of lock or negative if error
*/
int lock_work (char *lock,void *sb,int op,long *pid)
{
struct stat lsb,fsb;
struct stat *sbuf = (struct stat *) sb;
char tmp[MAILTMPLEN];
long i;
int fd;
int mask = umask (0);
if (pid) *pid = 0; /* initialize return PID */
/* make temporary lock file name */
sprintf (lock,"%s/.%lx.%lx",closedBox ? "" : tmpdir,
(unsigned long) sbuf->st_dev,(unsigned long) sbuf->st_ino);
while (T) { /* until get a good lock */
do switch ((int) chk_notsymlink (lock,&lsb)) {
case 1: /* exists just once */
if (((fd = open (lock,O_RDWR,shlock_mode)) >= 0) ||
(errno != ENOENT) || (chk_notsymlink (lock,&lsb) >= 0)) break;
case -1: /* name doesn't exist */
fd = open (lock,O_RDWR|O_CREAT|O_EXCL,shlock_mode);
break;
default: /* multiple hard links */
MM_LOG ("hard link to lock name",ERROR);
syslog (LOG_CRIT,"SECURITY PROBLEM: hard link to lock name: %.80s",lock);
case 0: /* symlink (already did syslog) */
umask (mask); /* restore old mask */
return -1; /* fail: no lock file */
} while ((fd < 0) && (errno == EEXIST));
if (fd < 0) { /* failed to get file descriptor */
syslog (LOG_INFO,"Mailbox lock file %s open failure: %s",lock,
strerror (errno));
if (!closedBox) { /* more explicit snarl for bad configuration */
if (stat (tmpdir,&lsb))
syslog (LOG_CRIT,"SYSTEM ERROR: no %s: %s",tmpdir,strerror (errno));
else if ((lsb.st_mode & 01777) != 01777) {
sprintf (tmp,"Can't lock for write: %.80s must have 1777 protection",
tmpdir);
MM_LOG (tmp,WARN);
}
}
umask (mask); /* restore old mask */
return -1; /* fail: can't open lock file */
}
�
/* non-blocking form */
if (op & LOCK_NB) i = flock (fd,op);
else { /* blocking form */
(*mailblocknotify) (BLOCK_FILELOCK,NIL);
i = flock (fd,op);
(*mailblocknotify) (BLOCK_NONE,NIL);
}
if (i) { /* failed, get other process' PID */
if (pid && !fstat (fd,&fsb) && (i = min (fsb.st_size,MAILTMPLEN-1)) &&
(read (fd,tmp,i) == i) && !(tmp[i] = 0) && ((i = atol (tmp)) > 0))
*pid = i;
close (fd); /* failed, give up on lock */
umask (mask); /* restore old mask */
return -1; /* fail: can't lock */
}
/* make sure this lock is good for us */
if (!lstat (lock,&lsb) && ((lsb.st_mode & S_IFMT) != S_IFLNK) &&
!fstat (fd,&fsb) && (lsb.st_dev == fsb.st_dev) &&
(lsb.st_ino == fsb.st_ino) && (fsb.st_nlink == 1)) break;
close (fd); /* lock not right, drop fd and try again */
}
chmod (lock,shlock_mode); /* make sure mode OK (don't use fchmod()) */
umask (mask); /* restore old mask */
return fd; /* success */
}
�
/* Check to make sure not a symlink
* Accepts: file name
* stat buffer
* Returns: -1 if doesn't exist, NIL if symlink, else number of hard links
*/
long chk_notsymlink (char *name,void *sb)
{
struct stat *sbuf = (struct stat *) sb;
/* name exists? */
if (lstat (name,sbuf)) return -1;
/* forbid symbolic link */
if ((sbuf->st_mode & S_IFMT) == S_IFLNK) {
MM_LOG ("symbolic link on lock name",ERROR);
syslog (LOG_CRIT,"SECURITY PROBLEM: symbolic link on lock name: %.80s",
name);
return NIL;
}
return (long) sbuf->st_nlink; /* return number of hard links */
}
/* Unlock file descriptor
* Accepts: file descriptor
* lock file name from lockfd()
*/
void unlockfd (int fd,char *lock)
{
/* delete the file if no sharers */
if (!flock (fd,LOCK_EX|LOCK_NB)) unlink (lock);
flock (fd,LOCK_UN); /* unlock it */
close (fd); /* close it */
}
�
/* Set proper file protection for mailbox
* Accepts: mailbox name
* actual file path name
* Returns: T, always
*/
long set_mbx_protections (char *mailbox,char *path)
{
struct stat sbuf;
int mode = (int) mbx_protection;
if (*mailbox == '#') { /* possible namespace? */
if (((mailbox[1] == 'f') || (mailbox[1] == 'F')) &&
((mailbox[2] == 't') || (mailbox[2] == 'T')) &&
((mailbox[3] == 'p') || (mailbox[3] == 'P')) &&
(mailbox[4] == '/')) mode = (int) ftp_protection;
else if (((mailbox[1] == 'p') || (mailbox[1] == 'P')) &&
((mailbox[2] == 'u') || (mailbox[2] == 'U')) &&
((mailbox[3] == 'b') || (mailbox[3] == 'B')) &&
((mailbox[4] == 'l') || (mailbox[4] == 'L')) &&
((mailbox[5] == 'i') || (mailbox[5] == 'I')) &&
((mailbox[6] == 'c') || (mailbox[6] == 'C')) &&
(mailbox[7] == '/')) mode = (int) public_protection;
else if (((mailbox[1] == 's') || (mailbox[1] == 'S')) &&
((mailbox[2] == 'h') || (mailbox[2] == 'H')) &&
((mailbox[3] == 'a') || (mailbox[3] == 'A')) &&
((mailbox[4] == 'r') || (mailbox[4] == 'R')) &&
((mailbox[5] == 'e') || (mailbox[5] == 'E')) &&
((mailbox[6] == 'd') || (mailbox[6] == 'D')) &&
(mailbox[7] == '/')) mode = (int) shared_protection;
}
/* if a directory */
if (!stat (path,&sbuf) && ((sbuf.st_mode & S_IFMT) == S_IFDIR)) {
/* set owner search if allow read or write */
if (mode & 0600) mode |= 0100;
if (mode & 060) mode |= 010;/* set group search if allow read or write */
if (mode & 06) mode |= 01; /* set world search if allow read or write */
/* preserve directory SGID bit */
if (sbuf.st_mode & S_ISGID) mode |= S_ISGID;
}
chmod (path,mode); /* set the new protection, ignore failure */
return LONGT;
}
�
/* Get proper directory protection
* Accepts: mailbox name
* Returns: directory mode, always
*/
long get_dir_protection (char *mailbox)
{
if (*mailbox == '#') { /* possible namespace? */
if (((mailbox[1] == 'f') || (mailbox[1] == 'F')) &&
((mailbox[2] == 't') || (mailbox[2] == 'T')) &&
((mailbox[3] == 'p') || (mailbox[3] == 'P')) &&
(mailbox[4] == '/')) return ftp_dir_protection;
else if (((mailbox[1] == 'p') || (mailbox[1] == 'P')) &&
((mailbox[2] == 'u') || (mailbox[2] == 'U')) &&
((mailbox[3] == 'b') || (mailbox[3] == 'B')) &&
((mailbox[4] == 'l') || (mailbox[4] == 'L')) &&
((mailbox[5] == 'i') || (mailbox[5] == 'I')) &&
((mailbox[6] == 'c') || (mailbox[6] == 'C')) &&
(mailbox[7] == '/')) return public_dir_protection;
else if (((mailbox[1] == 's') || (mailbox[1] == 'S')) &&
((mailbox[2] == 'h') || (mailbox[2] == 'H')) &&
((mailbox[3] == 'a') || (mailbox[3] == 'A')) &&
((mailbox[4] == 'r') || (mailbox[4] == 'R')) &&
((mailbox[5] == 'e') || (mailbox[5] == 'E')) &&
((mailbox[6] == 'd') || (mailbox[6] == 'D')) &&
(mailbox[7] == '/')) return shared_dir_protection;
}
return dir_protection;
}
�
/* Determine default prototype stream to user
* Accepts: type (NIL for create, T for append)
* Returns: default prototype stream
*/
MAILSTREAM *default_proto (long type)
{
myusername (); /* make sure initialized */
/* return default driver's prototype */
return type ? appendProto : createProto;
}
/* Set up user flags for stream
* Accepts: MAIL stream
* Returns: MAIL stream with user flags set up
*/
MAILSTREAM *user_flags (MAILSTREAM *stream)
{
int i;
myusername (); /* make sure initialized */
for (i = 0; i < NUSERFLAGS && userFlags[i]; ++i)
if (!stream->user_flags[i]) stream->user_flags[i] = cpystr (userFlags[i]);
return stream;
}
/* Return nth user flag
* Accepts: user flag number
* Returns: flag
*/
char *default_user_flag (unsigned long i)
{
myusername (); /* make sure initialized */
return userFlags[i];
}
�
/* Process rc file
* Accepts: file name
* .mminit flag
* Don't use this feature.
*/
void dorc (char *file,long flag)
{
int i;
char *s,*t,*k,*r,tmp[MAILTMPLEN],tmpx[MAILTMPLEN];
extern MAILSTREAM CREATEPROTO;
extern MAILSTREAM EMPTYPROTO;
DRIVER *d;
FILE *f;
if ((f = fopen (file ? file : SYSCONFIG,"r")) &&
(s = fgets (tmp,MAILTMPLEN,f)) && (t = strchr (s,'\n'))) do {
*t++ = '\0'; /* tie off line, find second space */
if ((k = strchr (s,' ')) && (k = strchr (++k,' '))) {
*k++ = '\0'; /* tie off two words */
if (!compare_cstring (s,"set keywords") && !userFlags[0]) {
/* yes, get first keyword */
k = strtok_r (k,", ",&r);
/* copy keyword list */
for (i = 0; k && i < NUSERFLAGS; ++i) if (strlen (k) <= MAXUSERFLAG) {
if (userFlags[i]) fs_give ((void **) &userFlags[i]);
userFlags[i] = cpystr (k);
k = strtok_r (NIL,", ",&r);
}
if (flag) break; /* found "set keywords" in .mminit */
}
�
else if (!flag) { /* none of these valid in .mminit */
if (myUserName) { /* only valid if logged in */
if (!compare_cstring (s,"set new-mailbox-format") ||
!compare_cstring (s,"set new-folder-format")) {
if (!compare_cstring (k,"same-as-inbox")) {
if (d = mail_valid (NIL,"INBOX",NIL)) {
if (!compare_cstring (d->name,"mbox"))
d = (DRIVER *) mail_parameters (NIL,GET_DRIVER,
(void *) "unix");
else if (!compare_cstring (d->name,"dummy")) d = NIL;
}
createProto = d ? ((*d->open) (NIL)) : &CREATEPROTO;
}
else if (!compare_cstring (k,"system-standard"))
createProto = &CREATEPROTO;
else { /* canonicalize mbox to unix */
if (!compare_cstring (k,"mbox")) k = "unix";
/* see if a driver name */
if (d = (DRIVER *) mail_parameters (NIL,GET_DRIVER,(void *) k))
createProto = (*d->open) (NIL);
else { /* duh... */
sprintf (tmpx,"Unknown new mailbox format in %s: %s",
file ? file : SYSCONFIG,k);
MM_LOG (tmpx,WARN);
}
}
}
if (!compare_cstring (s,"set empty-mailbox-format") ||
!compare_cstring (s,"set empty-folder-format")) {
if (!compare_cstring (k,"invalid")) appendProto = NIL;
else if (!compare_cstring (k,"same-as-inbox"))
appendProto = ((d = mail_valid (NIL,"INBOX",NIL)) &&
compare_cstring (d->name,"dummy")) ?
((*d->open) (NIL)) : &EMPTYPROTO;
else if (!compare_cstring (k,"system-standard"))
appendProto = &EMPTYPROTO;
else { /* see if a driver name */
for (d = (DRIVER *) mail_parameters (NIL,GET_DRIVERS,NIL);
d && compare_cstring (d->name,k); d = d->next);
if (d) appendProto = (*d->open) (NIL);
else { /* duh... */
sprintf (tmpx,"Unknown empty mailbox format in %s: %s",
file ? file : SYSCONFIG,k);
MM_LOG (tmpx,WARN);
}
}
}
}
�
if (!compare_cstring (s,"set local-host")) {
fs_give ((void **) &myLocalHost);
myLocalHost = cpystr (k);
}
else if (!compare_cstring (s,"set news-active-file")) {
fs_give ((void **) &newsActive);
newsActive = cpystr (k);
}
else if (!compare_cstring (s,"set news-spool-directory")) {
fs_give ((void **) &newsSpool);
newsSpool = cpystr (k);
}
else if (!compare_cstring (s,"set mh-path"))
mail_parameters (NIL,SET_MHPATH,(void *) k);
else if (!compare_cstring (s,"set mh-allow-inbox"))
mail_parameters (NIL,SET_MHALLOWINBOX,(void *) atol (k));
else if (!compare_cstring (s,"set news-state-file")) {
fs_give ((void **) &myNewsrc);
myNewsrc = cpystr (k);
}
else if (!compare_cstring (s,"set ftp-export-directory")) {
fs_give ((void **) &ftpHome);
ftpHome = cpystr (k);
}
else if (!compare_cstring (s,"set public-home-directory")) {
fs_give ((void **) &publicHome);
publicHome = cpystr (k);
}
else if (!compare_cstring (s,"set shared-home-directory")) {
fs_give ((void **) &sharedHome);
sharedHome = cpystr (k);
}
else if (!compare_cstring (s,"set system-inbox")) {
fs_give ((void **) &sysInbox);
sysInbox = cpystr (k);
}
else if (!compare_cstring (s,"set mail-subdirectory")) {
fs_give ((void **) &mailsubdir);
mailsubdir = cpystr (k);
}
else if (!compare_cstring (s,"set from-widget"))
mail_parameters (NIL,SET_FROMWIDGET,
compare_cstring (k,"header-only") ?
VOIDT : NIL);
�
else if (!compare_cstring (s,"set rsh-command"))
mail_parameters (NIL,SET_RSHCOMMAND,(void *) k);
else if (!compare_cstring (s,"set rsh-path"))
mail_parameters (NIL,SET_RSHPATH,(void *) k);
else if (!compare_cstring (s,"set ssh-command"))
mail_parameters (NIL,SET_SSHCOMMAND,(void *) k);
else if (!compare_cstring (s,"set ssh-path"))
mail_parameters (NIL,SET_SSHPATH,(void *) k);
else if (!compare_cstring (s,"set tcp-open-timeout"))
mail_parameters (NIL,SET_OPENTIMEOUT,(void *) atol (k));
else if (!compare_cstring (s,"set tcp-read-timeout"))
mail_parameters (NIL,SET_READTIMEOUT,(void *) atol (k));
else if (!compare_cstring (s,"set tcp-write-timeout"))
mail_parameters (NIL,SET_WRITETIMEOUT,(void *) atol (k));
else if (!compare_cstring (s,"set rsh-timeout"))
mail_parameters (NIL,SET_RSHTIMEOUT,(void *) atol (k));
else if (!compare_cstring (s,"set ssh-timeout"))
mail_parameters (NIL,SET_SSHTIMEOUT,(void *) atol (k));
else if (!compare_cstring (s,"set maximum-login-trials"))
mail_parameters (NIL,SET_MAXLOGINTRIALS,(void *) atol (k));
else if (!compare_cstring (s,"set lookahead"))
mail_parameters (NIL,SET_LOOKAHEAD,(void *) atol (k));
else if (!compare_cstring (s,"set prefetch"))
mail_parameters (NIL,SET_PREFETCH,(void *) atol (k));
else if (!compare_cstring (s,"set close-on-error"))
mail_parameters (NIL,SET_CLOSEONERROR,(void *) atol (k));
else if (!compare_cstring (s,"set imap-port"))
mail_parameters (NIL,SET_IMAPPORT,(void *) atol (k));
else if (!compare_cstring (s,"set pop3-port"))
mail_parameters (NIL,SET_POP3PORT,(void *) atol (k));
else if (!compare_cstring (s,"set uid-lookahead"))
mail_parameters (NIL,SET_UIDLOOKAHEAD,(void *) atol (k));
else if (!compare_cstring (s,"set try-ssl-first"))
mail_parameters (NIL,SET_TRYSSLFIRST,(void *) atol (k));
�
else if (!compare_cstring (s,"set mailbox-protection"))
mbx_protection = atol (k);
else if (!compare_cstring (s,"set directory-protection"))
dir_protection = atol (k);
else if (!compare_cstring (s,"set lock-protection"))
dotlock_mode = atol (k);
else if (!compare_cstring (s,"set ftp-protection"))
ftp_protection = atol (k);
else if (!compare_cstring (s,"set public-protection"))
public_protection = atol (k);
else if (!compare_cstring (s,"set shared-protection"))
shared_protection = atol (k);
else if (!compare_cstring (s,"set ftp-directory-protection"))
ftp_dir_protection = atol (k);
else if (!compare_cstring (s,"set public-directory-protection"))
public_dir_protection = atol (k);
else if (!compare_cstring (s,"set shared-directory-protection"))
shared_dir_protection = atol (k);
else if (!compare_cstring (s,"set dot-lock-file-timeout"))
locktimeout = atoi (k);
else if (!compare_cstring (s,"set disable-fcntl-locking"))
fcntlhangbug = atoi (k);
else if (!compare_cstring (s,"set disable-lock-warning"))
disableLockWarning = atoi (k);
else if (!compare_cstring (s,"set disable-unix-UIDs-and-keywords"))
has_no_life = atoi (k);
else if (!compare_cstring (s,"set hide-dot-files"))
hideDotFiles = atoi (k);
else if (!compare_cstring (s,"set list-maximum-level"))
list_max_level = atol (k);
else if (!compare_cstring (s,"set trust-dns"))
mail_parameters (NIL,SET_TRUSTDNS,(void *) atol (k));
else if (!compare_cstring (s,"set sasl-uses-ptr-name"))
mail_parameters (NIL,SET_SASLUSESPTRNAME,(void *) atol (k));
else if (!compare_cstring (s,"set network-filesystem-stat-bug"))
netfsstatbug = atoi (k);
else if (!compare_cstring (s,"set nntp-range"))
mail_parameters (NIL,SET_NNTPRANGE,(void *) atol (k));
�
else if (!file) { /* only allowed in system init */
if (!compare_cstring (s,"set black-box-directory") &&
!blackBoxDir) blackBoxDir = cpystr (k);
else if (!compare_cstring(s,"set black-box-default-home-directory")&&
blackBoxDir && !blackBoxDefaultHome)
blackBoxDefaultHome = cpystr (k);
else if (!compare_cstring (s,"set anonymous-home-directory") &&
!anonymousHome) anonymousHome = cpystr (k);
/* It's tempting to allow setting the CA path
* in a user init. However, that opens up a
* vector of attack big enough to drive a
* truck through... Resist the temptation.
*/
else if (!compare_cstring (s,"set CA-certificate-path"))
sslCApath = cpystr (k);
else if (!compare_cstring (s,"set disable-plaintext"))
disablePlaintext = atoi (k);
else if (!compare_cstring (s,"set allowed-login-attempts"))
logtry = atoi (k);
else if (!compare_cstring (s,"set chroot-server"))
closedBox = atoi (k);
else if (!compare_cstring (s,"set restrict-mailbox-access"))
for (k = strtok_r (k,", ",&r); k; k = strtok_r (NIL,", ",&r)) {
if (!compare_cstring (k,"root")) restrictBox |= RESTRICTROOT;
else if (!compare_cstring (k,"otherusers"))
restrictBox |= RESTRICTOTHERUSER;
else if (!compare_cstring (k,"all")) restrictBox = -1;
}
else if (!compare_cstring (s,"set advertise-the-world"))
advertisetheworld = atoi (k);
else if (!compare_cstring (s,"set limited-advertise"))
limitedadvertise = atoi (k);
else if (!compare_cstring
(s,"set disable-automatic-shared-namespaces"))
noautomaticsharedns = atoi (k);
else if (!compare_cstring (s,"set allow-user-config"))
allowuserconfig = atoi (k);
else if (!compare_cstring (s,"set allow-reverse-dns"))
mail_parameters (NIL,SET_ALLOWREVERSEDNS,(void *) atol (k));
else if (!compare_cstring (s,"set k5-cp-uses-service-name"))
kerb_cp_svr_name = atoi (k);
/* must appear in file after any
* "set disable-plaintext" command! */
else if (!compare_cstring (s,"set plaintext-allowed-clients")) {
for (k = strtok_r (k,", ",&r); k && !tcp_isclienthost (k);
k = strtok_r (NIL,", ",&r));
if (k) disablePlaintext = 0;
}
}
}
}
} while ((s = fgets (tmp,MAILTMPLEN,f)) && (t = strchr (s,'\n')));
if (f) fclose (f); /* flush the file */
}
�
/* INBOX create function for tmail/dmail use only
* Accepts: mail stream
* path name buffer, preloaded with driver-dependent path
* Returns: T on success, NIL on failure
*
* This routine is evil and a truly incredible kludge. It is private for
* tmail/dmail and is not supported for any other application.
*/
long path_create (MAILSTREAM *stream,char *path)
{
long ret;
short rsave = restrictBox;
restrictBox = NIL; /* can't restrict */
if (blackBox) { /* if black box */
/* toss out driver dependent names */
printf (path,"%s/INBOX",mymailboxdir ());
blackBox = NIL; /* well that's evil - evil is going on */
ret = mail_create (stream,path);
blackBox = T; /* restore the box */
}
/* easy thing otherwise */
else ret = mail_create (stream,path);
restrictBox = rsave; /* restore restrictions */
return ret;
}
�
/* Default block notify routine
* Accepts: reason for calling
* data
* Returns: data
*/
void *mm_blocknotify (int reason,void *data)
{
void *ret = data;
switch (reason) {
case BLOCK_SENSITIVE: /* entering sensitive code */
ret = (void *) (unsigned long) alarm (0);
break;
case BLOCK_NONSENSITIVE: /* exiting sensitive code */
if ((unsigned long) data) alarm ((unsigned long) data);
break;
default: /* ignore all other reasons */
break;
}
return ret;
}