c115c742f730e312d6b6ab5064595cd0d8b4e26eTimo Sirainen

c115c742f730e312d6b6ab5064595cd0d8b4e26eTimo Sirainen#include "lib.h"

363929157786b549c80630bda3c3575f5115c6c5Timo Sirainen#include "ioloop.h"

c115c742f730e312d6b6ab5064595cd0d8b4e26eTimo Sirainen#include "array.h"

c115c742f730e312d6b6ab5064595cd0d8b4e26eTimo Sirainen#include "base64.h"

c115c742f730e312d6b6ab5064595cd0d8b4e26eTimo Sirainen#include "hostpid.h"

c115c742f730e312d6b6ab5064595cd0d8b4e26eTimo Sirainen#include "module-dir.h"

c115c742f730e312d6b6ab5064595cd0d8b4e26eTimo Sirainen#include "restrict-access.h"

c115c742f730e312d6b6ab5064595cd0d8b4e26eTimo Sirainen#include "eacces-error.h"

363929157786b549c80630bda3c3575f5115c6c5Timo Sirainen#include "ipwd.h"

363929157786b549c80630bda3c3575f5115c6c5Timo Sirainen#include "str.h"

c115c742f730e312d6b6ab5064595cd0d8b4e26eTimo Sirainen#include "var-expand.h"

c115c742f730e312d6b6ab5064595cd0d8b4e26eTimo Sirainen#include "dict.h"

c115c742f730e312d6b6ab5064595cd0d8b4e26eTimo Sirainen#include "settings-parser.h"

c115c742f730e312d6b6ab5064595cd0d8b4e26eTimo Sirainen#include "auth-master.h"

c115c742f730e312d6b6ab5064595cd0d8b4e26eTimo Sirainen#include "master-service-private.h"

c115c742f730e312d6b6ab5064595cd0d8b4e26eTimo Sirainen#include "master-service-settings.h"

c115c742f730e312d6b6ab5064595cd0d8b4e26eTimo Sirainen#include "master-service-settings-cache.h"

c115c742f730e312d6b6ab5064595cd0d8b4e26eTimo Sirainen#include "mail-user.h"

c115c742f730e312d6b6ab5064595cd0d8b4e26eTimo Sirainen#include "mail-namespace.h"

c115c742f730e312d6b6ab5064595cd0d8b4e26eTimo Sirainen#include "mail-storage.h"

c115c742f730e312d6b6ab5064595cd0d8b4e26eTimo Sirainen#include "mail-storage-service.h"

c115c742f730e312d6b6ab5064595cd0d8b4e26eTimo Sirainen

c115c742f730e312d6b6ab5064595cd0d8b4e26eTimo Sirainen#include <sys/stat.h>

c115c742f730e312d6b6ab5064595cd0d8b4e26eTimo Sirainen

c115c742f730e312d6b6ab5064595cd0d8b4e26eTimo Sirainen#ifdef HAVE_SYS_TIME_H

c115c742f730e312d6b6ab5064595cd0d8b4e26eTimo Sirainen# include <sys/time.h>

c115c742f730e312d6b6ab5064595cd0d8b4e26eTimo Sirainen#endif

c115c742f730e312d6b6ab5064595cd0d8b4e26eTimo Sirainen#ifdef HAVE_SYS_RESOURCE_H

c115c742f730e312d6b6ab5064595cd0d8b4e26eTimo Sirainen# include <sys/resource.h>

c115c742f730e312d6b6ab5064595cd0d8b4e26eTimo Sirainen#endif

c115c742f730e312d6b6ab5064595cd0d8b4e26eTimo Sirainen

c115c742f730e312d6b6ab5064595cd0d8b4e26eTimo Sirainen#define MAX_TIME_BACKWARDS_SLEEP 5

c115c742f730e312d6b6ab5064595cd0d8b4e26eTimo Sirainen#define MAX_NOWARN_FORWARD_SECS 10

c115c742f730e312d6b6ab5064595cd0d8b4e26eTimo Sirainen

363929157786b549c80630bda3c3575f5115c6c5Timo Sirainen#define ERRSTR_INVALID_USER_SETTINGS \

363929157786b549c80630bda3c3575f5115c6c5Timo Sirainen "Invalid user settings. Refer to server log for more information."

363929157786b549c80630bda3c3575f5115c6c5Timo Sirainen

363929157786b549c80630bda3c3575f5115c6c5Timo Sirainenstruct mail_storage_service_privileges {

363929157786b549c80630bda3c3575f5115c6c5Timo Sirainen uid_t uid;

363929157786b549c80630bda3c3575f5115c6c5Timo Sirainen gid_t gid;

363929157786b549c80630bda3c3575f5115c6c5Timo Sirainen const char *uid_source, *gid_source;

363929157786b549c80630bda3c3575f5115c6c5Timo Sirainen

363929157786b549c80630bda3c3575f5115c6c5Timo Sirainen const char *home;

363929157786b549c80630bda3c3575f5115c6c5Timo Sirainen const char *chroot;

363929157786b549c80630bda3c3575f5115c6c5Timo Sirainen};

363929157786b549c80630bda3c3575f5115c6c5Timo Sirainen

363929157786b549c80630bda3c3575f5115c6c5Timo Sirainenstruct mail_storage_service_ctx {

363929157786b549c80630bda3c3575f5115c6c5Timo Sirainen pool_t pool;

363929157786b549c80630bda3c3575f5115c6c5Timo Sirainen struct master_service *service;

363929157786b549c80630bda3c3575f5115c6c5Timo Sirainen const char *default_log_prefix;

363929157786b549c80630bda3c3575f5115c6c5Timo Sirainen

363929157786b549c80630bda3c3575f5115c6c5Timo Sirainen struct auth_master_connection *conn, *iter_conn;

363929157786b549c80630bda3c3575f5115c6c5Timo Sirainen struct auth_master_user_list_ctx *auth_list;

363929157786b549c80630bda3c3575f5115c6c5Timo Sirainen const struct setting_parser_info **set_roots;

363929157786b549c80630bda3c3575f5115c6c5Timo Sirainen enum mail_storage_service_flags flags;

363929157786b549c80630bda3c3575f5115c6c5Timo Sirainen

363929157786b549c80630bda3c3575f5115c6c5Timo Sirainen const char *set_cache_module, *set_cache_service;

363929157786b549c80630bda3c3575f5115c6c5Timo Sirainen struct master_service_settings_cache *set_cache;

363929157786b549c80630bda3c3575f5115c6c5Timo Sirainen

c115c742f730e312d6b6ab5064595cd0d8b4e26eTimo Sirainen pool_t userdb_next_pool;

c115c742f730e312d6b6ab5064595cd0d8b4e26eTimo Sirainen const char *const **userdb_next_fieldsp;

c115c742f730e312d6b6ab5064595cd0d8b4e26eTimo Sirainen

c115c742f730e312d6b6ab5064595cd0d8b4e26eTimo Sirainen bool debug:1;

c115c742f730e312d6b6ab5064595cd0d8b4e26eTimo Sirainen bool log_initialized:1;

c115c742f730e312d6b6ab5064595cd0d8b4e26eTimo Sirainen bool config_permission_denied:1;

c115c742f730e312d6b6ab5064595cd0d8b4e26eTimo Sirainen};

c115c742f730e312d6b6ab5064595cd0d8b4e26eTimo Sirainen

c115c742f730e312d6b6ab5064595cd0d8b4e26eTimo Sirainenstruct mail_storage_service_user {

c115c742f730e312d6b6ab5064595cd0d8b4e26eTimo Sirainen pool_t pool;

c115c742f730e312d6b6ab5064595cd0d8b4e26eTimo Sirainen struct mail_storage_service_ctx *service_ctx;

c115c742f730e312d6b6ab5064595cd0d8b4e26eTimo Sirainen struct mail_storage_service_input input;

c115c742f730e312d6b6ab5064595cd0d8b4e26eTimo Sirainen enum mail_storage_service_flags flags;

c115c742f730e312d6b6ab5064595cd0d8b4e26eTimo Sirainen

363929157786b549c80630bda3c3575f5115c6c5Timo Sirainen struct ioloop_context *ioloop_ctx;

363929157786b549c80630bda3c3575f5115c6c5Timo Sirainen const char *log_prefix, *auth_token, *auth_user;

363929157786b549c80630bda3c3575f5115c6c5Timo Sirainen

363929157786b549c80630bda3c3575f5115c6c5Timo Sirainen const char *system_groups_user, *uid_source, *gid_source;

363929157786b549c80630bda3c3575f5115c6c5Timo Sirainen const struct mail_user_settings *user_set;

c115c742f730e312d6b6ab5064595cd0d8b4e26eTimo Sirainen const struct setting_parser_info *user_info;

363929157786b549c80630bda3c3575f5115c6c5Timo Sirainen struct setting_parser_context *set_parser;

c115c742f730e312d6b6ab5064595cd0d8b4e26eTimo Sirainen

c115c742f730e312d6b6ab5064595cd0d8b4e26eTimo Sirainen unsigned int session_id_counter;

c115c742f730e312d6b6ab5064595cd0d8b4e26eTimo Sirainen

c115c742f730e312d6b6ab5064595cd0d8b4e26eTimo Sirainen bool anonymous:1;

c115c742f730e312d6b6ab5064595cd0d8b4e26eTimo Sirainen bool admin:1;

c115c742f730e312d6b6ab5064595cd0d8b4e26eTimo Sirainen};

c115c742f730e312d6b6ab5064595cd0d8b4e26eTimo Sirainen

c115c742f730e312d6b6ab5064595cd0d8b4e26eTimo Sirainenstruct module *mail_storage_service_modules = NULL;

c115c742f730e312d6b6ab5064595cd0d8b4e26eTimo Sirainen

c115c742f730e312d6b6ab5064595cd0d8b4e26eTimo Sirainenstatic int

c115c742f730e312d6b6ab5064595cd0d8b4e26eTimo Sirainenmail_storage_service_var_expand(struct mail_storage_service_ctx *ctx,

c115c742f730e312d6b6ab5064595cd0d8b4e26eTimo Sirainen string_t *str, const char *format,

c115c742f730e312d6b6ab5064595cd0d8b4e26eTimo Sirainen struct mail_storage_service_user *user,

c115c742f730e312d6b6ab5064595cd0d8b4e26eTimo Sirainen const struct mail_storage_service_input *input,

c115c742f730e312d6b6ab5064595cd0d8b4e26eTimo Sirainen const struct mail_storage_service_privileges *priv,

c115c742f730e312d6b6ab5064595cd0d8b4e26eTimo Sirainen const char **error_r);

c115c742f730e312d6b6ab5064595cd0d8b4e26eTimo Sirainen

c115c742f730e312d6b6ab5064595cd0d8b4e26eTimo Sirainenstatic bool

c115c742f730e312d6b6ab5064595cd0d8b4e26eTimo Sirainenmail_user_set_get_mail_debug(const struct setting_parser_info *user_info,

c115c742f730e312d6b6ab5064595cd0d8b4e26eTimo Sirainen const struct mail_user_settings *user_set)

c115c742f730e312d6b6ab5064595cd0d8b4e26eTimo Sirainen{

c115c742f730e312d6b6ab5064595cd0d8b4e26eTimo Sirainen const struct mail_storage_settings *mail_set;

c115c742f730e312d6b6ab5064595cd0d8b4e26eTimo Sirainen

c115c742f730e312d6b6ab5064595cd0d8b4e26eTimo Sirainen mail_set = mail_user_set_get_driver_settings(user_info, user_set,

c115c742f730e312d6b6ab5064595cd0d8b4e26eTimo Sirainen MAIL_STORAGE_SET_DRIVER_NAME);

c115c742f730e312d6b6ab5064595cd0d8b4e26eTimo Sirainen return mail_set->mail_debug;

c115c742f730e312d6b6ab5064595cd0d8b4e26eTimo Sirainen}

c115c742f730e312d6b6ab5064595cd0d8b4e26eTimo Sirainen

c115c742f730e312d6b6ab5064595cd0d8b4e26eTimo Sirainenstatic void set_keyval(struct mail_storage_service_ctx *ctx,

c115c742f730e312d6b6ab5064595cd0d8b4e26eTimo Sirainen struct mail_storage_service_user *user,

c115c742f730e312d6b6ab5064595cd0d8b4e26eTimo Sirainen const char *key, const char *value)

c115c742f730e312d6b6ab5064595cd0d8b4e26eTimo Sirainen{

c115c742f730e312d6b6ab5064595cd0d8b4e26eTimo Sirainen struct setting_parser_context *set_parser = user->set_parser;

c115c742f730e312d6b6ab5064595cd0d8b4e26eTimo Sirainen

c115c742f730e312d6b6ab5064595cd0d8b4e26eTimo Sirainen if (master_service_set_has_config_override(ctx->service, key)) {

c115c742f730e312d6b6ab5064595cd0d8b4e26eTimo Sirainen /* this setting was already overridden with -o parameter */

c115c742f730e312d6b6ab5064595cd0d8b4e26eTimo Sirainen if (mail_user_set_get_mail_debug(user->user_info,

c115c742f730e312d6b6ab5064595cd0d8b4e26eTimo Sirainen user->user_set)) {

c115c742f730e312d6b6ab5064595cd0d8b4e26eTimo Sirainen i_debug("Ignoring overridden (-o) userdb setting: %s",

363929157786b549c80630bda3c3575f5115c6c5Timo Sirainen key);

363929157786b549c80630bda3c3575f5115c6c5Timo Sirainen }

c115c742f730e312d6b6ab5064595cd0d8b4e26eTimo Sirainen return;

c115c742f730e312d6b6ab5064595cd0d8b4e26eTimo Sirainen }

c115c742f730e312d6b6ab5064595cd0d8b4e26eTimo Sirainen

c115c742f730e312d6b6ab5064595cd0d8b4e26eTimo Sirainen if (settings_parse_keyvalue(set_parser, key, value) < 0) {

i_fatal("Invalid userdb input %s=%s: %s", key, value,

settings_parser_get_error(set_parser));

}

}

static int set_line(struct mail_storage_service_ctx *ctx,

struct mail_storage_service_user *user,

const char *line)

{

struct setting_parser_context *set_parser = user->set_parser;

bool mail_debug;

const char *key, *orig_key, *append_value = NULL;

size_t len;

int ret;

mail_debug = mail_user_set_get_mail_debug(user->user_info,

user->user_set);

if (strchr(line, '=') == NULL)

line = t_strconcat(line, "=yes", NULL);

orig_key = key = t_strcut(line, '=');

len = strlen(key);

if (len > 0 && key[len-1] == '+') {

/* key+=value */

append_value = line + len + 1;

key = t_strndup(key, len-1);

}

if (!settings_parse_is_valid_key(set_parser, key)) {

/* assume it's a plugin setting */

key = t_strconcat("plugin/", key, NULL);

line = t_strconcat("plugin/", line, NULL);

}

if (master_service_set_has_config_override(ctx->service, key)) {

/* this setting was already overridden with -o parameter */

if (mail_debug) {

i_debug("Ignoring overridden (-o) userdb setting: %s",

key);

}

return 1;

}

if (append_value != NULL) {

const void *value;

enum setting_type type;

value = settings_parse_get_value(set_parser, key, &type);

if (value != NULL && type == SET_STR) {

const char *const *strp = value;

line = t_strdup_printf("%s=%s%s",

key, *strp, append_value);

} else {

i_error("Ignoring %s userdb setting. "

"'+' can only be used for strings.", orig_key);

}

}

ret = settings_parse_line(set_parser, line);

if (mail_debug && ret >= 0) {

if (strstr(key, "pass") != NULL) {

/* possibly a password field (e.g. imapc_password).

line = t_strconcat(key, "=<hidden>", NULL);

}

i_debug(ret == 0 ?

"Unknown userdb setting: %s" :

"Added userdb setting: %s", line);

}

return ret;

}

static bool validate_chroot(const struct mail_user_settings *user_set,

const char *dir)

{

const char *const *chroot_dirs;

if (*dir == '\0')

return FALSE;

if (*user_set->valid_chroot_dirs == '\0')

return FALSE;

chroot_dirs = t_strsplit(user_set->valid_chroot_dirs, ":");

while (*chroot_dirs != NULL) {

if (**chroot_dirs != '\0' &&

strncmp(dir, *chroot_dirs, strlen(*chroot_dirs)) == 0)

return TRUE;

chroot_dirs++;

}

return FALSE;

}

static int

user_reply_handle(struct mail_storage_service_ctx *ctx,

struct mail_storage_service_user *user,

const struct auth_user_reply *reply,

const char **error_r)

{

const char *home = reply->home;

const char *chroot = reply->chroot;

const char *const *str, *line, *p;

unsigned int i, count;

int ret = 0;

if (reply->uid != (uid_t)-1) {

if (reply->uid == 0) {

*error_r = "userdb returned 0 as uid";

return -1;

}

user->uid_source = "userdb lookup";

set_keyval(ctx, user, "mail_uid", dec2str(reply->uid));

}

if (reply->gid != (uid_t)-1) {

user->gid_source = "userdb lookup";

set_keyval(ctx, user, "mail_gid", dec2str(reply->gid));

}

if (home != NULL && chroot == NULL &&

*user->user_set->valid_chroot_dirs != '\0' &&

(p = strstr(home, "/./")) != NULL) {

/* wu-ftpd like <chroot>/./<home> - check only if there's even

chroot = t_strdup_until(home, p);

home = p + 2;

}

if (home != NULL)

set_keyval(ctx, user, "mail_home", home);

if (chroot != NULL) {

if (!validate_chroot(user->user_set, chroot)) {

*error_r = t_strdup_printf(

"userdb returned invalid chroot directory: %s "

"(see valid_chroot_dirs setting)", chroot);

return -1;

}

set_keyval(ctx, user, "mail_chroot", chroot);

}

user->anonymous = reply->anonymous;

str = array_get(&reply->extra_fields, &count);

for (i = 0; i < count; i++) {

line = str[i];

if (strncmp(line, "system_groups_user=", 19) == 0) {

user->system_groups_user =

p_strdup(user->pool, line + 19);

} else if (strncmp(line, "nice=", 5) == 0) {

#ifdef HAVE_SETPRIORITY

int n;

if (str_to_int(line + 5, &n) < 0) {

i_error("userdb returned invalid nice value %s",

line + 5);

} else if (n != 0) {

if (setpriority(PRIO_PROCESS, 0, n) < 0)

i_error("setpriority(%d) failed: %m", n);

}

#endif

} else if (strncmp(line, "auth_token=", 11) == 0) {

user->auth_token = p_strdup(user->pool, line+11);

} else if (strncmp(line, "auth_user=", 10) == 0) {

user->auth_user = p_strdup(user->pool, line+10);

} else if (strncmp(line, "admin=", 6) == 0) {

user->admin = line[6] == 'y' || line[6] == 'Y' ||

line[6] == '1';

} else T_BEGIN {

ret = set_line(ctx, user, line);

} T_END;

if (ret < 0)

break;

}

if (ret < 0) {

*error_r = t_strdup_printf("Invalid userdb input '%s': %s",

str[i], settings_parser_get_error(user->set_parser));

}

return ret;

}

static int

service_auth_userdb_lookup(struct mail_storage_service_ctx *ctx,

const struct mail_storage_service_input *input,

pool_t pool, const char **user,

const char *const **fields_r,

const char **error_r)

{

struct auth_user_info info;

const char *new_username;

int ret;

i_zero(&info);

info.service = input->service != NULL ? input->service :

ctx->service->name;

info.local_ip = input->local_ip;

info.remote_ip = input->remote_ip;

info.local_port = input->local_port;

info.remote_port = input->remote_port;

info.debug = input->debug;

ret = auth_master_user_lookup(ctx->conn, *user, &info, pool,

&new_username, fields_r);

if (ret > 0) {

if (strcmp(*user, new_username) != 0) {

if (ctx->debug)

i_debug("changed username to %s", new_username);

*user = t_strdup(new_username);

}

*user = new_username;

} else if (ret == 0)

*error_r = "Unknown user";

else if (**fields_r != NULL) {

*error_r = t_strdup(**fields_r);

ret = -2;

} else {

*error_r = MAIL_ERRSTR_CRITICAL_MSG;

}

return ret;

}

static bool parse_uid(const char *str, uid_t *uid_r, const char **error_r)

{

struct passwd pw;

if (str_to_uid(str, uid_r) == 0)

return TRUE;

switch (i_getpwnam(str, &pw)) {

case -1:

*error_r = t_strdup_printf("getpwnam(%s) failed: %m", str);

return FALSE;

case 0:

*error_r = t_strconcat("Unknown UNIX UID user: ", str, NULL);

return FALSE;

default:

*uid_r = pw.pw_uid;

return TRUE;

}

}

static bool parse_gid(const char *str, gid_t *gid_r, const char **error_r)

{

struct group gr;

if (str_to_gid(str, gid_r) == 0)

return TRUE;

switch (i_getgrnam(str, &gr)) {

case -1:

*error_r = t_strdup_printf("getgrnam(%s) failed: %m", str);

return FALSE;

case 0:

*error_r = t_strconcat("Unknown UNIX GID group: ", str, NULL);

return FALSE;

default:

*gid_r = gr.gr_gid;

return TRUE;

}

}

static const struct var_expand_table *

get_var_expand_table(struct master_service *service,

struct mail_storage_service_user *user,

const struct mail_storage_service_input *input,

const struct mail_storage_service_privileges *priv)

{

const char *username = t_strcut(input->username, '@');

const char *domain = i_strchr_to_next(input->username, '@');

const char *uid = priv == NULL ? NULL :

dec2str(priv->uid == (uid_t)-1 ? geteuid() : priv->uid);

const char *gid = priv == NULL ? NULL :

dec2str(priv->gid == (gid_t)-1 ? getegid() : priv->gid);

const char *auth_user, *auth_username, *auth_domain;

if (user == NULL || user->auth_user == NULL) {

auth_user = input->username;

auth_username = username;

auth_domain = domain;

} else {

auth_user = user->auth_user;

auth_username = t_strcut(user->auth_user, '@');

auth_domain = i_strchr_to_next(user->auth_user, '@');

}

const struct var_expand_table stack_tab[] = {

{ 'u', input->username, "user" },

{ 'n', username, "username" },

{ 'd', domain, "domain" },

{ 's', service->name, "service" },

{ 'l', net_ip2addr(&input->local_ip), "lip" },

{ 'r', net_ip2addr(&input->remote_ip), "rip" },

{ 'p', my_pid, "pid" },

{ 'i', uid, "uid" },

{ '\0', gid, "gid" },

{ '\0', input->session_id, "session" },

{ '\0', auth_user, "auth_user" },

{ '\0', auth_username, "auth_username" },

{ '\0', auth_domain, "auth_domain" },

{ '\0', NULL, NULL }

};

struct var_expand_table *tab;

tab = t_malloc_no0(sizeof(stack_tab));

memcpy(tab, stack_tab, sizeof(stack_tab));

return tab;

}

const struct var_expand_table *

mail_storage_service_get_var_expand_table(struct mail_storage_service_ctx *ctx,

struct mail_storage_service_input *input)

{

struct mail_storage_service_privileges priv;

i_zero(&priv);

priv.uid = (uid_t)-1;

priv.gid = (gid_t)-1;

return get_var_expand_table(ctx->service, NULL, input, &priv);

}

static bool

user_expand_varstr(struct mail_storage_service_ctx *ctx,

struct mail_storage_service_user *user,

struct mail_storage_service_privileges *priv,

const char *str, const char **value_r, const char **error_r)

{

string_t *value;

int ret;

if (*str == SETTING_STRVAR_EXPANDED[0]) {

*value_r = str + 1;

return TRUE;

}

i_assert(*str == SETTING_STRVAR_UNEXPANDED[0]);

value = t_str_new(256);

ret = mail_storage_service_var_expand(ctx, value, str + 1, user,

&user->input, priv, error_r);

*value_r = str_c(value);

return ret > 0;

}

static int

service_parse_privileges(struct mail_storage_service_ctx *ctx,

struct mail_storage_service_user *user,

struct mail_storage_service_privileges *priv_r,

const char **error_r)

{

const struct mail_user_settings *set = user->user_set;

uid_t uid = (uid_t)-1;

gid_t gid = (gid_t)-1;

const char *error;

i_zero(priv_r);

if (*set->mail_uid != '\0') {

if (!parse_uid(set->mail_uid, &uid, error_r)) {

*error_r = t_strdup_printf("%s (from %s)", *error_r,

user->uid_source);

return -1;

}

if (uid < (uid_t)set->first_valid_uid ||

(set->last_valid_uid != 0 &&

uid > (uid_t)set->last_valid_uid)) {

*error_r = t_strdup_printf(

"Mail access for users with UID %s not permitted "

"(see first_valid_uid in config file, uid from %s).",

dec2str(uid), user->uid_source);

return -1;

}

}

priv_r->uid = uid;

priv_r->uid_source = user->uid_source;

if (*set->mail_gid != '\0') {

if (!parse_gid(set->mail_gid, &gid, error_r)) {

*error_r = t_strdup_printf("%s (from %s)", *error_r,

user->gid_source);

return -1;

}

if (gid < (gid_t)set->first_valid_gid ||

(set->last_valid_gid != 0 &&

gid > (gid_t)set->last_valid_gid)) {

*error_r = t_strdup_printf(

"Mail access for users with GID %s not permitted "

"(see first_valid_gid in config file, gid from %s).",

dec2str(gid), user->gid_source);

return -1;

}

}

priv_r->gid = gid;

priv_r->gid_source = user->gid_source;

/* variable strings are expanded in mail_user_init(),

if (!user_expand_varstr(ctx, user, priv_r, user->user_set->mail_home,

&priv_r->home, &error)) {

*error_r = t_strdup_printf(

"Failed to expand mail_home '%s': %s",

user->user_set->mail_home, error);

return -1;

}

if (!user_expand_varstr(ctx, user, priv_r, user->user_set->mail_chroot,

&priv_r->chroot, &error)) {

*error_r = t_strdup_printf(

"Failed to expand mail_chroot '%s': %s",

user->user_set->mail_chroot, error);

return -1;

}

return 0;

}

static void mail_storage_service_seteuid_root(void)

{

if (seteuid(0) < 0) {

i_fatal("mail-storage-service: "

"Failed to restore temporarily dropped root privileges: "

"seteuid(0) failed: %m");

}

}

static int

service_drop_privileges(struct mail_storage_service_user *user,

struct mail_storage_service_privileges *priv,

bool disallow_root, bool keep_setuid_root,

bool setenv_only, const char **error_r)

{

const struct mail_user_settings *set = user->user_set;

struct restrict_access_settings rset;

uid_t current_euid, setuid_uid = 0;

const char *cur_chroot, *error;

current_euid = geteuid();

restrict_access_init(&rset);

restrict_access_get_env(&rset);

if (priv->uid != (uid_t)-1) {

rset.uid = priv->uid;

rset.uid_source = priv->uid_source;

} else if (rset.uid == (uid_t)-1 &&

disallow_root && current_euid == 0) {

*error_r = "User is missing UID (see mail_uid setting)";

return -1;

}

if (priv->gid != (gid_t)-1) {

rset.gid = priv->gid;

rset.gid_source = priv->gid_source;

} else if (rset.gid == (gid_t)-1 && disallow_root &&

set->first_valid_gid > 0 && getegid() == 0) {

*error_r = "User is missing GID (see mail_gid setting)";

return -1;

}

if (*set->mail_privileged_group != '\0') {

if (!parse_gid(set->mail_privileged_group, &rset.privileged_gid,

&error)) {

*error_r = t_strdup_printf(

"%s (in mail_privileged_group setting)", error);

return -1;

}

}

if (*set->mail_access_groups != '\0') {

rset.extra_groups = t_strconcat(set->mail_access_groups, ",",

rset.extra_groups, NULL);

}

rset.first_valid_gid = set->first_valid_gid;

rset.last_valid_gid = set->last_valid_gid;

rset.chroot_dir = *priv->chroot == '\0' ? NULL : priv->chroot;

rset.system_groups_user = user->system_groups_user;

cur_chroot = restrict_access_get_current_chroot();

if (cur_chroot != NULL) {

/* we're already chrooted. make sure the chroots are equal. */

if (rset.chroot_dir == NULL) {

*error_r = "Process is already chrooted, "

"can't un-chroot for this user";

return -1;

}

if (strcmp(rset.chroot_dir, cur_chroot) != 0) {

*error_r = t_strdup_printf(

"Process is already chrooted to %s, "

"can't chroot to %s", cur_chroot, priv->chroot);

return -1;

}

/* chrooting to same directory where we're already chrooted */

rset.chroot_dir = NULL;

}

if (disallow_root &&

(rset.uid == 0 || (rset.uid == (uid_t)-1 && current_euid == 0))) {

*error_r = "Mail access not allowed for root";

return -1;

}

if (keep_setuid_root) {

if (current_euid != rset.uid && rset.uid != (uid_t)-1) {

if (current_euid != 0) {

/* we're changing the UID,

mail_storage_service_seteuid_root();

}

setuid_uid = rset.uid;

}

rset.uid = (uid_t)-1;

disallow_root = FALSE;

}

if (!setenv_only) {

restrict_access(&rset, *priv->home == '\0' ? NULL : priv->home,

disallow_root);

} else {

restrict_access_set_env(&rset);

}

if (setuid_uid != 0 && !setenv_only) {

if (seteuid(setuid_uid) < 0)

i_fatal("mail-storage-service: seteuid(%s) failed: %m",

dec2str(setuid_uid));

}

return 0;

}

static int

mail_storage_service_init_post(struct mail_storage_service_ctx *ctx,

struct mail_storage_service_user *user,

struct mail_storage_service_privileges *priv,

struct mail_user **mail_user_r,

const char **error_r)

{

const struct mail_storage_settings *mail_set;

const char *home = priv->home;

struct mail_user *mail_user;

/* NOTE: if more user initialization is added, add it also to

mail_user = mail_user_alloc_nodup_set(user->input.username,

user->user_info, user->user_set);

mail_user->_service_user = user;

mail_user_set_home(mail_user, *home == '\0' ? NULL : home);

mail_user_set_vars(mail_user, ctx->service->name,

&user->input.local_ip, &user->input.remote_ip);

mail_user->uid = priv->uid == (uid_t)-1 ? geteuid() : priv->uid;

mail_user->gid = priv->gid == (gid_t)-1 ? getegid() : priv->gid;

mail_user->anonymous = user->anonymous;

mail_user->admin = user->admin;

mail_user->auth_token = p_strdup(mail_user->pool, user->auth_token);

mail_user->auth_user = p_strdup(mail_user->pool, user->auth_user);

if (user->input.session_create_time != 0) {

mail_user->session_create_time =

user->input.session_create_time;

mail_user->session_restored = TRUE;

}

if (user->session_id_counter++ == 0) {

mail_user->session_id =

p_strdup(mail_user->pool, user->input.session_id);

} else {

mail_user->session_id =

p_strdup_printf(mail_user->pool, "%s:%u",

user->input.session_id,

user->session_id_counter);

}

mail_user->userdb_fields = user->input.userdb_fields == NULL ? NULL :

p_strarray_dup(mail_user->pool, user->input.userdb_fields);

mail_user->autoexpunge_enabled =

(user->flags & MAIL_STORAGE_SERVICE_FLAG_AUTOEXPUNGE) != 0;

mail_set = mail_user_set_get_storage_set(mail_user);

if (mail_set->mail_debug) {

string_t *str = t_str_new(64);

str_printfa(str, "Effective uid=%s, gid=%s, home=%s",

dec2str(geteuid()), dec2str(getegid()), home);

if (*priv->chroot != '\0')

str_printfa(str, ", chroot=%s", priv->chroot);

i_debug("%s", str_c(str));

}

if ((user->flags & MAIL_STORAGE_SERVICE_FLAG_TEMP_PRIV_DROP) != 0 &&

(user->flags & MAIL_STORAGE_SERVICE_FLAG_ENABLE_CORE_DUMPS) == 0) {

/* we don't want to write core files to any users' home

} else if ((user->flags & MAIL_STORAGE_SERVICE_FLAG_NO_CHDIR) == 0) {

/* If possible chdir to home directory, so that core file

if (home[0] == '\0') {

if (chdir("/") < 0)

i_error("chdir(/) failed: %m");

} else if (chdir(home) < 0) {

if (errno == EACCES) {

i_error("%s", eacces_error_get("chdir",

t_strconcat(home, "/", NULL)));

} if (errno != ENOENT)

i_error("chdir(%s) failed: %m", home);

else if (mail_set->mail_debug)

i_debug("Home dir not found: %s", home);

if (chdir("/") < 0)

i_error("chdir(/) failed: %m");

}

}

if (mail_user_init(mail_user, error_r) < 0) {

mail_user_unref(&mail_user);

return -1;

}

if ((user->flags & MAIL_STORAGE_SERVICE_FLAG_NO_NAMESPACES) == 0) {

if (mail_namespaces_init(mail_user, error_r) < 0) {

mail_user_unref(&mail_user);

return -1;

}

}

*mail_user_r = mail_user;

return 0;

}

void mail_storage_service_io_activate_user(struct mail_storage_service_user *user)

{

i_set_failure_prefix("%s", user->log_prefix);

}

void mail_storage_service_io_deactivate_user(struct mail_storage_service_user *user)

{

i_set_failure_prefix("%s", user->service_ctx->default_log_prefix);

}

void mail_storage_service_io_deactivate(struct mail_storage_service_ctx *ctx)

{

i_set_failure_prefix("%s", ctx->default_log_prefix);

}

static const char *field_get_default(const char *data)

{

const char *p;

p = strchr(data, ':');

if (p == NULL)

return "";

else {

/* default value given */

return p+1;

}

}

const char *mail_storage_service_fields_var_expand(const char *data,

const char *const *fields)

{

const char *field_name = t_strcut(data, ':');

unsigned int i;

size_t field_name_len;

if (fields == NULL)

return field_get_default(data);

field_name_len = strlen(field_name);

for (i = 0; fields[i] != NULL; i++) {

if (strncmp(fields[i], field_name, field_name_len) == 0 &&

fields[i][field_name_len] == '=')

return fields[i] + field_name_len+1;

}

return field_get_default(data);

}

static int

mail_storage_service_input_var_userdb(const char *data, void *context,

const char **value_r,

const char **error_r ATTR_UNUSED)

{

struct mail_storage_service_user *user = context;

*value_r = mail_storage_service_fields_var_expand(data,

user == NULL ? NULL : user->input.userdb_fields);

return 1;

}

static int

mail_storage_service_var_expand(struct mail_storage_service_ctx *ctx,

string_t *str, const char *format,

struct mail_storage_service_user *user,

const struct mail_storage_service_input *input,

const struct mail_storage_service_privileges *priv,

const char **error_r)

{

static const struct var_expand_func_table func_table[] = {

{ "userdb", mail_storage_service_input_var_userdb },

{ NULL, NULL }

};

return var_expand_with_funcs(str, format,

get_var_expand_table(ctx->service, user, input, priv),

func_table, user, error_r);

}

static void

mail_storage_service_init_log(struct mail_storage_service_ctx *ctx,

struct mail_storage_service_user *user,

struct mail_storage_service_privileges *priv)

{

const char *error;

ctx->log_initialized = TRUE;

T_BEGIN {

string_t *str;

str = t_str_new(256);

(void)mail_storage_service_var_expand(ctx, str,

user->user_set->mail_log_prefix,

user, &user->input, priv, &error);

user->log_prefix = p_strdup(user->pool, str_c(str));

} T_END;

master_service_init_log(ctx->service, user->log_prefix);

if (master_service_get_client_limit(master_service) == 1)

i_set_failure_send_prefix(user->log_prefix);

io_loop_context_add_callbacks(user->ioloop_ctx,

mail_storage_service_io_activate_user,

mail_storage_service_io_deactivate_user,

user);

}

static void mail_storage_service_time_moved(time_t old_time, time_t new_time)

{

long diff = new_time - old_time;

if (diff > 0) {

if (diff > MAX_NOWARN_FORWARD_SECS)

i_warning("Time jumped forwards %ld seconds", diff);

return;

}

diff = -diff;

if (diff > MAX_TIME_BACKWARDS_SLEEP) {

i_fatal("Time just moved backwards by %ld seconds. "

"This might cause a lot of problems, "

"so I'll just kill myself now. "

"http://wiki2.dovecot.org/TimeMovedBackwards", diff);

} else {

i_error("Time just moved backwards by %ld seconds. "

"I'll sleep now until we're back in present. "

"http://wiki2.dovecot.org/TimeMovedBackwards", diff);

/* Sleep extra second to make sure usecs also grows. */

diff++;

while (diff > 0 && sleep(diff) != 0) {

/* don't use sleep()'s return value, because

diff = old_time - time(NULL) + 1;

}

}

}

struct mail_storage_service_ctx *

mail_storage_service_init(struct master_service *service,

const struct setting_parser_info *set_roots[],

enum mail_storage_service_flags flags)

{

struct mail_storage_service_ctx *ctx;

const char *version;

pool_t pool;

unsigned int count;

version = master_service_get_version_string(service);

if (version != NULL && strcmp(version, PACKAGE_VERSION) != 0) {

i_fatal("Version mismatch: libdovecot-storage.so is '%s', "

"while the running Dovecot binary is '%s'",

PACKAGE_VERSION, version);

}

if ((flags & MAIL_STORAGE_SERVICE_FLAG_TEMP_PRIV_DROP) != 0 &&

getuid() != 0) {

/* service { user } isn't root. the permission drop can't be

flags &= ~MAIL_STORAGE_SERVICE_FLAG_TEMP_PRIV_DROP;

}

(void)umask(0077);

io_loop_set_time_moved_callback(current_ioloop,

mail_storage_service_time_moved);

mail_storage_init();

mail_storage_register_all();

mailbox_list_register_all();

pool = pool_alloconly_create("mail storage service", 2048);

ctx = p_new(pool, struct mail_storage_service_ctx, 1);

ctx->pool = pool;

ctx->service = service;

ctx->flags = flags;

/* @UNSAFE */

if (set_roots == NULL)

count = 0;

else

for (count = 0; set_roots[count] != NULL; count++) ;

ctx->set_roots =

p_new(pool, const struct setting_parser_info *, count + 2);

ctx->set_roots[0] = &mail_user_setting_parser_info;

if (set_roots != NULL) {

memcpy(ctx->set_roots + 1, set_roots,

sizeof(*ctx->set_roots) * count);

}

/* do all the global initialization. delay initializing plugins until

if ((flags & MAIL_STORAGE_SERVICE_FLAG_NO_LOG_INIT) == 0) {

/* note: we may not have read any settings yet, so this logging

ctx->default_log_prefix =

p_strconcat(pool, service->name, ": ", NULL);

master_service_init_log(service, ctx->default_log_prefix);

}

dict_drivers_register_builtin();

return ctx;

}

struct auth_master_connection *

mail_storage_service_get_auth_conn(struct mail_storage_service_ctx *ctx)

{

i_assert(ctx->conn != NULL);

return ctx->conn;

}

static enum mail_storage_service_flags

mail_storage_service_input_get_flags(struct mail_storage_service_ctx *ctx,

const struct mail_storage_service_input *input)

{

enum mail_storage_service_flags flags;

flags = (ctx->flags & ~input->flags_override_remove) |

input->flags_override_add;

if (input->no_userdb_lookup) {

/* FIXME: for API backwards compatibility only */

flags &= ~MAIL_STORAGE_SERVICE_FLAG_USERDB_LOOKUP;

}

return flags;

}

int mail_storage_service_read_settings(struct mail_storage_service_ctx *ctx,

const struct mail_storage_service_input *input,

pool_t pool,

const struct setting_parser_info **user_info_r,

const struct setting_parser_context **parser_r,

const char **error_r)

{

struct master_service_settings_input set_input;

const struct setting_parser_info *const *roots;

struct master_service_settings_output set_output;

const struct dynamic_settings_parser *dyn_parsers;

enum mail_storage_service_flags flags;

unsigned int i;

ctx->config_permission_denied = FALSE;

flags = input == NULL ? ctx->flags :

mail_storage_service_input_get_flags(ctx, input);

i_zero(&set_input);

set_input.roots = ctx->set_roots;

set_input.preserve_user = TRUE;

/* settings reader may exec doveconf, which is going to clear

set_input.preserve_home =

(flags & MAIL_STORAGE_SERVICE_FLAG_USERDB_LOOKUP) == 0;

set_input.use_sysexits =

(flags & MAIL_STORAGE_SERVICE_FLAG_USE_SYSEXITS) != 0;

if (input != NULL) {

set_input.module = input->module;

set_input.service = input->service;

set_input.username = input->username;

set_input.local_ip = input->local_ip;

set_input.remote_ip = input->remote_ip;

}

if (input == NULL) {

/* global settings read - don't create a cache for thi */

} else if (ctx->set_cache == NULL) {

ctx->set_cache_module = p_strdup(ctx->pool, set_input.module);

ctx->set_cache_service = p_strdup(ctx->pool, set_input.service);

ctx->set_cache = master_service_settings_cache_init(

ctx->service, set_input.module, set_input.service);

} else {

/* already looked up settings at least once.

set_input.never_exec = TRUE;

}

dyn_parsers = mail_storage_get_dynamic_parsers(pool);

if (null_strcmp(set_input.module, ctx->set_cache_module) == 0 &&

null_strcmp(set_input.service, ctx->set_cache_service) == 0 &&

ctx->set_cache != NULL) {

if (master_service_settings_cache_read(ctx->set_cache,

&set_input, dyn_parsers,

parser_r, error_r) < 0) {

*error_r = t_strdup_printf(

"Error reading configuration: %s", *error_r);

return -1;

}

} else {

settings_parser_dyn_update(pool, &set_input.roots, dyn_parsers);

if (master_service_settings_read(ctx->service, &set_input,

&set_output, error_r) < 0) {

*error_r = t_strdup_printf(

"Error reading configuration: %s", *error_r);

ctx->config_permission_denied =

set_output.permission_denied;

return -1;

}

*parser_r = ctx->service->set_parser;

}

roots = settings_parser_get_roots(*parser_r);

for (i = 0; roots[i] != NULL; i++) {

if (strcmp(roots[i]->module_name,

mail_user_setting_parser_info.module_name) == 0) {

*user_info_r = roots[i];

return 0;

}

}

i_unreached();

return -1;

}

void mail_storage_service_set_auth_conn(struct mail_storage_service_ctx *ctx,

struct auth_master_connection *conn)

{

i_assert(ctx->conn == NULL);

i_assert(mail_user_auth_master_conn == NULL);

ctx->conn = conn;

mail_user_auth_master_conn = conn;

}

static void

mail_storage_service_first_init(struct mail_storage_service_ctx *ctx,

const struct setting_parser_info *user_info,

const struct mail_user_settings *user_set)

{

enum auth_master_flags flags = 0;

ctx->debug = mail_user_set_get_mail_debug(user_info, user_set);

if (ctx->debug)

flags |= AUTH_MASTER_FLAG_DEBUG;

if ((ctx->flags & MAIL_STORAGE_SERVICE_FLAG_NO_IDLE_TIMEOUT) != 0)

flags |= AUTH_MASTER_FLAG_NO_IDLE_TIMEOUT;

mail_storage_service_set_auth_conn(ctx,

auth_master_init(user_set->auth_socket_path, flags));

}

static int

mail_storage_service_load_modules(struct mail_storage_service_ctx *ctx,

const struct setting_parser_info *user_info,

const struct mail_user_settings *user_set,

const char **error_r)

{

struct module_dir_load_settings mod_set;

if (*user_set->mail_plugins == '\0')

return 0;

if ((ctx->flags & MAIL_STORAGE_SERVICE_FLAG_NO_PLUGINS) != 0)

return 0;

i_zero(&mod_set);

mod_set.abi_version = DOVECOT_ABI_VERSION;

mod_set.binary_name = master_service_get_name(ctx->service);

mod_set.setting_name = "mail_plugins";

mod_set.require_init_funcs = TRUE;

mod_set.debug = mail_user_set_get_mail_debug(user_info, user_set);

return module_dir_try_load_missing(&mail_storage_service_modules,

user_set->mail_plugin_dir,

user_set->mail_plugins,

&mod_set, error_r);

}

static int extra_field_key_cmp_p(const char *const *s1, const char *const *s2)

{

const char *p1 = *s1, *p2 = *s2;

for (; *p1 == *p2; p1++, p2++) {

if (*p1 == '\0')

return 0;

}

if (*p1 == '=')

return -1;

if (*p2 == '=')

return 1;

return *p1 - *p2;

}

static void

mail_storage_service_set_log_prefix(struct mail_storage_service_ctx *ctx,

const struct mail_user_settings *user_set,

struct mail_storage_service_user *user,

const struct mail_storage_service_input *input,

const struct mail_storage_service_privileges *priv)

{

string_t *str;

const char *error;

str = t_str_new(256);

(void)mail_storage_service_var_expand(ctx, str, user_set->mail_log_prefix,

user, input, priv, &error);

i_set_failure_prefix("%s", str_c(str));

}

static const char *

mail_storage_service_generate_session_id(pool_t pool, const char *prefix)

{

guid_128_t guid;

size_t prefix_len = prefix == NULL ? 0 : strlen(prefix);

string_t *str = str_new(pool, MAX_BASE64_ENCODED_SIZE(prefix_len + 1 + sizeof(guid)));

if (prefix != NULL)

str_printfa(str, "%s:", prefix);

guid_128_generate(guid);

base64_encode(guid, sizeof(guid), str);

/* remove the trailing "==" */

i_assert(str_data(str)[str_len(str)-2] == '=');

str_truncate(str, str_len(str)-2);

return str_c(str);

}

static int

mail_storage_service_lookup_real(struct mail_storage_service_ctx *ctx,

const struct mail_storage_service_input *input,

bool update_log_prefix,

struct mail_storage_service_user **user_r,

const char **error_r)

{

enum mail_storage_service_flags flags;

struct mail_storage_service_user *user;

const char *username = input->username;

const struct setting_parser_info *user_info;

const struct mail_user_settings *user_set;

const char *const *userdb_fields, *error;

struct auth_user_reply reply;

const struct setting_parser_context *set_parser;

void **sets;

pool_t user_pool, temp_pool;

int ret = 1;

user_pool = pool_alloconly_create(MEMPOOL_GROWING"mail storage service user", 1024*6);

flags = mail_storage_service_input_get_flags(ctx, input);

if ((flags & MAIL_STORAGE_SERVICE_FLAG_TEMP_PRIV_DROP) != 0 &&

geteuid() != 0) {

/* we dropped privileges only temporarily. switch back to root

mail_storage_service_seteuid_root();

}

if (mail_storage_service_read_settings(ctx, input, user_pool,

&user_info, &set_parser,

error_r) < 0) {

if (ctx->config_permission_denied) {

/* just restart and maybe next time we will open the

i_fatal("%s", *error_r);

}

pool_unref(&user_pool);

return -1;

}

if ((flags & MAIL_STORAGE_SERVICE_FLAG_NO_LOG_INIT) == 0 &&

!ctx->log_initialized) {

/* initialize logging again, in case we only read the

ctx->log_initialized = TRUE;

master_service_init_log(ctx->service,

t_strconcat(ctx->service->name, ": ", NULL));

update_log_prefix = TRUE;

}

sets = master_service_settings_parser_get_others(master_service,

set_parser);

user_set = sets[0];

if (update_log_prefix)

mail_storage_service_set_log_prefix(ctx, user_set, NULL, input, NULL);

if (ctx->conn == NULL)

mail_storage_service_first_init(ctx, user_info, user_set);

/* load global plugins */

if (mail_storage_service_load_modules(ctx, user_info, user_set, error_r) < 0) {

pool_unref(&user_pool);

return -1;

}

if (ctx->userdb_next_pool == NULL)

temp_pool = pool_alloconly_create("userdb lookup", 2048);

else {

temp_pool = ctx->userdb_next_pool;

ctx->userdb_next_pool = NULL;

pool_ref(temp_pool);

}

if ((flags & MAIL_STORAGE_SERVICE_FLAG_USERDB_LOOKUP) != 0) {

ret = service_auth_userdb_lookup(ctx, input, temp_pool,

&username, &userdb_fields, error_r);

if (ret <= 0) {

pool_unref(&temp_pool);

pool_unref(&user_pool);

return ret;

}

if (ctx->userdb_next_fieldsp != NULL)

*ctx->userdb_next_fieldsp = userdb_fields;