search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
* new version 2.19.9993
[alpine.git] / imap / src / osdep / unix / env_unix.c
blobd1bb1f0244141a34fb16222501621588137001a9
1 /* ========================================================================
2 * Copyright 2008-2010 Mark Crispin
3 * ========================================================================
4 */
5
6 /*
7 * Program: UNIX environment routines
8 *
9 * Author: Mark Crispin
10 *
11 * Date: 1 August 1988
12 * Last Edited: 15 November 2010
13 *
14 * Previous versions of this file were
15 *
16 * Copyright 1988-2008 University of Washington
17 *
18 * Licensed under the Apache License, Version 2.0 (the "License");
19 * you may not use this file except in compliance with the License.
20 * You may obtain a copy of the License at
21 *
22 * http://www.apache.org/licenses/LICENSE-2.0
23 *
24 */
25
26 #include <grp.h>
27 #include <signal.h>
28 #include <sys/wait.h>
29
30
31 /* in case stat.h is ancient */
32
33 #ifndef S_IRUSR
34 #define S_IRUSR S_IREAD
35 #endif
36 #ifndef S_IWUSR
37 #define S_IWUSR S_IWRITE
38 #endif
39 #ifndef S_IXUSR
40 #define S_IXUSR S_IEXEC
41 #endif
42 #ifndef S_IRGRP
43 #define S_IRGRP (S_IREAD >> 3)
44 #endif
45 #ifndef S_IWGRP
46 #define S_IWGRP (S_IWRITE >> 3)
47 #endif
48 #ifndef S_IXGRP
49 #define S_IXGRP (S_IEXEC >> 3)
50 #endif
51 #ifndef S_IROTH
52 #define S_IROTH (S_IREAD >> 6)
53 #endif
54 #ifndef S_IWOTH
55 #define S_IWOTH (S_IWRITE >> 6)
56 #endif
57 #ifndef S_IXOTH
58 #define S_IXOTH (S_IEXEC >> 6)
59 #endif
60 \f
61 /* c-client environment parameters */
62
63 static char *myUserName = NIL; /* user name */
64 static char *myHomeDir = NIL; /* home directory name */
65 static char *myServerName = NIL;/* server name */
66 static char *myLocalHost = NIL; /* local host name */
67 static char *myNewsrc = NIL; /* newsrc file name */
68 static char *mailsubdir = NIL; /* mailbox subdirectory name */
69 static char *sysInbox = NIL; /* system inbox name */
70 static char *newsActive = NIL; /* news active file */
71 static char *newsSpool = NIL; /* news spool */
72 static char *blackBoxDir = NIL; /* black box directory name */
73 /* black box default home directory */
74 static char *blackBoxDefaultHome = NIL;
75 static char *sslCApath = NIL; /* non-standard CA path */
76 static short anonymous = NIL; /* is anonymous */
77 static short blackBox = NIL; /* is a black box */
78 static short closedBox = NIL; /* is a closed box (uses chroot() jail) */
79 static long restrictBox = NIL; /* is a restricted box */
80 static short has_no_life = NIL; /* is a cretin with no life */
81 /* block environment init */
82 static short block_env_init = NIL;
83 static short hideDotFiles = NIL;/* hide files whose names start with . */
84 /* advertise filesystem root */
85 static short advertisetheworld = NIL;
86 /* only advertise own mailboxes and #shared */
87 static short limitedadvertise = NIL;
88 /* disable automatic shared namespaces */
89 static short noautomaticsharedns = NIL;
90 static short no822tztext = NIL; /* disable RFC [2]822 timezone text */
91 /* client principals include service name */
92 static short kerb_cp_svr_name = NIL;
93 static long locktimeout = 5; /* default lock timeout in minutes */
94 /* default prototypes */
95 static MAILSTREAM *createProto = NIL;
96 static MAILSTREAM *appendProto = NIL;
97 /* default user flags */
98 static char *userFlags[NUSERFLAGS] = {NIL};
99 static NAMESPACE *nslist[3]; /* namespace list */
100 static int logtry = 3; /* number of server login tries */
101 /* block notification */
102 static blocknotify_t mailblocknotify = mm_blocknotify;
103 /* logout function */
104 static logouthook_t maillogouthook = NIL;
105 /* logout data */
106 static void *maillogoutdata = NIL;
107 /* allow user config files */
108 static short allowuserconfig = NIL;
109 /* 1 = disable plaintext, 2 = if not SSL */
110 static long disablePlaintext = NIL;
111 static long list_max_level = 20;/* maximum level of list recursion */
112 /* facility for syslog */
113 static int syslog_facility = LOG_MAIL;
114 \f
115 /* Path of the privileged system lock program (mlock). Normally set by
116 * logic test.
117 */
118
119 static char *lockpgm = LOCKPGM;
120
121 /* Directory used for shared locks. MUST be the same for all users of the
122 * system, and MUST be protected 1777. /var/tmp may be preferable on some
123 * systems.
124 */
125
126 static const char *tmpdir = "/tmp";
127
128 /* Do not change shlock_mode. Doing so can cause mailbox corruption and
129 * denial of service. It also defeats the entire purpose of the shared
130 * lock mechanism. The right way to avoid shared locks is to set up a
131 * closed box (see the closedBox setting).
132 */
133
134 /* shared lock mode */
135 static const int shlock_mode = S_IRUSR|S_IWUSR|S_IRGRP|S_IWGRP|S_IROTH|S_IWOTH;
136
137
138 /* It is STRONGLY recommended that you do not change dotlock_mode. Doing so
139 * can cause denial of service with old dot-lock files left lying around.
140 * However, since dot-locks are only used with traditional UNIX and MMDF
141 * formats which are not normally shared, it is much less harmful to tamper
142 * with this than with shlock_mode.
143 */
144
145 /* dot-lock mode */
146 static long dotlock_mode = S_IRUSR|S_IWUSR|S_IRGRP|S_IWGRP|S_IROTH|S_IWOTH;
147 \f
148 /* File/directory access and protection policies */
149
150 /* Unlike shlock_mode, the ????_protection modes are intended to be fully
151 * customizable according to site policy. The values here are recommended
152 * settings, based upon the documented purposes of the namespaces.
153 */
154
155 /* user space - only owner can read/write */
156 static char *myMailboxDir = NIL;/* user space directory name */
157 /* default file protection */
158 static long mbx_protection = S_IRUSR|S_IWUSR;
159 /* default directory protection */
160 static long dir_protection = S_IRUSR|S_IWUSR|S_IXUSR;
161
162 /* user space for user "anonymous" */
163 /* anonymous home directory */
164 static char *anonymousHome = NIL;
165
166 /* #ftp - everybody can read, only owner can write */
167 static char *ftpHome = NIL; /* ftp export home directory */
168 /* default ftp file protection */
169 static long ftp_protection = S_IRUSR|S_IWUSR|S_IRGRP|S_IROTH;
170 static long ftp_dir_protection =/* default ftp directory protection */
171 S_IRUSR|S_IWUSR|S_IXUSR|S_IRGRP|S_IXGRP|S_IROTH|S_IXOTH;
172
173 /* #public - everybody can read/write */
174 static char *publicHome = NIL; /* public home directory */
175 static long public_protection = /* default public file protection */
176 S_IRUSR|S_IWUSR|S_IRGRP|S_IWGRP|S_IROTH|S_IWOTH;
177 /* default public directory protection */
178 static long public_dir_protection =
179 S_IRUSR|S_IWUSR|S_IXUSR|S_IRGRP|S_IWGRP|S_IXGRP|S_IROTH|S_IWOTH|S_IXOTH;
180
181 /* #shared/ - owner and group members can read/write */
182 static char *sharedHome = NIL; /* shared home directory */
183 /* default shared file protection */
184 static long shared_protection = S_IRUSR|S_IWUSR|S_IRGRP|S_IWGRP;
185 /* default shared directory protection */
186 static long shared_dir_protection =
187 S_IRUSR|S_IWUSR|S_IXUSR|S_IRGRP|S_IWGRP|S_IXGRP;
188 \f
189 /* OS bug workarounds - should be avoided at all cost */
190
191
192 /* Don't set fcntlhangbug unless you really have to, since it risks mailbox
193 * corruption. The flocksim.c mechanism is designed to detect NFS access
194 * and no-op in that cases only, so this flag should be unnecessary.
195 */
196
197 static short fcntlhangbug = NIL;/* flock() emulator using fcntl() is a no-op */
198
199
200 /* Don't set netfsstatbug unless you really have to, since it dramatically
201 * slows down traditional UNIX and MMDF mailbox performance.
202 */
203
204 static short netfsstatbug = NIL;/* compensate for broken stat() on network
205 * filesystems (AFS and old NFS)
206 */
207
208
209 /* Note: setting disableLockWarning means that you assert that the
210 * so-modified copy of this software will NEVER be used:
211 * 1) in conjunction with any software which expects .lock files
212 * 2) to access NFS-mounted files and directories
213 *
214 * Unless both of these conditions apply, then do not set this flag.
215 * Instead, read the FAQ (item 7.10) and either use 1777 protection
216 * on the mail spool, or install mlock.
217 *
218 * In addition, by setting this flag you also agree that you are fully
219 * legally and morally responsible when (not if) mail files are damaged
220 * as the result of your choice.
221 *
222 * The mlock tool exists for a reason. Use it.
223 */
224 /* disable warning if can't make .lock file */
225 static short disableLockWarning = NIL;
226 \f
227 /* UNIX Namespaces */
228
229 /* personal mh namespace */
230 static NAMESPACE nsmhf = {"#mh/",'/',NIL,NIL};
231 static NAMESPACE nsmh = {"#mhinbox",NIL,NIL,&nsmhf};
232 /* home namespace */
233 static NAMESPACE nshome = {"",'/',NIL,&nsmh};
234 /* UNIX other user namespace */
235 static NAMESPACE nsunixother = {"~",'/',NIL,NIL};
236 /* black box other user namespace */
237 static NAMESPACE nsblackother = {"/",'/',NIL,NIL};
238 /* public (anonymous OK) namespace */
239 static NAMESPACE nspublic = {"#public/",'/',NIL,NIL};
240 /* netnews namespace */
241 static NAMESPACE nsnews = {"#news.",'.',NIL,&nspublic};
242 /* FTP export namespace */
243 static NAMESPACE nsftp = {"#ftp/",'/',NIL,&nsnews};
244 /* shared (no anonymous) namespace */
245 static NAMESPACE nsshared = {"#shared/",'/',NIL,&nsftp};
246 /* world namespace */
247 static NAMESPACE nsworld = {"/",'/',NIL,&nsshared};
248 /* only shared and public namespaces */
249 static NAMESPACE nslimited = {"#shared/",'/',NIL,&nspublic};
250
251
252
253 #include "write.c" /* include safe writing routines */
254 #include "crexcl.c" /* include exclusive create */
255 #include "pmatch.c" /* include wildcard pattern matcher */
256
257 /* Get all authenticators */
258
259 #include "auths.c"
260 \f
261 /* Environment manipulate parameters
262 * Accepts: function code
263 * function-dependent value
264 * Returns: function-dependent return value
265 */
266
267 void *env_parameters (long function,void *value)
268 {
269 void *ret = NIL;
270 switch ((int) function) {
271 case GET_NAMESPACE:
272 ret = (void *) nslist;
273 break;
274 case SET_USERNAME:
275 if (myUserName) fs_give ((void **) &myUserName);
276 myUserName = cpystr ((char *) value);
277 case GET_USERNAME:
278 ret = (void *) myUserName;
279 break;
280 case SET_HOMEDIR:
281 if (myHomeDir) fs_give ((void **) &myHomeDir);
282 myHomeDir = cpystr ((char *) value);
283 case GET_HOMEDIR:
284 ret = (void *) myHomeDir;
285 break;
286 case SET_LOCALHOST:
287 if (myLocalHost) fs_give ((void **) &myLocalHost);
288 myLocalHost = cpystr ((char *) value);
289 case GET_LOCALHOST:
290 ret = (void *) myLocalHost;
291 break;
292 case SET_NEWSRC:
293 if (myNewsrc) fs_give ((void **) &myNewsrc);
294 myNewsrc = cpystr ((char *) value);
295 case GET_NEWSRC:
296 ret = (void *) myNewsrc;
297 break;
298 case SET_NEWSACTIVE:
299 if (newsActive) fs_give ((void **) &newsActive);
300 newsActive = cpystr ((char *) value);
301 case GET_NEWSACTIVE:
302 ret = (void *) newsActive;
303 break;
304 case SET_NEWSSPOOL:
305 if (newsSpool) fs_give ((void **) &newsSpool);
306 newsSpool = cpystr ((char *) value);
307 case GET_NEWSSPOOL:
308 ret = (void *) newsSpool;
309 break;
310 \f
311 case SET_ANONYMOUSHOME:
312 if (anonymousHome) fs_give ((void **) &anonymousHome);
313 anonymousHome = cpystr ((char *) value);
314 case GET_ANONYMOUSHOME:
315 if (!anonymousHome) anonymousHome = cpystr (ANONYMOUSHOME);
316 ret = (void *) anonymousHome;
317 break;
318 case SET_FTPHOME:
319 if (ftpHome) fs_give ((void **) &ftpHome);
320 ftpHome = cpystr ((char *) value);
321 case GET_FTPHOME:
322 ret = (void *) ftpHome;
323 break;
324 case SET_PUBLICHOME:
325 if (publicHome) fs_give ((void **) &publicHome);
326 publicHome = cpystr ((char *) value);
327 case GET_PUBLICHOME:
328 ret = (void *) publicHome;
329 break;
330 case SET_SHAREDHOME:
331 if (sharedHome) fs_give ((void **) &sharedHome);
332 sharedHome = cpystr ((char *) value);
333 case GET_SHAREDHOME:
334 ret = (void *) sharedHome;
335 break;
336 case SET_SYSINBOX:
337 if (sysInbox) fs_give ((void **) &sysInbox);
338 sysInbox = cpystr ((char *) value);
339 case GET_SYSINBOX:
340 ret = (void *) sysInbox;
341 break;
342 case SET_SSLCAPATH: /* this can be set null */
343 if (sslCApath) fs_give ((void **) &sslCApath);
344 sslCApath = value ? cpystr ((char *) value) : value;
345 break;
346 case GET_SSLCAPATH:
347 ret = (void *) sslCApath;
348 break;
349 case SET_LISTMAXLEVEL:
350 list_max_level = (long) value;
351 case GET_LISTMAXLEVEL:
352 ret = (void *) list_max_level;
353 break;
354 \f
355 case SET_MBXPROTECTION:
356 mbx_protection = (long) value;
357 case GET_MBXPROTECTION:
358 ret = (void *) mbx_protection;
359 break;
360 case SET_DIRPROTECTION:
361 dir_protection = (long) value;
362 case GET_DIRPROTECTION:
363 ret = (void *) dir_protection;
364 break;
365 case SET_LOCKPROTECTION:
366 dotlock_mode = (long) value;
367 case GET_LOCKPROTECTION:
368 ret = (void *) dotlock_mode;
369 break;
370 case SET_FTPPROTECTION:
371 ftp_protection = (long) value;
372 case GET_FTPPROTECTION:
373 ret = (void *) ftp_protection;
374 break;
375 case SET_PUBLICPROTECTION:
376 public_protection = (long) value;
377 case GET_PUBLICPROTECTION:
378 ret = (void *) public_protection;
379 break;
380 case SET_SHAREDPROTECTION:
381 shared_protection = (long) value;
382 case GET_SHAREDPROTECTION:
383 ret = (void *) shared_protection;
384 break;
385 case SET_FTPDIRPROTECTION:
386 ftp_dir_protection = (long) value;
387 case GET_FTPDIRPROTECTION:
388 ret = (void *) ftp_dir_protection;
389 break;
390 case SET_PUBLICDIRPROTECTION:
391 public_dir_protection = (long) value;
392 case GET_PUBLICDIRPROTECTION:
393 ret = (void *) public_dir_protection;
394 break;
395 case SET_SHAREDDIRPROTECTION:
396 shared_dir_protection = (long) value;
397 case GET_SHAREDDIRPROTECTION:
398 ret = (void *) shared_dir_protection;
399 break;
400 case SET_RESTRICTIONS:
401 restrictBox = (long) value;
402 case GET_RESTRICTIONS:
403 ret = (void *) restrictBox;
404 \f
405 case SET_LOCKTIMEOUT:
406 locktimeout = (long) value;
407 case GET_LOCKTIMEOUT:
408 ret = (void *) locktimeout;
409 break;
410 case SET_DISABLEFCNTLLOCK:
411 fcntlhangbug = value ? T : NIL;
412 case GET_DISABLEFCNTLLOCK:
413 ret = (void *) (fcntlhangbug ? VOIDT : NIL);
414 break;
415 case SET_LOCKEACCESERROR:
416 disableLockWarning = value ? NIL : T;
417 case GET_LOCKEACCESERROR:
418 ret = (void *) (disableLockWarning ? NIL : VOIDT);
419 break;
420 case SET_HIDEDOTFILES:
421 hideDotFiles = value ? T : NIL;
422 case GET_HIDEDOTFILES:
423 ret = (void *) (hideDotFiles ? VOIDT : NIL);
424 break;
425 case SET_DISABLEPLAINTEXT:
426 disablePlaintext = (long) value;
427 case GET_DISABLEPLAINTEXT:
428 ret = (void *) disablePlaintext;
429 break;
430 case SET_CHROOTSERVER:
431 closedBox = value ? T : NIL;
432 case GET_CHROOTSERVER:
433 ret = (void *) (closedBox ? VOIDT : NIL);
434 break;
435 case SET_ADVERTISETHEWORLD:
436 advertisetheworld = value ? T : NIL;
437 case GET_ADVERTISETHEWORLD:
438 ret = (void *) (advertisetheworld ? VOIDT : NIL);
439 break;
440 case SET_LIMITEDADVERTISE:
441 limitedadvertise = value ? T : NIL;
442 case GET_LIMITEDADVERTISE:
443 ret = (void *) (limitedadvertise ? VOIDT : NIL);
444 break;
445 case SET_DISABLEAUTOSHAREDNS:
446 noautomaticsharedns = value ? T : NIL;
447 case GET_DISABLEAUTOSHAREDNS:
448 ret = (void *) (noautomaticsharedns ? VOIDT : NIL);
449 break;
450 case SET_DISABLE822TZTEXT:
451 no822tztext = value ? T : NIL;
452 case GET_DISABLE822TZTEXT:
453 ret = (void *) (no822tztext ? VOIDT : NIL);
454 break;
455 \f
456 case SET_USERHASNOLIFE:
457 has_no_life = value ? T : NIL;
458 case GET_USERHASNOLIFE:
459 ret = (void *) (has_no_life ? VOIDT : NIL);
460 break;
461 case SET_KERBEROS_CP_SVR_NAME:
462 kerb_cp_svr_name = value ? T : NIL;
463 case GET_KERBEROS_CP_SVR_NAME:
464 ret = (void *) (kerb_cp_svr_name ? VOIDT : NIL);
465 break;
466 case SET_NETFSSTATBUG:
467 netfsstatbug = value ? T : NIL;
468 case GET_NETFSSTATBUG:
469 ret = (void *) (netfsstatbug ? VOIDT : NIL);
470 break;
471 case SET_BLOCKENVINIT:
472 block_env_init = value ? T : NIL;
473 case GET_BLOCKENVINIT:
474 ret = (void *) (block_env_init ? VOIDT : NIL);
475 break;
476 case SET_BLOCKNOTIFY:
477 mailblocknotify = (blocknotify_t) value;
478 case GET_BLOCKNOTIFY:
479 ret = (void *) mailblocknotify;
480 break;
481 case SET_LOGOUTHOOK:
482 maillogouthook = (logouthook_t) value;
483 case GET_LOGOUTHOOK:
484 ret = maillogouthook;
485 break;
486 case SET_LOGOUTDATA:
487 maillogoutdata = (void *) value;
488 case GET_LOGOUTDATA:
489 ret = maillogoutdata;
490 }
491 return ret;
492 }
493 \f
494 /* Write current time
495 * Accepts: destination string
496 * optional format of day-of-week prefix
497 * format of date and time
498 * flag whether to append symbolic timezone
499 */
500
501 static void do_date (char *date,char *prefix,char *fmt,int suffix)
502 {
503 time_t tn = time (0);
504 struct tm *t = gmtime (&tn);
505 int zone = t->tm_hour * 60 + t->tm_min;
506 int julian = t->tm_yday;
507 t = localtime (&tn); /* get local time now */
508 /* minus UTC minutes since midnight */
509 zone = t->tm_hour * 60 + t->tm_min - zone;
510 /* julian can be one of:
511 * 36x local time is December 31, UTC is January 1, offset -24 hours
512 * 1 local time is 1 day ahead of UTC, offset +24 hours
513 * 0 local time is same day as UTC, no offset
514 * -1 local time is 1 day behind UTC, offset -24 hours
515 * -36x local time is January 1, UTC is December 31, offset +24 hours
516 */
517 if (julian = t->tm_yday -julian)
518 zone += ((julian < 0) == (abs (julian) == 1)) ? -24*60 : 24*60;
519 if (prefix) { /* want day of week? */
520 sprintf (date,prefix,days[t->tm_wday]);
521 date += strlen (date); /* make next sprintf append */
522 }
523 /* output the date */
524 sprintf (date,fmt,t->tm_mday,months[t->tm_mon],t->tm_year+1900,
525 t->tm_hour,t->tm_min,t->tm_sec,zone/60,abs (zone) % 60);
526 /* append timezone suffix if desired */
527 if (suffix) rfc822_timezone (date,(void *) t);
528 }
529 \f
530 /* Write current time in RFC 822 format
531 * Accepts: destination string
532 */
533
534 void rfc822_date (char *date)
535 {
536 do_date (date,"%s, ","%d %s %d %02d:%02d:%02d %+03d%02d",
537 no822tztext ? NIL : T);
538 }
539
540
541 /* Write current time in fixed-width RFC 822 format
542 * Accepts: destination string
543 */
544
545 void rfc822_fixed_date (char *date)
546 {
547 do_date (date,NIL,"%02d %s %4d %02d:%02d:%02d %+03d%02d",NIL);
548 }
549
550
551 /* Write current time in internal format
552 * Accepts: destination string
553 */
554
555 void internal_date (char *date)
556 {
557 do_date (date,NIL,"%02d-%s-%d %02d:%02d:%02d %+03d%02d",NIL);
558 }
559 \f
560 /* Initialize server
561 * Accepts: server name for syslog or NIL
562 * /etc/services service name or NIL
563 * alternate /etc/services service name or NIL
564 * clock interrupt handler
565 * kiss-of-death interrupt handler
566 * hangup interrupt handler
567 * termination interrupt handler
568 */
569
570 void server_init (char *server,char *service,char *sslservice,
571 void *clkint,void *kodint,void *hupint,void *trmint,
572 void *staint)
573 {
574 int onceonly = server && service && sslservice;
575 if (onceonly) { /* set server name in syslog */
576 int mask;
577 openlog (myServerName = cpystr (server),LOG_PID,syslog_facility);
578 fclose (stderr); /* possibly save a process ID */
579 dorc (NIL,NIL); /* do systemwide configuration */
580 switch (mask = umask (022)){/* check old umask */
581 case 0: /* definitely unreasonable */
582 case 022: /* don't need to change it */
583 break;
584 default: /* already was a reasonable value */
585 umask (mask); /* so change it back */
586 }
587 }
588 arm_signal (SIGALRM,clkint); /* prepare for clock interrupt */
589 arm_signal (SIGUSR2,kodint); /* prepare for Kiss Of Death */
590 arm_signal (SIGHUP,hupint); /* prepare for hangup */
591 arm_signal (SIGPIPE,hupint); /* alternative hangup */
592 arm_signal (SIGTERM,trmint); /* prepare for termination */
593 /* status dump */
594 if (staint) arm_signal (SIGUSR1,staint);
595 if (onceonly) { /* set up network and maybe SSL */
596 long port;
597 struct servent *sv;
598 /* Use SSL if SSL service, or if server starts with "s" and not service */
599 if (((port = tcp_serverport ()) >= 0)) {
600 if ((sv = getservbyname (service,"tcp")) && (port == ntohs (sv->s_port)))
601 syslog (LOG_DEBUG,"%s service init from %s",service,tcp_clientaddr ());
602 else if ((sv = getservbyname (sslservice,"tcp")) &&
603 (port == ntohs (sv->s_port))) {
604 syslog (LOG_DEBUG,"%s SSL service init from %s",sslservice,
605 tcp_clientaddr ());
606 ssl_server_init (server);
607 }
608 else { /* not service or SSL service port */
609 syslog (LOG_DEBUG,"port %ld service init from %s",port,
610 tcp_clientaddr ());
611 if (*server == 's') ssl_server_init (server);
612 }
613 }
614 }
615 }
616 \f
617 /* Wait for stdin input
618 * Accepts: timeout in seconds
619 * Returns: T if have input on stdin, else NIL
620 */
621
622 long server_input_wait (long seconds)
623 {
624 int err;
625 fd_set rfd,efd;
626 struct timeval tmo;
627 do {
628 FD_ZERO (&rfd);
629 FD_ZERO (&efd);
630 FD_SET (0,&rfd);
631 FD_SET (0,&efd);
632 tmo.tv_sec = seconds; tmo.tv_usec = 0;
633 } while (((err = select (1,&rfd,0,&efd,&tmo)) < 0) && (errno = EINTR));
634 return err ? LONGT : NIL;
635 }
636 \f
637 /* Return UNIX password entry for user name
638 * Accepts: user name string
639 * Returns: password entry
640 *
641 * Tries all-lowercase form of user name if given user name fails
642 */
643
644 static struct passwd *pwuser (unsigned char *user)
645 {
646 unsigned char *s;
647 struct passwd *pw = getpwnam (user);
648 if (!pw) { /* failed, see if any uppercase characters */
649 for (s = user; *s && ((*s < 'A') || (*s > 'Z')); s++);
650 if (*s) { /* yes, try all lowercase form */
651 pw = getpwnam (s = lcase (cpystr (user)));
652 fs_give ((void **) &s);
653 }
654 }
655 return pw;
656 }
657
658
659 /* Validate password for user name
660 * Accepts: user name string
661 * password string
662 * argument count
663 * argument vector
664 * Returns: password entry if validated
665 *
666 * Tries password+1 if password fails and starts with space
667 */
668
669 static struct passwd *valpwd (char *user,char *pwd,int argc,char *argv[])
670 {
671 char *s;
672 struct passwd *pw;
673 struct passwd *ret = NIL;
674 if (auth_md5.server) { /* using CRAM-MD5 authentication? */
675 if (s = auth_md5_pwd (user)) {
676 if (!strcmp (s,pwd) || ((*pwd == ' ') && pwd[1] && !strcmp (s,pwd+1)))
677 ret = pwuser (user); /* validated, get passwd entry for user */
678 memset (s,0,strlen (s)); /* erase sensitive information */
679 fs_give ((void **) &s);
680 }
681 }
682 else if (pw = pwuser (user)) {/* can get user? */
683 s = cpystr (pw->pw_name); /* copy returned name in case we need it */
684 if (*pwd && !(ret = checkpw (pw,pwd,argc,argv)) &&
685 (*pwd == ' ') && pwd[1] && (ret = pwuser (s)))
686 ret = checkpw (pw,pwd+1,argc,argv);
687 fs_give ((void **) &s); /* don't need copy of name any more */
688 }
689 return ret;
690 }
691 \f
692 /* Server log in
693 * Accepts: user name string
694 * password string
695 * authenticating user name string
696 * argument count
697 * argument vector
698 * Returns: T if password validated, NIL otherwise
699 */
700
701 long server_login (char *user,char *pwd,char *authuser,int argc,char *argv[])
702 {
703 struct passwd *pw = NIL;
704 int level = LOG_NOTICE;
705 char *err = "failed";
706 /* cretins still haven't given up */
707 if ((strlen (user) >= NETMAXUSER) ||
708 (authuser && (strlen (authuser) >= NETMAXUSER))) {
709 level = LOG_ALERT; /* escalate this alert */
710 err = "SYSTEM BREAK-IN ATTEMPT";
711 logtry = 0; /* render this session useless */
712 }
713 else if (logtry-- <= 0) err = "excessive login failures";
714 else if (disablePlaintext) err = "disabled";
715 else if (!(authuser && *authuser)) pw = valpwd (user,pwd,argc,argv);
716 else if (valpwd (authuser,pwd,argc,argv)) pw = pwuser (user);
717 if (pw && pw_login (pw,authuser,pw->pw_name,NIL,argc,argv)) return T;
718 syslog (level|LOG_AUTH,"Login %s user=%.64s auth=%.64s host=%.80s",err,
719 user,(authuser && *authuser) ? authuser : user,tcp_clienthost ());
720 sleep (3); /* slow down possible cracker */
721 return NIL;
722 }
723 \f
724 /* Authenticated server log in
725 * Accepts: user name string
726 * authenticating user name string
727 * argument count
728 * argument vector
729 * Returns: T if password validated, NIL otherwise
730 */
731
732 long authserver_login (char *user,char *authuser,int argc,char *argv[])
733 {
734 return pw_login (pwuser (user),authuser,user,NIL,argc,argv);
735 }
736
737
738 /* Log in as anonymous daemon
739 * Accepts: argument count
740 * argument vector
741 * Returns: T if successful, NIL if error
742 */
743
744 long anonymous_login (int argc,char *argv[])
745 {
746 /* log in Mr. A. N. Onymous */
747 return pw_login (getpwnam (ANONYMOUSUSER),NIL,NIL,
748 (char *) mail_parameters (NIL,GET_ANONYMOUSHOME,NIL),
749 argc,argv);
750 }
751 \f
752 /* Finish log in and environment initialization
753 * Accepts: passwd struct for loginpw()
754 * optional authentication user name
755 * user name (NIL for anonymous)
756 * home directory (NIL to use directory from passwd struct)
757 * argument count
758 * argument vector
759 * Returns: T if successful, NIL if error
760 */
761
762 long pw_login (struct passwd *pw,char *auser,char *user,char *home,int argc,
763 char *argv[])
764 {
765 struct group *gr;
766 char **t;
767 long ret = NIL;
768 if (pw && pw->pw_uid) { /* must have passwd struct for non-UID 0 */
769 /* make safe copies of user and home */
770 if (user) user = cpystr (pw->pw_name);
771 home = cpystr (home ? home : pw->pw_dir);
772 /* authorization ID .NE. authentication ID? */
773 if (user && auser && *auser && compare_cstring (auser,user)) {
774 /* scan list of mail administrators */
775 if ((gr = getgrnam (ADMINGROUP)) && (t = gr->gr_mem)) while (*t && !ret)
776 if (!compare_cstring (auser,*t++))
777 ret = pw_login (pw,NIL,user,home,argc,argv);
778 syslog (LOG_NOTICE|LOG_AUTH,"%s %.80s override of user=%.80s host=%.80s",
779 ret ? "Admin" : "Failed",auser,user,tcp_clienthost ());
780 }
781 else if (closedBox) { /* paranoid site, lock out other directories */
782 if (chdir (home) || chroot (home))
783 syslog (LOG_NOTICE|LOG_AUTH,
784 "Login %s failed: unable to set chroot=%.80s host=%.80s",
785 pw->pw_name,home,tcp_clienthost ());
786 else if (loginpw (pw,argc,argv)) ret = env_init (user,NIL);
787 else fatal ("Login failed after chroot");
788 }
789 /* normal login */
790 else if (((pw->pw_uid == geteuid ()) || loginpw (pw,argc,argv)) &&
791 (ret = env_init (user,home))) chdir (myhomedir ());
792 fs_give ((void **) &home); /* clean up */
793 if (user) fs_give ((void **) &user);
794 }
795 endpwent (); /* in case shadow passwords in pw data */
796 return ret; /* return status */
797 }
798 \f
799 /* Initialize environment
800 * Accepts: user name (NIL for anonymous)
801 * home directory name
802 * Returns: T, always
803 */
804
805 long env_init (char *user,char *home)
806 {
807 extern MAILSTREAM CREATEPROTO;
808 extern MAILSTREAM EMPTYPROTO;
809 struct passwd *pw;
810 struct stat sbuf;
811 char tmp[MAILTMPLEN];
812 /* don't init if blocked */
813 if (block_env_init) return LONGT;
814 if (myUserName) fatal ("env_init called twice!");
815 /* initially nothing in namespace list */
816 nslist[0] = nslist[1] = nslist[2] = NIL;
817 /* myUserName must be set before dorc() call */
818 myUserName = cpystr (user ? user : ANONYMOUSUSER);
819 /* force default prototypes to be set */
820 if (!createProto) createProto = &CREATEPROTO;
821 if (!appendProto) appendProto = &EMPTYPROTO;
822 dorc (NIL,NIL); /* do systemwide configuration */
823 if (!home) { /* closed box server */
824 /* standard user can only reference home */
825 if (user) nslist[0] = &nshome;
826 else { /* anonymous user */
827 nslist[0] = &nsblackother; /* set root */
828 anonymous = T; /* flag as anonymous */
829 }
830 myHomeDir = cpystr (""); /* home directory is root */
831 sysInbox = cpystr ("INBOX");/* make system INBOX */
832 }
833 else { /* open or black box */
834 closedBox = NIL; /* definitely not a closed box */
835 if (user) { /* remember user name and home directory */
836 if (blackBoxDir) { /* build black box directory name */
837 sprintf (tmp,"%s/%s",blackBoxDir,myUserName);
838 /* must exist */
839 if (!((!stat (home = tmp,&sbuf) && (sbuf.st_mode & S_IFDIR)) ||
840 (blackBoxDefaultHome &&
841 !stat (home = blackBoxDefaultHome,&sbuf) &&
842 (sbuf.st_mode & S_IFDIR)))) fatal ("no home");
843 sysInbox = (char *) fs_get (strlen (home) + 7);
844 /* set system INBOX */
845 sprintf (sysInbox,"%s/INBOX",home);
846 blackBox = T; /* mark that it's a black box */
847 /* mbox meaningless if black box */
848 mail_parameters (NIL,DISABLE_DRIVER,(void *) "mbox");
849 }
850 nslist[0] = &nshome; /* home namespace */
851 /* limited advertise namespaces */
852 if (limitedadvertise) nslist[2] = &nslimited;
853 else if (blackBox) { /* black box namespaces */
854 nslist[1] = &nsblackother;
855 nslist[2] = &nsshared;
856 }
857 else { /* open box namespaces */
858 nslist[1] = &nsunixother;
859 nslist[2] = advertisetheworld ? &nsworld : &nsshared;
860 }
861 }
862 else {
863 nslist[2] = &nsftp; /* anonymous user */
864 sprintf (tmp,"%s/INBOX",
865 home = (char *) mail_parameters (NIL,GET_ANONYMOUSHOME,NIL));
866 sysInbox = cpystr (tmp); /* make system INBOX */
867 anonymous = T; /* flag as anonymous */
868 }
869 myHomeDir = cpystr (home); /* set home directory */
870 }
871 \f
872 if (allowuserconfig) { /* allow user config files */
873 dorc (strcat (strcpy (tmp,myHomeDir),"/.mminit"),T);
874 dorc (strcat (strcpy (tmp,myHomeDir),"/.imaprc"),NIL);
875 }
876 if (!closedBox && !noautomaticsharedns) {
877 /* #ftp namespace */
878 if (!ftpHome && (pw = getpwnam ("ftp"))) ftpHome = cpystr (pw->pw_dir);
879 /* #public namespace */
880 if (!publicHome && (pw = getpwnam ("imappublic")))
881 publicHome = cpystr (pw->pw_dir);
882 /* #shared namespace */
883 if (!anonymous && !sharedHome && (pw = getpwnam ("imapshared")))
884 sharedHome = cpystr (pw->pw_dir);
885 }
886 if (!myLocalHost) mylocalhost ();
887 if (!myNewsrc) myNewsrc = cpystr(strcat (strcpy (tmp,myHomeDir),"/.newsrc"));
888 if (!newsActive) newsActive = cpystr (ACTIVEFILE);
889 if (!newsSpool) newsSpool = cpystr (NEWSSPOOL);
890 /* re-do open action to get flags */
891 (*createProto->dtb->open) (NIL);
892 endpwent (); /* close pw database */
893 return T;
894 }
895 \f
896 /* Return my user name
897 * Accepts: pointer to optional flags
898 * Returns: my user name
899 */
900
901 char *myusername_full (unsigned long *flags)
902 {
903 struct passwd *pw;
904 struct stat sbuf;
905 char *s;
906 unsigned long euid;
907 char *ret = UNLOGGEDUSER;
908 /* no user name yet and not root? */
909 if (!myUserName && (euid = geteuid ())) {
910 /* yes, look up getlogin() user name or EUID */
911 if (((s = (char *) getlogin ()) && *s && (strlen (s) < NETMAXUSER) &&
912 (pw = getpwnam (s)) && (pw->pw_uid == euid)) ||
913 (pw = getpwuid (euid))) {
914 if (block_env_init) { /* don't env_init if blocked */
915 if (flags) *flags = MU_LOGGEDIN;
916 return pw->pw_name;
917 }
918 env_init (pw->pw_name,
919 ((s = getenv ("HOME")) && *s && (strlen (s) < NETMAXMBX) &&
920 !stat (s,&sbuf) && ((sbuf.st_mode & S_IFMT) == S_IFDIR)) ?
921 s : pw->pw_dir);
922 }
923 else fatal ("Unable to look up user name");
924 }
925 if (myUserName) { /* logged in? */
926 if (flags) *flags = anonymous ? MU_ANONYMOUS : MU_LOGGEDIN;
927 ret = myUserName; /* return user name */
928 }
929 else if (flags) *flags = MU_NOTLOGGEDIN;
930 return ret;
931 }
932
933
934 /* Return my local host name
935 * Returns: my local host name
936 */
937
938 char *mylocalhost ()
939 {
940 if (!myLocalHost) {
941 char *s,tmp[MAILTMPLEN];
942 tmp[0] = tmp[MAILTMPLEN-1] = '\0';
943 if (!gethostname (tmp,MAILTMPLEN-1) && tmp[0]) {
944 /* sanity check of name */
945 for (s = tmp; (*s > 0x20) && (*s < 0x7f); ++s);
946 if (!*s) myLocalHost = tcp_canonical (tmp);
947 }
948 }
949 return myLocalHost ? myLocalHost : "unknown";
950 }
951 \f
952 /* Return my home directory name
953 * Returns: my home directory name
954 */
955
956 char *myhomedir ()
957 {
958 if (!myHomeDir) myusername ();/* initialize if first time */
959 return myHomeDir ? myHomeDir : "";
960 }
961
962
963 /* Return my home mailbox name
964 * Returns: my home directory name
965 */
966
967 static char *mymailboxdir ()
968 {
969 char *home = myhomedir ();
970 /* initialize if first time */
971 if (!myMailboxDir && myHomeDir) {
972 if (mailsubdir) {
973 char tmp[MAILTMPLEN];
974 sprintf (tmp,"%s/%s",home,mailsubdir);
975 myMailboxDir = cpystr (tmp);/* use pre-defined subdirectory of home */
976 }
977 else myMailboxDir = cpystr (home);
978 }
979 return myMailboxDir ? myMailboxDir : "";
980 }
981
982
983 /* Return system standard INBOX
984 * Accepts: buffer string
985 */
986
987 char *sysinbox ()
988 {
989 char tmp[MAILTMPLEN];
990 if (!sysInbox) { /* initialize if first time */
991 sprintf (tmp,"%s/%s",MAILSPOOL,myusername ());
992 sysInbox = cpystr (tmp); /* system inbox is from mail spool */
993 }
994 return sysInbox;
995 }
996 \f
997 /* Return mailbox directory name
998 * Accepts: destination buffer
999 * directory prefix
1000 * name in directory
1001 * Returns: file name or NIL if error
1002 */
1003
1004 char *mailboxdir (char *dst,char *dir,char *name)
1005 {
1006 char tmp[MAILTMPLEN];
1007 if (dir || name) { /* if either argument provided */
1008 if (dir) {
1009 if (strlen (dir) > NETMAXMBX) return NIL;
1010 strcpy (tmp,dir); /* write directory prefix */
1011 }
1012 else tmp[0] = '\0'; /* otherwise null string */
1013 if (name) {
1014 if (strlen (name) > NETMAXMBX) return NIL;
1015 strcat (tmp,name); /* write name in directory */
1016 }
1017 /* validate name, return its name */
1018 if (!mailboxfile (dst,tmp)) return NIL;
1019 }
1020 /* no arguments, wants mailbox directory */
1021 else strcpy (dst,mymailboxdir ());
1022 return dst; /* return the name */
1023 }
1024 \f
1025 /* Return mailbox file name
1026 * Accepts: destination buffer
1027 * mailbox name
1028 * Returns: file name or empty string for driver-selected INBOX or NIL if error
1029 */
1030
1031 char *mailboxfile (char *dst,char *name)
1032 {
1033 struct passwd *pw;
1034 char *s;
1035 if (!name || !*name || (*name == '{') || (strlen (name) > NETMAXMBX) ||
1036 ((anonymous || blackBox || restrictBox || (*name == '#')) &&
1037 (strstr (name,"..") || strstr (name,"//") || strstr (name,"/~"))))
1038 dst = NIL; /* invalid name */
1039 else switch (*name) { /* determine mailbox type based upon name */
1040 case '#': /* namespace name */
1041 /* #ftp/ namespace */
1042 if (((name[1] == 'f') || (name[1] == 'F')) &&
1043 ((name[2] == 't') || (name[2] == 'T')) &&
1044 ((name[3] == 'p') || (name[3] == 'P')) &&
1045 (name[4] == '/') && ftpHome) sprintf (dst,"%s/%s",ftpHome,name+5);
1046 /* #public/ and #shared/ namespaces */
1047 else if ((((name[1] == 'p') || (name[1] == 'P')) &&
1048 ((name[2] == 'u') || (name[2] == 'U')) &&
1049 ((name[3] == 'b') || (name[3] == 'B')) &&
1050 ((name[4] == 'l') || (name[4] == 'L')) &&
1051 ((name[5] == 'i') || (name[5] == 'I')) &&
1052 ((name[6] == 'c') || (name[6] == 'C')) &&
1053 (name[7] == '/') && (s = publicHome)) ||
1054 (!anonymous && ((name[1] == 's') || (name[1] == 'S')) &&
1055 ((name[2] == 'h') || (name[2] == 'H')) &&
1056 ((name[3] == 'a') || (name[3] == 'A')) &&
1057 ((name[4] == 'r') || (name[4] == 'R')) &&
1058 ((name[5] == 'e') || (name[5] == 'E')) &&
1059 ((name[6] == 'd') || (name[6] == 'D')) &&
1060 (name[7] == '/') && (s = sharedHome)))
1061 sprintf (dst,"%s/%s",s,compare_cstring (name+8,"INBOX") ?
1062 name+8 : "INBOX");
1063 else dst = NIL; /* unknown namespace */
1064 break;
1065 \f
1066 case '/': /* root access */
1067 if (anonymous) dst = NIL; /* anonymous forbidden to do this */
1068 else if (blackBox) { /* other user access if blackbox */
1069 if (restrictBox & RESTRICTOTHERUSER) dst = NIL;
1070 /* see if other user INBOX */
1071 else if ((s = strchr (name+1,'/')) && !compare_cstring (s+1,"INBOX")) {
1072 *s = '\0'; /* temporarily tie off string */
1073 sprintf (dst,"%s/%s/INBOX",blackBoxDir,name+1);
1074 *s = '/'; /* in case caller cares */
1075 }
1076 else sprintf (dst,"%s/%s",blackBoxDir,name+1);
1077 }
1078 else {
1079 size_t i = strlen (mymailboxdir ());
1080 if ((restrictBox & RESTRICTROOT) && strcmp (name,sysinbox ()) &&
1081 (!i || strncmp (name,mymailboxdir (),i) || (name[i] !='/')))
1082 dst = NIL; /* restricted and not sysinbox or home */
1083 else strcpy (dst,name); /* unrestricted, copy root name */
1084 }
1085 break;
1086 case '~': /* other user access */
1087 /* bad syntax or anonymous can't win */
1088 if (!*++name || anonymous) dst = NIL;
1089 /* ~/ equivalent to ordinary name */
1090 else if (*name == '/') sprintf (dst,"%s/%s",mymailboxdir (),name+1);
1091 /* other user forbidden if closed/restricted */
1092 else if (closedBox || (restrictBox & RESTRICTOTHERUSER)) dst = NIL;
1093 else if (blackBox) { /* black box form of other user */
1094 /* see if other user INBOX */
1095 if ((s = strchr (name,'/')) && compare_cstring (s+1,"INBOX")) {
1096 *s = '\0'; /* temporarily tie off string */
1097 sprintf (dst,"%s/%s/INBOX",blackBoxDir,name);
1098 *s = '/'; /* in case caller cares */
1099 }
1100 else sprintf (dst,"%s/%s",blackBoxDir,name);
1101 }
1102 else { /* clear box other user */
1103 /* copy user name */
1104 for (s = dst; *name && (*name != '/'); *s++ = *name++);
1105 *s++ = '\0'; /* tie off user name, look up in passwd file */
1106 if ((pw = getpwnam (dst)) && pw->pw_dir) {
1107 if (*name) name++; /* skip past the slash */
1108 /* canonicalize case of INBOX */
1109 if (!compare_cstring (name,"INBOX")) name = "INBOX";
1110 /* remove trailing / from directory */
1111 if ((s = strrchr (pw->pw_dir,'/')) && !s[1]) *s = '\0';
1112 /* don't allow ~root/ if restricted root */
1113 if ((restrictBox & RESTRICTROOT) && !*pw->pw_dir) dst = NIL;
1114 /* build final name w/ subdir if needed */
1115 else if (mailsubdir) sprintf (dst,"%s/%s/%s",pw->pw_dir,mailsubdir,name);
1116 else sprintf (dst,"%s/%s",pw->pw_dir,name);
1117 }
1118 else dst = NIL; /* no such user */
1119 }
1120 break;
1121 \f
1122 case 'I': case 'i': /* possible INBOX */
1123 if (!compare_cstring (name+1,"NBOX")) {
1124 /* if restricted, use INBOX in mailbox dir */
1125 if (anonymous || blackBox || closedBox)
1126 sprintf (dst,"%s/INBOX",mymailboxdir ());
1127 else *dst = '\0'; /* otherwise driver selects the name */
1128 break;
1129 }
1130 /* drop into to ordinary name case */
1131 default: /* ordinary name is easy */
1132 sprintf (dst,"%s/%s",mymailboxdir (),name);
1133 break;
1134 }
1135 return dst; /* return final name */
1136 }
1137 \f
1138 /* Dot-lock file locker
1139 * Accepts: file name to lock
1140 * destination buffer for lock file name
1141 * open file description on file name to lock
1142 * Returns: T if success, NIL if failure
1143 */
1144
1145 long dotlock_lock (char *file,DOTLOCK *base,int fd)
1146 {
1147 int i = locktimeout * 60;
1148 int j,mask,retry,pi[2],po[2];
1149 char *s,tmp[MAILTMPLEN];
1150 struct stat sb;
1151 /* flush absurd file name */
1152 if (strlen (file) > 512) return NIL;
1153 /* build lock filename */
1154 sprintf (base->lock,"%s.lock",file);
1155 /* assume no pipe */
1156 base->pipei = base->pipeo = -1;
1157 do { /* make sure not symlink */
1158 if (!(j = chk_notsymlink (base->lock,&sb))) return NIL;
1159 /* time out if file older than 5 minutes */
1160 if ((j > 0) && ((time (0)) >= (sb.st_ctime + locktimeout * 60))) i = 0;
1161 /* try to create the lock */
1162 switch (retry = crexcl (base->lock)) {
1163 case -1: /* OK to retry */
1164 if (!(i%15)) { /* time to notify? */
1165 sprintf (tmp,"Mailbox %.80s is locked, will override in %d seconds...",
1166 file,i);
1167 MM_LOG (tmp,WARN);
1168 }
1169 sleep (1); /* wait 1 second before next try */
1170 break;
1171 case NIL: /* failure, can't retry */
1172 i = 0;
1173 break;
1174 case T: /* success, make sure others can break lock */
1175 chmod (base->lock,(int) dotlock_mode);
1176 return LONGT;
1177 }
1178 } while (i--); /* until out of retries */
1179 if (retry < 0) { /* still returning retry after locktimeout? */
1180 if (!(j = chk_notsymlink (base->lock,&sb))) return NIL;
1181 if ((j > 0) && ((time (0)) < (sb.st_ctime + locktimeout * 60))) {
1182 sprintf (tmp,"Mailbox vulnerable - seizing %ld second old lock",
1183 (long) (time (0) - sb.st_ctime));
1184 MM_LOG (tmp,WARN);
1185 }
1186 mask = umask (0); /* want our lock protection */
1187 unlink (base->lock); /* try to remove the old file */
1188 /* seize the lock */
1189 if ((i = open (base->lock,O_WRONLY|O_CREAT,(int) dotlock_mode)) >= 0) {
1190 close (i); /* don't need descriptor any more */
1191 sprintf (tmp,"Mailbox %.80s lock overridden",file);
1192 MM_LOG (tmp,NIL);
1193 chmod (base->lock,(int) dotlock_mode);
1194 umask (mask); /* restore old umask */
1195 return LONGT;
1196 }
1197 umask (mask); /* restore old umask */
1198 }
1199 \f
1200 if (fd >= 0) switch (errno) {
1201 case EACCES: /* protection failure? */
1202 MM_CRITICAL (NIL); /* go critical */
1203 if (closedBox || !lockpgm); /* can't do on closed box or disabled */
1204 else if ((*lockpgm && stat (lockpgm,&sb)) ||
1205 (!*lockpgm && stat (lockpgm = LOCKPGM1,&sb) &&
1206 stat (lockpgm = LOCKPGM2,&sb) && stat (lockpgm = LOCKPGM3,&sb) &&
1207 stat (lockpgm = LOCKPGM4,&sb)))
1208 lockpgm = NIL; /* disable if can't find lockpgm */
1209 else if (pipe (pi) >= 0) { /* make command pipes */
1210 long cf;
1211 char *argv[4],arg[20];
1212 /* if input pipes usable create output pipes */
1213 if ((pi[0] < FD_SETSIZE) && (pi[1] < FD_SETSIZE) && (pipe (po) >= 0)) {
1214 /* make sure output pipes are usable */
1215 if ((po[0] >= FD_SETSIZE) || (po[1] >= FD_SETSIZE));
1216 /* all is good, make inferior process */
1217 else if (!(j = fork ())) {
1218 if (!fork ()) { /* make grandchild so it's inherited by init */
1219 /* prepare argument vector */
1220 sprintf (arg,"%d",fd);
1221 argv[0] = lockpgm; argv[1] = arg;
1222 argv[2] = file; argv[3] = NIL;
1223 /* set parent's I/O to my O/I */
1224 dup2 (pi[1],1); dup2 (pi[1],2); dup2 (po[0],0);
1225 /* close all unnecessary descriptors */
1226 for (cf = max (20,max (max (pi[0],pi[1]),max(po[0],po[1])));
1227 cf >= 3; --cf) if (cf != fd) close (cf);
1228 /* be our own process group */
1229 setpgrp (0,getpid ());
1230 /* now run it */
1231 _exit (execv (argv[0],argv));
1232 }
1233 _exit (1); /* child is done */
1234 }
1235 else if (j > 0) { /* parent process */
1236 fd_set rfd;
1237 struct timeval tmo;
1238 FD_ZERO (&rfd);
1239 FD_SET (pi[0],&rfd);
1240 tmo.tv_sec = locktimeout * 60;
1241 grim_pid_reap (j,NIL);/* reap child; grandchild now owned by init */
1242 /* read response from locking program */
1243 if (select (pi[0]+1,&rfd,0,0,&tmo) &&
1244 (read (pi[0],tmp,1) == 1) && (tmp[0] == '+')) {
1245 /* success, record pipes */
1246 base->pipei = pi[0]; base->pipeo = po[1];
1247 /* close child's side of the pipes */
1248 close (pi[1]); close (po[0]);
1249 MM_NOCRITICAL (NIL);/* no longer critical */
1250 return LONGT;
1251 }
1252 }
1253 close (po[0]); close (po[1]);
1254 }
1255 close (pi[0]); close (pi[1]);
1256 }
1257 \f
1258 MM_NOCRITICAL (NIL); /* no longer critical */
1259 /* find directory/file delimiter */
1260 if (s = strrchr (base->lock,'/')) {
1261 *s = '\0'; /* tie off at directory */
1262 sprintf(tmp, /* generate default message */
1263 "Mailbox vulnerable - directory %.80s must have 1777 protection",
1264 base->lock);
1265 /* definitely not 1777 if can't stat */
1266 mask = stat (base->lock,&sb) ? 0 : (sb.st_mode & 1777);
1267 *s = '/'; /* restore lock name */
1268 if (mask != 1777) { /* default warning if not 1777 */
1269 if (!disableLockWarning) MM_LOG (tmp,WARN);
1270 break;
1271 }
1272 }
1273 default:
1274 sprintf (tmp,"Mailbox vulnerable - error creating %.80s: %s",
1275 base->lock,strerror (errno));
1276 if (!disableLockWarning) MM_LOG (tmp,WARN);
1277 break;
1278 }
1279 base->lock[0] = '\0'; /* don't use lock files */
1280 return NIL;
1281 }
1282 \f
1283 /* Dot-lock file unlocker
1284 * Accepts: lock file name
1285 * Returns: T if success, NIL if failure
1286 */
1287
1288 long dotlock_unlock (DOTLOCK *base)
1289 {
1290 long ret = LONGT;
1291 if (base && base->lock[0]) {
1292 if (base->pipei >= 0) { /* if running through a pipe unlocker */
1293 ret = (write (base->pipeo,"+",1) == 1);
1294 /* nuke the pipes */
1295 close (base->pipei); close (base->pipeo);
1296 }
1297 else ret = !unlink (base->lock);
1298 }
1299 return ret;
1300 }
1301 \f
1302 /* Lock file name
1303 * Accepts: scratch buffer
1304 * file name
1305 * type of locking operation (LOCK_SH or LOCK_EX)
1306 * pointer to return PID of locker
1307 * Returns: file descriptor of lock or negative if error
1308 */
1309
1310 int lockname (char *lock,char *fname,int op,long *pid)
1311 {
1312 struct stat sbuf;
1313 *pid = 0; /* no locker PID */
1314 return stat (fname,&sbuf) ? -1 : lock_work (lock,&sbuf,op,pid);
1315 }
1316
1317
1318 /* Lock file descriptor
1319 * Accepts: file descriptor
1320 * lock file name buffer
1321 * type of locking operation (LOCK_SH or LOCK_EX)
1322 * Returns: file descriptor of lock or negative if error
1323 */
1324
1325 int lockfd (int fd,char *lock,int op)
1326 {
1327 struct stat sbuf;
1328 return fstat (fd,&sbuf) ? -1 : lock_work (lock,&sbuf,op,NIL);
1329 }
1330 \f
1331 /* Lock file name worker
1332 * Accepts: lock file name
1333 * pointer to stat() buffer
1334 * type of locking operation (LOCK_SH or LOCK_EX)
1335 * pointer to return PID of locker
1336 * Returns: file descriptor of lock or negative if error
1337 */
1338
1339 int lock_work (char *lock,void *sb,int op,long *pid)
1340 {
1341 struct stat lsb,fsb;
1342 struct stat *sbuf = (struct stat *) sb;
1343 char tmp[MAILTMPLEN];
1344 long i;
1345 int fd;
1346 int mask = umask (0);
1347 if (pid) *pid = 0; /* initialize return PID */
1348 /* make temporary lock file name */
1349 sprintf (lock,"%s/.%lx.%lx",closedBox ? "" : tmpdir,
1350 (unsigned long) sbuf->st_dev,(unsigned long) sbuf->st_ino);
1351 while (T) { /* until get a good lock */
1352 do switch ((int) chk_notsymlink (lock,&lsb)) {
1353 case 1: /* exists just once */
1354 if (((fd = open (lock,O_RDWR,shlock_mode)) >= 0) ||
1355 (errno != ENOENT) || (chk_notsymlink (lock,&lsb) >= 0)) break;
1356 case -1: /* name doesn't exist */
1357 fd = open (lock,O_RDWR|O_CREAT|O_EXCL,shlock_mode);
1358 break;
1359 default: /* multiple hard links */
1360 MM_LOG ("hard link to lock name",ERROR);
1361 syslog (LOG_CRIT,"SECURITY PROBLEM: hard link to lock name: %.80s",lock);
1362 case 0: /* symlink (already did syslog) */
1363 umask (mask); /* restore old mask */
1364 return -1; /* fail: no lock file */
1365 } while ((fd < 0) && (errno == EEXIST));
1366 if (fd < 0) { /* failed to get file descriptor */
1367 syslog (LOG_INFO,"Mailbox lock file %s open failure: %s",lock,
1368 strerror (errno));
1369 if (!closedBox) { /* more explicit snarl for bad configuration */
1370 if (stat (tmpdir,&lsb))
1371 syslog (LOG_CRIT,"SYSTEM ERROR: no %s: %s",tmpdir,strerror (errno));
1372 else if ((lsb.st_mode & 01777) != 01777) {
1373 sprintf (tmp,"Can't lock for write: %.80s must have 1777 protection",
1374 tmpdir);
1375 MM_LOG (tmp,WARN);
1376 }
1377 }
1378 umask (mask); /* restore old mask */
1379 return -1; /* fail: can't open lock file */
1380 }
1381 \f
1382 /* non-blocking form */
1383 if (op & LOCK_NB) i = flock (fd,op);
1384 else { /* blocking form */
1385 (*mailblocknotify) (BLOCK_FILELOCK,NIL);
1386 i = flock (fd,op);
1387 (*mailblocknotify) (BLOCK_NONE,NIL);
1388 }
1389 if (i) { /* failed, get other process' PID */
1390 if (pid && !fstat (fd,&fsb) && (i = min (fsb.st_size,MAILTMPLEN-1)) &&
1391 (read (fd,tmp,i) == i) && !(tmp[i] = 0) && ((i = atol (tmp)) > 0))
1392 *pid = i;
1393 close (fd); /* failed, give up on lock */
1394 umask (mask); /* restore old mask */
1395 return -1; /* fail: can't lock */
1396 }
1397 /* make sure this lock is good for us */
1398 if (!lstat (lock,&lsb) && ((lsb.st_mode & S_IFMT) != S_IFLNK) &&
1399 !fstat (fd,&fsb) && (lsb.st_dev == fsb.st_dev) &&
1400 (lsb.st_ino == fsb.st_ino) && (fsb.st_nlink == 1)) break;
1401 close (fd); /* lock not right, drop fd and try again */
1402 }
1403 chmod (lock,shlock_mode); /* make sure mode OK (don't use fchmod()) */
1404 umask (mask); /* restore old mask */
1405 return fd; /* success */
1406 }
1407 \f
1408 /* Check to make sure not a symlink
1409 * Accepts: file name
1410 * stat buffer
1411 * Returns: -1 if doesn't exist, NIL if symlink, else number of hard links
1412 */
1413
1414 long chk_notsymlink (char *name,void *sb)
1415 {
1416 struct stat *sbuf = (struct stat *) sb;
1417 /* name exists? */
1418 if (lstat (name,sbuf)) return -1;
1419 /* forbid symbolic link */
1420 if ((sbuf->st_mode & S_IFMT) == S_IFLNK) {
1421 MM_LOG ("symbolic link on lock name",ERROR);
1422 syslog (LOG_CRIT,"SECURITY PROBLEM: symbolic link on lock name: %.80s",
1423 name);
1424 return NIL;
1425 }
1426 return (long) sbuf->st_nlink; /* return number of hard links */
1427 }
1428
1429
1430 /* Unlock file descriptor
1431 * Accepts: file descriptor
1432 * lock file name from lockfd()
1433 */
1434
1435 void unlockfd (int fd,char *lock)
1436 {
1437 /* delete the file if no sharers */
1438 if (!flock (fd,LOCK_EX|LOCK_NB)) unlink (lock);
1439 flock (fd,LOCK_UN); /* unlock it */
1440 close (fd); /* close it */
1441 }
1442 \f
1443 /* Set proper file protection for mailbox
1444 * Accepts: mailbox name
1445 * actual file path name
1446 * Returns: T, always
1447 */
1448
1449 long set_mbx_protections (char *mailbox,char *path)
1450 {
1451 struct stat sbuf;
1452 int mode = (int) mbx_protection;
1453 if (*mailbox == '#') { /* possible namespace? */
1454 if (((mailbox[1] == 'f') || (mailbox[1] == 'F')) &&
1455 ((mailbox[2] == 't') || (mailbox[2] == 'T')) &&
1456 ((mailbox[3] == 'p') || (mailbox[3] == 'P')) &&
1457 (mailbox[4] == '/')) mode = (int) ftp_protection;
1458 else if (((mailbox[1] == 'p') || (mailbox[1] == 'P')) &&
1459 ((mailbox[2] == 'u') || (mailbox[2] == 'U')) &&
1460 ((mailbox[3] == 'b') || (mailbox[3] == 'B')) &&
1461 ((mailbox[4] == 'l') || (mailbox[4] == 'L')) &&
1462 ((mailbox[5] == 'i') || (mailbox[5] == 'I')) &&
1463 ((mailbox[6] == 'c') || (mailbox[6] == 'C')) &&
1464 (mailbox[7] == '/')) mode = (int) public_protection;
1465 else if (((mailbox[1] == 's') || (mailbox[1] == 'S')) &&
1466 ((mailbox[2] == 'h') || (mailbox[2] == 'H')) &&
1467 ((mailbox[3] == 'a') || (mailbox[3] == 'A')) &&
1468 ((mailbox[4] == 'r') || (mailbox[4] == 'R')) &&
1469 ((mailbox[5] == 'e') || (mailbox[5] == 'E')) &&
1470 ((mailbox[6] == 'd') || (mailbox[6] == 'D')) &&
1471 (mailbox[7] == '/')) mode = (int) shared_protection;
1472 }
1473 /* if a directory */
1474 if (!stat (path,&sbuf) && ((sbuf.st_mode & S_IFMT) == S_IFDIR)) {
1475 /* set owner search if allow read or write */
1476 if (mode & 0600) mode |= 0100;
1477 if (mode & 060) mode |= 010;/* set group search if allow read or write */
1478 if (mode & 06) mode |= 01; /* set world search if allow read or write */
1479 /* preserve directory SGID bit */
1480 if (sbuf.st_mode & S_ISGID) mode |= S_ISGID;
1481 }
1482 chmod (path,mode); /* set the new protection, ignore failure */
1483 return LONGT;
1484 }
1485 \f
1486 /* Get proper directory protection
1487 * Accepts: mailbox name
1488 * Returns: directory mode, always
1489 */
1490
1491 long get_dir_protection (char *mailbox)
1492 {
1493 if (*mailbox == '#') { /* possible namespace? */
1494 if (((mailbox[1] == 'f') || (mailbox[1] == 'F')) &&
1495 ((mailbox[2] == 't') || (mailbox[2] == 'T')) &&
1496 ((mailbox[3] == 'p') || (mailbox[3] == 'P')) &&
1497 (mailbox[4] == '/')) return ftp_dir_protection;
1498 else if (((mailbox[1] == 'p') || (mailbox[1] == 'P')) &&
1499 ((mailbox[2] == 'u') || (mailbox[2] == 'U')) &&
1500 ((mailbox[3] == 'b') || (mailbox[3] == 'B')) &&
1501 ((mailbox[4] == 'l') || (mailbox[4] == 'L')) &&
1502 ((mailbox[5] == 'i') || (mailbox[5] == 'I')) &&
1503 ((mailbox[6] == 'c') || (mailbox[6] == 'C')) &&
1504 (mailbox[7] == '/')) return public_dir_protection;
1505 else if (((mailbox[1] == 's') || (mailbox[1] == 'S')) &&
1506 ((mailbox[2] == 'h') || (mailbox[2] == 'H')) &&
1507 ((mailbox[3] == 'a') || (mailbox[3] == 'A')) &&
1508 ((mailbox[4] == 'r') || (mailbox[4] == 'R')) &&
1509 ((mailbox[5] == 'e') || (mailbox[5] == 'E')) &&
1510 ((mailbox[6] == 'd') || (mailbox[6] == 'D')) &&
1511 (mailbox[7] == '/')) return shared_dir_protection;
1512 }
1513 return dir_protection;
1514 }
1515 \f
1516 /* Determine default prototype stream to user
1517 * Accepts: type (NIL for create, T for append)
1518 * Returns: default prototype stream
1519 */
1520
1521 MAILSTREAM *default_proto (long type)
1522 {
1523 myusername (); /* make sure initialized */
1524 /* return default driver's prototype */
1525 return type ? appendProto : createProto;
1526 }
1527
1528
1529 /* Set up user flags for stream
1530 * Accepts: MAIL stream
1531 * Returns: MAIL stream with user flags set up
1532 */
1533
1534 MAILSTREAM *user_flags (MAILSTREAM *stream)
1535 {
1536 int i;
1537 myusername (); /* make sure initialized */
1538 for (i = 0; i < NUSERFLAGS && userFlags[i]; ++i)
1539 if (!stream->user_flags[i]) stream->user_flags[i] = cpystr (userFlags[i]);
1540 return stream;
1541 }
1542
1543
1544 /* Return nth user flag
1545 * Accepts: user flag number
1546 * Returns: flag
1547 */
1548
1549 char *default_user_flag (unsigned long i)
1550 {
1551 myusername (); /* make sure initialized */
1552 return userFlags[i];
1553 }
1554 \f
1555 /* Process rc file
1556 * Accepts: file name
1557 * .mminit flag
1558 * Don't use this feature.
1559 */
1560
1561 void dorc (char *file,long flag)
1562 {
1563 int i;
1564 char *s,*t,*k,*r,tmp[MAILTMPLEN],tmpx[MAILTMPLEN];
1565 extern MAILSTREAM CREATEPROTO;
1566 extern MAILSTREAM EMPTYPROTO;
1567 DRIVER *d;
1568 FILE *f;
1569 if ((f = fopen (file ? file : SYSCONFIG,"r")) &&
1570 (s = fgets (tmp,MAILTMPLEN,f)) && (t = strchr (s,'\n'))) do {
1571 *t++ = '\0'; /* tie off line, find second space */
1572 if ((k = strchr (s,' ')) && (k = strchr (++k,' '))) {
1573 *k++ = '\0'; /* tie off two words */
1574 if (!compare_cstring (s,"set keywords") && !userFlags[0]) {
1575 /* yes, get first keyword */
1576 k = strtok_r (k,", ",&r);
1577 /* copy keyword list */
1578 for (i = 0; k && i < NUSERFLAGS; ++i) if (strlen (k) <= MAXUSERFLAG) {
1579 if (userFlags[i]) fs_give ((void **) &userFlags[i]);
1580 userFlags[i] = cpystr (k);
1581 k = strtok_r (NIL,", ",&r);
1582 }
1583 if (flag) break; /* found "set keywords" in .mminit */
1584 }
1585 \f
1586 else if (!flag) { /* none of these valid in .mminit */
1587 if (myUserName) { /* only valid if logged in */
1588 if (!compare_cstring (s,"set new-mailbox-format") ||
1589 !compare_cstring (s,"set new-folder-format")) {
1590 if (!compare_cstring (k,"same-as-inbox")) {
1591 if (d = mail_valid (NIL,"INBOX",NIL)) {
1592 if (!compare_cstring (d->name,"mbox"))
1593 d = (DRIVER *) mail_parameters (NIL,GET_DRIVER,
1594 (void *) "unix");
1595 else if (!compare_cstring (d->name,"dummy")) d = NIL;
1596 }
1597 createProto = d ? ((*d->open) (NIL)) : &CREATEPROTO;
1598 }
1599 else if (!compare_cstring (k,"system-standard"))
1600 createProto = &CREATEPROTO;
1601 else { /* canonicalize mbox to unix */
1602 if (!compare_cstring (k,"mbox")) k = "unix";
1603 /* see if a driver name */
1604 if (d = (DRIVER *) mail_parameters (NIL,GET_DRIVER,(void *) k))
1605 createProto = (*d->open) (NIL);
1606 else { /* duh... */
1607 sprintf (tmpx,"Unknown new mailbox format in %s: %s",
1608 file ? file : SYSCONFIG,k);
1609 MM_LOG (tmpx,WARN);
1610 }
1611 }
1612 }
1613 if (!compare_cstring (s,"set empty-mailbox-format") ||
1614 !compare_cstring (s,"set empty-folder-format")) {
1615 if (!compare_cstring (k,"invalid")) appendProto = NIL;
1616 else if (!compare_cstring (k,"same-as-inbox"))
1617 appendProto = ((d = mail_valid (NIL,"INBOX",NIL)) &&
1618 compare_cstring (d->name,"dummy")) ?
1619 ((*d->open) (NIL)) : &EMPTYPROTO;
1620 else if (!compare_cstring (k,"system-standard"))
1621 appendProto = &EMPTYPROTO;
1622 else { /* see if a driver name */
1623 for (d = (DRIVER *) mail_parameters (NIL,GET_DRIVERS,NIL);
1624 d && compare_cstring (d->name,k); d = d->next);
1625 if (d) appendProto = (*d->open) (NIL);
1626 else { /* duh... */
1627 sprintf (tmpx,"Unknown empty mailbox format in %s: %s",
1628 file ? file : SYSCONFIG,k);
1629 MM_LOG (tmpx,WARN);
1630 }
1631 }
1632 }
1633 }
1634 \f
1635 if (!compare_cstring (s,"set local-host")) {
1636 fs_give ((void **) &myLocalHost);
1637 myLocalHost = cpystr (k);
1638 }
1639 else if (!compare_cstring (s,"set news-active-file")) {
1640 fs_give ((void **) &newsActive);
1641 newsActive = cpystr (k);
1642 }
1643 else if (!compare_cstring (s,"set news-spool-directory")) {
1644 fs_give ((void **) &newsSpool);
1645 newsSpool = cpystr (k);
1646 }
1647 else if (!compare_cstring (s,"set mh-path"))
1648 mail_parameters (NIL,SET_MHPATH,(void *) k);
1649 else if (!compare_cstring (s,"set mh-allow-inbox"))
1650 mail_parameters (NIL,SET_MHALLOWINBOX,(void *) atol (k));
1651 else if (!compare_cstring (s,"set news-state-file")) {
1652 fs_give ((void **) &myNewsrc);
1653 myNewsrc = cpystr (k);
1654 }
1655 else if (!compare_cstring (s,"set ftp-export-directory")) {
1656 fs_give ((void **) &ftpHome);
1657 ftpHome = cpystr (k);
1658 }
1659 else if (!compare_cstring (s,"set public-home-directory")) {
1660 fs_give ((void **) &publicHome);
1661 publicHome = cpystr (k);
1662 }
1663 else if (!compare_cstring (s,"set shared-home-directory")) {
1664 fs_give ((void **) &sharedHome);
1665 sharedHome = cpystr (k);
1666 }
1667 else if (!compare_cstring (s,"set system-inbox")) {
1668 fs_give ((void **) &sysInbox);
1669 sysInbox = cpystr (k);
1670 }
1671 else if (!compare_cstring (s,"set mail-subdirectory")) {
1672 fs_give ((void **) &mailsubdir);
1673 mailsubdir = cpystr (k);
1674 }
1675 else if (!compare_cstring (s,"set from-widget"))
1676 mail_parameters (NIL,SET_FROMWIDGET,
1677 compare_cstring (k,"header-only") ?
1678 VOIDT : NIL);
1679 \f
1680 else if (!compare_cstring (s,"set rsh-command"))
1681 mail_parameters (NIL,SET_RSHCOMMAND,(void *) k);
1682 else if (!compare_cstring (s,"set rsh-path"))
1683 mail_parameters (NIL,SET_RSHPATH,(void *) k);
1684 else if (!compare_cstring (s,"set ssh-command"))
1685 mail_parameters (NIL,SET_SSHCOMMAND,(void *) k);
1686 else if (!compare_cstring (s,"set ssh-path"))
1687 mail_parameters (NIL,SET_SSHPATH,(void *) k);
1688 else if (!compare_cstring (s,"set tcp-open-timeout"))
1689 mail_parameters (NIL,SET_OPENTIMEOUT,(void *) atol (k));
1690 else if (!compare_cstring (s,"set tcp-read-timeout"))
1691 mail_parameters (NIL,SET_READTIMEOUT,(void *) atol (k));
1692 else if (!compare_cstring (s,"set tcp-write-timeout"))
1693 mail_parameters (NIL,SET_WRITETIMEOUT,(void *) atol (k));
1694 else if (!compare_cstring (s,"set rsh-timeout"))
1695 mail_parameters (NIL,SET_RSHTIMEOUT,(void *) atol (k));
1696 else if (!compare_cstring (s,"set ssh-timeout"))
1697 mail_parameters (NIL,SET_SSHTIMEOUT,(void *) atol (k));
1698 else if (!compare_cstring (s,"set maximum-login-trials"))
1699 mail_parameters (NIL,SET_MAXLOGINTRIALS,(void *) atol (k));
1700 else if (!compare_cstring (s,"set lookahead"))
1701 mail_parameters (NIL,SET_LOOKAHEAD,(void *) atol (k));
1702 else if (!compare_cstring (s,"set prefetch"))
1703 mail_parameters (NIL,SET_PREFETCH,(void *) atol (k));
1704 else if (!compare_cstring (s,"set close-on-error"))
1705 mail_parameters (NIL,SET_CLOSEONERROR,(void *) atol (k));
1706 else if (!compare_cstring (s,"set imap-port"))
1707 mail_parameters (NIL,SET_IMAPPORT,(void *) atol (k));
1708 else if (!compare_cstring (s,"set pop3-port"))
1709 mail_parameters (NIL,SET_POP3PORT,(void *) atol (k));
1710 else if (!compare_cstring (s,"set uid-lookahead"))
1711 mail_parameters (NIL,SET_UIDLOOKAHEAD,(void *) atol (k));
1712 else if (!compare_cstring (s,"set try-ssl-first"))
1713 mail_parameters (NIL,SET_TRYSSLFIRST,(void *) atol (k));
1714 \f
1715 else if (!compare_cstring (s,"set mailbox-protection"))
1716 mbx_protection = atol (k);
1717 else if (!compare_cstring (s,"set directory-protection"))
1718 dir_protection = atol (k);
1719 else if (!compare_cstring (s,"set lock-protection"))
1720 dotlock_mode = atol (k);
1721 else if (!compare_cstring (s,"set ftp-protection"))
1722 ftp_protection = atol (k);
1723 else if (!compare_cstring (s,"set public-protection"))
1724 public_protection = atol (k);
1725 else if (!compare_cstring (s,"set shared-protection"))
1726 shared_protection = atol (k);
1727 else if (!compare_cstring (s,"set ftp-directory-protection"))
1728 ftp_dir_protection = atol (k);
1729 else if (!compare_cstring (s,"set public-directory-protection"))
1730 public_dir_protection = atol (k);
1731 else if (!compare_cstring (s,"set shared-directory-protection"))
1732 shared_dir_protection = atol (k);
1733 else if (!compare_cstring (s,"set dot-lock-file-timeout"))
1734 locktimeout = atoi (k);
1735 else if (!compare_cstring (s,"set disable-fcntl-locking"))
1736 fcntlhangbug = atoi (k);
1737 else if (!compare_cstring (s,"set disable-lock-warning"))
1738 disableLockWarning = atoi (k);
1739 else if (!compare_cstring (s,"set disable-unix-UIDs-and-keywords"))
1740 has_no_life = atoi (k);
1741 else if (!compare_cstring (s,"set hide-dot-files"))
1742 hideDotFiles = atoi (k);
1743 else if (!compare_cstring (s,"set list-maximum-level"))
1744 list_max_level = atol (k);
1745 else if (!compare_cstring (s,"set trust-dns"))
1746 mail_parameters (NIL,SET_TRUSTDNS,(void *) atol (k));
1747 else if (!compare_cstring (s,"set sasl-uses-ptr-name"))
1748 mail_parameters (NIL,SET_SASLUSESPTRNAME,(void *) atol (k));
1749 else if (!compare_cstring (s,"set network-filesystem-stat-bug"))
1750 netfsstatbug = atoi (k);
1751 else if (!compare_cstring (s,"set nntp-range"))
1752 mail_parameters (NIL,SET_NNTPRANGE,(void *) atol (k));
1753 \f
1754 else if (!file) { /* only allowed in system init */
1755 if (!compare_cstring (s,"set black-box-directory") &&
1756 !blackBoxDir) blackBoxDir = cpystr (k);
1757 else if (!compare_cstring(s,"set black-box-default-home-directory")&&
1758 blackBoxDir && !blackBoxDefaultHome)
1759 blackBoxDefaultHome = cpystr (k);
1760 else if (!compare_cstring (s,"set anonymous-home-directory") &&
1761 !anonymousHome) anonymousHome = cpystr (k);
1762 /* It's tempting to allow setting the CA path
1763 * in a user init. However, that opens up a
1764 * vector of attack big enough to drive a
1765 * truck through... Resist the temptation.
1766 */
1767 else if (!compare_cstring (s,"set CA-certificate-path"))
1768 sslCApath = cpystr (k);
1769 else if (!compare_cstring (s,"set disable-plaintext"))
1770 disablePlaintext = atoi (k);
1771 else if (!compare_cstring (s,"set allowed-login-attempts"))
1772 logtry = atoi (k);
1773 else if (!compare_cstring (s,"set chroot-server"))
1774 closedBox = atoi (k);
1775 else if (!compare_cstring (s,"set restrict-mailbox-access"))
1776 for (k = strtok_r (k,", ",&r); k; k = strtok_r (NIL,", ",&r)) {
1777 if (!compare_cstring (k,"root")) restrictBox |= RESTRICTROOT;
1778 else if (!compare_cstring (k,"otherusers"))
1779 restrictBox |= RESTRICTOTHERUSER;
1780 else if (!compare_cstring (k,"all")) restrictBox = -1;
1781 }
1782 else if (!compare_cstring (s,"set advertise-the-world"))
1783 advertisetheworld = atoi (k);
1784 else if (!compare_cstring (s,"set limited-advertise"))
1785 limitedadvertise = atoi (k);
1786 else if (!compare_cstring
1787 (s,"set disable-automatic-shared-namespaces"))
1788 noautomaticsharedns = atoi (k);
1789 else if (!compare_cstring (s,"set allow-user-config"))
1790 allowuserconfig = atoi (k);
1791 else if (!compare_cstring (s,"set allow-reverse-dns"))
1792 mail_parameters (NIL,SET_ALLOWREVERSEDNS,(void *) atol (k));
1793 else if (!compare_cstring (s,"set k5-cp-uses-service-name"))
1794 kerb_cp_svr_name = atoi (k);
1795 /* must appear in file after any
1796 * "set disable-plaintext" command! */
1797 else if (!compare_cstring (s,"set plaintext-allowed-clients")) {
1798 for (k = strtok_r (k,", ",&r); k && !tcp_isclienthost (k);
1799 k = strtok_r (NIL,", ",&r));
1800 if (k) disablePlaintext = 0;
1801 }
1802 }
1803 }
1804 }
1805 } while ((s = fgets (tmp,MAILTMPLEN,f)) && (t = strchr (s,'\n')));
1806 if (f) fclose (f); /* flush the file */
1807 }
1808 \f
1809 /* INBOX create function for tmail/dmail use only
1810 * Accepts: mail stream
1811 * path name buffer, preloaded with driver-dependent path
1812 * Returns: T on success, NIL on failure
1813 *
1814 * This routine is evil and a truly incredible kludge. It is private for
1815 * tmail/dmail and is not supported for any other application.
1816 */
1817
1818 long path_create (MAILSTREAM *stream,char *path)
1819 {
1820 long ret;
1821 short rsave = restrictBox;
1822 restrictBox = NIL; /* can't restrict */
1823 if (blackBox) { /* if black box */
1824 /* toss out driver dependent names */
1825 sprintf (path,"%s/INBOX",mymailboxdir ());
1826 blackBox = NIL; /* well that's evil - evil is going on */
1827 ret = mail_create (stream,path);
1828 blackBox = T; /* restore the box */
1829 }
1830 /* easy thing otherwise */
1831 else ret = mail_create (stream,path);
1832 restrictBox = rsave; /* restore restrictions */
1833 return ret;
1834 }
1835 \f
1836 /* Default block notify routine
1837 * Accepts: reason for calling
1838 * data
1839 * Returns: data
1840 */
1841
1842 void *mm_blocknotify (int reason,void *data)
1843 {
1844 void *ret = data;
1845 switch (reason) {
1846 case BLOCK_SENSITIVE: /* entering sensitive code */
1847 ret = (void *) (unsigned long) alarm (0);
1848 break;
1849 case BLOCK_NONSENSITIVE: /* exiting sensitive code */
1850 if ((unsigned long) data) alarm ((unsigned long) data);
1851 break;
1852 default: /* ignore all other reasons */
1853 break;
1854 }
1855 return ret;
1856 }
Alpine is a program to manage e-mail