1 |
|
|
/* $OpenBSD: util.c,v 1.132 2017/01/09 14:49:22 reyk Exp $ */ |
2 |
|
|
|
3 |
|
|
/* |
4 |
|
|
* Copyright (c) 2000,2001 Markus Friedl. All rights reserved. |
5 |
|
|
* Copyright (c) 2008 Gilles Chehade <gilles@poolp.org> |
6 |
|
|
* Copyright (c) 2009 Jacek Masiulaniec <jacekm@dobremiasto.net> |
7 |
|
|
* Copyright (c) 2012 Eric Faurot <eric@openbsd.org> |
8 |
|
|
* |
9 |
|
|
* Permission to use, copy, modify, and distribute this software for any |
10 |
|
|
* purpose with or without fee is hereby granted, provided that the above |
11 |
|
|
* copyright notice and this permission notice appear in all copies. |
12 |
|
|
* |
13 |
|
|
* THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES |
14 |
|
|
* WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF |
15 |
|
|
* MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR |
16 |
|
|
* ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES |
17 |
|
|
* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN |
18 |
|
|
* ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF |
19 |
|
|
* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. |
20 |
|
|
*/ |
21 |
|
|
|
22 |
|
|
#include <sys/types.h> |
23 |
|
|
#include <sys/queue.h> |
24 |
|
|
#include <sys/tree.h> |
25 |
|
|
#include <sys/socket.h> |
26 |
|
|
#include <sys/stat.h> |
27 |
|
|
#include <sys/resource.h> |
28 |
|
|
|
29 |
|
|
#include <netinet/in.h> |
30 |
|
|
#include <arpa/inet.h> |
31 |
|
|
|
32 |
|
|
#include <ctype.h> |
33 |
|
|
#include <errno.h> |
34 |
|
|
#include <event.h> |
35 |
|
|
#include <fcntl.h> |
36 |
|
|
#include <fts.h> |
37 |
|
|
#include <imsg.h> |
38 |
|
|
#include <inttypes.h> |
39 |
|
|
#include <libgen.h> |
40 |
|
|
#include <netdb.h> |
41 |
|
|
#include <pwd.h> |
42 |
|
|
#include <limits.h> |
43 |
|
|
#include <resolv.h> |
44 |
|
|
#include <stdarg.h> |
45 |
|
|
#include <stdio.h> |
46 |
|
|
#include <stdlib.h> |
47 |
|
|
#include <string.h> |
48 |
|
|
#include <time.h> |
49 |
|
|
#include <unistd.h> |
50 |
|
|
|
51 |
|
|
#include "smtpd.h" |
52 |
|
|
#include "log.h" |
53 |
|
|
|
54 |
|
|
const char *log_in6addr(const struct in6_addr *); |
55 |
|
|
const char *log_sockaddr(struct sockaddr *); |
56 |
|
|
static int parse_mailname_file(char *, size_t); |
57 |
|
|
|
58 |
|
|
int tracing = 0; |
59 |
|
|
int foreground_log = 0; |
60 |
|
|
|
61 |
|
|
void * |
62 |
|
|
xmalloc(size_t size, const char *where) |
63 |
|
|
{ |
64 |
|
|
void *r; |
65 |
|
|
|
66 |
|
|
if ((r = malloc(size)) == NULL) { |
67 |
|
|
log_warnx("%s: malloc(%zu)", where, size); |
68 |
|
|
fatalx("exiting"); |
69 |
|
|
} |
70 |
|
|
|
71 |
|
|
return (r); |
72 |
|
|
} |
73 |
|
|
|
74 |
|
|
void * |
75 |
|
|
xcalloc(size_t nmemb, size_t size, const char *where) |
76 |
|
|
{ |
77 |
|
|
void *r; |
78 |
|
|
|
79 |
✗✓ |
4 |
if ((r = calloc(nmemb, size)) == NULL) { |
80 |
|
|
log_warnx("%s: calloc(%zu, %zu)", where, nmemb, size); |
81 |
|
|
fatalx("exiting"); |
82 |
|
|
} |
83 |
|
|
|
84 |
|
2 |
return (r); |
85 |
|
|
} |
86 |
|
|
|
87 |
|
|
char * |
88 |
|
|
xstrdup(const char *str, const char *where) |
89 |
|
|
{ |
90 |
|
|
char *r; |
91 |
|
|
|
92 |
✗✓ |
4 |
if ((r = strdup(str)) == NULL) { |
93 |
|
|
log_warnx("%s: strdup(%p)", where, str); |
94 |
|
|
fatalx("exiting"); |
95 |
|
|
} |
96 |
|
|
|
97 |
|
2 |
return (r); |
98 |
|
|
} |
99 |
|
|
|
100 |
|
|
void * |
101 |
|
|
xmemdup(const void *ptr, size_t size, const char *where) |
102 |
|
|
{ |
103 |
|
|
void *r; |
104 |
|
|
|
105 |
|
|
if ((r = malloc(size)) == NULL) { |
106 |
|
|
log_warnx("%s: malloc(%zu)", where, size); |
107 |
|
|
fatalx("exiting"); |
108 |
|
|
} |
109 |
|
|
memmove(r, ptr, size); |
110 |
|
|
|
111 |
|
|
return (r); |
112 |
|
|
} |
113 |
|
|
|
114 |
|
|
#if !defined(NO_IO) |
115 |
|
|
int |
116 |
|
|
io_xprintf(struct io *io, const char *fmt, ...) |
117 |
|
|
{ |
118 |
|
|
va_list ap; |
119 |
|
|
int len; |
120 |
|
|
|
121 |
|
|
va_start(ap, fmt); |
122 |
|
|
len = io_vprintf(io, fmt, ap); |
123 |
|
|
va_end(ap); |
124 |
|
|
if (len == -1) |
125 |
|
|
fatal("io_xprintf(%p, %s, ...)", io, fmt); |
126 |
|
|
|
127 |
|
|
return len; |
128 |
|
|
} |
129 |
|
|
|
130 |
|
|
int |
131 |
|
|
io_xprint(struct io *io, const char *str) |
132 |
|
|
{ |
133 |
|
|
int len; |
134 |
|
|
|
135 |
|
|
len = io_print(io, str); |
136 |
|
|
if (len == -1) |
137 |
|
|
fatal("io_xprint(%p, %s, ...)", io, str); |
138 |
|
|
|
139 |
|
|
return len; |
140 |
|
|
} |
141 |
|
|
#endif |
142 |
|
|
|
143 |
|
|
char * |
144 |
|
|
strip(char *s) |
145 |
|
|
{ |
146 |
|
|
size_t l; |
147 |
|
|
|
148 |
|
|
while (isspace((unsigned char)*s)) |
149 |
|
|
s++; |
150 |
|
|
|
151 |
|
|
for (l = strlen(s); l; l--) { |
152 |
|
|
if (!isspace((unsigned char)s[l-1])) |
153 |
|
|
break; |
154 |
|
|
s[l-1] = '\0'; |
155 |
|
|
} |
156 |
|
|
|
157 |
|
|
return (s); |
158 |
|
|
} |
159 |
|
|
|
160 |
|
|
int |
161 |
|
|
bsnprintf(char *str, size_t size, const char *format, ...) |
162 |
|
|
{ |
163 |
|
|
int ret; |
164 |
|
4 |
va_list ap; |
165 |
|
|
|
166 |
|
2 |
va_start(ap, format); |
167 |
|
2 |
ret = vsnprintf(str, size, format, ap); |
168 |
|
2 |
va_end(ap); |
169 |
✓✗✗✓
|
4 |
if (ret == -1 || ret >= (int)size) |
170 |
|
|
return 0; |
171 |
|
|
|
172 |
|
2 |
return 1; |
173 |
|
2 |
} |
174 |
|
|
|
175 |
|
|
|
176 |
|
|
static int |
177 |
|
|
mkdirs_component(char *path, mode_t mode) |
178 |
|
|
{ |
179 |
|
|
struct stat sb; |
180 |
|
|
|
181 |
|
|
if (stat(path, &sb) == -1) { |
182 |
|
|
if (errno != ENOENT) |
183 |
|
|
return 0; |
184 |
|
|
if (mkdir(path, mode | S_IWUSR | S_IXUSR) == -1) |
185 |
|
|
return 0; |
186 |
|
|
} |
187 |
|
|
else if (!S_ISDIR(sb.st_mode)) |
188 |
|
|
return 0; |
189 |
|
|
|
190 |
|
|
return 1; |
191 |
|
|
} |
192 |
|
|
|
193 |
|
|
int |
194 |
|
|
mkdirs(char *path, mode_t mode) |
195 |
|
|
{ |
196 |
|
|
char buf[PATH_MAX]; |
197 |
|
|
int i = 0; |
198 |
|
|
int done = 0; |
199 |
|
|
char *p; |
200 |
|
|
|
201 |
|
|
/* absolute path required */ |
202 |
|
|
if (*path != '/') |
203 |
|
|
return 0; |
204 |
|
|
|
205 |
|
|
/* make sure we don't exceed PATH_MAX */ |
206 |
|
|
if (strlen(path) >= sizeof buf) |
207 |
|
|
return 0; |
208 |
|
|
|
209 |
|
|
memset(buf, 0, sizeof buf); |
210 |
|
|
for (p = path; *p; p++) { |
211 |
|
|
if (*p == '/') { |
212 |
|
|
if (buf[0] != '\0') |
213 |
|
|
if (!mkdirs_component(buf, mode)) |
214 |
|
|
return 0; |
215 |
|
|
while (*p == '/') |
216 |
|
|
p++; |
217 |
|
|
buf[i++] = '/'; |
218 |
|
|
buf[i++] = *p; |
219 |
|
|
if (*p == '\0' && ++done) |
220 |
|
|
break; |
221 |
|
|
continue; |
222 |
|
|
} |
223 |
|
|
buf[i++] = *p; |
224 |
|
|
} |
225 |
|
|
if (!done) |
226 |
|
|
if (!mkdirs_component(buf, mode)) |
227 |
|
|
return 0; |
228 |
|
|
|
229 |
|
|
if (chmod(path, mode) == -1) |
230 |
|
|
return 0; |
231 |
|
|
|
232 |
|
|
return 1; |
233 |
|
|
} |
234 |
|
|
|
235 |
|
|
int |
236 |
|
|
ckdir(const char *path, mode_t mode, uid_t owner, gid_t group, int create) |
237 |
|
|
{ |
238 |
|
|
char mode_str[12]; |
239 |
|
|
int ret; |
240 |
|
|
struct stat sb; |
241 |
|
|
|
242 |
|
|
if (stat(path, &sb) == -1) { |
243 |
|
|
if (errno != ENOENT || create == 0) { |
244 |
|
|
log_warn("stat: %s", path); |
245 |
|
|
return (0); |
246 |
|
|
} |
247 |
|
|
|
248 |
|
|
/* chmod is deferred to avoid umask effect */ |
249 |
|
|
if (mkdir(path, 0) == -1) { |
250 |
|
|
log_warn("mkdir: %s", path); |
251 |
|
|
return (0); |
252 |
|
|
} |
253 |
|
|
|
254 |
|
|
if (chown(path, owner, group) == -1) { |
255 |
|
|
log_warn("chown: %s", path); |
256 |
|
|
return (0); |
257 |
|
|
} |
258 |
|
|
|
259 |
|
|
if (chmod(path, mode) == -1) { |
260 |
|
|
log_warn("chmod: %s", path); |
261 |
|
|
return (0); |
262 |
|
|
} |
263 |
|
|
|
264 |
|
|
if (stat(path, &sb) == -1) { |
265 |
|
|
log_warn("stat: %s", path); |
266 |
|
|
return (0); |
267 |
|
|
} |
268 |
|
|
} |
269 |
|
|
|
270 |
|
|
ret = 1; |
271 |
|
|
|
272 |
|
|
/* check if it's a directory */ |
273 |
|
|
if (!S_ISDIR(sb.st_mode)) { |
274 |
|
|
ret = 0; |
275 |
|
|
log_warnx("%s is not a directory", path); |
276 |
|
|
} |
277 |
|
|
|
278 |
|
|
/* check that it is owned by owner/group */ |
279 |
|
|
if (sb.st_uid != owner) { |
280 |
|
|
ret = 0; |
281 |
|
|
log_warnx("%s is not owned by uid %d", path, owner); |
282 |
|
|
} |
283 |
|
|
if (sb.st_gid != group) { |
284 |
|
|
ret = 0; |
285 |
|
|
log_warnx("%s is not owned by gid %d", path, group); |
286 |
|
|
} |
287 |
|
|
|
288 |
|
|
/* check permission */ |
289 |
|
|
if ((sb.st_mode & 07777) != mode) { |
290 |
|
|
ret = 0; |
291 |
|
|
strmode(mode, mode_str); |
292 |
|
|
mode_str[10] = '\0'; |
293 |
|
|
log_warnx("%s must be %s (%o)", path, mode_str + 1, mode); |
294 |
|
|
} |
295 |
|
|
|
296 |
|
|
return ret; |
297 |
|
|
} |
298 |
|
|
|
299 |
|
|
int |
300 |
|
|
rmtree(char *path, int keepdir) |
301 |
|
|
{ |
302 |
|
|
char *path_argv[2]; |
303 |
|
|
FTS *fts; |
304 |
|
|
FTSENT *e; |
305 |
|
|
int ret, depth; |
306 |
|
|
|
307 |
|
|
path_argv[0] = path; |
308 |
|
|
path_argv[1] = NULL; |
309 |
|
|
ret = 0; |
310 |
|
|
depth = 0; |
311 |
|
|
|
312 |
|
|
fts = fts_open(path_argv, FTS_PHYSICAL | FTS_NOCHDIR, NULL); |
313 |
|
|
if (fts == NULL) { |
314 |
|
|
log_warn("fts_open: %s", path); |
315 |
|
|
return (-1); |
316 |
|
|
} |
317 |
|
|
|
318 |
|
|
while ((e = fts_read(fts)) != NULL) { |
319 |
|
|
switch (e->fts_info) { |
320 |
|
|
case FTS_D: |
321 |
|
|
depth++; |
322 |
|
|
break; |
323 |
|
|
case FTS_DP: |
324 |
|
|
case FTS_DNR: |
325 |
|
|
depth--; |
326 |
|
|
if (keepdir && depth == 0) |
327 |
|
|
continue; |
328 |
|
|
if (rmdir(e->fts_path) == -1) { |
329 |
|
|
log_warn("rmdir: %s", e->fts_path); |
330 |
|
|
ret = -1; |
331 |
|
|
} |
332 |
|
|
break; |
333 |
|
|
|
334 |
|
|
case FTS_F: |
335 |
|
|
if (unlink(e->fts_path) == -1) { |
336 |
|
|
log_warn("unlink: %s", e->fts_path); |
337 |
|
|
ret = -1; |
338 |
|
|
} |
339 |
|
|
} |
340 |
|
|
} |
341 |
|
|
|
342 |
|
|
fts_close(fts); |
343 |
|
|
|
344 |
|
|
return (ret); |
345 |
|
|
} |
346 |
|
|
|
347 |
|
|
int |
348 |
|
|
mvpurge(char *from, char *to) |
349 |
|
|
{ |
350 |
|
|
size_t n; |
351 |
|
|
int retry; |
352 |
|
|
const char *sep; |
353 |
|
|
char buf[PATH_MAX]; |
354 |
|
|
|
355 |
|
|
if ((n = strlen(to)) == 0) |
356 |
|
|
fatalx("to is empty"); |
357 |
|
|
|
358 |
|
|
sep = (to[n - 1] == '/') ? "" : "/"; |
359 |
|
|
retry = 0; |
360 |
|
|
|
361 |
|
|
again: |
362 |
|
|
(void)snprintf(buf, sizeof buf, "%s%s%u", to, sep, arc4random()); |
363 |
|
|
if (rename(from, buf) == -1) { |
364 |
|
|
/* ENOTDIR has actually 2 meanings, and incorrect input |
365 |
|
|
* could lead to an infinite loop. Consider that after |
366 |
|
|
* 20 tries something is hopelessly wrong. |
367 |
|
|
*/ |
368 |
|
|
if (errno == ENOTEMPTY || errno == EISDIR || errno == ENOTDIR) { |
369 |
|
|
if ((retry++) >= 20) |
370 |
|
|
return (-1); |
371 |
|
|
goto again; |
372 |
|
|
} |
373 |
|
|
return -1; |
374 |
|
|
} |
375 |
|
|
|
376 |
|
|
return 0; |
377 |
|
|
} |
378 |
|
|
|
379 |
|
|
|
380 |
|
|
int |
381 |
|
|
mktmpfile(void) |
382 |
|
|
{ |
383 |
|
|
char path[PATH_MAX]; |
384 |
|
|
int fd; |
385 |
|
|
|
386 |
|
|
if (!bsnprintf(path, sizeof(path), "%s/smtpd.XXXXXXXXXX", |
387 |
|
|
PATH_TEMPORARY)) { |
388 |
|
|
log_warn("snprintf"); |
389 |
|
|
fatal("exiting"); |
390 |
|
|
} |
391 |
|
|
|
392 |
|
|
if ((fd = mkstemp(path)) == -1) { |
393 |
|
|
log_warn("cannot create temporary file %s", path); |
394 |
|
|
fatal("exiting"); |
395 |
|
|
} |
396 |
|
|
unlink(path); |
397 |
|
|
return (fd); |
398 |
|
|
} |
399 |
|
|
|
400 |
|
|
|
401 |
|
|
/* Close file, signifying temporary error condition (if any) to the caller. */ |
402 |
|
|
int |
403 |
|
|
safe_fclose(FILE *fp) |
404 |
|
|
{ |
405 |
|
|
if (ferror(fp)) { |
406 |
|
|
fclose(fp); |
407 |
|
|
return 0; |
408 |
|
|
} |
409 |
|
|
if (fflush(fp)) { |
410 |
|
|
fclose(fp); |
411 |
|
|
if (errno == ENOSPC) |
412 |
|
|
return 0; |
413 |
|
|
fatal("safe_fclose: fflush"); |
414 |
|
|
} |
415 |
|
|
if (fsync(fileno(fp))) |
416 |
|
|
fatal("safe_fclose: fsync"); |
417 |
|
|
if (fclose(fp)) |
418 |
|
|
fatal("safe_fclose: fclose"); |
419 |
|
|
|
420 |
|
|
return 1; |
421 |
|
|
} |
422 |
|
|
|
423 |
|
|
int |
424 |
|
|
hostname_match(const char *hostname, const char *pattern) |
425 |
|
|
{ |
426 |
|
|
while (*pattern != '\0' && *hostname != '\0') { |
427 |
|
|
if (*pattern == '*') { |
428 |
|
|
while (*pattern == '*') |
429 |
|
|
pattern++; |
430 |
|
|
while (*hostname != '\0' && |
431 |
|
|
tolower((unsigned char)*hostname) != |
432 |
|
|
tolower((unsigned char)*pattern)) |
433 |
|
|
hostname++; |
434 |
|
|
continue; |
435 |
|
|
} |
436 |
|
|
|
437 |
|
|
if (tolower((unsigned char)*pattern) != |
438 |
|
|
tolower((unsigned char)*hostname)) |
439 |
|
|
return 0; |
440 |
|
|
pattern++; |
441 |
|
|
hostname++; |
442 |
|
|
} |
443 |
|
|
|
444 |
|
|
return (*hostname == '\0' && *pattern == '\0'); |
445 |
|
|
} |
446 |
|
|
|
447 |
|
|
int |
448 |
|
|
mailaddr_match(const struct mailaddr *maddr1, const struct mailaddr *maddr2) |
449 |
|
|
{ |
450 |
|
|
struct mailaddr m1 = *maddr1; |
451 |
|
|
struct mailaddr m2 = *maddr2; |
452 |
|
|
char *p; |
453 |
|
|
|
454 |
|
|
/* catchall */ |
455 |
|
|
if (m2.user[0] == '\0' && m2.domain[0] == '\0') |
456 |
|
|
return 1; |
457 |
|
|
|
458 |
|
|
if (!hostname_match(m1.domain, m2.domain)) |
459 |
|
|
return 0; |
460 |
|
|
|
461 |
|
|
if (m2.user[0]) { |
462 |
|
|
/* if address from table has a tag, we must respect it */ |
463 |
|
|
if (strchr(m2.user, *env->sc_subaddressing_delim) == NULL) { |
464 |
|
|
/* otherwise, strip tag from session address if any */ |
465 |
|
|
p = strchr(m1.user, *env->sc_subaddressing_delim); |
466 |
|
|
if (p) |
467 |
|
|
*p = '\0'; |
468 |
|
|
} |
469 |
|
|
if (strcasecmp(m1.user, m2.user)) |
470 |
|
|
return 0; |
471 |
|
|
} |
472 |
|
|
return 1; |
473 |
|
|
} |
474 |
|
|
|
475 |
|
|
int |
476 |
|
|
valid_localpart(const char *s) |
477 |
|
|
{ |
478 |
|
|
#define IS_ATEXT(c) (isalnum((unsigned char)(c)) || strchr(MAILADDR_ALLOWED, (c))) |
479 |
|
|
nextatom: |
480 |
|
|
if (!IS_ATEXT(*s) || *s == '\0') |
481 |
|
|
return 0; |
482 |
|
|
while (*(++s) != '\0') { |
483 |
|
|
if (*s == '.') |
484 |
|
|
break; |
485 |
|
|
if (IS_ATEXT(*s)) |
486 |
|
|
continue; |
487 |
|
|
return 0; |
488 |
|
|
} |
489 |
|
|
if (*s == '.') { |
490 |
|
|
s++; |
491 |
|
|
goto nextatom; |
492 |
|
|
} |
493 |
|
|
return 1; |
494 |
|
|
} |
495 |
|
|
|
496 |
|
|
int |
497 |
|
|
valid_domainpart(const char *s) |
498 |
|
|
{ |
499 |
|
|
struct in_addr ina; |
500 |
|
|
struct in6_addr ina6; |
501 |
|
|
char *c, domain[SMTPD_MAXDOMAINPARTSIZE]; |
502 |
|
|
const char *p; |
503 |
|
|
|
504 |
|
|
if (*s == '[') { |
505 |
|
|
if (strncasecmp("[IPv6:", s, 6) == 0) |
506 |
|
|
p = s + 6; |
507 |
|
|
else |
508 |
|
|
p = s + 1; |
509 |
|
|
|
510 |
|
|
if (strlcpy(domain, p, sizeof domain) >= sizeof domain) |
511 |
|
|
return 0; |
512 |
|
|
|
513 |
|
|
c = strchr(domain, (int)']'); |
514 |
|
|
if (!c || c[1] != '\0') |
515 |
|
|
return 0; |
516 |
|
|
|
517 |
|
|
*c = '\0'; |
518 |
|
|
|
519 |
|
|
if (inet_pton(AF_INET6, domain, &ina6) == 1) |
520 |
|
|
return 1; |
521 |
|
|
if (inet_pton(AF_INET, domain, &ina) == 1) |
522 |
|
|
return 1; |
523 |
|
|
|
524 |
|
|
return 0; |
525 |
|
|
} |
526 |
|
|
|
527 |
|
|
if (*s == '\0') |
528 |
|
|
return 0; |
529 |
|
|
|
530 |
|
|
return res_hnok(s); |
531 |
|
|
} |
532 |
|
|
|
533 |
|
|
int |
534 |
|
|
secure_file(int fd, char *path, char *userdir, uid_t uid, int mayread) |
535 |
|
|
{ |
536 |
|
|
char buf[PATH_MAX]; |
537 |
|
|
char homedir[PATH_MAX]; |
538 |
|
|
struct stat st; |
539 |
|
|
char *cp; |
540 |
|
|
|
541 |
|
|
if (realpath(path, buf) == NULL) |
542 |
|
|
return 0; |
543 |
|
|
|
544 |
|
|
if (realpath(userdir, homedir) == NULL) |
545 |
|
|
homedir[0] = '\0'; |
546 |
|
|
|
547 |
|
|
/* Check the open file to avoid races. */ |
548 |
|
|
if (fstat(fd, &st) < 0 || |
549 |
|
|
!S_ISREG(st.st_mode) || |
550 |
|
|
st.st_uid != uid || |
551 |
|
|
(st.st_mode & (mayread ? 022 : 066)) != 0) |
552 |
|
|
return 0; |
553 |
|
|
|
554 |
|
|
/* For each component of the canonical path, walking upwards. */ |
555 |
|
|
for (;;) { |
556 |
|
|
if ((cp = dirname(buf)) == NULL) |
557 |
|
|
return 0; |
558 |
|
|
(void)strlcpy(buf, cp, sizeof(buf)); |
559 |
|
|
|
560 |
|
|
if (stat(buf, &st) < 0 || |
561 |
|
|
(st.st_uid != 0 && st.st_uid != uid) || |
562 |
|
|
(st.st_mode & 022) != 0) |
563 |
|
|
return 0; |
564 |
|
|
|
565 |
|
|
/* We can stop checking after reaching homedir level. */ |
566 |
|
|
if (strcmp(homedir, buf) == 0) |
567 |
|
|
break; |
568 |
|
|
|
569 |
|
|
/* |
570 |
|
|
* dirname should always complete with a "/" path, |
571 |
|
|
* but we can be paranoid and check for "." too |
572 |
|
|
*/ |
573 |
|
|
if ((strcmp("/", buf) == 0) || (strcmp(".", buf) == 0)) |
574 |
|
|
break; |
575 |
|
|
} |
576 |
|
|
|
577 |
|
|
return 1; |
578 |
|
|
} |
579 |
|
|
|
580 |
|
|
void |
581 |
|
|
addargs(arglist *args, char *fmt, ...) |
582 |
|
|
{ |
583 |
|
|
va_list ap; |
584 |
|
|
char *cp; |
585 |
|
|
uint nalloc; |
586 |
|
|
int r; |
587 |
|
|
char **tmp; |
588 |
|
|
|
589 |
|
|
va_start(ap, fmt); |
590 |
|
|
r = vasprintf(&cp, fmt, ap); |
591 |
|
|
va_end(ap); |
592 |
|
|
if (r == -1) |
593 |
|
|
fatal("addargs: argument too long"); |
594 |
|
|
|
595 |
|
|
nalloc = args->nalloc; |
596 |
|
|
if (args->list == NULL) { |
597 |
|
|
nalloc = 32; |
598 |
|
|
args->num = 0; |
599 |
|
|
} else if (args->num+2 >= nalloc) |
600 |
|
|
nalloc *= 2; |
601 |
|
|
|
602 |
|
|
tmp = reallocarray(args->list, nalloc, sizeof(char *)); |
603 |
|
|
if (tmp == NULL) |
604 |
|
|
fatal("addargs: reallocarray"); |
605 |
|
|
args->list = tmp; |
606 |
|
|
args->nalloc = nalloc; |
607 |
|
|
args->list[args->num++] = cp; |
608 |
|
|
args->list[args->num] = NULL; |
609 |
|
|
} |
610 |
|
|
|
611 |
|
|
int |
612 |
|
|
lowercase(char *buf, const char *s, size_t len) |
613 |
|
|
{ |
614 |
|
|
if (len == 0) |
615 |
|
|
return 0; |
616 |
|
|
|
617 |
|
|
if (strlcpy(buf, s, len) >= len) |
618 |
|
|
return 0; |
619 |
|
|
|
620 |
|
|
while (*buf != '\0') { |
621 |
|
|
*buf = tolower((unsigned char)*buf); |
622 |
|
|
buf++; |
623 |
|
|
} |
624 |
|
|
|
625 |
|
|
return 1; |
626 |
|
|
} |
627 |
|
|
|
628 |
|
|
int |
629 |
|
|
uppercase(char *buf, const char *s, size_t len) |
630 |
|
|
{ |
631 |
|
|
if (len == 0) |
632 |
|
|
return 0; |
633 |
|
|
|
634 |
|
|
if (strlcpy(buf, s, len) >= len) |
635 |
|
|
return 0; |
636 |
|
|
|
637 |
|
|
while (*buf != '\0') { |
638 |
|
|
*buf = toupper((unsigned char)*buf); |
639 |
|
|
buf++; |
640 |
|
|
} |
641 |
|
|
|
642 |
|
|
return 1; |
643 |
|
|
} |
644 |
|
|
|
645 |
|
|
void |
646 |
|
|
xlowercase(char *buf, const char *s, size_t len) |
647 |
|
|
{ |
648 |
|
|
if (len == 0) |
649 |
|
|
fatalx("lowercase: len == 0"); |
650 |
|
|
|
651 |
|
|
if (!lowercase(buf, s, len)) |
652 |
|
|
fatalx("lowercase: truncation"); |
653 |
|
|
} |
654 |
|
|
|
655 |
|
|
uint64_t |
656 |
|
|
generate_uid(void) |
657 |
|
|
{ |
658 |
|
|
static uint32_t id; |
659 |
|
|
static uint8_t inited; |
660 |
|
|
uint64_t uid; |
661 |
|
|
|
662 |
|
|
if (!inited) { |
663 |
|
|
id = arc4random(); |
664 |
|
|
inited = 1; |
665 |
|
|
} |
666 |
|
|
while ((uid = ((uint64_t)(id++) << 32 | arc4random())) == 0) |
667 |
|
|
; |
668 |
|
|
|
669 |
|
|
return (uid); |
670 |
|
|
} |
671 |
|
|
|
672 |
|
|
int |
673 |
|
|
session_socket_error(int fd) |
674 |
|
|
{ |
675 |
|
|
int error; |
676 |
|
|
socklen_t len; |
677 |
|
|
|
678 |
|
|
len = sizeof(error); |
679 |
|
|
if (getsockopt(fd, SOL_SOCKET, SO_ERROR, &error, &len) == -1) |
680 |
|
|
fatal("session_socket_error: getsockopt"); |
681 |
|
|
|
682 |
|
|
return (error); |
683 |
|
|
} |
684 |
|
|
|
685 |
|
|
const char * |
686 |
|
|
parse_smtp_response(char *line, size_t len, char **msg, int *cont) |
687 |
|
|
{ |
688 |
|
|
size_t i; |
689 |
|
|
|
690 |
|
|
if (len >= LINE_MAX) |
691 |
|
|
return "line too long"; |
692 |
|
|
|
693 |
|
|
if (len > 3) { |
694 |
|
|
if (msg) |
695 |
|
|
*msg = line + 4; |
696 |
|
|
if (cont) |
697 |
|
|
*cont = (line[3] == '-'); |
698 |
|
|
} else if (len == 3) { |
699 |
|
|
if (msg) |
700 |
|
|
*msg = line + 3; |
701 |
|
|
if (cont) |
702 |
|
|
*cont = 0; |
703 |
|
|
} else |
704 |
|
|
return "line too short"; |
705 |
|
|
|
706 |
|
|
/* validate reply code */ |
707 |
|
|
if (line[0] < '2' || line[0] > '5' || !isdigit((unsigned char)line[1]) || |
708 |
|
|
!isdigit((unsigned char)line[2])) |
709 |
|
|
return "reply code out of range"; |
710 |
|
|
|
711 |
|
|
/* validate reply message */ |
712 |
|
|
for (i = 0; i < len; i++) |
713 |
|
|
if (!isprint((unsigned char)line[i])) |
714 |
|
|
return "non-printable character in reply"; |
715 |
|
|
|
716 |
|
|
return NULL; |
717 |
|
|
} |
718 |
|
|
|
719 |
|
|
static int |
720 |
|
|
parse_mailname_file(char *hostname, size_t len) |
721 |
|
|
{ |
722 |
|
|
FILE *fp; |
723 |
|
4 |
char *buf = NULL; |
724 |
|
2 |
size_t bufsz = 0; |
725 |
|
|
ssize_t buflen; |
726 |
|
|
|
727 |
✓✗ |
2 |
if ((fp = fopen(MAILNAME_FILE, "r")) == NULL) |
728 |
|
2 |
return 1; |
729 |
|
|
|
730 |
|
|
if ((buflen = getline(&buf, &bufsz, fp)) == -1) |
731 |
|
|
goto error; |
732 |
|
|
|
733 |
|
|
if (buf[buflen - 1] == '\n') |
734 |
|
|
buf[buflen - 1] = '\0'; |
735 |
|
|
|
736 |
|
|
if (strlcpy(hostname, buf, len) >= len) { |
737 |
|
|
fprintf(stderr, MAILNAME_FILE " entry too long"); |
738 |
|
|
goto error; |
739 |
|
|
} |
740 |
|
|
|
741 |
|
|
return 0; |
742 |
|
|
error: |
743 |
|
|
fclose(fp); |
744 |
|
|
free(buf); |
745 |
|
|
return 1; |
746 |
|
2 |
} |
747 |
|
|
|
748 |
|
|
int |
749 |
|
|
getmailname(char *hostname, size_t len) |
750 |
|
|
{ |
751 |
|
4 |
struct addrinfo hints, *res = NULL; |
752 |
|
|
int error; |
753 |
|
|
|
754 |
|
|
/* Try MAILNAME_FILE first */ |
755 |
✗✓ |
2 |
if (parse_mailname_file(hostname, len) == 0) |
756 |
|
|
return 0; |
757 |
|
|
|
758 |
|
|
/* Next, gethostname(3) */ |
759 |
✗✓ |
2 |
if (gethostname(hostname, len) == -1) { |
760 |
|
|
fprintf(stderr, "getmailname: gethostname() failed\n"); |
761 |
|
|
return -1; |
762 |
|
|
} |
763 |
|
|
|
764 |
✓✗ |
2 |
if (strchr(hostname, '.') != NULL) |
765 |
|
2 |
return 0; |
766 |
|
|
|
767 |
|
|
/* Canonicalize if domain part is missing */ |
768 |
|
|
memset(&hints, 0, sizeof hints); |
769 |
|
|
hints.ai_family = PF_UNSPEC; |
770 |
|
|
hints.ai_flags = AI_CANONNAME; |
771 |
|
|
error = getaddrinfo(hostname, NULL, &hints, &res); |
772 |
|
|
if (error) |
773 |
|
|
return 0; /* Continue with non-canon hostname */ |
774 |
|
|
|
775 |
|
|
if (strlcpy(hostname, res->ai_canonname, len) >= len) { |
776 |
|
|
fprintf(stderr, "hostname too long"); |
777 |
|
|
return -1; |
778 |
|
|
} |
779 |
|
|
|
780 |
|
|
freeaddrinfo(res); |
781 |
|
|
return 0; |
782 |
|
2 |
} |
783 |
|
|
|
784 |
|
|
int |
785 |
|
|
base64_encode(unsigned char const *src, size_t srclen, |
786 |
|
|
char *dest, size_t destsize) |
787 |
|
|
{ |
788 |
|
|
return __b64_ntop(src, srclen, dest, destsize); |
789 |
|
|
} |
790 |
|
|
|
791 |
|
|
int |
792 |
|
|
base64_decode(char const *src, unsigned char *dest, size_t destsize) |
793 |
|
|
{ |
794 |
|
|
return __b64_pton(src, dest, destsize); |
795 |
|
|
} |
796 |
|
|
|
797 |
|
|
void |
798 |
|
|
log_trace(int mask, const char *emsg, ...) |
799 |
|
|
{ |
800 |
|
|
va_list ap; |
801 |
|
|
|
802 |
|
|
if (tracing & mask) { |
803 |
|
|
va_start(ap, emsg); |
804 |
|
|
vlog(LOG_DEBUG, emsg, ap); |
805 |
|
|
va_end(ap); |
806 |
|
|
} |
807 |
|
|
} |
808 |
|
|
|
809 |
|
|
void |
810 |
|
|
log_trace_verbose(int v) |
811 |
|
|
{ |
812 |
|
|
tracing = v; |
813 |
|
|
|
814 |
|
|
/* Set debug logging in log.c */ |
815 |
|
|
log_setverbose(v & TRACE_DEBUG ? 2 : foreground_log); |
816 |
|
|
} |