mail_conf.c

[詳解]

/*++
/* NAME
/*  mail_conf 3
/* SUMMARY
/*  global configuration parameter management
/* SYNOPSIS
/*  #include <mail_conf.h>
/*
/*  void    mail_conf_read()
/*
/*  void    mail_conf_suck()
/*
/*  void    mail_conf_flush()
/*
/*  void    mail_conf_checkdir(config_dir)
/*  const char *config_dir;
/*
/*  void    mail_conf_update(name, value)
/*  const char *name;
/*  const char *value;
/*
/*  const char *mail_conf_lookup(name)
/*  const char *name;
/*
/*  const char *mail_conf_eval(string)
/*  const char *string;
/*
/*  const char *mail_conf_eval_once(string)
/*  const char *string;
/*
/*  const char *mail_conf_lookup_eval(name)
/*  const char *name;
/* DESCRIPTION
/*  mail_conf_suck() reads the global Postfix configuration
/*  file, and stores its values into a global configuration
/*  dictionary. When the configuration directory name is not
/*  trusted, this function requires that the directory name is
/*  authorized with the alternate_config_directories setting
/*  in the default main.cf file.
/*
/*  This function requires that all configuration directory
/*  override mechanisms set the MAIL_CONFIG environment variable,
/*  even if the override was specified via the command line.
/*  This reduces the number of pathways that need to be checked
/*  for possible security attacks.
/*
/*  mail_conf_read() invokes mail_conf_suck() and assigns the values
/*  to global variables by calling mail_params_init().
/*
/*  mail_conf_flush() discards the global configuration dictionary.
/*  This is needed in programs that read main.cf multiple times, to
/*  ensure that deleted parameter settings are handled properly.
/*
/*  mail_conf_checkdir() verifies that configuration directory
/*  is authorized through settings in the default main.cf file,
/*  and terminates the program if it is not.
/*
/*  The following routines are wrappers around the generic dictionary
/*  access routines.
/*
/*  mail_conf_update() updates the named global parameter. This has
/*  no effect on parameters whose value has already been looked up.
/*  The update succeeds or the program terminates with fatal error.
/*
/*  mail_conf_lookup() looks up the value of the named parameter.
/*  A null pointer result means the parameter was not found.
/*  The result is volatile and should be copied if it is to be
/*  used for any appreciable amount of time.
/*
/*  mail_conf_eval() recursively expands any $parameters in the
/*  string argument. The result is volatile and should be copied
/*  if it is to be used for any appreciable amount of time.
/*
/*  mail_conf_eval_once() non-recursively expands any $parameters
/*  in the string argument. The result is volatile and should
/*  be copied if it is to be used for any appreciable amount
/*  of time.
/*
/*  mail_conf_lookup_eval() looks up the named parameter, and expands any
/*  $parameters in the result. The result is volatile and should be
/*  copied if it is to be used for any appreciable amount of time.
/* DIAGNOSTICS
/*  Fatal errors: malformed numerical value.
/* ENVIRONMENT
/*  MAIL_CONFIG, non-default configuration database
/*  MAIL_VERBOSE, enable verbose mode
/* FILES
/*  /etc/postfix: default Postfix configuration directory.
/* SEE ALSO
/*  dict(3) generic dictionary manager
/*  mail_conf_int(3) integer-valued parameters
/*  mail_conf_str(3) string-valued parameters
/* LICENSE
/* .ad
/* .fi
/*  The Secure Mailer license must be distributed with this software.
/* AUTHOR(S)
/*  Wietse Venema
/*  IBM T.J. Watson Research
/*  P.O. Box 704
/*  Yorktown Heights, NY 10598, USA
/*
/*  Wietse Venema
/*  Google, Inc.
/*  111 8th Avenue
/*  New York, NY 10011, USA
/*--*/

/* System library. */

#include <sys_defs.h>
#include <unistd.h>
#include <stdlib.h>
#include <string.h>

/* Utility library. */

#include <msg.h>
#include <mymalloc.h>
#include <vstream.h>
#include <vstring.h>
#include <dict.h>
#include <safe.h>
#include <stringops.h>
#include <readlline.h>

/* Global library. */

#include "mail_params.h"
#include "mail_conf.h"

/* mail_conf_checkdir - authorize non-default directory */

void mail_conf_checkdir(const char *config_dir)
{
    VSTRING *buf;
    VSTREAM *fp;
    char   *path;
    char   *name;
    char   *value;
    char   *cp;
    int     found = 0;

    /*
     * If running set-[ug]id, require that a non-default configuration
     * directory name is blessed as a bona fide configuration directory in
     * the default main.cf file.
     */
    path = concatenate(DEF_CONFIG_DIR, "/", "main.cf", (char *) 0);
    if ((fp = vstream_fopen(path, O_RDONLY, 0)) == 0)
    msg_fatal("open file %s: %m", path);

    buf = vstring_alloc(1);
    while (found == 0 && readlline(buf, fp, (int *) 0)) {
    if (split_nameval(vstring_str(buf), &name, &value) == 0
        && (strcmp(name, VAR_CONFIG_DIRS) == 0
        || strcmp(name, VAR_MULTI_CONF_DIRS) == 0)) {
        while (found == 0 && (cp = mystrtok(&value, CHARS_COMMA_SP)) != 0)
        if (strcmp(cp, config_dir) == 0)
            found = 1;
    }
    }
    if (vstream_fclose(fp))
    msg_fatal("read file %s: %m", path);
    vstring_free(buf);

    if (found == 0) {
    msg_error("unauthorized configuration directory name: %s", config_dir);
    msg_fatal("specify \"%s = %s\" or \"%s = %s\" in %s",
          VAR_CONFIG_DIRS, config_dir,
          VAR_MULTI_CONF_DIRS, config_dir, path);
    }
    myfree(path);
}

/* mail_conf_read - read global configuration file */

void    mail_conf_read(void)
{
    mail_conf_suck();
    mail_params_init();
}

/* mail_conf_suck - suck in the global configuration file */

void    mail_conf_suck(void)
{
    char   *config_dir;
    char   *path;

    /*
     * The code below requires that all configuration directory override
     * mechanisms set the CONF_ENV_PATH environment variable, even if the
     * override was specified via the command line. This reduces the number
     * of pathways that need to be checked for possible security attacks.
     * 
     * Note: this code necessarily runs before cleanenv() can enforce the
     * import_environment scrubbing policy.
     */

    /*
     * Permit references to unknown configuration variable names. We rely on
     * a separate configuration checking tool to spot misspelled names and
     * other kinds of trouble. Enter the configuration directory into the
     * default dictionary.
     */
    if (var_config_dir)
    myfree(var_config_dir);
    if ((config_dir = getenv(CONF_ENV_PATH)) == 0)
    config_dir = DEF_CONFIG_DIR;
    var_config_dir = mystrdup(config_dir);
    set_mail_conf_str(VAR_CONFIG_DIR, var_config_dir);

    /*
     * If the configuration directory name comes from an untrusted source,
     * require that it is listed in the default main.cf file.
     */
    if (strcmp(var_config_dir, DEF_CONFIG_DIR) != 0 /* non-default */
    && unsafe())                /* untrusted env and cli */
    mail_conf_checkdir(var_config_dir);
    path = concatenate(var_config_dir, "/", "main.cf", (char *) 0);
    if (dict_load_file_xt(CONFIG_DICT, path) == 0)
    msg_fatal("open %s: %m", path);
    myfree(path);
}

/* mail_conf_flush - discard configuration dictionary */

void    mail_conf_flush(void)
{
    if (dict_handle(CONFIG_DICT) != 0)
    dict_unregister(CONFIG_DICT);
}

/* mail_conf_eval - expand macros in string */

const char *mail_conf_eval(const char *string)
{
#define RECURSIVE   1

    return (dict_eval(CONFIG_DICT, string, RECURSIVE));
}

/* mail_conf_eval_once - expand one level of macros in string */

const char *mail_conf_eval_once(const char *string)
{
#define NONRECURSIVE    0

    return (dict_eval(CONFIG_DICT, string, NONRECURSIVE));
}

/* mail_conf_lookup - lookup named variable */

const char *mail_conf_lookup(const char *name)
{
    return (dict_lookup(CONFIG_DICT, name));
}

/* mail_conf_lookup_eval - expand named variable */

const char *mail_conf_lookup_eval(const char *name)
{
    const char *value;

#define RECURSIVE   1

    if ((value = dict_lookup(CONFIG_DICT, name)) != 0)
    value = dict_eval(CONFIG_DICT, value, RECURSIVE);
    return (value);
}

/* mail_conf_update - update parameter */

void    mail_conf_update(const char *key, const char *value)
{
    dict_update(CONFIG_DICT, key, value);
}