Mercurial > dovecot > core-2.2
annotate src/util/script-login.c @ 22656:1789bf2a1e01
director: Make sure HOST-RESET-USERS isn't used with max_moving_users=0
The reset command would just hang in that case. doveadm would never have
sent this, so this is just an extra sanity check.
author | Timo Sirainen <timo.sirainen@dovecot.fi> |
---|---|
date | Sun, 05 Nov 2017 23:51:56 +0200 |
parents | 2e2563132d5f |
children | cb108f786fb4 |
rev | line source |
---|---|
21390
2e2563132d5f
Updated copyright notices to include the year 2017.
Stephan Bosch <stephan.bosch@dovecot.fi>
parents:
21389
diff
changeset
|
1 /* Copyright (c) 2009-2017 Dovecot authors, see the included COPYING file */ |
10459
e9cbc461c525
imap, pop3: Added back ability to run post-login scripts.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
2 |
e9cbc461c525
imap, pop3: Added back ability to run post-login scripts.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
3 #include "lib.h" |
e9cbc461c525
imap, pop3: Added back ability to run post-login scripts.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
4 #include "env-util.h" |
10996
43f2452b7dd8
Replaced execv*() with execv*_const() wherever possible.
Timo Sirainen <tss@iki.fi>
parents:
10974
diff
changeset
|
5 #include "execv-const.h" |
10459
e9cbc461c525
imap, pop3: Added back ability to run post-login scripts.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
6 #include "fdpass.h" |
10460
b07f913040b1
script: Added enough features to get rawlog working again.
Timo Sirainen <tss@iki.fi>
parents:
10459
diff
changeset
|
7 #include "restrict-access.h" |
10459
e9cbc461c525
imap, pop3: Added back ability to run post-login scripts.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
8 #include "str.h" |
e9cbc461c525
imap, pop3: Added back ability to run post-login scripts.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
9 #include "strescape.h" |
10460
b07f913040b1
script: Added enough features to get rawlog working again.
Timo Sirainen <tss@iki.fi>
parents:
10459
diff
changeset
|
10 #include "settings-parser.h" |
b07f913040b1
script: Added enough features to get rawlog working again.
Timo Sirainen <tss@iki.fi>
parents:
10459
diff
changeset
|
11 #include "mail-storage-service.h" |
10459
e9cbc461c525
imap, pop3: Added back ability to run post-login scripts.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
12 #include "master-interface.h" |
e9cbc461c525
imap, pop3: Added back ability to run post-login scripts.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
13 #include "master-service.h" |
10460
b07f913040b1
script: Added enough features to get rawlog working again.
Timo Sirainen <tss@iki.fi>
parents:
10459
diff
changeset
|
14 #include "master-service-settings.h" |
10459
e9cbc461c525
imap, pop3: Added back ability to run post-login scripts.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
15 |
e9cbc461c525
imap, pop3: Added back ability to run post-login scripts.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
16 #include <unistd.h> |
e9cbc461c525
imap, pop3: Added back ability to run post-login scripts.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
17 |
11460
3ac8c5dd9c30
script-login: Added version check to the protocol.
Timo Sirainen <tss@iki.fi>
parents:
11459
diff
changeset
|
18 #define SCRIPT_LOGIN_PROTOCOL_VERSION_MAJOR 1 |
3ac8c5dd9c30
script-login: Added version check to the protocol.
Timo Sirainen <tss@iki.fi>
parents:
11459
diff
changeset
|
19 #define SCRIPT_LOGIN_READ_TIMEOUT_SECS 10 |
10459
e9cbc461c525
imap, pop3: Added back ability to run post-login scripts.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
20 #define ENV_USERDB_KEYS "USERDB_KEYS" |
e9cbc461c525
imap, pop3: Added back ability to run post-login scripts.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
21 #define SCRIPT_COMM_FD 3 |
e9cbc461c525
imap, pop3: Added back ability to run post-login scripts.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
22 |
10996
43f2452b7dd8
Replaced execv*() with execv*_const() wherever possible.
Timo Sirainen <tss@iki.fi>
parents:
10974
diff
changeset
|
23 static const char **exec_args; |
13006
25a452227a09
script-login: When -d isn't given, drop privileges as specified by the service settings.
Timo Sirainen <tss@iki.fi>
parents:
13005
diff
changeset
|
24 static bool drop_to_userdb_privileges = FALSE; |
10459
e9cbc461c525
imap, pop3: Added back ability to run post-login scripts.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
25 |
11388
b8d3c96e61a7
lib-master API changed to avoid accidentally leaking client connections.
Timo Sirainen <tss@iki.fi>
parents:
10996
diff
changeset
|
26 static void client_connected(struct master_service_connection *conn) |
10459
e9cbc461c525
imap, pop3: Added back ability to run post-login scripts.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
27 { |
10498
569206178c09
mail storage service: Some flag enums were missing FLAG_ in the middle.
Timo Sirainen <tss@iki.fi>
parents:
10471
diff
changeset
|
28 enum mail_storage_service_flags flags = |
569206178c09
mail storage service: Some flag enums were missing FLAG_ in the middle.
Timo Sirainen <tss@iki.fi>
parents:
10471
diff
changeset
|
29 MAIL_STORAGE_SERVICE_FLAG_NO_PLUGINS; |
10460
b07f913040b1
script: Added enough features to get rawlog working again.
Timo Sirainen <tss@iki.fi>
parents:
10459
diff
changeset
|
30 string_t *instr, *keys; |
11460
3ac8c5dd9c30
script-login: Added version check to the protocol.
Timo Sirainen <tss@iki.fi>
parents:
11459
diff
changeset
|
31 const char **args, *key, *value, *error, *version_line, *data_line; |
10460
b07f913040b1
script: Added enough features to get rawlog working again.
Timo Sirainen <tss@iki.fi>
parents:
10459
diff
changeset
|
32 struct mail_storage_service_ctx *service_ctx; |
b07f913040b1
script: Added enough features to get rawlog working again.
Timo Sirainen <tss@iki.fi>
parents:
10459
diff
changeset
|
33 struct mail_storage_service_input input; |
b07f913040b1
script: Added enough features to get rawlog working again.
Timo Sirainen <tss@iki.fi>
parents:
10459
diff
changeset
|
34 struct mail_storage_service_user *user; |
10459
e9cbc461c525
imap, pop3: Added back ability to run post-login scripts.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
35 char buf[1024]; |
10471
484be10242a7
script: Close extra fds before executing post-login script.
Timo Sirainen <tss@iki.fi>
parents:
10463
diff
changeset
|
36 unsigned int i, socket_count; |
10459
e9cbc461c525
imap, pop3: Added back ability to run post-login scripts.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
37 int fd = -1; |
e9cbc461c525
imap, pop3: Added back ability to run post-login scripts.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
38 ssize_t ret; |
e9cbc461c525
imap, pop3: Added back ability to run post-login scripts.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
39 |
11460
3ac8c5dd9c30
script-login: Added version check to the protocol.
Timo Sirainen <tss@iki.fi>
parents:
11459
diff
changeset
|
40 alarm(SCRIPT_LOGIN_READ_TIMEOUT_SECS); |
3ac8c5dd9c30
script-login: Added version check to the protocol.
Timo Sirainen <tss@iki.fi>
parents:
11459
diff
changeset
|
41 |
10812
156f24de1081
script: We want incoming fd to be blocking to avoid EAGAIN errors.
Timo Sirainen <tss@iki.fi>
parents:
10582
diff
changeset
|
42 net_set_nonblock(conn->fd, FALSE); |
10460
b07f913040b1
script: Added enough features to get rawlog working again.
Timo Sirainen <tss@iki.fi>
parents:
10459
diff
changeset
|
43 instr = t_str_new(1024); |
10459
e9cbc461c525
imap, pop3: Added back ability to run post-login scripts.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
44 ret = fd_read(conn->fd, buf, sizeof(buf), &fd); |
e9cbc461c525
imap, pop3: Added back ability to run post-login scripts.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
45 while (ret > 0) { |
10460
b07f913040b1
script: Added enough features to get rawlog working again.
Timo Sirainen <tss@iki.fi>
parents:
10459
diff
changeset
|
46 str_append_n(instr, buf, ret); |
11460
3ac8c5dd9c30
script-login: Added version check to the protocol.
Timo Sirainen <tss@iki.fi>
parents:
11459
diff
changeset
|
47 if (buf[ret-1] == '\n' && |
3ac8c5dd9c30
script-login: Added version check to the protocol.
Timo Sirainen <tss@iki.fi>
parents:
11459
diff
changeset
|
48 strchr(str_c(instr), '\n')[1] != '\0') { |
10460
b07f913040b1
script: Added enough features to get rawlog working again.
Timo Sirainen <tss@iki.fi>
parents:
10459
diff
changeset
|
49 str_truncate(instr, str_len(instr)-1); |
10459
e9cbc461c525
imap, pop3: Added back ability to run post-login scripts.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
50 break; |
e9cbc461c525
imap, pop3: Added back ability to run post-login scripts.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
51 } |
e9cbc461c525
imap, pop3: Added back ability to run post-login scripts.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
52 |
e9cbc461c525
imap, pop3: Added back ability to run post-login scripts.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
53 ret = read(conn->fd, buf, sizeof(buf)); |
e9cbc461c525
imap, pop3: Added back ability to run post-login scripts.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
54 } |
11460
3ac8c5dd9c30
script-login: Added version check to the protocol.
Timo Sirainen <tss@iki.fi>
parents:
11459
diff
changeset
|
55 |
3ac8c5dd9c30
script-login: Added version check to the protocol.
Timo Sirainen <tss@iki.fi>
parents:
11459
diff
changeset
|
56 version_line = str_c(instr); |
3ac8c5dd9c30
script-login: Added version check to the protocol.
Timo Sirainen <tss@iki.fi>
parents:
11459
diff
changeset
|
57 data_line = strchr(version_line, '\n'); |
3ac8c5dd9c30
script-login: Added version check to the protocol.
Timo Sirainen <tss@iki.fi>
parents:
11459
diff
changeset
|
58 if (data_line != NULL) |
3ac8c5dd9c30
script-login: Added version check to the protocol.
Timo Sirainen <tss@iki.fi>
parents:
11459
diff
changeset
|
59 version_line = t_strdup_until(version_line, data_line++); |
3ac8c5dd9c30
script-login: Added version check to the protocol.
Timo Sirainen <tss@iki.fi>
parents:
11459
diff
changeset
|
60 else |
3ac8c5dd9c30
script-login: Added version check to the protocol.
Timo Sirainen <tss@iki.fi>
parents:
11459
diff
changeset
|
61 version_line = NULL; |
3ac8c5dd9c30
script-login: Added version check to the protocol.
Timo Sirainen <tss@iki.fi>
parents:
11459
diff
changeset
|
62 |
3ac8c5dd9c30
script-login: Added version check to the protocol.
Timo Sirainen <tss@iki.fi>
parents:
11459
diff
changeset
|
63 if (ret > 0 || version_line != NULL) { |
3ac8c5dd9c30
script-login: Added version check to the protocol.
Timo Sirainen <tss@iki.fi>
parents:
11459
diff
changeset
|
64 if (version_line == NULL || |
3ac8c5dd9c30
script-login: Added version check to the protocol.
Timo Sirainen <tss@iki.fi>
parents:
11459
diff
changeset
|
65 !version_string_verify(version_line, "script-login", |
3ac8c5dd9c30
script-login: Added version check to the protocol.
Timo Sirainen <tss@iki.fi>
parents:
11459
diff
changeset
|
66 SCRIPT_LOGIN_PROTOCOL_VERSION_MAJOR)) { |
3ac8c5dd9c30
script-login: Added version check to the protocol.
Timo Sirainen <tss@iki.fi>
parents:
11459
diff
changeset
|
67 i_fatal("Client not compatible with this binary " |
3ac8c5dd9c30
script-login: Added version check to the protocol.
Timo Sirainen <tss@iki.fi>
parents:
11459
diff
changeset
|
68 "(connecting to wrong socket?)"); |
3ac8c5dd9c30
script-login: Added version check to the protocol.
Timo Sirainen <tss@iki.fi>
parents:
11459
diff
changeset
|
69 } |
3ac8c5dd9c30
script-login: Added version check to the protocol.
Timo Sirainen <tss@iki.fi>
parents:
11459
diff
changeset
|
70 } |
3ac8c5dd9c30
script-login: Added version check to the protocol.
Timo Sirainen <tss@iki.fi>
parents:
11459
diff
changeset
|
71 |
10459
e9cbc461c525
imap, pop3: Added back ability to run post-login scripts.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
72 if (ret <= 0) { |
e9cbc461c525
imap, pop3: Added back ability to run post-login scripts.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
73 if (ret < 0) |
e9cbc461c525
imap, pop3: Added back ability to run post-login scripts.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
74 i_fatal("read() failed: %m"); |
e9cbc461c525
imap, pop3: Added back ability to run post-login scripts.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
75 else |
e9cbc461c525
imap, pop3: Added back ability to run post-login scripts.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
76 i_fatal("read() failed: disconnected"); |
e9cbc461c525
imap, pop3: Added back ability to run post-login scripts.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
77 } |
e9cbc461c525
imap, pop3: Added back ability to run post-login scripts.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
78 if (fd == -1) |
e9cbc461c525
imap, pop3: Added back ability to run post-login scripts.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
79 i_fatal("client fd not received"); |
e9cbc461c525
imap, pop3: Added back ability to run post-login scripts.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
80 |
13599
6d1c20b1936c
script-login: Disable alarm after input has been read.
Timo Sirainen <tss@iki.fi>
parents:
13062
diff
changeset
|
81 alarm(0); |
6d1c20b1936c
script-login: Disable alarm after input has been read.
Timo Sirainen <tss@iki.fi>
parents:
13062
diff
changeset
|
82 |
10459
e9cbc461c525
imap, pop3: Added back ability to run post-login scripts.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
83 /* put everything to environment */ |
e9cbc461c525
imap, pop3: Added back ability to run post-login scripts.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
84 env_clean(); |
e9cbc461c525
imap, pop3: Added back ability to run post-login scripts.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
85 keys = t_str_new(256); |
14471
fc8031c5e691
Use t_strsplit_tab() wherever possible
Timo Sirainen <tss@iki.fi>
parents:
14133
diff
changeset
|
86 args = t_strsplit_tab(data_line); |
10459
e9cbc461c525
imap, pop3: Added back ability to run post-login scripts.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
87 |
e9cbc461c525
imap, pop3: Added back ability to run post-login scripts.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
88 if (str_array_length(args) < 3) |
e9cbc461c525
imap, pop3: Added back ability to run post-login scripts.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
89 i_fatal("Missing input fields"); |
e9cbc461c525
imap, pop3: Added back ability to run post-login scripts.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
90 |
e9cbc461c525
imap, pop3: Added back ability to run post-login scripts.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
91 i = 0; |
21389
59437f8764c6
global: Replaced all instances of memset(p, 0, sizeof(*p)) with the new i_zero() macro.
Stephan Bosch <stephan.bosch@dovecot.fi>
parents:
19552
diff
changeset
|
92 i_zero(&input); |
10974
841bfacb7ec3
script: Fixed using mail_uid/mail_gid settings as fallback.
Timo Sirainen <tss@iki.fi>
parents:
10930
diff
changeset
|
93 input.module = "mail"; /* need to get mail_uid, mail_gid */ |
11457
addb2c6c1dfb
Renamed "script" binary to "script-login".
Timo Sirainen <tss@iki.fi>
parents:
11388
diff
changeset
|
94 input.service = "script-login"; |
10460
b07f913040b1
script: Added enough features to get rawlog working again.
Timo Sirainen <tss@iki.fi>
parents:
10459
diff
changeset
|
95 (void)net_addr2ip(args[i++], &input.local_ip); |
b07f913040b1
script: Added enough features to get rawlog working again.
Timo Sirainen <tss@iki.fi>
parents:
10459
diff
changeset
|
96 (void)net_addr2ip(args[i++], &input.remote_ip); |
b07f913040b1
script: Added enough features to get rawlog working again.
Timo Sirainen <tss@iki.fi>
parents:
10459
diff
changeset
|
97 input.username = args[i++]; |
b07f913040b1
script: Added enough features to get rawlog working again.
Timo Sirainen <tss@iki.fi>
parents:
10459
diff
changeset
|
98 input.userdb_fields = args + i; |
b07f913040b1
script: Added enough features to get rawlog working again.
Timo Sirainen <tss@iki.fi>
parents:
10459
diff
changeset
|
99 |
b07f913040b1
script: Added enough features to get rawlog working again.
Timo Sirainen <tss@iki.fi>
parents:
10459
diff
changeset
|
100 env_put(t_strconcat("LOCAL_IP=", net_ip2addr(&input.local_ip), NULL)); |
b07f913040b1
script: Added enough features to get rawlog working again.
Timo Sirainen <tss@iki.fi>
parents:
10459
diff
changeset
|
101 env_put(t_strconcat("IP=", net_ip2addr(&input.remote_ip), NULL)); |
b07f913040b1
script: Added enough features to get rawlog working again.
Timo Sirainen <tss@iki.fi>
parents:
10459
diff
changeset
|
102 env_put(t_strconcat("USER=", input.username, NULL)); |
10459
e9cbc461c525
imap, pop3: Added back ability to run post-login scripts.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
103 |
17398
552cab8feb5f
various - trivial NULL-related sparse cleanups
Phil Carmody <phil@dovecot.fi>
parents:
17130
diff
changeset
|
104 for (; args[i] != NULL; i++) { |
10460
b07f913040b1
script: Added enough features to get rawlog working again.
Timo Sirainen <tss@iki.fi>
parents:
10459
diff
changeset
|
105 args[i] = str_tabunescape(t_strdup_noconst(args[i])); |
b07f913040b1
script: Added enough features to get rawlog working again.
Timo Sirainen <tss@iki.fi>
parents:
10459
diff
changeset
|
106 value = strchr(args[i], '='); |
10459
e9cbc461c525
imap, pop3: Added back ability to run post-login scripts.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
107 if (value != NULL) { |
10460
b07f913040b1
script: Added enough features to get rawlog working again.
Timo Sirainen <tss@iki.fi>
parents:
10459
diff
changeset
|
108 key = t_str_ucase(t_strdup_until(args[i], value)); |
10459
e9cbc461c525
imap, pop3: Added back ability to run post-login scripts.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
109 env_put(t_strconcat(key, value, NULL)); |
e9cbc461c525
imap, pop3: Added back ability to run post-login scripts.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
110 str_printfa(keys, "%s ", key); |
e9cbc461c525
imap, pop3: Added back ability to run post-login scripts.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
111 } |
e9cbc461c525
imap, pop3: Added back ability to run post-login scripts.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
112 } |
e9cbc461c525
imap, pop3: Added back ability to run post-login scripts.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
113 env_put(t_strconcat(ENV_USERDB_KEYS"=", str_c(keys), NULL)); |
e9cbc461c525
imap, pop3: Added back ability to run post-login scripts.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
114 |
10460
b07f913040b1
script: Added enough features to get rawlog working again.
Timo Sirainen <tss@iki.fi>
parents:
10459
diff
changeset
|
115 master_service_init_log(master_service, |
11457
addb2c6c1dfb
Renamed "script" binary to "script-login".
Timo Sirainen <tss@iki.fi>
parents:
11388
diff
changeset
|
116 t_strdup_printf("script-login(%s): ", input.username)); |
10460
b07f913040b1
script: Added enough features to get rawlog working again.
Timo Sirainen <tss@iki.fi>
parents:
10459
diff
changeset
|
117 |
13062
a2d57b43ccb2
script-login: When not using "-d" parameter, don't do unnecessary config lookup.
Timo Sirainen <tss@iki.fi>
parents:
13006
diff
changeset
|
118 if (drop_to_userdb_privileges) { |
a2d57b43ccb2
script-login: When not using "-d" parameter, don't do unnecessary config lookup.
Timo Sirainen <tss@iki.fi>
parents:
13006
diff
changeset
|
119 service_ctx = mail_storage_service_init(master_service, NULL, flags); |
a2d57b43ccb2
script-login: When not using "-d" parameter, don't do unnecessary config lookup.
Timo Sirainen <tss@iki.fi>
parents:
13006
diff
changeset
|
120 if (mail_storage_service_lookup(service_ctx, &input, &user, &error) <= 0) |
a2d57b43ccb2
script-login: When not using "-d" parameter, don't do unnecessary config lookup.
Timo Sirainen <tss@iki.fi>
parents:
13006
diff
changeset
|
121 i_fatal("%s", error); |
a2d57b43ccb2
script-login: When not using "-d" parameter, don't do unnecessary config lookup.
Timo Sirainen <tss@iki.fi>
parents:
13006
diff
changeset
|
122 mail_storage_service_restrict_setenv(service_ctx, user); |
13872
73fbc40b860f
script-login -d: Ignore chrooting, we can't exec anything inside chroot.
Timo Sirainen <tss@iki.fi>
parents:
13871
diff
changeset
|
123 /* we can't exec anything in a chroot */ |
73fbc40b860f
script-login -d: Ignore chrooting, we can't exec anything inside chroot.
Timo Sirainen <tss@iki.fi>
parents:
13871
diff
changeset
|
124 env_remove("RESTRICT_CHROOT"); |
13005
56a1b3082b4b
script-login: Reverted last change.
Timo Sirainen <tss@iki.fi>
parents:
13004
diff
changeset
|
125 restrict_access_by_env(getenv("HOME"), TRUE); |
13062
a2d57b43ccb2
script-login: When not using "-d" parameter, don't do unnecessary config lookup.
Timo Sirainen <tss@iki.fi>
parents:
13006
diff
changeset
|
126 } |
10460
b07f913040b1
script: Added enough features to get rawlog working again.
Timo Sirainen <tss@iki.fi>
parents:
10459
diff
changeset
|
127 |
b07f913040b1
script: Added enough features to get rawlog working again.
Timo Sirainen <tss@iki.fi>
parents:
10459
diff
changeset
|
128 if (dup2(fd, STDIN_FILENO) < 0) |
b07f913040b1
script: Added enough features to get rawlog working again.
Timo Sirainen <tss@iki.fi>
parents:
10459
diff
changeset
|
129 i_fatal("dup2() failed: %m"); |
b07f913040b1
script: Added enough features to get rawlog working again.
Timo Sirainen <tss@iki.fi>
parents:
10459
diff
changeset
|
130 if (dup2(fd, STDOUT_FILENO) < 0) |
10459
e9cbc461c525
imap, pop3: Added back ability to run post-login scripts.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
131 i_fatal("dup2() failed: %m"); |
13871
477106b6f4c7
script-login: Close extra fds to avoid failing with --enable-devel-checks.
Timo Sirainen <tss@iki.fi>
parents:
13599
diff
changeset
|
132 if (close(fd) < 0) |
477106b6f4c7
script-login: Close extra fds to avoid failing with --enable-devel-checks.
Timo Sirainen <tss@iki.fi>
parents:
13599
diff
changeset
|
133 i_fatal("close() failed: %m"); |
10459
e9cbc461c525
imap, pop3: Added back ability to run post-login scripts.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
134 if (conn->fd != SCRIPT_COMM_FD) { |
e9cbc461c525
imap, pop3: Added back ability to run post-login scripts.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
135 if (dup2(conn->fd, SCRIPT_COMM_FD) < 0) |
e9cbc461c525
imap, pop3: Added back ability to run post-login scripts.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
136 i_fatal("dup2() failed: %m"); |
13871
477106b6f4c7
script-login: Close extra fds to avoid failing with --enable-devel-checks.
Timo Sirainen <tss@iki.fi>
parents:
13599
diff
changeset
|
137 if (close(conn->fd) < 0) |
477106b6f4c7
script-login: Close extra fds to avoid failing with --enable-devel-checks.
Timo Sirainen <tss@iki.fi>
parents:
13599
diff
changeset
|
138 i_fatal("close() failed: %m"); |
10459
e9cbc461c525
imap, pop3: Added back ability to run post-login scripts.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
139 } |
e9cbc461c525
imap, pop3: Added back ability to run post-login scripts.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
140 |
10471
484be10242a7
script: Close extra fds before executing post-login script.
Timo Sirainen <tss@iki.fi>
parents:
10463
diff
changeset
|
141 /* close all listener sockets */ |
484be10242a7
script: Close extra fds before executing post-login script.
Timo Sirainen <tss@iki.fi>
parents:
10463
diff
changeset
|
142 socket_count = master_service_get_socket_count(master_service); |
484be10242a7
script: Close extra fds before executing post-login script.
Timo Sirainen <tss@iki.fi>
parents:
10463
diff
changeset
|
143 for (i = 0; i < socket_count; i++) { |
484be10242a7
script: Close extra fds before executing post-login script.
Timo Sirainen <tss@iki.fi>
parents:
10463
diff
changeset
|
144 if (close(MASTER_LISTEN_FD_FIRST + i) < 0) |
484be10242a7
script: Close extra fds before executing post-login script.
Timo Sirainen <tss@iki.fi>
parents:
10463
diff
changeset
|
145 i_error("close(listener) failed: %m"); |
484be10242a7
script: Close extra fds before executing post-login script.
Timo Sirainen <tss@iki.fi>
parents:
10463
diff
changeset
|
146 } |
484be10242a7
script: Close extra fds before executing post-login script.
Timo Sirainen <tss@iki.fi>
parents:
10463
diff
changeset
|
147 if (close(MASTER_STATUS_FD) < 0) |
484be10242a7
script: Close extra fds before executing post-login script.
Timo Sirainen <tss@iki.fi>
parents:
10463
diff
changeset
|
148 i_error("close(status) failed: %m"); |
484be10242a7
script: Close extra fds before executing post-login script.
Timo Sirainen <tss@iki.fi>
parents:
10463
diff
changeset
|
149 |
10996
43f2452b7dd8
Replaced execv*() with execv*_const() wherever possible.
Timo Sirainen <tss@iki.fi>
parents:
10974
diff
changeset
|
150 execvp_const(exec_args[0], exec_args); |
10459
e9cbc461c525
imap, pop3: Added back ability to run post-login scripts.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
151 } |
e9cbc461c525
imap, pop3: Added back ability to run post-login scripts.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
152 |
e9cbc461c525
imap, pop3: Added back ability to run post-login scripts.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
153 static void script_execute_finish(void) |
e9cbc461c525
imap, pop3: Added back ability to run post-login scripts.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
154 { |
e9cbc461c525
imap, pop3: Added back ability to run post-login scripts.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
155 const char *keys_str, *username, *const *keys, *value; |
e9cbc461c525
imap, pop3: Added back ability to run post-login scripts.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
156 string_t *reply = t_str_new(512); |
e9cbc461c525
imap, pop3: Added back ability to run post-login scripts.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
157 ssize_t ret; |
e9cbc461c525
imap, pop3: Added back ability to run post-login scripts.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
158 |
e9cbc461c525
imap, pop3: Added back ability to run post-login scripts.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
159 keys_str = getenv(ENV_USERDB_KEYS); |
e9cbc461c525
imap, pop3: Added back ability to run post-login scripts.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
160 if (keys_str == NULL) |
e9cbc461c525
imap, pop3: Added back ability to run post-login scripts.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
161 i_fatal(ENV_USERDB_KEYS" environment missing"); |
e9cbc461c525
imap, pop3: Added back ability to run post-login scripts.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
162 |
e9cbc461c525
imap, pop3: Added back ability to run post-login scripts.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
163 username = getenv("USER"); |
e9cbc461c525
imap, pop3: Added back ability to run post-login scripts.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
164 if (username == NULL) |
e9cbc461c525
imap, pop3: Added back ability to run post-login scripts.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
165 i_fatal("USER environment missing"); |
e9cbc461c525
imap, pop3: Added back ability to run post-login scripts.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
166 str_append(reply, username); |
e9cbc461c525
imap, pop3: Added back ability to run post-login scripts.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
167 |
e9cbc461c525
imap, pop3: Added back ability to run post-login scripts.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
168 for (keys = t_strsplit_spaces(keys_str, " "); *keys != NULL; keys++) { |
e9cbc461c525
imap, pop3: Added back ability to run post-login scripts.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
169 value = getenv(t_str_ucase(*keys)); |
e9cbc461c525
imap, pop3: Added back ability to run post-login scripts.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
170 if (value != NULL) { |
e9cbc461c525
imap, pop3: Added back ability to run post-login scripts.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
171 str_append_c(reply, '\t'); |
15068
002e0a120c2a
Renamed str_tabescape_write() to str_append_tabescaped()
Timo Sirainen <tss@iki.fi>
parents:
14471
diff
changeset
|
172 str_append_tabescaped(reply, |
10459
e9cbc461c525
imap, pop3: Added back ability to run post-login scripts.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
173 t_strconcat(t_str_lcase(*keys), "=", |
e9cbc461c525
imap, pop3: Added back ability to run post-login scripts.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
174 value, NULL)); |
e9cbc461c525
imap, pop3: Added back ability to run post-login scripts.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
175 } |
e9cbc461c525
imap, pop3: Added back ability to run post-login scripts.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
176 } |
e9cbc461c525
imap, pop3: Added back ability to run post-login scripts.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
177 str_append_c(reply, '\n'); |
e9cbc461c525
imap, pop3: Added back ability to run post-login scripts.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
178 |
13963
db37a5818b92
script-login: If we fail to finish, exit with 0 to avoid master logging error unnecessarily.
Timo Sirainen <tss@iki.fi>
parents:
13872
diff
changeset
|
179 /* finish by sending the fd to the mail process */ |
10460
b07f913040b1
script: Added enough features to get rawlog working again.
Timo Sirainen <tss@iki.fi>
parents:
10459
diff
changeset
|
180 ret = fd_send(SCRIPT_COMM_FD, STDOUT_FILENO, |
10459
e9cbc461c525
imap, pop3: Added back ability to run post-login scripts.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
181 str_data(reply), str_len(reply)); |
13963
db37a5818b92
script-login: If we fail to finish, exit with 0 to avoid master logging error unnecessarily.
Timo Sirainen <tss@iki.fi>
parents:
13872
diff
changeset
|
182 if (ret == (ssize_t)str_len(reply)) { |
db37a5818b92
script-login: If we fail to finish, exit with 0 to avoid master logging error unnecessarily.
Timo Sirainen <tss@iki.fi>
parents:
13872
diff
changeset
|
183 /* success */ |
db37a5818b92
script-login: If we fail to finish, exit with 0 to avoid master logging error unnecessarily.
Timo Sirainen <tss@iki.fi>
parents:
13872
diff
changeset
|
184 } else { |
db37a5818b92
script-login: If we fail to finish, exit with 0 to avoid master logging error unnecessarily.
Timo Sirainen <tss@iki.fi>
parents:
13872
diff
changeset
|
185 if (ret < 0) |
db37a5818b92
script-login: If we fail to finish, exit with 0 to avoid master logging error unnecessarily.
Timo Sirainen <tss@iki.fi>
parents:
13872
diff
changeset
|
186 i_error("fd_send() failed: %m"); |
db37a5818b92
script-login: If we fail to finish, exit with 0 to avoid master logging error unnecessarily.
Timo Sirainen <tss@iki.fi>
parents:
13872
diff
changeset
|
187 else |
db37a5818b92
script-login: If we fail to finish, exit with 0 to avoid master logging error unnecessarily.
Timo Sirainen <tss@iki.fi>
parents:
13872
diff
changeset
|
188 i_error("fd_send() sent partial output"); |
db37a5818b92
script-login: If we fail to finish, exit with 0 to avoid master logging error unnecessarily.
Timo Sirainen <tss@iki.fi>
parents:
13872
diff
changeset
|
189 /* exit with 0 even though we failed. non-0 exit just makes |
db37a5818b92
script-login: If we fail to finish, exit with 0 to avoid master logging error unnecessarily.
Timo Sirainen <tss@iki.fi>
parents:
13872
diff
changeset
|
190 master log an unnecessary error. */ |
db37a5818b92
script-login: If we fail to finish, exit with 0 to avoid master logging error unnecessarily.
Timo Sirainen <tss@iki.fi>
parents:
13872
diff
changeset
|
191 } |
10459
e9cbc461c525
imap, pop3: Added back ability to run post-login scripts.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
192 } |
e9cbc461c525
imap, pop3: Added back ability to run post-login scripts.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
193 |
e9cbc461c525
imap, pop3: Added back ability to run post-login scripts.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
194 int main(int argc, char *argv[]) |
e9cbc461c525
imap, pop3: Added back ability to run post-login scripts.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
195 { |
e9cbc461c525
imap, pop3: Added back ability to run post-login scripts.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
196 enum master_service_flags flags = 0; |
10460
b07f913040b1
script: Added enough features to get rawlog working again.
Timo Sirainen <tss@iki.fi>
parents:
10459
diff
changeset
|
197 int i, c; |
10459
e9cbc461c525
imap, pop3: Added back ability to run post-login scripts.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
198 |
12425
10c163bb5e22
"Running standalone?" check now uses a new DOVECOT_CHILD_PROCESS environment rather than GENERATION.
Timo Sirainen <tss@iki.fi>
parents:
11482
diff
changeset
|
199 if (getenv(MASTER_IS_PARENT_ENV) == NULL) |
10459
e9cbc461c525
imap, pop3: Added back ability to run post-login scripts.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
200 flags |= MASTER_SERVICE_FLAG_STANDALONE; |
e9cbc461c525
imap, pop3: Added back ability to run post-login scripts.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
201 |
11457
addb2c6c1dfb
Renamed "script" binary to "script-login".
Timo Sirainen <tss@iki.fi>
parents:
11388
diff
changeset
|
202 master_service = master_service_init("script-login", flags, |
13005
56a1b3082b4b
script-login: Reverted last change.
Timo Sirainen <tss@iki.fi>
parents:
13004
diff
changeset
|
203 &argc, &argv, "+d"); |
10460
b07f913040b1
script: Added enough features to get rawlog working again.
Timo Sirainen <tss@iki.fi>
parents:
10459
diff
changeset
|
204 while ((c = master_getopt(master_service)) > 0) { |
b07f913040b1
script: Added enough features to get rawlog working again.
Timo Sirainen <tss@iki.fi>
parents:
10459
diff
changeset
|
205 switch (c) { |
13005
56a1b3082b4b
script-login: Reverted last change.
Timo Sirainen <tss@iki.fi>
parents:
13004
diff
changeset
|
206 case 'd': |
13006
25a452227a09
script-login: When -d isn't given, drop privileges as specified by the service settings.
Timo Sirainen <tss@iki.fi>
parents:
13005
diff
changeset
|
207 drop_to_userdb_privileges = TRUE; |
10460
b07f913040b1
script: Added enough features to get rawlog working again.
Timo Sirainen <tss@iki.fi>
parents:
10459
diff
changeset
|
208 break; |
b07f913040b1
script: Added enough features to get rawlog working again.
Timo Sirainen <tss@iki.fi>
parents:
10459
diff
changeset
|
209 default: |
b07f913040b1
script: Added enough features to get rawlog working again.
Timo Sirainen <tss@iki.fi>
parents:
10459
diff
changeset
|
210 return FATAL_DEFAULT; |
b07f913040b1
script: Added enough features to get rawlog working again.
Timo Sirainen <tss@iki.fi>
parents:
10459
diff
changeset
|
211 } |
b07f913040b1
script: Added enough features to get rawlog working again.
Timo Sirainen <tss@iki.fi>
parents:
10459
diff
changeset
|
212 } |
b07f913040b1
script: Added enough features to get rawlog working again.
Timo Sirainen <tss@iki.fi>
parents:
10459
diff
changeset
|
213 argc -= optind; |
b07f913040b1
script: Added enough features to get rawlog working again.
Timo Sirainen <tss@iki.fi>
parents:
10459
diff
changeset
|
214 argv += optind; |
10459
e9cbc461c525
imap, pop3: Added back ability to run post-login scripts.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
215 |
11457
addb2c6c1dfb
Renamed "script" binary to "script-login".
Timo Sirainen <tss@iki.fi>
parents:
11388
diff
changeset
|
216 master_service_init_log(master_service, "script-login: "); |
13006
25a452227a09
script-login: When -d isn't given, drop privileges as specified by the service settings.
Timo Sirainen <tss@iki.fi>
parents:
13005
diff
changeset
|
217 |
25a452227a09
script-login: When -d isn't given, drop privileges as specified by the service settings.
Timo Sirainen <tss@iki.fi>
parents:
13005
diff
changeset
|
218 if (!drop_to_userdb_privileges && |
25a452227a09
script-login: When -d isn't given, drop privileges as specified by the service settings.
Timo Sirainen <tss@iki.fi>
parents:
13005
diff
changeset
|
219 (flags & MASTER_SERVICE_FLAG_STANDALONE) == 0) { |
25a452227a09
script-login: When -d isn't given, drop privileges as specified by the service settings.
Timo Sirainen <tss@iki.fi>
parents:
13005
diff
changeset
|
220 /* drop to privileges defined by service settings */ |
25a452227a09
script-login: When -d isn't given, drop privileges as specified by the service settings.
Timo Sirainen <tss@iki.fi>
parents:
13005
diff
changeset
|
221 restrict_access_by_env(NULL, FALSE); |
25a452227a09
script-login: When -d isn't given, drop privileges as specified by the service settings.
Timo Sirainen <tss@iki.fi>
parents:
13005
diff
changeset
|
222 } |
25a452227a09
script-login: When -d isn't given, drop privileges as specified by the service settings.
Timo Sirainen <tss@iki.fi>
parents:
13005
diff
changeset
|
223 |
10459
e9cbc461c525
imap, pop3: Added back ability to run post-login scripts.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
224 master_service_init_finish(master_service); |
e9cbc461c525
imap, pop3: Added back ability to run post-login scripts.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
225 master_service_set_service_count(master_service, 1); |
e9cbc461c525
imap, pop3: Added back ability to run post-login scripts.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
226 |
13006
25a452227a09
script-login: When -d isn't given, drop privileges as specified by the service settings.
Timo Sirainen <tss@iki.fi>
parents:
13005
diff
changeset
|
227 if ((flags & MASTER_SERVICE_FLAG_STANDALONE) != 0) { |
25a452227a09
script-login: When -d isn't given, drop privileges as specified by the service settings.
Timo Sirainen <tss@iki.fi>
parents:
13005
diff
changeset
|
228 /* The last post-login script is calling us to finish login */ |
10459
e9cbc461c525
imap, pop3: Added back ability to run post-login scripts.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
229 script_execute_finish(); |
13006
25a452227a09
script-login: When -d isn't given, drop privileges as specified by the service settings.
Timo Sirainen <tss@iki.fi>
parents:
13005
diff
changeset
|
230 } else { |
10460
b07f913040b1
script: Added enough features to get rawlog working again.
Timo Sirainen <tss@iki.fi>
parents:
10459
diff
changeset
|
231 if (argv[0] == NULL) |
11459
c86b90148906
script-login: Error message fix.
Timo Sirainen <tss@iki.fi>
parents:
11457
diff
changeset
|
232 i_fatal("Missing script path"); |
10996
43f2452b7dd8
Replaced execv*() with execv*_const() wherever possible.
Timo Sirainen <tss@iki.fi>
parents:
10974
diff
changeset
|
233 exec_args = i_new(const char *, argc + 2); |
10460
b07f913040b1
script: Added enough features to get rawlog working again.
Timo Sirainen <tss@iki.fi>
parents:
10459
diff
changeset
|
234 for (i = 0; i < argc; i++) |
b07f913040b1
script: Added enough features to get rawlog working again.
Timo Sirainen <tss@iki.fi>
parents:
10459
diff
changeset
|
235 exec_args[i] = argv[i]; |
11457
addb2c6c1dfb
Renamed "script" binary to "script-login".
Timo Sirainen <tss@iki.fi>
parents:
11388
diff
changeset
|
236 exec_args[i] = PKG_LIBEXECDIR"/script-login"; |
10460
b07f913040b1
script: Added enough features to get rawlog working again.
Timo Sirainen <tss@iki.fi>
parents:
10459
diff
changeset
|
237 exec_args[i+1] = NULL; |
b07f913040b1
script: Added enough features to get rawlog working again.
Timo Sirainen <tss@iki.fi>
parents:
10459
diff
changeset
|
238 |
b07f913040b1
script: Added enough features to get rawlog working again.
Timo Sirainen <tss@iki.fi>
parents:
10459
diff
changeset
|
239 if (exec_args[0][0] != '/') { |
10996
43f2452b7dd8
Replaced execv*() with execv*_const() wherever possible.
Timo Sirainen <tss@iki.fi>
parents:
10974
diff
changeset
|
240 exec_args[0] = t_strconcat(PKG_LIBEXECDIR"/", |
43f2452b7dd8
Replaced execv*() with execv*_const() wherever possible.
Timo Sirainen <tss@iki.fi>
parents:
10974
diff
changeset
|
241 exec_args[0], NULL); |
10460
b07f913040b1
script: Added enough features to get rawlog working again.
Timo Sirainen <tss@iki.fi>
parents:
10459
diff
changeset
|
242 } |
10459
e9cbc461c525
imap, pop3: Added back ability to run post-login scripts.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
243 |
e9cbc461c525
imap, pop3: Added back ability to run post-login scripts.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
244 master_service_run(master_service, client_connected); |
e9cbc461c525
imap, pop3: Added back ability to run post-login scripts.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
245 } |
e9cbc461c525
imap, pop3: Added back ability to run post-login scripts.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
246 master_service_deinit(&master_service); |
e9cbc461c525
imap, pop3: Added back ability to run post-login scripts.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
247 return 0; |
e9cbc461c525
imap, pop3: Added back ability to run post-login scripts.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
248 } |