meillo@0: /* MasqMail meillo@0: Copyright (C) 1999-2001 Oliver Kurth meillo@76: Copyright (C) 2010 markus schnalke meillo@0: meillo@0: This program is free software; you can redistribute it and/or modify meillo@0: it under the terms of the GNU General Public License as published by meillo@0: the Free Software Foundation; either version 2 of the License, or meillo@0: (at your option) any later version. meillo@0: meillo@0: This program is distributed in the hope that it will be useful, meillo@0: but WITHOUT ANY WARRANTY; without even the implied warranty of meillo@0: MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the meillo@0: GNU General Public License for more details. meillo@0: meillo@0: You should have received a copy of the GNU General Public License meillo@0: along with this program; if not, write to the Free Software meillo@0: Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. meillo@0: */ meillo@0: meillo@0: #include meillo@0: #include meillo@0: #include meillo@0: #include meillo@0: #include meillo@0: #include meillo@0: #include meillo@0: #include meillo@0: #include meillo@0: #include meillo@0: #include meillo@0: #include meillo@0: meillo@0: #include meillo@0: meillo@0: #include "masqmail.h" meillo@0: meillo@192: /* mutually exclusive modes. Note that there is no 'queue daemon' mode. meillo@192: It, as well as the distinction beween the two (non exclusive) daemon meillo@192: (queue and listen) modes, is handled by flags.*/ meillo@10: typedef enum _mta_mode { meillo@259: MODE_NONE = 0, /* for being able to check if a mode was defined */ meillo@259: MODE_ACCEPT, /* accept message on stdin */ meillo@10: MODE_DAEMON, /* run as daemon */ meillo@10: MODE_RUNQUEUE, /* single queue run, online or offline */ meillo@10: MODE_SMTP, /* accept SMTP on stdin */ meillo@10: MODE_LIST, /* list queue */ meillo@10: MODE_MCMD, /* do queue manipulation */ meillo@10: MODE_VERSION, /* show version */ meillo@10: MODE_BI, /* fake ;-) */ meillo@10: } mta_mode; meillo@0: meillo@0: char *pidfile = NULL; meillo@0: volatile int sigterm_in_progress = 0; meillo@0: meillo@10: static void meillo@10: sigterm_handler(int sig) meillo@0: { meillo@10: if (sigterm_in_progress) meillo@10: raise(sig); meillo@10: sigterm_in_progress = 1; meillo@0: meillo@10: if (pidfile) { meillo@10: uid_t uid; meillo@10: uid = seteuid(0); meillo@10: if (unlink(pidfile) != 0) meillo@10: logwrite(LOG_WARNING, "could not delete pid file %s: %s\n", pidfile, strerror(errno)); meillo@10: seteuid(uid); /* we exit anyway after this, just to be sure */ meillo@10: } meillo@0: meillo@10: signal(sig, SIG_DFL); meillo@10: raise(sig); meillo@0: } meillo@0: meillo@10: #ifdef ENABLE_IDENT /* so far used for that only */ meillo@10: static gboolean meillo@10: is_in_netlist(gchar * host, GList * netlist) meillo@0: { meillo@10: guint hostip = inet_addr(host); meillo@10: struct in_addr addr; meillo@0: meillo@10: addr.s_addr = hostip; meillo@10: if (addr.s_addr != INADDR_NONE) { meillo@10: GList *node; meillo@10: foreach(netlist, node) { meillo@10: struct in_addr *net = (struct in_addr *) (node->data); meillo@10: if ((addr.s_addr & net->s_addr) == net->s_addr) meillo@10: return TRUE; meillo@10: } meillo@10: } meillo@10: return FALSE; meillo@0: } meillo@0: #endif meillo@0: meillo@249: /* meillo@249: argv: the original argv meillo@249: argp: number of arg (may get modified!) meillo@249: cp: pointing to the char after the option meillo@249: e.g. `-d 6' `-d6' meillo@249: ^ ^ meillo@249: */ meillo@10: gchar* meillo@249: get_optarg(char* argv[], gint* argp, char* cp) meillo@0: { meillo@249: if (*cp) { meillo@249: /* this kind: -xval */ meillo@249: return cp; meillo@249: } meillo@249: cp = argv[*argp+1]; meillo@249: if (cp && (*cp != '-')) { meillo@249: /* this kind: -x val */ meillo@249: (*argp)++; meillo@249: return cp; meillo@10: } meillo@10: return NULL; meillo@0: } meillo@0: meillo@10: gboolean meillo@10: write_pidfile(gchar * name) meillo@0: { meillo@10: FILE *fptr; meillo@0: meillo@10: if ((fptr = fopen(name, "wt"))) { meillo@10: fprintf(fptr, "%d\n", getpid()); meillo@10: fclose(fptr); meillo@10: pidfile = strdup(name); meillo@10: return TRUE; meillo@10: } meillo@10: logwrite(LOG_WARNING, "could not write pid file: %s\n", strerror(errno)); meillo@10: return FALSE; meillo@10: } meillo@0: meillo@264: /* on -bd or if -q has an argument */ meillo@10: static void meillo@10: mode_daemon(gboolean do_listen, gint queue_interval, char *argv[]) meillo@10: { meillo@10: guint pid; meillo@0: meillo@10: /* daemon */ meillo@10: if (!conf.run_as_user) { meillo@10: if ((conf.orig_uid != 0) && (conf.orig_uid != conf.mail_uid)) { meillo@10: fprintf(stderr, "must be root or %s for daemon.\n", DEF_MAIL_USER); meillo@262: exit(1); meillo@10: } meillo@10: } meillo@0: meillo@74: /* reparent to init only if init is not already the parent */ meillo@74: if (getppid() != 1) { meillo@74: if ((pid = fork()) > 0) { meillo@262: exit(0); meillo@74: } else if (pid < 0) { meillo@208: logwrite(LOG_ALERT, "could not fork!\n"); meillo@262: exit(1); meillo@74: } meillo@10: } meillo@0: meillo@10: signal(SIGTERM, sigterm_handler); meillo@10: write_pidfile(PIDFILEDIR "/masqmail.pid"); meillo@0: meillo@10: conf.do_verbose = FALSE; meillo@10: meillo@72: /* closing and reopening the log ensures that it is open afterwards meillo@72: because it is possible that the log is assigned to fd 1 and gets meillo@72: thus closes by fclose(stdout). Similar for the debugfile. meillo@72: */ meillo@72: logclose(); meillo@10: fclose(stdin); meillo@10: fclose(stdout); meillo@10: fclose(stderr); meillo@72: logopen(); meillo@10: meillo@208: logwrite(LOG_NOTICE, "%s %s daemon starting\n", PACKAGE, VERSION); meillo@10: listen_port(do_listen ? conf.listen_addresses : NULL, queue_interval, argv); meillo@0: } meillo@0: meillo@264: /* -bs or called as smtpd or in.smtpd */ meillo@10: static void meillo@10: mode_smtp() meillo@0: { meillo@10: /* accept smtp message on stdin */ meillo@10: /* write responses to stderr. */ meillo@0: meillo@10: struct sockaddr_in saddr; meillo@10: gchar *peername = NULL; meillo@10: int dummy = sizeof(saddr); meillo@0: meillo@10: conf.do_verbose = FALSE; meillo@0: meillo@10: if (!conf.run_as_user) { meillo@10: seteuid(conf.orig_uid); meillo@10: setegid(conf.orig_gid); meillo@10: } meillo@0: meillo@10: DEBUG(5) debugf("accepting smtp message on stdin\n"); meillo@0: meillo@10: if (getpeername(0, (struct sockaddr *) (&saddr), &dummy) == 0) { meillo@10: peername = g_strdup(inet_ntoa(saddr.sin_addr)); meillo@10: } else if (errno != ENOTSOCK) meillo@262: exit(1); meillo@0: meillo@10: smtp_in(stdin, stderr, peername, NULL); meillo@0: } meillo@0: meillo@264: /* default mode if address args or -t is specified, or called as rmail */ meillo@10: static void meillo@10: mode_accept(address * return_path, gchar * full_sender_name, guint accept_flags, char **addresses, int addr_cnt) meillo@0: { meillo@10: /* accept message on stdin */ meillo@10: accept_error err; meillo@10: message *msg = create_message(); meillo@10: gint i; meillo@266: pid_t pid; meillo@0: meillo@83: if (return_path && !is_privileged_user(conf.orig_uid)) { meillo@96: fprintf(stderr, "must be root, %s or in group %s for setting return path.\n", DEF_MAIL_USER, DEF_MAIL_GROUP); meillo@262: exit(1); meillo@10: } meillo@0: meillo@10: if (!conf.run_as_user) { meillo@10: seteuid(conf.orig_uid); meillo@10: setegid(conf.orig_gid); meillo@10: } meillo@0: meillo@10: DEBUG(5) debugf("accepting message on stdin\n"); meillo@0: meillo@10: msg->received_prot = PROT_LOCAL; meillo@10: for (i = 0; i < addr_cnt; i++) { meillo@266: if (addresses[i][0] == '|') { meillo@10: logwrite(LOG_ALERT, "no pipe allowed as recipient address: %s\n", addresses[i]); meillo@262: exit(1); meillo@10: } meillo@264: msg->rcpt_list = g_list_append(msg->rcpt_list, create_address_qualified(addresses[i], TRUE, conf.host_name)); meillo@10: } meillo@0: meillo@10: /* -f option */ meillo@10: msg->return_path = return_path; meillo@0: meillo@10: /* -F option */ meillo@10: msg->full_sender_name = full_sender_name; meillo@0: meillo@266: err = accept_message(stdin, msg, accept_flags); meillo@0: meillo@266: switch (err) { meillo@266: case AERR_OK: meillo@266: /* to continue; all other cases exit */ meillo@266: break; meillo@266: case AERR_EOF: meillo@266: fprintf(stderr, "unexpected EOF.\n"); meillo@266: exit(1); meillo@266: case AERR_NORCPT: meillo@266: fprintf(stderr, "no recipients.\n"); meillo@266: exit(1); meillo@266: case AERR_SIZE: meillo@266: fprintf(stderr, "max message size exceeded.\n"); meillo@266: exit(1); meillo@266: default: meillo@266: /* should never happen: */ meillo@266: fprintf(stderr, "Unknown error (%d)\r\n", err); meillo@266: exit(1); meillo@266: } meillo@266: meillo@266: if (!spool_write(msg, TRUE)) { meillo@266: fprintf(stderr, "Could not write spool file\n"); meillo@266: exit(1); meillo@266: } meillo@266: meillo@267: /* here the mail is queued and thus in our responsibility */ meillo@266: logwrite(LOG_NOTICE, "%s <= %s with %s\n", msg->uid, addr_string(msg->return_path), prot_names[PROT_LOCAL]); meillo@266: meillo@266: if (conf.do_queue) { meillo@266: /* we're finished as we only need to queue it */ meillo@266: return; meillo@266: } meillo@266: meillo@266: /* deliver at once */ meillo@266: if ((pid = fork()) < 0) { meillo@266: logwrite(LOG_ALERT, "could not fork for delivery, id = %s\n", msg->uid); meillo@266: } else if (pid == 0) { meillo@266: conf.do_verbose = FALSE; meillo@266: fclose(stdin); meillo@266: fclose(stdout); meillo@266: fclose(stderr); meillo@266: if (deliver(msg)) { meillo@266: exit(0); meillo@10: } else { meillo@267: /* meillo@267: TODO: meillo@267: Should we really fail here? Because the mail is queued meillo@267: already. If we fail the client might submit it again. meillo@267: If at-once-delivery is seen as an additional best-effort meillo@267: service, then we should still exit successful here. meillo@267: */ meillo@262: exit(1); meillo@10: } meillo@0: } meillo@0: } meillo@0: meillo@250: /* meillo@264: if -Mrm is given meillo@264: meillo@250: currently only the `rm' command is supported meillo@250: until this changes, we don't need any facility for further commands meillo@250: return success if at least one message had been deleted meillo@250: */ meillo@250: static int meillo@250: manipulate_queue(char* cmd, char* id[]) meillo@250: { meillo@250: gboolean ok = FALSE; meillo@250: meillo@250: if (strcmp(cmd, "rm") != 0) { meillo@250: fprintf(stderr, "unknown command %s\n", cmd); meillo@250: return FALSE; meillo@250: } meillo@250: meillo@250: set_euidgid(conf.mail_uid, conf.mail_gid, NULL, NULL); meillo@250: meillo@250: /* privileged users may delete any mail */ meillo@250: if (is_privileged_user(conf.orig_uid)) { meillo@250: for (; *id; id++) { meillo@250: fprintf(stderr, "id: %s\n", *id); meillo@250: if (queue_delete(*id)) { meillo@250: ok = TRUE; meillo@250: } meillo@250: } meillo@250: return ok; meillo@250: } meillo@250: meillo@250: struct passwd *pw = getpwuid(conf.orig_uid); meillo@250: if (!pw) { meillo@250: fprintf(stderr, "could not find a passwd entry for uid %d: %s\n", meillo@250: conf.orig_uid, strerror(errno)); meillo@250: return FALSE; meillo@250: } meillo@250: meillo@250: /* non-privileged users may only delete their own messages */ meillo@250: for (; *id; id++) { meillo@250: message *msg = msg_spool_read(*id, FALSE); meillo@250: meillo@250: fprintf(stderr, "id: %s\n", *id); meillo@250: meillo@250: if (!msg->ident) { meillo@250: fprintf(stderr, "message %s does not have an ident\n", *id); meillo@250: continue; meillo@250: } meillo@250: if (strcmp(pw->pw_name, msg->ident) != 0) { meillo@250: fprintf(stderr, "you do not own message id %s\n", *id); meillo@250: continue; meillo@250: } meillo@250: meillo@250: if ( (msg->received_host || (msg->received_prot != PROT_LOCAL)) meillo@250: #ifdef ENABLE_IDENT meillo@250: && !is_in_netlist(msg->received_host, conf.ident_trusted_nets) meillo@250: #endif meillo@250: ) { meillo@250: fprintf(stderr, "message %s was not received locally or from a trusted network\n", *id); meillo@250: continue; meillo@250: } meillo@250: meillo@250: ok = queue_delete(*id); meillo@250: } meillo@250: return ok; meillo@250: } meillo@250: meillo@264: /* -qo, -q (without argument), or called as runq */ meillo@264: /* TODO: are -qo and -q exclusively or not? meillo@264: And how is this related to being a daemon? */ meillo@251: static int meillo@251: run_queue(gboolean do_runq, gboolean do_runq_online, char* route_name) meillo@251: { meillo@251: int ret; meillo@251: meillo@251: /* queue runs */ meillo@251: set_identity(conf.orig_uid, "queue run"); meillo@251: meillo@251: if (do_runq) { meillo@251: ret = queue_run(); meillo@251: } meillo@251: meillo@251: if (do_runq_online) { meillo@251: if (route_name) { meillo@251: conf.online_detect = g_strdup("argument"); meillo@251: set_online_name(route_name); meillo@251: } meillo@251: ret = queue_run_online(); meillo@251: } meillo@251: return ret; meillo@251: } meillo@251: meillo@264: /* -bV or default mode if neither addr arg nor -t */ meillo@261: static void meillo@261: mode_version(void) meillo@261: { meillo@261: gchar *with_resolver = ""; meillo@261: gchar *with_auth = ""; meillo@261: gchar *with_ident = ""; meillo@261: meillo@261: #ifdef ENABLE_RESOLVER meillo@261: with_resolver = " +resolver"; meillo@261: #endif meillo@261: #ifdef ENABLE_AUTH meillo@261: with_auth = " +auth"; meillo@261: #endif meillo@261: #ifdef ENABLE_IDENT meillo@261: with_ident = " +ident"; meillo@261: #endif meillo@261: meillo@261: printf("%s %s%s%s%s\n", PACKAGE, VERSION, with_resolver, with_auth, with_ident); meillo@261: } meillo@261: meillo@0: int meillo@0: main(int argc, char *argv[]) meillo@0: { meillo@251: gchar *progname; meillo@249: char* opt; meillo@249: gint arg; meillo@0: meillo@259: mta_mode mta_mode = MODE_NONE; meillo@10: gboolean do_listen = FALSE; meillo@10: gboolean do_runq = FALSE; meillo@10: gboolean do_runq_online = FALSE; meillo@10: gboolean do_queue = FALSE; meillo@10: gint queue_interval = 0; meillo@251: gchar *M_cmd = NULL; meillo@10: gboolean opt_t = FALSE; meillo@10: gboolean opt_i = FALSE; meillo@251: gchar *conf_file = CONF_FILE; meillo@10: gchar *route_name = NULL; meillo@10: gchar *f_address = NULL; meillo@251: address *return_path = NULL; /* may be changed by -f option */ meillo@10: gchar *full_sender_name = NULL; meillo@251: gboolean do_verbose = FALSE; meillo@251: gint debug_level = -1; meillo@0: meillo@260: /* strip the path part */ meillo@261: progname = strrchr(argv[0], '/'); meillo@261: progname = (progname) ? progname+1 : argv[0]; meillo@0: meillo@10: if (strcmp(progname, "mailq") == 0) { meillo@10: mta_mode = MODE_LIST; meillo@10: } else if (strcmp(progname, "mailrm") == 0) { meillo@10: mta_mode = MODE_MCMD; meillo@10: M_cmd = "rm"; meillo@10: } else if (strcmp(progname, "runq") == 0) { meillo@10: mta_mode = MODE_RUNQUEUE; meillo@10: do_runq = TRUE; meillo@10: } else if (strcmp(progname, "rmail") == 0) { meillo@89: /* the `rmail' alias should probably be removed now meillo@89: that we have the rmail script. But let's keep it meillo@89: for some while for compatibility. 2010-06-19 */ meillo@10: mta_mode = MODE_ACCEPT; meillo@10: opt_i = TRUE; meillo@10: } else if (strcmp(progname, "smtpd") == 0 || strcmp(progname, "in.smtpd") == 0) { meillo@10: mta_mode = MODE_SMTP; meillo@10: } meillo@0: meillo@10: /* parse cmd line */ meillo@249: for (arg=1; arg= 0) { /* if >= 0, it was given by argument */ meillo@10: conf.debug_level = debug_level; meillo@251: } meillo@0: meillo@46: /* It appears that changing to / ensures that we are never in meillo@46: a directory which we cannot access. This situation could be meillo@46: possible after changing identity. meillo@46: Maybe we should only change to / if we not run as user, to meillo@46: allow relative paths for log files in test setups for meillo@46: instance. meillo@46: */ meillo@10: chdir("/"); meillo@0: meillo@10: if (!conf.run_as_user) { meillo@10: if (setgid(0) != 0) { meillo@10: fprintf(stderr, "could not set gid to 0. Is the setuid bit set? : %s\n", strerror(errno)); meillo@262: exit(1); meillo@10: } meillo@10: if (setuid(0) != 0) { meillo@10: fprintf(stderr, "could not gain root privileges. Is the setuid bit set? : %s\n", strerror(errno)); meillo@262: exit(1); meillo@10: } meillo@10: } meillo@0: meillo@10: if (!logopen()) { meillo@10: fprintf(stderr, "could not open log file\n"); meillo@262: exit(1); meillo@10: } meillo@0: meillo@10: DEBUG(1) debugf("masqmail %s starting\n", VERSION); meillo@0: meillo@10: DEBUG(5) { meillo@10: gchar **str = argv; meillo@10: debugf("args: \n"); meillo@10: while (*str) { meillo@10: debugf("%s \n", *str); meillo@10: str++; meillo@10: } meillo@10: } meillo@10: DEBUG(5) debugf("queue_interval = %d\n", queue_interval); meillo@0: meillo@10: if (f_address) { meillo@10: return_path = create_address_qualified(f_address, TRUE, conf.host_name); meillo@10: g_free(f_address); meillo@10: if (!return_path) { meillo@10: fprintf(stderr, "invalid RFC821 address: %s\n", f_address); meillo@262: exit(1); meillo@10: } meillo@10: } meillo@10: meillo@10: switch (mta_mode) { meillo@10: case MODE_DAEMON: meillo@10: mode_daemon(do_listen, queue_interval, argv); meillo@10: break; meillo@251: meillo@10: case MODE_RUNQUEUE: meillo@251: exit(run_queue(do_runq, do_runq_online, route_name) ? 0 : 1); meillo@10: break; meillo@10: meillo@10: case MODE_SMTP: meillo@10: mode_smtp(); meillo@10: break; meillo@10: meillo@10: case MODE_LIST: meillo@10: queue_list(); meillo@10: break; meillo@10: meillo@10: case MODE_BI: meillo@262: exit(0); meillo@10: break; /* well... */ meillo@10: meillo@10: case MODE_MCMD: meillo@250: exit(manipulate_queue(M_cmd, &argv[arg]) ? 0 : 1); meillo@10: break; meillo@10: meillo@10: case MODE_ACCEPT: meillo@10: { meillo@268: guint accept_flags = (opt_t ? ACC_RCPT_FROM_HEAD : 0) meillo@110: | (opt_i ? ACC_DOT_IGNORE : ACC_NODOT_RELAX); meillo@10: mode_accept(return_path, full_sender_name, accept_flags, &(argv[arg]), argc - arg); meillo@258: exit(0); meillo@10: } meillo@10: break; meillo@251: meillo@10: default: meillo@10: fprintf(stderr, "unknown mode: %d\n", mta_mode); meillo@10: break; meillo@0: } meillo@0: meillo@10: logclose(); meillo@0: meillo@263: exit(0); meillo@0: }