Adding upstream version 1:2.3.21+dfsg1.upstream/1%2.3.21+dfsg1

Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>

1 files changed, 591 insertions, 0 deletions

diff --git a/src/imap/main.c b/src/imap/main.c
new file mode 100644
index 0000000..cca5075
--- /dev/null
+++ b/src/imap/main.c
@@ -0,0 +1,591 @@
+/* Copyright (c) 2002-2018 Dovecot authors, see the included COPYING file */
+
+#include "imap-common.h"
+#include "ioloop.h"
+#include "istream.h"
+#include "ostream.h"
+#include "path-util.h"
+#include "str.h"
+#include "base64.h"
+#include "process-title.h"
+#include "randgen.h"
+#include "restrict-access.h"
+#include "write-full.h"
+#include "settings-parser.h"
+#include "master-interface.h"
+#include "master-service.h"
+#include "master-login.h"
+#include "mail-user.h"
+#include "mail-storage-service.h"
+#include "smtp-submit-settings.h"
+#include "imap-master-client.h"
+#include "imap-resp-code.h"
+#include "imap-commands.h"
+#include "imap-feature.h"
+#include "imap-fetch.h"
+
+#include <stdio.h>
+#include <unistd.h>
+
+#define IS_STANDALONE() \
+        (getenv(MASTER_IS_PARENT_ENV) == NULL)
+
+#define IMAP_DIE_IDLE_SECS 10
+
+static bool verbose_proctitle = FALSE;
+static struct mail_storage_service_ctx *storage_service;
+static struct master_login *master_login = NULL;
+static struct timeout *to_proctitle;
+
+imap_client_created_func_t *hook_client_created = NULL;
+bool imap_debug = FALSE;
+
+struct event_category event_category_imap = {
+	.name = "imap",
+};
+
+imap_client_created_func_t *
+imap_client_created_hook_set(imap_client_created_func_t *new_hook)
+{
+	imap_client_created_func_t *old_hook = hook_client_created;
+
+	hook_client_created = new_hook;
+	return old_hook;
+}
+
+static void imap_refresh_proctitle_callback(void *context ATTR_UNUSED)
+{
+	timeout_remove(&to_proctitle);
+	imap_refresh_proctitle();
+}
+
+void imap_refresh_proctitle_delayed(void)
+{
+	if (to_proctitle == NULL)
+		to_proctitle = timeout_add_short(0,
+			imap_refresh_proctitle_callback, NULL);
+}
+
+void imap_refresh_proctitle(void)
+{
+#define IMAP_PROCTITLE_PREFERRED_LEN 80
+	struct client *client;
+	struct client_command_context *cmd;
+	bool wait_output;
+
+	if (!verbose_proctitle)
+		return;
+	if (imap_client_count == 0) {
+		if (imap_master_clients_refresh_proctitle())
+			return;
+	}
+
+	string_t *title = t_str_new(128);
+	str_append_c(title, '[');
+	switch (imap_client_count) {
+	case 0:
+		str_append(title, "idling");
+		break;
+	case 1:
+		client = imap_clients;
+		str_append(title, client->user->username);
+		if (client->user->conn.remote_ip != NULL) {
+			str_append_c(title, ' ');
+			str_append(title,
+				   net_ip2addr(client->user->conn.remote_ip));
+		}
+		wait_output = FALSE;
+		for (cmd = client->command_queue; cmd != NULL; cmd = cmd->next) {
+			if (cmd->name == NULL)
+				continue;
+
+			if (str_len(title) < IMAP_PROCTITLE_PREFERRED_LEN) {
+				str_append_c(title, ' ');
+				str_append(title, cmd->name);
+			}
+			if (cmd->state == CLIENT_COMMAND_STATE_WAIT_OUTPUT)
+				wait_output = TRUE;
+		}
+		if (wait_output) {
+			str_printfa(title, " - %zu bytes waiting",
+				    o_stream_get_buffer_used_size(client->output));
+			if (o_stream_is_corked(client->output))
+				str_append(title, " corked");
+		}
+		if (client->destroyed)
+			str_append(title, " (deinit)");
+		break;
+	default:
+		str_printfa(title, "%u connections", imap_client_count);
+		break;
+	}
+	str_append_c(title, ']');
+	process_title_set(str_c(title));
+}
+
+static void client_kill_idle(struct client *client)
+{
+	if (client->output_cmd_lock != NULL)
+		return;
+
+	mail_storage_service_io_activate_user(client->service_user);
+	client_send_line(client, "* BYE Server shutting down.");
+	client_destroy(client, "Server shutting down.");
+}
+
+static void imap_die(void)
+{
+	struct client *client, *next;
+	time_t last_io, now = time(NULL);
+	time_t stop_timestamp = now - IMAP_DIE_IDLE_SECS;
+	unsigned int stop_msecs;
+
+	for (client = imap_clients; client != NULL; client = next) {
+		next = client->next;
+
+		last_io = I_MAX(client->last_input, client->last_output);
+		if (last_io <= stop_timestamp)
+			client_kill_idle(client);
+		else {
+			timeout_remove(&client->to_idle);
+			stop_msecs = (last_io - stop_timestamp) * 1000;
+			client->to_idle = timeout_add(stop_msecs,
+						      client_kill_idle, client);
+		}
+	}
+}
+
+struct imap_login_request {
+	const char *tag;
+
+	const unsigned char *input;
+	size_t input_size;
+	bool send_untagged_capability;
+};
+
+static void
+client_parse_imap_login_request(const unsigned char *data, size_t len,
+				struct imap_login_request *input_r)
+{
+	size_t taglen;
+
+	i_zero(input_r);
+	if (len == 0)
+		return;
+
+	if (data[0] == '1')
+		input_r->send_untagged_capability = TRUE;
+	data++; len--;
+
+	input_r->tag = t_strndup(data, len);
+	taglen = strlen(input_r->tag) + 1;
+
+	if (len > taglen) {
+		input_r->input = data + taglen;
+		input_r->input_size = len - taglen;
+	}
+}
+
+static void
+client_send_login_reply(struct ostream *output, const char *capability_string,
+			const char *preauth_username,
+			const struct imap_login_request *request)
+{
+	string_t *reply = t_str_new(256);
+
+	/* cork/uncork around the OK reply to minimize latency */
+	o_stream_cork(output);
+	if (request->tag == NULL) {
+		str_printfa(reply, "* PREAUTH [CAPABILITY %s] Logged in as %s\r\n",
+			    capability_string, preauth_username);
+	} else if (capability_string == NULL) {
+		/* Client initialization failed. There's no need to send
+		   capabilities. Just send the tagged OK so the client knows
+		   the login itself succeeded, followed by a BYE. */
+		str_printfa(reply, "%s OK Logged in, but initialization failed.\r\n",
+			    request->tag);
+		str_append(reply, "* BYE "MAIL_ERRSTR_CRITICAL_MSG"\r\n");
+	} else if (request->send_untagged_capability) {
+		/* client doesn't seem to understand tagged capabilities. send
+		   untagged instead and hope that it works. */
+		str_printfa(reply, "* CAPABILITY %s\r\n", capability_string);
+		str_printfa(reply, "%s OK Logged in\r\n", request->tag);
+	} else {
+		str_printfa(reply, "%s OK [CAPABILITY %s] Logged in\r\n",
+			    request->tag, capability_string);
+	}
+	o_stream_nsend(output, str_data(reply), str_len(reply));
+	if (o_stream_uncork_flush(output) < 0 &&
+	    output->stream_errno != EPIPE &&
+	    output->stream_errno != ECONNRESET)
+		i_error("write(client) failed: %s", o_stream_get_error(output));
+}
+
+static void
+client_add_input_finalize(struct client *client)
+{
+	struct ostream *output;
+
+	/* try to condense any responses into as few packets as possible */
+	output = client->output;
+	o_stream_ref(output);
+	o_stream_cork(output);
+	(void)client_handle_input(client);
+	o_stream_uncork(output);
+	o_stream_unref(&output);
+
+	/* we could have already handled LOGOUT, or we might need to continue
+	   pending ambiguous commands. */
+	client_continue_pending_input(client);
+}
+
+int client_create_from_input(const struct mail_storage_service_input *input,
+			     int fd_in, int fd_out, bool unhibernated,
+			     struct client **client_r, const char **error_r)
+{
+	struct mail_storage_service_input service_input;
+	struct mail_storage_service_user *user;
+	struct mail_user *mail_user;
+	struct client *client;
+	struct imap_settings *imap_set;
+	struct smtp_submit_settings *smtp_set;
+	struct event *event;
+	const char *errstr;
+
+	event = event_create(NULL);
+	event_add_category(event, &event_category_imap);
+	event_add_fields(event, (const struct event_add_field []){
+		{ .key = "user", .value = input->username },
+		{ .key = NULL }
+	});
+	if (input->local_ip.family != 0)
+		event_add_str(event, "local_ip", net_ip2addr(&input->local_ip));
+	if (input->local_port != 0)
+		event_add_int(event, "local_port", input->local_port);
+	if (input->remote_ip.family != 0)
+		event_add_str(event, "remote_ip", net_ip2addr(&input->remote_ip));
+	if (input->remote_port != 0)
+		event_add_int(event, "remote_port", input->remote_port);
+
+	service_input = *input;
+	service_input.event_parent = event;
+	if (mail_storage_service_lookup_next(storage_service, &service_input,
+					     &user, &mail_user, error_r) <= 0) {
+		event_unref(&event);
+		return -1;
+	}
+	/* Add the session only after creating the user, because
+	   input->session_id may be NULL */
+	event_add_str(event, "session", mail_user->session_id);
+
+	restrict_access_allow_coredumps(TRUE);
+
+	smtp_set = mail_storage_service_user_get_set(user)[1];
+	imap_set = mail_storage_service_user_get_set(user)[2];
+	if (imap_set->verbose_proctitle)
+		verbose_proctitle = TRUE;
+
+	if (settings_var_expand(&smtp_submit_setting_parser_info, smtp_set,
+				mail_user->pool, mail_user_var_expand_table(mail_user),
+				&errstr) <= 0 ||
+			settings_var_expand(&imap_setting_parser_info, imap_set,
+				mail_user->pool, mail_user_var_expand_table(mail_user),
+				&errstr) <= 0) {
+		*error_r = t_strdup_printf("Failed to expand settings: %s", errstr);
+		mail_user_deinit(&mail_user);
+		mail_storage_service_user_unref(&user);
+		event_unref(&event);
+		return -1;
+	}
+
+	client = client_create(fd_in, fd_out, unhibernated,
+			       event, mail_user, user, imap_set, smtp_set);
+	client->userdb_fields = input->userdb_fields == NULL ? NULL :
+		p_strarray_dup(client->pool, input->userdb_fields);
+	event_unref(&event);
+	*client_r = client;
+	return 0;
+}
+
+static void main_stdio_run(const char *username)
+{
+	struct client *client;
+	struct mail_storage_service_input input;
+	struct imap_login_request request;
+	const char *value, *error, *input_base64;
+
+	i_zero(&input);
+	input.module = input.service = "imap";
+	input.username = username != NULL ? username : getenv("USER");
+	if (input.username == NULL && IS_STANDALONE())
+		input.username = getlogin();
+	if (input.username == NULL)
+		i_fatal("USER environment missing");
+	if ((value = getenv("IP")) != NULL)
+		(void)net_addr2ip(value, &input.remote_ip);
+	if ((value = getenv("LOCAL_IP")) != NULL)
+		(void)net_addr2ip(value, &input.local_ip);
+
+	if (client_create_from_input(&input, STDIN_FILENO, STDOUT_FILENO,
+				     FALSE, &client, &error) < 0)
+		i_fatal("%s", error);
+
+	input_base64 = getenv("CLIENT_INPUT");
+	if (input_base64 == NULL) {
+		/* IMAPLOGINTAG environment is compatible with mailfront */
+		i_zero(&request);
+		request.tag = getenv("IMAPLOGINTAG");
+	} else {
+		const buffer_t *input_buf = t_base64_decode_str(input_base64);
+		client_parse_imap_login_request(input_buf->data, input_buf->used,
+						&request);
+		if (request.input_size > 0) {
+			client_add_istream_prefix(client, request.input,
+						  request.input_size);
+		}
+	}
+
+	client_create_finish_io(client);
+	client_send_login_reply(client->output,
+				str_c(client->capability_string),
+				client->user->username, &request);
+	if (client_create_finish(client, &error) < 0)
+		i_fatal("%s", error);
+	client_add_input_finalize(client);
+	/* client may be destroyed now */
+}
+
+static void
+login_client_connected(const struct master_login_client *login_client,
+		       const char *username, const char *const *extra_fields)
+{
+#define MSG_BYE_INTERNAL_ERROR "* BYE "MAIL_ERRSTR_CRITICAL_MSG"\r\n"
+	struct mail_storage_service_input input;
+	struct client *client;
+	struct imap_login_request request;
+	enum mail_auth_request_flags flags = login_client->auth_req.flags;
+	const char *error;
+
+	i_zero(&input);
+	input.module = input.service = "imap";
+	input.local_ip = login_client->auth_req.local_ip;
+	input.remote_ip = login_client->auth_req.remote_ip;
+	input.local_port = login_client->auth_req.local_port;
+	input.remote_port = login_client->auth_req.remote_port;
+	input.username = username;
+	input.userdb_fields = extra_fields;
+	input.session_id = login_client->session_id;
+	if ((flags & MAIL_AUTH_REQUEST_FLAG_CONN_SECURED) != 0)
+		input.conn_secured = TRUE;
+	if ((flags & MAIL_AUTH_REQUEST_FLAG_CONN_SSL_SECURED) != 0)
+		input.conn_ssl_secured = TRUE;
+
+	client_parse_imap_login_request(login_client->data,
+					login_client->auth_req.data_size,
+					&request);
+
+	if (client_create_from_input(&input, login_client->fd, login_client->fd,
+				     FALSE, &client, &error) < 0) {
+		int fd = login_client->fd;
+		struct ostream *output =
+			o_stream_create_fd_autoclose(&fd, IO_BLOCK_SIZE);
+		client_send_login_reply(output, NULL, NULL, &request);
+		o_stream_destroy(&output);
+
+		i_error("%s", error);
+		master_service_client_connection_destroyed(master_service);
+		return;
+	}
+	if ((flags & MAIL_AUTH_REQUEST_FLAG_TLS_COMPRESSION) != 0)
+		client->tls_compression = TRUE;
+	if (request.input_size > 0) {
+		client_add_istream_prefix(client, request.input,
+					  request.input_size);
+	}
+
+	/* The order here is important:
+	   1. Finish setting up rawlog, so all input/output is written there.
+	   2. Send tagged reply to login before any potentially long-running
+	      work (during which client could disconnect due to timeout).
+	   3. Finish initializing user, which can potentially take a long time.
+	*/
+	client_create_finish_io(client);
+	client_send_login_reply(client->output,
+				str_c(client->capability_string),
+				NULL, &request);
+	if (client_create_finish(client, &error) < 0) {
+		if (write_full(login_client->fd, MSG_BYE_INTERNAL_ERROR,
+			       strlen(MSG_BYE_INTERNAL_ERROR)) < 0)
+			if (errno != EAGAIN && errno != EPIPE &&
+			    errno != ECONNRESET)
+				e_error(client->event,
+					"write_full(client) failed: %m");
+
+		e_error(client->event, "%s", error);
+		client_destroy(client, error);
+		return;
+	}
+
+	client_add_input_finalize(client);
+	/* client may be destroyed now */
+}
+
+static void login_client_failed(const struct master_login_client *client,
+				const char *errormsg)
+{
+	struct imap_login_request request;
+	const char *msg;
+
+	client_parse_imap_login_request(client->data,
+					client->auth_req.data_size, &request);
+	msg = t_strdup_printf("%s NO ["IMAP_RESP_CODE_UNAVAILABLE"] %s\r\n",
+			      request.tag, errormsg);
+	if (write(client->fd, msg, strlen(msg)) < 0) {
+		/* ignored */
+	}
+}
+
+static void client_connected(struct master_service_connection *conn)
+{
+	/* when running standalone, we shouldn't even get here */
+	i_assert(master_login != NULL);
+
+	master_service_client_connection_accept(conn);
+	if (strcmp(conn->name, "imap-master") == 0) {
+		/* restoring existing IMAP connection (e.g. from imap-idle) */
+		imap_master_client_create(conn->fd);
+	} else {
+		master_login_add(master_login, conn->fd);
+	}
+}
+
+int main(int argc, char *argv[])
+{
+	static const struct setting_parser_info *set_roots[] = {
+		&smtp_submit_setting_parser_info,
+		&imap_setting_parser_info,
+		NULL
+	};
+	struct master_login_settings login_set;
+	enum master_service_flags service_flags = 0;
+	enum mail_storage_service_flags storage_service_flags =
+		MAIL_STORAGE_SERVICE_FLAG_NO_SSL_CA |
+		/*
+		 * We include MAIL_STORAGE_SERVICE_FLAG_NO_NAMESPACES so
+		 * that the mail_user initialization is fast and we can
+		 * quickly send back the OK response to LOGIN/AUTHENTICATE.
+		 * Otherwise we risk a very slow namespace initialization to
+		 * cause client timeouts on login.
+		 */
+		MAIL_STORAGE_SERVICE_FLAG_NO_NAMESPACES;
+	const char *username = NULL, *auth_socket_path = "auth-master";
+	int c;
+
+	i_zero(&login_set);
+	login_set.postlogin_timeout_secs = MASTER_POSTLOGIN_TIMEOUT_DEFAULT;
+	login_set.request_auth_token = TRUE;
+
+	if (IS_STANDALONE() && getuid() == 0 &&
+	    net_getpeername(1, NULL, NULL) == 0) {
+		printf("* BAD [ALERT] imap binary must not be started from "
+		       "inetd, use imap-login instead.\n");
+		return 1;
+	}
+
+	if (IS_STANDALONE()) {
+		service_flags |= MASTER_SERVICE_FLAG_STANDALONE |
+			MASTER_SERVICE_FLAG_STD_CLIENT;
+	} else {
+		service_flags |= MASTER_SERVICE_FLAG_KEEP_CONFIG_OPEN;
+	}
+
+	master_service = master_service_init("imap", service_flags,
+					     &argc, &argv, "a:Dt:u:");
+	while ((c = master_getopt(master_service)) > 0) {
+		switch (c) {
+		case 'a':
+			auth_socket_path = optarg;
+			break;
+		case 't':
+			if (str_to_uint(optarg, &login_set.postlogin_timeout_secs) < 0 ||
+			    login_set.postlogin_timeout_secs == 0)
+				i_fatal("Invalid -t parameter: %s", optarg);
+			break;
+		case 'u':
+			storage_service_flags |=
+				MAIL_STORAGE_SERVICE_FLAG_USERDB_LOOKUP;
+			username = optarg;
+			break;
+		case 'D':
+			imap_debug = TRUE;
+			break;
+		default:
+			return FATAL_DEFAULT;
+		}
+	}
+
+	master_service_set_die_callback(master_service, imap_die);
+
+	/* plugins may want to add commands, so this needs to be called early */
+	commands_init();
+	imap_fetch_handlers_init();
+	imap_features_init();
+	clients_init();
+	imap_master_clients_init();
+	/* this is needed before settings are read */
+	verbose_proctitle = !IS_STANDALONE() &&
+		getenv(MASTER_VERBOSE_PROCTITLE_ENV) != NULL;
+
+	const char *error;
+	if (t_abspath(auth_socket_path, &login_set.auth_socket_path, &error) < 0)
+		i_fatal("t_abspath(%s) failed: %s", auth_socket_path, error);
+
+	if (argv[optind] != NULL) {
+		if (t_abspath(argv[optind], &login_set.postlogin_socket_path, &error) < 0)
+			i_fatal("t_abspath(%s) failed: %s", argv[optind], error);
+	}
+	login_set.callback = login_client_connected;
+	login_set.failure_callback = login_client_failed;
+	login_set.update_proctitle = verbose_proctitle &&
+		master_service_get_client_limit(master_service) == 1;
+
+	if (!IS_STANDALONE())
+		master_login = master_login_init(master_service, &login_set);
+
+	storage_service =
+		mail_storage_service_init(master_service,
+					  set_roots, storage_service_flags);
+	master_service_init_finish(master_service);
+	/* NOTE: login_set.*_socket_path are now invalid due to data stack
+	   having been freed */
+
+	/* fake that we're running, so we know if client was destroyed
+	   while handling its initial input */
+	io_loop_set_running(current_ioloop);
+
+	if (IS_STANDALONE()) {
+		T_BEGIN {
+			main_stdio_run(username);
+		} T_END;
+	} else {
+		io_loop_set_running(current_ioloop);
+	}
+
+	if (io_loop_is_running(current_ioloop))
+		master_service_run(master_service, client_connected);
+	clients_destroy_all();
+
+	if (master_login != NULL)
+		master_login_deinit(&master_login);
+	mail_storage_service_deinit(&storage_service);
+
+	imap_fetch_handlers_deinit();
+	imap_features_deinit();
+
+	commands_deinit();
+	imap_master_clients_deinit();
+
+	timeout_remove(&to_proctitle);
+	master_service_deinit(&master_service);
+	return 0;
+}