diff options
Diffstat (limited to 'pigeonhole/src/plugins/lda-sieve/lda-sieve-plugin.c')
-rw-r--r-- | pigeonhole/src/plugins/lda-sieve/lda-sieve-plugin.c | 1128 |
1 files changed, 1128 insertions, 0 deletions
diff --git a/pigeonhole/src/plugins/lda-sieve/lda-sieve-plugin.c b/pigeonhole/src/plugins/lda-sieve/lda-sieve-plugin.c new file mode 100644 index 0000000..4e79c1f --- /dev/null +++ b/pigeonhole/src/plugins/lda-sieve/lda-sieve-plugin.c @@ -0,0 +1,1128 @@ +/* Copyright (c) 2002-2018 Pigeonhole authors, see the included COPYING file + */ + +#include "lib.h" +#include "str.h" +#include "array.h" +#include "home-expand.h" +#include "var-expand.h" +#include "eacces-error.h" +#include "smtp-address.h" +#include "smtp-submit.h" +#include "mail-storage.h" +#include "mail-deliver.h" +#include "mail-user.h" +#include "mail-duplicate.h" +#include "smtp-submit.h" +#include "mail-send.h" +#include "iostream-ssl.h" +#include "lda-settings.h" + +#include "sieve.h" +#include "sieve-script.h" +#include "sieve-storage.h" + +#include "lda-sieve-plugin.h" + +#include <sys/stat.h> +#include <dirent.h> + +/* + * Configuration + */ + +#define LDA_SIEVE_DEFAULT_LOCATION "~/.dovecot.sieve" + +#define LDA_SIEVE_MAX_USER_ERRORS 30 + +/* + * Global variables + */ + +static deliver_mail_func_t *next_deliver_mail; + +/* + * Settings handling + */ + +static const char * +lda_sieve_get_setting(void *context, const char *identifier) +{ + struct mail_deliver_context *mdctx = + (struct mail_deliver_context *)context; + const char *value = NULL; + + if (mdctx == NULL) + return NULL; + + if (mdctx->rcpt_user == NULL || + (value = mail_user_plugin_getenv( + mdctx->rcpt_user, identifier)) == NULL) { + if (strcmp(identifier, "recipient_delimiter") == 0) + value = mdctx->set->recipient_delimiter; + } + + return value; +} + +static const struct sieve_callbacks lda_sieve_callbacks = { + NULL, + lda_sieve_get_setting +}; + +/* + * Mail transmission + */ + +static void * +lda_sieve_smtp_start(const struct sieve_script_env *senv, + const struct smtp_address *mail_from) +{ + struct mail_deliver_context *dctx = + (struct mail_deliver_context *)senv->script_context; + struct mail_user *user = dctx->rcpt_user; + struct ssl_iostream_settings ssl_set; + struct smtp_submit_input submit_input; + + i_zero(&ssl_set); + mail_user_init_ssl_client_settings(user, &ssl_set); + + i_zero(&submit_input); + submit_input.ssl = &ssl_set; + + return (void *)smtp_submit_init_simple(&submit_input, dctx->smtp_set, + mail_from); +} + +static void +lda_sieve_smtp_add_rcpt(const struct sieve_script_env *senv ATTR_UNUSED, + void *handle, const struct smtp_address *rcpt_to) +{ + struct smtp_submit *smtp_submit = (struct smtp_submit *) handle; + + smtp_submit_add_rcpt(smtp_submit, rcpt_to); +} + +static struct ostream * +lda_sieve_smtp_send(const struct sieve_script_env *senv ATTR_UNUSED, + void *handle) +{ + struct smtp_submit *smtp_submit = (struct smtp_submit *) handle; + + return smtp_submit_send(smtp_submit); +} + +static void +lda_sieve_smtp_abort(const struct sieve_script_env *senv ATTR_UNUSED, + void *handle) +{ + struct smtp_submit *smtp_submit = (struct smtp_submit *) handle; + + smtp_submit_deinit(&smtp_submit); +} + +static int +lda_sieve_smtp_finish(const struct sieve_script_env *senv ATTR_UNUSED, + void *handle, const char **error_r) +{ + struct smtp_submit *smtp_submit = (struct smtp_submit *) handle; + int ret; + + ret = smtp_submit_run(smtp_submit, error_r); + smtp_submit_deinit(&smtp_submit); + return ret; +} + +static int +lda_sieve_reject_mail(const struct sieve_script_env *senv, + const struct smtp_address *recipient, + const char *reason) +{ + struct mail_deliver_context *dctx = + (struct mail_deliver_context *)senv->script_context; + + return mail_send_rejection(dctx, recipient, reason); +} + +/* + * Duplicate checking + */ + +static void * +lda_sieve_duplicate_transaction_begin(const struct sieve_script_env *senv) +{ + struct mail_deliver_context *dctx = + (struct mail_deliver_context *)senv->script_context; + + return mail_duplicate_transaction_begin(dctx->dup_db); +} + +static void lda_sieve_duplicate_transaction_commit(void **_dup_trans) +{ + struct mail_duplicate_transaction *dup_trans = *_dup_trans; + + *_dup_trans = NULL; + mail_duplicate_transaction_commit(&dup_trans); +} + +static void lda_sieve_duplicate_transaction_rollback(void **_dup_trans) +{ + struct mail_duplicate_transaction *dup_trans = *_dup_trans; + + *_dup_trans = NULL; + mail_duplicate_transaction_rollback(&dup_trans); +} + +static enum sieve_duplicate_check_result +lda_sieve_duplicate_check(void *_dup_trans, const struct sieve_script_env *senv, + const void *id, size_t id_size) +{ + struct mail_duplicate_transaction *dup_trans = _dup_trans; + + switch (mail_duplicate_check(dup_trans, id, id_size, + senv->user->username)) { + case MAIL_DUPLICATE_CHECK_RESULT_EXISTS: + return SIEVE_DUPLICATE_CHECK_RESULT_EXISTS; + case MAIL_DUPLICATE_CHECK_RESULT_NOT_FOUND: + return SIEVE_DUPLICATE_CHECK_RESULT_NOT_FOUND; + case MAIL_DUPLICATE_CHECK_RESULT_DEADLOCK: + case MAIL_DUPLICATE_CHECK_RESULT_LOCK_TIMEOUT: + return SIEVE_DUPLICATE_CHECK_RESULT_TEMP_FAILURE; + case MAIL_DUPLICATE_CHECK_RESULT_IO_ERROR: + case MAIL_DUPLICATE_CHECK_RESULT_TOO_MANY_LOCKS: + break; + } + return SIEVE_DUPLICATE_CHECK_RESULT_FAILURE; +} + +static void +lda_sieve_duplicate_mark(void *_dup_trans, const struct sieve_script_env *senv, + const void *id, size_t id_size, time_t time) +{ + struct mail_duplicate_transaction *dup_trans = _dup_trans; + + mail_duplicate_mark(dup_trans, id, id_size, senv->user->username, time); +} + +/* + * Result logging + */ + +static const char * +lda_sieve_result_amend_log_message(const struct sieve_script_env *senv, + enum log_type log_type ATTR_UNUSED, + const char *message) +{ + struct mail_deliver_context *mdctx = senv->script_context; + const struct var_expand_table *table; + string_t *str; + const char *error; + + table = mail_deliver_ctx_get_log_var_expand_table(mdctx, message); + + str = t_str_new(256); + if (var_expand(str, mdctx->set->deliver_log_format, + table, &error) <= 0) { + e_error(mdctx->event, + "Failed to expand deliver_log_format=%s: %s", + mdctx->set->deliver_log_format, error); + } + return str_c(str); +} + +/* + * Plugin implementation + */ + +struct lda_sieve_run_context { + struct sieve_instance *svinst; + + struct mail_deliver_context *mdctx; + const char *home_dir; + + struct sieve_script **scripts; + unsigned int script_count; + + struct sieve_script *user_script; + struct sieve_script *main_script; + struct sieve_script *discard_script; + + const struct sieve_message_data *msgdata; + const struct sieve_script_env *scriptenv; + + struct sieve_error_handler *user_ehandler; + struct sieve_error_handler *master_ehandler; + struct sieve_error_handler *action_ehandler; + const char *userlog; +}; + +static int +lda_sieve_get_personal_storage(struct sieve_instance *svinst, + struct mail_user *user, + struct sieve_storage **storage_r, + enum sieve_error *error_r) +{ + *storage_r = sieve_storage_create_main(svinst, user, 0, error_r); + if (*storage_r == NULL) { + switch (*error_r) { + case SIEVE_ERROR_NOT_POSSIBLE: + case SIEVE_ERROR_NOT_FOUND: + break; + case SIEVE_ERROR_TEMP_FAILURE: + e_error(sieve_get_event(svinst), + "Failed to access user's personal storage " + "(temporary failure)"); + return -1; + default: + e_error(sieve_get_event(svinst), + "Failed to access user's personal storage"); + break; + } + return 0; + } + return 1; +} + +static int +lda_sieve_multiscript_get_scripts(struct sieve_instance *svinst, + const char *label, const char *location, + ARRAY_TYPE(sieve_script) *scripts, + enum sieve_error *error_r) +{ + struct sieve_script_sequence *seq; + struct sieve_script *script; + bool finished = FALSE; + int ret = 1; + + seq = sieve_script_sequence_create(svinst, location, error_r); + if (seq == NULL) + return (*error_r == SIEVE_ERROR_NOT_FOUND ? 0 : -1); + + while (ret > 0 && !finished) { + script = sieve_script_sequence_next(seq, error_r); + if (script == NULL) { + switch (*error_r) { + case SIEVE_ERROR_NONE: + finished = TRUE; + break; + case SIEVE_ERROR_TEMP_FAILURE: + e_error(sieve_get_event(svinst), + "Failed to access %s script from `%s' " + "(temporary failure)", + label, location); + ret = -1; + default: + break; + } + continue; + } + + array_append(scripts, &script, 1); + } + + sieve_script_sequence_free(&seq); + return ret; +} + +static void +lda_sieve_binary_save(struct lda_sieve_run_context *srctx, + struct sieve_binary *sbin, struct sieve_script *script) +{ + enum sieve_error error; + + /* Save binary when compiled */ + if (sieve_save(sbin, FALSE, &error) < 0 && + error == SIEVE_ERROR_NO_PERMISSION && + script != srctx->user_script) { + /* Cannot save binary for global script */ + e_error(sieve_get_event(srctx->svinst), + "The LDA Sieve plugin does not have permission " + "to save global Sieve script binaries; " + "global Sieve scripts like `%s' need to be " + "pre-compiled using the sievec tool", + sieve_script_location(script)); + } +} + +static struct +sieve_binary *lda_sieve_open(struct lda_sieve_run_context *srctx, + struct sieve_script *script, + enum sieve_compile_flags cpflags, bool recompile, + enum sieve_error *error_r) +{ + struct sieve_instance *svinst = srctx->svinst; + struct sieve_error_handler *ehandler; + struct sieve_binary *sbin; + const char *compile_name = "compile"; + + if (recompile) { + /* Warn */ + e_warning(sieve_get_event(svinst), + "Encountered corrupt binary: re-compiling script %s", + sieve_script_location(script)); + compile_name = "re-compile"; + } else { + e_debug(sieve_get_event(svinst), + "Loading script %s", sieve_script_location(script)); + } + + if (script == srctx->user_script) + ehandler = srctx->user_ehandler; + else + ehandler = srctx->master_ehandler; + + sieve_error_handler_reset(ehandler); + + if (recompile) + sbin = sieve_compile_script(script, ehandler, cpflags, error_r); + else + sbin = sieve_open_script(script, ehandler, cpflags, error_r); + + /* Load or compile the sieve script */ + if (sbin == NULL) { + switch (*error_r) { + /* Script not found */ + case SIEVE_ERROR_NOT_FOUND: + e_debug(sieve_get_event(svinst), + "Script `%s' is missing for %s", + sieve_script_location(script), + compile_name); + break; + /* Temporary failure */ + case SIEVE_ERROR_TEMP_FAILURE: + e_error(sieve_get_event(svinst), + "Failed to open script `%s' for %s " + "(temporary failure)", + sieve_script_location(script), compile_name); + break; + /* Compile failed */ + case SIEVE_ERROR_NOT_VALID: + if (script == srctx->user_script && + srctx->userlog != NULL ) { + e_info(sieve_get_event(svinst), + "Failed to %s script `%s' " + "(view user logfile `%s' for more information)", + compile_name, + sieve_script_location(script), + srctx->userlog); + break; + } + e_error(sieve_get_event(svinst), + "Failed to %s script `%s'", + compile_name, sieve_script_location(script)); + break; + /* Cumulative resource limit exceeded */ + case SIEVE_ERROR_RESOURCE_LIMIT: + e_error(sieve_get_event(svinst), + "Failed to open script `%s' for %s " + "(cumulative resource limit exceeded)", + sieve_script_location(script), compile_name); + break; + /* Something else */ + default: + e_error(sieve_get_event(svinst), + "Failed to open script `%s' for %s", + sieve_script_location(script), compile_name); + break; + } + + return NULL; + } + + if (!recompile) + lda_sieve_binary_save(srctx, sbin, script); + return sbin; +} + +static int +lda_sieve_handle_exec_status(struct lda_sieve_run_context *srctx, + struct sieve_script *script, int status) +{ + struct sieve_instance *svinst = srctx->svinst; + struct mail_deliver_context *mdctx = srctx->mdctx; + struct sieve_exec_status *estatus = srctx->scriptenv->exec_status; + const char *userlog_notice = ""; + enum log_type log_level, user_log_level; + enum mail_error mail_error = MAIL_ERROR_NONE; + int ret; + + log_level = user_log_level = LOG_TYPE_ERROR; + + if (estatus != NULL && estatus->last_storage != NULL && + estatus->store_failed) { + mail_storage_get_last_error(estatus->last_storage, &mail_error); + + /* Don't bother administrator too much with benign errors */ + if (mail_error == MAIL_ERROR_NOQUOTA) { + log_level = LOG_TYPE_INFO; + user_log_level = LOG_TYPE_INFO; + } + } + + if (script == srctx->user_script && srctx->userlog != NULL) { + userlog_notice = t_strdup_printf( + " (user logfile %s may reveal additional details)", + srctx->userlog); + user_log_level = LOG_TYPE_INFO; + } + + switch (status) { + case SIEVE_EXEC_FAILURE: + e_log(sieve_get_event(svinst), user_log_level, + "Execution of script %s failed, " + "but implicit keep was successful%s", + sieve_script_location(script), userlog_notice); + ret = 1; + break; + case SIEVE_EXEC_TEMP_FAILURE: + e_log(sieve_get_event(svinst), log_level, + "Execution of script %s was aborted due to temporary failure%s", + sieve_script_location(script), userlog_notice); + if (mail_error != MAIL_ERROR_TEMP && + mdctx->tempfail_error == NULL) { + mdctx->tempfail_error = + "Execution of Sieve filters was aborted due to temporary failure"; + } + ret = -1; + break; + case SIEVE_EXEC_BIN_CORRUPT: + e_error(sieve_get_event(svinst), + "!!BUG!!: Binary compiled from %s is still corrupt; " + "bailing out and reverting to default delivery", + sieve_script_location(script)); + ret = -1; + break; + case SIEVE_EXEC_RESOURCE_LIMIT: + e_error(sieve_get_event(svinst), + "Execution of script %s was aborted " + "due to excessive resource usage", + sieve_script_location(script)); + ret = -1; + break; + case SIEVE_EXEC_KEEP_FAILED: + e_log(sieve_get_event(svinst), log_level, + "Execution of script %s failed with unsuccessful implicit keep%s", + sieve_script_location(script), userlog_notice); + ret = -1; + break; + default: + ret = status > 0 ? 1 : -1; + break; + } + + return ret; +} + +static int +lda_sieve_execute_script(struct lda_sieve_run_context *srctx, + struct sieve_multiscript *mscript, + struct sieve_script *script, + unsigned int index, bool discard_script, + enum sieve_error *error_r) +{ + struct sieve_instance *svinst = srctx->svinst; + struct sieve_error_handler *exec_ehandler; + struct sieve_binary *sbin = NULL; + enum sieve_compile_flags cpflags = 0; + enum sieve_execute_flags exflags = SIEVE_EXECUTE_FLAG_LOG_RESULT; + struct sieve_resource_usage *rusage = + &srctx->scriptenv->exec_status->resource_usage; + bool user_script; + int mstatus, ret; + + *error_r = SIEVE_ERROR_NONE; + + user_script = (script == srctx->user_script); + + sieve_resource_usage_init(rusage); + if (user_script) { + cpflags |= SIEVE_COMPILE_FLAG_NOGLOBAL; + exflags |= SIEVE_EXECUTE_FLAG_NOGLOBAL; + exec_ehandler = srctx->user_ehandler; + } else { + exec_ehandler = srctx->master_ehandler; + } + + /* Open */ + + if (!discard_script) { + e_debug(sieve_get_event(svinst), + "Opening script %d of %d from `%s'", + index, srctx->script_count, + sieve_script_location(script)); + } else { + e_debug(sieve_get_event(svinst), + "Opening discard script from `%s'", + sieve_script_location(script)); + } + + sbin = lda_sieve_open(srctx, script, cpflags, FALSE, error_r); + if (sbin == NULL) + return 0; + + /* Execute */ + + e_debug(sieve_get_event(svinst), + "Executing script from `%s'", + sieve_get_source(sbin)); + + if (!discard_script) { + ret = (sieve_multiscript_run(mscript, sbin, exec_ehandler, + exec_ehandler, exflags) ? 1 : 0); + } else { + sieve_multiscript_run_discard(mscript, sbin, exec_ehandler, + exec_ehandler, exflags); + ret = 0; + } + + mstatus = sieve_multiscript_status(mscript); + if (ret == 0 && mstatus == SIEVE_EXEC_BIN_CORRUPT && + sieve_is_loaded(sbin)) { + /* Close corrupt script */ + + sieve_close(&sbin); + + /* Recompile */ + + sbin = lda_sieve_open(srctx, script, cpflags, TRUE, + error_r); + if (sbin == NULL) + return 0; + + /* Execute again */ + + if (!discard_script) { + ret = (sieve_multiscript_run( + mscript, sbin, exec_ehandler, + exec_ehandler, exflags) ? 1 : 0); + } else { + sieve_multiscript_run_discard( + mscript, sbin, exec_ehandler, + exec_ehandler, exflags); + } + + /* Save new version */ + + mstatus = sieve_multiscript_status(mscript); + if (mstatus != SIEVE_EXEC_BIN_CORRUPT) + lda_sieve_binary_save(srctx, sbin, script); + } + if (ret == 0 && mstatus == SIEVE_EXEC_RESOURCE_LIMIT) + ret = -1; + + if (user_script) + (void)sieve_record_resource_usage(sbin, rusage); + + sieve_close(&sbin); + + return ret; +} + +static int lda_sieve_execute_scripts(struct lda_sieve_run_context *srctx) +{ + struct sieve_instance *svinst = srctx->svinst; + struct sieve_multiscript *mscript; + struct sieve_error_handler *exec_ehandler; + struct sieve_script *script, *last_script = NULL; + enum sieve_execute_flags exflags = SIEVE_EXECUTE_FLAG_LOG_RESULT; + bool discard_script; + enum sieve_error error; + unsigned int i; + int ret; + + i_assert(srctx->script_count > 0); + + /* Start execution */ + + mscript = sieve_multiscript_start_execute(svinst, srctx->msgdata, + srctx->scriptenv); + + /* Execute scripts */ + + i = 0; + discard_script = FALSE; + error = SIEVE_ERROR_NONE; + for (;;) { + if (!discard_script) { + /* normal script sequence */ + i_assert(i < srctx->script_count); + script = srctx->scripts[i]; + i++; + } else { + /* discard script */ + script = srctx->discard_script; + } + + i_assert(script != NULL); + last_script = script; + + ret = lda_sieve_execute_script(srctx, mscript, script, i, + discard_script, &error); + if (ret < 0) + break; + if (error == SIEVE_ERROR_NOT_FOUND) { + /* skip scripts which finally turn out not to exist */ + ret = 1; + } + + if (discard_script) { + /* Executed discard script, which is always final */ + break; + } else if (ret > 0) { + /* The "keep" action is applied; execute next script */ + i_assert(i <= srctx->script_count); + if (i == srctx->script_count) { + /* End of normal script sequence */ + break; + } + } else if (error != SIEVE_ERROR_NONE) { + break; + } else if (sieve_multiscript_will_discard(mscript) && + srctx->discard_script != NULL) { + /* Mail is set to be discarded, but we have a discard script. */ + discard_script = TRUE; + } else { + break; + } + } + + /* Finish execution */ + exec_ehandler = (srctx->user_ehandler != NULL ? + srctx->user_ehandler : srctx->master_ehandler); + ret = sieve_multiscript_finish(&mscript, exec_ehandler, exflags, + (error == SIEVE_ERROR_TEMP_FAILURE ? + SIEVE_EXEC_TEMP_FAILURE : + SIEVE_EXEC_OK)); + + /* Don't log additional messages about compile failure */ + if (error != SIEVE_ERROR_NONE && ret == SIEVE_EXEC_FAILURE) { + e_info(sieve_get_event(svinst), + "Aborted script execution sequence with successful implicit keep"); + return 1; + } + + return lda_sieve_handle_exec_status(srctx, last_script, ret); +} + +static int lda_sieve_find_scripts(struct lda_sieve_run_context *srctx) +{ + struct mail_deliver_context *mdctx = srctx->mdctx; + struct sieve_instance *svinst = srctx->svinst; + struct sieve_storage *main_storage; + const char *sieve_before, *sieve_after, *sieve_discard; + const char *setting_name; + enum sieve_error error; + ARRAY_TYPE(sieve_script) script_sequence; + struct sieve_script *const *scripts; + unsigned int after_index, count, i; + int ret = 1; + + /* Find the personal script to execute */ + + ret = lda_sieve_get_personal_storage(svinst, mdctx->rcpt_user, + &main_storage, &error); + if (ret == 0 && error == SIEVE_ERROR_NOT_POSSIBLE) + return 0; + if (ret > 0) { + srctx->main_script = + sieve_storage_active_script_open(main_storage, &error); + + if (srctx->main_script == NULL) { + switch (error) { + case SIEVE_ERROR_NOT_FOUND: + e_debug(sieve_get_event(svinst), + "User has no active script in storage `%s'", + sieve_storage_location(main_storage)); + break; + case SIEVE_ERROR_TEMP_FAILURE: + e_error(sieve_get_event(svinst), + "Failed to access active Sieve script in user storage `%s' " + "(temporary failure)", + sieve_storage_location(main_storage)); + ret = -1; + break; + default: + e_error(sieve_get_event(svinst), + "Failed to access active Sieve script in user storage `%s'", + sieve_storage_location(main_storage)); + break; + } + } else if (!sieve_script_is_default(srctx->main_script)) { + srctx->user_script = srctx->main_script; + } + sieve_storage_unref(&main_storage); + } + + if (ret >= 0 && srctx->main_script == NULL) { + e_debug(sieve_get_event(svinst), + "User has no personal script"); + } + + /* Compose script array */ + + t_array_init(&script_sequence, 16); + + /* before */ + if (ret >= 0) { + i = 2; + setting_name = "sieve_before"; + sieve_before = mail_user_plugin_getenv( + mdctx->rcpt_user, setting_name); + while (ret >= 0 && + sieve_before != NULL && *sieve_before != '\0') { + ret = lda_sieve_multiscript_get_scripts( + svinst, setting_name, sieve_before, + &script_sequence, &error); + if (ret < 0 && error == SIEVE_ERROR_TEMP_FAILURE) { + ret = -1; + break; + } else if (ret == 0) { + e_debug(sieve_get_event(svinst), + "Location for %s not found: %s", + setting_name, sieve_before); + } + ret = 0; + setting_name = t_strdup_printf("sieve_before%u", i++); + sieve_before = mail_user_plugin_getenv( + mdctx->rcpt_user, setting_name); + } + + if (ret >= 0) { + scripts = array_get(&script_sequence, &count); + for (i = 0; i < count; i ++) { + e_debug(sieve_get_event(svinst), + "Executed before user's personal Sieve script(%d): %s", + i+1, sieve_script_location(scripts[i])); + } + } + } + + /* main */ + if (srctx->main_script != NULL) { + array_append(&script_sequence, &srctx->main_script, 1); + + if (ret >= 0) { + e_debug(sieve_get_event(svinst), + "Using the following location for user's Sieve script: %s", + sieve_script_location(srctx->main_script)); + } + } + + after_index = array_count(&script_sequence); + + /* after */ + if (ret >= 0) { + i = 2; + setting_name = "sieve_after"; + sieve_after = mail_user_plugin_getenv(mdctx->rcpt_user, setting_name); + while (sieve_after != NULL && *sieve_after != '\0') { + ret = lda_sieve_multiscript_get_scripts( + svinst, setting_name, sieve_after, + &script_sequence, &error); + if (ret < 0 && error == SIEVE_ERROR_TEMP_FAILURE) { + ret = -1; + break; + } else if (ret == 0) { + e_debug(sieve_get_event(svinst), + "Location for %s not found: %s", + setting_name, sieve_after); + } + ret = 0; + setting_name = t_strdup_printf("sieve_after%u", i++); + sieve_after = mail_user_plugin_getenv( + mdctx->rcpt_user, setting_name); + } + + if (ret >= 0) { + scripts = array_get(&script_sequence, &count); + for ( i = after_index; i < count; i ++ ) { + e_debug(sieve_get_event(svinst), + "executed after user's Sieve script(%d): %s", + i+1, sieve_script_location(scripts[i])); + } + } + } + + /* discard */ + sieve_discard = mail_user_plugin_getenv( + mdctx->rcpt_user, "sieve_discard"); + if (sieve_discard != NULL && *sieve_discard != '\0') { + srctx->discard_script = sieve_script_create_open( + svinst, sieve_discard, NULL, &error); + if (srctx->discard_script == NULL) { + switch (error) { + case SIEVE_ERROR_NOT_FOUND: + e_debug(sieve_get_event(svinst), + "Location for sieve_discard not found: %s", + sieve_discard); + break; + case SIEVE_ERROR_TEMP_FAILURE: + ret = -1; + break; + default: + break; + } + } + } + + if (ret < 0) { + mdctx->tempfail_error = + "Temporarily unable to access necessary Sieve scripts"; + } + srctx->scripts = + array_get_modifiable(&script_sequence, &srctx->script_count); + return ret; +} + +static void +lda_sieve_free_scripts(struct lda_sieve_run_context *srctx) +{ + unsigned int i; + + for (i = 0; i < srctx->script_count; i++) + sieve_script_unref(&srctx->scripts[i]); + if (srctx->discard_script != NULL) + sieve_script_unref(&srctx->discard_script); +} + +static void +lda_sieve_init_trace_log(struct lda_sieve_run_context *srctx, + const struct smtp_address *mail_from, + struct sieve_trace_config *trace_config_r, + struct sieve_trace_log **trace_log_r) +{ + struct mail_deliver_context *mdctx = srctx->mdctx; + struct sieve_instance *svinst = srctx->svinst; + struct sieve_trace_log *trace_log = NULL; + + if (sieve_trace_config_get(svinst, trace_config_r) < 0 || + sieve_trace_log_open(svinst, &trace_log) < 0) { + i_zero(trace_config_r); + *trace_log_r = NULL; + return; + } + + /* Write header for trace file */ + sieve_trace_log_printf(trace_log, + "Sieve trace log for message delivery:\n" + "\n" + " Username: %s\n", mdctx->rcpt_user->username); + if (mdctx->rcpt_user->session_id != NULL) { + sieve_trace_log_printf(trace_log, + " Session ID: %s\n", + mdctx->rcpt_user->session_id); + } + sieve_trace_log_printf(trace_log, + " Sender: %s\n" + " Final recipient: %s\n" + " Default mailbox: %s\n\n", + smtp_address_encode_path(mail_from), + smtp_address_encode_path(mdctx->rcpt_to), + (mdctx->rcpt_default_mailbox != NULL ? + mdctx->rcpt_default_mailbox : "INBOX")); + + *trace_log_r = trace_log; +} + +static int +lda_sieve_execute(struct lda_sieve_run_context *srctx, + struct mail_storage **storage_r) +{ + struct mail_deliver_context *mdctx = srctx->mdctx; + struct sieve_instance *svinst = srctx->svinst; + struct sieve_message_data msgdata; + struct sieve_script_env scriptenv; + struct sieve_exec_status estatus; + struct sieve_trace_config trace_config; + const struct smtp_address *mail_from; + struct sieve_trace_log *trace_log; + const char *error; + int ret; + + /* Check whether there are any scripts to execute at all */ + + if (srctx->script_count == 0) { + e_debug(sieve_get_event(svinst), + "No scripts to execute: " + "reverting to default delivery."); + + /* No error, but no delivery by this plugin either. A return + value of <= 0 for a deliver plugin is is considered a + failure. In deliver itself, saved_mail and tried_default_save + remain unset, meaning that deliver will then attempt the + default delivery. We return 0 to signify the lack of a real + error. + */ + return 0; + } + + /* Initialize user error handler */ + + if (srctx->user_script != NULL) { + const char *log_path = + sieve_user_get_log_path(svinst, srctx->user_script); + + if (log_path != NULL) { + srctx->userlog = log_path; + srctx->user_ehandler = sieve_logfile_ehandler_create( + svinst, srctx->userlog, + LDA_SIEVE_MAX_USER_ERRORS); + } + } + + /* Determine return address */ + + mail_from = mail_deliver_get_return_address(mdctx); + + /* Initialize trace logging */ + + lda_sieve_init_trace_log(srctx, mail_from, &trace_config, &trace_log); + + /* Collect necessary message data */ + + i_zero(&msgdata); + + msgdata.mail = mdctx->src_mail; + msgdata.auth_user = mdctx->rcpt_user->username; + msgdata.envelope.mail_from = mail_from; + msgdata.envelope.mail_params = &mdctx->mail_params; + msgdata.envelope.rcpt_to = mdctx->rcpt_to; + msgdata.envelope.rcpt_params = &mdctx->rcpt_params; + (void)mail_get_message_id(msgdata.mail, &msgdata.id); + + srctx->msgdata = &msgdata; + + /* Compose script execution environment */ + + if (sieve_script_env_init(&scriptenv, mdctx->rcpt_user, &error) < 0) { + e_error(sieve_get_event(svinst), + "Failed to initialize script execution: %s", error); + if (trace_log != NULL) + sieve_trace_log_free(&trace_log); + return -1; + } + + scriptenv.default_mailbox = mdctx->rcpt_default_mailbox; + scriptenv.mailbox_autocreate = mdctx->set->lda_mailbox_autocreate; + scriptenv.mailbox_autosubscribe = mdctx->set->lda_mailbox_autosubscribe; + scriptenv.smtp_start = lda_sieve_smtp_start; + scriptenv.smtp_add_rcpt = lda_sieve_smtp_add_rcpt; + scriptenv.smtp_send = lda_sieve_smtp_send; + scriptenv.smtp_abort = lda_sieve_smtp_abort; + scriptenv.smtp_finish = lda_sieve_smtp_finish; + scriptenv.duplicate_transaction_begin = + lda_sieve_duplicate_transaction_begin; + scriptenv.duplicate_transaction_commit = + lda_sieve_duplicate_transaction_commit; + scriptenv.duplicate_transaction_rollback = + lda_sieve_duplicate_transaction_rollback; + scriptenv.duplicate_mark = lda_sieve_duplicate_mark; + scriptenv.duplicate_check = lda_sieve_duplicate_check; + scriptenv.reject_mail = lda_sieve_reject_mail; + scriptenv.result_amend_log_message = lda_sieve_result_amend_log_message; + scriptenv.script_context = (void *) mdctx; + scriptenv.trace_log = trace_log; + scriptenv.trace_config = trace_config; + + i_zero(&estatus); + scriptenv.exec_status = &estatus; + + srctx->scriptenv = &scriptenv; + + /* Execute script(s) */ + + ret = lda_sieve_execute_scripts(srctx); + + /* Record status */ + + mdctx->tried_default_save = estatus.tried_default_save; + *storage_r = estatus.last_storage; + + if (trace_log != NULL) + sieve_trace_log_free(&trace_log); + + return ret; +} + +static int +lda_sieve_deliver_mail(struct mail_deliver_context *mdctx, + struct mail_storage **storage_r) +{ + struct lda_sieve_run_context srctx; + const struct mail_storage_settings *mail_set = + mail_user_set_get_storage_set(mdctx->rcpt_user); + bool debug = mdctx->rcpt_user->mail_debug; + struct sieve_environment svenv; + int ret = 0; + + /* Initialize run context */ + + i_zero(&srctx); + srctx.mdctx = mdctx; + (void)mail_user_get_home(mdctx->rcpt_user, &srctx.home_dir); + + /* Initialize Sieve engine */ + + memset((void*)&svenv, 0, sizeof(svenv)); + svenv.username = mdctx->rcpt_user->username; + svenv.home_dir = srctx.home_dir; + svenv.hostname = mail_set->hostname; + svenv.base_dir = mdctx->rcpt_user->set->base_dir; + svenv.temp_dir = mdctx->rcpt_user->set->mail_temp_dir; + svenv.event_parent = mdctx->event; + svenv.flags = SIEVE_FLAG_HOME_RELATIVE; + svenv.location = SIEVE_ENV_LOCATION_MDA; + svenv.delivery_phase = SIEVE_DELIVERY_PHASE_DURING; + + srctx.svinst = sieve_init(&svenv, &lda_sieve_callbacks, mdctx, debug); + + /* Initialize master error handler */ + + srctx.master_ehandler = sieve_master_ehandler_create(srctx.svinst, 0); + + sieve_error_handler_accept_infolog(srctx.master_ehandler, TRUE); + sieve_error_handler_accept_debuglog(srctx.master_ehandler, debug); + + *storage_r = NULL; + + /* Find Sieve scripts and run them */ + + T_BEGIN { + if (lda_sieve_find_scripts(&srctx) < 0) + ret = -1; + else if (srctx.scripts == NULL) + ret = 0; + else + ret = lda_sieve_execute(&srctx, storage_r); + + lda_sieve_free_scripts(&srctx); + } T_END; + + /* Clean up */ + + if (srctx.user_ehandler != NULL) + sieve_error_handler_unref(&srctx.user_ehandler); + sieve_error_handler_unref(&srctx.master_ehandler); + sieve_deinit(&srctx.svinst); + + return ret; +} + +/* + * Plugin interface + */ + +const char *sieve_plugin_version = DOVECOT_ABI_VERSION; +const char sieve_plugin_binary_dependency[] = "lda lmtp"; + +void sieve_plugin_init(void) +{ + /* Hook into the delivery process */ + next_deliver_mail = mail_deliver_hook_set(lda_sieve_deliver_mail); +} + +void sieve_plugin_deinit(void) +{ + /* Remove hook */ + mail_deliver_hook_set(next_deliver_mail); +} |