is an IMAP and POP3 server, written with security primarily in mind.
| mail-storage-settings.c (dovecot-2.3.16) | : | mail-storage-settings.c (dovecot-2.3.17) |
|---|
| /* Copyright (c) 2005-2018 Dovecot authors, see the included COPYING file */ | | /* Copyright (c) 2005-2018 Dovecot authors, see the included COPYING file */ |
| | |
| #include "lib.h" | | #include "lib.h" |
| #include "array.h" | | #include "array.h" |
| #include "hash-format.h" | | #include "hash-format.h" |
| #include "var-expand.h" | | #include "var-expand.h" |
| #include "unichar.h" | | #include "unichar.h" |
| #include "hostpid.h" | | #include "hostpid.h" |
| #include "settings-parser.h" | | #include "settings-parser.h" |
| #include "message-address.h" | | #include "message-address.h" |
|
| | #include "message-header-parser.h" |
| #include "smtp-address.h" | | #include "smtp-address.h" |
| #include "mail-index.h" | | #include "mail-index.h" |
| #include "mail-user.h" | | #include "mail-user.h" |
| #include "mail-namespace.h" | | #include "mail-namespace.h" |
| #include "mail-storage-private.h" | | #include "mail-storage-private.h" |
| #include "mail-storage-settings.h" | | #include "mail-storage-settings.h" |
| #include "iostream-ssl.h" | | #include "iostream-ssl.h" |
| | |
| #include <stddef.h> | | #include <stddef.h> |
| | |
| | |
| skipping to change at line 85 | | skipping to change at line 86 |
|---|
| DEF(BOOL, mail_debug), | | DEF(BOOL, mail_debug), |
| DEF(BOOL, mail_full_filesystem_access), | | DEF(BOOL, mail_full_filesystem_access), |
| DEF(BOOL, maildir_stat_dirs), | | DEF(BOOL, maildir_stat_dirs), |
| DEF(BOOL, mail_shared_explicit_inbox), | | DEF(BOOL, mail_shared_explicit_inbox), |
| DEF(ENUM, lock_method), | | DEF(ENUM, lock_method), |
| DEF(STR, pop3_uidl_format), | | DEF(STR, pop3_uidl_format), |
| | |
| DEF(STR, hostname), | | DEF(STR, hostname), |
| DEF(STR, recipient_delimiter), | | DEF(STR, recipient_delimiter), |
| | |
|
| DEF(STR, ssl_client_ca_file), | | |
| DEF(STR, ssl_client_ca_dir), | | |
| DEF(STR, ssl_client_cert), | | |
| DEF(STR, ssl_client_key), | | |
| DEF(STR, ssl_cipher_list), | | |
| DEF(STR, ssl_cipher_suites), | | |
| DEF(STR, ssl_curve_list), | | |
| DEF(STR, ssl_min_protocol), | | |
| DEF(STR, ssl_crypto_device), | | |
| DEF(BOOL, ssl_client_require_valid_cert), | | |
| DEF(BOOL, verbose_ssl), | | |
| | | |
| SETTING_DEFINE_LIST_END | | SETTING_DEFINE_LIST_END |
| }; | | }; |
| | |
| const struct mail_storage_settings mail_storage_default_settings = { | | const struct mail_storage_settings mail_storage_default_settings = { |
| .mail_location = "", | | .mail_location = "", |
| .mail_attachment_fs = "sis posix", | | .mail_attachment_fs = "sis posix", |
| .mail_attachment_dir = "", | | .mail_attachment_dir = "", |
| .mail_attachment_hash = "%{sha1}", | | .mail_attachment_hash = "%{sha1}", |
| .mail_attachment_min_size = 1024*128, | | .mail_attachment_min_size = 1024*128, |
| .mail_attachment_detection_options = "", | | .mail_attachment_detection_options = "", |
| | |
| skipping to change at line 152 | | skipping to change at line 141 |
|---|
| .mailbox_list_index_include_inbox = FALSE, | | .mailbox_list_index_include_inbox = FALSE, |
| .mail_debug = FALSE, | | .mail_debug = FALSE, |
| .mail_full_filesystem_access = FALSE, | | .mail_full_filesystem_access = FALSE, |
| .maildir_stat_dirs = FALSE, | | .maildir_stat_dirs = FALSE, |
| .mail_shared_explicit_inbox = FALSE, | | .mail_shared_explicit_inbox = FALSE, |
| .lock_method = "fcntl:flock:dotlock", | | .lock_method = "fcntl:flock:dotlock", |
| .pop3_uidl_format = "%08Xu%08Xv", | | .pop3_uidl_format = "%08Xu%08Xv", |
| | |
| .hostname = "", | | .hostname = "", |
| .recipient_delimiter = "+", | | .recipient_delimiter = "+", |
|
| | | |
| /* Keep synced with master-service-ssl-settings */ | | |
| .ssl_client_ca_file = "", | | |
| .ssl_client_ca_dir = "", | | |
| .ssl_client_cert = "", | | |
| .ssl_client_key = "", | | |
| .ssl_cipher_list = "ALL:!kRSA:!SRP:!kDHd:!DSS:!aNULL:!eNULL:!EXPORT:!DES: | | |
| !3DES:!MD5:!PSK:!RC4:!ADH:!LOW@STRENGTH", | | |
| .ssl_cipher_suites = "", /* Use TLS library provided value */ | | |
| .ssl_curve_list = "", | | |
| .ssl_min_protocol = "TLSv1.2", | | |
| .ssl_crypto_device = "", | | |
| .ssl_client_require_valid_cert = TRUE, | | |
| .verbose_ssl = FALSE, | | |
| }; | | }; |
| | |
| const struct setting_parser_info mail_storage_setting_parser_info = { | | const struct setting_parser_info mail_storage_setting_parser_info = { |
| .module_name = "mail", | | .module_name = "mail", |
| .defines = mail_storage_setting_defines, | | .defines = mail_storage_setting_defines, |
| .defaults = &mail_storage_default_settings, | | .defaults = &mail_storage_default_settings, |
| | |
| .type_offset = SIZE_MAX, | | .type_offset = SIZE_MAX, |
| .struct_size = sizeof(struct mail_storage_settings), | | .struct_size = sizeof(struct mail_storage_settings), |
| | |
| | |
| skipping to change at line 436 | | skipping to change at line 412 |
|---|
| } | | } |
| | |
| static void | | static void |
| fix_base_path(struct mail_user_settings *set, pool_t pool, const char **str) | | fix_base_path(struct mail_user_settings *set, pool_t pool, const char **str) |
| { | | { |
| if (*str != NULL && **str != '\0' && **str != '/') | | if (*str != NULL && **str != '\0' && **str != '/') |
| *str = p_strconcat(pool, set->base_dir, "/", *str, NULL); | | *str = p_strconcat(pool, set->base_dir, "/", *str, NULL); |
| } | | } |
| | |
| /* <settings checks> */ | | /* <settings checks> */ |
|
| | static bool mail_cache_fields_parse(const char *key, const char *value, |
| | const char **error_r) |
| | { |
| | const char *const *arr; |
| | |
| | for (arr = t_strsplit_spaces(value, " ,"); *arr != NULL; arr++) { |
| | const char *name = *arr; |
| | |
| | if (strncasecmp(name, "hdr.", 4) == 0 && |
| | !message_header_name_is_valid(name+4)) { |
| | *error_r = t_strdup_printf( |
| | "Invalid %s: %s is not a valid header name", |
| | key, name); |
| | return FALSE; |
| | } |
| | } |
| | return TRUE; |
| | } |
| | |
| static bool mail_storage_settings_check(void *_set, pool_t pool, | | static bool mail_storage_settings_check(void *_set, pool_t pool, |
| const char **error_r) | | const char **error_r) |
| { | | { |
| struct mail_storage_settings *set = _set; | | struct mail_storage_settings *set = _set; |
| struct hash_format *format; | | struct hash_format *format; |
| const char *p, *error; | | const char *p, *error; |
| bool uidl_format_ok; | | bool uidl_format_ok; |
| char c; | | char c; |
| | |
| if (set->mailbox_idle_check_interval == 0) { | | if (set->mailbox_idle_check_interval == 0) { |
| | |
| skipping to change at line 532 | | skipping to change at line 527 |
|---|
| *error_r = t_strconcat("Invalid mail_attachment_hash setting: ", | | *error_r = t_strconcat("Invalid mail_attachment_hash setting: ", |
| error, NULL); | | error, NULL); |
| return FALSE; | | return FALSE; |
| } | | } |
| if (strchr(set->mail_attachment_hash, '-') != NULL) { | | if (strchr(set->mail_attachment_hash, '-') != NULL) { |
| *error_r = "mail_attachment_hash setting " | | *error_r = "mail_attachment_hash setting " |
| "must not contain '-' characters"; | | "must not contain '-' characters"; |
| return FALSE; | | return FALSE; |
| } | | } |
| hash_format_deinit_free(&format); | | hash_format_deinit_free(&format); |
|
| #ifndef CONFIG_BINARY | | |
| if (*set->ssl_client_ca_dir != '\0' && | | |
| access(set->ssl_client_ca_dir, X_OK) < 0) { | | |
| *error_r = t_strdup_printf( | | |
| "ssl_client_ca_dir: access(%s) failed: %m", | | |
| set->ssl_client_ca_dir); | | |
| return FALSE; | | |
| } | | |
| #endif | | |
| | |
| // FIXME: check set->mail_server_admin syntax (RFC 5464, Section 6.2.2) | | // FIXME: check set->mail_server_admin syntax (RFC 5464, Section 6.2.2) |
| | |
| #ifndef CONFIG_BINARY | | #ifndef CONFIG_BINARY |
| if (*set->hostname == '\0') | | if (*set->hostname == '\0') |
| set->hostname = p_strdup(pool, my_hostdomain()); | | set->hostname = p_strdup(pool, my_hostdomain()); |
| #endif | | #endif |
| | |
| /* parse mail_attachment_indicator_options */ | | /* parse mail_attachment_indicator_options */ |
| if (*set->mail_attachment_detection_options != '\0') { | | if (*set->mail_attachment_detection_options != '\0') { |
| | |
| skipping to change at line 582 | | skipping to change at line 568 |
|---|
| "Unknown option: %s", opt); | | "Unknown option: %s", opt); |
| return FALSE; | | return FALSE; |
| } | | } |
| options++; | | options++; |
| } | | } |
| | |
| array_append_zero(&content_types); | | array_append_zero(&content_types); |
| set->parsed_mail_attachment_content_type_filter = array_front(&co
ntent_types); | | set->parsed_mail_attachment_content_type_filter = array_front(&co
ntent_types); |
| } | | } |
| | |
|
| | if (!mail_cache_fields_parse("mail_cache_fields", |
| | set->mail_cache_fields, error_r)) |
| | return FALSE; |
| | if (!mail_cache_fields_parse("mail_always_cache_fields", |
| | set->mail_always_cache_fields, error_r)) |
| | return FALSE; |
| | if (!mail_cache_fields_parse("mail_never_cache_fields", |
| | set->mail_never_cache_fields, error_r)) |
| | return FALSE; |
| return TRUE; | | return TRUE; |
| } | | } |
| | |
| static bool namespace_settings_check(void *_set, pool_t pool ATTR_UNUSED, | | static bool namespace_settings_check(void *_set, pool_t pool ATTR_UNUSED, |
| const char **error_r) | | const char **error_r) |
| { | | { |
| struct mail_namespace_settings *ns = _set; | | struct mail_namespace_settings *ns = _set; |
| struct mail_namespace_settings *const *namespaces; | | struct mail_namespace_settings *const *namespaces; |
| const char *name; | | const char *name; |
| unsigned int i, count; | | unsigned int i, count; |
| | |
| skipping to change at line 815 | | skipping to change at line 810 |
|---|
| const struct smtp_address **address_r, | | const struct smtp_address **address_r, |
| const char **error_r) | | const char **error_r) |
| { | | { |
| *address_r = set->_parsed_postmaster_address_smtp; | | *address_r = set->_parsed_postmaster_address_smtp; |
| if (*address_r != NULL) | | if (*address_r != NULL) |
| return TRUE; | | return TRUE; |
| /* parsing failed - do it again to get the error */ | | /* parsing failed - do it again to get the error */ |
| get_postmaster_address_error(set, error_r); | | get_postmaster_address_error(set, error_r); |
| return FALSE; | | return FALSE; |
| } | | } |
|
| | | |
| void mail_storage_settings_init_ssl_client_settings(const struct mail_storage_se | | |
| ttings *mail_set, | | |
| struct ssl_iostream_settings | | |
| *ssl_set_r) | | |
| { | | |
| i_zero(ssl_set_r); | | |
| if (*mail_set->ssl_client_ca_dir != '\0') | | |
| ssl_set_r->ca_dir = mail_set->ssl_client_ca_dir; | | |
| if (*mail_set->ssl_client_ca_file != '\0') | | |
| ssl_set_r->ca_file = mail_set->ssl_client_ca_file; | | |
| if (*mail_set->ssl_client_cert != '\0') | | |
| ssl_set_r->cert.cert = mail_set->ssl_client_cert; | | |
| if (*mail_set->ssl_client_key != '\0') | | |
| ssl_set_r->cert.key = mail_set->ssl_client_key; | | |
| ssl_set_r->cipher_list = mail_set->ssl_cipher_list; | | |
| if (*mail_set->ssl_cipher_suites != '\0') | | |
| ssl_set_r->ciphersuites = mail_set->ssl_cipher_suites; | | |
| ssl_set_r->curve_list = mail_set->ssl_curve_list; | | |
| ssl_set_r->min_protocol = mail_set->ssl_min_protocol; | | |
| ssl_set_r->crypto_device = mail_set->ssl_crypto_device; | | |
| ssl_set_r->verify_remote_cert = mail_set->ssl_client_require_valid_cert; | | |
| ssl_set_r->allow_invalid_cert = !ssl_set_r->verify_remote_cert; | | |
| ssl_set_r->verbose = mail_set->verbose_ssl; | | |
| } | | |
| | | |
| End of changes. 7 change blocks. |
|---|
| 35 lines changed or deleted | | 29 lines changed or added |
|---|
"Fossies" - the Fresh Open Source Software Archive 