xref: /freebsd-10-stable/contrib/sendmail/libsm/mbdb.c

/*
 * Copyright (c) 2001-2003,2009 Proofpoint, Inc. and its suppliers.
 *      All rights reserved.
 *
 * By using this file, you agree to the terms and conditions set
 * forth in the LICENSE file which can be found at the top level of
 * the sendmail distribution.
 */

#include <sm/gen.h>
SM_RCSID("@(#)$Id: mbdb.c,v 1.43 2014/01/08 17:03:15 ca Exp $")

#include <sys/param.h>

#include <ctype.h>
#include <errno.h>
#include <pwd.h>
#include <stdlib.h>
#include <setjmp.h>
#include <unistd.h>

#include <sm/limits.h>
#include <sm/conf.h>
#include <sm/assert.h>
#include <sm/bitops.h>
#include <sm/errstring.h>
#include <sm/heap.h>
#include <sm/mbdb.h>
#include <sm/string.h>
# ifdef EX_OK
#  undef EX_OK			/* for SVr4.2 SMP */
# endif /* EX_OK */
#include <sm/sysexits.h>

#if LDAPMAP
# if _LDAP_EXAMPLE_
#  include <sm/ldap.h>
# endif /* _LDAP_EXAMPLE_ */
#endif /* LDAPMAP */

typedef struct
{
	char	*mbdb_typename;
	int	(*mbdb_initialize) __P((char *));
	int	(*mbdb_lookup) __P((char *name, SM_MBDB_T *user));
	void	(*mbdb_terminate) __P((void));
} SM_MBDB_TYPE_T;

static int	mbdb_pw_initialize __P((char *));
static int	mbdb_pw_lookup __P((char *name, SM_MBDB_T *user));
static void	mbdb_pw_terminate __P((void));

#if LDAPMAP
# if _LDAP_EXAMPLE_
static struct sm_ldap_struct LDAPLMAP;
static int	mbdb_ldap_initialize __P((char *));
static int	mbdb_ldap_lookup __P((char *name, SM_MBDB_T *user));
static void	mbdb_ldap_terminate __P((void));
# endif /* _LDAP_EXAMPLE_ */
#endif /* LDAPMAP */

static SM_MBDB_TYPE_T SmMbdbTypes[] =
{
	{ "pw", mbdb_pw_initialize, mbdb_pw_lookup, mbdb_pw_terminate },
#if LDAPMAP
# if _LDAP_EXAMPLE_
	{ "ldap", mbdb_ldap_initialize, mbdb_ldap_lookup, mbdb_ldap_terminate },
# endif /* _LDAP_EXAMPLE_ */
#endif /* LDAPMAP */
	{ NULL, NULL, NULL, NULL }
};

static SM_MBDB_TYPE_T *SmMbdbType = &SmMbdbTypes[0];

/*
**  SM_MBDB_INITIALIZE -- specify which mailbox database to use
**
**	If this function is not called, then the "pw" implementation
**	is used by default; this implementation uses getpwnam().
**
**	Parameters:
**		mbdb -- Which mailbox database to use.
**			The argument has the form "name" or "name.arg".
**			"pw" means use getpwnam().
**
**	Results:
**		EX_OK on success, or an EX_* code on failure.
*/

int
sm_mbdb_initialize(mbdb)
	char *mbdb;
{
	size_t namelen;
	int err;
	char *name;
	char *arg;
	SM_MBDB_TYPE_T *t;

	SM_REQUIRE(mbdb != NULL);

	name = mbdb;
	arg = strchr(mbdb, '.');
	if (arg == NULL)
		namelen = strlen(name);
	else
	{
		namelen = arg - name;
		++arg;
	}

	for (t = SmMbdbTypes; t->mbdb_typename != NULL; ++t)
	{
		if (strlen(t->mbdb_typename) == namelen &&
		    strncmp(name, t->mbdb_typename, namelen) == 0)
		{
			err = EX_OK;
			if (t->mbdb_initialize != NULL)
				err = t->mbdb_initialize(arg);
			if (err == EX_OK)
				SmMbdbType = t;
			return err;
		}
	}
	return EX_UNAVAILABLE;
}

/*
**  SM_MBDB_TERMINATE -- terminate connection to the mailbox database
**
**	Because this function closes any cached file descriptors that
**	are being held open for the connection to the mailbox database,
**	it should be called for security reasons prior to dropping privileges
**	and execing another process.
**
**	Parameters:
**		none.
**
**	Results:
**		none.
*/

void
sm_mbdb_terminate()
{
	if (SmMbdbType->mbdb_terminate != NULL)
		SmMbdbType->mbdb_terminate();
}

/*
**  SM_MBDB_LOOKUP -- look up a local mail recipient, given name
**
**	Parameters:
**		name -- name of local mail recipient
**		user -- pointer to structure to fill in on success
**
**	Results:
**		On success, fill in *user and return EX_OK.
**		If the user does not exist, return EX_NOUSER.
**		If a temporary failure (eg, a network failure) occurred,
**		return EX_TEMPFAIL.  Otherwise return EX_OSERR.
*/

int
sm_mbdb_lookup(name, user)
	char *name;
	SM_MBDB_T *user;
{
	int ret = EX_NOUSER;

	if (SmMbdbType->mbdb_lookup != NULL)
		ret = SmMbdbType->mbdb_lookup(name, user);
	return ret;
}

/*
**  SM_MBDB_FROMPW -- copy from struct pw to SM_MBDB_T
**
**	Parameters:
**		user -- destination user information structure
**		pw -- source passwd structure
**
**	Results:
**		none.
*/

void
sm_mbdb_frompw(user, pw)
	SM_MBDB_T *user;
	struct passwd *pw;
{
	SM_REQUIRE(user != NULL);
	(void) sm_strlcpy(user->mbdb_name, pw->pw_name,
			  sizeof(user->mbdb_name));
	user->mbdb_uid = pw->pw_uid;
	user->mbdb_gid = pw->pw_gid;
	sm_pwfullname(pw->pw_gecos, pw->pw_name, user->mbdb_fullname,
		      sizeof(user->mbdb_fullname));
	(void) sm_strlcpy(user->mbdb_homedir, pw->pw_dir,
			  sizeof(user->mbdb_homedir));
	(void) sm_strlcpy(user->mbdb_shell, pw->pw_shell,
			  sizeof(user->mbdb_shell));
}

/*
**  SM_PWFULLNAME -- build full name of user from pw_gecos field.
**
**	This routine interprets the strange entry that would appear
**	in the GECOS field of the password file.
**
**	Parameters:
**		gecos -- name to build.
**		user -- the login name of this user (for &).
**		buf -- place to put the result.
**		buflen -- length of buf.
**
**	Returns:
**		none.
*/

#if _FFR_HANDLE_ISO8859_GECOS
static char Latin1ToASCII[128] =
{
	32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32,
	32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 33,
	99, 80, 36, 89, 124, 36, 34, 99, 97, 60, 45, 45, 114, 45, 111, 42,
	50, 51, 39, 117, 80, 46, 44, 49, 111, 62, 42, 42, 42, 63, 65, 65,
	65, 65, 65, 65, 65, 67, 69, 69, 69, 69, 73, 73, 73, 73, 68, 78, 79,
	79, 79, 79, 79, 88, 79, 85, 85, 85, 85, 89, 80, 66, 97, 97, 97, 97,
	97, 97, 97, 99, 101, 101, 101, 101, 105, 105, 105, 105, 100, 110,
	111, 111, 111, 111, 111, 47, 111, 117, 117, 117, 117, 121, 112, 121
};
#endif /* _FFR_HANDLE_ISO8859_GECOS */

void
sm_pwfullname(gecos, user, buf, buflen)
	register char *gecos;
	char *user;
	char *buf;
	size_t buflen;
{
	register char *p;
	register char *bp = buf;

	if (*gecos == '*')
		gecos++;

	/* copy gecos, interpolating & to be full name */
	for (p = gecos; *p != '\0' && *p != ',' && *p != ';' && *p != '%'; p++)
	{
		if (bp >= &buf[buflen - 1])
		{
			/* buffer overflow -- just use login name */
			(void) sm_strlcpy(buf, user, buflen);
			return;
		}
		if (*p == '&')
		{
			/* interpolate full name */
			(void) sm_strlcpy(bp, user, buflen - (bp - buf));
			*bp = toupper(*bp);
			bp += strlen(bp);
		}
		else
		{
#if _FFR_HANDLE_ISO8859_GECOS
			if ((unsigned char) *p >= 128)
				*bp++ = Latin1ToASCII[(unsigned char) *p - 128];
			else
#endif /* _FFR_HANDLE_ISO8859_GECOS */
				*bp++ = *p;
		}
	}
	*bp = '\0';
}

/*
**  /etc/passwd implementation.
*/

/*
**  MBDB_PW_INITIALIZE -- initialize getpwnam() version
**
**	Parameters:
**		arg -- unused.
**
**	Results:
**		EX_OK.
*/

/* ARGSUSED0 */
static int
mbdb_pw_initialize(arg)
	char *arg;
{
	return EX_OK;
}

/*
**  MBDB_PW_LOOKUP -- look up a local mail recipient, given name
**
**	Parameters:
**		name -- name of local mail recipient
**		user -- pointer to structure to fill in on success
**
**	Results:
**		On success, fill in *user and return EX_OK.
**		Failure: EX_NOUSER.
*/

static int
mbdb_pw_lookup(name, user)
	char *name;
	SM_MBDB_T *user;
{
	struct passwd *pw;

#ifdef HESIOD
	/* DEC Hesiod getpwnam accepts numeric strings -- short circuit it */
	{
		char *p;

		for (p = name; *p != '\0'; p++)
			if (!isascii(*p) || !isdigit(*p))
				break;
		if (*p == '\0')
			return EX_NOUSER;
	}
#endif /* HESIOD */

	errno = 0;
	pw = getpwnam(name);
	if (pw == NULL)
	{
#if _FFR_USE_GETPWNAM_ERRNO
		/*
		**  Only enable this code iff
		**  user unknown <-> getpwnam() == NULL && errno == 0
		**  (i.e., errno unchanged); see the POSIX spec.
		*/

		if (errno != 0)
			return EX_TEMPFAIL;
#endif /* _FFR_USE_GETPWNAM_ERRNO */
		return EX_NOUSER;
	}

	sm_mbdb_frompw(user, pw);
	return EX_OK;
}

/*
**  MBDB_PW_TERMINATE -- terminate connection to the mailbox database
**
**	Parameters:
**		none.
**
**	Results:
**		none.
*/

static void
mbdb_pw_terminate()
{
	endpwent();
}

#if LDAPMAP
# if _LDAP_EXAMPLE_
/*
**  LDAP example implementation based on RFC 2307, "An Approach for Using
**  LDAP as a Network Information Service":
**
**	( nisSchema.1.0 NAME 'uidNumber'
**	  DESC 'An integer uniquely identifying a user in an
**		administrative domain'
**	  EQUALITY integerMatch SYNTAX 'INTEGER' SINGLE-VALUE )
**
**	( nisSchema.1.1 NAME 'gidNumber'
**	  DESC 'An integer uniquely identifying a group in an
**		administrative domain'
**	  EQUALITY integerMatch SYNTAX 'INTEGER' SINGLE-VALUE )
**
**	( nisSchema.1.2 NAME 'gecos'
**	  DESC 'The GECOS field; the common name'
**	  EQUALITY caseIgnoreIA5Match
**	  SUBSTRINGS caseIgnoreIA5SubstringsMatch
**	  SYNTAX 'IA5String' SINGLE-VALUE )
**
**	( nisSchema.1.3 NAME 'homeDirectory'
**	  DESC 'The absolute path to the home directory'
**	  EQUALITY caseExactIA5Match
**	  SYNTAX 'IA5String' SINGLE-VALUE )
**
**	( nisSchema.1.4 NAME 'loginShell'
**	  DESC 'The path to the login shell'
**	  EQUALITY caseExactIA5Match
**	  SYNTAX 'IA5String' SINGLE-VALUE )
**
**	( nisSchema.2.0 NAME 'posixAccount' SUP top AUXILIARY
**	  DESC 'Abstraction of an account with POSIX attributes'
**	  MUST ( cn $ uid $ uidNumber $ gidNumber $ homeDirectory )
**	  MAY ( userPassword $ loginShell $ gecos $ description ) )
**
*/

#  define MBDB_LDAP_LABEL		"MailboxDatabase"

#  ifndef MBDB_LDAP_FILTER
#   define MBDB_LDAP_FILTER		"(&(objectClass=posixAccount)(uid=%0))"
#  endif /* MBDB_LDAP_FILTER */

#  ifndef MBDB_DEFAULT_LDAP_BASEDN
#   define MBDB_DEFAULT_LDAP_BASEDN	NULL
#  endif /* MBDB_DEFAULT_LDAP_BASEDN */

#  ifndef MBDB_DEFAULT_LDAP_SERVER
#   define MBDB_DEFAULT_LDAP_SERVER	NULL
#  endif /* MBDB_DEFAULT_LDAP_SERVER */

/*
**  MBDB_LDAP_INITIALIZE -- initialize LDAP version
**
**	Parameters:
**		arg -- LDAP specification
**
**	Results:
**		EX_OK on success, or an EX_* code on failure.
*/

static int
mbdb_ldap_initialize(arg)
	char *arg;
{
	sm_ldap_clear(&LDAPLMAP);
	LDAPLMAP.ldap_base = MBDB_DEFAULT_LDAP_BASEDN;
	LDAPLMAP.ldap_host = MBDB_DEFAULT_LDAP_SERVER;
	LDAPLMAP.ldap_filter = MBDB_LDAP_FILTER;

	/* Only want one match */
	LDAPLMAP.ldap_sizelimit = 1;

	/* interpolate new ldap_base and ldap_host from arg if given */
	if (arg != NULL && *arg != '\0')
	{
		char *new;
		char *sep;
		size_t len;

		len = strlen(arg) + 1;
		new = sm_malloc(len);
		if (new == NULL)
			return EX_TEMPFAIL;
		(void) sm_strlcpy(new, arg, len);
		sep = strrchr(new, '@');
		if (sep != NULL)
		{
			*sep++ = '\0';
			LDAPLMAP.ldap_host = sep;
		}
		LDAPLMAP.ldap_base = new;
	}
	return EX_OK;
}


/*
**  MBDB_LDAP_LOOKUP -- look up a local mail recipient, given name
**
**	Parameters:
**		name -- name of local mail recipient
**		user -- pointer to structure to fill in on success
**
**	Results:
**		On success, fill in *user and return EX_OK.
**		Failure: EX_NOUSER.
*/

#define NEED_FULLNAME	0x01
#define NEED_HOMEDIR	0x02
#define NEED_SHELL	0x04
#define NEED_UID	0x08
#define NEED_GID	0x10

static int
mbdb_ldap_lookup(name, user)
	char *name;
	SM_MBDB_T *user;
{
	int msgid;
	int need;
	int ret;
	int save_errno;
	LDAPMessage *entry;
	BerElement *ber;
	char *attr = NULL;

	if (strlen(name) >= sizeof(user->mbdb_name))
	{
		errno = EINVAL;
		return EX_NOUSER;
	}

	if (LDAPLMAP.ldap_filter == NULL)
	{
		/* map not initialized, but don't have arg here */
		errno = EFAULT;
		return EX_TEMPFAIL;
	}

	if (LDAPLMAP.ldap_pid != getpid())
	{
		/* re-open map in this child process */
		LDAPLMAP.ldap_ld = NULL;
	}

	if (LDAPLMAP.ldap_ld == NULL)
	{
		/* map not open, try to open now */
		if (!sm_ldap_start(MBDB_LDAP_LABEL, &LDAPLMAP))
			return EX_TEMPFAIL;
	}

	sm_ldap_setopts(LDAPLMAP.ldap_ld, &LDAPLMAP);
	msgid = sm_ldap_search(&LDAPLMAP, name);
	if (msgid == -1)
	{
		save_errno = sm_ldap_geterrno(LDAPLMAP.ldap_ld) + E_LDAPBASE;
#  ifdef LDAP_SERVER_DOWN
		if (errno == LDAP_SERVER_DOWN)
		{
			/* server disappeared, try reopen on next search */
			sm_ldap_close(&LDAPLMAP);
		}
#  endif /* LDAP_SERVER_DOWN */
		errno = save_errno;
		return EX_TEMPFAIL;
	}

	/* Get results */
	ret = ldap_result(LDAPLMAP.ldap_ld, msgid, 1,
			  (LDAPLMAP.ldap_timeout.tv_sec == 0 ? NULL :
			   &(LDAPLMAP.ldap_timeout)),
			  &(LDAPLMAP.ldap_res));

	if (ret != LDAP_RES_SEARCH_RESULT &&
	    ret != LDAP_RES_SEARCH_ENTRY)
	{
		if (ret == 0)
			errno = ETIMEDOUT;
		else
			errno = sm_ldap_geterrno(LDAPLMAP.ldap_ld);
		ret = EX_TEMPFAIL;
		goto abort;
	}

	entry = ldap_first_entry(LDAPLMAP.ldap_ld, LDAPLMAP.ldap_res);
	if (entry == NULL)
	{
		int rc;

		/*
		**  We may have gotten an LDAP_RES_SEARCH_RESULT response
		**  with an error inside it, so we have to extract that
		**  with ldap_parse_result().  This can happen when talking
		**  to an LDAP proxy whose backend has gone down.
		*/

		save_errno = ldap_parse_result(LDAPLMAP.ldap_ld,
					       LDAPLMAP.ldap_res, &rc, NULL,
					       NULL, NULL, NULL, 0);
		if (save_errno == LDAP_SUCCESS)
			save_errno = rc;
		if (save_errno == LDAP_SUCCESS)
		{
			errno = ENOENT;
			ret = EX_NOUSER;
		}
		else
		{
			errno = save_errno;
			ret = EX_TEMPFAIL;
		}
		goto abort;
	}

# if !defined(LDAP_VERSION_MAX) && !defined(LDAP_OPT_SIZELIMIT)
	/*
	**  Reset value to prevent lingering
	**  LDAP_DECODING_ERROR due to
	**  OpenLDAP 1.X's hack (see below)
	*/

	LDAPLMAP.ldap_ld->ld_errno = LDAP_SUCCESS;
# endif /* !defined(LDAP_VERSION_MAX) !defined(LDAP_OPT_SIZELIMIT) */

	ret = EX_OK;
	need = NEED_FULLNAME|NEED_HOMEDIR|NEED_SHELL|NEED_UID|NEED_GID;
	for (attr = ldap_first_attribute(LDAPLMAP.ldap_ld, entry, &ber);
	     attr != NULL;
	     attr = ldap_next_attribute(LDAPLMAP.ldap_ld, entry, ber))
	{
		char **vals;

		vals = ldap_get_values(LDAPLMAP.ldap_ld, entry, attr);
		if (vals == NULL)
		{
			errno = sm_ldap_geterrno(LDAPLMAP.ldap_ld);
			if (errno == LDAP_SUCCESS)
			{
				ldap_memfree(attr);
				continue;
			}

			/* Must be an error */
			errno += E_LDAPBASE;
			ret = EX_TEMPFAIL;
			goto abort;
		}

# if !defined(LDAP_VERSION_MAX) && !defined(LDAP_OPT_SIZELIMIT)
		/*
		**  Reset value to prevent lingering
		**  LDAP_DECODING_ERROR due to
		**  OpenLDAP 1.X's hack (see below)
		*/

		LDAPLMAP.ldap_ld->ld_errno = LDAP_SUCCESS;
# endif /* !defined(LDAP_VERSION_MAX) !defined(LDAP_OPT_SIZELIMIT) */

		if (vals[0] == NULL || vals[0][0] == '\0')
			goto skip;

		if (strcasecmp(attr, "gecos") == 0)
		{
			if (!bitset(NEED_FULLNAME, need) ||
			    strlen(vals[0]) >= sizeof(user->mbdb_fullname))
				goto skip;

			sm_pwfullname(vals[0], name, user->mbdb_fullname,
				      sizeof(user->mbdb_fullname));
			need &= ~NEED_FULLNAME;
		}
		else if (strcasecmp(attr, "homeDirectory") == 0)
		{
			if (!bitset(NEED_HOMEDIR, need) ||
			    strlen(vals[0]) >= sizeof(user->mbdb_homedir))
				goto skip;

			(void) sm_strlcpy(user->mbdb_homedir, vals[0],
					  sizeof(user->mbdb_homedir));
			need &= ~NEED_HOMEDIR;
		}
		else if (strcasecmp(attr, "loginShell") == 0)
		{
			if (!bitset(NEED_SHELL, need) ||
			    strlen(vals[0]) >= sizeof(user->mbdb_shell))
				goto skip;

			(void) sm_strlcpy(user->mbdb_shell, vals[0],
					  sizeof(user->mbdb_shell));
			need &= ~NEED_SHELL;
		}
		else if (strcasecmp(attr, "uidNumber") == 0)
		{
			char *p;

			if (!bitset(NEED_UID, need))
				goto skip;

			for (p = vals[0]; *p != '\0'; p++)
			{
				/* allow negative numbers */
				if (p == vals[0] && *p == '-')
				{
					/* but not simply '-' */
					if (*(p + 1) == '\0')
						goto skip;
				}
				else if (!isascii(*p) || !isdigit(*p))
					goto skip;
			}
			user->mbdb_uid = atoi(vals[0]);
			need &= ~NEED_UID;
		}
		else if (strcasecmp(attr, "gidNumber") == 0)
		{
			char *p;

			if (!bitset(NEED_GID, need))
				goto skip;

			for (p = vals[0]; *p != '\0'; p++)
			{
				/* allow negative numbers */
				if (p == vals[0] && *p == '-')
				{
					/* but not simply '-' */
					if (*(p + 1) == '\0')
						goto skip;
				}
				else if (!isascii(*p) || !isdigit(*p))
					goto skip;
			}
			user->mbdb_gid = atoi(vals[0]);
			need &= ~NEED_GID;
		}

skip:
		ldap_value_free(vals);
		ldap_memfree(attr);
	}

	errno = sm_ldap_geterrno(LDAPLMAP.ldap_ld);

	/*
	**  We check errno != LDAP_DECODING_ERROR since
	**  OpenLDAP 1.X has a very ugly *undocumented*
	**  hack of returning this error code from
	**  ldap_next_attribute() if the library freed the
	**  ber attribute.  See:
	**  http://www.openldap.org/lists/openldap-devel/9901/msg00064.html
	*/

	if (errno != LDAP_SUCCESS &&
	    errno != LDAP_DECODING_ERROR)
	{
		/* Must be an error */
		errno += E_LDAPBASE;
		ret = EX_TEMPFAIL;
		goto abort;
	}

 abort:
	save_errno = errno;
	if (attr != NULL)
	{
		ldap_memfree(attr);
		attr = NULL;
	}
	if (LDAPLMAP.ldap_res != NULL)
	{
		ldap_msgfree(LDAPLMAP.ldap_res);
		LDAPLMAP.ldap_res = NULL;
	}
	if (ret == EX_OK)
	{
		if (need == 0)
		{
			(void) sm_strlcpy(user->mbdb_name, name,
					  sizeof(user->mbdb_name));
			save_errno = 0;
		}
		else
		{
			ret = EX_NOUSER;
			save_errno = EINVAL;
		}
	}
	errno = save_errno;
	return ret;
}

/*
**  MBDB_LDAP_TERMINATE -- terminate connection to the mailbox database
**
**	Parameters:
**		none.
**
**	Results:
**		none.
*/

static void
mbdb_ldap_terminate()
{
	sm_ldap_close(&LDAPLMAP);
}
# endif /* _LDAP_EXAMPLE_ */
#endif /* LDAPMAP */