X-Git-Url: https://git.exim.org/exim.git/blobdiff_plain/383832efc13b2027e89426a952430158028a3b0f..7006ee24ecfd9d8f405f70d38cc36bdd91f8de87:/src/src/readconf.c diff --git a/src/src/readconf.c b/src/src/readconf.c index b2a3c7370..e75ac41be 100644 --- a/src/src/readconf.c +++ b/src/src/readconf.c @@ -22,12 +22,15 @@ static void readconf_options_auths(void); #define CSTATE_STACK_SIZE 10 +const uschar *config_directory = NULL; + /* Structure for chain (stack) of .included files */ typedef struct config_file_item { struct config_file_item *next; - uschar *filename; + const uschar *filename; + const uschar *directory; FILE *file; int lineno; } config_file_item; @@ -223,6 +226,7 @@ static optionlist optionlist_config[] = { { "dccifd_address", opt_stringptr, &dccifd_address }, { "dccifd_options", opt_stringptr, &dccifd_options }, #endif + { "debug_store", opt_bool, &debug_store }, { "delay_warning", opt_timelist, &delay_warning }, { "delay_warning_condition", opt_stringptr, &delay_warning_condition }, { "deliver_drop_privilege", opt_bool, &deliver_drop_privilege }, @@ -250,7 +254,7 @@ static optionlist optionlist_config[] = { { "dns_retry", opt_int, &dns_retry }, { "dns_trust_aa", opt_stringptr, &dns_trust_aa }, { "dns_use_edns0", opt_int, &dns_use_edns0 }, - /* This option is now a no-op, retained for compability */ + /* This option is now a no-op, retained for compatibility */ { "drop_cr", opt_bool, &drop_cr }, /*********************************************************/ { "dsn_advertise_hosts", opt_stringptr, &dsn_advertise_hosts }, @@ -849,7 +853,7 @@ due to conflicts with other common macros. */ #ifdef TRANSPORT_APPENDFILE # ifdef SUPPORT_MAILDIR - macro_create(US"_HAVE_TRANSPORT_APPEND_MAILDR", US"y", FALSE, TRUE); + macro_create(US"_HAVE_TRANSPORT_APPEND_MAILDIR", US"y", FALSE, TRUE); # endif # ifdef SUPPORT_MAILSTORE macro_create(US"_HAVE_TRANSPORT_APPEND_MAILSTORE", US"y", FALSE, TRUE); @@ -874,7 +878,7 @@ of the macros list is in reverse-alpha (we prepend them) - so longer macros that have substrings are always discovered first during expansion. */ -for (i = 0; i < nopt; i++) if (*(s = opts[i].name) && *s != '*') +for (i = 0; i < nopt; i++) if (*(s = US opts[i].name) && *s != '*') if (group) macro_create(string_sprintf("_OPT_%T_%T_%T", section, group, s), US"y", FALSE, TRUE); else @@ -944,6 +948,7 @@ for (;;) (void)fclose(config_file); config_file = config_file_stack->file; config_filename = config_file_stack->filename; + config_directory = config_file_stack->directory; config_lineno = config_file_stack->lineno; config_file_stack = config_file_stack->next; if (config_lines) @@ -1166,9 +1171,19 @@ for (;;) } *t = 0; + /* We allow relative file names. For security reasons currently + relative names not allowed with .include_if_exists. For .include_if_exists + we need to check the permissions/ownership of the containing folder */ if (*ss != '/') - log_write(0, LOG_PANIC_DIE|LOG_CONFIG_IN, ".include specifies a non-" - "absolute path \"%s\"", ss); + if (include_if_exists) log_write(0, LOG_PANIC_DIE|LOG_CONFIG_IN, ".include specifies a non-" + "absolute path \"%s\"", ss); + else + { + int offset = 0; + int size = 0; + ss = string_append(NULL, &size, &offset, 3, config_directory, "/", ss); + ss[offset] = '\0'; /* string_append() does not zero terminate the string! */ + } if (include_if_exists != 0 && (Ustat(ss, &statbuf) != 0)) continue; @@ -1179,6 +1194,7 @@ for (;;) config_file_stack = save; save->file = config_file; save->filename = config_filename; + save->directory = config_directory; save->lineno = config_lineno; if (!(config_file = Ufopen(ss, "rb"))) @@ -1186,6 +1202,7 @@ for (;;) "configuration file %s", ss); config_filename = string_copy(ss); + config_directory = string_copyn(ss, CUstrrchr(ss, '/') - ss); config_lineno = 0; continue; } @@ -2352,7 +2369,7 @@ switch (type) /* We get a coverity error here for using count, as it derived from the tainted buffer pointed to by s, as parsed by sscanf(). - By the definition of sscanf we must be aceessing between start + By the definition of sscanf we must be accessing between start and end of s (assuming it is nul-terminated...) so ignore the error. */ /* coverity[tainted_data] */ if (s[count] == '.') @@ -3235,12 +3252,9 @@ if (pid == 0) exim_setugid(exim_uid, exim_gid, FALSE, US"calling tls_validate_require_cipher"); - errmsg = tls_validate_require_cipher(); - if (errmsg) - { + if ((errmsg = tls_validate_require_cipher())) log_write(0, LOG_PANIC_DIE|LOG_CONFIG, "tls_require_ciphers invalid: %s", errmsg); - } fflush(NULL); _exit(0); } @@ -3356,28 +3370,50 @@ while((filename = string_nextinlist(&list, &sep, big_buffer, big_buffer_size))) if (config_file != NULL || errno != ENOENT) break; } -/* Now, once we found and opened our configuration file, we change the directory -to a safe place. Later we change to $spool_directory. */ - -if (Uchdir("/") < 0) - { - perror("exim: chdir `/': "); - exit(EXIT_FAILURE); - } - /* On success, save the name for verification; config_filename is used when logging configuration errors (it changes for .included files) whereas config_main_filename is the name shown by -bP. Failure to open a configuration file is a serious disaster. */ -if (config_file != NULL) +if (config_file) { - uschar *p; + uschar *last_slash = Ustrrchr(filename, '/'); config_filename = config_main_filename = string_copy(filename); - p = Ustrrchr(filename, '/'); - config_main_directory = p ? string_copyn(filename, p - filename) - : string_copy(US"."); + /* The config_main_directory we need for the $config_dir expansion. + config_main_filename we need for $config_file expansion. + And config_dir is the directory of the current configuration, used for + relative .includes. We do need to know it's name, as we change our working + directory later. */ + + if (filename[0] == '/') + config_main_directory = last_slash == filename ? US"/" : string_copyn(filename, last_slash - filename); + else + { + /* relative configuration file name: working dir + / + basename(filename) */ + + uschar buf[PATH_MAX]; + int offset = 0; + int size = 0; + + if (os_getcwd(buf, PATH_MAX) == NULL) + { + perror("exim: getcwd"); + exit(EXIT_FAILURE); + } + config_main_directory = string_cat(NULL, &size, &offset, buf); + + /* If the dir does not end with a "/", append one */ + if (config_main_directory[offset-1] != '/') + config_main_directory = string_catn(config_main_directory, &size, &offset, US"/", 1); + + /* If the config file contains a "/", extract the directory part */ + if (last_slash) + config_main_directory = string_catn(config_main_directory, &size, &offset, filename, last_slash - filename); + + config_main_directory[offset] = '\0'; + } + config_directory = config_main_directory; } else { @@ -3389,6 +3425,15 @@ else "configuration file %s", filename)); } +/* Now, once we found and opened our configuration file, we change the directory +to a safe place. Later we change to $spool_directory. */ + +if (Uchdir("/") < 0) + { + perror("exim: chdir `/': "); + exit(EXIT_FAILURE); + } + /* Check the status of the file we have opened, if we have retained root privileges and the file isn't /dev/null (which *should* be 0666). */ @@ -3739,14 +3784,14 @@ if (tls_dh_max_bits < 1024) "tls_dh_max_bits is too small, must be at least 1024 for interop"); /* If openssl_options is set, validate it */ -if (openssl_options != NULL) +if (openssl_options) { # ifdef USE_GNUTLS log_write(0, LOG_PANIC_DIE|LOG_CONFIG, "openssl_options is set but we're using GnuTLS"); # else long dummy; - if (!(tls_openssl_options_parse(openssl_options, &dummy))) + if (!tls_openssl_options_parse(openssl_options, &dummy)) log_write(0, LOG_PANIC_DIE|LOG_CONFIG, "openssl_options parse error: %s", openssl_options); # endif