#include <config.h>
#ifdef HAVE_UNISTD_H
#include <unistd.h>
#endif
#include <stdio.h>
#include <string.h>
#include <ctype.h>
#include <signal.h>
#include <stdlib.h>
#include <assert.h>
#include <syslog.h>
#include <errno.h>
#include <netdb.h>
#include <sys/socket.h>
#include <netinet/in.h>
#include <arpa/inet.h>
#include <sys/types.h>
#include <sys/ioctl.h>
#if !defined(SIOCGIFCONF) && defined(HAVE_SYS_SOCKIO_H)
# include <sys/sockio.h>
#endif
#include <net/if.h>
#include <pthread.h>
#include <sasl/sasl.h>
#include <sasl/saslutil.h>
#include "mupdate.h"
#include "mupdate-client.h"
#include "telemetry.h"
#include "exitcodes.h"
#include "global.h"
#include "imap_err.h"
#include "iptostring.h"
#include "mailbox.h"
#include "mboxlist.h"
#include "mpool.h"
#include "nonblock.h"
#include "prot.h"
#include "tls.h"
#include "util.h"
#include "version.h"
#include "xmalloc.h"
#ifdef APPLE_OS_X_SERVER
#include "AppleOD.h"
#endif
static const char SERVER_UNABLE_STRING[] = "* BYE \"Server Unable\"\r\n";
static const int NO_NEW_CONNECTION = -1;
static int masterp = 0;
typedef enum {
DOCMD_OK = 0,
DOCMD_CONN_FINISHED = 1
} mupdate_docmd_result_t;
enum {
poll_interval = 1,
update_wait = 5
};
struct pending {
struct pending *next;
char mailbox[MAX_MAILBOX_NAME+1];
};
struct stringlist
{
char *str;
struct stringlist *next;
};
struct conn {
int fd;
int logfd;
struct protstream *pin;
struct protstream *pout;
sasl_conn_t *saslconn;
char *userid;
#ifdef HAVE_SSL
SSL *tlsconn;
#else
void *tlsconn;
#endif
int idle;
char clienthost[NI_MAXHOST*2+1];
struct
{
char *ipremoteport;
char ipremoteport_buf[60];
char *iplocalport;
char iplocalport_buf[60];
sasl_ssf_t ssf;
char *authid;
} saslprops;
const char *streaming;
struct stringlist *streaming_hosts;
pthread_mutex_t m;
pthread_cond_t cond;
struct pending *plist;
struct conn *updatelist_next;
struct prot_waitevent *ev;
const char *list_prefix;
size_t list_prefix_len;
struct buf tag, cmd, arg1, arg2, arg3;
struct conn *next;
struct conn *next_idle;
};
static int ready_for_connections = 0;
static pthread_cond_t ready_for_connections_cond = PTHREAD_COND_INITIALIZER;
static pthread_mutex_t ready_for_connections_mutex = PTHREAD_MUTEX_INITIALIZER;
static int synced = 0;
static pthread_cond_t synced_cond = PTHREAD_COND_INITIALIZER;
static pthread_mutex_t synced_mutex = PTHREAD_MUTEX_INITIALIZER;
static pthread_mutex_t listener_mutex = PTHREAD_MUTEX_INITIALIZER;
static pthread_cond_t listener_cond = PTHREAD_COND_INITIALIZER;
static int listener_lock = 0;
static pthread_mutex_t idle_connlist_mutex = PTHREAD_MUTEX_INITIALIZER;
struct conn *idle_connlist = NULL;
static pthread_mutex_t connection_count_mutex = PTHREAD_MUTEX_INITIALIZER;
static int connection_count = 0;
static pthread_mutex_t idle_worker_mutex = PTHREAD_MUTEX_INITIALIZER;
static int idle_worker_count = 0;
static pthread_mutex_t worker_count_mutex = PTHREAD_MUTEX_INITIALIZER;
static int worker_count = 0;
pthread_mutex_t connlist_mutex = PTHREAD_MUTEX_INITIALIZER;
struct conn *connlist = NULL;
static int conn_pipe[2];
pthread_mutex_t mailboxes_mutex = PTHREAD_MUTEX_INITIALIZER;
struct conn *updatelist = NULL;
static void conn_free(struct conn *C);
mupdate_docmd_result_t docmd(struct conn *c);
void cmd_authenticate(struct conn *C,
const char *tag, const char *mech,
const char *clientstart);
void cmd_set(struct conn *C,
const char *tag, const char *mailbox,
const char *server, const char *acl, enum settype t);
void cmd_find(struct conn *C, const char *tag, const char *mailbox,
int send_ok, int send_delete);
void cmd_list(struct conn *C, const char *tag, const char *host_prefix);
void cmd_startupdate(struct conn *C, const char *tag,
struct stringlist *partial);
void cmd_starttls(struct conn *C, const char *tag);
void shut_down(int code);
static int reset_saslconn(struct conn *c);
void database_init();
void sendupdates(struct conn *C, int flushnow);
extern int saslserver(sasl_conn_t *conn, const char *mech,
const char *init_resp, const char *resp_prefix,
const char *continuation, const char *empty_chal,
struct protstream *pin, struct protstream *pout,
int *sasl_result, char **success_data);
static void stringlist_add(struct stringlist **list, const char *string);
static void stringlist_free(struct stringlist **list);
static int stringlist_contains(struct stringlist *list, const char *str);
void *mupdate_client_start(void *rock);
void *mupdate_placebo_kick_start(void *rock);
static void *thread_main(void *rock);
const int config_need_data = 0;
static struct conn *conn_new(int fd)
{
struct conn *C = xzmalloc(sizeof(struct conn));
struct sockaddr_storage localaddr, remoteaddr;
int r;
int haveaddr = 0;
int salen;
int secflags;
char hbuf[NI_MAXHOST];
int niflags;
C->fd = fd;
C->logfd = -1;
C->pin = prot_new(C->fd, 0);
C->pout = prot_new(C->fd, 1);
prot_setflushonread(C->pin, C->pout);
prot_settimeout(C->pin, 180*60);
C->pin->userdata = C->pout->userdata = C;
pthread_mutex_lock(&connlist_mutex);
C->next = connlist;
connlist = C;
pthread_mutex_unlock(&connlist_mutex);
pthread_mutex_lock(&connection_count_mutex);
connection_count++;
pthread_mutex_unlock(&connection_count_mutex);
salen = sizeof(remoteaddr);
if (getpeername(C->fd, (struct sockaddr *)&remoteaddr, &salen) == 0 &&
(remoteaddr.ss_family == AF_INET ||
remoteaddr.ss_family == AF_INET6)) {
niflags = 0;
#ifdef NI_WITHSCOPEID
if (remoteaddr.ss_family == AF_INET6)
niflags |= NI_WITHSCOPEID;
#endif
if (getnameinfo((struct sockaddr *)&remoteaddr, salen,
hbuf, sizeof(hbuf), NULL, 0, niflags) == 0)
strlcpy(C->clienthost, hbuf, sizeof(C->clienthost)-30);
else
strlcpy(C->clienthost, "Unknown", sizeof(C->clienthost)-30);
niflags = NI_NUMERICHOST;
#ifdef NI_WITHSCOPEID
if (((struct sockaddr *)&remoteaddr)->sa_family == AF_INET6)
niflags |= NI_WITHSCOPEID;
#endif
if (getnameinfo((struct sockaddr *)&remoteaddr, salen,
hbuf, sizeof(hbuf), NULL, 0, niflags) != 0)
strlcpy(hbuf, "unknown", sizeof(hbuf));
strlcat(C->clienthost, " [", sizeof(C->clienthost));
strlcat(C->clienthost, hbuf, sizeof(C->clienthost));
strlcat(C->clienthost, "]", sizeof(C->clienthost));
salen = sizeof(localaddr);
if (getsockname(C->fd, (struct sockaddr *)&localaddr, &salen) == 0
&& iptostring((struct sockaddr *)&remoteaddr, salen,
C->saslprops.ipremoteport_buf,
sizeof(C->saslprops.ipremoteport_buf)) == 0
&& iptostring((struct sockaddr *)&localaddr, salen,
C->saslprops.iplocalport_buf,
sizeof(C->saslprops.iplocalport_buf)) == 0) {
haveaddr = 1;
}
}
if(haveaddr) {
C->saslprops.ipremoteport = C->saslprops.ipremoteport_buf;
C->saslprops.iplocalport = C->saslprops.iplocalport_buf;
}
r = sasl_server_new("mupdate",
config_servername, NULL,
C->saslprops.iplocalport,
C->saslprops.ipremoteport,
NULL, 0,
&C->saslconn);
if(r != SASL_OK) {
syslog(LOG_ERR, "failed to start sasl for connection: %s",
sasl_errstring(r, NULL, NULL));
prot_printf(C->pout, SERVER_UNABLE_STRING);
C->idle = 0;
conn_free(C);
return NULL;
}
secflags = SASL_SEC_NOANONYMOUS;
if (!config_getswitch(IMAPOPT_ALLOWPLAINTEXT)) {
secflags |= SASL_SEC_NOPLAINTEXT;
}
sasl_setprop(C->saslconn, SASL_SEC_PROPS, mysasl_secprops(secflags));
memset(&(C->tag), 0, sizeof(struct buf));
memset(&(C->cmd), 0, sizeof(struct buf));
memset(&(C->arg1), 0, sizeof(struct buf));
memset(&(C->arg2), 0, sizeof(struct buf));
memset(&(C->arg3), 0, sizeof(struct buf));
return C;
}
static void conn_free(struct conn *C)
{
assert(!C->idle);
if (C->streaming) {
struct conn *upc;
pthread_mutex_lock(&mailboxes_mutex);
if (C == updatelist) {
updatelist = C->updatelist_next;
} else {
for (upc = updatelist; upc->updatelist_next != NULL;
upc = upc->updatelist_next) {
if (upc->updatelist_next == C) break;
}
assert(upc->updatelist_next == C);
upc->updatelist_next = C->updatelist_next;
}
pthread_mutex_unlock(&mailboxes_mutex);
}
pthread_mutex_lock(&connection_count_mutex);
connection_count--;
pthread_mutex_unlock(&connection_count_mutex);
pthread_mutex_lock(&connlist_mutex);
if (C == connlist) {
connlist = connlist->next;
} else {
struct conn *t;
for (t = connlist; t->next != NULL; t = t->next) {
if (t->next == C) break;
}
assert(t != NULL);
t->next = C->next;
}
pthread_mutex_unlock(&connlist_mutex);
if (C->ev) prot_removewaitevent(C->pin, C->ev);
prot_flush(C->pout);
if (C->pin) prot_free(C->pin);
if (C->pout) prot_free(C->pout);
#ifdef HAVE_SSL
if (C->tlsconn) tls_reset_servertls(&C->tlsconn);
tls_shutdown_serverengine();
#endif
cyrus_close_sock(C->fd);
if(C->logfd != -1) close(C->logfd);
if (C->saslconn) sasl_dispose(&C->saslconn);
if (C->saslprops.authid) free(C->saslprops.authid);
freebuf(&(C->tag));
freebuf(&(C->cmd));
freebuf(&(C->arg1));
freebuf(&(C->arg2));
freebuf(&(C->arg3));
if(C->streaming_hosts) stringlist_free(&(C->streaming_hosts));
free(C);
}
static void stringlist_add(struct stringlist **list, const char *string)
{
struct stringlist *tmp;
assert(list);
assert(string);
tmp = xmalloc(sizeof(struct stringlist));
tmp->str = xstrdup(string);
tmp->next = *list;
*list = tmp;
}
static void stringlist_free(struct stringlist **list)
{
struct stringlist *tmp, *tmp_next;
for(tmp = *list; tmp; tmp=tmp_next) {
tmp_next = tmp->next;
free(tmp->str);
free(tmp);
}
*list = NULL;
}
static int stringlist_contains(struct stringlist *list, const char *str)
{
struct stringlist *tmp;
for(tmp = list; tmp; tmp=tmp->next) {
if(!strcmp(str, tmp->str)) return 1;
}
return 0;
}
static pthread_mutex_t proxy_policy_mutex = PTHREAD_MUTEX_INITIALIZER;
static int mupdate_proxy_policy(sasl_conn_t *conn,
void *context,
const char *requested_user, unsigned rlen,
const char *auth_identity, unsigned alen,
const char *def_realm,
unsigned urlen,
struct propctx *propctx)
{
int r;
pthread_mutex_lock(&proxy_policy_mutex);
r = mysasl_proxy_policy(conn, context, requested_user, rlen,
auth_identity, alen, def_realm, urlen, propctx);
pthread_mutex_unlock(&proxy_policy_mutex);
return r;
}
static struct sasl_callback mysasl_cb[] = {
{ SASL_CB_GETOPT, &mysasl_config, NULL },
{ SASL_CB_PROXY_POLICY, &mupdate_proxy_policy, NULL },
{ SASL_CB_LIST_END, NULL, NULL }
};
static int islocalip(const char *hostname)
{
struct hostent *hp;
struct in_addr *haddr, *iaddr;
struct ifconf ifc;
struct ifreq *ifr;
char buf[8192];
int sock, islocal = 0;
if ((hp = gethostbyname(hostname)) == NULL) {
fprintf(stderr, "unknown host: %s\n", hostname);
return 0;
}
haddr = (struct in_addr *) hp->h_addr;
if ((sock = socket(AF_INET, SOCK_STREAM, 0)) == -1) {
fprintf(stderr, "socket() failed\n");
return 0;
}
ifc.ifc_buf = buf;
ifc.ifc_len = sizeof(buf);
if (ioctl(sock, SIOCGIFCONF, &ifc) != 0) {
fprintf(stderr, "ioctl(SIOCGIFCONF) failed: %d\n", errno);
close(sock);
return 0;
}
for (ifr = ifc.ifc_req; ifr - ifc.ifc_req < ifc.ifc_len; ifr++) {
if (ioctl(sock, SIOCGIFADDR, ifr) != 0) continue;
if (ioctl(sock, SIOCGIFFLAGS, ifr) != 0) continue;
if (!(ifr->ifr_flags & IFF_UP) || (ifr->ifr_flags & IFF_LOOPBACK))
continue;
iaddr = &(((struct sockaddr_in *) &ifr->ifr_addr)->sin_addr);
if (!memcmp(haddr, iaddr, sizeof(struct in_addr))) {
islocal = 1;
break;
}
}
close(sock);
return islocal;
}
int service_init(int argc, char **argv,
char **envp __attribute__((unused)))
{
int i, r, workers_to_start;
int opt, autoselect = 0;
pthread_t t;
if (geteuid() == 0) fatal("must run as the Cyrus user", EC_USAGE);
workers_to_start = config_getint(IMAPOPT_MUPDATE_WORKERS_START);
if(config_getint(IMAPOPT_MUPDATE_WORKERS_MAX) < config_getint(IMAPOPT_MUPDATE_WORKERS_MINSPARE)) {
syslog(LOG_CRIT, "Maximum total worker threads is less than minimum spare worker threads");
return EC_SOFTWARE;
}
if(workers_to_start < config_getint(IMAPOPT_MUPDATE_WORKERS_MINSPARE)) {
syslog(LOG_CRIT, "Starting worker threads is less than minimum spare worker threads");
return EC_SOFTWARE;
}
if(config_getint(IMAPOPT_MUPDATE_WORKERS_MAXSPARE) < workers_to_start) {
syslog(LOG_CRIT, "Maximum spare worker threads is less than starting worker threads");
return EC_SOFTWARE;
}
if(config_getint(IMAPOPT_MUPDATE_WORKERS_MINSPARE) > workers_to_start) {
syslog(LOG_CRIT, "Minimum spare worker threads is greater than starting worker threads");
return EC_SOFTWARE;
}
if(config_getint(IMAPOPT_MUPDATE_WORKERS_MAX) < workers_to_start) {
syslog(LOG_CRIT, "Maximum total worker threads is less than starting worker threads");
return EC_SOFTWARE;
}
signals_set_shutdown(&shut_down);
signal(SIGPIPE, SIG_IGN);
global_sasl_init(1, 1, mysasl_cb);
while ((opt = getopt(argc, argv, "ma")) != EOF) {
switch (opt) {
case 'm':
masterp = 1;
break;
case 'a':
autoselect = 1;
break;
default:
break;
}
}
if (!masterp && autoselect) masterp = islocalip(config_mupdate_server);
if (masterp &&
config_mupdate_config == IMAP_ENUM_MUPDATE_CONFIG_UNIFIED) {
fatal("can not run mupdate master on a unified server", EC_USAGE);
}
if(pipe(conn_pipe) == -1) {
syslog(LOG_ERR, "could not setup connection signaling pipe %m");
return EC_OSERR;
}
database_init();
if (!masterp) {
r = pthread_create(&t, NULL, &mupdate_client_start, NULL);
if(r == 0) {
pthread_detach(t);
} else {
syslog(LOG_ERR, "could not start client thread");
return EC_SOFTWARE;
}
pthread_mutex_lock(&synced_mutex);
if(!synced)
pthread_cond_wait(&synced_cond, &synced_mutex);
pthread_mutex_unlock(&synced_mutex);
} else {
pthread_t t;
r = pthread_create(&t, NULL, &mupdate_placebo_kick_start, NULL);
if(r == 0) {
pthread_detach(t);
} else {
syslog(LOG_ERR, "could not start placebo kick thread");
return EC_SOFTWARE;
}
mupdate_ready();
}
for(i=0; i < workers_to_start; i++) {
r = pthread_create(&t, NULL, &thread_main, NULL);
if(r == 0) {
pthread_detach(t);
} else {
syslog(LOG_ERR, "could not start client thread");
return EC_SOFTWARE;
}
}
return 0;
}
void service_abort(int error)
{
shut_down(error);
}
void fatal(const char *s, int code)
{
static int recurse_code = 0;
if(recurse_code) exit(code);
else recurse_code = code;
syslog(LOG_ERR, "%s", s);
shut_down(code);
exit(code);
}
#define CHECKNEWLINE(c, ch) do { if ((ch) == '\r') (ch)=prot_getc((c)->pin); \
if ((ch) != '\n') goto extraargs; } while (0)
mupdate_docmd_result_t docmd(struct conn *c)
{
mupdate_docmd_result_t ret = DOCMD_OK;
int ch;
int was_blocking = prot_IS_BLOCKING(c->pin);
char *p;
goto cmd;
nextcmd:
prot_NONBLOCK(c->pin);
ch = prot_getc(c->pin);
if (ch == EOF && errno == EAGAIN) {
goto done;
} else if (ch == EOF) {
goto lost_conn;
} else {
prot_ungetc(ch, c->pin);
}
prot_BLOCK(c->pin);
cmd:
ch = getword(c->pin, &(c->tag));
if (ch == EOF) goto lost_conn;
if (c->streaming) {
sendupdates(c, 0);
}
if (ch != ' ') {
prot_printf(c->pout, "* BAD \"Need command\"\r\n");
eatline(c->pin, ch);
goto nextcmd;
}
ch = getword(c->pin, &(c->cmd));
if(ch == EOF) {
goto lost_conn;
} else if (!c->cmd.s[0]) {
prot_printf(c->pout, "%s BAD \"Null command\"\r\n", c->tag.s);
eatline(c->pin, ch);
goto nextcmd;
}
if (islower((unsigned char) c->cmd.s[0])) {
c->cmd.s[0] = toupper((unsigned char) c->cmd.s[0]);
}
for (p = &(c->cmd.s[1]); *p; p++) {
if (isupper((unsigned char) *p)) *p = tolower((unsigned char) *p);
}
switch (c->cmd.s[0]) {
case 'A':
if (!strcmp(c->cmd.s, "Authenticate")) {
int opt = 0;
if (ch != ' ') goto missingargs;
ch = getstring(c->pin, c->pout, &(c->arg1));
if (ch == ' ') {
ch = getstring(c->pin, c->pout, &(c->arg2));
opt = 1;
}
CHECKNEWLINE(c, ch);
if (c->userid) {
prot_printf(c->pout,
"%s BAD \"already authenticated\"\r\n",
c->tag.s);
goto nextcmd;
}
cmd_authenticate(c, c->tag.s, c->arg1.s,
opt ? c->arg2.s : NULL);
}
else if (!c->userid) goto nologin;
else if (!strcmp(c->cmd.s, "Activate")) {
if (ch != ' ') goto missingargs;
ch = getstring(c->pin, c->pout, &(c->arg1));
if (ch != ' ') goto missingargs;
ch = getstring(c->pin, c->pout, &(c->arg2));
if (ch != ' ') goto missingargs;
ch = getstring(c->pin, c->pout, &(c->arg3));
CHECKNEWLINE(c, ch);
if (c->streaming) goto notwhenstreaming;
if (!masterp) goto masteronly;
cmd_set(c, c->tag.s, c->arg1.s, c->arg2.s,
c->arg3.s, SET_ACTIVE);
}
else goto badcmd;
break;
case 'D':
if (!c->userid) goto nologin;
else if (!strcmp(c->cmd.s, "Deactivate")) {
if (ch != ' ') goto missingargs;
ch = getstring(c->pin, c->pout, &(c->arg1));
if (ch != ' ') goto missingargs;
ch = getstring(c->pin, c->pout, &(c->arg2));
CHECKNEWLINE(c, ch);
if (c->streaming) goto notwhenstreaming;
if (!masterp) goto masteronly;
cmd_set(c, c->tag.s, c->arg1.s, c->arg2.s,
NULL, SET_DEACTIVATE);
}
else if (!strcmp(c->cmd.s, "Delete")) {
if (ch != ' ') goto missingargs;
ch = getstring(c->pin, c->pout, &(c->arg1));
CHECKNEWLINE(c, ch);
if (c->streaming) goto notwhenstreaming;
if (!masterp) goto masteronly;
cmd_set(c, c->tag.s, c->arg1.s, NULL, NULL, SET_DELETE);
}
else goto badcmd;
break;
case 'F':
if (!c->userid) goto nologin;
else if (!strcmp(c->cmd.s, "Find")) {
if (ch != ' ') goto missingargs;
ch = getstring(c->pin, c->pout, &(c->arg1));
CHECKNEWLINE(c, ch);
if (c->streaming) goto notwhenstreaming;
cmd_find(c, c->tag.s, c->arg1.s, 1, 0);
}
else goto badcmd;
break;
case 'L':
if (!strcmp(c->cmd.s, "Logout")) {
CHECKNEWLINE(c, ch);
prot_printf(c->pout, "%s OK \"bye-bye\"\r\n", c->tag.s);
ret = DOCMD_CONN_FINISHED;
goto done;
}
else if (!c->userid) goto nologin;
else if (!strcmp(c->cmd.s, "List")) {
int opt = 0;
if (ch == ' ') {
ch = getstring(c->pin, c->pout, &(c->arg1));
opt = 1;
}
CHECKNEWLINE(c, ch);
if (c->streaming) goto notwhenstreaming;
cmd_list(c, c->tag.s, opt ? c->arg1.s : NULL);
prot_printf(c->pout, "%s OK \"list complete\"\r\n", c->tag.s);
}
else goto badcmd;
break;
case 'N':
if (!c->userid) goto nologin;
else if (!strcmp(c->cmd.s, "Noop")) {
CHECKNEWLINE(c, ch);
if (c->streaming) {
kick_mupdate();
sendupdates(c, 0);
}
prot_printf(c->pout, "%s OK \"Noop done\"\r\n", c->tag.s);
}
else goto badcmd;
break;
case 'R':
if (!c->userid) goto nologin;
else if (!strcmp(c->cmd.s, "Reserve")) {
if (ch != ' ') goto missingargs;
ch = getstring(c->pin, c->pout, &(c->arg1));
if (ch != ' ') goto missingargs;
ch = getstring(c->pin, c->pout, &(c->arg2));
CHECKNEWLINE(c, ch);
if (c->streaming) goto notwhenstreaming;
if (!masterp) goto masteronly;
cmd_set(c, c->tag.s, c->arg1.s, c->arg2.s, NULL, SET_RESERVE);
}
else goto badcmd;
break;
case 'S':
if (!strcmp(c->cmd.s, "Starttls")) {
CHECKNEWLINE(c, ch);
if (!tls_enabled()) {
goto badcmd;
}
if (c->userid) {
prot_printf(c->pout,
"%s BAD Can't Starttls after authentication\r\n",
c->tag.s);
goto nextcmd;
}
if (c->tlsconn) {
prot_printf(c->pout,
"%s BAD Already did a successful Starttls\r\n",
c->tag.s);
goto nextcmd;
}
cmd_starttls(c, c->tag.s);
}
else goto badcmd;
break;
case 'U':
if (!c->userid) goto nologin;
else if (!strcmp(c->cmd.s, "Update")) {
struct stringlist *arg = NULL;
int counter = 30;
while(ch == ' ') {
ch = getstring(c->pin, c->pout, &(c->arg1));
if(c->arg1.s[0] == '\0') {
stringlist_free(&arg);
goto badargs;
}
if(counter-- == 0) {
stringlist_free(&arg);
goto extraargs;
}
stringlist_add(&arg,c->arg1.s);
}
CHECKNEWLINE(c, ch);
if (c->streaming) goto notwhenstreaming;
cmd_startupdate(c, c->tag.s, arg);
}
else goto badcmd;
break;
default:
badcmd:
prot_printf(c->pout, "%s BAD \"Unrecognized command\"\r\n",
c->tag.s);
eatline(c->pin, ch);
break;
extraargs:
prot_printf(c->pout, "%s BAD \"Extra arguments\"\r\n",
c->tag.s);
eatline(c->pin, ch);
break;
badargs:
prot_printf(c->pout, "%s BAD \"Badly formed arguments\"\r\n",
c->tag.s);
eatline(c->pin, ch);
break;
missingargs:
prot_printf(c->pout, "%s BAD \"Missing arguments\"\r\n",
c->tag.s);
eatline(c->pin, ch);
break;
notwhenstreaming:
prot_printf(c->pout, "%s BAD \"not legal when streaming\"\r\n",
c->tag.s);
break;
masteronly:
prot_printf(c->pout,
"%s BAD \"read-only session\"\r\n",
c->tag.s);
break;
nologin:
prot_printf(c->pout, "%s BAD Please login first\r\n", c->tag.s);
eatline(c->pin, ch);
break;
}
goto nextcmd;
lost_conn:
{
const char *err;
if ((err = prot_error(c->pin)) != NULL
&& strcmp(err, PROT_EOF_STRING)) {
syslog(LOG_WARNING, "%s, closing connection", err);
prot_printf(c->pout, "* BYE \"%s\"\r\n", err);
}
ret = DOCMD_CONN_FINISHED;
}
done:
if(was_blocking)
prot_BLOCK(c->pin);
else
prot_NONBLOCK(c->pin);
prot_flush(c->pout);
return ret;
}
int service_main_fd(int fd,
int argc __attribute__((unused)),
char **argv __attribute__((unused)),
char **envp __attribute__((unused)))
{
int flag;
pthread_mutex_lock(&connection_count_mutex);
flag =
(connection_count >= config_getint(IMAPOPT_MUPDATE_CONNECTIONS_MAX));
pthread_mutex_unlock(&connection_count_mutex);
if (flag) {
nonblock(fd, 1);
write(fd,SERVER_UNABLE_STRING,sizeof(SERVER_UNABLE_STRING));
close(fd);
syslog(LOG_ERR,
"Server too busy, dropping connection.");
} else if(write(conn_pipe[1], &fd, sizeof(fd)) == -1) {
syslog(LOG_CRIT,
"write to conn_pipe to signal new connection failed: %m");
return EC_TEMPFAIL;
}
return 0;
}
static void dobanner(struct conn *c)
{
char slavebuf[4096];
const char *mechs;
unsigned int mechcount;
int ret;
#ifdef APPLE_OS_X_SERVER
if ( config_getswitch( IMAPOPT_APPLE_AUTH ) == 0 )
{
#endif
ret = sasl_listmech(c->saslconn, NULL,
"* AUTH \"", "\" \"", "\"",
&mechs, NULL, &mechcount);
if(!masterp) {
if(!config_mupdate_server)
fatal("mupdate server was not specified for slave",
EC_TEMPFAIL);
snprintf(slavebuf, sizeof(slavebuf), "mupdate://%s",
config_mupdate_server);
}
prot_printf(c->pout, "%s\r\n",
(ret == SASL_OK && mechcount > 0) ? mechs : "* AUTH");
#ifdef APPLE_OS_X_SERVER
}
else
{
prot_printf(c->pout, "* AUTH \"PLAIN\" \"LOGIN\" \"CRAM-MD5\"\r\n");
}
#endif
if (tls_enabled() && !c->tlsconn) {
prot_printf(c->pout, "* STARTTLS\r\n");
}
prot_printf(c->pout, "* PARTIAL-UPDATE\r\n");
prot_printf(c->pout,
"* OK MUPDATE \"%s\" \"Cyrus Murder\" \"%s\" \"%s\"\r\n",
config_servername,
CYRUS_VERSION, masterp ? "(master)" : slavebuf);
prot_flush(c->pout);
}
static void *thread_main(void *rock __attribute__((unused)))
{
struct conn *C;
struct conn *currConn = NULL;
struct protgroup *protin = protgroup_new(PROTGROUP_SIZE_DEFAULT);
struct protgroup *protout = NULL;
struct timeval now;
struct timespec timeout;
int need_workers, too_many;
int max_worker_flag;
int do_a_command;
int send_a_banner;
int connflag;
int new_fd;
int ret = 0;
pthread_mutex_lock(&worker_count_mutex);
worker_count++;
syslog(LOG_DEBUG,
"New worker thread started, for a total of %d", worker_count);
pthread_mutex_unlock(&worker_count_mutex);
while(1) {
send_a_banner = do_a_command = 0;
pthread_mutex_lock(&idle_worker_mutex);
max_worker_flag = (idle_worker_count >=
config_getint(IMAPOPT_MUPDATE_WORKERS_MAXSPARE));
if(!max_worker_flag) idle_worker_count++;
pthread_mutex_unlock(&idle_worker_mutex);
if(max_worker_flag) goto worker_thread_done;
retry_lock:
pthread_mutex_lock(&listener_mutex);
ret = 0;
while(listener_lock && ret != ETIMEDOUT) {
gettimeofday(&now, NULL);
timeout.tv_sec = now.tv_sec + 60;
timeout.tv_nsec = now.tv_usec * 1000;
ret = pthread_cond_timedwait(&listener_cond,
&listener_mutex,
&timeout);
}
if(!ret) {
listener_lock = 1;
}
pthread_mutex_unlock(&listener_mutex);
if(ret == ETIMEDOUT) {
pthread_mutex_lock(&idle_worker_mutex);
if(idle_worker_count <= config_getint(IMAPOPT_MUPDATE_WORKERS_MINSPARE)) {
pthread_mutex_unlock(&idle_worker_mutex);
goto retry_lock;
} else {
idle_worker_count--;
pthread_mutex_unlock(&idle_worker_mutex);
syslog(LOG_DEBUG,
"Thread timed out waiting for listener_lock");
goto worker_thread_done;
}
}
signals_poll();
pthread_mutex_lock(&ready_for_connections_mutex);
while(!ready_for_connections) {
pthread_cond_wait(&ready_for_connections_cond,
&ready_for_connections_mutex);
}
pthread_mutex_unlock(&ready_for_connections_mutex);
connflag = 0;
protgroup_reset(protin);
protgroup_free(protout);
protout = NULL;
pthread_mutex_lock(&idle_connlist_mutex);
for(C=idle_connlist; C; C=C->next_idle) {
assert(C->idle);
protgroup_insert(protin, C->pin);
}
pthread_mutex_unlock(&idle_connlist_mutex);
if(prot_select(protin, conn_pipe[0],
&protout, &connflag, NULL) == -1) {
syslog(LOG_ERR, "prot_select() failed in thread_main: %m");
fatal("prot_select() failed in thread_main", EC_TEMPFAIL);
}
pthread_mutex_lock(&worker_count_mutex);
pthread_mutex_lock(&idle_worker_mutex);
idle_worker_count--;
need_workers = config_getint(IMAPOPT_MUPDATE_WORKERS_MINSPARE)
- idle_worker_count;
if(need_workers > 0) {
too_many = (need_workers + worker_count) -
config_getint(IMAPOPT_MUPDATE_WORKERS_MAX);
if (too_many > 0) need_workers -= too_many;
}
while(need_workers > 0) {
pthread_t t;
int r = pthread_create(&t, NULL, &thread_main, NULL);
if(r == 0) {
pthread_detach(t);
} else {
syslog(LOG_ERR,
"could not start a new worker thread (not fatal)");
}
need_workers--;
}
pthread_mutex_unlock(&idle_worker_mutex);
pthread_mutex_unlock(&worker_count_mutex);
pthread_mutex_lock(&ready_for_connections_mutex);
if(!ready_for_connections) {
pthread_mutex_unlock(&ready_for_connections_mutex);
pthread_mutex_lock(&idle_connlist_mutex);
for(C=idle_connlist; C; C=C->next_idle) {
prot_printf(C->pout,
"* BYE \"no longer ready for connections\"\r\n");
C->idle = 0;
conn_free(C);
}
idle_connlist = NULL;
pthread_mutex_unlock(&idle_connlist_mutex);
goto nextlistener;
}
pthread_mutex_unlock(&ready_for_connections_mutex);
if(connflag) {
if(read(conn_pipe[0], &new_fd, sizeof(new_fd)) == -1) {
syslog(LOG_CRIT,
"read from conn_pipe for new connection failed: %m");
fatal("conn_pipe read failed", EC_TEMPFAIL);
}
} else {
new_fd = NO_NEW_CONNECTION;
}
if(new_fd != NO_NEW_CONNECTION) {
currConn = conn_new(new_fd);
if(currConn)
send_a_banner = 1;
} else if(protout) {
struct protstream *ptmp;
struct conn **prev;
pthread_mutex_lock(&idle_connlist_mutex);
prev = &(idle_connlist);
ptmp = protgroup_getelement(protout, 0);
assert(ptmp);
currConn = ptmp->userdata;
assert(currConn);
currConn->idle = 0;
for(C=idle_connlist; C; prev = &(C->next_idle), C=C->next_idle) {
if(C == currConn) {
*prev = C->next_idle;
C->next_idle = NULL;
break;
}
}
pthread_mutex_unlock(&idle_connlist_mutex);
do_a_command = 1;
}
nextlistener:
pthread_mutex_lock(&listener_mutex);
assert(listener_lock);
listener_lock = 0;
pthread_cond_signal(&listener_cond);
pthread_mutex_unlock(&listener_mutex);
if(send_a_banner) {
dobanner(currConn);
} else if(do_a_command) {
assert(currConn);
if(docmd(currConn) == DOCMD_CONN_FINISHED) {
conn_free(currConn);
continue;
}
pthread_mutex_lock(&ready_for_connections_mutex);
if(!ready_for_connections) {
pthread_mutex_unlock(&ready_for_connections_mutex);
prot_printf(C->pout,
"* BYE \"no longer ready for connections\"\r\n");
conn_free(currConn);
continue;
}
pthread_mutex_unlock(&ready_for_connections_mutex);
}
if(send_a_banner || do_a_command) {
pthread_mutex_lock(&idle_connlist_mutex);
currConn->idle = 1;
currConn->next_idle = idle_connlist;
idle_connlist = currConn;
pthread_mutex_unlock(&idle_connlist_mutex);
if(write(conn_pipe[1], &NO_NEW_CONNECTION,
sizeof(NO_NEW_CONNECTION)) == -1) {
fatal("write to conn_pipe to signal docmd done failed",
EC_TEMPFAIL);
}
}
}
worker_thread_done:
pthread_mutex_lock(&worker_count_mutex);
worker_count--;
pthread_mutex_lock(&idle_worker_mutex);
syslog(LOG_DEBUG,
"Worker thread finished, for a total of %d (%d spare)",
worker_count, idle_worker_count);
pthread_mutex_unlock(&idle_worker_mutex);
pthread_mutex_unlock(&worker_count_mutex);
protgroup_free(protin);
protgroup_free(protout);
return NULL;
}
void database_init()
{
pthread_mutex_lock(&mailboxes_mutex);
mboxlist_init(0);
mboxlist_open(NULL);
pthread_mutex_unlock(&mailboxes_mutex);
}
void database_log(const struct mbent *mb, struct txn **mytid)
{
switch (mb->t) {
case SET_ACTIVE:
mboxlist_insertremote(mb->mailbox, 0, mb->server, mb->acl, mytid);
break;
case SET_RESERVE:
mboxlist_insertremote(mb->mailbox, MBTYPE_RESERVE, mb->server,
"", mytid);
break;
case SET_DELETE:
mboxlist_deleteremote(mb->mailbox, mytid);
break;
case SET_DEACTIVATE:
abort();
}
}
struct mbent *database_lookup(const char *name, struct mpool *pool)
{
char *part, *acl;
int type;
struct mbent *out;
if(!name) return NULL;
if(mboxlist_detail(name, &type, NULL, NULL, &part, &acl, NULL))
return NULL;
if(type & MBTYPE_RESERVE) {
if(!pool) out = xmalloc(sizeof(struct mbent) + 1);
else out = mpool_malloc(pool, sizeof(struct mbent) + 1);
out->t = SET_RESERVE;
out->acl[0] = '\0';
} else {
if(!pool) out = xmalloc(sizeof(struct mbent) + strlen(acl));
else out = mpool_malloc(pool, sizeof(struct mbent) + strlen(acl));
out->t = SET_ACTIVE;
strcpy(out->acl, acl);
}
out->mailbox = (pool) ? mpool_strdup(pool, name) : xstrdup(name);
out->server = (pool) ? mpool_strdup(pool, part) : xstrdup(part);
return out;
}
void cmd_authenticate(struct conn *C,
const char *tag, const char *mech,
const char *clientstart)
{
int r, sasl_result;
#ifdef APPLE_OS_X_SERVER
struct od_user_opts user_opts;
if ( (config_getswitch( IMAPOPT_APPLE_AUTH ) == 0) ||
(strcasecmp( mech, "GSSAPI" ) == 0) )
{
syslog( LOG_ERR, "mupdate: GSSAPI not supported" );
}
else
{
memset( &user_opts, 0, sizeof( user_opts ) );
r = odDoAuthenticate( mech, clientstart, "+ ", kXMLIMAP_Principal, C->pin, C->pout, &user_opts );
if ( r )
{
switch ( r )
{
case eAODAuthCanceled:
prot_printf(C->pout, "%s NO Client canceled authentication\r\n", tag );
break;
case eAODProtocolError:
prot_printf( C->pout, "%s NO Error reading client response\r\n", tag );
break;
default:
syslog(LOG_ERR, "badlogin: %s %s %s", C->clienthost,
mech, sasl_errdetail(C->saslconn));
prot_printf(C->pout, "%s NO \"%s\"\r\n", tag,
sasl_errstring((r == SASL_NOUSER ? SASL_BADAUTH : r),
NULL, NULL));
}
reset_saslconn(C);
return;
}
if ( user_opts.fRecNamePtr != NULL )
{
C->userid = malloc( strlen( user_opts.fRecNamePtr ) + 1 );
strcpy( C->userid, user_opts.fRecNamePtr );
}
}
#else
r = saslserver(C->saslconn, mech, clientstart, "", "", "",
C->pin, C->pout, &sasl_result, NULL);
if (r) {
const char *errorstring = NULL;
switch (r) {
case IMAP_SASL_CANCEL:
prot_printf(C->pout,
"%s NO Client canceled authentication\r\n", tag);
break;
case IMAP_SASL_PROTERR:
errorstring = prot_error(C->pin);
prot_printf(C->pout,
"%s NO Error reading client response: %s\r\n",
tag, errorstring ? errorstring : "");
break;
default:
sleep(3);
syslog(LOG_ERR, "badlogin: %s %s %s",
C->clienthost,
mech, sasl_errdetail(C->saslconn));
prot_printf(C->pout, "%s NO \"%s\"\r\n", tag,
sasl_errstring((r == SASL_NOUSER ? SASL_BADAUTH : r),
NULL, NULL));
}
reset_saslconn(C);
return;
}
r = sasl_getprop(C->saslconn, SASL_USERNAME, (const void **)&C->userid);
if(r != SASL_OK) {
prot_printf(C->pout, "%s NO \"SASL Error\"\r\n", tag);
reset_saslconn(C);
return;
}
#endif
syslog(LOG_NOTICE, "login: %s %s %s%s %s", C->clienthost, C->userid,
mech, C->tlsconn ? "+TLS" : "", "User logged in");
prot_printf(C->pout, "%s OK \"Authenticated\"\r\n", tag);
prot_setsasl(C->pin, C->saslconn);
prot_setsasl(C->pout, C->saslconn);
C->logfd = telemetry_log(C->userid, C->pin, C->pout, 1);
return;
}
void log_update(const char *mailbox,
const char *oldserver,
const char *thisserver)
{
struct conn *upc;
for (upc = updatelist; upc != NULL; upc = upc->updatelist_next) {
struct pending *p = (struct pending *) xmalloc(sizeof(struct pending));
strlcpy(p->mailbox, mailbox, sizeof(p->mailbox));
if(upc->streaming_hosts
&& (!oldserver || !stringlist_contains(upc->streaming_hosts,
oldserver))
&& (!thisserver || !stringlist_contains(upc->streaming_hosts,
thisserver))) {
continue;
}
pthread_mutex_lock(&upc->m);
p->next = upc->plist;
upc->plist = p;
pthread_cond_signal(&upc->cond);
pthread_mutex_unlock(&upc->m);
}
}
void cmd_set(struct conn *C,
const char *tag, const char *mailbox,
const char *server, const char *acl, enum settype t)
{
struct mbent *m;
char *oldserver = NULL;
char *thisserver = NULL;
char *tmp;
enum {
EXISTS, NOTACTIVE, DOESNTEXIST, ISOK, NOOUTPUT
} msg = NOOUTPUT;
syslog(LOG_DEBUG, "cmd_set(fd:%d, %s)", C->fd, mailbox);
pthread_mutex_lock(&mailboxes_mutex);
m = database_lookup(mailbox, NULL);
if (m && t == SET_RESERVE) {
if (config_mupdate_config == IMAP_ENUM_MUPDATE_CONFIG_STANDARD) {
msg = EXISTS;
goto done;
}
}
if ((!m || m->t != SET_ACTIVE) && t == SET_DEACTIVATE) {
msg = NOTACTIVE;
goto done;
} else if (t == SET_DEACTIVATE) {
t = SET_RESERVE;
}
if (t == SET_DELETE) {
if (!m) {
if (config_mupdate_config == IMAP_ENUM_MUPDATE_CONFIG_STANDARD) {
msg = DOESNTEXIST;
goto done;
}
} else {
oldserver = xstrdup(m->server);
m->t = SET_DELETE;
}
} else {
if(m)
oldserver = m->server;
if (m && (!acl || strlen(acl) < strlen(m->acl))) {
m->server = xstrdup(server);
if (acl) strcpy(m->acl, acl);
else m->acl[0] = '\0';
m->t = t;
} else {
struct mbent *newm;
if (acl) {
newm = xrealloc(m, sizeof(struct mbent) + strlen(acl));
} else {
newm = xrealloc(m, sizeof(struct mbent) + 1);
}
newm->mailbox = xstrdup(mailbox);
newm->server = xstrdup(server);
if (acl) {
strcpy(newm->acl, acl);
} else {
newm->acl[0] = '\0';
}
newm->t = t;
m = newm;
}
}
if (m) database_log(m, NULL);
if(oldserver) {
tmp = strchr(oldserver, '!');
if(tmp) *tmp = '\0';
}
if(server) {
thisserver = xstrdup(server);
tmp = strchr(thisserver, '!');
if(tmp) *tmp = '\0';
}
log_update(mailbox, oldserver, thisserver);
msg = ISOK;
done:
if(thisserver) free(thisserver);
if(oldserver) free(oldserver);
free_mbent(m);
pthread_mutex_unlock(&mailboxes_mutex);
switch(msg) {
case EXISTS:
prot_printf(C->pout, "%s NO \"mailbox already exists\"\r\n", tag);
break;
case NOTACTIVE:
prot_printf(C->pout, "%s NO \"mailbox not currently active\"\r\n",
tag);
break;
case DOESNTEXIST:
prot_printf(C->pout, "%s NO \"mailbox doesn't exist\"\r\n", tag);
break;
case ISOK:
prot_printf(C->pout, "%s OK \"done\"\r\n", tag);
break;
default:
break;
}
}
void cmd_find(struct conn *C, const char *tag, const char *mailbox,
int send_ok, int send_delete)
{
struct mbent *m;
syslog(LOG_DEBUG, "cmd_find(fd:%d, %s)", C->fd, mailbox);
pthread_mutex_lock(&mailboxes_mutex);
m = database_lookup(mailbox, NULL);
pthread_mutex_unlock(&mailboxes_mutex);
if (m && m->t == SET_ACTIVE) {
prot_printf(C->pout, "%s MAILBOX {%d+}\r\n%s {%d+}\r\n%s {%d+}\r\n%s\r\n",
tag,
strlen(m->mailbox), m->mailbox,
strlen(m->server), m->server,
strlen(m->acl), m->acl);
} else if (m && m->t == SET_RESERVE) {
prot_printf(C->pout, "%s RESERVE {%d+}\r\n%s {%d+}\r\n%s\r\n",
tag,
strlen(m->mailbox), m->mailbox,
strlen(m->server), m->server);
} else if (send_delete) {
prot_printf(C->pout, "%s DELETE {%d+}\r\n%s\r\n",
tag, strlen(mailbox), mailbox);
}
free_mbent(m);
if (send_ok) {
prot_printf(C->pout, "%s OK \"Search completed\"\r\n", tag);
}
}
static int sendupdate(char *name,
int matchlen __attribute__((unused)),
int maycreate __attribute__((unused)),
void *rock)
{
struct conn *C = (struct conn *)rock;
struct mbent *m;
char *server = NULL;
if(!C) return -1;
m = database_lookup(name, NULL);
if(!m) return -1;
if(!C->list_prefix ||
!strncmp(m->server, C->list_prefix, C->list_prefix_len)) {
char *tmp;
if(C->streaming_hosts) {
server = xstrdup(m->server);
tmp = strchr(server, '!');
if(tmp) *tmp = '\0';
}
if(!C->streaming_hosts ||
stringlist_contains(C->streaming_hosts, server)) {
switch (m->t) {
case SET_ACTIVE:
prot_printf(C->pout,
"%s MAILBOX {%d+}\r\n%s {%d+}\r\n%s {%d+}\r\n%s\r\n",
C->streaming,
strlen(m->mailbox), m->mailbox,
strlen(m->server), m->server,
strlen(m->acl), m->acl);
break;
case SET_RESERVE:
prot_printf(C->pout, "%s RESERVE {%d+}\r\n%s {%d+}\r\n%s\r\n",
C->streaming,
strlen(m->mailbox), m->mailbox,
strlen(m->server), m->server);
break;
case SET_DELETE:
case SET_DEACTIVATE:
abort();
}
}
}
if(server) free(server);
free_mbent(m);
return 0;
}
void cmd_list(struct conn *C, const char *tag, const char *host_prefix)
{
char pattern[2] = {'*','\0'};
prot_NONBLOCK(C->pout);
pthread_mutex_lock(&mailboxes_mutex);
C->streaming = tag;
C->list_prefix = host_prefix;
if(C->list_prefix) C->list_prefix_len = strlen(C->list_prefix);
else C->list_prefix_len = 0;
mboxlist_findall(NULL, pattern, 1, NULL,
NULL, sendupdate, (void*)C);
C->streaming = NULL;
C->list_prefix = NULL;
C->list_prefix_len = 0;
pthread_mutex_unlock(&mailboxes_mutex);
prot_BLOCK(C->pout);
prot_flush(C->pout);
}
struct prot_waitevent *sendupdates_evt(struct protstream *s __attribute__((unused)),
struct prot_waitevent *ev,
void *rock)
{
struct conn *C = (struct conn *) rock;
sendupdates(C, 1);
return ev;
}
void cmd_startupdate(struct conn *C, const char *tag,
struct stringlist *partial)
{
char pattern[2] = {'*','\0'};
pthread_cond_init(&C->cond, NULL);
prot_NONBLOCK(C->pout);
pthread_mutex_lock(&mailboxes_mutex);
C->updatelist_next = updatelist;
updatelist = C;
C->streaming = xstrdup(tag);
C->streaming_hosts = partial;
mboxlist_findall(NULL, pattern, 1, NULL,
NULL, sendupdate, (void*)C);
pthread_mutex_unlock(&mailboxes_mutex);
prot_printf(C->pout, "%s OK \"streaming starts\"\r\n", tag);
prot_BLOCK(C->pout);
prot_flush(C->pout);
C->ev = prot_addwaitevent(C->pin, time(NULL) + update_wait,
sendupdates_evt, C);
}
void sendupdates(struct conn *C, int flushnow)
{
struct pending *p, *q;
pthread_mutex_lock(&C->m);
p = C->plist;
C->plist = NULL;
pthread_mutex_unlock(&C->m);
while (p != NULL) {
q = p;
p = p->next;
cmd_find(C, C->streaming, q->mailbox, 0, 1);
free(q);
}
C->ev->mark = time(NULL) + update_wait;
if (flushnow) {
prot_flush(C->pout);
}
}
#ifdef HAVE_SSL
void cmd_starttls(struct conn *C, const char *tag)
{
int result;
int *layerp;
char *auth_id;
sasl_ssf_t ssf;
layerp = (int *) &ssf;
result=tls_init_serverengine("mupdate",
5,
1,
1);
if (result == -1) {
syslog(LOG_ERR, "error initializing TLS");
prot_printf(C->pout, "%s NO Error initializing TLS\r\n", tag);
return;
}
prot_printf(C->pout, "%s OK Begin TLS negotiation now\r\n", tag);
prot_flush(C->pout);
result=tls_start_servertls(C->pin->fd,
C->pout->fd,
layerp,
&auth_id,
&C->tlsconn);
if (result==-1) {
prot_printf(C->pout, "%s NO Starttls negotiation failed\r\n",
tag);
syslog(LOG_NOTICE, "STARTTLS negotiation failed: %s",
C->clienthost);
return;
}
result = sasl_setprop(C->saslconn, SASL_SSF_EXTERNAL, &ssf);
if (result != SASL_OK) {
fatal("sasl_setprop() failed: cmd_starttls()", EC_TEMPFAIL);
}
C->saslprops.ssf = ssf;
result = sasl_setprop(C->saslconn, SASL_AUTH_EXTERNAL, auth_id);
if (result != SASL_OK) {
fatal("sasl_setprop() failed: cmd_starttls()", EC_TEMPFAIL);
}
if(C->saslprops.authid) {
free(C->saslprops.authid);
C->saslprops.authid = NULL;
}
if(auth_id)
C->saslprops.authid = xstrdup(auth_id);
prot_settls(C->pin, C->tlsconn);
prot_settls(C->pout, C->tlsconn);
dobanner(C);
}
#else
void cmd_starttls(struct conn *C, const char *tag)
{
fatal("cmd_starttls() executed, but starttls isn't implemented!",
EC_SOFTWARE);
}
#endif
void shut_down(int code) __attribute__((noreturn));
void shut_down(int code)
{
cyrus_done();
exit(code);
}
static int reset_saslconn(struct conn *c)
{
int ret, secflags;
sasl_security_properties_t *secprops = NULL;
sasl_dispose(&c->saslconn);
ret = sasl_server_new("mupdate", config_servername,
NULL, NULL, NULL,
NULL, 0, &c->saslconn);
if(ret != SASL_OK) return ret;
if(c->saslprops.ipremoteport)
ret = sasl_setprop(c->saslconn, SASL_IPREMOTEPORT,
c->saslprops.ipremoteport);
if(ret != SASL_OK) return ret;
if(c->saslprops.iplocalport)
ret = sasl_setprop(c->saslconn, SASL_IPLOCALPORT,
c->saslprops.iplocalport);
if(ret != SASL_OK) return ret;
secflags = SASL_SEC_NOANONYMOUS;
if (!config_getswitch(IMAPOPT_ALLOWPLAINTEXT)) {
secflags |= SASL_SEC_NOPLAINTEXT;
}
secprops = mysasl_secprops(secflags);
ret = sasl_setprop(c->saslconn, SASL_SEC_PROPS, secprops);
if(ret != SASL_OK) return ret;
if(c->saslprops.ssf) {
ret = sasl_setprop(c->saslconn, SASL_SSF_EXTERNAL, &c->saslprops.ssf);
}
if(ret != SASL_OK) return ret;
if(c->saslprops.authid) {
ret = sasl_setprop(c->saslconn, SASL_AUTH_EXTERNAL, c->saslprops.authid);
if(ret != SASL_OK) return ret;
}
return SASL_OK;
}
int cmd_change(struct mupdate_mailboxdata *mdata,
const char *rock, void *context __attribute__((unused)))
{
struct mbent *m = NULL;
char *oldserver = NULL;
char *thisserver = NULL;
char *tmp;
enum settype t = -1;
int ret = 0;
if(!mdata || !rock || !mdata->mailbox) return 1;
pthread_mutex_lock(&mailboxes_mutex);
if(!strncmp(rock, "DELETE", 6)) {
m = database_lookup(mdata->mailbox, NULL);
if(!m) {
syslog(LOG_DEBUG, "attempt to delete unknown mailbox %s",
mdata->mailbox);
goto done;
}
m->t = t = SET_DELETE;
oldserver = xstrdup(m->server);
} else {
m = database_lookup(mdata->mailbox, NULL);
if(m)
oldserver = m->server;
if (m && (!mdata->acl || strlen(mdata->acl) < strlen(m->acl))) {
m->server = xstrdup(mdata->server);
if (mdata->acl) strcpy(m->acl, mdata->acl);
else m->acl[0] = '\0';
if(!strncmp(rock, "MAILBOX", 6)) {
m->t = t = SET_ACTIVE;
} else if(!strncmp(rock, "RESERVE", 7)) {
m->t = t = SET_RESERVE;
} else {
syslog(LOG_DEBUG,
"bad mupdate command in cmd_change: %s", rock);
ret = 1;
goto done;
}
} else {
struct mbent *newm;
if(m) {
free(m->mailbox);
}
if (mdata->acl) {
newm = xrealloc(m, sizeof(struct mbent) + strlen(mdata->acl));
} else {
newm = xrealloc(m, sizeof(struct mbent) + 1);
}
newm->mailbox = xstrdup(mdata->mailbox);
newm->server = xstrdup(mdata->server);
if (mdata->acl) {
strcpy(newm->acl, mdata->acl);
} else {
newm->acl[0] = '\0';
}
if(!strncmp(rock, "MAILBOX", 6)) {
newm->t = t = SET_ACTIVE;
} else if(!strncmp(rock, "RESERVE", 7)) {
newm->t = t = SET_RESERVE;
} else {
syslog(LOG_DEBUG,
"bad mupdate command in cmd_change: %s", rock);
ret = 1;
goto done;
}
m = newm;
}
}
database_log(m, NULL);
if(oldserver) {
tmp = strchr(oldserver, '!');
if(tmp) *tmp = '\0';
}
if(mdata->server) {
thisserver = xstrdup(mdata->server);
tmp = strchr(thisserver, '!');
if(tmp) *tmp = '\0';
}
log_update(mdata->mailbox, oldserver, thisserver);
done:
if(oldserver) free(oldserver);
if(thisserver) free(thisserver);
free_mbent(m);
pthread_mutex_unlock(&mailboxes_mutex);
return ret;
}
struct sync_rock
{
struct mpool *pool;
struct mbent_queue *boxes;
};
int cmd_resync(struct mupdate_mailboxdata *mdata,
const char *rock, void *context)
{
struct sync_rock *r = (struct sync_rock *)context;
struct mbent_queue *remote_boxes = r->boxes;
struct mbent *newm = NULL;
if(!mdata || !rock || !mdata->mailbox || !remote_boxes) return 1;
if (mdata->acl) {
newm = mpool_malloc(r->pool,sizeof(struct mbent) + strlen(mdata->acl));
} else {
newm = mpool_malloc(r->pool,sizeof(struct mbent) + 1);
}
newm->mailbox = mpool_strdup(r->pool, mdata->mailbox);
newm->server = mpool_strdup(r->pool, mdata->server);
if (mdata->acl) {
strcpy(newm->acl, mdata->acl);
} else {
newm->acl[0] = '\0';
}
if(!strncmp(rock, "MAILBOX", 6)) {
newm->t = SET_ACTIVE;
} else if(!strncmp(rock, "RESERVE", 7)) {
newm->t = SET_RESERVE;
} else {
syslog(LOG_NOTICE,
"bad mupdate command in cmd_resync: %s", rock);
return 1;
}
newm->next = NULL;
*(remote_boxes->tail) = newm;
remote_boxes->tail = &(newm->next);
return 0;
}
static int sync_findall_cb(char *name,
int matchlen __attribute__((unused)),
int maycreate __attribute__((unused)),
void *rock)
{
struct sync_rock *r = (struct sync_rock *)rock;
struct mbent_queue *local_boxes = (struct mbent_queue *)r->boxes;
struct mbent *m;
if(!local_boxes) return 1;
m = database_lookup(name, r->pool);
if(!m) return 0;
m->next = NULL;
*(local_boxes->tail) = m;
local_boxes->tail = &(m->next);
return 0;
}
int mupdate_synchronize(mupdate_handle *handle)
{
struct mbent_queue local_boxes;
struct mbent_queue remote_boxes;
struct mbent *l,*r;
struct mpool *pool;
struct sync_rock rock;
char pattern[] = { '*', '\0' };
int ret = 0;
if(!handle || !handle->saslcompleted) return 1;
pool = new_mpool(131072);
rock.pool = pool;
prot_printf(handle->conn->out, "U01 UPDATE\r\n");
pthread_mutex_lock(&mailboxes_mutex);
syslog(LOG_NOTICE,
"synchronizing mailbox list with master mupdate server");
local_boxes.head = NULL;
local_boxes.tail = &(local_boxes.head);
remote_boxes.head = NULL;
remote_boxes.tail = &(remote_boxes.head);
rock.boxes = &remote_boxes;
if (mupdate_scarf(handle, cmd_resync, &rock, 1, NULL) != 0) {
struct mbent *p=remote_boxes.head, *p_next=NULL;
while(p) {
p_next = p->next;
p = p_next;
}
ret = 1;
goto done;
}
prot_NONBLOCK(handle->conn->in);
rock.boxes = &local_boxes;
mboxlist_findall(NULL, pattern, 1, NULL,
NULL, sync_findall_cb, (void*)&rock);
for(l = local_boxes.head, r = remote_boxes.head; l && r;
l = local_boxes.head, r = remote_boxes.head)
{
int ret = strcmp(l->mailbox, r->mailbox);
if(!ret) {
if(l->t != r->t ||
strcmp(l->server, r->server) ||
strcmp(l->acl,r->acl)) {
mboxlist_insertremote(r->mailbox,
(r->t == SET_RESERVE ?
MBTYPE_RESERVE : 0),
r->server, r->acl, NULL);
}
local_boxes.head = l->next;
remote_boxes.head = r->next;
} else if (ret < 0) {
mboxlist_deletemailbox(l->mailbox, 1, "", NULL, 0, 0, 0);
local_boxes.head = l->next;
} else {
mboxlist_insertremote(r->mailbox,
(r->t == SET_RESERVE ?
MBTYPE_RESERVE : 0),
r->server, r->acl, NULL);
remote_boxes.head = r->next;
}
}
if(l && !r) {
while(l) {
mboxlist_deletemailbox(l->mailbox, 1, "", NULL, 0, 0, 0);
local_boxes.head = l->next;
l = local_boxes.head;
}
} else if (r && !l) {
while(r) {
mboxlist_insertremote(r->mailbox,
(r->t == SET_RESERVE ?
MBTYPE_RESERVE : 0),
r->server, r->acl, NULL);
remote_boxes.head = r->next;
r = remote_boxes.head;
}
}
syslog(LOG_NOTICE, "mailbox list synchronization complete");
done:
pthread_mutex_unlock(&mailboxes_mutex);
free_mpool(pool);
return ret;
}
void mupdate_signal_db_synced(void)
{
pthread_mutex_lock(&synced_mutex);
synced = 1;
pthread_cond_broadcast(&synced_cond);
pthread_mutex_unlock(&synced_mutex);
}
void mupdate_ready(void)
{
pthread_mutex_lock(&ready_for_connections_mutex);
if(ready_for_connections) {
syslog(LOG_CRIT, "mupdate_ready called when already ready");
fatal("mupdate_ready called when already ready", EC_TEMPFAIL);
}
ready_for_connections = 1;
pthread_cond_broadcast(&ready_for_connections_cond);
pthread_mutex_unlock(&ready_for_connections_mutex);
}
void mupdate_unready(void)
{
pthread_mutex_lock(&ready_for_connections_mutex);
syslog(LOG_NOTICE, "unready for connections");
ready_for_connections = 0;
pthread_mutex_unlock(&ready_for_connections_mutex);
}
void free_mbent(struct mbent *p)
{
if(!p) return;
free(p->server);
free(p->mailbox);
free(p);
}
void printstring(const char *s __attribute__((unused)))
{
fatal("printstring() executed, but its not used for MUPDATE!",
EC_SOFTWARE);
}