#include <ctype.h>
#include <stdlib.h>
+#include <netdb.h>
+#include <sys/types.h>
+#include <netinet/in.h>
+#include <arpa/nameser.h>
EXEC SQL INCLUDE sqlca;
EXEC SQL BEGIN DECLARE SECTION;
int id;
EXEC SQL END DECLARE SECTION;
+ int status;
if (!strcmp(argv[1], "IMAP"))
- {
- EXEC SQL SELECT owner INTO :id FROM filesys f
- WHERE f.label = :argv[2] AND f.type = 'IMAP' AND
- f.lockertype = 'USER';
- if (cl->users_id != id)
- return MR_PERM;
- }
+ {
+ EXEC SQL SELECT owner INTO :id FROM filesys f
+ WHERE f.label = :argv[2] AND f.type = 'IMAP' AND
+ f.lockertype = 'USER';
+ if (cl->users_id != id)
+ return MR_PERM;
+ }
+
+ /* Non-query owners can't forward mail to a POSTOFFICE or MAILHUB server,
+ * nor to a nonresolving domain.
+ */
+ if (!strcmp(argv[1], "SMTP") || !strcmp(argv[1], "SPLIT"))
+ {
+ status = check_mail_string(argv[2]);
+ if (status)
+ return status;
+ }
+
if (cl->users_id != *(int *)argv[0])
return MR_PERM;
else
char member_acl_type[LIST_ACL_TYPE_SIZE], memacl_type[LIST_ACL_TYPE_SIZE];
EXEC SQL END DECLARE SECTION;
int status, cnt;
+ char *buf;
list_id = *(int *)argv[0];
member_id = *(int *)argv[2];
}
}
+ /* Don't allow non-query owners to add STRINGs to lists if they end
+ * in a domain that's MIT.EDU or one of the hosts that provide the
+ * MAILHUB or POSTOFFICE services.
+ */
+ if (!strcmp(q->shortname, "amtl") || !strcmp(q->shortname, "atml"))
+ {
+ if (!strcmp("STRING", argv[1]))
+ {
+ buf = malloc(0);
+ status = id_to_name(*(int *)argv[2], STRINGS_TABLE, &buf);
+ if (status)
+ return status;
+
+ status = check_mail_string(buf);
+ free(buf);
+ if (status)
+ return status;
+ }
+ }
+
/* check for client in access control list and return success right
* away if it's there. */
if (find_member(acl_type, acl_id, cl))
if (find_member(memacl_type, memacl_id, cl))
return MR_SUCCESS;
- if (flags || q->type == DELETE)
+ if (flags || q->type == MR_Q_DELETE)
{
if (!strcmp("USER", argv[1]) && *(int *)argv[2] == cl->users_id)
return MR_SUCCESS;
else
idx = 2;
- if (q->type == APPEND)
+ if (q->type == MR_Q_APPEND)
{
/* Non-query owner must set use to zero */
if (atoi(argv[6 + idx]) != 0)
else
return MR_PERM;
}
- else /* q-type == UPDATE */
+ else /* q-type == MR_Q_UPDATE */
{
EXEC SQL BEGIN DECLARE SECTION;
int status, acomment, use, ocomment, snid;
EXEC SQL END DECLARE SECTION;
int status;
- if (q->type == RETRIEVE)
+ if (q->type == MR_Q_RETRIEVE)
return MR_SUCCESS;
id = *(int *)argv[1];
- if (q->type == APPEND && isdigit(argv[0][0]))
+ if (q->type == MR_Q_APPEND && isdigit(argv[0][0]))
return MR_BAD_CHAR;
EXEC SQL SELECT count(name) INTO :cnt from hostalias WHERE mach_id = :id;
if (dbms_errno)
return mr_errcode;
- /* if the type is APPEND, this is ahal and we need to make sure there
+ /* if the type is MR_Q_APPEND, this is ahal and we need to make sure there
* will be no more than 2 aliases. If it's not, it must be dhal and
* any owner will do.
*/
- if (q->type == APPEND && cnt >= 2)
+ if (q->type == MR_Q_APPEND && cnt >= 2)
return MR_PERM;
EXEC SQL SELECT m.owner_type, m.owner_id, s.owner_type, s.owner_id
INTO :mtype, :mid, :stype, :sid FROM machine m, subnet s
int access_snt(struct query *q, char *argv[], client *cl)
{
- if (q->type == RETRIEVE)
+ if (q->type == MR_Q_RETRIEVE)
return MR_SUCCESS;
return MR_PERM;
/* if the container is public or the query is delete, grant access if client
* is on owner list */
- if (flag || q->type == DELETE)
+ if (flag || q->type == MR_Q_DELETE)
{
EXEC SQL SELECT owner_type, owner_id INTO :machine_owner_type,
:machine_owner_id
/* Otherwise fail. */
return MR_PERM;
}
+
+int check_mail_string(char *mailstring)
+{
+ EXEC SQL BEGIN DECLARE SECTION;
+ char mname[MACHINE_NAME_SIZE];
+ EXEC SQL END DECLARE SECTION;
+ char *p, *host, *hostdomain;
+ struct hostent *hp;
+ struct mxentry *mxrecords = NULL;
+ int index;
+
+ p = strchr(mailstring, '@');
+ if (p)
+ {
+ host = strdup(++p);
+
+ /* Replace .LOCAL at end of host with .MIT.EDU if needed. */
+ hostdomain = strrchr(host, '.');
+ if (hostdomain && !strcasecmp(hostdomain, ".LOCAL"))
+ {
+ index = hostdomain - host;
+ host[index] = '\0';
+ host = realloc(host, strlen(host) + strlen(".MIT.EDU") + 1);
+ strcat(host, ".MIT.EDU");
+ }
+
+ hp = gethostbyname(host);
+ if (hp)
+ {
+ host = realloc(host, strlen(hp->h_name) + 1);
+ if (host)
+ strcpy(host, hp->h_name);
+ }
+ else
+ {
+ /* Possibly a host with no A record but MX records. Check. */
+ mxrecords = getmxrecords(host);
+ if (!mxrecords)
+ return MR_BAD_MAIL_STRING;
+ else
+ return MR_SUCCESS;
+ }
+
+ if (!strcasecmp(host, "MIT.EDU"))
+ {
+ free(host);
+ return MR_BAD_MAIL_STRING;
+ }
+
+ EXEC SQL DECLARE csr_listmem CURSOR FOR
+ SELECT UNIQUE m.name FROM machine m, serverhosts sh
+ WHERE m.mach_id = sh.mach_id
+ AND (sh.service = 'MAILHUB' or sh.service = 'POSTOFFICE');
+ if (dbms_errno)
+ {
+ free(host);
+ return mr_errcode;
+ }
+ EXEC SQL OPEN csr_listmem;
+ if (dbms_errno)
+ {
+ free(host);
+ return mr_errcode;
+ }
+ while (1)
+ {
+ EXEC SQL FETCH csr_listmem INTO :mname;
+ if (sqlca.sqlcode)
+ break;
+
+ if (!strcasecmp(host, strtrim(mname)))
+ {
+ free(host);
+ return MR_BAD_MAIL_STRING;
+ }
+ }
+ free(host);
+ }
+
+ return MR_SUCCESS;
+}
+
+/*
+ * This ought to be in the bind library. It's adapted from sendmail.
+ */
+
+/*
+ * These are defined in RFC833. Some bind interface headers don't declare them.
+ * Ghod help us if they're ever actually incompatible with what's in
+ * the arpa/nameser.h header.
+ */
+#ifndef PACKETSZ
+#define PACKETSZ 512 /* maximum packet size */
+#endif
+#ifndef HFIXEDSZ
+#define HFIXEDSZ 12 /* #/bytes of fixed data in header */
+#endif
+#ifndef INT32SZ
+#define INT32SZ 4 /* for systems without 32-bit ints */
+#endif
+#ifndef INT16SZ
+#define INT16SZ 2 /* for systems without 16-bit ints */
+#endif
+
+/* minimum possible size of MX record in packet */
+#define MIN_MX_SIZE 8 /* corresp to "a.com 0" w/ terminating space */
+
+struct mxentry *getmxrecords(const char *name)
+{
+ char answer[PACKETSZ], *eom, *cp, *bp;
+ int n, ancount, qdcount, buflen, type, pref, ind;
+ static struct mxentry pmx[(PACKETSZ - HFIXEDSZ) / MIN_MX_SIZE];
+ static char MXHostBuf[PACKETSZ - HFIXEDSZ];
+ HEADER *hp;
+
+ pmx->name = (char *)NULL;
+ pmx->pref = -1;
+ n = res_search(name, C_IN,T_MX, (unsigned char *)&answer, sizeof(answer));
+ if (n == -1)
+ return((struct mxentry *)NULL);
+ if ((size_t)n > sizeof(answer))
+ n = sizeof(answer);
+
+ hp = (HEADER *)&answer;
+ cp = answer + HFIXEDSZ;
+ eom = answer + n;
+ h_errno = 0;
+ for (qdcount = ntohs(hp->qdcount); qdcount--; cp += n + QFIXEDSZ)
+ if ((n = dn_skipname((unsigned char *)cp, (unsigned char *)eom)) < 0)
+ return((struct mxentry *)NULL);
+ buflen = sizeof(MXHostBuf) - 1;
+ bp = MXHostBuf;
+ ind = 0;
+ ancount = ntohs(hp->ancount);
+ while (--ancount >= 0 && cp < eom)
+ {
+ if ((n = dn_expand((unsigned char *)answer, (unsigned char *)eom,
+ (unsigned char *)cp, bp, buflen)) < 0)
+ break;
+ cp += n;
+ GETSHORT(type, cp);
+ cp += INT16SZ + INT32SZ;
+ GETSHORT(n, cp);
+ if (type != T_MX)
+ {
+ cp += n;
+ continue;
+ }
+ GETSHORT(pref, cp);
+ if ((n = dn_expand((unsigned char *)answer, (unsigned char *)eom,
+ (unsigned char *)cp, bp, buflen)) < 0)
+ break;
+ cp += n;
+
+ pmx[ind].name = bp;
+ pmx[ind].pref = pref;
+ ++ind;
+
+ n = strlen((const char *)bp);
+ bp += n;
+ *bp++ = '\0';
+
+ buflen -= n + 1;
+ }
+
+ pmx[ind].name = (char *)NULL;
+ pmx[ind].pref = -1;
+ return(pmx);
+}
andersk / moira.git / blobdiff