X-Git-Url: https://vcs.fsf.org/?p=exim.git;a=blobdiff_plain;f=src%2Fsrc%2Fdbfn.c;h=63a1aefe353818ea385feee3b6700828fc5e05e5;hp=5529fe93f3891229fb9ebc014f124cd2413e9c97;hb=f3ebb786e451da973560f1c9d8cdb151d25108b5;hpb=d5b80e59458182b2d557a929a18cb8c70cd56b68 diff --git a/src/src/dbfn.c b/src/src/dbfn.c index 5529fe93f..63a1aefe3 100644 --- a/src/src/dbfn.c +++ b/src/src/dbfn.c @@ -2,7 +2,7 @@ * Exim - an Internet mail transport agent * *************************************************/ -/* Copyright (c) University of Cambridge 1995 - 2015 */ +/* Copyright (c) University of Cambridge 1995 - 2018 */ /* See the file NOTICE for conditions of use and distribution. */ @@ -72,6 +72,7 @@ Arguments: dbblock Points to an open_db block to be filled in. lof If TRUE, write to the log for actual open failures (locking failures are always logged). + panic If TRUE, panic on failure to create the db directory Returns: NULL if the open failed, or the locking failed. After locking failures, errno is zero. @@ -85,7 +86,7 @@ moment I haven't changed them. */ open_db * -dbfn_open(uschar *name, int flags, open_db *dbblock, BOOL lof) +dbfn_open(uschar *name, int flags, open_db *dbblock, BOOL lof, BOOL panic) { int rc, save_errno; BOOL read_only = flags == O_RDONLY; @@ -93,6 +94,8 @@ BOOL created = FALSE; flock_t lock_data; uschar dirname[256], filename[256]; +DEBUG(D_hints_lookup) acl_level++; + /* The first thing to do is to open a separate file on which to lock. This ensures that Exim has exclusive use of the database before it even tries to open it. Early versions tried to lock on the open database itself, but that @@ -112,7 +115,7 @@ snprintf(CS filename, sizeof(filename), "%s/%s.lockfile", dirname, name); if ((dbblock->lockfd = Uopen(filename, O_RDWR, EXIMDB_LOCKFILE_MODE)) < 0) { created = TRUE; - (void)directory_make(spool_directory, US"db", EXIMDB_DIRECTORY_MODE, TRUE); + (void)directory_make(spool_directory, US"db", EXIMDB_DIRECTORY_MODE, panic); dbblock->lockfd = Uopen(filename, O_RDWR|O_CREAT, EXIMDB_LOCKFILE_MODE); } @@ -121,6 +124,7 @@ if (dbblock->lockfd < 0) log_write(0, LOG_MAIN, "%s", string_open_failed(errno, "database lock file %s", filename)); errno = 0; /* Indicates locking failure */ + DEBUG(D_hints_lookup) acl_level--; return NULL; } @@ -131,12 +135,12 @@ lock_data.l_type = read_only? F_RDLCK : F_WRLCK; lock_data.l_whence = lock_data.l_start = lock_data.l_len = 0; DEBUG(D_hints_lookup|D_retry|D_route|D_deliver) - debug_printf("locking %s\n", filename); + debug_printf_indent("locking %s\n", filename); sigalrm_seen = FALSE; -alarm(EXIMDB_LOCK_TIMEOUT); +ALARM(EXIMDB_LOCK_TIMEOUT); rc = fcntl(dbblock->lockfd, F_SETLKW, &lock_data); -alarm(0); +ALARM_CLR(0); if (sigalrm_seen) errno = ETIMEDOUT; if (rc < 0) @@ -146,10 +150,11 @@ if (rc < 0) errno == ETIMEDOUT ? "timed out" : strerror(errno)); (void)close(dbblock->lockfd); errno = 0; /* Indicates locking failure */ + DEBUG(D_hints_lookup) acl_level--; return NULL; } -DEBUG(D_hints_lookup) debug_printf("locked %s\n", filename); +DEBUG(D_hints_lookup) debug_printf_indent("locked %s\n", filename); /* At this point we have an opened and locked separate lock file, that is, exclusive access to the database, so we can go ahead and open it. If we are @@ -166,7 +171,7 @@ EXIM_DBOPEN(filename, dirname, flags, EXIMDB_MODE, &(dbblock->dbptr)); if (!dbblock->dbptr && errno == ENOENT && flags == O_RDWR) { DEBUG(D_hints_lookup) - debug_printf("%s appears not to exist: trying to create\n", filename); + debug_printf_indent("%s appears not to exist: trying to create\n", filename); created = TRUE; EXIM_DBOPEN(filename, dirname, flags|O_CREAT, EXIMDB_MODE, &(dbblock->dbptr)); } @@ -201,12 +206,12 @@ if (created && geteuid() == root_uid) if (Ustrncmp(ent->d_name, name, namelen) == 0) { struct stat statbuf; - Ustrcpy(lastname, ent->d_name); + Ustrcpy(lastname, US ent->d_name); if (Ustat(filename, &statbuf) >= 0 && statbuf.st_uid != exim_uid) { - DEBUG(D_hints_lookup) debug_printf("ensuring %s is owned by exim\n", filename); - if (Uchown(filename, exim_uid, exim_gid)) - DEBUG(D_hints_lookup) debug_printf("failed setting %s to owned by exim\n", filename); + DEBUG(D_hints_lookup) debug_printf_indent("ensuring %s is owned by exim\n", filename); + if (exim_chown(filename, exim_uid, exim_gid)) + DEBUG(D_hints_lookup) debug_printf_indent("failed setting %s to owned by exim\n", filename); } } @@ -224,15 +229,16 @@ if (!dbblock->dbptr) filename)); else DEBUG(D_hints_lookup) - debug_printf("%s\n", CS string_open_failed(save_errno, "DB file %s", + debug_printf_indent("%s\n", CS string_open_failed(save_errno, "DB file %s", filename)); (void)close(dbblock->lockfd); errno = save_errno; + DEBUG(D_hints_lookup) acl_level--; return NULL; } DEBUG(D_hints_lookup) - debug_printf("opened hints database %s: flags=%s\n", filename, + debug_printf_indent("opened hints database %s: flags=%s\n", filename, flags == O_RDONLY ? "O_RDONLY" : flags == O_RDWR ? "O_RDWR" : flags == (O_RDWR|O_CREAT) ? "O_RDWR|O_CREAT" @@ -263,7 +269,8 @@ dbfn_close(open_db *dbblock) { EXIM_DBCLOSE(dbblock->dbptr); (void)close(dbblock->lockfd); -DEBUG(D_hints_lookup) debug_printf("closed hints database and lockfile\n"); +DEBUG(D_hints_lookup) + { debug_printf_indent("closed hints database and lockfile\n"); acl_level--; } } @@ -296,11 +303,11 @@ dbfn_read_with_length(open_db *dbblock, const uschar *key, int *length) void *yield; EXIM_DATUM key_datum, result_datum; int klen = Ustrlen(key) + 1; -uschar * key_copy = store_get(klen); +uschar * key_copy = store_get(klen, is_tainted(key)); memcpy(key_copy, key, klen); -DEBUG(D_hints_lookup) debug_printf("dbfn_read: key=%s\n", key); +DEBUG(D_hints_lookup) debug_printf_indent("dbfn_read: key=%s\n", key); EXIM_DATUM_INIT(key_datum); /* Some DBM libraries require the datum */ EXIM_DATUM_INIT(result_datum); /* to be cleared before use. */ @@ -309,7 +316,10 @@ EXIM_DATUM_SIZE(key_datum) = klen; if (!EXIM_DBGET(dbblock->dbptr, key_datum, result_datum)) return NULL; -yield = store_get(EXIM_DATUM_SIZE(result_datum)); +/* Assume the data store could have been tainted. Properly, we should +store the taint status with the data. */ + +yield = store_get(EXIM_DATUM_SIZE(result_datum), TRUE); memcpy(yield, EXIM_DATUM_DATA(result_datum), EXIM_DATUM_SIZE(result_datum)); if (length != NULL) *length = EXIM_DATUM_SIZE(result_datum); @@ -340,12 +350,12 @@ dbfn_write(open_db *dbblock, const uschar *key, void *ptr, int length) EXIM_DATUM key_datum, value_datum; dbdata_generic *gptr = (dbdata_generic *)ptr; int klen = Ustrlen(key) + 1; -uschar * key_copy = store_get(klen); +uschar * key_copy = store_get(klen, is_tainted(key)); memcpy(key_copy, key, klen); gptr->time_stamp = time(NULL); -DEBUG(D_hints_lookup) debug_printf("dbfn_write: key=%s\n", key); +DEBUG(D_hints_lookup) debug_printf_indent("dbfn_write: key=%s\n", key); EXIM_DATUM_INIT(key_datum); /* Some DBM libraries require the datum */ EXIM_DATUM_INIT(value_datum); /* to be cleared before use. */ @@ -374,7 +384,9 @@ int dbfn_delete(open_db *dbblock, const uschar *key) { int klen = Ustrlen(key) + 1; -uschar * key_copy = store_get(klen); +uschar * key_copy = store_get(klen, is_tainted(key)); + +DEBUG(D_hints_lookup) debug_printf_indent("dbfn_delete: key=%s\n", key); memcpy(key_copy, key, klen); EXIM_DATUM key_datum; @@ -409,6 +421,8 @@ EXIM_DATUM key_datum, value_datum; uschar *yield; value_datum = value_datum; /* dummy; not all db libraries use this */ +DEBUG(D_hints_lookup) debug_printf_indent("dbfn_scan\n"); + /* Some dbm require an initialization */ if (start) EXIM_DBCREATE_CURSOR(dbblock->dbptr, cursor); @@ -526,7 +540,7 @@ while (Ufgets(buffer, 256, stdin) != NULL) } start = clock(); - odb = dbfn_open(s, O_RDWR, dbblock + i, TRUE); + odb = dbfn_open(s, O_RDWR, dbblock + i, TRUE, TRUE); stop = clock(); if (odb)