X-Git-Url: https://vcs.fsf.org/?p=exim.git;a=blobdiff_plain;f=src%2Fsrc%2Freadconf.c;h=5efe7aa0411ea3378d1a378ab152077e4665919a;hp=27a834b3f7234cd21105b0f0a93e86a8f0f54a83;hb=863bd541063e72fcea7305b9d3ee2cb460a6d3d1;hpb=2333e06f406b5d66068cef3e20ab223fc6650307

diff --git a/src/src/readconf.c b/src/src/readconf.c
index 27a834b3f..5efe7aa04 100644
--- a/src/src/readconf.c
+++ b/src/src/readconf.c
@@ -22,12 +22,15 @@ static void readconf_options_auths(void);
 
 #define CSTATE_STACK_SIZE 10
 
+const uschar *config_directory = NULL;
+
 
 /* Structure for chain (stack) of .included files */
 
 typedef struct config_file_item {
   struct config_file_item *next;
-  uschar *filename;
+  const uschar *filename;
+  const uschar *directory;
   FILE *file;
   int lineno;
 } config_file_item;
@@ -250,7 +253,7 @@ static optionlist optionlist_config[] = {
   { "dns_retry",                opt_int,         &dns_retry },
   { "dns_trust_aa",             opt_stringptr,   &dns_trust_aa },
   { "dns_use_edns0",            opt_int,         &dns_use_edns0 },
- /* This option is now a no-op, retained for compability */
+ /* This option is now a no-op, retained for compatibility */
   { "drop_cr",                  opt_bool,        &drop_cr },
 /*********************************************************/
   { "dsn_advertise_hosts",      opt_stringptr,   &dsn_advertise_hosts },
@@ -793,76 +796,76 @@ due to conflicts with other common macros. */
 #endif
 
 #ifdef LOOKUP_LSEARCH
-  macro_create(US"_HAVE_LKUP_LSEARCH", US"y", FALSE, TRUE);
+  macro_create(US"_HAVE_LOOKUP_LSEARCH", US"y", FALSE, TRUE);
 #endif
 #ifdef LOOKUP_CDB
-  macro_create(US"_HAVE_LKUP_CDB", US"y", FALSE, TRUE);
+  macro_create(US"_HAVE_LOOKUP_CDB", US"y", FALSE, TRUE);
 #endif
 #ifdef LOOKUP_DBM
-  macro_create(US"_HAVE_LKUP_DBM", US"y", FALSE, TRUE);
+  macro_create(US"_HAVE_LOOKUP_DBM", US"y", FALSE, TRUE);
 #endif
 #ifdef LOOKUP_DNSDB
-  macro_create(US"_HAVE_LKUP_DNSDB", US"y", FALSE, TRUE);
+  macro_create(US"_HAVE_LOOKUP_DNSDB", US"y", FALSE, TRUE);
 #endif
 #ifdef LOOKUP_DSEARCH
-  macro_create(US"_HAVE_LKUP_DSEARCH", US"y", FALSE, TRUE);
+  macro_create(US"_HAVE_LOOKUP_DSEARCH", US"y", FALSE, TRUE);
 #endif
 #ifdef LOOKUP_IBASE
-  macro_create(US"_HAVE_LKUP_IBASE", US"y", FALSE, TRUE);
+  macro_create(US"_HAVE_LOOKUP_IBASE", US"y", FALSE, TRUE);
 #endif
 #ifdef LOOKUP_LDAP
-  macro_create(US"_HAVE_LKUP_LDAP", US"y", FALSE, TRUE);
+  macro_create(US"_HAVE_LOOKUP_LDAP", US"y", FALSE, TRUE);
 #endif
 #ifdef EXPERIMENTAL_LMDB
-  macro_create(US"_HAVE_LKUP_LMDB", US"y", FALSE, TRUE);
+  macro_create(US"_HAVE_LOOKUP_LMDB", US"y", FALSE, TRUE);
 #endif
 #ifdef LOOKUP_MYSQL
-  macro_create(US"_HAVE_LKUP_MYSQL", US"y", FALSE, TRUE);
+  macro_create(US"_HAVE_LOOKUP_MYSQL", US"y", FALSE, TRUE);
 #endif
 #ifdef LOOKUP_NIS
-  macro_create(US"_HAVE_LKUP_NIS", US"y", FALSE, TRUE);
+  macro_create(US"_HAVE_LOOKUP_NIS", US"y", FALSE, TRUE);
 #endif
 #ifdef LOOKUP_NISPLUS
-  macro_create(US"_HAVE_LKUP_NISPLUS", US"y", FALSE, TRUE);
+  macro_create(US"_HAVE_LOOKUP_NISPLUS", US"y", FALSE, TRUE);
 #endif
 #ifdef LOOKUP_ORACLE
-  macro_create(US"_HAVE_LKUP_ORACLE", US"y", FALSE, TRUE);
+  macro_create(US"_HAVE_LOOKUP_ORACLE", US"y", FALSE, TRUE);
 #endif
 #ifdef LOOKUP_PASSWD
-  macro_create(US"_HAVE_LKUP_PASSWD", US"y", FALSE, TRUE);
+  macro_create(US"_HAVE_LOOKUP_PASSWD", US"y", FALSE, TRUE);
 #endif
 #ifdef LOOKUP_PGSQL
-  macro_create(US"_HAVE_LKUP_PGSQL", US"y", FALSE, TRUE);
+  macro_create(US"_HAVE_LOOKUP_PGSQL", US"y", FALSE, TRUE);
 #endif
 #ifdef LOOKUP_REDIS
-  macro_create(US"_HAVE_LKUP_REDIS", US"y", FALSE, TRUE);
+  macro_create(US"_HAVE_LOOKUP_REDIS", US"y", FALSE, TRUE);
 #endif
 #ifdef LOOKUP_SQLITE
-  macro_create(US"_HAVE_LKUP_SQLITE", US"y", FALSE, TRUE);
+  macro_create(US"_HAVE_LOOKUP_SQLITE", US"y", FALSE, TRUE);
 #endif
 #ifdef LOOKUP_TESTDB
-  macro_create(US"_HAVE_LKUP_TESTDB", US"y", FALSE, TRUE);
+  macro_create(US"_HAVE_LOOKUP_TESTDB", US"y", FALSE, TRUE);
 #endif
 #ifdef LOOKUP_WHOSON
-  macro_create(US"_HAVE_LKUP_WHOSON", US"y", FALSE, TRUE);
+  macro_create(US"_HAVE_LOOKUP_WHOSON", US"y", FALSE, TRUE);
 #endif
 
 #ifdef TRANSPORT_APPENDFILE
 # ifdef SUPPORT_MAILDIR
-  macro_create(US"_HAVE_TPT_APPEND_MAILDR", US"y", FALSE, TRUE);
+  macro_create(US"_HAVE_TRANSPORT_APPEND_MAILDIR", US"y", FALSE, TRUE);
 # endif
 # ifdef SUPPORT_MAILSTORE
-  macro_create(US"_HAVE_TPT_APPEND_MAILSTORE", US"y", FALSE, TRUE);
+  macro_create(US"_HAVE_TRANSPORT_APPEND_MAILSTORE", US"y", FALSE, TRUE);
 # endif
 # ifdef SUPPORT_MBX
-  macro_create(US"_HAVE_TPT_APPEND_MBX", US"y", FALSE, TRUE);
+  macro_create(US"_HAVE_TRANSPORT_APPEND_MBX", US"y", FALSE, TRUE);
 # endif
 #endif
 }
 
 
 void
-readconf_options_from_list(optionlist * opts, unsigned nopt, uschar * group)
+readconf_options_from_list(optionlist * opts, unsigned nopt, const uschar * section, uschar * group)
 {
 int i;
 const uschar * s;
@@ -874,15 +877,18 @@ of the macros list is in reverse-alpha (we prepend them) - so longer
 macros that have substrings are always discovered first during
 expansion. */
 
-for (i = 0; i < nopt; i++)  if (*(s = opts[i].name) && *s != '*')
-  macro_create(string_sprintf("_OPT_%T_%T", group, s), US"y", FALSE, TRUE);
+for (i = 0; i < nopt; i++)  if (*(s = US opts[i].name) && *s != '*')
+  if (group)
+    macro_create(string_sprintf("_OPT_%T_%T_%T", section, group, s), US"y", FALSE, TRUE);
+  else
+    macro_create(string_sprintf("_OPT_%T_%T", section, s), US"y", FALSE, TRUE);
 }
 
 
 static void
 readconf_options(void)
 {
-readconf_options_from_list(optionlist_config, nelem(optionlist_config), US"MAIN");
+readconf_options_from_list(optionlist_config, nelem(optionlist_config), US"MAIN", NULL);
 readconf_options_routers();
 readconf_options_transports();
 readconf_options_auths();
@@ -941,6 +947,7 @@ for (;;)
       (void)fclose(config_file);
       config_file = config_file_stack->file;
       config_filename = config_file_stack->filename;
+      config_directory = config_file_stack->directory;
       config_lineno = config_file_stack->lineno;
       config_file_stack = config_file_stack->next;
       if (config_lines)
@@ -1163,9 +1170,19 @@ for (;;)
       }
     *t = 0;
 
+    /* We allow relative file names. For security reasons currently
+    relative names not allowed with .include_if_exists. For .include_if_exists
+    we need to check the permissions/ownership of the containing folder */
     if (*ss != '/')
-      log_write(0, LOG_PANIC_DIE|LOG_CONFIG_IN, ".include specifies a non-"
-        "absolute path \"%s\"", ss);
+      if (include_if_exists) log_write(0, LOG_PANIC_DIE|LOG_CONFIG_IN, ".include specifies a non-"
+          "absolute path \"%s\"", ss);
+      else
+        {
+        int offset = 0;
+        int size = 0;
+        ss = string_append(NULL, &size, &offset, 3, config_directory, "/", ss);
+        ss[offset] = '\0';  /* string_append() does not zero terminate the string! */
+        }
 
     if (include_if_exists != 0 && (Ustat(ss, &statbuf) != 0)) continue;
 
@@ -1176,6 +1193,7 @@ for (;;)
     config_file_stack = save;
     save->file = config_file;
     save->filename = config_filename;
+    save->directory = config_directory;
     save->lineno = config_lineno;
 
     if (!(config_file = Ufopen(ss, "rb")))
@@ -1183,6 +1201,7 @@ for (;;)
         "configuration file %s", ss);
 
     config_filename = string_copy(ss);
+    config_directory = string_copyn(ss, CUstrrchr(ss, '/') - ss);
     config_lineno = 0;
     continue;
     }
@@ -2349,7 +2368,7 @@ switch (type)
 
   /* We get a coverity error here for using count, as it derived
   from the tainted buffer pointed to by s, as parsed by sscanf().
-  By the definition of sscanf we must be aceessing between start
+  By the definition of sscanf we must be accessing between start
   and end of s (assuming it is nul-terminated...) so ignore the error.  */
   /* coverity[tainted_data] */
   if (s[count] == '.')
@@ -3232,12 +3251,9 @@ if (pid == 0)
     exim_setugid(exim_uid, exim_gid, FALSE,
         US"calling tls_validate_require_cipher");
 
-  errmsg = tls_validate_require_cipher();
-  if (errmsg)
-    {
+  if ((errmsg = tls_validate_require_cipher()))
     log_write(0, LOG_PANIC_DIE|LOG_CONFIG,
         "tls_require_ciphers invalid: %s", errmsg);
-    }
   fflush(NULL);
   _exit(0);
   }
@@ -3353,28 +3369,50 @@ while((filename = string_nextinlist(&list, &sep, big_buffer, big_buffer_size)))
   if (config_file != NULL || errno != ENOENT) break;
   }
 
-/* Now, once we found and opened our configuration file, we change the directory
-to a safe place. Later we change to $spool_directory. */
-
-if (Uchdir("/") < 0)
-  {
-  perror("exim: chdir `/': ");
-  exit(EXIT_FAILURE);
-  }
-
 /* On success, save the name for verification; config_filename is used when
 logging configuration errors (it changes for .included files) whereas
 config_main_filename is the name shown by -bP. Failure to open a configuration
 file is a serious disaster. */
 
-if (config_file != NULL)
+if (config_file)
   {
-  uschar *p;
+  uschar *last_slash = Ustrrchr(filename, '/');
   config_filename = config_main_filename = string_copy(filename);
 
-  p = Ustrrchr(filename, '/');
-  config_main_directory = p ? string_copyn(filename, p - filename)
-                            : string_copy(US".");
+  /* The config_main_directory we need for the $config_dir expansion.
+  config_main_filename we need for $config_file expansion.
+  And config_dir is the directory of the current configuration, used for
+  relative .includes. We do need to know it's name, as we change our working
+  directory later. */
+
+  if (filename[0] == '/')
+    config_main_directory = last_slash == filename ? US"/" : string_copyn(filename, last_slash - filename);
+  else
+    {
+      /* relative configuration file name: working dir + / + basename(filename) */
+
+      uschar buf[PATH_MAX];
+      int offset = 0;
+      int size = 0;
+
+      if (os_getcwd(buf, PATH_MAX) == NULL)
+        {
+        perror("exim: getcwd");
+        exit(EXIT_FAILURE);
+        }
+      config_main_directory = string_cat(NULL, &size, &offset, buf);
+
+      /* If the dir does not end with a "/", append one */
+      if (config_main_directory[offset-1] != '/')
+        config_main_directory = string_catn(config_main_directory, &size, &offset, US"/", 1);
+
+      /* If the config file contains a "/", extract the directory part */
+      if (last_slash)
+        config_main_directory = string_catn(config_main_directory, &size, &offset, filename, last_slash - filename);
+
+      config_main_directory[offset] = '\0';
+    }
+  config_directory = config_main_directory;
   }
 else
   {
@@ -3386,6 +3424,15 @@ else
       "configuration file %s", filename));
   }
 
+/* Now, once we found and opened our configuration file, we change the directory
+to a safe place. Later we change to $spool_directory. */
+
+if (Uchdir("/") < 0)
+  {
+  perror("exim: chdir `/': ");
+  exit(EXIT_FAILURE);
+  }
+
 /* Check the status of the file we have opened, if we have retained root
 privileges and the file isn't /dev/null (which *should* be 0666). */
 
@@ -4304,12 +4351,12 @@ readconf_options_auths(void)
 {
 struct auth_info * ai;
 
-readconf_options_from_list(optionlist_auths, optionlist_auths_size, US"AU");
+readconf_options_from_list(optionlist_auths, optionlist_auths_size, US"AUTHENTICATORS", NULL);
 
 for (ai = auths_available; ai->driver_name[0]; ai++)
   {
-  macro_create(string_sprintf("_DRVR_AUTH_%T", ai->driver_name), US"y", FALSE, TRUE);
-  readconf_options_from_list(ai->options, (unsigned)*ai->options_count, ai->driver_name);
+  macro_create(string_sprintf("_DRIVER_AUTHENTICATOR_%T", ai->driver_name), US"y", FALSE, TRUE);
+  readconf_options_from_list(ai->options, (unsigned)*ai->options_count, US"AUTHENTICATOR", ai->driver_name);
   }
 }