1 /*        $NetBSD: postmap.c,v 1.6 2025/02/25 19:15:48 christos Exp $ */
2 
3 /*++
4 /* NAME
5 /*        postmap 1
6 /* SUMMARY
7 /*        Postfix lookup table management
8 /* SYNOPSIS
9 /* .fi
10 /*        \fBpostmap\fR [\fB-bfFhimnNoprsuUvw\fR] [\fB-c \fIconfig_dir\fR]
11 /*        [\fB-d \fIkey\fR] [\fB-q \fIkey\fR]
12 /*                  [\fIfile_type\fR:]\fIfile_name\fR ...
13 /* DESCRIPTION
14 /*        The \fBpostmap\fR(1) command creates or queries one or more Postfix
15 /*        lookup tables, or updates an existing one.
16 /*
17 /*        If the result files do not exist they will be created with the
18 /*        same group and other read permissions as their source file.
19 /*
20 /*        While the table update is in progress, signal delivery is
21 /*        postponed, and an exclusive, advisory, lock is placed on the
22 /*        entire table, in order to avoid surprises in spectator
23 /*        processes.
24 /* INPUT FILE FORMAT
25 /* .ad
26 /* .fi
27 /*        The format of a lookup table input file is as follows:
28 /* .IP \(bu
29 /*        A table entry has the form
30 /* .sp
31 /* .nf
32 /*             \fIkey\fR whitespace \fIvalue\fR
33 /* .fi
34 /* .IP \(bu
35 /*        Empty lines and whitespace-only lines are ignored, as
36 /*        are lines whose first non-whitespace character is a `#'.
37 /* .IP \(bu
38 /*        A logical line starts with non-whitespace text. A line that
39 /*        starts with whitespace continues a logical line.
40 /* .PP
41 /*        The \fIkey\fR and \fIvalue\fR are processed as is, except that
42 /*        surrounding white space is stripped off. Whitespace in lookup
43 /*        keys is supported in Postfix 3.2 and later, by surrounding the
44 /*        key with double quote characters `"'. Within the double quotes,
45 /*        double quote `"' and backslash `\\' characters can be included
46 /*        by quoting them with a preceding backslash.
47 /*
48 /*        When the \fB-F\fR option is given, the \fIvalue\fR must
49 /*        specify one or more filenames separated by comma and/or
50 /*        whitespace; \fBpostmap\fR(1) will concatenate the file
51 /*        content (with a newline character inserted between files)
52 /*        and will store the base64-encoded result instead of the
53 /*        \fIvalue\fR.
54 /*
55 /*        When the \fIkey\fR specifies email address information, the
56 /*        localpart should be enclosed with double quotes if required
57 /*        by RFC 5322. For example, an address localpart that contains
58 /*        ";", or a localpart that starts or ends with ".".
59 /*
60 /*        By default the lookup key is mapped to lowercase to make
61 /*        the lookups case insensitive; as of Postfix 2.3 this case
62 /*        folding happens only with tables whose lookup keys are
63 /*        fixed-case strings such as btree:, dbm: or hash:. With
64 /*        earlier versions, the lookup key is folded even with tables
65 /*        where a lookup field can match both upper and lower case
66 /*        text, such as regexp: and pcre:. This resulted in loss of
67 /*        information with $\fInumber\fR substitutions.
68 /* COMMAND-LINE ARGUMENTS
69 /* .ad
70 /* .fi
71 /* .IP \fB-b\fR
72 /*        Enable message body query mode. When reading lookup keys
73 /*        from standard input with "\fB-q -\fR", process the input
74 /*        as if it is an email message in RFC 5322 format.  Each line
75 /*        of body content becomes one lookup key.
76 /* .sp
77 /*        By default, the \fB-b\fR option starts generating lookup
78 /*        keys at the first non-header line, and stops when the end
79 /*        of the message is reached.
80 /*        To simulate \fBbody_checks\fR(5) processing, enable MIME
81 /*        parsing with \fB-m\fR. With this, the \fB-b\fR option
82 /*        generates no body-style lookup keys for attachment MIME
83 /*        headers and for attached message/* headers.
84 /* .sp
85 /*        NOTE: with "smtputf8_enable = yes", the \fB-b\fR option
86 /*        disables UTF-8 syntax checks on query keys and lookup
87 /*        results. Specify the \fB-U\fR option to force UTF-8
88 /*        syntax checks anyway.
89 /* .sp
90 /*        This feature is available in Postfix version 2.6 and later.
91 /* .IP "\fB-c \fIconfig_dir\fR"
92 /*        Read the \fBmain.cf\fR configuration file in the named directory
93 /*        instead of the default configuration directory.
94 /* .IP "\fB-d \fIkey\fR"
95 /*        Search the specified maps for \fIkey\fR and remove one entry per map.
96 /*        The exit status is zero when the requested information was found.
97 /*
98 /*        If a key value of \fB-\fR is specified, the program reads key
99 /*        values from the standard input stream. The exit status is zero
100 /*        when at least one of the requested keys was found.
101 /* .IP \fB-f\fR
102 /*        Do not fold the lookup key to lower case while creating or querying
103 /*        a table.
104 /*
105 /*        With Postfix version 2.3 and later, this option has no
106 /*        effect for regular expression tables. There, case folding
107 /*        is controlled by appending a flag to a pattern.
108 /* .IP \fB-F\fR
109 /*        When querying a map, or listing a map, base64-decode each
110 /*        value. When creating a map from source file, process each
111 /*        value as a list of filenames, concatenate the content of
112 /*        those files, and store the base64-encoded result instead
113 /*        of the value (see INPUT FILE FORMAT for details).
114 /* .sp
115 /*        This feature is available in Postfix version 3.4 and later.
116 /* .IP \fB-h\fR
117 /*        Enable message header query mode. When reading lookup keys
118 /*        from standard input with "\fB-q -\fR", process the input
119 /*        as if it is an email message in RFC 5322 format.  Each
120 /*        logical header line becomes one lookup key. A multi-line
121 /*        header becomes one lookup key with one or more embedded
122 /*        newline characters.
123 /* .sp
124 /*        By default, the \fB-h\fR option generates lookup keys until
125 /*        the first non-header line is reached.
126 /*        To simulate \fBheader_checks\fR(5) processing, enable MIME
127 /*        parsing with \fB-m\fR. With this, the \fB-h\fR option also
128 /*        generates header-style lookup keys for attachment MIME
129 /*        headers and for attached message/* headers.
130 /* .sp
131 /*        NOTE: with "smtputf8_enable = yes", the \fB-b\fR option
132 /*        option disables UTF-8 syntax checks on query keys and
133 /*        lookup results. Specify the \fB-U\fR option to force UTF-8
134 /*        syntax checks anyway.
135 /* .sp
136 /*        This feature is available in Postfix version 2.6 and later.
137 /* .IP \fB-i\fR
138 /*        Incremental mode. Read entries from standard input and do not
139 /*        truncate an existing database. By default, \fBpostmap\fR(1) creates
140 /*        a new database from the entries in \fBfile_name\fR.
141 /* .IP \fB-m\fR
142 /*        Enable MIME parsing with "\fB-b\fR" and "\fB-h\fR".
143 /* .sp
144 /*        This feature is available in Postfix version 2.6 and later.
145 /* .IP \fB-N\fR
146 /*        Include the terminating null character that terminates lookup keys
147 /*        and values. By default, \fBpostmap\fR(1) does whatever is
148 /*        the default for
149 /*        the host operating system.
150 /* .IP \fB-n\fR
151 /*        Don't include the terminating null character that terminates lookup
152 /*        keys and values. By default, \fBpostmap\fR(1) does whatever
153 /*        is the default for
154 /*        the host operating system.
155 /* .IP \fB-o\fR
156 /*        Do not release root privileges when processing a non-root
157 /*        input file. By default, \fBpostmap\fR(1) drops root privileges
158 /*        and runs as the source file owner instead.
159 /* .IP \fB-p\fR
160 /*        Do not inherit the file access permissions from the input file
161 /*        when creating a new file.  Instead, create a new file with default
162 /*        access permissions (mode 0644).
163 /* .IP "\fB-q \fIkey\fR"
164 /*        Search the specified maps for \fIkey\fR and write the first value
165 /*        found to the standard output stream. The exit status is zero
166 /*        when the requested information was found.
167 /*
168 /*        Note: this performs a single query with the key as specified,
169 /*        and does not make iterative queries with substrings of the
170 /*        key as described for access(5), canonical(5), transport(5),
171 /*        virtual(5) and other Postfix table-driven features.
172 /*
173 /*        If a key value of \fB-\fR is specified, the program reads key
174 /*        values from the standard input stream and writes one line of
175 /*        \fIkey value\fR output for each key that was found. The exit
176 /*        status is zero when at least one of the requested keys was found.
177 /* .IP \fB-r\fR
178 /*        When updating a table, do not complain about attempts to update
179 /*        existing entries, and make those updates anyway.
180 /* .IP \fB-s\fR
181 /*        Retrieve all database elements, and write one line of
182 /*        \fIkey value\fR output for each element. The elements are
183 /*        printed in database order, which is not necessarily the same
184 /*        as the original input order.
185 /* .sp
186 /*        This feature is available in Postfix version 2.2 and later,
187 /*        and is not available for all database types.
188 /* .IP \fB-u\fR
189 /*        Disable UTF-8 support. UTF-8 support is enabled by default
190 /*        when "smtputf8_enable = yes". It requires that keys and
191 /*        values are valid UTF-8 strings.
192 /* .IP \fB-U\fR
193 /*        With "smtputf8_enable = yes", force UTF-8 syntax checks
194 /*        with the \fB-b\fR and \fB-h\fR options.
195 /* .IP \fB-v\fR
196 /*        Enable verbose logging for debugging purposes. Multiple \fB-v\fR
197 /*        options make the software increasingly verbose.
198 /* .IP \fB-w\fR
199 /*        When updating a table, do not complain about attempts to update
200 /*        existing entries, and ignore those attempts.
201 /* .PP
202 /*        Arguments:
203 /* .IP \fIfile_type\fR
204 /*        The database type. To find out what types are supported, use
205 /*        the "\fBpostconf -m\fR" command.
206 /*
207 /*        The \fBpostmap\fR(1) command can query any supported file type,
208 /*        but it can create only the following file types:
209 /* .RS
210 /* .IP \fBbtree\fR
211 /*        The output file is a btree file, named \fIfile_name\fB.db\fR.
212 /*        This is available on systems with support for \fBdb\fR databases.
213 /* .IP \fBcdb\fR
214 /*        The output consists of one file, named \fIfile_name\fB.cdb\fR.
215 /*        This is available on systems with support for \fBcdb\fR databases.
216 /* .IP \fBdbm\fR
217 /*        The output consists of two files, named \fIfile_name\fB.pag\fR and
218 /*        \fIfile_name\fB.dir\fR.
219 /*        This is available on systems with support for \fBdbm\fR databases.
220 /* .IP \fBfail\fR
221 /*        A table that reliably fails all requests. The lookup table
222 /*        name is used for logging only. This table exists to simplify
223 /*        Postfix error tests.
224 /* .IP \fBhash\fR
225 /*        The output file is a hashed file, named \fIfile_name\fB.db\fR.
226 /*        This is available on systems with support for \fBdb\fR databases.
227 /* .IP \fBlmdb\fR
228 /*        The output is a btree-based file, named \fIfile_name\fB.lmdb\fR.
229 /*        \fBlmdb\fR supports concurrent writes and reads from different
230 /*        processes, unlike other supported file-based tables.
231 /*        This is available on systems with support for \fBlmdb\fR databases.
232 /* .IP \fBsdbm\fR
233 /*        The output consists of two files, named \fIfile_name\fB.pag\fR and
234 /*        \fIfile_name\fB.dir\fR.
235 /*        This is available on systems with support for \fBsdbm\fR databases.
236 /* .PP
237 /*        When no \fIfile_type\fR is specified, the software uses the database
238 /*        type specified via the \fBdefault_database_type\fR configuration
239 /*        parameter.
240 /* .RE
241 /* .IP \fIfile_name\fR
242 /*        The name of the lookup table source file when rebuilding a database.
243 /* DIAGNOSTICS
244 /*        Problems are logged to the standard error stream and to
245 /*        \fBsyslogd\fR(8) or \fBpostlogd\fR(8).
246 /*        No output means that no problems were detected. Duplicate entries are
247 /*        skipped and are flagged with a warning.
248 /*
249 /*        \fBpostmap\fR(1) terminates with zero exit status in case of success
250 /*        (including successful "\fBpostmap -q\fR" lookup) and terminates
251 /*        with non-zero exit status in case of failure.
252 /* ENVIRONMENT
253 /* .ad
254 /* .fi
255 /* .IP \fBMAIL_CONFIG\fR
256 /*        Directory with Postfix configuration files.
257 /* .IP \fBMAIL_VERBOSE\fR
258 /*        Enable verbose logging for debugging purposes.
259 /* CONFIGURATION PARAMETERS
260 /* .ad
261 /* .fi
262 /*        The following \fBmain.cf\fR parameters are especially relevant to
263 /*        this program.
264 /*        The text below provides only a parameter summary. See
265 /*        \fBpostconf\fR(5) for more details including examples.
266 /* .IP "\fBberkeley_db_create_buffer_size (16777216)\fR"
267 /*        The per-table I/O buffer size for programs that create Berkeley DB
268 /*        hash or btree tables.
269 /* .IP "\fBberkeley_db_read_buffer_size (131072)\fR"
270 /*        The per-table I/O buffer size for programs that read Berkeley DB
271 /*        hash or btree tables.
272 /* .IP "\fBconfig_directory (see 'postconf -d' output)\fR"
273 /*        The default location of the Postfix main.cf and master.cf
274 /*        configuration files.
275 /* .IP "\fBdefault_database_type (see 'postconf -d' output)\fR"
276 /*        The default database type for use in \fBnewaliases\fR(1), \fBpostalias\fR(1)
277 /*        and \fBpostmap\fR(1) commands.
278 /* .IP "\fBimport_environment (see 'postconf -d' output)\fR"
279 /*        The list of environment variables that a privileged Postfix
280 /*        process will import from a non-Postfix parent process, or name=value
281 /*        environment overrides.
282 /* .IP "\fBsmtputf8_enable (yes)\fR"
283 /*        Enable preliminary SMTPUTF8 support for the protocols described
284 /*        in RFC 6531, RFC 6532, and RFC 6533.
285 /* .IP "\fBsyslog_facility (mail)\fR"
286 /*        The syslog facility of Postfix logging.
287 /* .IP "\fBsyslog_name (see 'postconf -d' output)\fR"
288 /*        A prefix that is prepended to the process name in syslog
289 /*        records, so that, for example, "smtpd" becomes "prefix/smtpd".
290 /* .PP
291 /*        Available in Postfix 2.11 and later:
292 /* .IP "\fBlmdb_map_size (16777216)\fR"
293 /*        The initial OpenLDAP LMDB database size limit in bytes.
294 /* SEE ALSO
295 /*        postalias(1), create/update/query alias database
296 /*        postconf(1), supported database types
297 /*        postconf(5), configuration parameters
298 /*        postlogd(8), Postfix logging
299 /*        syslogd(8), system logging
300 /* README FILES
301 /* .ad
302 /* .fi
303 /*        Use "\fBpostconf readme_directory\fR" or
304 /*        "\fBpostconf html_directory\fR" to locate this information.
305 /* .na
306 /* .nf
307 /*        DATABASE_README, Postfix lookup table overview
308 /* LICENSE
309 /* .ad
310 /* .fi
311 /*        The Secure Mailer license must be distributed with this software.
312 /* AUTHOR(S)
313 /*        Wietse Venema
314 /*        IBM T.J. Watson Research
315 /*        P.O. Box 704
316 /*        Yorktown Heights, NY 10598, USA
317 /*
318 /*        Wietse Venema
319 /*        Google, Inc.
320 /*        111 8th Avenue
321 /*        New York, NY 10011, USA
322 /*--*/
323 
324 /* System library. */
325 
326 #include <sys_defs.h>
327 #include <sys/stat.h>
328 #include <stdlib.h>
329 #include <unistd.h>
330 #include <fcntl.h>
331 #include <ctype.h>
332 #include <string.h>
333 
334 /* Utility library. */
335 
336 #include <msg.h>
337 #include <mymalloc.h>
338 #include <vstring.h>
339 #include <vstream.h>
340 #include <msg_vstream.h>
341 #include <readlline.h>
342 #include <stringops.h>
343 #include <split_at.h>
344 #include <vstring_vstream.h>
345 #include <set_eugid.h>
346 #include <warn_stat.h>
347 #include <clean_env.h>
348 #include <dict_db.h>
349 
350 /* Global library. */
351 
352 #include <mail_conf.h>
353 #include <mail_dict.h>
354 #include <mail_params.h>
355 #include <mail_version.h>
356 #include <mail_task.h>
357 #include <dict_proxy.h>
358 #include <mime_state.h>
359 #include <rec_type.h>
360 #include <mail_parm_split.h>
361 #include <maillog_client.h>
362 
363 /* Application-specific. */
364 
365 #define STR         vstring_str
366 #define LEN         VSTRING_LEN
367 
368 #define POSTMAP_FLAG_AS_OWNER (1<<0)    /* open dest as owner of source */
369 #define POSTMAP_FLAG_SAVE_PERM          (1<<1)    /* copy access permission from source */
370 #define POSTMAP_FLAG_HEADER_KEY         (1<<2)    /* apply to header text */
371 #define POSTMAP_FLAG_BODY_KEY (1<<3)    /* apply to body text */
372 #define POSTMAP_FLAG_MIME_KEY (1<<4)    /* enable MIME parsing */
373 
374 #define POSTMAP_FLAG_HB_KEY (POSTMAP_FLAG_HEADER_KEY | POSTMAP_FLAG_BODY_KEY)
375 #define POSTMAP_FLAG_FULL_KEY (POSTMAP_FLAG_BODY_KEY | POSTMAP_FLAG_MIME_KEY)
376 #define POSTMAP_FLAG_ANY_KEY (POSTMAP_FLAG_HB_KEY | POSTMAP_FLAG_MIME_KEY)
377 
378  /*
379   * MIME Engine call-back state for generating lookup keys from an email
380   * message read from standard input.
381   */
382 typedef struct {
383     DICT  **dicts;                      /* map handles */
384     char  **maps;                       /* map names */
385     int     map_count;                            /* yes, indeed */
386     int     dict_flags;                           /* query flags */
387     int     header_done;                /* past primary header */
388     int     found;                      /* result */
389 } POSTMAP_KEY_STATE;
390 
391 /* postmap - create or update mapping database */
392 
postmap(char * map_type,char * path_name,int postmap_flags,int open_flags,int dict_flags)393 static void postmap(char *map_type, char *path_name, int postmap_flags,
394                                 int open_flags, int dict_flags)
395 {
396     VSTREAM *NOCLOBBER source_fp;
397     VSTRING *line_buffer;
398     MKMAP  *mkmap;
399     int     lineno;
400     int     last_line;
401     char   *key;
402     char   *value;
403     struct stat st;
404     mode_t  saved_mask;
405 
406     /*
407      * Initialize.
408      */
409     line_buffer = vstring_alloc(100);
410     if ((open_flags & O_TRUNC) == 0) {
411           /* Incremental mode. */
412           source_fp = VSTREAM_IN;
413           vstream_control(source_fp, CA_VSTREAM_CTL_PATH("stdin"), CA_VSTREAM_CTL_END);
414     } else {
415           /* Create database. */
416           if (strcmp(map_type, DICT_TYPE_PROXY) == 0)
417               msg_fatal("can't create maps via the proxy service");
418           dict_flags |= DICT_FLAG_BULK_UPDATE;
419           if ((source_fp = vstream_fopen(path_name, O_RDONLY, 0)) == 0)
420               msg_fatal("open %s: %m", path_name);
421     }
422     if (fstat(vstream_fileno(source_fp), &st) < 0)
423           msg_fatal("fstat %s: %m", path_name);
424 
425     /*
426      * Turn off group/other read permissions as indicated in the source file.
427      */
428     if ((postmap_flags & POSTMAP_FLAG_SAVE_PERM) && S_ISREG(st.st_mode))
429           saved_mask = umask(022 | (~st.st_mode & 077));
430 
431     /*
432      * If running as root, run as the owner of the source file, so that the
433      * result shows proper ownership, and so that a bug in postmap does not
434      * allow privilege escalation.
435      */
436     if ((postmap_flags & POSTMAP_FLAG_AS_OWNER) && getuid() == 0
437           && (st.st_uid != geteuid() || st.st_gid != getegid()))
438           set_eugid(st.st_uid, st.st_gid);
439 
440     /*
441      * Override the default per-table cache size for DB map (re)builds. We
442      * can't do this in the mkmap* functions because those don't have access
443      * to Postfix parameter settings.
444      *
445      * db_cache_size" is defined in util/dict_open.c and defaults to 128kB,
446      * which works well for the lookup code.
447      *
448      * We use a larger per-table cache when building ".db" files. For "hash"
449      * files performance degrades rapidly unless the memory pool is O(file
450      * size).
451      *
452      * For "btree" files performance is good with sorted input even for small
453      * memory pools, but with random input degrades rapidly unless the memory
454      * pool is O(file size).
455      */
456     dict_db_cache_size = var_db_create_buf;
457 
458     /*
459      * Open the database, optionally create it when it does not exist,
460      * optionally truncate it when it does exist, and lock out any
461      * spectators.
462      */
463     mkmap = mkmap_open(map_type, path_name, open_flags, dict_flags);
464 
465     /*
466      * And restore the umask, in case it matters.
467      */
468     if ((postmap_flags & POSTMAP_FLAG_SAVE_PERM) && S_ISREG(st.st_mode))
469           umask(saved_mask);
470 
471     /*
472      * Trap "exceptions" so that we can restart a bulk-mode update after a
473      * recoverable error.
474      */
475     for (;;) {
476           if (dict_isjmp(mkmap->dict) != 0
477               && dict_setjmp(mkmap->dict) != 0
478               && vstream_fseek(source_fp, SEEK_SET, 0) < 0)
479               msg_fatal("seek %s: %m", VSTREAM_PATH(source_fp));
480 
481           /*
482            * Add records to the database. XXX This duplicates the parser in
483            * dict_thash.c.
484            */
485           last_line = 0;
486           while (readllines(line_buffer, source_fp, &last_line, &lineno)) {
487               int     in_quotes = 0;
488 
489               /*
490                * First some UTF-8 checks sans casefolding.
491                */
492               if ((mkmap->dict->flags & DICT_FLAG_UTF8_ACTIVE)
493                     && !allascii(STR(line_buffer))
494                     && !valid_utf8_stringz(STR(line_buffer))) {
495                     msg_warn("%s, line %d: non-UTF-8 input \"%s\""
496                                " -- ignoring this line",
497                                VSTREAM_PATH(source_fp), lineno, STR(line_buffer));
498                     continue;
499               }
500 
501               /*
502                * Terminate the key on the first unquoted whitespace character,
503                * then trim leading and trailing whitespace from the value.
504                */
505               for (value = STR(line_buffer); *value; value++) {
506                     if (*value == '\\') {
507                         if (*++value == 0)
508                               break;
509                     } else if (ISSPACE(*value)) {
510                         if (!in_quotes)
511                               break;
512                     } else if (*value == '"') {
513                         in_quotes = !in_quotes;
514                     }
515               }
516               if (in_quotes) {
517                     msg_warn("%s, line %d: unbalanced '\"' in '%s'"
518                                " -- ignoring this line",
519                                VSTREAM_PATH(source_fp), lineno, STR(line_buffer));
520                     continue;
521               }
522               if (*value)
523                     *value++ = 0;
524               while (ISSPACE(*value))
525                     value++;
526               trimblanks(value, 0)[0] = 0;
527 
528               /*
529                * Leave the key in quoted form, because 1) postmap cannot assume
530                * that a string without @ contains an email address localpart,
531                * and 2) an address localpart may require quoting even when the
532                * quoted form contains no backslash or ".
533                */
534               key = STR(line_buffer);
535 
536               /*
537                * Enforce the "key whitespace value" format. Disallow missing
538                * keys or missing values.
539                */
540               if (*key == 0 || *value == 0) {
541                     msg_warn("%s, line %d: expected format: key whitespace value",
542                                VSTREAM_PATH(source_fp), lineno);
543                     continue;
544               }
545               if (key[strlen(key) - 1] == ':')
546                     msg_warn("%s, line %d: record is in \"key: value\" format; is this an alias file?",
547                                VSTREAM_PATH(source_fp), lineno);
548 
549               /*
550                * Optionally treat the vale as a filename, and replace the value
551                * with the BASE64-encoded content of the named file.
552                */
553               if (dict_flags & DICT_FLAG_SRC_RHS_IS_FILE) {
554                     VSTRING *base64_buf;
555                     char   *err;
556 
557                     if ((base64_buf = dict_file_to_b64(mkmap->dict, value)) == 0) {
558                         err = dict_file_get_error(mkmap->dict);
559                         msg_warn("%s, line %d: %s: skipping this entry",
560                                    VSTREAM_PATH(source_fp), lineno, err);
561                         myfree(err);
562                         continue;
563                     }
564                     value = vstring_str(base64_buf);
565               }
566 
567               /*
568                * Store the value under a (possibly case-insensitive) key, as
569                * specified with open_flags.
570                */
571               mkmap_append(mkmap, key, value);
572               if (mkmap->dict->error)
573                     msg_fatal("table %s:%s: write error: %m",
574                                 mkmap->dict->type, mkmap->dict->name);
575           }
576           break;
577     }
578 
579     /*
580      * Close the mapping database, and release the lock.
581      */
582     mkmap_close(mkmap);
583 
584     /*
585      * Cleanup. We're about to terminate, but it is a good sanity check.
586      */
587     vstring_free(line_buffer);
588     if (source_fp != VSTREAM_IN)
589           vstream_fclose(source_fp);
590 }
591 
592 /* postmap_body - MIME engine body call-back routine */
593 
postmap_body(void * ptr,int unused_rec_type,const char * keybuf,ssize_t unused_len,off_t unused_offset)594 static void postmap_body(void *ptr, int unused_rec_type,
595                                        const char *keybuf,
596                                        ssize_t unused_len,
597                                        off_t unused_offset)
598 {
599     POSTMAP_KEY_STATE *state = (POSTMAP_KEY_STATE *) ptr;
600     DICT  **dicts = state->dicts;
601     char  **maps = state->maps;
602     int     map_count = state->map_count;
603     int     dict_flags = state->dict_flags;
604     const char *map_name;
605     const char *value;
606     int     n;
607 
608     for (n = 0; n < map_count; n++) {
609           if (dicts[n] == 0)
610               dicts[n] = ((map_name = split_at(maps[n], ':')) != 0 ?
611                               dict_open3(maps[n], map_name, O_RDONLY, dict_flags) :
612                         dict_open3(var_db_type, maps[n], O_RDONLY, dict_flags));
613           if ((value = dict_get(dicts[n], keybuf)) != 0) {
614               if (*value == 0) {
615                     msg_warn("table %s:%s: key %s: empty string result is not allowed",
616                                dicts[n]->type, dicts[n]->name, keybuf);
617                     msg_warn("table %s:%s should return NO RESULT in case of NOT FOUND",
618                                dicts[n]->type, dicts[n]->name);
619               }
620               vstream_printf("%s        %s\n", keybuf, value);
621               state->found = 1;
622               break;
623           }
624           if (dicts[n]->error)
625               msg_fatal("table %s:%s: query error: %m",
626                           dicts[n]->type, dicts[n]->name);
627     }
628 }
629 
630 /* postmap_header - MIME engine header call-back routine */
631 
postmap_header(void * ptr,int unused_header_class,const HEADER_OPTS * unused_header_info,VSTRING * header_buf,off_t offset)632 static void postmap_header(void *ptr, int unused_header_class,
633                                          const HEADER_OPTS *unused_header_info,
634                                          VSTRING *header_buf,
635                                          off_t offset)
636 {
637 
638     /*
639      * Don't re-invent an already working wheel.
640      */
641     postmap_body(ptr, 0, STR(header_buf), LEN(header_buf), offset);
642 }
643 
644 /* postmap_head_end - MIME engine end-of-header call-back routine */
645 
postmap_head_end(void * ptr)646 static void postmap_head_end(void *ptr)
647 {
648     POSTMAP_KEY_STATE *state = (POSTMAP_KEY_STATE *) ptr;
649 
650     /*
651      * Don't process the message body when we only examine primary headers.
652      */
653     state->header_done = 1;
654 }
655 
656 /* postmap_queries - apply multiple requests from stdin */
657 
postmap_queries(VSTREAM * in,char ** maps,const int map_count,const int postmap_flags,const int dict_flags)658 static int postmap_queries(VSTREAM *in, char **maps, const int map_count,
659                                          const int postmap_flags,
660                                          const int dict_flags)
661 {
662     int     found = 0;
663     VSTRING *keybuf = vstring_alloc(100);
664     DICT  **dicts;
665     const char *map_name;
666     const char *value;
667     int     n;
668 
669     /*
670      * Sanity check.
671      */
672     if (map_count <= 0)
673           msg_panic("postmap_queries: bad map count");
674 
675     /*
676      * Prepare to open maps lazily.
677      */
678     dicts = (DICT **) mymalloc(sizeof(*dicts) * map_count);
679     for (n = 0; n < map_count; n++)
680           dicts[n] = 0;
681 
682     /*
683      * Perform all queries. Open maps on the fly, to avoid opening
684      * unnecessary maps.
685      */
686     if ((postmap_flags & POSTMAP_FLAG_HB_KEY) == 0) {
687           while (vstring_get_nonl(keybuf, in) != VSTREAM_EOF) {
688               for (n = 0; n < map_count; n++) {
689                     if (dicts[n] == 0)
690                         dicts[n] = ((map_name = split_at(maps[n], ':')) != 0 ?
691                            dict_open3(maps[n], map_name, O_RDONLY, dict_flags) :
692                         dict_open3(var_db_type, maps[n], O_RDONLY, dict_flags));
693                     value = ((dict_flags & DICT_FLAG_SRC_RHS_IS_FILE) ?
694                                dict_file_lookup : dicts[n]->lookup)
695                         (dicts[n], STR(keybuf));
696                     if (value != 0) {
697                         if (*value == 0) {
698                               msg_warn("table %s:%s: key %s: empty string result is not allowed",
699                                      dicts[n]->type, dicts[n]->name, STR(keybuf));
700                               msg_warn("table %s:%s should return NO RESULT in case of NOT FOUND",
701                                          dicts[n]->type, dicts[n]->name);
702                         }
703                         vstream_printf("%s        %s\n", STR(keybuf), value);
704                         found = 1;
705                         break;
706                     }
707                     switch (dicts[n]->error) {
708                     case 0:
709                         break;
710                     case DICT_ERR_CONFIG:
711                         msg_fatal("table %s:%s: query error",
712                                     dicts[n]->type, dicts[n]->name);
713                     default:
714                         msg_fatal("table %s:%s: query error: %m",
715                                     dicts[n]->type, dicts[n]->name);
716                     }
717               }
718           }
719     } else {
720           POSTMAP_KEY_STATE key_state;
721           MIME_STATE *mime_state;
722           int     mime_errs = 0;
723 
724           /*
725            * Bundle up the request and instantiate a MIME parsing engine.
726            */
727           key_state.dicts = dicts;
728           key_state.maps = maps;
729           key_state.map_count = map_count;
730           key_state.dict_flags = dict_flags;
731           key_state.header_done = 0;
732           key_state.found = 0;
733           mime_state =
734               mime_state_alloc((postmap_flags & POSTMAP_FLAG_MIME_KEY) ?
735                                    0 : MIME_OPT_DISABLE_MIME,
736                                    (postmap_flags & POSTMAP_FLAG_HEADER_KEY) ?
737                                    postmap_header : (MIME_STATE_HEAD_OUT) 0,
738                                    (postmap_flags & POSTMAP_FLAG_FULL_KEY) ?
739                                    (MIME_STATE_ANY_END) 0 : postmap_head_end,
740                                    (postmap_flags & POSTMAP_FLAG_BODY_KEY) ?
741                                    postmap_body : (MIME_STATE_BODY_OUT) 0,
742                                    (MIME_STATE_ANY_END) 0,
743                                    (MIME_STATE_ERR_PRINT) 0,
744                                    (void *) &key_state);
745 
746           /*
747            * Process the input message.
748            */
749           while (vstring_get_nonl(keybuf, in) != VSTREAM_EOF
750                  && key_state.header_done == 0 && mime_errs == 0)
751               mime_errs = mime_state_update(mime_state, REC_TYPE_NORM,
752                                                     STR(keybuf), LEN(keybuf));
753 
754           /*
755            * Flush the MIME engine output buffer and tidy up loose ends.
756            */
757           if (mime_errs == 0)
758               mime_errs = mime_state_update(mime_state, REC_TYPE_END, "", 0);
759           if (mime_errs)
760               msg_fatal("message format error: %s",
761                           mime_state_detail(mime_errs)->text);
762           mime_state_free(mime_state);
763           found = key_state.found;
764     }
765 
766     if (found)
767           vstream_fflush(VSTREAM_OUT);
768 
769     /*
770      * Cleanup.
771      */
772     for (n = 0; n < map_count; n++)
773           if (dicts[n])
774               dict_close(dicts[n]);
775     myfree((void *) dicts);
776     vstring_free(keybuf);
777 
778     return (found);
779 }
780 
781 /* postmap_query - query a map and print the result to stdout */
782 
postmap_query(const char * map_type,const char * map_name,const char * key,int dict_flags)783 static int postmap_query(const char *map_type, const char *map_name,
784                                        const char *key, int dict_flags)
785 {
786     DICT   *dict;
787     const char *value;
788 
789     dict = dict_open3(map_type, map_name, O_RDONLY, dict_flags);
790     value = ((dict_flags & DICT_FLAG_SRC_RHS_IS_FILE) ?
791                dict_file_lookup : dict->lookup) (dict, key);
792     if (value != 0) {
793           if (*value == 0) {
794               msg_warn("table %s:%s: key %s: empty string result is not allowed",
795                          map_type, map_name, key);
796               msg_warn("table %s:%s should return NO RESULT in case of NOT FOUND",
797                          map_type, map_name);
798           }
799           vstream_printf("%s\n", value);
800     }
801     switch (dict->error) {
802     case 0:
803           break;
804     case DICT_ERR_CONFIG:
805           msg_fatal("table %s:%s: query error",
806                       dict->type, dict->name);
807     default:
808           msg_fatal("table %s:%s: query error: %m",
809                       dict->type, dict->name);
810     }
811     vstream_fflush(VSTREAM_OUT);
812     dict_close(dict);
813     return (value != 0);
814 }
815 
816 /* postmap_deletes - apply multiple requests from stdin */
817 
postmap_deletes(VSTREAM * in,char ** maps,const int map_count,int dict_flags)818 static int postmap_deletes(VSTREAM *in, char **maps, const int map_count,
819                                          int dict_flags)
820 {
821     int     found = 0;
822     VSTRING *keybuf = vstring_alloc(100);
823     DICT  **dicts;
824     const char *map_name;
825     int     n;
826     int     open_flags;
827 
828     /*
829      * Sanity check.
830      */
831     if (map_count <= 0)
832           msg_panic("postmap_deletes: bad map count");
833 
834     /*
835      * Open maps ahead of time.
836      */
837     dicts = (DICT **) mymalloc(sizeof(*dicts) * map_count);
838     for (n = 0; n < map_count; n++) {
839           map_name = split_at(maps[n], ':');
840           if (map_name && strcmp(maps[n], DICT_TYPE_PROXY) == 0)
841               open_flags = O_RDWR | O_CREAT;      /* XXX */
842           else
843               open_flags = O_RDWR;
844           dicts[n] = (map_name != 0 ?
845                         dict_open3(maps[n], map_name, open_flags, dict_flags) :
846                       dict_open3(var_db_type, maps[n], open_flags, dict_flags));
847     }
848 
849     /*
850      * Perform all requests.
851      */
852     while (vstring_get_nonl(keybuf, in) != VSTREAM_EOF) {
853           for (n = 0; n < map_count; n++) {
854               found |= (dict_del(dicts[n], STR(keybuf)) == 0);
855               if (dicts[n]->error)
856                     msg_fatal("table %s:%s: delete error: %m",
857                                 dicts[n]->type, dicts[n]->name);
858           }
859     }
860 
861     /*
862      * Cleanup.
863      */
864     for (n = 0; n < map_count; n++)
865           if (dicts[n])
866               dict_close(dicts[n]);
867     myfree((void *) dicts);
868     vstring_free(keybuf);
869 
870     return (found);
871 }
872 
873 /* postmap_delete - delete a (key, value) pair from a map */
874 
postmap_delete(const char * map_type,const char * map_name,const char * key,int dict_flags)875 static int postmap_delete(const char *map_type, const char *map_name,
876                                         const char *key, int dict_flags)
877 {
878     DICT   *dict;
879     int     status;
880     int     open_flags;
881 
882     if (strcmp(map_type, DICT_TYPE_PROXY) == 0)
883           open_flags = O_RDWR | O_CREAT;                    /* XXX */
884     else
885           open_flags = O_RDWR;
886     dict = dict_open3(map_type, map_name, open_flags, dict_flags);
887     status = dict_del(dict, key);
888     if (dict->error)
889           msg_fatal("table %s:%s: delete error: %m", dict->type, dict->name);
890     dict_close(dict);
891     return (status == 0);
892 }
893 
894 /* postmap_seq - print all map entries to stdout */
895 
postmap_seq(const char * map_type,const char * map_name,int dict_flags)896 static void postmap_seq(const char *map_type, const char *map_name,
897                                       int dict_flags)
898 {
899     DICT   *dict;
900     const char *key;
901     const char *value;
902     int     func;
903 
904     if (strcmp(map_type, DICT_TYPE_PROXY) == 0)
905           msg_fatal("can't sequence maps via the proxy service");
906     dict = dict_open3(map_type, map_name, O_RDONLY, dict_flags);
907     for (func = DICT_SEQ_FUN_FIRST; /* void */ ; func = DICT_SEQ_FUN_NEXT) {
908           if (dict_seq(dict, func, &key, &value) != 0)
909               break;
910           if (*key == 0) {
911               msg_warn("table %s:%s: empty lookup key value is not allowed",
912                          map_type, map_name);
913           } else if (*value == 0) {
914               msg_warn("table %s:%s: key %s: empty string result is not allowed",
915                          map_type, map_name, key);
916               msg_warn("table %s:%s should return NO RESULT in case of NOT FOUND",
917                          map_type, map_name);
918           }
919           if (dict_flags & DICT_FLAG_SRC_RHS_IS_FILE) {
920               VSTRING *unb64;
921               char   *err;
922 
923               if ((unb64 = dict_file_from_b64(dict, value)) == 0) {
924                     err = dict_file_get_error(dict);
925                     msg_warn("table %s:%s: key %s: %s",
926                                dict->type, dict->name, key, err);
927                     myfree(err);
928                     /* dict->error = DICT_ERR_CONFIG; */
929                     continue;
930               }
931               value = STR(unb64);
932           }
933           vstream_printf("%s  %s\n", key, value);
934     }
935     if (dict->error)
936           msg_fatal("table %s:%s: sequence error: %m", dict->type, dict->name);
937     vstream_fflush(VSTREAM_OUT);
938     dict_close(dict);
939 }
940 
941 /* usage - explain */
942 
usage(char * myname)943 static NORETURN usage(char *myname)
944 {
945     msg_fatal("usage: %s [-bfFhimnNoprsuUvw] [-c config_dir] [-d key] [-q key] [map_type:]file...",
946                 myname);
947 }
948 
949 MAIL_VERSION_STAMP_DECLARE;
950 
main(int argc,char ** argv)951 int     main(int argc, char **argv)
952 {
953     char   *path_name;
954     int     ch;
955     int     fd;
956     char   *slash;
957     struct stat st;
958     int     postmap_flags = POSTMAP_FLAG_AS_OWNER | POSTMAP_FLAG_SAVE_PERM;
959     int     open_flags = O_RDWR | O_CREAT | O_TRUNC;
960     int     dict_flags = (DICT_FLAG_DUP_WARN | DICT_FLAG_FOLD_FIX
961                                 | DICT_FLAG_UTF8_REQUEST);
962     char   *query = 0;
963     char   *delkey = 0;
964     int     sequence = 0;
965     int     found;
966     int     force_utf8 = 0;
967     ARGV   *import_env;
968 
969     /*
970      * Fingerprint executables and core dumps.
971      */
972     MAIL_VERSION_STAMP_ALLOCATE;
973 
974     /*
975      * Be consistent with file permissions.
976      */
977     umask(022);
978 
979     /*
980      * To minimize confusion, make sure that the standard file descriptors
981      * are open before opening anything else. XXX Work around for 44BSD where
982      * fstat can return EBADF on an open file descriptor.
983      */
984     for (fd = 0; fd < 3; fd++)
985           if (fstat(fd, &st) == -1
986               && (close(fd), open("/dev/null", O_RDWR, 0)) != fd)
987               msg_fatal("open /dev/null: %m");
988 
989     /*
990      * Process environment options as early as we can. We are not set-uid,
991      * and we are supposed to be running in a controlled environment.
992      */
993     if (getenv(CONF_ENV_VERB))
994           msg_verbose = 1;
995 
996     /*
997      * Initialize. Set up logging. Read the global configuration file after
998      * parsing command-line arguments.
999      */
1000     if ((slash = strrchr(argv[0], '/')) != 0 && slash[1])
1001           argv[0] = slash + 1;
1002     msg_vstream_init(argv[0], VSTREAM_ERR);
1003     maillog_client_init(mail_task(argv[0]), MAILLOG_CLIENT_FLAG_NONE);
1004 
1005     /*
1006      * Check the Postfix library version as soon as we enable logging.
1007      */
1008     MAIL_VERSION_CHECK;
1009 
1010     /*
1011      * Parse JCL.
1012      */
1013     while ((ch = GETOPT(argc, argv, "bc:d:fFhimnNopq:rsuUvw")) > 0) {
1014           switch (ch) {
1015           default:
1016               usage(argv[0]);
1017               break;
1018           case 'N':
1019               dict_flags |= DICT_FLAG_TRY1NULL;
1020               dict_flags &= ~DICT_FLAG_TRY0NULL;
1021               break;
1022           case 'b':
1023               postmap_flags |= POSTMAP_FLAG_BODY_KEY;
1024               break;
1025           case 'c':
1026               if (setenv(CONF_ENV_PATH, optarg, 1) < 0)
1027                     msg_fatal("out of memory");
1028               break;
1029           case 'd':
1030               if (sequence || query || delkey)
1031                     msg_fatal("specify only one of -s -q or -d");
1032               delkey = optarg;
1033               break;
1034           case 'f':
1035               dict_flags &= ~DICT_FLAG_FOLD_FIX;
1036               break;
1037           case 'F':
1038               dict_flags |= DICT_FLAG_SRC_RHS_IS_FILE;
1039               break;
1040           case 'h':
1041               postmap_flags |= POSTMAP_FLAG_HEADER_KEY;
1042               break;
1043           case 'i':
1044               open_flags &= ~O_TRUNC;
1045               break;
1046           case 'm':
1047               postmap_flags |= POSTMAP_FLAG_MIME_KEY;
1048               break;
1049           case 'n':
1050               dict_flags |= DICT_FLAG_TRY0NULL;
1051               dict_flags &= ~DICT_FLAG_TRY1NULL;
1052               break;
1053           case 'o':
1054               postmap_flags &= ~POSTMAP_FLAG_AS_OWNER;
1055               break;
1056           case 'p':
1057               postmap_flags &= ~POSTMAP_FLAG_SAVE_PERM;
1058               break;
1059           case 'q':
1060               if (sequence || query || delkey)
1061                     msg_fatal("specify only one of -s -q or -d");
1062               query = optarg;
1063               break;
1064           case 'r':
1065               dict_flags &= ~(DICT_FLAG_DUP_WARN | DICT_FLAG_DUP_IGNORE);
1066               dict_flags |= DICT_FLAG_DUP_REPLACE;
1067               break;
1068           case 's':
1069               if (query || delkey)
1070                     msg_fatal("specify only one of -s or -q or -d");
1071               sequence = 1;
1072               break;
1073           case 'u':
1074               dict_flags &= ~DICT_FLAG_UTF8_REQUEST;
1075               break;
1076           case 'U':
1077               force_utf8 = 1;
1078               break;
1079           case 'v':
1080               msg_verbose++;
1081               break;
1082           case 'w':
1083               dict_flags &= ~(DICT_FLAG_DUP_WARN | DICT_FLAG_DUP_REPLACE);
1084               dict_flags |= DICT_FLAG_DUP_IGNORE;
1085               break;
1086           }
1087     }
1088     mail_conf_read();
1089     /* Enforce consistent operation of different Postfix parts. */
1090     import_env = mail_parm_split(VAR_IMPORT_ENVIRON, var_import_environ);
1091     update_env(import_env->argv);
1092     argv_free(import_env);
1093     /* Re-evaluate mail_task() after reading main.cf. */
1094     maillog_client_init(mail_task(argv[0]), MAILLOG_CLIENT_FLAG_NONE);
1095     mail_dict_init();
1096     if ((query == 0 || strcmp(query, "-") != 0)
1097           && (postmap_flags & POSTMAP_FLAG_ANY_KEY))
1098           msg_fatal("specify -b -h or -m only with \"-q -\"");
1099     if ((postmap_flags & POSTMAP_FLAG_ANY_KEY) != 0
1100           && (postmap_flags & POSTMAP_FLAG_ANY_KEY)
1101           == (postmap_flags & POSTMAP_FLAG_MIME_KEY))
1102           msg_warn("ignoring -m option without -b or -h");
1103     if ((postmap_flags & (POSTMAP_FLAG_ANY_KEY & ~POSTMAP_FLAG_MIME_KEY))
1104           && force_utf8 == 0)
1105           dict_flags &= ~DICT_FLAG_UTF8_MASK;
1106 
1107     /*
1108      * Use the map type specified by the user, or fall back to a default
1109      * database type.
1110      */
1111     if (delkey) {                                 /* remove entry */
1112           if (optind + 1 > argc)
1113               usage(argv[0]);
1114           if (strcmp(delkey, "-") == 0)
1115               exit(postmap_deletes(VSTREAM_IN, argv + optind, argc - optind,
1116                                          dict_flags | DICT_FLAG_LOCK) == 0);
1117           found = 0;
1118           while (optind < argc) {
1119               if ((path_name = split_at(argv[optind], ':')) != 0) {
1120                     found |= postmap_delete(argv[optind], path_name, delkey,
1121                                                   dict_flags | DICT_FLAG_LOCK);
1122               } else {
1123                     found |= postmap_delete(var_db_type, argv[optind], delkey,
1124                                                   dict_flags | DICT_FLAG_LOCK);
1125               }
1126               optind++;
1127           }
1128           exit(found ? 0 : 1);
1129     } else if (query) {                                     /* query map(s) */
1130           if (optind + 1 > argc)
1131               usage(argv[0]);
1132           if (strcmp(query, "-") == 0)
1133               exit(postmap_queries(VSTREAM_IN, argv + optind, argc - optind,
1134                                 postmap_flags, dict_flags | DICT_FLAG_LOCK) == 0);
1135           while (optind < argc) {
1136               if ((path_name = split_at(argv[optind], ':')) != 0) {
1137                     found = postmap_query(argv[optind], path_name, query,
1138                                               dict_flags | DICT_FLAG_LOCK);
1139               } else {
1140                     found = postmap_query(var_db_type, argv[optind], query,
1141                                               dict_flags | DICT_FLAG_LOCK);
1142               }
1143               if (found)
1144                     exit(0);
1145               optind++;
1146           }
1147           exit(1);
1148     } else if (sequence) {
1149           while (optind < argc) {
1150               if ((path_name = split_at(argv[optind], ':')) != 0) {
1151                     postmap_seq(argv[optind], path_name,
1152                                   dict_flags | DICT_FLAG_LOCK);
1153               } else {
1154                     postmap_seq(var_db_type, argv[optind],
1155                                   dict_flags | DICT_FLAG_LOCK);
1156               }
1157               exit(0);
1158           }
1159           exit(1);
1160     } else {                                                /* create/update map(s) */
1161           if (optind + 1 > argc)
1162               usage(argv[0]);
1163           while (optind < argc) {
1164               if ((path_name = split_at(argv[optind], ':')) != 0) {
1165                     postmap(argv[optind], path_name, postmap_flags,
1166                               open_flags, dict_flags);
1167               } else {
1168                     postmap(var_db_type, argv[optind], postmap_flags,
1169                               open_flags, dict_flags);
1170               }
1171               optind++;
1172           }
1173           exit(0);
1174     }
1175 }
1176