pop3d: configurable APOP file and safety criteria.

* include/mailutils/dbm.h (mu_dbm_init)
(mu_dbm_get_hint): New prototypes.
* include/mailutils/util.h (mu_stpcpy)
(mu_file_safety_compose): New prototypes.
* libmailutils/string/Makefile.am (libstring_la_SOURCES): Add stpcpy.c
* libmailutils/string/stpcpy.c: New file.
* libmu_cfg/tls.c (cb2_safety_checks): Use mu_file_safety_compose.
* libmu_dbm/create.c (mu_dbm_create): Use mu_dbm_init.
* libmu_dbm/dbm.c (_mu_dbm_init): Rename mu_dbm_init. All uses changed.
Use URL composing interface to create hints.
* maidag/maidag.c (mu_dbm_get_hint): New function.
* pop3d/pop3d.c (cb2_forward_file_checks): Use mu_file_safety_compose.
(apop_database_name, apop_database_safety)
(apop_database_safety_set): New variables.
(pop3d_cfg_param) <apop-database-file>
<apop-database-safety>: New configuration statements.
(main) [ENABLE_DBM]: Initialize dbm safety criteria.
* pop3d/apop.c (pop3d_apopuser): Use configured database name and
safety flags, if set.
* pop3d/pop3d.h [ENABLE_DBM] (APOP_PASSFILE): Add ".db" suffix.
(apop_database_name, apop_database_safety)
(apop_database_safety_set): New variables.

3 files changed, 72 insertions, 14 deletions

diff --git a/pop3d/apop.c b/pop3d/apop.c
index 7a2697f39..ac9fbd792 100644
--- a/pop3d/apop.c
+++ b/pop3d/apop.c
@@ -42,27 +42,30 @@ char *
 pop3d_apopuser (const char *user)
 {
   char *password = NULL;
+  int rc;
   
 #ifdef ENABLE_DBM
   {
     size_t len;
     mu_dbm_file_t db;
     struct mu_dbm_datum key, data;
-    int rc;
 
-    rc = mu_dbm_create (APOP_PASSFILE, &db);
+    rc = mu_dbm_create (apop_database_name, &db);
     if (rc)
       {
 	mu_diag_output (MU_DIAG_ERROR, _("unable to create APOP db"));
 	return NULL;
       }
 
+    if (apop_database_safety_set)
+      mu_dbm_safety_set_flags (db, apop_database_safety);
+    
     rc = mu_dbm_safety_check (db);
     if (rc)
       {
 	mu_diag_output (MU_DIAG_ERROR,
 			_("APOP file %s fails safety check: %s"),
-			APOP_PASSFILE, mu_strerror (rc));
+			apop_database_name, mu_strerror (rc));
 	mu_dbm_destroy (&db);
 	return NULL;
       }
@@ -115,20 +118,21 @@ pop3d_apopuser (const char *user)
     size_t ulen;
     FILE *apop_file;
 
-    /* FIXME */    
-/*     if (mu_check_perm (APOP_PASSFILE, 0600)) */
-/*       { */
-/* 	mu_diag_output (MU_DIAG_INFO, */
-/* 			_("bad permissions on APOP password file")); */
-/* 	return NULL; */
-/*     } */
-
-    apop_file = fopen (APOP_PASSFILE, "r");
+    rc = mu_file_safety_check (apop_database_name, apop_database_safety,
+			       apop_database_uid, NULL);
+    if (rc)
+      {
+	mu_diag_output (MU_DIAG_ERROR,
+			_("APOP file %s fails safety check: %s"),
+			apop_database_name, mu_strerror (rc));
+	return NULL;
+      }
+    apop_file = fopen (apop_database_name, "r");
     if (apop_file == NULL)
       {
 	mu_diag_output (MU_DIAG_INFO,
 			_("unable to open APOP password file %s: %s"),
-			APOP_PASSFILE, mu_strerror (errno));
+			apop_database_name, mu_strerror (errno));
 	return NULL;
       }
 
diff --git a/pop3d/pop3d.c b/pop3d/pop3d.c
index 5652b9da2..4a15b3831 100644
--- a/pop3d/pop3d.c
+++ b/pop3d/pop3d.c
@@ -31,6 +31,9 @@ int pop3d_transcript;
 int debug_mode;
 int tls_required;
 int pop3d_xlines;
+char *apop_database_name = APOP_PASSFILE;
+int apop_database_safety;
+int apop_database_safety_set;
 
 #ifdef WITH_TLS
 int tls_available;
@@ -77,6 +80,22 @@ cb_bulletin_source (void *data, mu_config_value_t *val)
   return 0;
 }
 
+static int
+cb2_file_safety_checks (const char *name, void *data)
+{
+  if (mu_file_safety_compose (data, name, MU_FILE_SAFETY_ALL))
+    mu_error (_("unknown keyword: %s"), name);
+  return 0;
+}
+
+static int
+cb_apop_safety_checks (void *data, mu_config_value_t *arg)
+{
+  apop_database_safety_set = 1;
+  return mu_cfg_string_value_cb (arg, cb2_file_safety_checks,
+				 &apop_database_safety);
+}
+
 #ifdef ENABLE_DBM
 static int
 cb_bulletin_db (void *data, mu_config_value_t *val)
@@ -98,6 +117,24 @@ static struct mu_cfg_param pop3d_cfg_param[] = {
     N_("Delete expired messages upon closing the mailbox.") },
   { "scan-lines", mu_cfg_bool, &pop3d_xlines, 0, NULL,
     N_("Output the number of lines in the message in its scan listing.") },
+  { "apop-database-file", mu_cfg_string, &apop_database_name, 0, NULL,
+    N_("set APOP database file name or URL") },
+  { "apop-database-safety", mu_cfg_callback, NULL, 0, cb_apop_safety_checks,
+    N_("Configure safety checks for APOP database files.  Argument is a list or "
+       "sequence of check names optionally prefixed with '+' to enable or "
+       "'-' to disable the corresponding check.  Valid check names are:\n"
+       "\n"
+       "  none          disable all checks\n"
+       "  all           enable all checks\n"
+       "  gwrfil        forbid group writable files\n"
+       "  awrfil        forbid world writable files\n"
+       "  grdfil        forbid group readable files\n"
+       "  ardfil        forbid world writable files\n"
+       "  linkwrdir     forbid symbolic links in group or world writable directories\n"
+       "  gwrdir        forbid files in group writable directories\n"
+       "  awrdir        forbid files in world writable directories\n"),
+    N_("arg: list") },  
+    
 #ifdef WITH_TLS
   { "tls-required", mu_cfg_bool, &tls_required, 0, NULL,
      N_("Always require STLS before entering authentication phase.") },
@@ -303,6 +340,16 @@ pop3d_alloc_die ()
   pop3d_abquit (ERR_NO_MEM);
 }
 
+#ifdef ENABLE_DBM
+static void
+set_dbm_safety ()
+{
+  mu_url_t hints = mu_dbm_get_hint ();
+  const char *param[] = { "+all" };
+  mu_url_add_param (hints, 1, param);
+}
+#endif
+
 int
 main (int argc, char **argv)
 {
@@ -341,6 +388,10 @@ main (int argc, char **argv)
 
   mu_log_syslog = 1;
   manlock_mandatory_locking = 1;
+
+#ifdef ENABLE_DBM
+  set_dbm_safety ();
+#endif
   
   if (mu_app_init (&argp, pop3d_argp_capa, pop3d_cfg_param, 
 		   argc, argv, 0, NULL, server))
diff --git a/pop3d/pop3d.h b/pop3d/pop3d.h
index 833eb7fd4..0696c51f3 100644
--- a/pop3d/pop3d.h
+++ b/pop3d/pop3d.h
@@ -36,7 +36,7 @@
 #define APOP_PASSFILE_NAME "apop"
 
 #ifdef ENABLE_DBM
-# define APOP_PASSFILE SYSCONFDIR "/" APOP_PASSFILE_NAME
+# define APOP_PASSFILE SYSCONFDIR "/" APOP_PASSFILE_NAME ".db"
 # define ENABLE_LOGIN_DELAY
 #else
 # define APOP_PASSFILE SYSCONFDIR "/" APOP_PASSFILE_NAME ".passwd"
@@ -197,6 +197,9 @@ extern unsigned int idle_timeout;
 extern int pop3d_transcript;
 extern size_t pop3d_output_bufsize;
 extern int pop3d_xlines;
+extern char *apop_database_name;
+extern int apop_database_safety;
+extern int apop_database_safety_set;
 
 extern pop3d_command_handler_t pop3d_find_command (const char *name);