3 * rcfile_y.y -- Run control file parser for fetchmail
5 * For license terms, see the file COPYING in this directory.
10 #include <sys/types.h>
12 #if defined(HAVE_SYS_WAIT_H)
17 #if defined(STDC_HEADERS)
20 #if defined(HAVE_UNISTD_H)
25 #if defined(__CYGWIN__)
26 #include <sys/cygwin.h>
27 #endif /* __CYGWIN__ */
29 #include "fetchmail.h"
32 /* parser reads these */
33 char *rcfile; /* path name of rc file */
34 struct query cmd_opts; /* where to put command-line info */
36 /* parser sets these */
37 struct query *querylist; /* head of server list (globally visible) */
39 int yydebug; /* in case we didn't generate with -- debug */
41 static struct query current; /* current server record */
42 static int prc_errflag;
43 static struct hostdata *leadentry;
46 static void record_current(void);
47 static void user_reset(void);
48 static void reset_server(const char *name, int skip);
50 /* these should be of size PATH_MAX */
51 char currentwd[1024] = "", rcfiledir[1024] = "";
53 /* using Bison, this arranges that yydebug messages will show actual tokens */
55 #define YYPRINT(fp, type, val) fprintf(fp, " = \"%s\"", yytext)
64 %token DEFAULTS POLL SKIP VIA AKA LOCALDOMAINS PROTOCOL
65 %token AUTHENTICATE TIMEOUT KPOP SDPS ENVELOPE QVIRTUAL
66 %token USERNAME PASSWORD FOLDER SMTPHOST FETCHDOMAINS MDA BSMTP LMTP
67 %token SMTPADDRESS SMTPNAME SPAMRESPONSE PRECONNECT POSTCONNECT LIMIT WARNINGS
68 %token INTERFACE MONITOR PLUGIN PLUGOUT
69 %token IS HERE THERE TO MAP WILDCARD
70 %token BATCHLIMIT FETCHLIMIT FETCHSIZELIMIT FASTUIDL EXPUNGE PROPERTIES
71 %token SET LOGFILE DAEMON SYSLOG IDFILE PIDFILE INVISIBLE POSTMASTER BOUNCEMAIL
72 %token SPAMBOUNCE SOFTBOUNCE SHOWDOTS
73 %token BADHEADER ACCEPT REJECT_
74 %token RETRIEVEERROR ABORT CONTINUE MARKSEEN
75 %token <proto> PROTO AUTHTYPE
77 %token <number> NUMBER
78 %token NO KEEP FLUSH LIMITFLUSH FETCHALL REWRITE FORCECR STRIPCR PASS8BITS
79 %token DROPSTATUS DROPDELIVERED
80 %token DNS SERVICE PORT UIDL INTERVAL MIMEDECODE IDLE CHECKALIAS
81 %token SSL SSLKEY SSLCERT SSLPROTO SSLCERTCK SSLCERTFILE SSLCERTPATH SSLCOMMONNAME SSLFINGERPRINT
82 %token PRINCIPAL ESMTPNAME ESMTPPASSWORD
87 %destructor { free ($$); } STRING
95 statement_list : statement
96 | statement_list statement
99 optmap : MAP | /* EMPTY */;
101 /* future global options should also have the form SET <name> optmap <value> */
102 statement : SET LOGFILE optmap STRING {run.logfile = prependdir ($4, rcfiledir); free($4);}
103 | SET IDFILE optmap STRING {run.idfile = prependdir ($4, rcfiledir); free($4);}
104 | SET PIDFILE optmap STRING {run.pidfile = prependdir ($4, rcfiledir); free($4);}
105 | SET DAEMON optmap NUMBER {run.poll_interval = $4;}
106 | SET POSTMASTER optmap STRING {run.postmaster = $4;}
107 | SET BOUNCEMAIL {run.bouncemail = TRUE;}
108 | SET NO BOUNCEMAIL {run.bouncemail = FALSE;}
109 | SET SPAMBOUNCE {run.spambounce = TRUE;}
110 | SET NO SPAMBOUNCE {run.spambounce = FALSE;}
111 | SET SOFTBOUNCE {run.softbounce = TRUE;}
112 | SET NO SOFTBOUNCE {run.softbounce = FALSE;}
113 | SET PROPERTIES optmap STRING {run.properties = $4;}
114 | SET SYSLOG {run.use_syslog = TRUE;}
115 | SET NO SYSLOG {run.use_syslog = FALSE;}
116 | SET INVISIBLE {run.invisible = TRUE;}
117 | SET NO INVISIBLE {run.invisible = FALSE;}
118 | SET SHOWDOTS {run.showdots = FLAG_TRUE;}
119 | SET NO SHOWDOTS {run.showdots = FLAG_FALSE;}
122 * The way the next two productions are written depends on the fact that
123 * userspecs cannot be empty. It's a kluge to deal with files that set
124 * up a load of defaults and then have poll statements following with no
125 * user options at all.
127 | define_server serverspecs {record_current();}
128 | define_server serverspecs userspecs
130 /* detect and complain about the most common user error */
131 | define_server serverspecs userspecs serv_option
132 {yyerror(GT_("server option after user options"));}
135 define_server : POLL STRING {reset_server($2, FALSE); free($2);}
136 | SKIP STRING {reset_server($2, TRUE); free($2);}
137 | DEFAULTS {reset_server("defaults", FALSE);}
140 serverspecs : /* EMPTY */
141 | serverspecs serv_option
144 alias_list : STRING {save_str(¤t.server.akalist,$1,0); free($1);}
145 | alias_list STRING {save_str(¤t.server.akalist,$2,0); free($2);}
148 domain_list : STRING {save_str(¤t.server.localdomains,$1,0); free($1);}
149 | domain_list STRING {save_str(¤t.server.localdomains,$2,0); free($2);}
152 serv_option : AKA alias_list
153 | VIA STRING {current.server.via = $2;}
154 | LOCALDOMAINS domain_list
155 | PROTOCOL PROTO {current.server.protocol = $2;}
157 current.server.protocol = P_POP3;
159 if (current.server.authenticate == A_PASSWORD)
161 current.server.authenticate = A_KERBEROS_V5;
163 current.server.authenticate = A_KERBEROS_V4;
164 #endif /* KERBEROS_V5 */
165 current.server.service = KPOP_PORT;
167 | PRINCIPAL STRING {current.server.principal = $2;}
168 | ESMTPNAME STRING {current.server.esmtp_name = $2;}
169 | ESMTPPASSWORD STRING {current.server.esmtp_password = $2;}
172 current.server.protocol = P_POP3;
173 current.server.sdps = TRUE;
175 yyerror(GT_("SDPS not enabled."));
176 #endif /* SDPS_ENABLE */
178 | UIDL {current.server.uidl = FLAG_TRUE;}
179 | NO UIDL {current.server.uidl = FLAG_FALSE;}
180 | CHECKALIAS {current.server.checkalias = FLAG_TRUE;}
181 | NO CHECKALIAS {current.server.checkalias = FLAG_FALSE;}
183 current.server.service = $2;
188 snprintf(buf, sizeof buf, "%d", port);
189 current.server.service = xstrdup(buf);
194 snprintf(buf, sizeof buf, "%d", port);
195 current.server.service = xstrdup(buf);
198 {current.server.interval = $2;}
199 | AUTHENTICATE AUTHTYPE
200 {current.server.authenticate = $2;}
202 {current.server.timeout = $2;}
203 | ENVELOPE NUMBER STRING
205 current.server.envelope = $3;
206 current.server.envskip = $2;
210 current.server.envelope = $2;
211 current.server.envskip = 0;
214 | QVIRTUAL STRING {current.server.qvirtual = $2;}
217 interface_parse($2, ¤t.server);
219 fprintf(stderr, GT_("fetchmail: interface option is only supported under Linux (without IPv6) and FreeBSD\n"));
225 current.server.monitor = $2;
227 fprintf(stderr, GT_("fetchmail: monitor option is only supported under Linux (without IPv6) and FreeBSD\n"));
231 | PLUGIN STRING { current.server.plugin = $2; }
232 | PLUGOUT STRING { current.server.plugout = $2; }
233 | DNS {current.server.dns = FLAG_TRUE;}
234 | NO DNS {current.server.dns = FLAG_FALSE;}
235 | NO ENVELOPE {current.server.envelope = STRING_DISABLED;}
236 | TRACEPOLLS {current.server.tracepolls = FLAG_TRUE;}
237 | NO TRACEPOLLS {current.server.tracepolls = FLAG_FALSE;}
238 | BADHEADER ACCEPT {current.server.badheader = BHACCEPT;}
239 | BADHEADER REJECT_ {current.server.badheader = BHREJECT;}
242 userspecs : user1opts {record_current(); user_reset();}
246 explicits : explicitdef {record_current(); user_reset();}
247 | explicits explicitdef {record_current(); user_reset();}
250 explicitdef : userdef user0opts
253 userdef : USERNAME STRING {current.remotename = $2;}
254 | USERNAME mapping_list HERE
255 | USERNAME STRING THERE {current.remotename = $2;}
258 user0opts : /* EMPTY */
259 | user0opts user_option
262 user1opts : user_option
263 | user1opts user_option
266 localnames : WILDCARD {current.wildcard = TRUE;}
267 | mapping_list {current.wildcard = FALSE;}
268 | mapping_list WILDCARD {current.wildcard = TRUE;}
271 mapping_list : mapping
272 | mapping_list mapping
275 mapping : STRING {save_str_pair(¤t.localnames, $1, NULL); free($1);}
276 | STRING MAP STRING {save_str_pair(¤t.localnames, $1, $3); free($1); free($3);}
279 folder_list : STRING {save_str(¤t.mailboxes,$1,0); free($1);}
280 | folder_list STRING {save_str(¤t.mailboxes,$2,0); free($2);}
283 smtp_list : STRING {save_str(¤t.smtphunt, $1,TRUE); free($1);}
284 | smtp_list STRING {save_str(¤t.smtphunt, $2,TRUE); free($2);}
287 fetch_list : STRING {save_str(¤t.domainlist, $1,TRUE); free($1);}
288 | fetch_list STRING {save_str(¤t.domainlist, $2,TRUE); free($2);}
294 id = save_str(¤t.antispam,STRING_DUMMY,0);
295 id->val.status.num = $1;
300 id = save_str(¤t.antispam,STRING_DUMMY,0);
301 id->val.status.num = $2;
305 user_option : TO localnames HERE
310 | IS STRING THERE {current.remotename = $2;}
311 | PASSWORD STRING {current.password = $2;}
314 | FETCHDOMAINS fetch_list
315 | SMTPADDRESS STRING {current.smtpaddress = $2;}
316 | SMTPNAME STRING {current.smtpname = $2;}
317 | SPAMRESPONSE num_list
318 | MDA STRING {current.mda = $2;}
319 | BSMTP STRING {current.bsmtp = prependdir ($2, rcfiledir); free($2);}
320 | LMTP {current.listener = LMTP_MODE;}
321 | PRECONNECT STRING {current.preconnect = $2;}
322 | POSTCONNECT STRING {current.postconnect = $2;}
324 | KEEP {current.keep = FLAG_TRUE;}
325 | FLUSH {current.flush = FLAG_TRUE;}
326 | LIMITFLUSH {current.limitflush = FLAG_TRUE;}
327 | FETCHALL {current.fetchall = FLAG_TRUE;}
328 | REWRITE {current.rewrite = FLAG_TRUE;}
329 | FORCECR {current.forcecr = FLAG_TRUE;}
330 | STRIPCR {current.stripcr = FLAG_TRUE;}
331 | PASS8BITS {current.pass8bits = FLAG_TRUE;}
332 | DROPSTATUS {current.dropstatus = FLAG_TRUE;}
333 | DROPDELIVERED {current.dropdelivered = FLAG_TRUE;}
334 | MIMEDECODE {current.mimedecode = FLAG_TRUE;}
335 | IDLE {current.idle = FLAG_TRUE;}
339 current.use_ssl = FLAG_TRUE;
341 yyerror(GT_("SSL is not enabled"));
344 | SSLKEY STRING {current.sslkey = prependdir ($2, rcfiledir); free($2);}
345 | SSLCERT STRING {current.sslcert = prependdir ($2, rcfiledir); free($2);}
346 | SSLPROTO STRING {current.sslproto = $2;}
347 | SSLCERTCK {current.sslcertck = FLAG_TRUE;}
348 | SSLCERTFILE STRING {current.sslcertfile = prependdir($2, rcfiledir); free($2);}
349 | SSLCERTPATH STRING {current.sslcertpath = prependdir($2, rcfiledir); free($2);}
350 | SSLCOMMONNAME STRING {current.sslcommonname = $2;}
351 | SSLFINGERPRINT STRING {current.sslfingerprint = $2;}
353 | NO KEEP {current.keep = FLAG_FALSE;}
354 | NO FLUSH {current.flush = FLAG_FALSE;}
355 | NO LIMITFLUSH {current.limitflush = FLAG_FALSE;}
356 | NO FETCHALL {current.fetchall = FLAG_FALSE;}
357 | NO REWRITE {current.rewrite = FLAG_FALSE;}
358 | NO FORCECR {current.forcecr = FLAG_FALSE;}
359 | NO STRIPCR {current.stripcr = FLAG_FALSE;}
360 | NO PASS8BITS {current.pass8bits = FLAG_FALSE;}
361 | NO DROPSTATUS {current.dropstatus = FLAG_FALSE;}
362 | NO DROPDELIVERED {current.dropdelivered = FLAG_FALSE;}
363 | NO MIMEDECODE {current.mimedecode = FLAG_FALSE;}
364 | NO IDLE {current.idle = FLAG_FALSE;}
366 | NO SSL {current.use_ssl = FLAG_FALSE;}
368 | LIMIT NUMBER {current.limit = NUM_VALUE_IN($2);}
369 | WARNINGS NUMBER {current.warnings = NUM_VALUE_IN($2);}
370 | FETCHLIMIT NUMBER {current.fetchlimit = NUM_VALUE_IN($2);}
371 | FETCHSIZELIMIT NUMBER {current.fetchsizelimit = NUM_VALUE_IN($2);}
372 | FASTUIDL NUMBER {current.fastuidl = NUM_VALUE_IN($2);}
373 | BATCHLIMIT NUMBER {current.batchlimit = NUM_VALUE_IN($2);}
374 | EXPUNGE NUMBER {current.expunge = NUM_VALUE_IN($2);}
375 | RETRIEVEERROR ABORT {current.retrieveerror = REABORT;}
376 | RETRIEVEERROR CONTINUE {current.retrieveerror = RECONTINUE;}
377 | RETRIEVEERROR MARKSEEN {current.retrieveerror = REMARKSEEN;}
379 | PROPERTIES STRING {current.properties = $2;}
383 /* lexer interface */
385 extern int prc_lineno;
389 static struct query *hosttail; /* where to add new elements */
391 void yyerror (const char *s)
392 /* report a syntax error */
394 report_at_line(stderr, 0, rcfile, prc_lineno, GT_("%s at %s"), s,
395 (yytext && yytext[0]) ? yytext : GT_("end of input"));
399 /** check that a configuration file is secure, returns PS_* status codes */
400 int prc_filecheck(const char *pathname,
401 const flag securecheck /** shortcuts permission, filetype and uid tests if false */)
408 /* special case useful for debugging purposes */
409 if (strcmp("/dev/null", pathname) == 0)
412 /* pass through the special name for stdin */
413 if (strcmp("-", pathname) == 0)
416 /* the run control file must have the same uid as the REAL uid of this
417 process, it must have permissions no greater than 600, and it must not
418 be a symbolic link. We check these conditions here. */
420 if (stat(pathname, &statbuf) < 0) {
424 report(stderr, "lstat: %s: %s\n", pathname, strerror(errno));
429 if (!securecheck) return PS_SUCCESS;
431 if (!S_ISREG(statbuf.st_mode))
433 fprintf(stderr, GT_("File %s must be a regular file.\n"), pathname);
439 if (cygwin_internal(CW_CHECK_NTSEC, pathname))
440 #endif /* __CYGWIN__ */
441 if (statbuf.st_mode & (S_IRGRP | S_IWGRP | S_IROTH | S_IWOTH | S_IXOTH))
443 fprintf(stderr, GT_("File %s must have no more than -rwx------ (0700) permissions.\n"),
447 #endif /* __BEOS__ */
450 if (statbuf.st_uid != geteuid())
452 if (statbuf.st_uid != getuid())
453 #endif /* HAVE_GETEUID */
455 fprintf(stderr, GT_("File %s must be owned by you.\n"), pathname);
462 int prc_parse_file (const char *pathname, const flag securecheck)
463 /* digest the configuration into a linked list of host records */
466 querylist = hosttail = (struct query *)NULL;
470 /* Check that the file is secure */
471 if ( (prc_errflag = prc_filecheck(pathname, securecheck)) != 0 )
475 * Croak if the configuration directory does not exist.
476 * This probably means an NFS mount failed and we can't
477 * see a configuration file that ought to be there.
478 * Question: is this a portable check? It's not clear
479 * that all implementations of lstat() will return ENOTDIR
480 * rather than plain ENOENT in this case...
482 if (errno == ENOTDIR)
484 else if (errno == ENOENT)
487 /* Open the configuration file and feed it to the lexer. */
488 if (strcmp(pathname, "-") == 0)
490 else if ((yyin = fopen(pathname,"r")) == (FILE *)NULL) {
491 report(stderr, "open: %s: %s\n", pathname, strerror(errno));
495 yyparse(); /* parse entire file */
497 fclose(yyin); /* not checking this should be safe, file mode was r */
505 static void reset_server(const char *name, int skip)
506 /* clear the entire global record and initialize it with a new name */
509 memset(¤t,'\0',sizeof(current));
510 current.smtp_socket = -1;
511 current.server.pollname = xstrdup(name);
512 current.server.skip = skip;
513 current.server.principal = (char *)NULL;
517 static void user_reset(void)
518 /* clear the global current record (user parameters) used by the parser */
520 struct hostdata save;
523 * Purpose of this code is to initialize the new server block, but
524 * preserve whatever server name was previously set. Also
525 * preserve server options unless the command-line explicitly
528 save = current.server;
530 memset(¤t, '\0', sizeof(current));
531 current.smtp_socket = -1;
533 current.server = save;
536 /** append a host record to the host list */
537 struct query *hostalloc(struct query *init /** pointer to block containing
542 /* allocate new node */
543 node = (struct query *) xmalloc(sizeof(struct query));
547 memcpy(node, init, sizeof(struct query));
550 memset(node, '\0', sizeof(struct query));
551 node->smtp_socket = -1;
554 /* append to end of list */
555 if (hosttail != (struct query *) 0)
556 hosttail->next = node; /* list contains at least one element */
558 querylist = node; /* list is empty */
562 node->server.lead_server = leadentry;
565 node->server.lead_server = NULL;
566 leadentry = &node->server;
572 static void record_current(void)
573 /* register current parameters and append to the host list */
575 (void) hostalloc(¤t);
579 char *prependdir (const char *file, const char *dir)
580 /* if a filename is relative to dir, convert it to an absolute path */
583 if (!file[0] || /* null path */
584 file[0] == '/' || /* absolute path */
585 strcmp(file, "-") == 0 || /* stdin/stdout */
586 !dir[0]) /* we don't HAVE_GETCWD */
587 return xstrdup (file);
588 newfile = (char *)xmalloc (strlen (dir) + 1 + strlen (file) + 1);
589 if (dir[strlen(dir) - 1] != '/')
590 sprintf (newfile, "%s/%s", dir, file);
592 sprintf (newfile, "%s%s", dir, file);
596 /* rcfile_y.y ends here */