summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--doc/doc-docbook/spec.xfpt5
-rw-r--r--src/src/readconf.c75
-rw-r--r--test/confs/09031
-rw-r--r--test/confs/0903./aaa1
-rw-r--r--test/confs/0903./bbb0
-rw-r--r--test/scripts/0000-Basic/02902
-rw-r--r--test/scripts/0000-Basic/09032
-rw-r--r--test/stdout/09037
8 files changed, 77 insertions, 16 deletions
diff --git a/doc/doc-docbook/spec.xfpt b/doc/doc-docbook/spec.xfpt
index 835893d1b..02ffec9d1 100644
--- a/doc/doc-docbook/spec.xfpt
+++ b/doc/doc-docbook/spec.xfpt
@@ -4937,6 +4937,11 @@ Include processing happens after macro processing (see below). Its effect is to
process the lines of the included file as if they occurred inline where the
inclusion appears.
+Relative names are allowed with &`.include`&, and are resolved
+relative to the directory of the including file. For security reasons
+this is not allowed with &`.include_if_exists`&. To avoid confusion, it
+is strongly recommended to use absolute names only.
+
.section "Macros in the configuration file" "SECTmacrodefs"
diff --git a/src/src/readconf.c b/src/src/readconf.c
index 858496b6b..c5bd41d47 100644
--- a/src/src/readconf.c
+++ b/src/src/readconf.c
@@ -22,12 +22,15 @@ static void readconf_options_auths(void);
#define CSTATE_STACK_SIZE 10
+const uschar *config_directory = NULL;
+
/* Structure for chain (stack) of .included files */
typedef struct config_file_item {
struct config_file_item *next;
const uschar *filename;
+ const uschar *directory;
FILE *file;
int lineno;
} config_file_item;
@@ -944,6 +947,7 @@ for (;;)
(void)fclose(config_file);
config_file = config_file_stack->file;
config_filename = config_file_stack->filename;
+ config_directory = config_file_stack->directory;
config_lineno = config_file_stack->lineno;
config_file_stack = config_file_stack->next;
if (config_lines)
@@ -1166,9 +1170,19 @@ for (;;)
}
*t = 0;
+ /* We allow relative file names. For security reasons currently
+ relative names not allowed with .include_if_exists. For .include_if_exists
+ we need to check the permissions/ownership of the containing folder */
if (*ss != '/')
- log_write(0, LOG_PANIC_DIE|LOG_CONFIG_IN, ".include specifies a non-"
- "absolute path \"%s\"", ss);
+ if (include_if_exists) log_write(0, LOG_PANIC_DIE|LOG_CONFIG_IN, ".include specifies a non-"
+ "absolute path \"%s\"", ss);
+ else
+ {
+ int offset = 0;
+ int size = 0;
+ ss = string_append(NULL, &size, &offset, 3, config_directory, "/", ss);
+ ss[offset] = '\0'; /* string_append() does not zero terminate the string! */
+ }
if (include_if_exists != 0 && (Ustat(ss, &statbuf) != 0)) continue;
@@ -1179,6 +1193,7 @@ for (;;)
config_file_stack = save;
save->file = config_file;
save->filename = config_filename;
+ save->directory = config_directory;
save->lineno = config_lineno;
if (!(config_file = Ufopen(ss, "rb")))
@@ -1186,6 +1201,7 @@ for (;;)
"configuration file %s", ss);
config_filename = string_copy(ss);
+ config_directory = string_copyn(ss, (const uschar*) strrchr(ss, '/') - ss);
config_lineno = 0;
continue;
}
@@ -3356,15 +3372,6 @@ while((filename = string_nextinlist(&list, &sep, big_buffer, big_buffer_size)))
if (config_file != NULL || errno != ENOENT) break;
}
-/* Now, once we found and opened our configuration file, we change the directory
-to a safe place. Later we change to $spool_directory. */
-
-if (Uchdir("/") < 0)
- {
- perror("exim: chdir `/': ");
- exit(EXIT_FAILURE);
- }
-
/* On success, save the name for verification; config_filename is used when
logging configuration errors (it changes for .included files) whereas
config_main_filename is the name shown by -bP. Failure to open a configuration
@@ -3372,12 +3379,41 @@ file is a serious disaster. */
if (config_file != NULL)
{
- uschar *p;
+ uschar *slash = Ustrrchr(filename, '/');
config_filename = config_main_filename = string_copy(filename);
- p = Ustrrchr(filename, '/');
- config_main_directory = p ? string_copyn(filename, p - filename)
- : string_copy(US".");
+ /* the config_main_directory we need for the $config_dir expansion.
+ And config_dir is the directory of the current configuration, used for
+ relative .includes. We do need to know it's name, as we change our working
+ directory later. */
+
+ if (filename[0] == '/')
+ config_main_directory = slash > filename ? string_copyn(filename, slash - filename) : US"/";
+ else
+ {
+ /* relative configuration file name: working dir + / + basename(filename) */
+
+ char buf[PATH_MAX];
+ int offset = 0;
+ int size = 0;
+ const uschar *p = Ustrrchr(filename, '/');
+
+ if (getcwd(buf, PATH_MAX) == NULL)
+ {
+ perror("exim: getcwd");
+ exit(EXIT_FAILURE);
+ }
+ config_main_directory = string_cat(NULL, &size, &offset, buf);
+
+ /* If the dir does not end with a "/", append one */
+ if (config_main_directory[offset-1] != '/')
+ string_cat(config_main_directory, &size, &offset, US"/");
+
+ /* If the config file contains a "/", extract the directory part */
+ if (p)
+ string_catn(config_main_directory, &size, &offset, filename, p - filename);
+ }
+ config_directory = config_main_directory;
}
else
{
@@ -3389,6 +3425,15 @@ else
"configuration file %s", filename));
}
+/* Now, once we found and opened our configuration file, we change the directory
+to a safe place. Later we change to $spool_directory. */
+
+if (Uchdir("/") < 0)
+ {
+ perror("exim: chdir `/': ");
+ exit(EXIT_FAILURE);
+ }
+
/* Check the status of the file we have opened, if we have retained root
privileges and the file isn't /dev/null (which *should* be 0666). */
diff --git a/test/confs/0903 b/test/confs/0903
new file mode 100644
index 000000000..017424e24
--- /dev/null
+++ b/test/confs/0903
@@ -0,0 +1 @@
+.include confs/0903./aaa
diff --git a/test/confs/0903./aaa b/test/confs/0903./aaa
new file mode 100644
index 000000000..746f316bf
--- /dev/null
+++ b/test/confs/0903./aaa
@@ -0,0 +1 @@
+.include bbb
diff --git a/test/confs/0903./bbb b/test/confs/0903./bbb
new file mode 100644
index 000000000..e69de29bb
--- /dev/null
+++ b/test/confs/0903./bbb
diff --git a/test/scripts/0000-Basic/0290 b/test/scripts/0000-Basic/0290
index f4b63aa8e..204fa1e1b 100644
--- a/test/scripts/0000-Basic/0290
+++ b/test/scripts/0000-Basic/0290
@@ -8,5 +8,5 @@ exim -DOPT -bP receive_timeout
exim '-D OPT = receive_timeout = 4s ' -bP receive_timeout
****
1
-exim -DINC='.include non/absolute' -bP receive_timeout
+exim -DINC='.include_if_exists non/absolute' -bP receive_timeout
****
diff --git a/test/scripts/0000-Basic/0903 b/test/scripts/0000-Basic/0903
new file mode 100644
index 000000000..1bd510ae3
--- /dev/null
+++ b/test/scripts/0000-Basic/0903
@@ -0,0 +1,2 @@
+# Test different variants of .includes
+exim -bP config
diff --git a/test/stdout/0903 b/test/stdout/0903
new file mode 100644
index 000000000..a7bda45dc
--- /dev/null
+++ b/test/stdout/0903
@@ -0,0 +1,7 @@
+# Exim Configuration (X)
+# 1 "TESTSUITE/test-config"
+# 1 "TESTSUITE/test-config"
+# 1 "TESTSUITE/confs/0903./aaa"
+# 1 "TESTSUITE/confs/0903./aaa"
+# 1 "TESTSUITE/confs/0903./aaa"
+# 1 "TESTSUITE/test-config"