From: Timo Sirainen <timo.sirainen@open-xchange.com>
Date: Fri, 10 Mar 2023 23:11:28 +0000 (+0200)
Subject: global: Stop assuming mail_storage_service_lookup*() is going to read settings
X-Git-Tag: 2.4.0~2219
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=e4b797371be85cd7038b7e643f15b7f382592a54;p=thirdparty%2Fdovecot%2Fcore.git

global: Stop assuming mail_storage_service_lookup*() is going to read settings
---

diff --git a/src/imap-urlauth/imap-urlauth-worker.c b/src/imap-urlauth/imap-urlauth-worker.c
index 969e792340..1be86f83d2 100644
--- a/src/imap-urlauth/imap-urlauth-worker.c
+++ b/src/imap-urlauth/imap-urlauth-worker.c
@@ -983,7 +983,7 @@ int main(int argc, char *argv[])
 		MAIL_STORAGE_SERVICE_FLAG_USERDB_LOOKUP |
 		MAIL_STORAGE_SERVICE_FLAG_NO_LOG_INIT;
 	ARRAY_TYPE (const_string) access_apps;
-	const char *access_user = NULL;
+	const char *access_user = NULL, *error;
 	int c;
 
 	if (IS_STANDALONE()) {
@@ -1019,6 +1019,9 @@ int main(int argc, char *argv[])
 	master_service_init_log_with_pid(master_service);
 	master_service_set_die_callback(master_service, imap_urlauth_worker_die);
 
+	if (master_service_settings_read_simple(master_service, &error) < 0)
+		i_fatal("%s", error);
+
 	storage_service =
 		mail_storage_service_init(master_service,
 					  storage_service_flags);
diff --git a/src/imap/main.c b/src/imap/main.c
index d5a8f7f796..a7dd93d95a 100644
--- a/src/imap/main.c
+++ b/src/imap/main.c
@@ -495,6 +495,7 @@ int main(int argc, char *argv[])
 		 */
 		MAIL_STORAGE_SERVICE_FLAG_NO_NAMESPACES;
 	const char *username = NULL, *auth_socket_path = "auth-master";
+	const char *error;
 	int c;
 
 	i_zero(&login_set);
@@ -542,6 +543,9 @@ int main(int argc, char *argv[])
 	master_admin_clients_init(&admin_callbacks);
 	master_service_set_die_callback(master_service, imap_die);
 
+	if (master_service_settings_read_simple(master_service, &error) < 0)
+		i_fatal("%s", error);
+
 	/* plugins may want to add commands, so this needs to be called early */
 	commands_init();
 	imap_fetch_handlers_init();
@@ -552,7 +556,6 @@ int main(int argc, char *argv[])
 	verbose_proctitle = !IS_STANDALONE() &&
 		getenv(MASTER_VERBOSE_PROCTITLE_ENV) != NULL;
 
-	const char *error;
 	if (t_abspath(auth_socket_path, &login_set.auth_socket_path, &error) < 0)
 		i_fatal("t_abspath(%s) failed: %s", auth_socket_path, error);
 
diff --git a/src/indexer/indexer-worker.c b/src/indexer/indexer-worker.c
index 7d293acce4..d3e7d9d53a 100644
--- a/src/indexer/indexer-worker.c
+++ b/src/indexer/indexer-worker.c
@@ -26,18 +26,11 @@ static void drop_privileges(void)
 	struct restrict_access_settings set;
 	const char *error;
 
+	if (master_service_settings_read_simple(master_service, &error) < 0)
+		i_fatal("%s", error);
+
 	/* by default we don't drop any privileges, but keep running as root. */
 	restrict_access_get_env(&set);
-	if (set.uid != 0) {
-		/* open config connection before dropping privileges */
-		struct master_service_settings_input input;
-		struct master_service_settings_output output;
-
-		i_zero(&input);
-		input.service = "indexer-worker";
-		(void)master_service_settings_read(master_service,
-						   &input, &output, &error);
-	}
 	restrict_access_by_env(RESTRICT_ACCESS_FLAG_ALLOW_ROOT, NULL);
 }
 
diff --git a/src/lda/main.c b/src/lda/main.c
index 9bbaf73b73..570e0267dd 100644
--- a/src/lda/main.c
+++ b/src/lda/main.c
@@ -348,7 +348,7 @@ int main(int argc, char *argv[])
 {
 	struct mail_deliver_input dinput;
 	enum mail_storage_service_flags service_flags = 0;
-	const char *user, *errstr, *path;
+	const char *user, *errstr, *path, *error;
 	struct smtp_address *rcpt_to, *final_rcpt_to, *mail_from;
 	struct mail_storage_service_ctx *storage_service;
 	struct mail_storage_service_input service_input;
@@ -474,6 +474,9 @@ int main(int argc, char *argv[])
 		i_fatal_status(EX_USAGE, "Unknown argument: %s", argv[optind]);
 	}
 
+	if (master_service_settings_read_simple(master_service, &error) < 0)
+		i_fatal("%s", error);
+
 	process_euid = geteuid();
 	if ((service_flags & MAIL_STORAGE_SERVICE_FLAG_USERDB_LOOKUP) != 0)
 		;
diff --git a/src/lmtp/main.c b/src/lmtp/main.c
index ffe9b689a3..7d05c3360a 100644
--- a/src/lmtp/main.c
+++ b/src/lmtp/main.c
@@ -61,17 +61,11 @@ static void drop_privileges(void)
 	struct restrict_access_settings set;
 	const char *error;
 
+	if (master_service_settings_read_simple(master_service, &error) < 0)
+		i_fatal("%s", error);
+
 	/* by default we don't drop any privileges, but keep running as root. */
 	restrict_access_get_env(&set);
-	/* open config connection before dropping privileges */
-	struct master_service_settings_input input;
-	struct master_service_settings_output output;
-
-	i_zero(&input);
-	input.service = "lmtp";
-	if (master_service_settings_read(master_service,
-					 &input, &output, &error) < 0)
-		i_fatal("%s", error);
 	restrict_access_by_env(RESTRICT_ACCESS_FLAG_ALLOW_ROOT, NULL);
 }
 
diff --git a/src/pop3/main.c b/src/pop3/main.c
index 01ec964cf0..d2cd382b52 100644
--- a/src/pop3/main.c
+++ b/src/pop3/main.c
@@ -370,6 +370,7 @@ int main(int argc, char *argv[])
 	enum master_service_flags service_flags = 0;
 	enum mail_storage_service_flags storage_service_flags = 0;
 	const char *username = NULL, *auth_socket_path = "auth-master";
+	const char *error;
 	int c;
 
 	i_zero(&login_set);
@@ -418,7 +419,9 @@ int main(int argc, char *argv[])
 		}
 	}
 
-	const char *error;
+	if (master_service_settings_read_simple(master_service, &error) < 0)
+		i_fatal("%s", error);
+
 	if (t_abspath(auth_socket_path, &login_set.auth_socket_path, &error) < 0) {
 		i_fatal("t_abspath(%s) failed: %s", auth_socket_path, error);
 	}
diff --git a/src/submission/main.c b/src/submission/main.c
index 978488f7e6..c72c133e1d 100644
--- a/src/submission/main.c
+++ b/src/submission/main.c
@@ -418,6 +418,9 @@ int main(int argc, char *argv[])
 	master_admin_clients_init(&admin_callbacks);
 	master_service_set_die_callback(master_service, submission_die);
 
+	if (master_service_settings_read_simple(master_service, &error) < 0)
+		i_fatal("%s", error);
+
 	storage_service =
 		mail_storage_service_init(master_service,
 					  storage_service_flags);
diff --git a/src/util/script-login.c b/src/util/script-login.c
index f33c296bcf..62d40a501c 100644
--- a/src/util/script-login.c
+++ b/src/util/script-login.c
@@ -115,6 +115,8 @@ static void client_connected(struct master_service_connection *conn)
 		t_strdup_printf("script-login(%s): ", input.username));
 
 	if (drop_to_userdb_privileges) {
+		if (master_service_settings_read_simple(master_service, &error) < 0)
+			i_fatal("%s", error);
 		service_ctx = mail_storage_service_init(master_service, flags);
 		if (mail_storage_service_lookup(service_ctx, &input, &user, &error) <= 0)
 			i_fatal("%s", error);