dovecot-2.2-pigeonhole: Added sieve_extprograms plugin to the ma...
pigeonhole at rename-it.nl
pigeonhole at rename-it.nl
Sun Apr 7 03:26:01 EEST 2013
details: http://hg.rename-it.nl/dovecot-2.2-pigeonhole/rev/a68530fb25d4
changeset: 1746:a68530fb25d4
user: Stephan Bosch <stephan at rename-it.nl>
date: Sun Apr 07 02:25:46 2013 +0200
description:
Added sieve_extprograms plugin to the main Pigeonhole tree.
It is still a plugin, but no longer a separate package.
diffstat:
INSTALL | 27 +-
Makefile.am | 24 +-
configure.ac | 1 +
doc/Makefile.am | 1 +
doc/example-config/conf.d/90-sieve-extprograms.conf | 44 +
doc/example-config/conf.d/90-sieve.conf | 1 +
doc/example-config/conf.d/Makefile.am | 3 +-
doc/plugins/sieve_extprograms.txt | 175 +++
doc/rfc/spec-bosch-sieve-extprograms.txt | 728 +++++++++++++++
doc/rfc/xml/reference.DSN.xml | 17 +
doc/rfc/xml/reference.MDN.xml | 17 +
doc/rfc/xml/reference.NET-UNICODE.xml | 17 +
doc/rfc/xml/reference.RFC.3894.xml | 15 +
doc/rfc/xml/reference.RFC.5429.xml | 15 +
doc/rfc/xml/reference.SUBADDRESS.xml | 15 +
doc/rfc/xml/reference.UTF-8.xml | 16 +
doc/rfc/xml/spec-bosch-sieve-extprograms.xml | 616 ++++++++++++
src/plugins/Makefile.am | 2 +-
src/plugins/sieve-extprograms/Makefile.am | 38 +
src/plugins/sieve-extprograms/cmd-execute.c | 452 +++++++++
src/plugins/sieve-extprograms/cmd-filter.c | 283 +++++
src/plugins/sieve-extprograms/cmd-pipe.c | 388 +++++++
src/plugins/sieve-extprograms/ext-execute.c | 80 +
src/plugins/sieve-extprograms/ext-filter.c | 80 +
src/plugins/sieve-extprograms/ext-pipe.c | 111 ++
src/plugins/sieve-extprograms/script-client-local.c | 300 ++++++
src/plugins/sieve-extprograms/script-client-private.h | 59 +
src/plugins/sieve-extprograms/script-client-remote.c | 327 ++++++
src/plugins/sieve-extprograms/script-client.c | 327 ++++++
src/plugins/sieve-extprograms/script-client.h | 35 +
src/plugins/sieve-extprograms/sieve-extprograms-common.c | 594 ++++++++++++
src/plugins/sieve-extprograms/sieve-extprograms-common.h | 98 ++
src/plugins/sieve-extprograms/sieve-extprograms-plugin.c | 65 +
src/plugins/sieve-extprograms/sieve-extprograms-plugin.h | 23 +
tests/plugins/extprograms/bin/addheader | 6 +
tests/plugins/extprograms/bin/cat | 3 +
tests/plugins/extprograms/bin/env | 3 +
tests/plugins/extprograms/bin/frame | 7 +
tests/plugins/extprograms/bin/modify | 8 +
tests/plugins/extprograms/bin/program | 5 +
tests/plugins/extprograms/bin/replace | 12 +
tests/plugins/extprograms/bin/sleep2 | 3 +
tests/plugins/extprograms/bin/stderr | 20 +
tests/plugins/extprograms/errors.svtest | 32 +
tests/plugins/extprograms/errors/arguments.sieve | 5 +
tests/plugins/extprograms/errors/programname.sieve | 25 +
tests/plugins/extprograms/execute/command.svtest | 27 +
tests/plugins/extprograms/execute/errors.svtest | 32 +
tests/plugins/extprograms/execute/errors/syntax.sieve | 38 +
tests/plugins/extprograms/execute/errors/variables.sieve | 7 +
tests/plugins/extprograms/execute/execute.svtest | 103 ++
tests/plugins/extprograms/filter/command.svtest | 10 +
tests/plugins/extprograms/filter/errors.svtest | 18 +
tests/plugins/extprograms/filter/errors/syntax.sieve | 22 +
tests/plugins/extprograms/filter/execute.svtest | 180 +++
tests/plugins/extprograms/pipe/command.svtest | 10 +
tests/plugins/extprograms/pipe/errors.svtest | 57 +
tests/plugins/extprograms/pipe/errors/syntax.sieve | 22 +
tests/plugins/extprograms/pipe/errors/timeout.sieve | 3 +
tests/plugins/extprograms/pipe/execute.svtest | 56 +
60 files changed, 5701 insertions(+), 7 deletions(-)
diffs (truncated from 6004 to 300 lines):
diff -r c6c6af49f8ac -r a68530fb25d4 INSTALL
--- a/INSTALL Sun Apr 07 00:58:40 2013 +0200
+++ b/INSTALL Sun Apr 07 02:25:46 2013 +0200
@@ -127,7 +127,8 @@
The Pigeonhole Sieve interpreter can have plugins of its own. Using this
setting, the used plugins can be specified. Check the Dovecot wiki
(wiki2.dovecot.org) or the pigeonhole website (http://pigeonhole.dovecot.org)
- for available plugins.
+ for available plugins. The sieve_extprograms plugin is included in this
+ release.
sieve_user_log =
The path to the file where the user log file is written. If not configured, a
@@ -367,7 +368,7 @@
configuration options. Refer to doc/extensions/include.txt for settings
specific to the include extension.
-- Spamtest and Virustest extensions:
+- Spamtest and virustest extensions:
Using the spamtest and virustest extensions (RFC 5235), the Sieve language
provides a uniform and standardized command interface for evaluating spam and
@@ -382,6 +383,28 @@
configuration and are not enabled for use by default. Refer to
doc/extensions/spamtest-virustest.txt for configuration information.
+- Vnd.dovecot.duplicate extension:
+
+ The vnd.dovecot.duplicate extension augments the Sieve filtering
+ implementation with a test that allows detecting and handling duplicate
+ message deliveries, e.g. as caused by mailinglists when people reply both to
+ the mailinglist and the user directly.
+
+ The vnd.dovecot.duplicate extension requires explicit configuration and is not
+ enabled for use by default. Refer to doc/extensions/vnd.dovecot.duplicate.txt
+ for configuration information.
+
+- Vnd.dovovecot.pipe, vnd.dovecot.filter, vnd.dovecot.execute extensions:
+
+ The "sieve_extprograms" plugin provides extensions to the Sieve filtering
+ language adding new action commands for invoking a predefined set of external
+ programs. Messages can be piped to or filtered through those programs and
+ string data can be input to and retrieved from those programs.
+
+ This plugin and the extensions it provides require explicit configuration and
+ are not enabled for use by default. Refer to doc/plugins/sieve_extprograms.txt
+ for more information.
+
Sieve Interpreter - Migration from CMUSieve (Dovecot v1.0/v1.1)
---------------------------------------------------------------
diff -r c6c6af49f8ac -r a68530fb25d4 Makefile.am
--- a/Makefile.am Sun Apr 07 00:58:40 2013 +0200
+++ b/Makefile.am Sun Apr 07 02:25:46 2013 +0200
@@ -20,7 +20,7 @@
hg log --style=changelog > ChangeLog
endif
-# Testsuite tests
+# Testsuite tests (FIXME: ugly)
TESTSUITE_BIN = $(top_builddir)/src/testsuite/testsuite $(TESTSUITE_OPTIONS)
@@ -148,8 +148,26 @@
$(test_cases):
@$(TEST_BIN) $(top_srcdir)/$@
-.PHONY: $(test_cases)
+TEST_EXTPROGRAMS_BIN = $(TEST_BIN) \
+ -P src/plugins/sieve-extprograms/.libs/sieve_extprograms
+extprograms_test_cases = \
+ tests/plugins/extprograms/errors.svtest \
+ tests/plugins/extprograms/pipe/command.svtest \
+ tests/plugins/extprograms/pipe/errors.svtest \
+ tests/plugins/extprograms/pipe/execute.svtest \
+ tests/plugins/extprograms/filter/command.svtest \
+ tests/plugins/extprograms/filter/errors.svtest \
+ tests/plugins/extprograms/filter/execute.svtest \
+ tests/plugins/extprograms/execute/command.svtest \
+ tests/plugins/extprograms/execute/errors.svtest \
+ tests/plugins/extprograms/execute/execute.svtest
+
+$(extprograms_test_cases):
+ @$(TEST_EXTPROGRAMS_BIN) $(top_srcdir)/$@
+
+.PHONY: $(test_cases) $(extprograms_test_cases)
test: $(test_cases)
+test-plugins: $(extprograms_test_cases)
-check: check-am test all-am
+check: check-am test test-plugins all-am
diff -r c6c6af49f8ac -r a68530fb25d4 configure.ac
--- a/configure.ac Sun Apr 07 00:58:40 2013 +0200
+++ b/configure.ac Sun Apr 07 02:25:46 2013 +0200
@@ -129,6 +129,7 @@
src/plugins/Makefile
src/plugins/doveadm-sieve/Makefile
src/plugins/lda-sieve/Makefile
+src/plugins/sieve-extprograms/Makefile
src/sieve-tools/Makefile
src/managesieve/Makefile
src/managesieve-login/Makefile
diff -r c6c6af49f8ac -r a68530fb25d4 doc/Makefile.am
--- a/doc/Makefile.am Sun Apr 07 00:58:40 2013 +0200
+++ b/doc/Makefile.am Sun Apr 07 02:25:46 2013 +0200
@@ -10,5 +10,6 @@
EXTRA_DIST = \
devel \
extensions \
+ plugins \
$(docfiles)
diff -r c6c6af49f8ac -r a68530fb25d4 doc/example-config/conf.d/90-sieve-extprograms.conf
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/doc/example-config/conf.d/90-sieve-extprograms.conf Sun Apr 07 02:25:46 2013 +0200
@@ -0,0 +1,44 @@
+# Sieve Extprograms plugin configuration
+
+# Don't forget to add the sieve_extprograms plugin to the sieve_plugins setting.
+# Also enable the extensions you need (one or more of vnd.dovecot.pipe,
+# vnd.dovecot.filter and vnd.dovecot.execute) by adding these to the
+# sieve_extensions or sieve_global_extensions settings. Restricting these
+# extensions to a global context using sieve_global_extensions is recommended.
+
+plugin {
+
+ # The directory where the program sockets are located for the
+ # vnd.dovecot.pipe, vnd.dovecot.filter and vnd.dovecot.execute extension
+ # respectively. The name of each unix socket contained in that directory
+ # directly maps to a program-name referenced from the Sieve script.
+ #sieve_pipe_socket_dir = sieve-pipe
+ #sieve_filter_socket_dir = sieve-filter
+ #sieve_execute_socket_dir = sieve-execute
+
+ # The directory where the scripts are located for direct execution by the
+ # vnd.dovecot.pipe, vnd.dovecot.filter and vnd.dovecot.execute extension
+ # respectively. The name of each script contained in that directory
+ # directly maps to a program-name referenced from the Sieve script.
+ #sieve_pipe_bin_dir = /usr/lib/dovecot/sieve-pipe
+ #sieve_filter_bin_dir = /usr/lib/dovecot/sieve-filter
+ #sieve_execute_bin_dir = /usr/lib/dovecot/sieve-execute
+}
+
+# An example program service called 'do-something' to pipe messages to
+#service do-something {
+ # Define the executed script as parameter to the sieve service
+ #executable = script /usr/lib/dovecot/sieve-pipe/do-something.sh
+
+ # Use some unprivileged user for executing the program
+ #user = dovenull
+
+ # The unix socket located in the sieve_pipe_socket_dir (as defined in the
+ # plugin {} section above)
+ #unix_listener sieve-pipe/do-something {
+ # LDA/LMTP must have access
+ # user = vmail
+ # mode = 0600
+ #}
+#}
+
diff -r c6c6af49f8ac -r a68530fb25d4 doc/example-config/conf.d/90-sieve.conf
--- a/doc/example-config/conf.d/90-sieve.conf Sun Apr 07 00:58:40 2013 +0200
+++ b/doc/example-config/conf.d/90-sieve.conf Sun Apr 07 02:25:46 2013 +0200
@@ -68,6 +68,7 @@
# setting, the used plugins can be specified. Check the Dovecot wiki
# (wiki2.dovecot.org) or the pigeonhole website
# (http://pigeonhole.dovecot.org) for available plugins.
+ # The sieve_extprograms plugin is included in this release.
#sieve_plugins =
# The separator that is expected between the :user and :detail
diff -r c6c6af49f8ac -r a68530fb25d4 doc/example-config/conf.d/Makefile.am
--- a/doc/example-config/conf.d/Makefile.am Sun Apr 07 00:58:40 2013 +0200
+++ b/doc/example-config/conf.d/Makefile.am Sun Apr 07 02:25:46 2013 +0200
@@ -3,7 +3,8 @@
exampledir = $(dovecot_docdir)/example-config/conf.d
example_DATA = \
20-managesieve.conf \
- 90-sieve.conf
+ 90-sieve.conf \
+ 90-sieve-extprograms.conf
EXTRA_DIST = \
$(example_DATA)
diff -r c6c6af49f8ac -r a68530fb25d4 doc/plugins/sieve_extprograms.txt
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/doc/plugins/sieve_extprograms.txt Sun Apr 07 02:25:46 2013 +0200
@@ -0,0 +1,175 @@
+Sieve Extprograms plugin for Pigeonhole
+
+Relevant specifications
+=======================
+
+ doc/rfc/spec-bosch-sieve-extprograms.txt
+
+Introduction
+============
+
+Sieve (RFC 5228) is a highly extensible machine language specifically tailored
+for internet message filtering. For the Dovecot Secure IMAP server, Sieve
+support is provided by the Pigeonhole Sieve plugin. This package includes a
+plugin for Pigeonhole called "sieve_extprograms", which extends the Sieve
+filtering implementation with action commands for invoking a predefined set of
+external programs. Messages can be piped to or filtered through those programs
+and string data can be input to and retrieved from those programs.
+
+The Sieve language is explicitly designed to be powerful enough to be useful yet
+limited in order to allow for a safe server-side filtering system. Therefore,
+the base specification of the language makes it impossible for users to do
+anything more complex (and dangerous) than write simple mail filters. One of the
+consequences of this security-minded design is that users cannot execute
+external programs from their mail filter. Particularly for server-side filtering
+setups in which mail accounts have no corresponding system account, allowing the
+execution of arbitrary programs from the mail filter can be a significant
+security risk. However, such functionality can also be very useful, for instance
+to easily implement a custom action or external effect that Sieve normally
+cannot provide.
+
+The "sieve_extprograms" plugin provides an extension to the Sieve filtering
+language adding new action commands for invoking a predefined set of external
+programs. To mitigate the security concerns, the external programs cannot be
+chosen arbitrarily; the available programs are restricted through administrator
+configuration.
+
+This extension is specific to the Pigeonhole Sieve implementation for the
+Dovecot Secure IMAP server. It will therefore most likely not be supported by
+web interfaces or GUI-based Sieve editors. This extension is primarily meant for
+use in small setups or global scripts that are managed by the systems
+administrator.
+
+Implementation Status
+---------------------
+
+The "vnd.dovecot.pipe", "vnd.dovecot.filter" and "vnd.dovecot.execute" Sieve
+language extensions introduced by this plugin are vendor-specific with draft
+status and their implementation for Pigeonhole is experimental, which means that
+the language extensions are still subject to change and that the current
+implementation is not thoroughly tested.
+
+Configuration
+=============
+
+The plugin is activated by adding it to the sieve_plugins setting:
+
+sieve_plugins = sieve_extprograms
+
+This plugin registers the "vnd.dovecot.pipe", "vnd.dovecot.filter" and
+"vnd.dovecot.execute" extensions with the Sieve interpreter. However, these
+extensions are not enabled by default and thus need to be enabled explicitly. It
+is recommended to restrict the use of these extensions to global context by
+adding these to the "sieve_global_extensions" setting. If personal user scripts
+also need to directly access external programs, the extensions need to be added
+to the "sieve_extensions" setting.
+
+The commands introduced by the Sieve language extensions in this plugin can
+directly pipe a message or string data to an external program (typically a shell
+script) by forking a new process. Alternatively, these can connect to a unix
+socket behind which a Dovecot script service is listening to start the external
+program, e.g. to execute as a different user or for added security.
+
+The program name specified for the new Sieve "pipe", "filter" and "execute"
+commands is used to find the program or socket in a configured directory.
+Separate directories are specified for the sockets and the directly executed
+binaries. The socket directory is searched first. Since the use of "/" in
+program names is prohibited, it is not possible to build a hierarchical
+structure.
+
+Directly forked programs are executed with a limited set of environment
+variables: HOME, USER, HOST, SENDER, RECIPIENT and ORIG_RECIPIENT. Programs
+executed through the script-pipe socket service currently have no environment
+set at all.
+
+If a shell script is expected to read a message or string data, it must fully
+read the provided input until the data ends with EOF, otherwise the Sieve action
+invoking the program will fail. The action will also fail when the shell script
+returns a nonzero exit code. Standard output is available for returning a
+message (for the filter command) or string data (for the execute command) to the
+Sieve interpreter. Standard error is written to the LDA log file.
+
+The three extensions introduced by this plugin - "vnd.dovecot.pipe",
+"vnd.dovecot.filter" and "vnd.dovecot.pipe" - each have separate but similar
+configuration. The settings that specify a period are specified in s(econds),
+unless followed by a d(ay), h(our) or m(inute) specifier character. The
+following configuration settings are used, for which "<extension>" in the
+setting name is replaced by either "pipe", "filter" or "execute" depending on
+which extension is being configured.
+
+sieve_<extension>_socket_dir =
+ Points to a directory relative to the Dovecot base_dir where the plugin looks
+ for script service sockets.
+
+sieve_<extension>_bin_dir =
+ Points to a directory where the plugin looks for programs (shell scripts) to
+ execute directly and pipe messages to.
+
+sieve_<extension>_exec_timeout = 10s
+ Configures the maximum execution time after which the program is forcefully
+ terminated.
+
More information about the dovecot-cvs
mailing list