diff options
author | Todd C. Miller <millert@cvs.openbsd.org> | 2001-01-15 20:52:42 +0000 |
---|---|---|
committer | Todd C. Miller <millert@cvs.openbsd.org> | 2001-01-15 20:52:42 +0000 |
commit | 249395028cd5152a22beb827afe020a69b842928 (patch) | |
tree | 37e6c7dc6018ad97126653790ba0e2a5eb98b372 | |
parent | 22559135ed5223c81e7a49b8726db8ee1927e322 (diff) |
sendmail 8.11.2
18 files changed, 2021 insertions, 16 deletions
diff --git a/gnu/usr.sbin/sendmail/cf/cf/generic-nextstep3.3.cf b/gnu/usr.sbin/sendmail/cf/cf/generic-nextstep3.3.cf new file mode 100644 index 00000000000..df6ba61778a --- /dev/null +++ b/gnu/usr.sbin/sendmail/cf/cf/generic-nextstep3.3.cf @@ -0,0 +1,1244 @@ +# +# Copyright (c) 1998-2000 Sendmail, Inc. and its suppliers. +# All rights reserved. +# Copyright (c) 1983, 1995 Eric P. Allman. All rights reserved. +# Copyright (c) 1988, 1993 +# The Regents of the University of California. All rights reserved. +# +# By using this file, you agree to the terms and conditions set +# forth in the LICENSE file which can be found at the top level of +# the sendmail distribution. +# +# + +###################################################################### +###################################################################### +##### +##### SENDMAIL CONFIGURATION FILE +##### +##### built by gshapiro@horsey.gshapiro.net on Fri Dec 29 22:31:00 PST 2000 +##### in /usr/local/src/sendmail/devel/8.11/OpenSource/sendmail-8.11.2/cf/cf +##### using ../ as configuration include directory +##### +###################################################################### +###################################################################### + +##### $Id: generic-nextstep3.3.cf,v 1.1 2001/01/15 20:52:26 millert Exp $ ##### +##### $Id: generic-nextstep3.3.cf,v 1.1 2001/01/15 20:52:26 millert Exp $ ##### +##### $Id: generic-nextstep3.3.cf,v 1.1 2001/01/15 20:52:26 millert Exp $ ##### + +##### $Id: generic-nextstep3.3.cf,v 1.1 2001/01/15 20:52:26 millert Exp $ ##### + +##### $Id: generic-nextstep3.3.cf,v 1.1 2001/01/15 20:52:26 millert Exp $ ##### + +##### $Id: generic-nextstep3.3.cf,v 1.1 2001/01/15 20:52:26 millert Exp $ ##### + +##### $Id: generic-nextstep3.3.cf,v 1.1 2001/01/15 20:52:26 millert Exp $ ##### + + + +##### $Id: generic-nextstep3.3.cf,v 1.1 2001/01/15 20:52:26 millert Exp $ ##### + + +# level 9 config file format +V9/Berkeley + +# override file safeties - setting this option compromises system security, +# addressing the actual file configuration problem is preferred +# need to set this before any file actions are encountered in the cf file +#O DontBlameSendmail=safe + +# default LDAP map specification +# need to set this now before any LDAP maps are defined +#O LDAPDefaultSpec=-h localhost + +################## +# local info # +################## + +Cwlocalhost +# file containing names of hosts for which we receive email +Fw/etc/mail/local-host-names + +# my official domain name +# ... define this only if sendmail cannot automatically determine your domain +#Dj$w.Foo.COM + +CP. + +# "Smart" relay host (may be null) +DS + + +# operators that cannot be in local usernames (i.e., network indicators) +CO @ % ! + +# a class with just dot (for identifying canonical names) +C.. + +# a class with just a left bracket (for identifying domain literals) +C[[ + + +# Resolve map (to check if a host exists in check_mail) +Kresolve host -a<OK> -T<TEMP> + + + +# Hosts for which relaying is permitted ($=R) +FR-o /etc/mail/relay-domains + +# arithmetic map +Karith arith + +# who I send unqualified names to (null means deliver locally) +DR + +# who gets all local email traffic ($R has precedence for unqualified names) +DH + +# dequoting map +Kdequote dequote + +# class E: names that should be exposed as from this host, even if we masquerade +# class L: names that should be delivered locally, even if we have a relay +# class M: domains that should be converted to $M +# class N: domains that should not be converted to $M +#CL root +CEroot + +# who I masquerade as (null for no masquerading) (see also $=M) +DM + +# my name for error messages +DnMAILER-DAEMON + + +CPREDIRECT + +# Configuration version number +DZ8.11.2 + + +############### +# Options # +############### + +# strip message body to 7 bits on input? +O SevenBitInput=False + +# 8-bit data handling +O EightBitMode=pass8 + +# wait for alias file rebuild (default units: minutes) +O AliasWait=10 + +# location of alias file +O AliasFile=/etc/mail/aliases + +# minimum number of free blocks on filesystem +O MinFreeBlocks=100 + +# maximum message size +#O MaxMessageSize=1000000 + +# substitution for space (blank) characters +O BlankSub=. + +# avoid connecting to "expensive" mailers on initial submission? +O HoldExpensive=False + +# checkpoint queue runs after every N successful deliveries +#O CheckpointInterval=10 + +# default delivery mode +O DeliveryMode=background + +# automatically rebuild the alias database? +# NOTE: There is a potential for a denial of service attack if this is set. +# This option is deprecated and will be removed from a future version. +#O AutoRebuildAliases=False + +# error message header/file +#O ErrorHeader=/etc/mail/error-header + +# error mode +#O ErrorMode=print + +# save Unix-style "From_" lines at top of header? +#O SaveFromLine=False + +# temporary file mode +O TempFileMode=0600 + +# match recipients against GECOS field? +#O MatchGECOS=False + +# maximum hop count +#O MaxHopCount=17 + +# location of help file +O HelpFile=/etc/mail/helpfile + +# ignore dots as terminators in incoming messages? +#O IgnoreDots=False + +# name resolver options +#O ResolverOptions=+AAONLY + +# deliver MIME-encapsulated error messages? +O SendMimeErrors=True + +# Forward file search path +O ForwardPath=$z/.forward.$w+$h:$z/.forward+$h:$z/.forward.$w:$z/.forward + +# open connection cache size +O ConnectionCacheSize=2 + +# open connection cache timeout +O ConnectionCacheTimeout=5m + +# persistent host status directory +#O HostStatusDirectory=.hoststat + +# single thread deliveries (requires HostStatusDirectory)? +#O SingleThreadDelivery=False + +# use Errors-To: header? +O UseErrorsTo=False + +# log level +O LogLevel=9 + +# send to me too, even in an alias expansion? +#O MeToo=True + +# verify RHS in newaliases? +O CheckAliases=False + +# default messages to old style headers if no special punctuation? +O OldStyleHeaders=True + +# SMTP daemon options +O DaemonPortOptions=Name=MTA +O DaemonPortOptions=Port=587, Name=MSA, M=E + +# SMTP client options +#O ClientPortOptions=Address=0.0.0.0 + +# privacy flags +O PrivacyOptions=authwarnings + +# who (if anyone) should get extra copies of error messages +#O PostmasterCopy=Postmaster + +# slope of queue-only function +#O QueueFactor=600000 + +# queue directory +O QueueDirectory=/usr/spool/mqueue + +# timeouts (many of these) +#O Timeout.initial=5m +#O Timeout.connect=5m +#O Timeout.iconnect=5m +#O Timeout.helo=5m +#O Timeout.mail=10m +#O Timeout.rcpt=1h +#O Timeout.datainit=5m +#O Timeout.datablock=1h +#O Timeout.datafinal=1h +#O Timeout.rset=5m +#O Timeout.quit=2m +#O Timeout.misc=2m +#O Timeout.command=1h +#O Timeout.ident=5s +#O Timeout.fileopen=60s +#O Timeout.control=2m +O Timeout.queuereturn=5d +#O Timeout.queuereturn.normal=5d +#O Timeout.queuereturn.urgent=2d +#O Timeout.queuereturn.non-urgent=7d +O Timeout.queuewarn=4h +#O Timeout.queuewarn.normal=4h +#O Timeout.queuewarn.urgent=1h +#O Timeout.queuewarn.non-urgent=12h +#O Timeout.hoststatus=30m +#O Timeout.resolver.retrans=5s +#O Timeout.resolver.retrans.first=5s +#O Timeout.resolver.retrans.normal=5s +#O Timeout.resolver.retry=4 +#O Timeout.resolver.retry.first=4 +#O Timeout.resolver.retry.normal=4 + +# should we not prune routes in route-addr syntax addresses? +#O DontPruneRoutes=False + +# queue up everything before forking? +O SuperSafe=True + +# status file +O StatusFile=/etc/mail/statistics + +# time zone handling: +# if undefined, use system default +# if defined but null, use TZ envariable passed in +# if defined and non-null, use that info +#O TimeZoneSpec= + +# default UID (can be username or userid:groupid) +#O DefaultUser=mailnull + +# list of locations of user database file (null means no lookup) +#O UserDatabaseSpec=/etc/mail/userdb + +# fallback MX host +#O FallbackMXhost=fall.back.host.net + +# if we are the best MX host for a site, try it directly instead of config err +#O TryNullMXList=False + +# load average at which we just queue messages +#O QueueLA=8 + +# load average at which we refuse connections +#O RefuseLA=12 + +# maximum number of children we allow at one time +#O MaxDaemonChildren=12 + +# maximum number of new connections per second +#O ConnectionRateThrottle=0 + +# work recipient factor +#O RecipientFactor=30000 + +# deliver each queued job in a separate process? +#O ForkEachJob=False + +# work class factor +#O ClassFactor=1800 + +# work time factor +#O RetryFactor=90000 + +# shall we sort the queue by hostname first? +#O QueueSortOrder=priority + +# minimum time in queue before retry +#O MinQueueAge=30m + +# default character set +#O DefaultCharSet=iso-8859-1 + +# service switch file (ignored on Solaris, Ultrix, OSF/1, others) +#O ServiceSwitchFile=/etc/mail/service.switch + +# hosts file (normally /etc/hosts) +#O HostsFile=/etc/hosts + +# dialup line delay on connection failure +#O DialDelay=10s + +# action to take if there are no recipients in the message +#O NoRecipientAction=add-to-undisclosed + +# chrooted environment for writing to files +#O SafeFileEnvironment=/arch + +# are colons OK in addresses? +#O ColonOkInAddr=True + +# how many jobs can you process in the queue? +#O MaxQueueRunSize=10000 + +# shall I avoid expanding CNAMEs (violates protocols)? +#O DontExpandCnames=False + +# SMTP initial login message (old $e macro) +O SmtpGreetingMessage=$j Sendmail $v/$Z; $b + +# UNIX initial From header format (old $l macro) +O UnixFromLine=From $g $d + +# From: lines that have embedded newlines are unwrapped onto one line +#O SingleLineFromHeader=False + +# Allow HELO SMTP command that does not include a host name +#O AllowBogusHELO=False + +# Characters to be quoted in a full name phrase (@,;:\()[] are automatic) +#O MustQuoteChars=. + +# delimiter (operator) characters (old $o macro) +O OperatorChars=.:%@!^/[]+ + +# shall I avoid calling initgroups(3) because of high NIS costs? +#O DontInitGroups=False + +# are group-writable :include: and .forward files (un)trustworthy? +#O UnsafeGroupWrites=True + +# where do errors that occur when sending errors get sent? +#O DoubleBounceAddress=postmaster + +# where to save bounces if all else fails +#O DeadLetterDrop=/var/tmp/dead.letter + +# what user id do we assume for the majority of the processing? +#O RunAsUser=sendmail + +# maximum number of recipients per SMTP envelope +#O MaxRecipientsPerMessage=100 + +# shall we get local names from our installed interfaces? +#O DontProbeInterfaces=False + +# Return-Receipt-To: header implies DSN request +#O RrtImpliesDsn=False + +# override connection address (for testing) +#O ConnectOnlyTo=0.0.0.0 + +# Trusted user for file ownership and starting the daemon +#O TrustedUser=root + +# Control socket for daemon management +#O ControlSocketName=/var/spool/mqueue/.control + +# Maximum MIME header length to protect MUAs +#O MaxMimeHeaderLength=0/0 + +# Maximum length of the sum of all headers +O MaxHeadersLength=32768 + +# Maximum depth of alias recursion +#O MaxAliasRecursion=10 + +# location of pid file +#O PidFile=/var/run/sendmail.pid + +# Prefix string for the process title shown on 'ps' listings +#O ProcessTitlePrefix=prefix + +# Data file (df) memory-buffer file maximum size +#O DataFileBufferSize=4096 + +# Transcript file (xf) memory-buffer file maximum size +#O XscriptFileBufferSize=4096 + +# list of authentication mechanisms +#O AuthMechanisms=GSSAPI KERBEROS_V4 DIGEST-MD5 CRAM-MD5 + +# default authentication information for outgoing connections +#O DefaultAuthInfo=/etc/mail/default-auth-info + +# SMTP AUTH flags +#O AuthOptions + + + +# CA directory +#O CACERTPath +# CA file +#O CACERTFile +# Server Cert +#O ServerCertFile +# Server private key +#O ServerKeyFile +# Client Cert +#O ClientCertFile +# Client private key +#O ClientKeyFile +# DHParameters (only required if DSA/DH is used) +#O DHParameters +# Random data source (required for systems without /dev/urandom under OpenSSL) +#O RandFile + + + +########################### +# Message precedences # +########################### + +Pfirst-class=0 +Pspecial-delivery=100 +Plist=-30 +Pbulk=-60 +Pjunk=-100 + +##################### +# Trusted users # +##################### + +# this is equivalent to setting class "t" +#Ft/etc/mail/trusted-users +Troot +Tdaemon +Tuucp + +######################### +# Format of headers # +######################### + +H?P?Return-Path: <$g> +HReceived: $?sfrom $s $.$?_($?s$|from $.$_) + $.$?{auth_type}(authenticated$?{auth_ssf} (${auth_ssf} bits)$.) + $.by $j ($v/$Z)$?r with $r$. id $i$?{tls_version} + (using ${tls_version} with cipher ${cipher} (${cipher_bits} bits) verified ${verify})$.$?u + for $u; $|; + $.$b +H?D?Resent-Date: $a +H?D?Date: $a +H?F?Resent-From: $?x$x <$g>$|$g$. +H?F?From: $?x$x <$g>$|$g$. +H?x?Full-Name: $x +# HPosted-Date: $a +# H?l?Received-Date: $b +H?M?Resent-Message-Id: <$t.$i@$j> +H?M?Message-Id: <$t.$i@$j> + +# +###################################################################### +###################################################################### +##### +##### REWRITING RULES +##### +###################################################################### +###################################################################### + +############################################ +### Ruleset 3 -- Name Canonicalization ### +############################################ +Scanonify=3 + +# handle null input (translate to <@> special case) +R$@ $@ <@> + +# strip group: syntax (not inside angle brackets!) and trailing semicolon +R$* $: $1 <@> mark addresses +R$* < $* > $* <@> $: $1 < $2 > $3 unmark <addr> +R@ $* <@> $: @ $1 unmark @host:... +R$* :: $* <@> $: $1 :: $2 unmark node::addr +R:include: $* <@> $: :include: $1 unmark :include:... +R$* [ IPv6 $- ] <@> $: $1 [ IPv6 $2 ] unmark IPv6 addr +R$* : $* [ $* ] $: $1 : $2 [ $3 ] <@> remark if leading colon +R$* : $* <@> $: $2 strip colon if marked +R$* <@> $: $1 unmark +R$* ; $1 strip trailing semi +R$* < $+ :; > $* $@ $2 :; <@> catch <list:;> +R$* < $* ; > $1 < $2 > bogus bracketed semi + +# null input now results from list:; syntax +R$@ $@ :; <@> + +# strip angle brackets -- note RFC733 heuristic to get innermost item +R$* $: < $1 > housekeeping <> +R$+ < $* > < $2 > strip excess on left +R< $* > $+ < $1 > strip excess on right +R<> $@ < @ > MAIL FROM:<> case +R< $+ > $: $1 remove housekeeping <> + +# strip route address <@a,@b,@c:user@d> -> <user@d> +R@ $+ , $+ $2 +R@ $+ : $+ $2 + +# find focus for list syntax +R $+ : $* ; @ $+ $@ $>Canonify2 $1 : $2 ; < @ $3 > list syntax +R $+ : $* ; $@ $1 : $2; list syntax + +# find focus for @ syntax addresses +R$+ @ $+ $: $1 < @ $2 > focus on domain +R$+ < $+ @ $+ > $1 $2 < @ $3 > move gaze right +R$+ < @ $+ > $@ $>Canonify2 $1 < @ $2 > already canonical + +# do some sanity checking +R$* < @ $* : $* > $* $1 < @ $2 $3 > $4 nix colons in addrs + +# convert old-style addresses to a domain-based address +R$- ! $+ $@ $>Canonify2 $2 < @ $1 .UUCP > resolve uucp names +R$+ . $- ! $+ $@ $>Canonify2 $3 < @ $1 . $2 > domain uucps +R$+ ! $+ $@ $>Canonify2 $2 < @ $1 .UUCP > uucp subdomains + +# if we have % signs, take the rightmost one +R$* % $* $1 @ $2 First make them all @s. +R$* @ $* @ $* $1 % $2 @ $3 Undo all but the last. +R$* @ $* $@ $>Canonify2 $1 < @ $2 > Insert < > and finish + +# else we must be a local name +R$* $@ $>Canonify2 $1 + + +################################################ +### Ruleset 96 -- bottom half of ruleset 3 ### +################################################ + +SCanonify2=96 + +# handle special cases for local names +R$* < @ localhost > $* $: $1 < @ $j . > $2 no domain at all +R$* < @ localhost . $m > $* $: $1 < @ $j . > $2 local domain +R$* < @ localhost . UUCP > $* $: $1 < @ $j . > $2 .UUCP domain + +# check for IPv6 domain literal (save quoted form) +R$* < @ [ IPv6 $- ] > $* $: $2 $| $1 < @@ [ $(dequote $2 $) ] > $3 mark IPv6 addr +R$- $| $* < @@ $=w > $* $: $2 < @ $j . > $4 self-literal +R$- $| $* < @@ [ $+ ] > $* $@ $2 < @ [ IPv6 $1 ] > $4 canon IP addr + +# check for IPv4 domain literal +R$* < @ [ $+ ] > $* $: $1 < @@ [ $2 ] > $3 mark [a.b.c.d] +R$* < @@ $=w > $* $: $1 < @ $j . > $3 self-literal +R$* < @@ $+ > $* $@ $1 < @ $2 > $3 canon IP addr + + + + + +# if really UUCP, handle it immediately + +# try UUCP traffic as a local address +R$* < @ $+ . UUCP > $* $: $1 < @ $[ $2 $] . UUCP . > $3 +R$* < @ $+ . . UUCP . > $* $@ $1 < @ $2 . > $3 + +# hostnames ending in class P are always canonical +R$* < @ $* $=P > $* $: $1 < @ $2 $3 . > $4 +R$* < @ $* $~P > $* $: $&{daemon_flags} $| $1 < @ $2 $3 > $4 +R$* CC $* $| $* < @ $+.$+ > $* $: $3 < @ $4.$5 . > $6 +R$* CC $* $| $* $: $3 +# pass to name server to make hostname canonical +R$* $| $* < @ $* > $* $: $2 < @ $[ $3 $] > $4 +R$* $| $* $: $2 + +# local host aliases and pseudo-domains are always canonical +R$* < @ $=w > $* $: $1 < @ $2 . > $3 +R$* < @ $=M > $* $: $1 < @ $2 . > $3 +R$* < @ $* . . > $* $1 < @ $2 . > $3 + + +################################################## +### Ruleset 4 -- Final Output Post-rewriting ### +################################################## +Sfinal=4 + +R$+ :; <@> $@ $1 : handle <list:;> +R$* <@> $@ handle <> and list:; + +# strip trailing dot off possibly canonical name +R$* < @ $+ . > $* $1 < @ $2 > $3 + +# eliminate internal code +R$* < @ *LOCAL* > $* $1 < @ $j > $2 + +# externalize local domain info +R$* < $+ > $* $1 $2 $3 defocus +R@ $+ : @ $+ : $+ @ $1 , @ $2 : $3 <route-addr> canonical +R@ $* $@ @ $1 ... and exit + +# UUCP must always be presented in old form +R$+ @ $- . UUCP $2!$1 u@h.UUCP => h!u + +# delete duplicate local names +R$+ % $=w @ $=w $1 @ $2 u%host@host => u@host + + + +############################################################## +### Ruleset 97 -- recanonicalize and call ruleset zero ### +### (used for recursive calls) ### +############################################################## + +SRecurse=97 +R$* $: $>canonify $1 +R$* $@ $>parse $1 + + +###################################### +### Ruleset 0 -- Parse Address ### +###################################### + +Sparse=0 + +R$* $: $>Parse0 $1 initial parsing +R<@> $#local $: <@> special case error msgs +R$* $: $>ParseLocal $1 handle local hacks +R$* $: $>Parse1 $1 final parsing + +# +# Parse0 -- do initial syntax checking and eliminate local addresses. +# This should either return with the (possibly modified) input +# or return with a #error mailer. It should not return with a +# #mailer other than the #error mailer. +# + +SParse0 +R<@> $@ <@> special case error msgs +R$* : $* ; <@> $#error $@ 5.1.3 $: "501 List:; syntax illegal for recipient addresses" +R@ <@ $* > < @ $1 > catch "@@host" bogosity +R<@ $+> $#error $@ 5.1.3 $: "501 User address required" +R$* $: <> $1 +R<> $* < @ [ $+ ] > $* $1 < @ [ $2 ] > $3 +R<> $* <$* : $* > $* $#error $@ 5.1.3 $: "501 Colon illegal in host name part" +R<> $* $1 +R$* < @ . $* > $* $#error $@ 5.1.2 $: "501 Invalid host name" +R$* < @ $* .. $* > $* $#error $@ 5.1.2 $: "501 Invalid host name" +R$* , $~O $* $#error $@ 5.1.2 $: "501 Invalid route address" + +# now delete the local info -- note $=O to find characters that cause forwarding +R$* < @ > $* $@ $>Parse0 $>canonify $1 user@ => user +R< @ $=w . > : $* $@ $>Parse0 $>canonify $2 @here:... -> ... +R$- < @ $=w . > $: $(dequote $1 $) < @ $2 . > dequote "foo"@here +R< @ $+ > $#error $@ 5.1.3 $: "501 User address required" +R$* $=O $* < @ $=w . > $@ $>Parse0 $>canonify $1 $2 $3 ...@here -> ... +R$- $: $(dequote $1 $) < @ *LOCAL* > dequote "foo" +R< @ *LOCAL* > $#error $@ 5.1.3 $: "501 User address required" +R$* $=O $* < @ *LOCAL* > + $@ $>Parse0 $>canonify $1 $2 $3 ...@*LOCAL* -> ... +R$* < @ *LOCAL* > $: $1 + +# +# Parse1 -- the bottom half of ruleset 0. +# + +SParse1 + +# handle numeric address spec +R$* < @ [ $+ ] > $* $: $>ParseLocal $1 < @ [ $2 ] > $3 numeric internet spec +R$* < @ [ $+ ] > $* $1 < @ [ $2 ] : $S > $3 Add smart host to path +R$* < @ [ IPv6 $- ] : > $* + $#esmtp $@ [ $(dequote $2 $) ] $: $1 < @ [IPv6 $2 ] > $3 no smarthost: send +R$* < @ [ $+ ] : > $* $#esmtp $@ [$2] $: $1 < @ [$2] > $3 no smarthost: send +R$* < @ [ $+ ] : $- : $*> $* $#$3 $@ $4 $: $1 < @ [$2] > $5 smarthost with mailer +R$* < @ [ $+ ] : $+ > $* $#esmtp $@ $3 $: $1 < @ [$2] > $4 smarthost without mailer + + +# short circuit local delivery so forwarded email works + + +R$=L < @ $=w . > $#local $: @ $1 special local names +R$+ < @ $=w . > $#local $: $1 regular local name + + +# resolve remotely connected UUCP links (if any) + +# resolve fake top level domains by forwarding to other hosts + + + +# pass names that still have a host to a smarthost (if defined) +R$* < @ $* > $* $: $>MailerToTriple < $S > $1 < @ $2 > $3 glue on smarthost name + +# deal with other remote names +R$* < @$* > $* $#esmtp $@ $2 $: $1 < @ $2 > $3 user@host.domain + +# handle locally delivered names +R$=L $#local $: @ $1 special local names +R$+ $#local $: $1 regular local names + +########################################################################### +### Ruleset 5 -- special rewriting after aliases have been expanded ### +########################################################################### + +SLocal_localaddr +Slocaladdr=5 +R$+ $: $1 $| $>"Local_localaddr" $1 +R$+ $| $#$* $#$2 +R$+ $| $* $: $1 + + + + +# deal with plussed users so aliases work nicely +R$+ + * $#local $@ $&h $: $1 +R$+ + $* $#local $@ + $2 $: $1 + * + +# prepend an empty "forward host" on the front +R$+ $: <> $1 + + +# see if we have a relay or a hub +R< > $+ $: < $H > $1 try hub +R< > $+ $: < $R > $1 try relay + +R< > $+ $: < > < $1 <> $&h > nope, restore +detail +R< > < $+ <> + $* > $: < > < $1 + $2 > check whether +detail +R< > < $+ <> $* > $: < > < $1 > else discard +R< > < $+ + $* > $* < > < $1 > + $2 $3 find the user part +R< > < $+ > + $* $#local $@ $2 $: @ $1 strip the extra + +R< > < $+ > $@ $1 no +detail +R$+ $: $1 <> $&h add +detail back in +R$+ <> + $* $: $1 + $2 check whether +detail +R$+ <> $* $: $1 else discard +R< local : $* > $* $: $>MailerToTriple < local : $1 > $2 no host extension +R< error : $* > $* $: $>MailerToTriple < error : $1 > $2 no host extension +R< $- : $+ > $+ $: $>MailerToTriple < $1 : $2 > $3 < @ $2 > +R< $+ > $+ $@ $>MailerToTriple < $1 > $2 < @ $1 > + + +################################################################### +### Ruleset 95 -- canonify mailer:[user@]host syntax to triple ### +################################################################### + +SMailerToTriple=95 +R< > $* $@ $1 strip off null relay +R< error : $-.$-.$- : $+ > $* $#error $@ $1.$2.$3 $: $4 +R< error : $- $+ > $* $#error $@ $(dequote $1 $) $: $2 +R< local : $* > $* $>CanonLocal < $1 > $2 +R< $- : $+ @ $+ > $*<$*>$* $# $1 $@ $3 $: $2<@$3> use literal user +R< $- : $+ > $* $# $1 $@ $2 $: $3 try qualified mailer +R< $=w > $* $@ $2 delete local host +R< [ IPv6 $+ ] > $* $#relay $@ $(dequote $1 $) $: $2 use unqualified mailer +R< $+ > $* $#relay $@ $1 $: $2 use unqualified mailer + +################################################################### +### Ruleset CanonLocal -- canonify local: syntax ### +################################################################### + +SCanonLocal +# strip local host from routed addresses +R< $* > < @ $+ > : $+ $@ $>Recurse $3 +R< $* > $+ $=O $+ < @ $+ > $@ $>Recurse $2 $3 $4 + +# strip trailing dot from any host name that may appear +R< $* > $* < @ $* . > $: < $1 > $2 < @ $3 > + +# handle local: syntax -- use old user, either with or without host +R< > $* < @ $* > $* $#local $@ $1@$2 $: $1 +R< > $+ $#local $@ $1 $: $1 + +# handle local:user@host syntax -- ignore host part +R< $+ @ $+ > $* < @ $* > $: < $1 > $3 < @ $4 > + +# handle local:user syntax +R< $+ > $* <@ $* > $* $#local $@ $2@$3 $: $1 +R< $+ > $* $#local $@ $2 $: $1 + +################################################################### +### Ruleset 93 -- convert header names to masqueraded form ### +################################################################### + +SMasqHdr=93 + + +# do not masquerade anything in class N +R$* < @ $* $=N . > $@ $1 < @ $2 $3 . > + +# special case the users that should be exposed +R$=E < @ *LOCAL* > $@ $1 < @ $j . > leave exposed +R$=E < @ $=M . > $@ $1 < @ $2 . > +R$=E < @ $=w . > $@ $1 < @ $2 . > + +# handle domain-specific masquerading +R$* < @ $=M . > $* $: $1 < @ $2 . @ $M > $3 convert masqueraded doms +R$* < @ $=w . > $* $: $1 < @ $2 . @ $M > $3 +R$* < @ *LOCAL* > $* $: $1 < @ $j . @ $M > $2 +R$* < @ $+ @ > $* $: $1 < @ $2 > $3 $M is null +R$* < @ $+ @ $+ > $* $: $1 < @ $3 . > $4 $M is not null + +################################################################### +### Ruleset 94 -- convert envelope names to masqueraded form ### +################################################################### + +SMasqEnv=94 +R$* < @ *LOCAL* > $* $: $1 < @ $j . > $2 + +################################################################### +### Ruleset 98 -- local part of ruleset zero (can be null) ### +################################################################### + +SParseLocal=98 + +# addresses sent to foo@host.REDIRECT will give a 551 error code +R$* < @ $+ .REDIRECT. > $: $1 < @ $2 . REDIRECT . > < ${opMode} > +R$* < @ $+ .REDIRECT. > <i> $: $1 < @ $2 . REDIRECT. > +R$* < @ $+ .REDIRECT. > < $- > $#error $@ 5.1.1 $: "551 User has moved; please try " <$1@$2> + + + + + +###################################################################### +### CanonAddr -- Convert an address into a standard form for +### relay checking. Route address syntax is +### crudely converted into a %-hack address. +### +### Parameters: +### $1 -- full recipient address +### +### Returns: +### parsed address, not in source route form +###################################################################### + +SCanonAddr +R$* $: $>Parse0 $>canonify $1 make domain canonical + + +###################################################################### +### ParseRecipient -- Strip off hosts in $=R as well as possibly +### $* $=m or the access database. +### Check user portion for host separators. +### +### Parameters: +### $1 -- full recipient address +### +### Returns: +### parsed, non-local-relaying address +###################################################################### + +SParseRecipient +R$* $: <?> $>CanonAddr $1 +R<?> $* < @ $* . > <?> $1 < @ $2 > strip trailing dots +R<?> $- < @ $* > $: <?> $(dequote $1 $) < @ $2 > dequote local part + +# if no $=O character, no host in the user portion, we are done +R<?> $* $=O $* < @ $* > $: <NO> $1 $2 $3 < @ $4> +R<?> $* $@ $1 + + + +R<NO> $* < @ $* $=R > $: <RELAY> $1 < @ $2 $3 > + + +R<RELAY> $* < @ $* > $@ $>ParseRecipient $1 +R<$-> $* $@ $2 + + +###################################################################### +### check_relay -- check hostname/address on SMTP startup +###################################################################### + +SLocal_check_relay +Scheck_relay +R$* $: $1 $| $>"Local_check_relay" $1 +R$* $| $* $| $#$* $#$3 +R$* $| $* $| $* $@ $>"Basic_check_relay" $1 $| $2 + +SBasic_check_relay +# check for deferred delivery mode +R$* $: < ${deliveryMode} > $1 +R< d > $* $@ deferred +R< $* > $* $: $2 + + + + +###################################################################### +### check_mail -- check SMTP `MAIL FROM:' command argument +###################################################################### + +SLocal_check_mail +Scheck_mail +R$* $: $1 $| $>"Local_check_mail" $1 +R$* $| $#$* $#$2 +R$* $| $* $@ $>"Basic_check_mail" $1 + +SBasic_check_mail +# check for deferred delivery mode +R$* $: < ${deliveryMode} > $1 +R< d > $* $@ deferred +R< $* > $* $: $2 + +# authenticated? +R$* $: $1 $| $>"tls_client" $&{verify} $| MAIL +R$* $| $#$+ $#$2 +R$* $| $* $: $1 + +R<> $@ <OK> we MUST accept <> (RFC 1123) +R$+ $: <?> $1 +R<?><$+> $: <@> <$1> +R<?>$+ $: <@> <$1> +R$* $: $&{daemon_flags} $| $1 +R$* f $* $| <@> < $* @ $- > $: < ? $&{client_name} > < $3 @ $4 > +R$* u $* $| <@> < $* > $: <?> < $3 > +R$* $| $* $: $2 +# handle case of @localhost on address +R<@> < $* @ localhost > $: < ? $&{client_name} > < $1 @ localhost > +R<@> < $* @ [127.0.0.1] > + $: < ? $&{client_name} > < $1 @ [127.0.0.1] > +R<@> < $* @ localhost.$m > + $: < ? $&{client_name} > < $1 @ localhost.$m > +R<@> < $* @ localhost.UUCP > + $: < ? $&{client_name} > < $1 @ localhost.UUCP > +R<@> $* $: $1 no localhost as domain +R<? $=w> $* $: $2 local client: ok +R<? $+> <$+> $#error $@ 5.5.4 $: "501 Real domain name required for sender address" +R<?> $* $: $1 +R$* $: <?> $>CanonAddr $1 canonify sender address and mark it +R<?> $* < @ $+ . > <?> $1 < @ $2 > strip trailing dots +# handle non-DNS hostnames (*.bitnet, *.decnet, *.uucp, etc) +R<?> $* < @ $* $=P > $: <OK> $1 < @ $2 $3 > +R<?> $* < @ $+ > $: <? $(resolve $2 $: $2 <PERM> $) > $1 < @ $2 > +R<? $* <$->> $* < @ $+ > + $: <$2> $3 < @ $4 > + + +# handle case of no @domain on address +R<?> $* $: $&{daemon_flags} $| <?> $1 +R$* u $* $| <?> $* $: <OK> $3 +R$* $| $* $: $2 +R<?> $* $: < ? $&{client_name} > $1 +R<?> $* $@ <OK> ...local unqualed ok +R<? $+> $* $#error $@ 5.5.4 $: "501 Domain name required for sender address " $&f + ...remote is not +# check results +R<?> $* $: @ $1 mark address: nothing known about it +R<OK> $* $@ <OK> +R<TEMP> $* $#error $@ 4.1.8 $: "451 Domain of sender address " $&f " does not resolve" +R<PERM> $* $#error $@ 5.1.8 $: "501 Domain of sender address " $&f " does not exist" + +###################################################################### +### check_rcpt -- check SMTP `RCPT TO:' command argument +###################################################################### + +SLocal_check_rcpt +Scheck_rcpt +R$* $: $1 $| $>"Local_check_rcpt" $1 +R$* $| $#$* $#$2 +R$* $| $* $@ $>"Basic_check_rcpt" $1 + +SBasic_check_rcpt +# check for deferred delivery mode +R$* $: < ${deliveryMode} > $1 +R< d > $* $@ deferred +R< $* > $* $: $2 + + +R$* $: $>ParseRecipient $1 strip relayable hosts + + + + + +# authenticated? +R$* $: $1 $| $>RelayAuth $1 $| $&{verify} client authenticated? +R$* $| $# $+ $# $2 error/ok? +R$* $| $* $: $1 no + +# authenticated by a trusted mechanism? +R$* $: $1 $| $&{auth_type} +R$* $| $: $1 +R$* $| $={TrustAuthMech} $# RELAYAUTH +R$* $| $* $: $1 +# anything terminating locally is ok +R$+ < @ $=w > $@ RELAYTO +R$+ < @ $* $=R > $@ RELAYTO + + + +# check for local user (i.e. unqualified address) +R$* $: <?> $1 +R<?> $* < @ $+ > $: <REMOTE> $1 < @ $2 > +# local user is ok +R<?> $+ $@ RELAYTOLOCAL +R<$+> $* $: $2 + +# anything originating locally is ok +# check IP address +R$* $: $&{client_addr} +R$@ $@ RELAYFROM originated locally +R0 $@ RELAYFROM originated locally +R$=R $* $@ RELAYFROM relayable IP address +R$* $: [ $1 ] put brackets around it... +R$=w $@ RELAYFROM ... and see if it is local + + +# check client name: first: did it resolve? +R$* $: < $&{client_resolve} > +R<TEMP> $#error $@ 4.7.1 $: "450 Relaying temporarily denied. Cannot resolve PTR record for " $&{client_addr} +R<FORGED> $#error $@ 5.7.1 $: "550 Relaying denied. IP name possibly forged " $&{client_name} +R<FAIL> $#error $@ 5.7.1 $: "550 Relaying denied. IP name lookup failed " $&{client_name} +R$* $: <?> $&{client_name} +# pass to name server to make hostname canonical +R<?> $* $~P $:<?> $[ $1 $2 $] +R$* . $1 strip trailing dots +R<?> $@ RELAYFROM +R<?> $=w $@ RELAYFROM +R<?> $* $=R $@ RELAYFROM + +# anything else is bogus +R$* $#error $@ 5.7.1 $: "550 Relaying denied" + + +# is user trusted to authenticate as someone else? +Strust_auth +R$* $: $&{auth_type} $| $1 +# required by RFC 2554 section 4. +R$@ $| $* $#error $@ 5.7.1 $: "550 not authenticated" +R$* $| $&{auth_authen} $@ identical +R$* $| <$&{auth_authen}> $@ identical +R$* $| $* $: $1 $| $>"Local_trust_auth" $1 +R$* $| $#$* $#$2 +R$* $#error $@ 5.7.1 $: "550 " $&{auth_authen} " not allowed to act as " $&{auth_author} + +SLocal_trust_auth + + +# is connection with client "good" enough? (done in server) +# input: ${verify} $| (MAIL|STARTTLS) +Stls_client +R$* $| $* $@ $>"tls_connection" $1 + +# is connection with server "good" enough? (done in client) +# input: ${verify} +Stls_server +R$* $@ $>"tls_connection" $1 + +Stls_connection +RSOFTWARE $#error $@ 4.7.0 $: "403 TLS handshake." + +SRelayAuth +# authenticated? +R$* $| OK $: $1 +R$* $| $* $@ NO not authenticated + + +# +###################################################################### +###################################################################### +##### +##### MAILER DEFINITIONS +##### +###################################################################### +###################################################################### + + +################################################## +### Local and Program Mailer specification ### +################################################## + +##### $Id: generic-nextstep3.3.cf,v 1.1 2001/01/15 20:52:26 millert Exp $ ##### + +# +# Envelope sender rewriting +# +SEnvFromL=10 +R<@> $n errors to mailer-daemon +R@ <@ $*> $n temporarily bypass Sun bogosity +R$+ $: $>AddDomain $1 add local domain if needed +R$* $: $>MasqEnv $1 do masquerading + +# +# Envelope recipient rewriting +# +SEnvToL=20 +R$+ < @ $* > $: $1 strip host part + +# +# Header sender rewriting +# +SHdrFromL=30 +R<@> $n errors to mailer-daemon +R@ <@ $*> $n temporarily bypass Sun bogosity +R$+ $: $>AddDomain $1 add local domain if needed +R$* $: $>MasqHdr $1 do masquerading + +# +# Header recipient rewriting +# +SHdrToL=40 +R$+ $: $>AddDomain $1 add local domain if needed +R$* < @ *LOCAL* > $* $: $1 < @ $j . > $2 + +# +# Common code to add local domain name (only if always-add-domain) +# +SAddDomain=50 + +Mlocal, P=/bin/mail, F=lsDFMAw5:/|@qPrmn9, S=EnvFromL/HdrFromL, R=EnvToL/HdrToL, + T=DNS/RFC822/X-Unix, + A=mail -d $u +Mprog, P=/bin/sh, F=lsDFMoqeuP, S=EnvFromL/HdrFromL, R=EnvToL/HdrToL, D=$z:/, + T=X-Unix/X-Unix/X-Unix, + A=sh -c $u + +##################################### +### SMTP Mailer specification ### +##################################### + +##### $Id: generic-nextstep3.3.cf,v 1.1 2001/01/15 20:52:26 millert Exp $ ##### + +# +# common sender and masquerading recipient rewriting +# +SMasqSMTP=61 +R$* < @ $* > $* $@ $1 < @ $2 > $3 already fully qualified +R$+ $@ $1 < @ *LOCAL* > add local qualification + +# +# convert pseudo-domain addresses to real domain addresses +# +SPseudoToReal=51 + +# pass <route-addr>s through +R< @ $+ > $* $@ < @ $1 > $2 resolve <route-addr> + +# output fake domains as user%fake@relay + +# do UUCP heuristics; note that these are shared with UUCP mailers +R$+ < @ $+ .UUCP. > $: < $2 ! > $1 convert to UUCP form +R$+ < @ $* > $* $@ $1 < @ $2 > $3 not UUCP form + +# leave these in .UUCP form to avoid further tampering +R< $&h ! > $- ! $+ $@ $2 < @ $1 .UUCP. > +R< $&h ! > $-.$+ ! $+ $@ $3 < @ $1.$2 > +R< $&h ! > $+ $@ $1 < @ $&h .UUCP. > +R< $+ ! > $+ $: $1 ! $2 < @ $Y > use UUCP_RELAY +R$+ < @ $+ : $+ > $@ $1 < @ $3 > strip mailer: part +R$+ < @ > $: $1 < @ *LOCAL* > if no UUCP_RELAY + + +# +# envelope sender rewriting +# +SEnvFromSMTP=11 +R$+ $: $>PseudoToReal $1 sender/recipient common +R$* :; <@> $@ list:; special case +R$* $: $>MasqSMTP $1 qualify unqual'ed names +R$+ $: $>MasqEnv $1 do masquerading + + +# +# envelope recipient rewriting -- +# also header recipient if not masquerading recipients +# +SEnvToSMTP=21 +R$+ $: $>PseudoToReal $1 sender/recipient common +R$+ $: $>MasqSMTP $1 qualify unqual'ed names +R$* < @ *LOCAL* > $* $: $1 < @ $j . > $2 + +# +# header sender and masquerading header recipient rewriting +# +SHdrFromSMTP=31 +R$+ $: $>PseudoToReal $1 sender/recipient common +R:; <@> $@ list:; special case + +# do special header rewriting +R$* <@> $* $@ $1 <@> $2 pass null host through +R< @ $* > $* $@ < @ $1 > $2 pass route-addr through +R$* $: $>MasqSMTP $1 qualify unqual'ed names +R$+ $: $>MasqHdr $1 do masquerading + + +# +# relay mailer header masquerading recipient rewriting +# +SMasqRelay=71 +R$+ $: $>MasqSMTP $1 +R$+ $: $>MasqHdr $1 + +Msmtp, P=[IPC], F=mDFMuX, S=EnvFromSMTP/HdrFromSMTP, R=EnvToSMTP, E=\r\n, L=990, + T=DNS/RFC822/SMTP, + A=TCP $h +Mesmtp, P=[IPC], F=mDFMuXa, S=EnvFromSMTP/HdrFromSMTP, R=EnvToSMTP, E=\r\n, L=990, + T=DNS/RFC822/SMTP, + A=TCP $h +Msmtp8, P=[IPC], F=mDFMuX8, S=EnvFromSMTP/HdrFromSMTP, R=EnvToSMTP, E=\r\n, L=990, + T=DNS/RFC822/SMTP, + A=TCP $h +Mdsmtp, P=[IPC], F=mDFMuXa%, S=EnvFromSMTP/HdrFromSMTP, R=EnvToSMTP, E=\r\n, L=990, + T=DNS/RFC822/SMTP, + A=TCP $h +Mrelay, P=[IPC], F=mDFMuXa8, S=EnvFromSMTP/HdrFromSMTP, R=MasqSMTP, E=\r\n, L=2040, + T=DNS/RFC822/SMTP, + A=TCP $h + diff --git a/gnu/usr.sbin/sendmail/cf/ostype/aix5.m4 b/gnu/usr.sbin/sendmail/cf/ostype/aix5.m4 new file mode 100644 index 00000000000..047a33f50ed --- /dev/null +++ b/gnu/usr.sbin/sendmail/cf/ostype/aix5.m4 @@ -0,0 +1,18 @@ +divert(-1) +# +# Copyright (c) 2000 Sendmail, Inc. and its suppliers. +# All rights reserved. +# +# By using this file, you agree to the terms and conditions set +# forth in the LICENSE file which can be found at the top level of +# the sendmail distribution. +# +# + +divert(0) +VERSIONID(`$Id: aix5.m4,v 1.1 2001/01/15 20:52:34 millert Exp $') +ifdef(`LOCAL_MAILER_PATH',, `define(`LOCAL_MAILER_PATH', /bin/bellmail)')dnl +ifdef(`LOCAL_MAILER_ARGS',, `define(`LOCAL_MAILER_ARGS', mail -F $g $u)')dnl +_DEFIFNOT(`LOCAL_MAILER_FLAGS', `mn9')dnl +define(`confEBINDIR', `/usr/lib')dnl +define(`confTIME_ZONE', `USE_TZ')dnl diff --git a/gnu/usr.sbin/sendmail/cf/ostype/darwin.m4 b/gnu/usr.sbin/sendmail/cf/ostype/darwin.m4 new file mode 100644 index 00000000000..38a40e7993e --- /dev/null +++ b/gnu/usr.sbin/sendmail/cf/ostype/darwin.m4 @@ -0,0 +1,17 @@ +divert(-1) +# +# Copyright (c) 2000 Sendmail, Inc. and its suppliers. +# All rights reserved. +# +# By using this file, you agree to the terms and conditions set +# forth in the LICENSE file which can be found at the top level of +# the sendmail distribution. +# +# +# + +divert(0) +VERSIONID(`$Id: darwin.m4,v 1.1 2001/01/15 20:52:34 millert Exp $') +ifdef(`STATUS_FILE',, `define(`STATUS_FILE', `/var/log/sendmail.st')')dnl +ifdef(`LOCAL_MAILER_PATH',, `define(`LOCAL_MAILER_PATH', /usr/libexec/mail.local)')dnl +ifdef(`UUCP_MAILER_ARGS',, `define(`UUCP_MAILER_ARGS', `uux - -r -z -a$g $h!rmail ($u)')')dnl diff --git a/gnu/usr.sbin/sendmail/cf/ostype/solaris8.m4 b/gnu/usr.sbin/sendmail/cf/ostype/solaris8.m4 new file mode 100644 index 00000000000..0e5b221c85f --- /dev/null +++ b/gnu/usr.sbin/sendmail/cf/ostype/solaris8.m4 @@ -0,0 +1,25 @@ +divert(-1) +# +# Copyright (c) 2000 Sendmail, Inc. and its suppliers. +# All rights reserved. +# +# By using this file, you agree to the terms and conditions set +# forth in the LICENSE file which can be found at the top level of +# the sendmail distribution. +# +# +# This ostype file is suitable for use on Solaris 8 and later systems, +# taking advantage of mail.local's LMTP support, the existence of +# /var/run and support for IPv6, all of which where introduced in +# Solaris 8. +# + +divert(0) +VERSIONID(`$Id: solaris8.m4,v 1.1 2001/01/15 20:52:37 millert Exp $') +divert(-1) + +ifdef(`UUCP_MAILER_ARGS',, `define(`UUCP_MAILER_ARGS', `uux - -r -a$g $h!rmail ($u)')') +define(`confEBINDIR', `/usr/lib')dnl +define(`confPID_FILE', `/var/run/sendmail.pid')dnl +define(`_NETINET6_')dnl +FEATURE(`local_lmtp')dnl diff --git a/gnu/usr.sbin/sendmail/contrib/bitdomain.c b/gnu/usr.sbin/sendmail/contrib/bitdomain.c index 28fe287cd95..0b7073d3921 100644 --- a/gnu/usr.sbin/sendmail/contrib/bitdomain.c +++ b/gnu/usr.sbin/sendmail/contrib/bitdomain.c @@ -51,7 +51,7 @@ char **argv; { int opt; - while ((opt = getopt(argc, argv, "o:")) != EOF) { + while ((opt = getopt(argc, argv, "o:")) != -1) { switch (opt) { case 'o': if (!freopen(optarg, "w", stdout)) { @@ -187,7 +187,7 @@ char *domainlen; case NO_DATA: err = "registered in DNS, but not mailable"; break; - + default: err = "unknown nameserver error"; break; @@ -210,7 +210,7 @@ valhost(host, hbsize) int hbsize; { register u_char *eom, *ap; - register int n; + register int n; HEADER *hp; querybuf answer; int ancount, qdcount; @@ -406,4 +406,4 @@ finish() } } } - + diff --git a/gnu/usr.sbin/sendmail/contrib/buildvirtuser b/gnu/usr.sbin/sendmail/contrib/buildvirtuser new file mode 100644 index 00000000000..979dbd492b6 --- /dev/null +++ b/gnu/usr.sbin/sendmail/contrib/buildvirtuser @@ -0,0 +1,167 @@ +#!/usr/bin/perl -w + +# Copyright (c) 1999-2000 Gregory Neil Shapiro. All Rights Reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions +# are met: +# +# 1. Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in the +# documentation and/or other materials provided with the distribution. +# 3. Neither the name of the author nor the names of its contributors +# may be used to endorse or promote products derived from this software +# without specific prior written permission. +# +# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND +# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +# ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +# SUCH DAMAGE. + +# $Id: buildvirtuser,v 1.1 2001/01/15 20:52:40 millert Exp $ + +=head1 NAME + +buildvirtuser - Build virtusertable support from a directory of files + +=head1 SYNOPSIS + + buildvirtuser + +=head1 DESCRIPTION + +buildvirtuser will build /etc/mail/virtusertable.db and /etc/mail/virthosts +based on the contents of the directory /etc/mail/virtusers/. That +directory should contain one file per virtual domain with the filename +matching the virtual domain name and the contents containing a list of +usernames on the left and the actual address for that username on the +right. An empty left column translates to the default for that domain. +Blank lines and lines beginning with '#' are ignored. + +=head1 CONFIGURATION + +In order to function properly, sendmail must be configured to use these +files with: + + FEATURE(`virtusertable')dnl + VIRTUSER_DOMAIN_FILE(`/etc/mail/virthosts')dnl + +If a new domain is added (i.e., by adding a new file to +/etc/mail/virtusers/), the sendmail daemon must be restarted for the change +to take affect. + +=head1 EXAMPLES + +Here are some example files from the /etc/mail/virtusers/ directory: + +=head2 /etc/mail/virtusers/bsdunix.org: + + # Services + MAILER-DAEMON gshapiro+MAILER-DAEMON.bsdunix.org@gshapiro.net + postmaster gshapiro+postmaster.bsdunix.org@gshapiro.net + webmaster gshapiro+webmaster.bsdunix.org@gshapiro.net + + # Defaults + error:nouser No such user + + # Users + gshapiro gshapiro+bsdunix.org@gshapiro.net + bob robert@smtp.org + +=head2 /etc/mail/virtusers/smtp.org: + + # Defaults + gshapiro+smtp.org@gshapiro.net + + # Users + john john@wookie.org + nancy n@milter.com + +=head1 AUTHOR + +Gregory Neil Shapiro E<lt>F<gshapiro@gshapiro.net>E<gt> + +=cut + +my $makemap = "/usr/sbin/makemap"; +my $dbtype = "hash"; +my $maildir = "/etc/mail"; +my $virthosts = "$maildir/virthosts"; +my $newvirthosts = "$maildir/virthosts.new"; +my $virts = "$maildir/virtusers"; +my $newvirt = "$maildir/virtusertable.new.db"; +my $virt = "$maildir/virtusertable.db"; +my %virt = (); +my $newest = 0; + +opendir(VIRTS, $virts) || die "Could not open directory $virts: $!\n"; +my @virts = grep { -f "$virts/$_" } readdir(VIRTS); +closedir(VIRTS) || die "Could not close directory $virts: $!\n"; + +foreach $domain (@virts) +{ + open(DOMAIN, "$virts/$domain") || die "Could not open file $virts/$domain: $!\n"; + my $line = 0; + my $mtime = (stat(DOMAIN))[9] || 0; + if ($mtime > $newest) + { + $newest = $mtime; + } +LINE: while (<DOMAIN>) + { + chomp; + $line++; + next LINE if /^#/; + next LINE if /^$/; + if (m/^([^\t ]*)[\t ]+(.*)$/) + { + if (defined($1)) + { + $key = "$1\@$domain"; + } + else + { + $key = "\@$domain"; + } + $value = $2; + } + else + { + die "Bogus line $line in $virts/$domain\n"; + } + $virt{$key} = $value; + } + close(DOMAIN) || die "Could not close $virts/$domain: $!\n"; +} + +my $virtmtime = (stat($virt))[9] || 0; +if ($virtmtime < $newest) +{ + print STDOUT "Rebuilding $virt\n"; +# logger -s -t ${prog} -p mail.info "Rebuilding ${basedir}/virtusertable" + open(MAKEMAP, "|$makemap $dbtype $newvirt") || die "Could not start makemap: $!\n"; + foreach $key (keys %virt) + { + print MAKEMAP "$key\t\t$virt{$key}\n"; + } + close(MAKEMAP) || die "Could not close makemap ($?): $!\n"; + rename($newvirt, $virt) || die "Could not rename $newvirt to $virt: $!\n"; + + open(VIRTHOST, ">$newvirthosts") || die "Could not open file $newvirthosts: $!\n"; + foreach $domain (sort @virts) + { + print VIRTHOST "$domain\n"; + } + close(VIRTHOST) || die "Could not close $newvirthosts: $!\n"; + rename($newvirthosts, $virthosts) || die "Could not rename $newvirthosts to $virthosts: $!\n"; +} +exit 0; diff --git a/gnu/usr.sbin/sendmail/contrib/cidrexpand b/gnu/usr.sbin/sendmail/contrib/cidrexpand new file mode 100644 index 00000000000..b61fc2e38c6 --- /dev/null +++ b/gnu/usr.sbin/sendmail/contrib/cidrexpand @@ -0,0 +1,137 @@ +#!/usr/local/bin/perl -w + +# v 0.2-very-very-beta +# +# 17 July 2000 Derek J. Balling (dredd@megacity.org) +# +# The $SENDMAIL flag tells the code to lump networks in sendmail format +# if applicable. If this flag is disabled, cidrexpand will literally create +# a single line for each entry, which may or may not be what you want. :) +# makes for a rather large hash table... +# +# Acts as a preparser on /etc/mail/access_db to allow you to use address/bit +# notation. Caveat: the address portion MUST be the start address or your +# results will NOT be what what you want. +# +# +# usage: +# cidrexpand < /etc/mail/access | makemap hash /etc/mail/access +# +# +# Report bugs to: dredd@megacity.org +# + +my $spaceregex = '\s+'; + +while (my $arg = shift @ARGV) +{ + if ($arg eq '-t') + { + $spaceregex = shift; + } +} + +use strict; + +my $SENDMAIL = 1; + +while (<>) +{ + my ($left,$right,$space); + + if (! /^(\d+\.){3}\d+\/\d\d?$spaceregex.*/ ) + { + print; + } + else + { + ($left,$space,$right) = /^((?:\d+\.){3}\d+\/\d\d?)($spaceregex)(.*)$/; + + my @new_lefts = expand_network($left); + foreach my $nl (@new_lefts) + { + print "$nl$space$right\n"; + } + + } +} + +sub expand_network +{ + my ($network,$mask) = split /\//, shift; + my @diffs = calc_changes($network,$mask); + my ($first,$second,$third,$fourth) = split /\./, $network; + + my @rc = (); + + for my $f ($first..($first+$diffs[0])) + { + if ( ( $SENDMAIL ) and ($diffs[1] == 255)) + { + push @rc, "$f"; + } + else + { + for my $s ($second..($second+$diffs[1])) + { + if ( ($SENDMAIL) and ($diffs[2] == 255) ) + { + push @rc,"$f\.$s"; + } + else + { + for my $t ($third..($third+$diffs[2])) + { + if ( ($SENDMAIL) and ($diffs[3] == 255)) + { + push @rc, "$f\.$s\.$t"; + } + else + { + for my $fr ($fourth..($fourth+$diffs[3])) + { + push @rc, "$f\.$s\.$t\.$fr"; + } + } + } + } + } + } + } + return @rc; +} + +sub calc_changes +{ + my ($network,$mask) = @_; + + my @octs = split /\./, $network; + + my ($first,$second,$third,$fourth) = (0,0,0,0); + + my $power = 32 - $mask; + + if ($mask > 24) + { + $fourth = 2**$power - 1; + } + elsif ($mask > 16) + { + $fourth = 255; + $third = 2**($power-8) - 1; + } + elsif ($mask > 8) + { + $fourth = 255; + $third = 255; + $second = 2**($power-16) - 1; + } + elsif ($mask > 0) + { + $fourth = 255; + $third = 255; + $second = 255; + $first = 2**($power-24) - 1; + } + return ($first,$second,$third,$fourth); +} diff --git a/gnu/usr.sbin/sendmail/contrib/link_hash.sh b/gnu/usr.sbin/sendmail/contrib/link_hash.sh new file mode 100644 index 00000000000..a9e806521f7 --- /dev/null +++ b/gnu/usr.sbin/sendmail/contrib/link_hash.sh @@ -0,0 +1,36 @@ +#!/bin/sh +## +## Copyright (c) 2000 Sendmail, Inc. and its suppliers. +## All rights reserved. +## +## $Id: link_hash.sh,v 1.1 2001/01/15 20:52:40 millert Exp $ +## +# +# ln a certificate to its hash +# +SSL=openssl +if test $# -ge 1 +then + for i in $@ + do + C=$i.pem + test -f $C || C=$i + if test -f $C + then + H=`$SSL x509 -noout -hash < $C`.0 + if test -h $H -o -f $H + then + echo link $H to $C exists + else + ln -s $C $H + fi + else + echo "$0: cannot open $C" + exit 2 + fi + done +else + echo "$0: missing name" + exit 1 +fi +exit 0 diff --git a/gnu/usr.sbin/sendmail/contrib/movemail.conf b/gnu/usr.sbin/sendmail/contrib/movemail.conf new file mode 100644 index 00000000000..17009b81b0e --- /dev/null +++ b/gnu/usr.sbin/sendmail/contrib/movemail.conf @@ -0,0 +1,35 @@ +# Configuration script for movemail.pl + +my $minutes = 60; +my $hours = 3600; + +# Queue directories first..last + +@queues = qw( + /var/spool/mqueue/q1 + /var/spool/mqueue/q2 + /var/spool/mqueue/q3 +); + +# Base of subqueue name (optional). +# If used, queue directories are $queues[n]/$subqbase* +# Separate qf/df/xf directories are not supported. + +$subqbase = "subq"; + +# Age of mail when moved. Each element of the array must be greater than the +# previous element. + +@ages = ( + 30*$minutes, # q1 to q2 + 6*$hours # q2 to q3 +); + +# Location of script to move the mail + +$remqueue = "/usr/local/bin/re-mqueue.pl"; + +# Lock file to prevent more than one instance running (optional) +# Useful when running from cron + +$lockfile = "/var/spool/mqueue/movemail.lock"; diff --git a/gnu/usr.sbin/sendmail/contrib/movemail.pl b/gnu/usr.sbin/sendmail/contrib/movemail.pl new file mode 100644 index 00000000000..86bcb20118e --- /dev/null +++ b/gnu/usr.sbin/sendmail/contrib/movemail.pl @@ -0,0 +1,106 @@ +#!/usr/bin/perl -w +# +# Move old mail messages between queues by calling re-mqueue.pl. +# +# movemail.pl [config-script] +# +# Default config script is /usr/local/etc/movemail.conf. +# +# Graeme Hewson <graeme.hewson@oracle.com>, June 2000 +# + +use strict; + +# Load external program as subroutine to avoid +# compilation overhead on each call + +sub loadsub { + my $fn = shift + or die "Filename not specified"; + my $len = (stat($fn))[7] + or die "Can't stat $fn: $!"; + open PROG, "< $fn" + or die "Can't open $fn: $!"; + my $prog; + read PROG, $prog, $len + or die "Can't read $fn: $!"; + close PROG; + eval join "", + 'return sub { my @ARGV = @_; $0 = $fn; no strict;', + "$prog", + '};'; +} + +my $progname = $0; +my $lastage = -1; +my $LOCK_EX = 2; +my $LOCK_NB = 4; + +# Load and eval config script + +my $conffile = shift || "/usr/local/etc/movemail.conf"; +my $len = (stat($conffile))[7] + or die "Can't stat $conffile: $!"; +open CONF, "< $conffile" + or die "Can't open $conffile: $!"; +my $conf; +read CONF, $conf, $len + or die "Can't read $conffile: $!"; +close CONF; +use vars qw(@queues $subqbase @ages $remqueue $lockfile); +eval $conf; + +if ($#queues < 1) { + print "$progname: there must be at least two queues\n"; + exit 1; +} + +if ($#ages != ($#queues - 1)) { + print "$progname: wrong number of ages (should be one less than number of queues)\n"; + exit 1; +} + +# Get lock or exit quietly. Useful when running from cron. + +if ($lockfile) { + open LOCK, ">>$lockfile" + or die "Can't open lock file: $!"; + unless (flock LOCK, $LOCK_EX|$LOCK_NB) { + close LOCK; + exit 0; + } +} + +my $remsub = loadsub($remqueue); + +# Go through directories in reverse order so as to check spool files only once + +for (my $n = $#queues - 1; $n >= 0; $n--) { + unless ($ages[$n] =~ /^\d+$/) { + print "$progname: invalid number $ages[$n] in ages array\n"; + exit 1; + } + unless ($lastage < 0 || $ages[$n] < $lastage) { + print "$progname: age $lastage is not > previous value $ages[$n]\n"; + exit 1; + } + $lastage = $ages[$n]; + if ($subqbase) { + my $subdir; + opendir(DIR, $queues[$n]) + or die "Can't open $queues[$n]: $!"; + foreach $subdir ( grep { /^$subqbase/ } readdir DIR) { + &$remsub("$queues[$n]/$subdir", "$queues[$n+1]/$subdir", + $ages[$n]); + } + closedir(DIR); + } else { + # Not using subdirectories + &$remsub($queues[$n], $queues[$n+1], $ages[$n]); + } +} + +if ($lockfile) { + unlink $lockfile; + close LOCK; +} diff --git a/gnu/usr.sbin/sendmail/contrib/passwd-to-alias.pl b/gnu/usr.sbin/sendmail/contrib/passwd-to-alias.pl index 05a51b93496..24bb7a1c544 100644 --- a/gnu/usr.sbin/sendmail/contrib/passwd-to-alias.pl +++ b/gnu/usr.sbin/sendmail/contrib/passwd-to-alias.pl @@ -8,22 +8,23 @@ print "# Generated from passwd by $0\n"; +$wordpat = '([a-zA-Z]+?[a-zA-Z0-9-]*)?[a-zA-Z0-9]'; # 'DB2' while (@a = getpwent) { ($name,$passwd,$uid,$gid,$quota,$comment,$gcos,$dir,$shell) = @a; ($fullname = $gcos) =~ s/,.*$//; - if (!-d $dir || !-x $shell) { - print "$name: root\n"; + if (!-d $dir || !-x $shell || $shell =~ m!/bin/(false|true)$!) { + print "$name: root\n"; # handle pseudo user } $fullname =~ s/\.*[ _]+\.*/./g; - $fullname =~ tr [åäöÅÄÖé] [aaoAAOe]; # <hakan@af.lu.se> 1997-06-15 - if ($fullname =~ /^[a-zA-Z][a-zA-Z-]+(\.[a-zA-Z][a-zA-Z-]+)+$/) { -# if ($fullname =~ /^[a-zA-Z]+(\.[a-zA-Z]+)+$/) { # Kari E. Hurtta + $fullname =~ tr [åäéöüÅÄÖÜ] [aaeouAAOU]; # <hakan@af.lu.se> 1997-06-15 + next if (!$fullname || lc($fullname) eq $name); # avoid nonsense + if ($fullname =~ /^$wordpat(\.$wordpat)*$/o) { # Ulrich Windl print "$fullname: $name\n"; } else { - print "# $fullname: $name\n"; + print "# $fullname: $name\n"; # avoid strange names } }; diff --git a/gnu/usr.sbin/sendmail/contrib/re-mqueue.pl b/gnu/usr.sbin/sendmail/contrib/re-mqueue.pl index d2af5144b89..9f8d819eb18 100644 --- a/gnu/usr.sbin/sendmail/contrib/re-mqueue.pl +++ b/gnu/usr.sbin/sendmail/contrib/re-mqueue.pl @@ -93,6 +93,17 @@ # Allow zero-length df files (empty message body) # Preserve $! for error messages # +# Updated by Graeme Hewson <ghewson@uk.oracle.com> April 2000 +# +# Improve handling of race between re-mqueue and sendmail +# +# Updated by Graeme Hewson <graeme.hewson@oracle.com> June 2000 +# +# Don't exit(0) at end so can be called as subroutine +# +# NB This program can't handle separate qf/df/xf subdirectories +# as introduced in sendmail 8.10.0. +# use Sys::Syslog; @@ -136,18 +147,17 @@ while ($dfile = pop(@dfiles)) { ($qfile = $dfile) =~ s/^d/q/; ($xfile = $dfile) =~ s/^d/x/; ($mfile = $dfile) =~ s/^df//; - if (! -e $dfile) { - print "$dfile is gone - skipping\n" if ($debug); - next; - } if (! -e $qfile || -z $qfile) { print "$qfile is gone or zero bytes - skipping\n" if ($debug); next; } - $mtime = $now; ($dev,$ino,$mode,$nlink,$uid,$gid,$rdev,$size, $atime,$mtime,$ctime,$blksize,$blocks) = stat($dfile); + if (! defined $mtime) { + print "$dfile is gone - skipping\n" if ($debug); + next; + } # Compare timestamps if (($mtime + $age) > $now) { @@ -182,6 +192,17 @@ while ($dfile = pop(@dfiles)) { } print "$qfile now flock()ed\n" if ($debug); + # Check df* file again in case sendmail got in + if (! -e $dfile) { + print "$mfile sent - skipping\n" if ($debug); + # qf* file created by ourselves at open? (Almost certainly) + if (-z $qfile) { + unlink($qfile); + } + close(QF); + next; + } + # Show time! Do the link()s if (link("$dfile", "$queueB/$dfile") == 0) { $bang = $!; @@ -235,4 +256,3 @@ while ($dfile = pop(@dfiles)) { &syslog('info', '%s moved to %s', $mfile, $queueB); print "Done with $dfile $qfile\n\n" if ($debug); } -exit 0; diff --git a/gnu/usr.sbin/sendmail/devtools/M4/UNIX/smlib.m4 b/gnu/usr.sbin/sendmail/devtools/M4/UNIX/smlib.m4 new file mode 100644 index 00000000000..e306d1c4378 --- /dev/null +++ b/gnu/usr.sbin/sendmail/devtools/M4/UNIX/smlib.m4 @@ -0,0 +1,28 @@ +divert(-1) +# +# Copyright (c) 1999-2000 Sendmail, Inc. and its suppliers. +# All rights reserved. +# +# By using this file, you agree to the terms and conditions set +# forth in the LICENSE file which can be found at the top level of +# the sendmail distribution. +# +# +# Definitions for Makefile construction for sendmail +# +# $Id: smlib.m4,v 1.1 2001/01/15 20:51:54 millert Exp $ +# +divert(0)dnl + +define(`confLIBEXT', `a')dnl + +define(`bldPUSH_SMLIB', + `bldPUSH_TARGET(`../lib$1/lib$1.a') +bldPUSH_SMDEPLIB(`../lib$1/lib$1.a') +PREPENDDEF(`confLIBS', `../lib$1/lib$1.a') +divert(bldTARGETS_SECTION) +../lib$1/lib$1.a: + (cd ${SRCDIR}/lib$1; sh Build ${SENDMAIL_BUILD_FLAGS}) +divert +')dnl + diff --git a/gnu/usr.sbin/sendmail/devtools/OS/AIX.5.0 b/gnu/usr.sbin/sendmail/devtools/OS/AIX.5.0 new file mode 100644 index 00000000000..59a29ad2a6f --- /dev/null +++ b/gnu/usr.sbin/sendmail/devtools/OS/AIX.5.0 @@ -0,0 +1,14 @@ +# $Id: AIX.5.0,v 1.1 2001/01/15 20:51:55 millert Exp $ +define(`confMAPDEF', `-DNDBM -DNIS -DMAP_REGEX') +define(`confENVDEF', `-D_AIX4=40300 -D_AIX5=50000 -DSM_OS=sm_os_aix') +define(`confOPTIMIZE', `-O3 -qstrict') +define(`confCC', `/usr/vac/bin/xlc') +define(`confLIBS', `-ldbm') +define(`confINSTALL', `/usr/ucb/install') +define(`confEBINDIR', `/usr/lib') +define(`confSBINGRP', `system') +define(`confDEPEND_TYPE', `AIX') +define(`confLDOPTS', `-blibpath:/usr/lib:/lib') + +define(`confMTLDOPTS', `-lpthread') +define(`confLDOPTS_SO', `-Wl,-G -Wl,-bexpall') diff --git a/gnu/usr.sbin/sendmail/devtools/OS/OSF1.V5.0 b/gnu/usr.sbin/sendmail/devtools/OS/OSF1.V5.0 new file mode 100644 index 00000000000..1d5f3e211ce --- /dev/null +++ b/gnu/usr.sbin/sendmail/devtools/OS/OSF1.V5.0 @@ -0,0 +1,12 @@ +# $Id: OSF1.V5.0,v 1.1 2001/01/15 20:52:00 millert Exp $ +define(`confCC', `cc -std1 -Olimit 1000') +define(`confMAPDEF', `-DNDBM -DNIS -DMAP_REGEX') +define(`confENVDEF', `-DHASSNPRINTF=1') +define(`confLIBS', `-ldbm') +define(`confSTDIR', `/var/adm/sendmail') +define(`confINSTALL', `installbsd') +define(`confEBINDIR', `/usr/lbin') +define(`confUBINDIR', `${BINDIR}') +define(`confDEPEND_TYPE', `CC-M') + +define(`confMTLDOPTS', `-lpthread') diff --git a/gnu/usr.sbin/sendmail/devtools/OS/SunOS.5.9 b/gnu/usr.sbin/sendmail/devtools/OS/SunOS.5.9 new file mode 100644 index 00000000000..8fab1306a39 --- /dev/null +++ b/gnu/usr.sbin/sendmail/devtools/OS/SunOS.5.9 @@ -0,0 +1,20 @@ +# $Id: SunOS.5.9,v 1.1 2001/01/15 20:52:03 millert Exp $ +define(`confCC', `gcc') +define(`confLDOPTS_SO', `-G') +define(`confBEFORE', `sysexits.h') +define(`confMAPDEF', `-DNDBM -DNIS -DNISPLUS -DMAP_REGEX -DLDAPMAP') +define(`confENVDEF', `-DSOLARIS=20900 -DNETINET6') +define(`confLIBS', `-lsocket -lnsl -lldap') +define(`confMTLDOPTS', `-lpthread') +define(`confMBINDIR', `/usr/lib') +define(`confEBINDIR', `/usr/lib') +define(`confSBINGRP', `sys') +define(`confINSTALL', `${BUILDBIN}/install.sh') +define(`confDEPEND_TYPE', `CC-M') +PUSHDIVERT(3) +sysexits.h: + if [ -r /usr/include/sysexits.h ]; \ + then \ + ln -s /usr/include/sysexits.h; \ + fi +POPDIVERT diff --git a/gnu/usr.sbin/sendmail/test/t_setuid.c b/gnu/usr.sbin/sendmail/test/t_setuid.c new file mode 100644 index 00000000000..7e54189bf49 --- /dev/null +++ b/gnu/usr.sbin/sendmail/test/t_setuid.c @@ -0,0 +1,101 @@ +/* +** This program checks to see if your version of setuid works. +** Compile it, make it setuid root, and run it as yourself (NOT as +** root). +** +** NOTE: This should work everywhere, but Linux has the ability +** to use the undocumented setcap() call to make this break. +** +** Compilation is trivial -- just "cc t_setuid.c". Make it setuid, +** root and then execute it as a non-root user. +*/ + +#include <sys/types.h> +#include <unistd.h> +#include <stdio.h> + +#ifndef lint +static char id[] = "@(#)$Id: t_setuid.c,v 1.1 2001/01/15 20:52:20 millert Exp $"; +#endif /* ! lint */ + +static void +printuids(str, r, e) + char *str; + int r, e; +{ + printf("%s (should be %d/%d): r/euid=%d/%d\n", str, r, e, + getuid(), geteuid()); +} + +int +main(argc, argv) + int argc; + char **argv; +{ + int fail = 0; + uid_t realuid = getuid(); + + printuids("initial uids", realuid, 0); + + if (geteuid() != 0) + { + printf("SETUP ERROR: re-run setuid root\n"); + exit(1); + } + + if (getuid() == 0) + { + printf("SETUP ERROR: must be run by a non-root user\n"); + exit(1); + } + + if (setuid(1) < 0) + printf("setuid(1) failure\n"); + printuids("after setuid(1)", 1, 1); + + if (geteuid() != 1) + { + fail++; + printf("MAYDAY! Wrong effective uid\n"); + } + + if (getuid() != 1) + { + fail++; + printf("MAYDAY! Wrong real uid\n"); + } + + + /* do activity here */ + if (setuid(0) == 0) + { + fail++; + printf("MAYDAY! setuid(0) succeeded (should have failed)\n"); + } + else + { + printf("setuid(0) failed (this is correct)\n"); + } + printuids("after setuid(0)", 1, 1); + + if (geteuid() != 1) + { + fail++; + printf("MAYDAY! Wrong effective uid\n"); + } + if (getuid() != 1) + { + fail++; + printf("MAYDAY! Wrong real uid\n"); + } + printf("\n"); + + if (fail) + { + printf("\nThis system cannot use setuid (maybe use setreuid)\n"); + exit(1); + } + + printf("\nIt is safe to use setuid on this system\n"); + exit(0); +} diff --git a/gnu/usr.sbin/sendmail/test/t_snprintf.c b/gnu/usr.sbin/sendmail/test/t_snprintf.c new file mode 100644 index 00000000000..4789f4974f0 --- /dev/null +++ b/gnu/usr.sbin/sendmail/test/t_snprintf.c @@ -0,0 +1,24 @@ +#include <stdio.h> +#include <sysexits.h> + +#define TEST_STRING "1234567890" + +int +main(argc, argv) + int argc; + char **argv; +{ + int r; + char buf[5]; + + r = snprintf(buf, sizeof buf, "%s", TEST_STRING); + + if (buf[sizeof buf - 1] != '\0') + { + fprintf(stderr, "Add the following to devtools/Site/site.config.m4:\n\n"); + fprintf(stderr, "APPENDDEF(`confENVDEF', `-DSNPRINTF_IS_BROKEN=1')\n\n"); + exit(EX_OSERR); + } + fprintf(stderr, "snprintf() appears to work properly\n"); + exit(EX_OK); +} |