diff options
author | Todd C. Miller <millert@cvs.openbsd.org> | 2004-09-18 04:08:36 +0000 |
---|---|---|
committer | Todd C. Miller <millert@cvs.openbsd.org> | 2004-09-18 04:08:36 +0000 |
commit | f06c374d9ebfc93d41741cdb71cc8279b64c59b0 (patch) | |
tree | bc964fe6a044562cdc9afc917b647531dd6f2d04 /gnu | |
parent | 8665b934035fc50517e659380c682e6e04582855 (diff) |
Update to sendmail-8.13.1
Diffstat (limited to 'gnu')
28 files changed, 434 insertions, 135 deletions
diff --git a/gnu/usr.sbin/sendmail/RELEASE_NOTES b/gnu/usr.sbin/sendmail/RELEASE_NOTES index 5d69cdd3263..687973469b5 100644 --- a/gnu/usr.sbin/sendmail/RELEASE_NOTES +++ b/gnu/usr.sbin/sendmail/RELEASE_NOTES @@ -1,11 +1,52 @@ SENDMAIL RELEASE NOTES - $Sendmail: RELEASE_NOTES,v 8.1664 2004/06/20 17:04:51 ca Exp $ + $Sendmail: RELEASE_NOTES,v 8.1679 2004/07/30 18:03:07 ca Exp $ This listing shows the version of the sendmail binary, the version of the sendmail configuration files, the date of release, and a summary of the changes in that release. +8.13.1/8.13.1 2004/07/30 + Using the default AliasFile ldap: specification would cause the + objectClasses of the LDAP response to be included in the + alias expansion. Problem noted by Brenden Conte of + Rensselaer Polytechnic Institute. + Fix support for a fallback smart host for system where DNS is + (partially) available. From John Beck of Sun Microsystems. + Fix SuperSafe=PostMilter behavior when a milter replaces a body + but the data file is not yet stored on disk because it is + smaller than the size of the memory buffer. Problem noted + by David Russell. + Fix certificate revocation list support; if a CRL was specified + but the other side presented a cert that was signed by + a different (trusted) CA than the one which issued the CRL, + verification would always fail. Problem noted by Al Smith. + Run mailer programs as the RunAsUser when RunAsUser is set and + the F=S mailer flag is set without a U= mailer equate. + Problem noted by John Gardiner Myers of Proofpoint. + ${nbadrcpts} was off by one if BadRcptThrottle is zero. + Patch from Sung-hoon Choi of DreamWiz Inc. + CONFIG: Emit a warning if FEATURE(`access_db') is used after + FEATURE(`greet_pause') because then the latter will not + use the access map. Note: if no default value is given + for FEATURE(`greet_pause') then it issues an error if + FEATURE(`access_db') is not specified before it. + Problem noted by Alexander Dalloz of University of + Bielefeld. + CONFIG: Invoke ruleset Local_greet_pause if FEATURE(`greet_pause') + is used to give more flexibility for local changes. + Portability: + Fix a 64 bit problem in the socket map code. Problem + noted by Geoff Adams. + NetBSD 2.0F has closefrom(3). Patch from Andrew Brown. + NetBSD can use sysctl(3) to get the number of CPUs in + a system. Patch from Andrew Brown. + Add a README file in doc/op/ to explain potential + incompatibilities with various *roff related + tools. Problem tracked down by Per Hedeland. + New Files: + doc/op/README + 8.13.0/8.13.0 2004/06/20 Do not include AUTH data in a bounce to avoid leaking confidential information. See also cf/README about MSP and the section @@ -60,7 +101,7 @@ summary of the changes in that release. during that connection. If 32 NOOP (or unknown/bad) commands are issued by a client the SMTP server could sleep for a very long time. Fix based on - patch from T. Kobayashi. + patch from Tadashi Kobayashi of IIJ. Fix a potential memory leak in persistent queue runners if the number of entries in the queue exceeds the limit of jobs. Problem noted by Steve Hubert of University of Washington. diff --git a/gnu/usr.sbin/sendmail/cf/README b/gnu/usr.sbin/sendmail/cf/README index 07fc191b2fc..8fb4e404080 100644 --- a/gnu/usr.sbin/sendmail/cf/README +++ b/gnu/usr.sbin/sendmail/cf/README @@ -131,8 +131,8 @@ definition appropriate for your environment. These describe the mailers used at the default CS site. The local mailer is always included automatically. Beware: MAILER declarations -should always be at the end of the configuration file. The general -rules are that the order should be: +should only be followed by LOCAL_* sections. The general rules are +that the order should be: VERSIONID OSTYPE @@ -1486,8 +1486,13 @@ greet_pause Adds the greet_pause ruleset which enables open proxy When using FEATURE(`access_db'), the optional FEATURE(`greet_pause') argument becomes the default if - nothing is found in the access database. + nothing is found in the access database. A ruleset called + Local_greet_pause can be used for local modifications, e.g., + LOCAL_RULESETS + SLocal_greet_pause + R$* $: $&{daemon_flags} + R$* a $* $# 0 +-------+ | HACKS | @@ -2793,6 +2798,8 @@ to $&{currHeader}. 2. There are no default rulesets coming with this distribution of sendmail. You can either write your own or you can search the WWW for examples, e.g., http://www.digitalanswers.org/check_local/ +3. When using a default ruleset for headers, the name of the header +currently being checked can be found in the $&{hdr_name} macro. After all of the headers are read, the check_eoh ruleset will be called for any final header-related checks. The ruleset is called with the number of @@ -4580,4 +4587,4 @@ M4 DIVERSIONS 8 DNS based blacklists 9 special local rulesets (1 and 2) -$Revision: 1.21 $, Last updated $Date: 2004/06/24 03:59:24 $ +$Revision: 1.22 $, Last updated $Date: 2004/09/18 04:08:34 $ diff --git a/gnu/usr.sbin/sendmail/cf/feature/access_db.m4 b/gnu/usr.sbin/sendmail/cf/feature/access_db.m4 index c276e71fde9..886202c9b3a 100644 --- a/gnu/usr.sbin/sendmail/cf/feature/access_db.m4 +++ b/gnu/usr.sbin/sendmail/cf/feature/access_db.m4 @@ -1,6 +1,6 @@ divert(-1) # -# Copyright (c) 1998-2002 Sendmail, Inc. and its suppliers. +# Copyright (c) 1998-2002, 2004 Sendmail, Inc. and its suppliers. # All rights reserved. # # By using this file, you agree to the terms and conditions set @@ -10,7 +10,7 @@ divert(-1) # divert(0) -VERSIONID(`$Sendmail: access_db.m4,v 8.25 2002/06/25 23:11:40 gshapiro Exp $') +VERSIONID(`$Sendmail: access_db.m4,v 8.26 2004/06/24 18:10:02 ca Exp $') divert(-1) define(`_ACCESS_TABLE_', `') @@ -33,6 +33,9 @@ ifelse(defn(`_ARG_'), `', `', ') ') ') +ifdef(`_GREET_PAUSE_', + `errprint(`*** WARNING: FEATURE(`greet_pause') before FEATURE(`access_db') + greet_pause will not use access_db!')') LOCAL_CONFIG # Access list database (for spam stomping) diff --git a/gnu/usr.sbin/sendmail/cf/feature/greet_pause.m4 b/gnu/usr.sbin/sendmail/cf/feature/greet_pause.m4 index d1b3c12fb7a..9af68702985 100644 --- a/gnu/usr.sbin/sendmail/cf/feature/greet_pause.m4 +++ b/gnu/usr.sbin/sendmail/cf/feature/greet_pause.m4 @@ -10,13 +10,15 @@ divert(-1) # divert(0) -VERSIONID(`$Sendmail: greet_pause.m4,v 1.1 2004/02/23 21:36:04 gshapiro Exp $') +VERSIONID(`$Sendmail: greet_pause.m4,v 1.4 2004/07/06 20:49:51 ca Exp $') divert(-1) ifelse(len(X`'_ARG_),`1',`ifdef(`_ACCESS_TABLE_', `', `errprint(`*** ERROR: FEATURE(`greet_pause') requires FEATURE(`access_db') ')')') +define(`_GREET_PAUSE_', `') + LOCAL_RULESETS ###################################################################### ### greet_pause: lookup pause time before 220 greeting @@ -25,7 +27,11 @@ LOCAL_RULESETS ### $1: {client_name} ### $2: {client_addr} ###################################################################### +SLocal_greet_pause Sgreet_pause +R$* $: <$1><?> $| $>"Local_greet_pause" $1 +R<$*><?> $| $#$* $#$2 +R<$*><?> $| $* $: $1 ifdef(`_ACCESS_TABLE_', `dnl R$+ $| $+ $: $>D < $1 > <?> <! GreetPause> < $2 > R $| $+ $: $>A < $1 > <?> <! GreetPause> <> empty client_name diff --git a/gnu/usr.sbin/sendmail/cf/m4/proto.m4 b/gnu/usr.sbin/sendmail/cf/m4/proto.m4 index 0e8b3f537d2..ef72d6a69f3 100644 --- a/gnu/usr.sbin/sendmail/cf/m4/proto.m4 +++ b/gnu/usr.sbin/sendmail/cf/m4/proto.m4 @@ -13,7 +13,7 @@ divert(-1) # divert(0) -VERSIONID(`$Sendmail: proto.m4,v 8.709 2004/06/02 22:48:51 ca Exp $') +VERSIONID(`$Sendmail: proto.m4,v 8.710 2004/07/27 17:32:48 ca Exp $') # level CF_LEVEL config file format V`'CF_LEVEL/ifdef(`VENDOR_NAME', `VENDOR_NAME', `Berkeley') @@ -662,7 +662,7 @@ _OPTION(ServerKeyFile, `confSERVER_KEY', `') _OPTION(ClientCertFile, `confCLIENT_CERT', `') # Client private key _OPTION(ClientKeyFile, `confCLIENT_KEY', `') -# File containing certificate revokation lists +# File containing certificate revocation lists _OPTION(CRLFile, `confCRL', `') # DHParameters (only required if DSA/DH is used) _OPTION(DHParameters, `confDH_PARAMETERS', `') diff --git a/gnu/usr.sbin/sendmail/cf/m4/version.m4 b/gnu/usr.sbin/sendmail/cf/m4/version.m4 index d2148e5375c..753bd089259 100644 --- a/gnu/usr.sbin/sendmail/cf/m4/version.m4 +++ b/gnu/usr.sbin/sendmail/cf/m4/version.m4 @@ -11,8 +11,8 @@ divert(-1) # the sendmail distribution. # # -VERSIONID(`$Sendmail: version.m4,v 8.112 2004/06/18 21:44:04 ca Exp $') +VERSIONID(`$Sendmail: version.m4,v 8.117 2004/07/30 18:03:07 ca Exp $') # divert(0) # Configuration version number -DZ8.13.0`'ifdef(`confCF_VERSION', `/confCF_VERSION') +DZ8.13.1`'ifdef(`confCF_VERSION', `/confCF_VERSION') diff --git a/gnu/usr.sbin/sendmail/contrib/qtool.8 b/gnu/usr.sbin/sendmail/contrib/qtool.8 index e86d8e99fb6..b2ebe89c6fa 100644 --- a/gnu/usr.sbin/sendmail/contrib/qtool.8 +++ b/gnu/usr.sbin/sendmail/contrib/qtool.8 @@ -6,9 +6,9 @@ .\" the sendmail distribution. .\" .\" -.\" $Sendmail: qtool.8,v 8.19 2002/06/27 23:06:16 gshapiro Exp $ +.\" $Sendmail: qtool.8,v 8.20 2004/06/28 17:49:41 ca Exp $ .\" -.TH QTOOL 8 "$Date: 2004/06/24 03:59:24 $" +.TH QTOOL 8 "$Date: 2004/09/18 04:08:34 $" .SH NAME qtool \- manipulate sendmail queues @@ -56,7 +56,7 @@ Defaults to /etc/mail/sendmail.cf. Delete all of the messages specified by source. .TP \fB\-e\fP \fIperl_expression\fP -Evalute \fIperl_expression\fP for each queue file as specified +Evaluate \fIperl_expression\fP for each queue file as specified by \fIsource\fP. If \fIperl_expression\fP evaluates to true, then that queue file is moved. See below for more detail on \fIperl_expression\fP. .TP diff --git a/gnu/usr.sbin/sendmail/doc/op/README b/gnu/usr.sbin/sendmail/doc/op/README new file mode 100644 index 00000000000..f2be5d73331 --- /dev/null +++ b/gnu/usr.sbin/sendmail/doc/op/README @@ -0,0 +1,13 @@ +Known Problems with some *roff versions + +If you encounter the error: + +Unknown escape sequence in input: 33, 133 + +when trying to create op.txt then set the GROFF_NO_SGR environment +variable (see grotty(1) man page), e.g., + +csh% setenv GROFF_NO_SGR 1 +sh$ GROFF_NO_SGR=1; export GROFF_NO_SGR + +$Sendmail: README,v 8.1 2004/07/20 20:25:10 ca Exp $ diff --git a/gnu/usr.sbin/sendmail/include/libmilter/mfapi.h b/gnu/usr.sbin/sendmail/include/libmilter/mfapi.h index 957726f4168..b208c035e72 100644 --- a/gnu/usr.sbin/sendmail/include/libmilter/mfapi.h +++ b/gnu/usr.sbin/sendmail/include/libmilter/mfapi.h @@ -7,7 +7,7 @@ * the sendmail distribution. * * - * $Sendmail: mfapi.h,v 8.58 2004/04/29 18:04:48 gshapiro Exp $ + * $Sendmail: mfapi.h,v 8.59 2004/07/07 21:41:31 ca Exp $ */ /* @@ -147,6 +147,9 @@ LIBMILTER_API int smfi_setdbg __P((int)); LIBMILTER_API int smfi_settimeout __P((int)); LIBMILTER_API int smfi_setconn __P((char *)); LIBMILTER_API int smfi_stop __P((void)); +#if _FFR_MAXDATASIZE +LIBMILTER_API size_t smfi_setmaxdatasize __P((size_t)); +#endif /* _FFR_MAXDATASIZE */ /* ** What the filter might do -- values to be ORed together for diff --git a/gnu/usr.sbin/sendmail/include/libmilter/mfdef.h b/gnu/usr.sbin/sendmail/include/libmilter/mfdef.h index faca3ecdc70..ef0d4585ea0 100644 --- a/gnu/usr.sbin/sendmail/include/libmilter/mfdef.h +++ b/gnu/usr.sbin/sendmail/include/libmilter/mfdef.h @@ -7,7 +7,7 @@ * the sendmail distribution. * * - * $Sendmail: mfdef.h,v 8.20 2004/06/16 17:45:49 ca Exp $ + * $Sendmail: mfdef.h,v 8.21 2004/07/07 21:41:31 ca Exp $ */ /* @@ -21,6 +21,7 @@ # define MILTER_LEN_BYTES 4 /* length of 32 bit integer in bytes */ # define MILTER_OPTLEN (MILTER_LEN_BYTES * 3) /* length of options */ # define MILTER_CHUNK_SIZE 65535 /* body chunk size */ +# define MILTER_MAX_DATA_SIZE 65535 /* default milter command data limit */ /* These apply to SMFIF_* flags */ #define SMFI_V1_ACTS 0x0000000FL /* The actions of V1 filter */ diff --git a/gnu/usr.sbin/sendmail/include/sm/conf.h b/gnu/usr.sbin/sendmail/include/sm/conf.h index e723e45a5d1..c5669b92a31 100644 --- a/gnu/usr.sbin/sendmail/include/sm/conf.h +++ b/gnu/usr.sbin/sendmail/include/sm/conf.h @@ -10,7 +10,7 @@ * the sendmail distribution. * * - * $Sendmail: conf.h,v 1.115 2004/06/07 23:53:43 ca Exp $ + * $Sendmail: conf.h,v 1.116 2004/07/26 18:08:35 ca Exp $ */ /* @@ -911,6 +911,14 @@ extern unsigned int sleepX __P((unsigned int seconds)); # if defined(__NetBSD__) && defined(__NetBSD_Version__) && __NetBSD_Version__ >= 104170000 # define HASSETUSERCONTEXT 1 /* BSDI-style login classes */ # endif +# if defined(__NetBSD__) && defined(__NetBSD_Version__) && __NetBSD_Version__ >= 200060000 +# define HASCLOSEFROM 1 /* closefrom(3) added in 2.0F */ +# endif +# if defined(__NetBSD__) +# define USESYSCTL 1 /* use sysctl(3) for getting ncpus */ +# include <sys/param.h> +# include <sys/sysctl.h> +# endif # if defined(__FreeBSD__) # define HASSETLOGIN 1 /* has setlogin(2) */ # if __FreeBSD_version >= 227001 diff --git a/gnu/usr.sbin/sendmail/libmilter/comm.c b/gnu/usr.sbin/sendmail/libmilter/comm.c index 9b0a6798e87..55124a897a2 100644 --- a/gnu/usr.sbin/sendmail/libmilter/comm.c +++ b/gnu/usr.sbin/sendmail/libmilter/comm.c @@ -9,12 +9,37 @@ */ #include <sm/gen.h> -SM_RCSID("@(#)$Sendmail: comm.c,v 8.64 2004/04/30 22:02:57 ca Exp $") +SM_RCSID("@(#)$Sendmail: comm.c,v 8.65 2004/07/07 21:41:30 ca Exp $") #include "libmilter.h" #include <sm/errstring.h> #include <sys/uio.h> +static size_t Maxdatasize = MILTER_MAX_DATA_SIZE; + +#if _FFR_MAXDATASIZE +/* +** SMFI_SETMAXDATASIZE -- set limit for milter data read/write. +** +** Parameters: +** sz -- new limit. +** +** Returns: +** old limit +*/ + +size_t +smfi_setmaxdatasize(sz) + size_t sz; +{ + size_t old; + + old = Maxdatasize; + Maxdatasize = sz; + return old; +} +#endif /* _FFR_MAXDATASIZE */ + /* ** MI_RD_CMD -- read a command ** @@ -108,7 +133,7 @@ mi_rd_cmd(sd, timeout, cmd, rlen, name) expl = ntohl(expl) - 1; if (expl <= 0) return NULL; - if (expl > MILTER_CHUNK_SIZE) + if (expl > Maxdatasize) { *cmd = SMFIC_TOOBIG; return NULL; @@ -307,7 +332,7 @@ mi_wr_cmd(sd, timeout, cmd, buf, len) struct iovec iov[2]; char data[MILTER_LEN_BYTES + 1]; - if (len > MILTER_CHUNK_SIZE || (len > 0 && buf == NULL)) + if (len > Maxdatasize || (len > 0 && buf == NULL)) return MI_FAILURE; nl = htonl(len + 1); /* add 1 for the cmd char */ diff --git a/gnu/usr.sbin/sendmail/sendmail/README b/gnu/usr.sbin/sendmail/sendmail/README index c97ffa511ce..d30964d77c9 100644 --- a/gnu/usr.sbin/sendmail/sendmail/README +++ b/gnu/usr.sbin/sendmail/sendmail/README @@ -1,4 +1,4 @@ -# Copyright (c) 1998-2003 Sendmail, Inc. and its suppliers. +# Copyright (c) 1998-2004 Sendmail, Inc. and its suppliers. # All rights reserved. # Copyright (c) 1983, 1995-1997 Eric P. Allman. All rights reserved. # Copyright (c) 1988 @@ -9,7 +9,7 @@ # the sendmail distribution. # # -# $Sendmail: README,v 8.383 2004/03/26 19:01:08 ca Exp $ +# $Sendmail: README,v 8.384 2004/07/26 18:03:55 ca Exp $ # This directory contains the source files for sendmail(TM). @@ -498,6 +498,7 @@ NEEDINTERRNO Set this if <errno.h> does not declare errno, i.e., if an application needs to use extern int errno; USE_TTYPATH Set this to 1 to enable ErrorMode=write. +USESYSCTL Use sysctl(3) to determine the number of CPUs in a system. +-----------------------+ @@ -1822,4 +1823,4 @@ util.c Some general purpose routines used by sendmail. version.c The version number and information about this version of sendmail. -(Version $Revision: 1.20 $, last update $Date: 2004/06/24 03:59:26 $ ) +(Version $Revision: 1.21 $, last update $Date: 2004/09/18 04:08:34 $ ) diff --git a/gnu/usr.sbin/sendmail/sendmail/aliases.5 b/gnu/usr.sbin/sendmail/sendmail/aliases.5 index b372dfb559d..fb4b80517fb 100644 --- a/gnu/usr.sbin/sendmail/sendmail/aliases.5 +++ b/gnu/usr.sbin/sendmail/sendmail/aliases.5 @@ -9,9 +9,9 @@ .\" the sendmail distribution. .\" .\" -.\" $Sendmail: aliases.5,v 8.17 2000/12/14 23:09:46 gshapiro Exp $ +.\" $Sendmail: aliases.5,v 8.19 2004/07/12 05:39:21 ca Exp $ .\" -.Dd December 14, 2000 +.Dd July 12, 2004 .Dt ALIASES 5 .Os .Sh NAME @@ -88,6 +88,17 @@ are comments. Aliasing occurs only on local names. Loops can not occur, since no message will be sent to any person more than once. .Pp +If an alias is found for +.Em name , +sendmail then checks for an alias for +.Em owner-name . +If it is found and the result of the lookup expands to a single +address, the envelope sender address of the message is rewritten to +that address. +If it is found and the result expands to more than one address, the +envelope sender address is changed to +.Em owner-name . +.Pp After aliasing has been done, local and valid recipients who have a .Dq Pa .forward file in their home directory have messages forwarded to the diff --git a/gnu/usr.sbin/sendmail/sendmail/conf.c b/gnu/usr.sbin/sendmail/sendmail/conf.c index ecb22b0f191..09305d63896 100644 --- a/gnu/usr.sbin/sendmail/sendmail/conf.c +++ b/gnu/usr.sbin/sendmail/sendmail/conf.c @@ -13,7 +13,7 @@ #include <sendmail.h> -SM_RCSID("@(#)$Sendmail: conf.c,v 8.1044 2004/06/11 21:38:16 ca Exp $") +SM_RCSID("@(#)$Sendmail: conf.c,v 8.1047 2004/07/14 21:54:23 ca Exp $") #include <sendmail/pathnames.h> #if NEWDB @@ -6016,6 +6016,10 @@ char *FFRCompileOptions[] = /* Extended daemon status. */ "_FFR_CONTROL_MSTAT", #endif /* _FFR_CONTROL_MSTAT */ +#if _FFR_CRLPATH + /* CRLPath; needs documentation; Al Smith */ + "_FFR_CRLPATH", +#endif /* _FFR_CRLPATH */ #if _FFR_DAEMON_NETUNIX /* Allow local (not just TCP) socket connection to server. */ "_FFR_DAEMON_NETUNIX", @@ -6104,6 +6108,10 @@ char *FFRCompileOptions[] = /* Set 'h' in {addr_type} for headers. */ "_FFR_HDR_TYPE", #endif /* _FFR_HDR_TYPE */ +#if _FFR_HELONAME + /* option to set heloname; Nik Clayton of FreeBSD */ + "_FFR_HELONAME", +#endif /* _FFR_HELONAME */ #if _FFR_HPUX_NSSWITCH /* Use nsswitch on HP-UX */ "_FFR_HPUX_NSSWITCH", @@ -6116,6 +6124,16 @@ char *FFRCompileOptions[] = /* Ignore extensions offered in response to HELO */ "_FFR_IGNORE_EXT_ON_HELO", #endif /* _FFR_IGNORE_EXT_ON_HELO */ +#if _FFR_MAXDATASIZE + /* + ** It is possible that a header is larger than MILTER_CHUNK_SIZE, + ** hence this shouldn't be used as limit for milter communication. + ** see also libmilter/comm.c + ** Gurusamy Sarathy of ActiveState + */ + + "_FFR_MAXDATASIZE" +#endif /* _FFR_MAXDATASIZE */ #if _FFR_MAX_FORWARD_ENTRIES /* Try to limit number of .forward entries */ /* (doesn't work) */ diff --git a/gnu/usr.sbin/sendmail/sendmail/conf.h b/gnu/usr.sbin/sendmail/sendmail/conf.h index 2c0612b72fa..411caf793fa 100644 --- a/gnu/usr.sbin/sendmail/sendmail/conf.h +++ b/gnu/usr.sbin/sendmail/sendmail/conf.h @@ -10,7 +10,7 @@ * the sendmail distribution. * * - * $Sendmail: conf.h,v 8.566 2002/10/31 03:26:25 ca Exp $ + * $Sendmail: conf.h,v 8.567 2004/07/23 20:45:01 gshapiro Exp $ */ /* @@ -145,6 +145,16 @@ struct rusage; /* forward declaration to get gcc to shut up in wait.h */ # define DBMMODE 0640 #endif /* ! DBMMODE */ +/* +** Value which means a uid or gid value should not change +*/ + +#ifndef NO_UID +# define NO_UID -1 +#endif /* ! NO_UID */ +#ifndef NO_GID +# define NO_GID -1 +#endif /* ! NO_GID */ /********************************************************************** ** Compilation options. diff --git a/gnu/usr.sbin/sendmail/sendmail/daemon.c b/gnu/usr.sbin/sendmail/sendmail/daemon.c index b304091029b..782ce114d54 100644 --- a/gnu/usr.sbin/sendmail/sendmail/daemon.c +++ b/gnu/usr.sbin/sendmail/sendmail/daemon.c @@ -13,7 +13,7 @@ #include <sendmail.h> -SM_RCSID("@(#)$Sendmail: daemon.c,v 8.647 2004/06/17 16:29:47 ca Exp $") +SM_RCSID("@(#)$Sendmail: daemon.c,v 8.649 2004/07/14 21:57:52 ca Exp $") #if defined(SOCK_STREAM) || defined(__GNU_LIBRARY__) # define USE_SOCK_STREAM 1 @@ -2762,6 +2762,13 @@ nextaddr: macdefine(&BlankEnvelope.e_macro, A_PERM, macid("{if_family_out}"), NULL); } + +#if _FFR_HELONAME + /* Use the configured HeloName as appropriate */ + if (HeloName != NULL && HeloName[0] != '\0') + mci->mci_heloname = newstr(HeloName); +#endif /* _FFR_HELONAME */ + mci_setstat(mci, EX_OK, NULL, NULL); return EX_OK; } diff --git a/gnu/usr.sbin/sendmail/sendmail/deliver.c b/gnu/usr.sbin/sendmail/sendmail/deliver.c index 907c25fe1ea..c9d7b4a4d52 100644 --- a/gnu/usr.sbin/sendmail/sendmail/deliver.c +++ b/gnu/usr.sbin/sendmail/sendmail/deliver.c @@ -14,7 +14,7 @@ #include <sendmail.h> #include <sys/time.h> -SM_RCSID("@(#)$Sendmail: deliver.c,v 8.973 2004/06/03 18:21:44 ca Exp $") +SM_RCSID("@(#)$Sendmail: deliver.c,v 8.976 2004/07/23 20:45:01 gshapiro Exp $") #if HASSETUSERCONTEXT # include <login_cap.h> @@ -1177,6 +1177,50 @@ coloncmp(a, b) return ret; } + +/* +** SHOULD_TRY_FBSH -- Should try FallbackSmartHost? +** +** Parameters: +** e -- envelope +** tried_fallbacksmarthost -- has been tried already? (in/out) +** hostbuf -- buffer for hostname (expand FallbackSmartHost) (out) +** hbsz -- size of hostbuf +** status -- current delivery status +** +** Returns: +** true iff FallbackSmartHost should be tried. +*/ + +static bool +should_try_fbsh(e, tried_fallbacksmarthost, hostbuf, hbsz, status) + ENVELOPE *e; + bool *tried_fallbacksmarthost; + char *hostbuf; + size_t hbsz; + int status; +{ + /* + ** If the host was not found and a FallbackSmartHost is defined + ** (and we have not yet tried it), then make one last try with + ** it as the host. + */ + + if (status == EX_NOHOST && FallbackSmartHost != NULL && + !*tried_fallbacksmarthost) + { + *tried_fallbacksmarthost = true; + expand(FallbackSmartHost, hostbuf, hbsz, e); + if (!wordinclass(hostbuf, 'w')) + { + if (tTd(11, 1)) + sm_dprintf("one last try with FallbackSmartHost %s\n", + hostbuf); + return true; + } + } + return false; +} /* ** DELIVER -- Deliver a message to a list of addresses. ** @@ -1238,13 +1282,6 @@ coloncmp(a, b) ** The standard input is passed off to someone. */ -#ifndef NO_UID -# define NO_UID -1 -#endif /* ! NO_UID */ -#ifndef NO_GID -# define NO_GID -1 -#endif /* ! NO_GID */ - static int deliver(e, firstto) register ENVELOPE *e; @@ -2058,6 +2095,13 @@ tryhost: { if (mci->mci_exitstat == EX_TEMPFAIL) goodmxfound = true; + + /* Try FallbackSmartHost? */ + if (should_try_fbsh(e, &tried_fallbacksmarthost, + hostbuf, sizeof hostbuf, + mci->mci_exitstat)) + goto one_last_try; + continue; } @@ -2144,28 +2188,11 @@ tryhost: } else { - /* - ** If the host was not found and a Fallback- - ** SmartHost is defined (and we have not yet - ** tried it), then make one last try with it - ** as the host. - */ + /* Try FallbackSmartHost? */ + if (should_try_fbsh(e, &tried_fallbacksmarthost, + hostbuf, sizeof hostbuf, i)) + goto one_last_try; - if (i == EX_NOHOST && - FallbackSmartHost != NULL && - !tried_fallbacksmarthost) - { - tried_fallbacksmarthost = true; - expand(FallbackSmartHost, hostbuf, - sizeof hostbuf, e); - if (!wordinclass(hostbuf, 'w')) - { - if (tTd(11, 1)) - sm_dprintf("one last try with FallbackSmartHost %s", - hostbuf); - goto one_last_try; - } - } if (tTd(11, 1)) sm_dprintf("openmailer: makeconnection => stat=%d, errno=%d\n", i, errno); @@ -2406,7 +2433,12 @@ tryhost: /* reset group id */ if (bitnset(M_SPECIFIC_UID, m->m_flags)) - new_gid = m->m_gid; + { + if (m->m_gid == NO_GID) + new_gid = RunAsGid; + else + new_gid = m->m_gid; + } else if (bitset(S_ISGID, stb.st_mode)) new_gid = stb.st_gid; else if (ctladdr != NULL && ctladdr->q_gid != 0) @@ -2465,7 +2497,7 @@ tryhost: exit(EX_TEMPFAIL); } } - if (m->m_gid == 0) + if (m->m_gid == NO_GID) new_gid = DefGid; else new_gid = m->m_gid; @@ -2517,7 +2549,10 @@ tryhost: sm_mbdb_terminate(); if (bitnset(M_SPECIFIC_UID, m->m_flags)) { - new_euid = m->m_uid; + if (m->m_uid == NO_UID) + new_euid = RunAsUid; + else + new_euid = m->m_uid; /* ** Undo the effects of the uid change in main @@ -2547,7 +2582,7 @@ tryhost: new_ruid = stb.st_uid; else if (ctladdr != NULL && ctladdr->q_uid != 0) new_ruid = ctladdr->q_uid; - else if (m->m_uid != 0) + else if (m->m_uid != NO_UID) new_ruid = m->m_uid; else new_ruid = DefUid; @@ -5225,7 +5260,10 @@ mailfile(filename, mailer, ctladdr, sfflags, e) if (bitnset(M_SPECIFIC_UID, mailer->m_flags)) { RealUserName = NULL; - RealUid = mailer->m_uid; + if (mailer->m_uid == NO_UID) + RealUid = RunAsUid; + else + RealUid = mailer->m_uid; if (RunAsUid != 0 && RealUid != RunAsUid) { /* Only root can change the uid */ @@ -5247,7 +5285,7 @@ mailfile(filename, mailer, ctladdr, sfflags, e) RealUserName = ctladdr->q_user; RealUid = ctladdr->q_uid; } - else if (mailer != NULL && mailer->m_uid != 0) + else if (mailer != NULL && mailer->m_uid != NO_UID) { RealUserName = DefUser; RealUid = mailer->m_uid; @@ -5261,7 +5299,10 @@ mailfile(filename, mailer, ctladdr, sfflags, e) /* select a new group to run as */ if (bitnset(M_SPECIFIC_UID, mailer->m_flags)) { - RealGid = mailer->m_gid; + if (mailer->m_gid == NO_GID) + RealGid = RunAsGid; + else + RealGid = mailer->m_gid; if (RunAsUid != 0 && (RealGid != getgid() || RealGid != getegid())) @@ -5290,7 +5331,7 @@ mailfile(filename, mailer, ctladdr, sfflags, e) } else if (ctladdr != NULL && ctladdr->q_uid != 0) RealGid = ctladdr->q_gid; - else if (mailer != NULL && mailer->m_gid != 0) + else if (mailer != NULL && mailer->m_gid != NO_GID) RealGid = mailer->m_gid; else RealGid = DefGid; diff --git a/gnu/usr.sbin/sendmail/sendmail/headers.c b/gnu/usr.sbin/sendmail/sendmail/headers.c index 154f309b326..96b3b2ce269 100644 --- a/gnu/usr.sbin/sendmail/sendmail/headers.c +++ b/gnu/usr.sbin/sendmail/sendmail/headers.c @@ -13,8 +13,9 @@ #include <sendmail.h> -SM_RCSID("@(#)$Sendmail: headers.c,v 8.284 2004/04/29 00:05:59 msk Exp $") +SM_RCSID("@(#)$Sendmail: headers.c,v 8.286 2004/07/08 17:57:32 ca Exp $") +static HDR *allocheader __P((char *, char *, int, SM_RPOOL_T *)); static size_t fix_mime_header __P((HDR *, ENVELOPE *)); static int priencode __P((char *)); static void put_vanilla_header __P((HDR *, char *, MCI *)); @@ -358,17 +359,10 @@ hse: (void) sm_snprintf(qval, sizeof qval, "%d", k); macdefine(&e->e_macro, A_TEMP, macid("{hdrlen}"), qval); #if _FFR_HDR_TYPE - /* - ** XXX: h isn't set yet - ** If we really want to be precise then we have - ** to lookup the header (see below). - ** It's probably not worth the effort. - */ - - if (bitset(H_FROM, h->h_flags)) + if (bitset(H_FROM, hi->hi_flags)) macdefine(&e->e_macro, A_PERM, macid("{addr_type}"), "h s"); - else if (bitset(H_RCPT, h->h_flags)) + else if (bitset(H_RCPT, hi->hi_flags)) macdefine(&e->e_macro, A_PERM, macid("{addr_type}"), "h r"); else @@ -572,7 +566,7 @@ insheader(idx, field, value, flags, e) int flags; ENVELOPE *e; { - HDR *h, *srch, *last; + HDR *h, *srch, *last = NULL; /* allocate space for new header */ h = allocheader(field, value, flags, e->e_rpool); @@ -589,6 +583,7 @@ insheader(idx, field, value, flags, e) } else if (srch == NULL) { + SM_ASSERT(last != NULL); last->h_link = h; h->h_link = NULL; } diff --git a/gnu/usr.sbin/sendmail/sendmail/map.c b/gnu/usr.sbin/sendmail/sendmail/map.c index db7a2f0aea5..3a9b67a9d6f 100644 --- a/gnu/usr.sbin/sendmail/sendmail/map.c +++ b/gnu/usr.sbin/sendmail/sendmail/map.c @@ -13,7 +13,7 @@ #include <sendmail.h> -SM_RCSID("@(#)$Sendmail: map.c,v 8.662 2004/06/08 17:26:21 ca Exp $") +SM_RCSID("@(#)$Sendmail: map.c,v 8.664 2004/06/28 17:46:13 ca Exp $") #if LDAPMAP # include <sm/ldap.h> @@ -3701,6 +3701,7 @@ ldapmap_parseargs(map, args) char *args; { bool secretread = true; + bool attrssetup = false; int i; register char *p = args; SM_LDAP_STRUCT *lmap; @@ -3784,6 +3785,7 @@ ldapmap_parseargs(map, args) lmap->ldap_attr[4] = NULL; lmap->ldap_attr_type[4] = SM_LDAP_ATTR_NONE; lmap->ldap_attr_needobjclass[4] = NULL; + attrssetup = true; } } else if (bitset(MF_FILECLASS, map->map_mflags)) @@ -4298,7 +4300,7 @@ ldapmap_parseargs(map, args) } } - if (lmap->ldap_attr[0] != NULL) + if (!attrssetup && lmap->ldap_attr[0] != NULL) { bool recurse = false; bool normalseen = false; @@ -4429,6 +4431,7 @@ ldapmap_parseargs(map, args) } } lmap->ldap_attr[i] = NULL; + attrssetup = true; if (recurse && !normalseen) { syserr("LDAP recursion requested in %s but no returnable attribute given", @@ -7544,7 +7547,7 @@ socket_map_lookup(map, name, av, statp) char **av; int *statp; { - size_t nettolen, replylen, recvlen; + unsigned int nettolen, replylen, recvlen; char *replybuf, *rval, *value, *status; SM_FILE_T *f; @@ -7556,6 +7559,8 @@ socket_map_lookup(map, name, av, statp) map->map_mname, name, map->map_file); nettolen = strlen(map->map_mname) + 1 + strlen(name); + SM_ASSERT(nettolen > strlen(map->map_mname)); + SM_ASSERT(nettolen > strlen(name)); if ((sm_io_fprintf(f, SM_TIME_DEFAULT, "%u:%s %s,", nettolen, map->map_mname, name) == SM_IO_EOF) || (sm_io_flush(f, SM_TIME_DEFAULT) != 0) || diff --git a/gnu/usr.sbin/sendmail/sendmail/milter.c b/gnu/usr.sbin/sendmail/sendmail/milter.c index b49868f7dc2..cf8eea5ff96 100644 --- a/gnu/usr.sbin/sendmail/sendmail/milter.c +++ b/gnu/usr.sbin/sendmail/sendmail/milter.c @@ -10,7 +10,7 @@ #include <sendmail.h> -SM_RCSID("@(#)$Sendmail: milter.c,v 8.223 2004/06/11 05:04:04 ca Exp $") +SM_RCSID("@(#)$Sendmail: milter.c,v 8.225 2004/07/08 21:52:20 ca Exp $") #if MILTER # include <libmilter/mfapi.h> @@ -40,6 +40,7 @@ static char *MilterEnvFromMacros[MAXFILTERMACROS + 1]; static char *MilterEnvRcptMacros[MAXFILTERMACROS + 1]; static char *MilterDataMacros[MAXFILTERMACROS + 1]; static char *MilterEOMMacros[MAXFILTERMACROS + 1]; +static size_t MilterMaxDataSize = MILTER_MAX_DATA_SIZE; # define MILTER_CHECK_DONE_MSG() \ if (*state == SMFIR_REPLYCODE || \ @@ -472,7 +473,7 @@ milter_write(m, cmd, buf, len, to, e) ** The first is the size/command and the second is the command data. */ - if (len < 0 || len > MILTER_CHUNK_SIZE) + if (len < 0 || len > MilterMaxDataSize) { if (tTd(64, 5)) sm_dprintf("milter_write(%s): length %ld out of range\n", @@ -1427,6 +1428,10 @@ static struct milteropt { "macros.eom", MO_MACROS_EOM }, # define MO_LOGLEVEL 0x07 { "loglevel", MO_LOGLEVEL }, +# if _FFR_MAXDATASIZE +# define MO_MAXDATASIZE 0x08 + { "maxdatasize", MO_MAXDATASIZE }, +# endif /* _FFR_MAXDATASIZE */ { NULL, 0 }, }; @@ -1482,6 +1487,12 @@ milter_set_option(name, val, sticky) MilterLogLevel = atoi(val); break; +#if _FFR_MAXDATASIZE + case MO_MAXDATASIZE: + MilterMaxDataSize = (size_t)atol(val); + break; +#endif /* _FFR_MAXDATASIZE */ + case MO_MACROS_CONNECT: if (macros == NULL) macros = MilterConnectMacros; @@ -1575,9 +1586,8 @@ milter_reopen_df(e) ** read only again). ** ** In SuperSafe != SAFE_REALLY mode, e->e_dfp still points at the - ** buffered file I/O descriptor, still open for writing - ** so there isn't as much work to do, just truncate it - ** and go. + ** buffered file I/O descriptor, still open for writing so there + ** isn't any work to do here (except checking for consistency). */ if (SuperSafe == SAFE_REALLY) @@ -1631,7 +1641,7 @@ milter_reset_df(e) MILTER_DF_ERROR("milter_reset_df: error writing/flushing %s: %s"); return -1; } - else if (SuperSafe != SAFE_REALLY && SuperSafe != SAFE_REALLY_POSTMILTER) + else if (SuperSafe != SAFE_REALLY) { /* skip next few clauses */ /* EMPTY */ diff --git a/gnu/usr.sbin/sendmail/sendmail/ratectrl.c b/gnu/usr.sbin/sendmail/sendmail/ratectrl.c index 92fd5f4f519..fb01bb7c104 100644 --- a/gnu/usr.sbin/sendmail/sendmail/ratectrl.c +++ b/gnu/usr.sbin/sendmail/sendmail/ratectrl.c @@ -45,7 +45,7 @@ */ #include <sendmail.h> -SM_RCSID("@(#)$Sendmail: ratectrl.c,v 8.8 2004/03/09 17:56:28 ca Exp $") +SM_RCSID("@(#)$Sendmail: ratectrl.c,v 8.9 2004/07/07 21:23:57 ca Exp $") /* ** stuff included - given some warnings (inet_ntoa) @@ -144,6 +144,7 @@ connection_rate_check(hostaddr, e) static int CollTime = 60; +/* this should be a power of 2, otherwise CPMHMASK doesn't work well */ #ifndef CPMHSIZE # define CPMHSIZE 1024 #endif /* CPMHSIZE */ diff --git a/gnu/usr.sbin/sendmail/sendmail/readcf.c b/gnu/usr.sbin/sendmail/sendmail/readcf.c index 7f6da0a1861..bfe7e43940f 100644 --- a/gnu/usr.sbin/sendmail/sendmail/readcf.c +++ b/gnu/usr.sbin/sendmail/sendmail/readcf.c @@ -13,7 +13,7 @@ #include <sendmail.h> -SM_RCSID("@(#)$Sendmail: readcf.c,v 8.638 2004/06/02 22:48:51 ca Exp $") +SM_RCSID("@(#)$Sendmail: readcf.c,v 8.641 2004/07/23 20:45:02 gshapiro Exp $") #if NETINET || NETINET6 # include <arpa/inet.h> @@ -1187,6 +1187,8 @@ makemailer(line) } m->m_name = newstr(line); m->m_qgrp = NOQGRP; + m->m_uid = NO_UID; + m->m_gid = NO_GID; /* now scan through and assign info from the fields */ while (*p != '\0') @@ -2180,6 +2182,14 @@ static struct optioninfo { "FallbackSmartHost", O_FALLBACKSMARTHOST, OI_NONE }, #define O_SASLREALM 0xd6 { "AuthRealm", O_SASLREALM, OI_NONE }, +#if _FFR_CRLPATH +# define O_CRLPATH 0xd7 + { "CRLPath", O_CRLPATH, OI_NONE }, +#endif /* _FFR_CRLPATH */ +#if _FFR_HELONAME +# define O_HELONAME 0xd8 + { "HeloName", O_HELONAME, OI_NONE }, +#endif /* _FFR_HELONAME */ { NULL, '\0', OI_NONE } }; @@ -3502,6 +3512,18 @@ setoption(opt, val, safe, sticky, e) break; # endif /* OPENSSL_VERSION_NUMBER > 0x00907000L */ +# if _FFR_CRLPATH + case O_CRLPATH: +# if OPENSSL_VERSION_NUMBER > 0x00907000L + SET_STRING_EXP(CRLPath); +# else /* OPENSSL_VERSION_NUMBER > 0x00907000L */ + (void) sm_io_fprintf(smioout, SM_TIME_DEFAULT, + "Warning: Option: %s requires at least OpenSSL 0.9.7\n", + OPTNAME); + break; +# endif /* OPENSSL_VERSION_NUMBER > 0x00907000L */ +# endif /* _FFR_CRLPATH */ + /* ** XXX How about options per daemon/client instead of globally? ** This doesn't work well for some options, e.g., no server cert, @@ -3570,6 +3592,9 @@ setoption(opt, val, safe, sticky, e) case O_CIPHERLIST: # endif /* _FFR_TLS_1 */ case O_CRLFILE: +# if _FFR_CRLPATH + case O_CRLPATH: +# endif /* _FFR_CRLPATH */ case O_RANDFILE: (void) sm_io_fprintf(smioout, SM_TIME_DEFAULT, "Warning: Option: %s requires TLS support\n", @@ -3679,6 +3704,12 @@ setoption(opt, val, safe, sticky, e) FallbackSmartHost = newstr(val); break; +#if _FFR_HELONAME + case O_HELONAME: + HeloName = newstr(val); + break; +#endif /* _FFR_HELONAME */ + default: if (tTd(37, 1)) { diff --git a/gnu/usr.sbin/sendmail/sendmail/recipient.c b/gnu/usr.sbin/sendmail/sendmail/recipient.c index b5c24754da7..db6a4b02f81 100644 --- a/gnu/usr.sbin/sendmail/sendmail/recipient.c +++ b/gnu/usr.sbin/sendmail/sendmail/recipient.c @@ -13,7 +13,7 @@ #include <sendmail.h> -SM_RCSID("@(#)$Sendmail: recipient.c,v 8.335 2003/10/06 20:37:56 ca Exp $") +SM_RCSID("@(#)$Sendmail: recipient.c,v 8.336 2004/07/23 20:45:02 gshapiro Exp $") static void includetimeout __P((void)); static ADDRESS *self_reference __P((ADDRESS *)); @@ -1309,9 +1309,20 @@ writable(filename, ctladdr, flags) } else if (FileMailer != NULL && !bitset(SFF_ROOTOK, flags)) { - euid = FileMailer->m_uid; - egid = FileMailer->m_gid; - user = NULL; + if (FileMailer->m_uid == NO_UID) + { + euid = DefUid; + user = DefUser; + } + else + { + euid = FileMailer->m_uid; + user = NULL; + } + if (FileMailer->m_gid == NO_GID) + egid = DefGid; + else + egid = FileMailer->m_gid; } else { diff --git a/gnu/usr.sbin/sendmail/sendmail/sendmail.h b/gnu/usr.sbin/sendmail/sendmail/sendmail.h index 273c5b57f9f..901fb55e46f 100644 --- a/gnu/usr.sbin/sendmail/sendmail/sendmail.h +++ b/gnu/usr.sbin/sendmail/sendmail/sendmail.h @@ -52,7 +52,7 @@ #ifdef _DEFINE # ifndef lint -SM_UNUSED(static char SmailId[]) = "@(#)$Sendmail: sendmail.h,v 8.982 2004/06/03 18:21:45 ca Exp $"; +SM_UNUSED(static char SmailId[]) = "@(#)$Sendmail: sendmail.h,v 8.984 2004/07/14 21:54:22 ca Exp $"; # endif /* ! lint */ #endif /* _DEFINE */ @@ -1852,6 +1852,9 @@ EXTERN char *RandFile; /* source of random data */ EXTERN char *SrvCertFile; /* file with server certificate */ EXTERN char *SrvKeyFile; /* file with server private key */ EXTERN char *CRLFile; /* file CRLs */ +#if _FFR_CRLPATH +EXTERN char *CRLPath; /* path to CRLs (dir. with hashes) */ +#endif /* _FFR_CRLPATH */ EXTERN unsigned long TLS_Srv_Opts; /* TLS server options */ #endif /* STARTTLS */ @@ -2265,6 +2268,9 @@ EXTERN char *FallbackMX; /* fall back MX host */ EXTERN char *FallbackSmartHost; /* fall back smart host */ EXTERN char *FileName; /* name to print on error messages */ EXTERN char *ForwardPath; /* path to search for .forward files */ +#if _FFR_HELONAME +EXTERN char *HeloName; /* hostname to announce in HELO */ +#endif /* _FFR_HELONAME */ EXTERN char *HelpFile; /* location of SMTP help file */ EXTERN char *HostStatDir; /* location of host status information */ EXTERN char *HostsFile; /* path to /etc/hosts file */ diff --git a/gnu/usr.sbin/sendmail/sendmail/srvrsmtp.c b/gnu/usr.sbin/sendmail/sendmail/srvrsmtp.c index 226a83432d1..05db9bf42a1 100644 --- a/gnu/usr.sbin/sendmail/sendmail/srvrsmtp.c +++ b/gnu/usr.sbin/sendmail/sendmail/srvrsmtp.c @@ -17,7 +17,7 @@ # include <libmilter/mfdef.h> #endif /* MILTER */ -SM_RCSID("@(#)$Sendmail: srvrsmtp.c,v 8.898 2004/06/17 17:30:09 ca Exp $") +SM_RCSID("@(#)$Sendmail: srvrsmtp.c,v 8.900 2004/07/08 23:29:33 ca Exp $") #include <sys/time.h> #include <sm/fdset.h> @@ -111,7 +111,7 @@ extern ENVELOPE BlankEnvelope; { \ char buf[16]; \ (void) sm_snprintf(buf, sizeof buf, "%d", \ - n_badrcpts > BadRcptThrottle \ + BadRcptThrottle > 0 && n_badrcpts > BadRcptThrottle \ ? n_badrcpts - 1 : n_badrcpts); \ macdefine(&e->e_macro, A_TEMP, macid("{nbadrcpts}"), buf); \ } while (0) @@ -354,6 +354,7 @@ static bool smtp_data __P((SMTP_T *, ENVELOPE *)); /* clear all SMTP state (for HELO/EHLO/RSET) */ #define CLEAR_STATE(cmd) \ +do \ { \ /* abort milter filters */ \ MILTER_ABORT(e); \ @@ -384,7 +385,22 @@ static bool smtp_data __P((SMTP_T *, ENVELOPE *)); /* put back discard bit */ \ if (smtp.sm_discard) \ e->e_flags |= EF_DISCARD; \ -} + \ + /* restore connection quarantining */ \ + if (smtp.sm_quarmsg == NULL) \ + { \ + e->e_quarmsg = NULL; \ + macdefine(&e->e_macro, A_PERM, \ + macid("{quarantine}"), ""); \ + } \ + else \ + { \ + e->e_quarmsg = sm_rpool_strdup_x(e->e_rpool, \ + smtp.sm_quarmsg); \ + macdefine(&e->e_macro, A_PERM, macid("{quarantine}"), \ + e->e_quarmsg); \ + } \ +} while (0) /* sleep to flatten out connection load */ #define MIN_DELAY_LOG 15 /* wait before logging this again */ @@ -1978,22 +1994,6 @@ tlsfail: if (gothello) { CLEAR_STATE(cmdbuf); - - /* restore connection quarantining */ - if (smtp.sm_quarmsg == NULL) - { - e->e_quarmsg = NULL; - macdefine(&e->e_macro, A_PERM, - macid("{quarantine}"), ""); - } - else - { - e->e_quarmsg = sm_rpool_strdup_x(e->e_rpool, - smtp.sm_quarmsg); - macdefine(&e->e_macro, A_PERM, - macid("{quarantine}"), - e->e_quarmsg); - } } #if MILTER @@ -2669,21 +2669,6 @@ tlsfail: else message("250 2.0.0 Reset state"); CLEAR_STATE(cmdbuf); - - /* restore connection quarantining */ - if (smtp.sm_quarmsg == NULL) - { - e->e_quarmsg = NULL; - macdefine(&e->e_macro, A_PERM, - macid("{quarantine}"), ""); - } - else - { - e->e_quarmsg = sm_rpool_strdup_x(e->e_rpool, - smtp.sm_quarmsg); - macdefine(&e->e_macro, A_PERM, - macid("{quarantine}"), e->e_quarmsg); - } break; case CMDVRFY: /* vrfy -- verify address */ diff --git a/gnu/usr.sbin/sendmail/sendmail/tls.c b/gnu/usr.sbin/sendmail/sendmail/tls.c index 0a3b8e78e10..a5ab2bc133f 100644 --- a/gnu/usr.sbin/sendmail/sendmail/tls.c +++ b/gnu/usr.sbin/sendmail/sendmail/tls.c @@ -10,7 +10,7 @@ #include <sendmail.h> -SM_RCSID("@(#)$Sendmail: tls.c,v 8.92 2004/06/07 23:54:59 ca Exp $") +SM_RCSID("@(#)$Sendmail: tls.c,v 8.95 2004/07/13 21:37:33 ca Exp $") #if STARTTLS # include <openssl/err.h> @@ -29,6 +29,10 @@ static int tls_verify_cb __P((X509_STORE_CTX *)); static int tls_verify_cb __P((X509_STORE_CTX *, void *)); # endif /* !defined() || OPENSSL_VERSION_NUMBER < 0x00907000L */ +# if OPENSSL_VERSION_NUMBER > 0x00907000L +static int x509_verify_cb __P((int, X509_STORE_CTX *)); +# endif /* OPENSSL_VERSION_NUMBER > 0x00907000L */ + # if !defined(OPENSSL_VERSION_NUMBER) || OPENSSL_VERSION_NUMBER < 0x00907000L # define CONST097 # else /* !defined() || OPENSSL_VERSION_NUMBER < 0x00907000L */ @@ -694,6 +698,8 @@ inittls(ctx, req, srv, certfile, keyfile, cacertpath, cacertfile, dhparam) X509_CRL_free(crl); X509_STORE_set_flags(store, X509_V_FLAG_CRL_CHECK|X509_V_FLAG_CRL_CHECK_ALL); + X509_STORE_set_verify_cb_func(store, + x509_verify_cb); } else { @@ -714,6 +720,27 @@ inittls(ctx, req, srv, certfile, keyfile, cacertpath, cacertfile, dhparam) sm_syslog(LOG_WARNING, NOQID, "STARTTLS=%s, error: BIO_new=failed", who); } +# if _FFR_CRLPATH + if (CRLPath != NULL) + { + X509_LOOKUP *lookup; + + lookup = X509_STORE_add_lookup(store, X509_LOOKUP_hash_dir()); + if (lookup == NULL) + { + if (LogLevel > 9) + { + sm_syslog(LOG_WARNING, NOQID, + "STARTTLS=%s, error: X509_STORE_add_lookup(hash)=failed", + who, CRLFile); + } + return false; + } + X509_LOOKUP_add_dir(lookup, CRLPath, X509_FILETYPE_PEM); + X509_STORE_set_flags(store, + X509_V_FLAG_CRL_CHECK|X509_V_FLAG_CRL_CHECK_ALL); + } +# endif /* _FFR_CRLPATH */ # endif /* OPENSSL_VERSION_NUMBER > 0x00907000L */ # if TLS_NO_RSA @@ -1451,9 +1478,10 @@ apps_ssl_info_cb(s, where, ret) */ static int -tls_verify_log(ok, ctx) +tls_verify_log(ok, ctx, name) int ok; X509_STORE_CTX *ctx; + char *name; { SSL *ssl; X509 *cert; @@ -1476,10 +1504,11 @@ tls_verify_log(ok, ctx) X509_NAME_oneline(X509_get_subject_name(cert), buf, sizeof buf); sm_syslog(LOG_INFO, NOQID, - "STARTTLS: cert verify: depth=%d %s, state=%d, reason=%s", - depth, buf, ok, X509_verify_cert_error_string(reason)); + "STARTTLS: %s cert verify: depth=%d %s, state=%d, reason=%s", + name, depth, buf, ok, X509_verify_cert_error_string(reason)); return 1; } + /* ** TLS_VERIFY_CB -- verify callback for TLS certificates ** @@ -1507,7 +1536,7 @@ tls_verify_cb(ctx, unused) if (ok == 0) { if (LogLevel > 13) - return tls_verify_log(ok, ctx); + return tls_verify_log(ok, ctx, "TLS"); return 1; /* override it */ } return ok; @@ -1544,4 +1573,35 @@ tlslogerr(who) bitset(ERR_TXT_STRING, flags) ? data : ""); } } + +# if OPENSSL_VERSION_NUMBER > 0x00907000L +/* +** X509_VERIFY_CB -- verify callback +** +** Parameters: +** ctx -- x509 context +** +** Returns: +** accept connection? +** currently: always yes. +*/ + +static int +x509_verify_cb(ok, ctx) + int ok; + X509_STORE_CTX *ctx; +{ + if (ok == 0) + { + if (LogLevel > 13) + tls_verify_log(ok, ctx, "x509"); + if (ctx->error == X509_V_ERR_UNABLE_TO_GET_CRL) + { + ctx->error = 0; + return 1; /* override it */ + } + } + return ok; +} +# endif /* OPENSSL_VERSION_NUMBER > 0x00907000L */ #endif /* STARTTLS */ diff --git a/gnu/usr.sbin/sendmail/sendmail/version.c b/gnu/usr.sbin/sendmail/sendmail/version.c index 3f7a60a7c44..cb09a2b29d4 100644 --- a/gnu/usr.sbin/sendmail/sendmail/version.c +++ b/gnu/usr.sbin/sendmail/sendmail/version.c @@ -13,6 +13,6 @@ #include <sm/gen.h> -SM_RCSID("@(#)$Sendmail: version.c,v 8.125 2004/06/18 21:44:04 ca Exp $") +SM_RCSID("@(#)$Sendmail: version.c,v 8.130 2004/07/30 18:03:07 ca Exp $") -char Version[] = "8.13.0"; +char Version[] = "8.13.1"; |