summaryrefslogtreecommitdiff
path: root/usr.sbin/smtpd/smtpd.c
diff options
context:
space:
mode:
authorGilles Chehade <gilles@cvs.openbsd.org>2009-03-03 15:47:29 +0000
committerGilles Chehade <gilles@cvs.openbsd.org>2009-03-03 15:47:29 +0000
commit03f32476187e8858467c286465bc61232a3738d5 (patch)
treefd016036c7fe8d1f839223e5735f255751d3f38a /usr.sbin/smtpd/smtpd.c
parent037bf966773c5d8b701ce7df59893d237263b3b9 (diff)
fix mbox locking by having it done by mail.local(8) which in turns uses
lockspool(1). this means our mbox delivery follows a code path that has become almost identical to external mda deliveries. this is the first of a serie of diffs actually... lockspool(1) suggestion by deraadt@, mail.local(8) idea by jacekm@, and fix and testing by me
Diffstat (limited to 'usr.sbin/smtpd/smtpd.c')
-rw-r--r--usr.sbin/smtpd/smtpd.c85
1 files changed, 51 insertions, 34 deletions
diff --git a/usr.sbin/smtpd/smtpd.c b/usr.sbin/smtpd/smtpd.c
index a296a4a702c..8b4ab17ed4a 100644
--- a/usr.sbin/smtpd/smtpd.c
+++ b/usr.sbin/smtpd/smtpd.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: smtpd.c,v 1.38 2009/03/01 21:58:53 jacekm Exp $ */
+/* $OpenBSD: smtpd.c,v 1.39 2009/03/03 15:47:27 gilles Exp $ */
/*
* Copyright (c) 2008 Gilles Chehade <gilles@openbsd.org>
@@ -942,52 +942,69 @@ parent_mailbox_init(struct passwd *pw, char *pathname)
int
parent_mailbox_open(char *path, struct passwd *pw, struct batch *batchp)
{
- int fd;
- int mode = O_CREAT|O_APPEND|O_RDWR|O_EXLOCK|O_NONBLOCK|O_NOFOLLOW;
+ pid_t pid;
+ int pipefd[2];
+ struct mdaproc *mdaproc;
+ char sender[MAX_PATH_SIZE];
+
+ /* This can never happen, but better safe than sorry. */
+ if (! bsnprintf(sender, MAX_PATH_SIZE, "%s@%s",
+ batchp->message.sender.user,
+ batchp->message.sender.domain)) {
+ batchp->message.status |= S_MESSAGE_PERMFAILURE;
+ return -1;
+ }
if (! parent_mailbox_init(pw, path)) {
batchp->message.status |= S_MESSAGE_TEMPFAILURE;
return -1;
}
- fd = open(path, mode, 0600);
- if (fd == -1) {
- /* XXX - this needs to be discussed ... */
- switch (errno) {
- case ENOTDIR:
- case ENOENT:
- case EACCES:
- case ELOOP:
- case EROFS:
- case EDQUOT:
- case EINTR:
- case EIO:
- case EMFILE:
- case ENFILE:
- case ENOSPC:
- goto tempfail;
- case EWOULDBLOCK:
- batchp->message.status |= S_MESSAGE_LOCKFAILURE;
- goto tempfail;
- default:
- batchp->message.status |= S_MESSAGE_PERMFAILURE;
- }
+ log_debug("executing mail.local");
+
+ if (socketpair(AF_UNIX, SOCK_STREAM, 0, pipefd) == -1) {
+ batchp->message.status |= S_MESSAGE_PERMFAILURE;
+ return -1;
+ }
+
+ /* raise privileges because mail.local needs root to
+ * deliver to user mailboxes.
+ */
+ if (seteuid(0) == -1)
+ fatal("privraise failed");
+
+ pid = fork();
+ if (pid == -1) {
+ close(pipefd[0]);
+ close(pipefd[1]);
+ batchp->message.status |= S_MESSAGE_PERMFAILURE;
return -1;
}
- if (! secure_file(fd, path, pw)) {
- log_warnx("refusing delivery to unsecure path: %s", path);
- goto tempfail;
+ if (pid == 0) {
+ setproctitle("mail.local");
+
+ close(pipefd[0]);
+ close(STDOUT_FILENO);
+ close(STDERR_FILENO);
+ dup2(pipefd[1], 0);
+
+ execlp(PATH_MAILLOCAL, "mail.local", "-f", sender, pw->pw_name, (void *)NULL);
+ _exit(1);
}
- return fd;
+ if (seteuid(pw->pw_uid) == -1)
+ fatal("privdrop failed");
-tempfail:
- if (fd != -1)
- close(fd);
+ mdaproc = calloc(1, sizeof (struct mdaproc));
+ if (mdaproc == NULL)
+ fatal("calloc");
+ mdaproc->pid = pid;
- batchp->message.status |= S_MESSAGE_TEMPFAILURE;
- return -1;
+ SPLAY_INSERT(mdaproctree, &batchp->env->mdaproc_queue, mdaproc);
+
+ close(pipefd[1]);
+ return pipefd[0];
}
int