summaryrefslogtreecommitdiff
path: root/gnu/usr.sbin
diff options
context:
space:
mode:
Diffstat (limited to 'gnu/usr.sbin')
-rw-r--r--gnu/usr.sbin/sendmail/RELEASE_NOTES45
-rw-r--r--gnu/usr.sbin/sendmail/cf/README15
-rw-r--r--gnu/usr.sbin/sendmail/cf/feature/access_db.m47
-rw-r--r--gnu/usr.sbin/sendmail/cf/feature/greet_pause.m48
-rw-r--r--gnu/usr.sbin/sendmail/cf/m4/proto.m44
-rw-r--r--gnu/usr.sbin/sendmail/cf/m4/version.m44
-rw-r--r--gnu/usr.sbin/sendmail/contrib/qtool.86
-rw-r--r--gnu/usr.sbin/sendmail/doc/op/README13
-rw-r--r--gnu/usr.sbin/sendmail/include/libmilter/mfapi.h5
-rw-r--r--gnu/usr.sbin/sendmail/include/libmilter/mfdef.h3
-rw-r--r--gnu/usr.sbin/sendmail/include/sm/conf.h10
-rw-r--r--gnu/usr.sbin/sendmail/libmilter/comm.c31
-rw-r--r--gnu/usr.sbin/sendmail/sendmail/README7
-rw-r--r--gnu/usr.sbin/sendmail/sendmail/aliases.515
-rw-r--r--gnu/usr.sbin/sendmail/sendmail/conf.c20
-rw-r--r--gnu/usr.sbin/sendmail/sendmail/conf.h12
-rw-r--r--gnu/usr.sbin/sendmail/sendmail/daemon.c9
-rw-r--r--gnu/usr.sbin/sendmail/sendmail/deliver.c115
-rw-r--r--gnu/usr.sbin/sendmail/sendmail/headers.c17
-rw-r--r--gnu/usr.sbin/sendmail/sendmail/map.c11
-rw-r--r--gnu/usr.sbin/sendmail/sendmail/milter.c22
-rw-r--r--gnu/usr.sbin/sendmail/sendmail/ratectrl.c3
-rw-r--r--gnu/usr.sbin/sendmail/sendmail/readcf.c33
-rw-r--r--gnu/usr.sbin/sendmail/sendmail/recipient.c19
-rw-r--r--gnu/usr.sbin/sendmail/sendmail/sendmail.h8
-rw-r--r--gnu/usr.sbin/sendmail/sendmail/srvrsmtp.c53
-rw-r--r--gnu/usr.sbin/sendmail/sendmail/tls.c70
-rw-r--r--gnu/usr.sbin/sendmail/sendmail/version.c4
28 files changed, 434 insertions, 135 deletions
diff --git a/gnu/usr.sbin/sendmail/RELEASE_NOTES b/gnu/usr.sbin/sendmail/RELEASE_NOTES
index 5d69cdd3263..687973469b5 100644
--- a/gnu/usr.sbin/sendmail/RELEASE_NOTES
+++ b/gnu/usr.sbin/sendmail/RELEASE_NOTES
@@ -1,11 +1,52 @@
SENDMAIL RELEASE NOTES
- $Sendmail: RELEASE_NOTES,v 8.1664 2004/06/20 17:04:51 ca Exp $
+ $Sendmail: RELEASE_NOTES,v 8.1679 2004/07/30 18:03:07 ca Exp $
This listing shows the version of the sendmail binary, the version
of the sendmail configuration files, the date of release, and a
summary of the changes in that release.
+8.13.1/8.13.1 2004/07/30
+ Using the default AliasFile ldap: specification would cause the
+ objectClasses of the LDAP response to be included in the
+ alias expansion. Problem noted by Brenden Conte of
+ Rensselaer Polytechnic Institute.
+ Fix support for a fallback smart host for system where DNS is
+ (partially) available. From John Beck of Sun Microsystems.
+ Fix SuperSafe=PostMilter behavior when a milter replaces a body
+ but the data file is not yet stored on disk because it is
+ smaller than the size of the memory buffer. Problem noted
+ by David Russell.
+ Fix certificate revocation list support; if a CRL was specified
+ but the other side presented a cert that was signed by
+ a different (trusted) CA than the one which issued the CRL,
+ verification would always fail. Problem noted by Al Smith.
+ Run mailer programs as the RunAsUser when RunAsUser is set and
+ the F=S mailer flag is set without a U= mailer equate.
+ Problem noted by John Gardiner Myers of Proofpoint.
+ ${nbadrcpts} was off by one if BadRcptThrottle is zero.
+ Patch from Sung-hoon Choi of DreamWiz Inc.
+ CONFIG: Emit a warning if FEATURE(`access_db') is used after
+ FEATURE(`greet_pause') because then the latter will not
+ use the access map. Note: if no default value is given
+ for FEATURE(`greet_pause') then it issues an error if
+ FEATURE(`access_db') is not specified before it.
+ Problem noted by Alexander Dalloz of University of
+ Bielefeld.
+ CONFIG: Invoke ruleset Local_greet_pause if FEATURE(`greet_pause')
+ is used to give more flexibility for local changes.
+ Portability:
+ Fix a 64 bit problem in the socket map code. Problem
+ noted by Geoff Adams.
+ NetBSD 2.0F has closefrom(3). Patch from Andrew Brown.
+ NetBSD can use sysctl(3) to get the number of CPUs in
+ a system. Patch from Andrew Brown.
+ Add a README file in doc/op/ to explain potential
+ incompatibilities with various *roff related
+ tools. Problem tracked down by Per Hedeland.
+ New Files:
+ doc/op/README
+
8.13.0/8.13.0 2004/06/20
Do not include AUTH data in a bounce to avoid leaking confidential
information. See also cf/README about MSP and the section
@@ -60,7 +101,7 @@ summary of the changes in that release.
during that connection.
If 32 NOOP (or unknown/bad) commands are issued by a client the SMTP
server could sleep for a very long time. Fix based on
- patch from T. Kobayashi.
+ patch from Tadashi Kobayashi of IIJ.
Fix a potential memory leak in persistent queue runners if the
number of entries in the queue exceeds the limit of jobs.
Problem noted by Steve Hubert of University of Washington.
diff --git a/gnu/usr.sbin/sendmail/cf/README b/gnu/usr.sbin/sendmail/cf/README
index 07fc191b2fc..8fb4e404080 100644
--- a/gnu/usr.sbin/sendmail/cf/README
+++ b/gnu/usr.sbin/sendmail/cf/README
@@ -131,8 +131,8 @@ definition appropriate for your environment.
These describe the mailers used at the default CS site. The local
mailer is always included automatically. Beware: MAILER declarations
-should always be at the end of the configuration file. The general
-rules are that the order should be:
+should only be followed by LOCAL_* sections. The general rules are
+that the order should be:
VERSIONID
OSTYPE
@@ -1486,8 +1486,13 @@ greet_pause Adds the greet_pause ruleset which enables open proxy
When using FEATURE(`access_db'), the optional
FEATURE(`greet_pause') argument becomes the default if
- nothing is found in the access database.
+ nothing is found in the access database. A ruleset called
+ Local_greet_pause can be used for local modifications, e.g.,
+ LOCAL_RULESETS
+ SLocal_greet_pause
+ R$* $: $&{daemon_flags}
+ R$* a $* $# 0
+-------+
| HACKS |
@@ -2793,6 +2798,8 @@ to $&{currHeader}.
2. There are no default rulesets coming with this distribution of
sendmail. You can either write your own or you can search the
WWW for examples, e.g., http://www.digitalanswers.org/check_local/
+3. When using a default ruleset for headers, the name of the header
+currently being checked can be found in the $&{hdr_name} macro.
After all of the headers are read, the check_eoh ruleset will be called for
any final header-related checks. The ruleset is called with the number of
@@ -4580,4 +4587,4 @@ M4 DIVERSIONS
8 DNS based blacklists
9 special local rulesets (1 and 2)
-$Revision: 1.21 $, Last updated $Date: 2004/06/24 03:59:24 $
+$Revision: 1.22 $, Last updated $Date: 2004/09/18 04:08:34 $
diff --git a/gnu/usr.sbin/sendmail/cf/feature/access_db.m4 b/gnu/usr.sbin/sendmail/cf/feature/access_db.m4
index c276e71fde9..886202c9b3a 100644
--- a/gnu/usr.sbin/sendmail/cf/feature/access_db.m4
+++ b/gnu/usr.sbin/sendmail/cf/feature/access_db.m4
@@ -1,6 +1,6 @@
divert(-1)
#
-# Copyright (c) 1998-2002 Sendmail, Inc. and its suppliers.
+# Copyright (c) 1998-2002, 2004 Sendmail, Inc. and its suppliers.
# All rights reserved.
#
# By using this file, you agree to the terms and conditions set
@@ -10,7 +10,7 @@ divert(-1)
#
divert(0)
-VERSIONID(`$Sendmail: access_db.m4,v 8.25 2002/06/25 23:11:40 gshapiro Exp $')
+VERSIONID(`$Sendmail: access_db.m4,v 8.26 2004/06/24 18:10:02 ca Exp $')
divert(-1)
define(`_ACCESS_TABLE_', `')
@@ -33,6 +33,9 @@ ifelse(defn(`_ARG_'), `', `',
')
')
')
+ifdef(`_GREET_PAUSE_',
+ `errprint(`*** WARNING: FEATURE(`greet_pause') before FEATURE(`access_db')
+ greet_pause will not use access_db!')')
LOCAL_CONFIG
# Access list database (for spam stomping)
diff --git a/gnu/usr.sbin/sendmail/cf/feature/greet_pause.m4 b/gnu/usr.sbin/sendmail/cf/feature/greet_pause.m4
index d1b3c12fb7a..9af68702985 100644
--- a/gnu/usr.sbin/sendmail/cf/feature/greet_pause.m4
+++ b/gnu/usr.sbin/sendmail/cf/feature/greet_pause.m4
@@ -10,13 +10,15 @@ divert(-1)
#
divert(0)
-VERSIONID(`$Sendmail: greet_pause.m4,v 1.1 2004/02/23 21:36:04 gshapiro Exp $')
+VERSIONID(`$Sendmail: greet_pause.m4,v 1.4 2004/07/06 20:49:51 ca Exp $')
divert(-1)
ifelse(len(X`'_ARG_),`1',`ifdef(`_ACCESS_TABLE_', `',
`errprint(`*** ERROR: FEATURE(`greet_pause') requires FEATURE(`access_db')
')')')
+define(`_GREET_PAUSE_', `')
+
LOCAL_RULESETS
######################################################################
### greet_pause: lookup pause time before 220 greeting
@@ -25,7 +27,11 @@ LOCAL_RULESETS
### $1: {client_name}
### $2: {client_addr}
######################################################################
+SLocal_greet_pause
Sgreet_pause
+R$* $: <$1><?> $| $>"Local_greet_pause" $1
+R<$*><?> $| $#$* $#$2
+R<$*><?> $| $* $: $1
ifdef(`_ACCESS_TABLE_', `dnl
R$+ $| $+ $: $>D < $1 > <?> <! GreetPause> < $2 >
R $| $+ $: $>A < $1 > <?> <! GreetPause> <> empty client_name
diff --git a/gnu/usr.sbin/sendmail/cf/m4/proto.m4 b/gnu/usr.sbin/sendmail/cf/m4/proto.m4
index 0e8b3f537d2..ef72d6a69f3 100644
--- a/gnu/usr.sbin/sendmail/cf/m4/proto.m4
+++ b/gnu/usr.sbin/sendmail/cf/m4/proto.m4
@@ -13,7 +13,7 @@ divert(-1)
#
divert(0)
-VERSIONID(`$Sendmail: proto.m4,v 8.709 2004/06/02 22:48:51 ca Exp $')
+VERSIONID(`$Sendmail: proto.m4,v 8.710 2004/07/27 17:32:48 ca Exp $')
# level CF_LEVEL config file format
V`'CF_LEVEL/ifdef(`VENDOR_NAME', `VENDOR_NAME', `Berkeley')
@@ -662,7 +662,7 @@ _OPTION(ServerKeyFile, `confSERVER_KEY', `')
_OPTION(ClientCertFile, `confCLIENT_CERT', `')
# Client private key
_OPTION(ClientKeyFile, `confCLIENT_KEY', `')
-# File containing certificate revokation lists
+# File containing certificate revocation lists
_OPTION(CRLFile, `confCRL', `')
# DHParameters (only required if DSA/DH is used)
_OPTION(DHParameters, `confDH_PARAMETERS', `')
diff --git a/gnu/usr.sbin/sendmail/cf/m4/version.m4 b/gnu/usr.sbin/sendmail/cf/m4/version.m4
index d2148e5375c..753bd089259 100644
--- a/gnu/usr.sbin/sendmail/cf/m4/version.m4
+++ b/gnu/usr.sbin/sendmail/cf/m4/version.m4
@@ -11,8 +11,8 @@ divert(-1)
# the sendmail distribution.
#
#
-VERSIONID(`$Sendmail: version.m4,v 8.112 2004/06/18 21:44:04 ca Exp $')
+VERSIONID(`$Sendmail: version.m4,v 8.117 2004/07/30 18:03:07 ca Exp $')
#
divert(0)
# Configuration version number
-DZ8.13.0`'ifdef(`confCF_VERSION', `/confCF_VERSION')
+DZ8.13.1`'ifdef(`confCF_VERSION', `/confCF_VERSION')
diff --git a/gnu/usr.sbin/sendmail/contrib/qtool.8 b/gnu/usr.sbin/sendmail/contrib/qtool.8
index e86d8e99fb6..b2ebe89c6fa 100644
--- a/gnu/usr.sbin/sendmail/contrib/qtool.8
+++ b/gnu/usr.sbin/sendmail/contrib/qtool.8
@@ -6,9 +6,9 @@
.\" the sendmail distribution.
.\"
.\"
-.\" $Sendmail: qtool.8,v 8.19 2002/06/27 23:06:16 gshapiro Exp $
+.\" $Sendmail: qtool.8,v 8.20 2004/06/28 17:49:41 ca Exp $
.\"
-.TH QTOOL 8 "$Date: 2004/06/24 03:59:24 $"
+.TH QTOOL 8 "$Date: 2004/09/18 04:08:34 $"
.SH NAME
qtool
\- manipulate sendmail queues
@@ -56,7 +56,7 @@ Defaults to /etc/mail/sendmail.cf.
Delete all of the messages specified by source.
.TP
\fB\-e\fP \fIperl_expression\fP
-Evalute \fIperl_expression\fP for each queue file as specified
+Evaluate \fIperl_expression\fP for each queue file as specified
by \fIsource\fP. If \fIperl_expression\fP evaluates to true, then that
queue file is moved. See below for more detail on \fIperl_expression\fP.
.TP
diff --git a/gnu/usr.sbin/sendmail/doc/op/README b/gnu/usr.sbin/sendmail/doc/op/README
new file mode 100644
index 00000000000..f2be5d73331
--- /dev/null
+++ b/gnu/usr.sbin/sendmail/doc/op/README
@@ -0,0 +1,13 @@
+Known Problems with some *roff versions
+
+If you encounter the error:
+
+Unknown escape sequence in input: 33, 133
+
+when trying to create op.txt then set the GROFF_NO_SGR environment
+variable (see grotty(1) man page), e.g.,
+
+csh% setenv GROFF_NO_SGR 1
+sh$ GROFF_NO_SGR=1; export GROFF_NO_SGR
+
+$Sendmail: README,v 8.1 2004/07/20 20:25:10 ca Exp $
diff --git a/gnu/usr.sbin/sendmail/include/libmilter/mfapi.h b/gnu/usr.sbin/sendmail/include/libmilter/mfapi.h
index 957726f4168..b208c035e72 100644
--- a/gnu/usr.sbin/sendmail/include/libmilter/mfapi.h
+++ b/gnu/usr.sbin/sendmail/include/libmilter/mfapi.h
@@ -7,7 +7,7 @@
* the sendmail distribution.
*
*
- * $Sendmail: mfapi.h,v 8.58 2004/04/29 18:04:48 gshapiro Exp $
+ * $Sendmail: mfapi.h,v 8.59 2004/07/07 21:41:31 ca Exp $
*/
/*
@@ -147,6 +147,9 @@ LIBMILTER_API int smfi_setdbg __P((int));
LIBMILTER_API int smfi_settimeout __P((int));
LIBMILTER_API int smfi_setconn __P((char *));
LIBMILTER_API int smfi_stop __P((void));
+#if _FFR_MAXDATASIZE
+LIBMILTER_API size_t smfi_setmaxdatasize __P((size_t));
+#endif /* _FFR_MAXDATASIZE */
/*
** What the filter might do -- values to be ORed together for
diff --git a/gnu/usr.sbin/sendmail/include/libmilter/mfdef.h b/gnu/usr.sbin/sendmail/include/libmilter/mfdef.h
index faca3ecdc70..ef0d4585ea0 100644
--- a/gnu/usr.sbin/sendmail/include/libmilter/mfdef.h
+++ b/gnu/usr.sbin/sendmail/include/libmilter/mfdef.h
@@ -7,7 +7,7 @@
* the sendmail distribution.
*
*
- * $Sendmail: mfdef.h,v 8.20 2004/06/16 17:45:49 ca Exp $
+ * $Sendmail: mfdef.h,v 8.21 2004/07/07 21:41:31 ca Exp $
*/
/*
@@ -21,6 +21,7 @@
# define MILTER_LEN_BYTES 4 /* length of 32 bit integer in bytes */
# define MILTER_OPTLEN (MILTER_LEN_BYTES * 3) /* length of options */
# define MILTER_CHUNK_SIZE 65535 /* body chunk size */
+# define MILTER_MAX_DATA_SIZE 65535 /* default milter command data limit */
/* These apply to SMFIF_* flags */
#define SMFI_V1_ACTS 0x0000000FL /* The actions of V1 filter */
diff --git a/gnu/usr.sbin/sendmail/include/sm/conf.h b/gnu/usr.sbin/sendmail/include/sm/conf.h
index e723e45a5d1..c5669b92a31 100644
--- a/gnu/usr.sbin/sendmail/include/sm/conf.h
+++ b/gnu/usr.sbin/sendmail/include/sm/conf.h
@@ -10,7 +10,7 @@
* the sendmail distribution.
*
*
- * $Sendmail: conf.h,v 1.115 2004/06/07 23:53:43 ca Exp $
+ * $Sendmail: conf.h,v 1.116 2004/07/26 18:08:35 ca Exp $
*/
/*
@@ -911,6 +911,14 @@ extern unsigned int sleepX __P((unsigned int seconds));
# if defined(__NetBSD__) && defined(__NetBSD_Version__) && __NetBSD_Version__ >= 104170000
# define HASSETUSERCONTEXT 1 /* BSDI-style login classes */
# endif
+# if defined(__NetBSD__) && defined(__NetBSD_Version__) && __NetBSD_Version__ >= 200060000
+# define HASCLOSEFROM 1 /* closefrom(3) added in 2.0F */
+# endif
+# if defined(__NetBSD__)
+# define USESYSCTL 1 /* use sysctl(3) for getting ncpus */
+# include <sys/param.h>
+# include <sys/sysctl.h>
+# endif
# if defined(__FreeBSD__)
# define HASSETLOGIN 1 /* has setlogin(2) */
# if __FreeBSD_version >= 227001
diff --git a/gnu/usr.sbin/sendmail/libmilter/comm.c b/gnu/usr.sbin/sendmail/libmilter/comm.c
index 9b0a6798e87..55124a897a2 100644
--- a/gnu/usr.sbin/sendmail/libmilter/comm.c
+++ b/gnu/usr.sbin/sendmail/libmilter/comm.c
@@ -9,12 +9,37 @@
*/
#include <sm/gen.h>
-SM_RCSID("@(#)$Sendmail: comm.c,v 8.64 2004/04/30 22:02:57 ca Exp $")
+SM_RCSID("@(#)$Sendmail: comm.c,v 8.65 2004/07/07 21:41:30 ca Exp $")
#include "libmilter.h"
#include <sm/errstring.h>
#include <sys/uio.h>
+static size_t Maxdatasize = MILTER_MAX_DATA_SIZE;
+
+#if _FFR_MAXDATASIZE
+/*
+** SMFI_SETMAXDATASIZE -- set limit for milter data read/write.
+**
+** Parameters:
+** sz -- new limit.
+**
+** Returns:
+** old limit
+*/
+
+size_t
+smfi_setmaxdatasize(sz)
+ size_t sz;
+{
+ size_t old;
+
+ old = Maxdatasize;
+ Maxdatasize = sz;
+ return old;
+}
+#endif /* _FFR_MAXDATASIZE */
+
/*
** MI_RD_CMD -- read a command
**
@@ -108,7 +133,7 @@ mi_rd_cmd(sd, timeout, cmd, rlen, name)
expl = ntohl(expl) - 1;
if (expl <= 0)
return NULL;
- if (expl > MILTER_CHUNK_SIZE)
+ if (expl > Maxdatasize)
{
*cmd = SMFIC_TOOBIG;
return NULL;
@@ -307,7 +332,7 @@ mi_wr_cmd(sd, timeout, cmd, buf, len)
struct iovec iov[2];
char data[MILTER_LEN_BYTES + 1];
- if (len > MILTER_CHUNK_SIZE || (len > 0 && buf == NULL))
+ if (len > Maxdatasize || (len > 0 && buf == NULL))
return MI_FAILURE;
nl = htonl(len + 1); /* add 1 for the cmd char */
diff --git a/gnu/usr.sbin/sendmail/sendmail/README b/gnu/usr.sbin/sendmail/sendmail/README
index c97ffa511ce..d30964d77c9 100644
--- a/gnu/usr.sbin/sendmail/sendmail/README
+++ b/gnu/usr.sbin/sendmail/sendmail/README
@@ -1,4 +1,4 @@
-# Copyright (c) 1998-2003 Sendmail, Inc. and its suppliers.
+# Copyright (c) 1998-2004 Sendmail, Inc. and its suppliers.
# All rights reserved.
# Copyright (c) 1983, 1995-1997 Eric P. Allman. All rights reserved.
# Copyright (c) 1988
@@ -9,7 +9,7 @@
# the sendmail distribution.
#
#
-# $Sendmail: README,v 8.383 2004/03/26 19:01:08 ca Exp $
+# $Sendmail: README,v 8.384 2004/07/26 18:03:55 ca Exp $
#
This directory contains the source files for sendmail(TM).
@@ -498,6 +498,7 @@ NEEDINTERRNO Set this if <errno.h> does not declare errno, i.e., if an
application needs to use
extern int errno;
USE_TTYPATH Set this to 1 to enable ErrorMode=write.
+USESYSCTL Use sysctl(3) to determine the number of CPUs in a system.
+-----------------------+
@@ -1822,4 +1823,4 @@ util.c Some general purpose routines used by sendmail.
version.c The version number and information about this
version of sendmail.
-(Version $Revision: 1.20 $, last update $Date: 2004/06/24 03:59:26 $ )
+(Version $Revision: 1.21 $, last update $Date: 2004/09/18 04:08:34 $ )
diff --git a/gnu/usr.sbin/sendmail/sendmail/aliases.5 b/gnu/usr.sbin/sendmail/sendmail/aliases.5
index b372dfb559d..fb4b80517fb 100644
--- a/gnu/usr.sbin/sendmail/sendmail/aliases.5
+++ b/gnu/usr.sbin/sendmail/sendmail/aliases.5
@@ -9,9 +9,9 @@
.\" the sendmail distribution.
.\"
.\"
-.\" $Sendmail: aliases.5,v 8.17 2000/12/14 23:09:46 gshapiro Exp $
+.\" $Sendmail: aliases.5,v 8.19 2004/07/12 05:39:21 ca Exp $
.\"
-.Dd December 14, 2000
+.Dd July 12, 2004
.Dt ALIASES 5
.Os
.Sh NAME
@@ -88,6 +88,17 @@ are comments.
Aliasing occurs only on local names.
Loops can not occur, since no message will be sent to any person more than once.
.Pp
+If an alias is found for
+.Em name ,
+sendmail then checks for an alias for
+.Em owner-name .
+If it is found and the result of the lookup expands to a single
+address, the envelope sender address of the message is rewritten to
+that address.
+If it is found and the result expands to more than one address, the
+envelope sender address is changed to
+.Em owner-name .
+.Pp
After aliasing has been done, local and valid recipients who have a
.Dq Pa .forward
file in their home directory have messages forwarded to the
diff --git a/gnu/usr.sbin/sendmail/sendmail/conf.c b/gnu/usr.sbin/sendmail/sendmail/conf.c
index ecb22b0f191..09305d63896 100644
--- a/gnu/usr.sbin/sendmail/sendmail/conf.c
+++ b/gnu/usr.sbin/sendmail/sendmail/conf.c
@@ -13,7 +13,7 @@
#include <sendmail.h>
-SM_RCSID("@(#)$Sendmail: conf.c,v 8.1044 2004/06/11 21:38:16 ca Exp $")
+SM_RCSID("@(#)$Sendmail: conf.c,v 8.1047 2004/07/14 21:54:23 ca Exp $")
#include <sendmail/pathnames.h>
#if NEWDB
@@ -6016,6 +6016,10 @@ char *FFRCompileOptions[] =
/* Extended daemon status. */
"_FFR_CONTROL_MSTAT",
#endif /* _FFR_CONTROL_MSTAT */
+#if _FFR_CRLPATH
+ /* CRLPath; needs documentation; Al Smith */
+ "_FFR_CRLPATH",
+#endif /* _FFR_CRLPATH */
#if _FFR_DAEMON_NETUNIX
/* Allow local (not just TCP) socket connection to server. */
"_FFR_DAEMON_NETUNIX",
@@ -6104,6 +6108,10 @@ char *FFRCompileOptions[] =
/* Set 'h' in {addr_type} for headers. */
"_FFR_HDR_TYPE",
#endif /* _FFR_HDR_TYPE */
+#if _FFR_HELONAME
+ /* option to set heloname; Nik Clayton of FreeBSD */
+ "_FFR_HELONAME",
+#endif /* _FFR_HELONAME */
#if _FFR_HPUX_NSSWITCH
/* Use nsswitch on HP-UX */
"_FFR_HPUX_NSSWITCH",
@@ -6116,6 +6124,16 @@ char *FFRCompileOptions[] =
/* Ignore extensions offered in response to HELO */
"_FFR_IGNORE_EXT_ON_HELO",
#endif /* _FFR_IGNORE_EXT_ON_HELO */
+#if _FFR_MAXDATASIZE
+ /*
+ ** It is possible that a header is larger than MILTER_CHUNK_SIZE,
+ ** hence this shouldn't be used as limit for milter communication.
+ ** see also libmilter/comm.c
+ ** Gurusamy Sarathy of ActiveState
+ */
+
+ "_FFR_MAXDATASIZE"
+#endif /* _FFR_MAXDATASIZE */
#if _FFR_MAX_FORWARD_ENTRIES
/* Try to limit number of .forward entries */
/* (doesn't work) */
diff --git a/gnu/usr.sbin/sendmail/sendmail/conf.h b/gnu/usr.sbin/sendmail/sendmail/conf.h
index 2c0612b72fa..411caf793fa 100644
--- a/gnu/usr.sbin/sendmail/sendmail/conf.h
+++ b/gnu/usr.sbin/sendmail/sendmail/conf.h
@@ -10,7 +10,7 @@
* the sendmail distribution.
*
*
- * $Sendmail: conf.h,v 8.566 2002/10/31 03:26:25 ca Exp $
+ * $Sendmail: conf.h,v 8.567 2004/07/23 20:45:01 gshapiro Exp $
*/
/*
@@ -145,6 +145,16 @@ struct rusage; /* forward declaration to get gcc to shut up in wait.h */
# define DBMMODE 0640
#endif /* ! DBMMODE */
+/*
+** Value which means a uid or gid value should not change
+*/
+
+#ifndef NO_UID
+# define NO_UID -1
+#endif /* ! NO_UID */
+#ifndef NO_GID
+# define NO_GID -1
+#endif /* ! NO_GID */
/**********************************************************************
** Compilation options.
diff --git a/gnu/usr.sbin/sendmail/sendmail/daemon.c b/gnu/usr.sbin/sendmail/sendmail/daemon.c
index b304091029b..782ce114d54 100644
--- a/gnu/usr.sbin/sendmail/sendmail/daemon.c
+++ b/gnu/usr.sbin/sendmail/sendmail/daemon.c
@@ -13,7 +13,7 @@
#include <sendmail.h>
-SM_RCSID("@(#)$Sendmail: daemon.c,v 8.647 2004/06/17 16:29:47 ca Exp $")
+SM_RCSID("@(#)$Sendmail: daemon.c,v 8.649 2004/07/14 21:57:52 ca Exp $")
#if defined(SOCK_STREAM) || defined(__GNU_LIBRARY__)
# define USE_SOCK_STREAM 1
@@ -2762,6 +2762,13 @@ nextaddr:
macdefine(&BlankEnvelope.e_macro, A_PERM,
macid("{if_family_out}"), NULL);
}
+
+#if _FFR_HELONAME
+ /* Use the configured HeloName as appropriate */
+ if (HeloName != NULL && HeloName[0] != '\0')
+ mci->mci_heloname = newstr(HeloName);
+#endif /* _FFR_HELONAME */
+
mci_setstat(mci, EX_OK, NULL, NULL);
return EX_OK;
}
diff --git a/gnu/usr.sbin/sendmail/sendmail/deliver.c b/gnu/usr.sbin/sendmail/sendmail/deliver.c
index 907c25fe1ea..c9d7b4a4d52 100644
--- a/gnu/usr.sbin/sendmail/sendmail/deliver.c
+++ b/gnu/usr.sbin/sendmail/sendmail/deliver.c
@@ -14,7 +14,7 @@
#include <sendmail.h>
#include <sys/time.h>
-SM_RCSID("@(#)$Sendmail: deliver.c,v 8.973 2004/06/03 18:21:44 ca Exp $")
+SM_RCSID("@(#)$Sendmail: deliver.c,v 8.976 2004/07/23 20:45:01 gshapiro Exp $")
#if HASSETUSERCONTEXT
# include <login_cap.h>
@@ -1177,6 +1177,50 @@ coloncmp(a, b)
return ret;
}
+
+/*
+** SHOULD_TRY_FBSH -- Should try FallbackSmartHost?
+**
+** Parameters:
+** e -- envelope
+** tried_fallbacksmarthost -- has been tried already? (in/out)
+** hostbuf -- buffer for hostname (expand FallbackSmartHost) (out)
+** hbsz -- size of hostbuf
+** status -- current delivery status
+**
+** Returns:
+** true iff FallbackSmartHost should be tried.
+*/
+
+static bool
+should_try_fbsh(e, tried_fallbacksmarthost, hostbuf, hbsz, status)
+ ENVELOPE *e;
+ bool *tried_fallbacksmarthost;
+ char *hostbuf;
+ size_t hbsz;
+ int status;
+{
+ /*
+ ** If the host was not found and a FallbackSmartHost is defined
+ ** (and we have not yet tried it), then make one last try with
+ ** it as the host.
+ */
+
+ if (status == EX_NOHOST && FallbackSmartHost != NULL &&
+ !*tried_fallbacksmarthost)
+ {
+ *tried_fallbacksmarthost = true;
+ expand(FallbackSmartHost, hostbuf, hbsz, e);
+ if (!wordinclass(hostbuf, 'w'))
+ {
+ if (tTd(11, 1))
+ sm_dprintf("one last try with FallbackSmartHost %s\n",
+ hostbuf);
+ return true;
+ }
+ }
+ return false;
+}
/*
** DELIVER -- Deliver a message to a list of addresses.
**
@@ -1238,13 +1282,6 @@ coloncmp(a, b)
** The standard input is passed off to someone.
*/
-#ifndef NO_UID
-# define NO_UID -1
-#endif /* ! NO_UID */
-#ifndef NO_GID
-# define NO_GID -1
-#endif /* ! NO_GID */
-
static int
deliver(e, firstto)
register ENVELOPE *e;
@@ -2058,6 +2095,13 @@ tryhost:
{
if (mci->mci_exitstat == EX_TEMPFAIL)
goodmxfound = true;
+
+ /* Try FallbackSmartHost? */
+ if (should_try_fbsh(e, &tried_fallbacksmarthost,
+ hostbuf, sizeof hostbuf,
+ mci->mci_exitstat))
+ goto one_last_try;
+
continue;
}
@@ -2144,28 +2188,11 @@ tryhost:
}
else
{
- /*
- ** If the host was not found and a Fallback-
- ** SmartHost is defined (and we have not yet
- ** tried it), then make one last try with it
- ** as the host.
- */
+ /* Try FallbackSmartHost? */
+ if (should_try_fbsh(e, &tried_fallbacksmarthost,
+ hostbuf, sizeof hostbuf, i))
+ goto one_last_try;
- if (i == EX_NOHOST &&
- FallbackSmartHost != NULL &&
- !tried_fallbacksmarthost)
- {
- tried_fallbacksmarthost = true;
- expand(FallbackSmartHost, hostbuf,
- sizeof hostbuf, e);
- if (!wordinclass(hostbuf, 'w'))
- {
- if (tTd(11, 1))
- sm_dprintf("one last try with FallbackSmartHost %s",
- hostbuf);
- goto one_last_try;
- }
- }
if (tTd(11, 1))
sm_dprintf("openmailer: makeconnection => stat=%d, errno=%d\n",
i, errno);
@@ -2406,7 +2433,12 @@ tryhost:
/* reset group id */
if (bitnset(M_SPECIFIC_UID, m->m_flags))
- new_gid = m->m_gid;
+ {
+ if (m->m_gid == NO_GID)
+ new_gid = RunAsGid;
+ else
+ new_gid = m->m_gid;
+ }
else if (bitset(S_ISGID, stb.st_mode))
new_gid = stb.st_gid;
else if (ctladdr != NULL && ctladdr->q_gid != 0)
@@ -2465,7 +2497,7 @@ tryhost:
exit(EX_TEMPFAIL);
}
}
- if (m->m_gid == 0)
+ if (m->m_gid == NO_GID)
new_gid = DefGid;
else
new_gid = m->m_gid;
@@ -2517,7 +2549,10 @@ tryhost:
sm_mbdb_terminate();
if (bitnset(M_SPECIFIC_UID, m->m_flags))
{
- new_euid = m->m_uid;
+ if (m->m_uid == NO_UID)
+ new_euid = RunAsUid;
+ else
+ new_euid = m->m_uid;
/*
** Undo the effects of the uid change in main
@@ -2547,7 +2582,7 @@ tryhost:
new_ruid = stb.st_uid;
else if (ctladdr != NULL && ctladdr->q_uid != 0)
new_ruid = ctladdr->q_uid;
- else if (m->m_uid != 0)
+ else if (m->m_uid != NO_UID)
new_ruid = m->m_uid;
else
new_ruid = DefUid;
@@ -5225,7 +5260,10 @@ mailfile(filename, mailer, ctladdr, sfflags, e)
if (bitnset(M_SPECIFIC_UID, mailer->m_flags))
{
RealUserName = NULL;
- RealUid = mailer->m_uid;
+ if (mailer->m_uid == NO_UID)
+ RealUid = RunAsUid;
+ else
+ RealUid = mailer->m_uid;
if (RunAsUid != 0 && RealUid != RunAsUid)
{
/* Only root can change the uid */
@@ -5247,7 +5285,7 @@ mailfile(filename, mailer, ctladdr, sfflags, e)
RealUserName = ctladdr->q_user;
RealUid = ctladdr->q_uid;
}
- else if (mailer != NULL && mailer->m_uid != 0)
+ else if (mailer != NULL && mailer->m_uid != NO_UID)
{
RealUserName = DefUser;
RealUid = mailer->m_uid;
@@ -5261,7 +5299,10 @@ mailfile(filename, mailer, ctladdr, sfflags, e)
/* select a new group to run as */
if (bitnset(M_SPECIFIC_UID, mailer->m_flags))
{
- RealGid = mailer->m_gid;
+ if (mailer->m_gid == NO_GID)
+ RealGid = RunAsGid;
+ else
+ RealGid = mailer->m_gid;
if (RunAsUid != 0 &&
(RealGid != getgid() ||
RealGid != getegid()))
@@ -5290,7 +5331,7 @@ mailfile(filename, mailer, ctladdr, sfflags, e)
}
else if (ctladdr != NULL && ctladdr->q_uid != 0)
RealGid = ctladdr->q_gid;
- else if (mailer != NULL && mailer->m_gid != 0)
+ else if (mailer != NULL && mailer->m_gid != NO_GID)
RealGid = mailer->m_gid;
else
RealGid = DefGid;
diff --git a/gnu/usr.sbin/sendmail/sendmail/headers.c b/gnu/usr.sbin/sendmail/sendmail/headers.c
index 154f309b326..96b3b2ce269 100644
--- a/gnu/usr.sbin/sendmail/sendmail/headers.c
+++ b/gnu/usr.sbin/sendmail/sendmail/headers.c
@@ -13,8 +13,9 @@
#include <sendmail.h>
-SM_RCSID("@(#)$Sendmail: headers.c,v 8.284 2004/04/29 00:05:59 msk Exp $")
+SM_RCSID("@(#)$Sendmail: headers.c,v 8.286 2004/07/08 17:57:32 ca Exp $")
+static HDR *allocheader __P((char *, char *, int, SM_RPOOL_T *));
static size_t fix_mime_header __P((HDR *, ENVELOPE *));
static int priencode __P((char *));
static void put_vanilla_header __P((HDR *, char *, MCI *));
@@ -358,17 +359,10 @@ hse:
(void) sm_snprintf(qval, sizeof qval, "%d", k);
macdefine(&e->e_macro, A_TEMP, macid("{hdrlen}"), qval);
#if _FFR_HDR_TYPE
- /*
- ** XXX: h isn't set yet
- ** If we really want to be precise then we have
- ** to lookup the header (see below).
- ** It's probably not worth the effort.
- */
-
- if (bitset(H_FROM, h->h_flags))
+ if (bitset(H_FROM, hi->hi_flags))
macdefine(&e->e_macro, A_PERM,
macid("{addr_type}"), "h s");
- else if (bitset(H_RCPT, h->h_flags))
+ else if (bitset(H_RCPT, hi->hi_flags))
macdefine(&e->e_macro, A_PERM,
macid("{addr_type}"), "h r");
else
@@ -572,7 +566,7 @@ insheader(idx, field, value, flags, e)
int flags;
ENVELOPE *e;
{
- HDR *h, *srch, *last;
+ HDR *h, *srch, *last = NULL;
/* allocate space for new header */
h = allocheader(field, value, flags, e->e_rpool);
@@ -589,6 +583,7 @@ insheader(idx, field, value, flags, e)
}
else if (srch == NULL)
{
+ SM_ASSERT(last != NULL);
last->h_link = h;
h->h_link = NULL;
}
diff --git a/gnu/usr.sbin/sendmail/sendmail/map.c b/gnu/usr.sbin/sendmail/sendmail/map.c
index db7a2f0aea5..3a9b67a9d6f 100644
--- a/gnu/usr.sbin/sendmail/sendmail/map.c
+++ b/gnu/usr.sbin/sendmail/sendmail/map.c
@@ -13,7 +13,7 @@
#include <sendmail.h>
-SM_RCSID("@(#)$Sendmail: map.c,v 8.662 2004/06/08 17:26:21 ca Exp $")
+SM_RCSID("@(#)$Sendmail: map.c,v 8.664 2004/06/28 17:46:13 ca Exp $")
#if LDAPMAP
# include <sm/ldap.h>
@@ -3701,6 +3701,7 @@ ldapmap_parseargs(map, args)
char *args;
{
bool secretread = true;
+ bool attrssetup = false;
int i;
register char *p = args;
SM_LDAP_STRUCT *lmap;
@@ -3784,6 +3785,7 @@ ldapmap_parseargs(map, args)
lmap->ldap_attr[4] = NULL;
lmap->ldap_attr_type[4] = SM_LDAP_ATTR_NONE;
lmap->ldap_attr_needobjclass[4] = NULL;
+ attrssetup = true;
}
}
else if (bitset(MF_FILECLASS, map->map_mflags))
@@ -4298,7 +4300,7 @@ ldapmap_parseargs(map, args)
}
}
- if (lmap->ldap_attr[0] != NULL)
+ if (!attrssetup && lmap->ldap_attr[0] != NULL)
{
bool recurse = false;
bool normalseen = false;
@@ -4429,6 +4431,7 @@ ldapmap_parseargs(map, args)
}
}
lmap->ldap_attr[i] = NULL;
+ attrssetup = true;
if (recurse && !normalseen)
{
syserr("LDAP recursion requested in %s but no returnable attribute given",
@@ -7544,7 +7547,7 @@ socket_map_lookup(map, name, av, statp)
char **av;
int *statp;
{
- size_t nettolen, replylen, recvlen;
+ unsigned int nettolen, replylen, recvlen;
char *replybuf, *rval, *value, *status;
SM_FILE_T *f;
@@ -7556,6 +7559,8 @@ socket_map_lookup(map, name, av, statp)
map->map_mname, name, map->map_file);
nettolen = strlen(map->map_mname) + 1 + strlen(name);
+ SM_ASSERT(nettolen > strlen(map->map_mname));
+ SM_ASSERT(nettolen > strlen(name));
if ((sm_io_fprintf(f, SM_TIME_DEFAULT, "%u:%s %s,",
nettolen, map->map_mname, name) == SM_IO_EOF) ||
(sm_io_flush(f, SM_TIME_DEFAULT) != 0) ||
diff --git a/gnu/usr.sbin/sendmail/sendmail/milter.c b/gnu/usr.sbin/sendmail/sendmail/milter.c
index b49868f7dc2..cf8eea5ff96 100644
--- a/gnu/usr.sbin/sendmail/sendmail/milter.c
+++ b/gnu/usr.sbin/sendmail/sendmail/milter.c
@@ -10,7 +10,7 @@
#include <sendmail.h>
-SM_RCSID("@(#)$Sendmail: milter.c,v 8.223 2004/06/11 05:04:04 ca Exp $")
+SM_RCSID("@(#)$Sendmail: milter.c,v 8.225 2004/07/08 21:52:20 ca Exp $")
#if MILTER
# include <libmilter/mfapi.h>
@@ -40,6 +40,7 @@ static char *MilterEnvFromMacros[MAXFILTERMACROS + 1];
static char *MilterEnvRcptMacros[MAXFILTERMACROS + 1];
static char *MilterDataMacros[MAXFILTERMACROS + 1];
static char *MilterEOMMacros[MAXFILTERMACROS + 1];
+static size_t MilterMaxDataSize = MILTER_MAX_DATA_SIZE;
# define MILTER_CHECK_DONE_MSG() \
if (*state == SMFIR_REPLYCODE || \
@@ -472,7 +473,7 @@ milter_write(m, cmd, buf, len, to, e)
** The first is the size/command and the second is the command data.
*/
- if (len < 0 || len > MILTER_CHUNK_SIZE)
+ if (len < 0 || len > MilterMaxDataSize)
{
if (tTd(64, 5))
sm_dprintf("milter_write(%s): length %ld out of range\n",
@@ -1427,6 +1428,10 @@ static struct milteropt
{ "macros.eom", MO_MACROS_EOM },
# define MO_LOGLEVEL 0x07
{ "loglevel", MO_LOGLEVEL },
+# if _FFR_MAXDATASIZE
+# define MO_MAXDATASIZE 0x08
+ { "maxdatasize", MO_MAXDATASIZE },
+# endif /* _FFR_MAXDATASIZE */
{ NULL, 0 },
};
@@ -1482,6 +1487,12 @@ milter_set_option(name, val, sticky)
MilterLogLevel = atoi(val);
break;
+#if _FFR_MAXDATASIZE
+ case MO_MAXDATASIZE:
+ MilterMaxDataSize = (size_t)atol(val);
+ break;
+#endif /* _FFR_MAXDATASIZE */
+
case MO_MACROS_CONNECT:
if (macros == NULL)
macros = MilterConnectMacros;
@@ -1575,9 +1586,8 @@ milter_reopen_df(e)
** read only again).
**
** In SuperSafe != SAFE_REALLY mode, e->e_dfp still points at the
- ** buffered file I/O descriptor, still open for writing
- ** so there isn't as much work to do, just truncate it
- ** and go.
+ ** buffered file I/O descriptor, still open for writing so there
+ ** isn't any work to do here (except checking for consistency).
*/
if (SuperSafe == SAFE_REALLY)
@@ -1631,7 +1641,7 @@ milter_reset_df(e)
MILTER_DF_ERROR("milter_reset_df: error writing/flushing %s: %s");
return -1;
}
- else if (SuperSafe != SAFE_REALLY && SuperSafe != SAFE_REALLY_POSTMILTER)
+ else if (SuperSafe != SAFE_REALLY)
{
/* skip next few clauses */
/* EMPTY */
diff --git a/gnu/usr.sbin/sendmail/sendmail/ratectrl.c b/gnu/usr.sbin/sendmail/sendmail/ratectrl.c
index 92fd5f4f519..fb01bb7c104 100644
--- a/gnu/usr.sbin/sendmail/sendmail/ratectrl.c
+++ b/gnu/usr.sbin/sendmail/sendmail/ratectrl.c
@@ -45,7 +45,7 @@
*/
#include <sendmail.h>
-SM_RCSID("@(#)$Sendmail: ratectrl.c,v 8.8 2004/03/09 17:56:28 ca Exp $")
+SM_RCSID("@(#)$Sendmail: ratectrl.c,v 8.9 2004/07/07 21:23:57 ca Exp $")
/*
** stuff included - given some warnings (inet_ntoa)
@@ -144,6 +144,7 @@ connection_rate_check(hostaddr, e)
static int CollTime = 60;
+/* this should be a power of 2, otherwise CPMHMASK doesn't work well */
#ifndef CPMHSIZE
# define CPMHSIZE 1024
#endif /* CPMHSIZE */
diff --git a/gnu/usr.sbin/sendmail/sendmail/readcf.c b/gnu/usr.sbin/sendmail/sendmail/readcf.c
index 7f6da0a1861..bfe7e43940f 100644
--- a/gnu/usr.sbin/sendmail/sendmail/readcf.c
+++ b/gnu/usr.sbin/sendmail/sendmail/readcf.c
@@ -13,7 +13,7 @@
#include <sendmail.h>
-SM_RCSID("@(#)$Sendmail: readcf.c,v 8.638 2004/06/02 22:48:51 ca Exp $")
+SM_RCSID("@(#)$Sendmail: readcf.c,v 8.641 2004/07/23 20:45:02 gshapiro Exp $")
#if NETINET || NETINET6
# include <arpa/inet.h>
@@ -1187,6 +1187,8 @@ makemailer(line)
}
m->m_name = newstr(line);
m->m_qgrp = NOQGRP;
+ m->m_uid = NO_UID;
+ m->m_gid = NO_GID;
/* now scan through and assign info from the fields */
while (*p != '\0')
@@ -2180,6 +2182,14 @@ static struct optioninfo
{ "FallbackSmartHost", O_FALLBACKSMARTHOST, OI_NONE },
#define O_SASLREALM 0xd6
{ "AuthRealm", O_SASLREALM, OI_NONE },
+#if _FFR_CRLPATH
+# define O_CRLPATH 0xd7
+ { "CRLPath", O_CRLPATH, OI_NONE },
+#endif /* _FFR_CRLPATH */
+#if _FFR_HELONAME
+# define O_HELONAME 0xd8
+ { "HeloName", O_HELONAME, OI_NONE },
+#endif /* _FFR_HELONAME */
{ NULL, '\0', OI_NONE }
};
@@ -3502,6 +3512,18 @@ setoption(opt, val, safe, sticky, e)
break;
# endif /* OPENSSL_VERSION_NUMBER > 0x00907000L */
+# if _FFR_CRLPATH
+ case O_CRLPATH:
+# if OPENSSL_VERSION_NUMBER > 0x00907000L
+ SET_STRING_EXP(CRLPath);
+# else /* OPENSSL_VERSION_NUMBER > 0x00907000L */
+ (void) sm_io_fprintf(smioout, SM_TIME_DEFAULT,
+ "Warning: Option: %s requires at least OpenSSL 0.9.7\n",
+ OPTNAME);
+ break;
+# endif /* OPENSSL_VERSION_NUMBER > 0x00907000L */
+# endif /* _FFR_CRLPATH */
+
/*
** XXX How about options per daemon/client instead of globally?
** This doesn't work well for some options, e.g., no server cert,
@@ -3570,6 +3592,9 @@ setoption(opt, val, safe, sticky, e)
case O_CIPHERLIST:
# endif /* _FFR_TLS_1 */
case O_CRLFILE:
+# if _FFR_CRLPATH
+ case O_CRLPATH:
+# endif /* _FFR_CRLPATH */
case O_RANDFILE:
(void) sm_io_fprintf(smioout, SM_TIME_DEFAULT,
"Warning: Option: %s requires TLS support\n",
@@ -3679,6 +3704,12 @@ setoption(opt, val, safe, sticky, e)
FallbackSmartHost = newstr(val);
break;
+#if _FFR_HELONAME
+ case O_HELONAME:
+ HeloName = newstr(val);
+ break;
+#endif /* _FFR_HELONAME */
+
default:
if (tTd(37, 1))
{
diff --git a/gnu/usr.sbin/sendmail/sendmail/recipient.c b/gnu/usr.sbin/sendmail/sendmail/recipient.c
index b5c24754da7..db6a4b02f81 100644
--- a/gnu/usr.sbin/sendmail/sendmail/recipient.c
+++ b/gnu/usr.sbin/sendmail/sendmail/recipient.c
@@ -13,7 +13,7 @@
#include <sendmail.h>
-SM_RCSID("@(#)$Sendmail: recipient.c,v 8.335 2003/10/06 20:37:56 ca Exp $")
+SM_RCSID("@(#)$Sendmail: recipient.c,v 8.336 2004/07/23 20:45:02 gshapiro Exp $")
static void includetimeout __P((void));
static ADDRESS *self_reference __P((ADDRESS *));
@@ -1309,9 +1309,20 @@ writable(filename, ctladdr, flags)
}
else if (FileMailer != NULL && !bitset(SFF_ROOTOK, flags))
{
- euid = FileMailer->m_uid;
- egid = FileMailer->m_gid;
- user = NULL;
+ if (FileMailer->m_uid == NO_UID)
+ {
+ euid = DefUid;
+ user = DefUser;
+ }
+ else
+ {
+ euid = FileMailer->m_uid;
+ user = NULL;
+ }
+ if (FileMailer->m_gid == NO_GID)
+ egid = DefGid;
+ else
+ egid = FileMailer->m_gid;
}
else
{
diff --git a/gnu/usr.sbin/sendmail/sendmail/sendmail.h b/gnu/usr.sbin/sendmail/sendmail/sendmail.h
index 273c5b57f9f..901fb55e46f 100644
--- a/gnu/usr.sbin/sendmail/sendmail/sendmail.h
+++ b/gnu/usr.sbin/sendmail/sendmail/sendmail.h
@@ -52,7 +52,7 @@
#ifdef _DEFINE
# ifndef lint
-SM_UNUSED(static char SmailId[]) = "@(#)$Sendmail: sendmail.h,v 8.982 2004/06/03 18:21:45 ca Exp $";
+SM_UNUSED(static char SmailId[]) = "@(#)$Sendmail: sendmail.h,v 8.984 2004/07/14 21:54:22 ca Exp $";
# endif /* ! lint */
#endif /* _DEFINE */
@@ -1852,6 +1852,9 @@ EXTERN char *RandFile; /* source of random data */
EXTERN char *SrvCertFile; /* file with server certificate */
EXTERN char *SrvKeyFile; /* file with server private key */
EXTERN char *CRLFile; /* file CRLs */
+#if _FFR_CRLPATH
+EXTERN char *CRLPath; /* path to CRLs (dir. with hashes) */
+#endif /* _FFR_CRLPATH */
EXTERN unsigned long TLS_Srv_Opts; /* TLS server options */
#endif /* STARTTLS */
@@ -2265,6 +2268,9 @@ EXTERN char *FallbackMX; /* fall back MX host */
EXTERN char *FallbackSmartHost; /* fall back smart host */
EXTERN char *FileName; /* name to print on error messages */
EXTERN char *ForwardPath; /* path to search for .forward files */
+#if _FFR_HELONAME
+EXTERN char *HeloName; /* hostname to announce in HELO */
+#endif /* _FFR_HELONAME */
EXTERN char *HelpFile; /* location of SMTP help file */
EXTERN char *HostStatDir; /* location of host status information */
EXTERN char *HostsFile; /* path to /etc/hosts file */
diff --git a/gnu/usr.sbin/sendmail/sendmail/srvrsmtp.c b/gnu/usr.sbin/sendmail/sendmail/srvrsmtp.c
index 226a83432d1..05db9bf42a1 100644
--- a/gnu/usr.sbin/sendmail/sendmail/srvrsmtp.c
+++ b/gnu/usr.sbin/sendmail/sendmail/srvrsmtp.c
@@ -17,7 +17,7 @@
# include <libmilter/mfdef.h>
#endif /* MILTER */
-SM_RCSID("@(#)$Sendmail: srvrsmtp.c,v 8.898 2004/06/17 17:30:09 ca Exp $")
+SM_RCSID("@(#)$Sendmail: srvrsmtp.c,v 8.900 2004/07/08 23:29:33 ca Exp $")
#include <sys/time.h>
#include <sm/fdset.h>
@@ -111,7 +111,7 @@ extern ENVELOPE BlankEnvelope;
{ \
char buf[16]; \
(void) sm_snprintf(buf, sizeof buf, "%d", \
- n_badrcpts > BadRcptThrottle \
+ BadRcptThrottle > 0 && n_badrcpts > BadRcptThrottle \
? n_badrcpts - 1 : n_badrcpts); \
macdefine(&e->e_macro, A_TEMP, macid("{nbadrcpts}"), buf); \
} while (0)
@@ -354,6 +354,7 @@ static bool smtp_data __P((SMTP_T *, ENVELOPE *));
/* clear all SMTP state (for HELO/EHLO/RSET) */
#define CLEAR_STATE(cmd) \
+do \
{ \
/* abort milter filters */ \
MILTER_ABORT(e); \
@@ -384,7 +385,22 @@ static bool smtp_data __P((SMTP_T *, ENVELOPE *));
/* put back discard bit */ \
if (smtp.sm_discard) \
e->e_flags |= EF_DISCARD; \
-}
+ \
+ /* restore connection quarantining */ \
+ if (smtp.sm_quarmsg == NULL) \
+ { \
+ e->e_quarmsg = NULL; \
+ macdefine(&e->e_macro, A_PERM, \
+ macid("{quarantine}"), ""); \
+ } \
+ else \
+ { \
+ e->e_quarmsg = sm_rpool_strdup_x(e->e_rpool, \
+ smtp.sm_quarmsg); \
+ macdefine(&e->e_macro, A_PERM, macid("{quarantine}"), \
+ e->e_quarmsg); \
+ } \
+} while (0)
/* sleep to flatten out connection load */
#define MIN_DELAY_LOG 15 /* wait before logging this again */
@@ -1978,22 +1994,6 @@ tlsfail:
if (gothello)
{
CLEAR_STATE(cmdbuf);
-
- /* restore connection quarantining */
- if (smtp.sm_quarmsg == NULL)
- {
- e->e_quarmsg = NULL;
- macdefine(&e->e_macro, A_PERM,
- macid("{quarantine}"), "");
- }
- else
- {
- e->e_quarmsg = sm_rpool_strdup_x(e->e_rpool,
- smtp.sm_quarmsg);
- macdefine(&e->e_macro, A_PERM,
- macid("{quarantine}"),
- e->e_quarmsg);
- }
}
#if MILTER
@@ -2669,21 +2669,6 @@ tlsfail:
else
message("250 2.0.0 Reset state");
CLEAR_STATE(cmdbuf);
-
- /* restore connection quarantining */
- if (smtp.sm_quarmsg == NULL)
- {
- e->e_quarmsg = NULL;
- macdefine(&e->e_macro, A_PERM,
- macid("{quarantine}"), "");
- }
- else
- {
- e->e_quarmsg = sm_rpool_strdup_x(e->e_rpool,
- smtp.sm_quarmsg);
- macdefine(&e->e_macro, A_PERM,
- macid("{quarantine}"), e->e_quarmsg);
- }
break;
case CMDVRFY: /* vrfy -- verify address */
diff --git a/gnu/usr.sbin/sendmail/sendmail/tls.c b/gnu/usr.sbin/sendmail/sendmail/tls.c
index 0a3b8e78e10..a5ab2bc133f 100644
--- a/gnu/usr.sbin/sendmail/sendmail/tls.c
+++ b/gnu/usr.sbin/sendmail/sendmail/tls.c
@@ -10,7 +10,7 @@
#include <sendmail.h>
-SM_RCSID("@(#)$Sendmail: tls.c,v 8.92 2004/06/07 23:54:59 ca Exp $")
+SM_RCSID("@(#)$Sendmail: tls.c,v 8.95 2004/07/13 21:37:33 ca Exp $")
#if STARTTLS
# include <openssl/err.h>
@@ -29,6 +29,10 @@ static int tls_verify_cb __P((X509_STORE_CTX *));
static int tls_verify_cb __P((X509_STORE_CTX *, void *));
# endif /* !defined() || OPENSSL_VERSION_NUMBER < 0x00907000L */
+# if OPENSSL_VERSION_NUMBER > 0x00907000L
+static int x509_verify_cb __P((int, X509_STORE_CTX *));
+# endif /* OPENSSL_VERSION_NUMBER > 0x00907000L */
+
# if !defined(OPENSSL_VERSION_NUMBER) || OPENSSL_VERSION_NUMBER < 0x00907000L
# define CONST097
# else /* !defined() || OPENSSL_VERSION_NUMBER < 0x00907000L */
@@ -694,6 +698,8 @@ inittls(ctx, req, srv, certfile, keyfile, cacertpath, cacertfile, dhparam)
X509_CRL_free(crl);
X509_STORE_set_flags(store,
X509_V_FLAG_CRL_CHECK|X509_V_FLAG_CRL_CHECK_ALL);
+ X509_STORE_set_verify_cb_func(store,
+ x509_verify_cb);
}
else
{
@@ -714,6 +720,27 @@ inittls(ctx, req, srv, certfile, keyfile, cacertpath, cacertfile, dhparam)
sm_syslog(LOG_WARNING, NOQID,
"STARTTLS=%s, error: BIO_new=failed", who);
}
+# if _FFR_CRLPATH
+ if (CRLPath != NULL)
+ {
+ X509_LOOKUP *lookup;
+
+ lookup = X509_STORE_add_lookup(store, X509_LOOKUP_hash_dir());
+ if (lookup == NULL)
+ {
+ if (LogLevel > 9)
+ {
+ sm_syslog(LOG_WARNING, NOQID,
+ "STARTTLS=%s, error: X509_STORE_add_lookup(hash)=failed",
+ who, CRLFile);
+ }
+ return false;
+ }
+ X509_LOOKUP_add_dir(lookup, CRLPath, X509_FILETYPE_PEM);
+ X509_STORE_set_flags(store,
+ X509_V_FLAG_CRL_CHECK|X509_V_FLAG_CRL_CHECK_ALL);
+ }
+# endif /* _FFR_CRLPATH */
# endif /* OPENSSL_VERSION_NUMBER > 0x00907000L */
# if TLS_NO_RSA
@@ -1451,9 +1478,10 @@ apps_ssl_info_cb(s, where, ret)
*/
static int
-tls_verify_log(ok, ctx)
+tls_verify_log(ok, ctx, name)
int ok;
X509_STORE_CTX *ctx;
+ char *name;
{
SSL *ssl;
X509 *cert;
@@ -1476,10 +1504,11 @@ tls_verify_log(ok, ctx)
X509_NAME_oneline(X509_get_subject_name(cert), buf, sizeof buf);
sm_syslog(LOG_INFO, NOQID,
- "STARTTLS: cert verify: depth=%d %s, state=%d, reason=%s",
- depth, buf, ok, X509_verify_cert_error_string(reason));
+ "STARTTLS: %s cert verify: depth=%d %s, state=%d, reason=%s",
+ name, depth, buf, ok, X509_verify_cert_error_string(reason));
return 1;
}
+
/*
** TLS_VERIFY_CB -- verify callback for TLS certificates
**
@@ -1507,7 +1536,7 @@ tls_verify_cb(ctx, unused)
if (ok == 0)
{
if (LogLevel > 13)
- return tls_verify_log(ok, ctx);
+ return tls_verify_log(ok, ctx, "TLS");
return 1; /* override it */
}
return ok;
@@ -1544,4 +1573,35 @@ tlslogerr(who)
bitset(ERR_TXT_STRING, flags) ? data : "");
}
}
+
+# if OPENSSL_VERSION_NUMBER > 0x00907000L
+/*
+** X509_VERIFY_CB -- verify callback
+**
+** Parameters:
+** ctx -- x509 context
+**
+** Returns:
+** accept connection?
+** currently: always yes.
+*/
+
+static int
+x509_verify_cb(ok, ctx)
+ int ok;
+ X509_STORE_CTX *ctx;
+{
+ if (ok == 0)
+ {
+ if (LogLevel > 13)
+ tls_verify_log(ok, ctx, "x509");
+ if (ctx->error == X509_V_ERR_UNABLE_TO_GET_CRL)
+ {
+ ctx->error = 0;
+ return 1; /* override it */
+ }
+ }
+ return ok;
+}
+# endif /* OPENSSL_VERSION_NUMBER > 0x00907000L */
#endif /* STARTTLS */
diff --git a/gnu/usr.sbin/sendmail/sendmail/version.c b/gnu/usr.sbin/sendmail/sendmail/version.c
index 3f7a60a7c44..cb09a2b29d4 100644
--- a/gnu/usr.sbin/sendmail/sendmail/version.c
+++ b/gnu/usr.sbin/sendmail/sendmail/version.c
@@ -13,6 +13,6 @@
#include <sm/gen.h>
-SM_RCSID("@(#)$Sendmail: version.c,v 8.125 2004/06/18 21:44:04 ca Exp $")
+SM_RCSID("@(#)$Sendmail: version.c,v 8.130 2004/07/30 18:03:07 ca Exp $")
-char Version[] = "8.13.0";
+char Version[] = "8.13.1";