summaryrefslogtreecommitdiff
path: root/usr.sbin/smtpd/lka.c
AgeCommit message (Collapse)Author
2018-07-25Implement a generic interface to forward resolver queries to the lkaEric Faurot
process. Use it for the reverse lookups required by smtp and mta. Until now, DNS-related lookups were implemented using ad-hoc IMSGs between the lka and other processes. It turns out to be confusing and difficult to maintain/extend. So we want to replace this with a better set of IMSGs matching the standard resolver interface. ok gilles@
2018-06-16rework the table API so that it takes a struct smtpd * context in parameterGilles Chehade
of functions creating, looking up or destroying tables. this is a first step in cleaning up parse.y so it doesn't have side effects outside of parse_config(), bringing nothing but making code cleaner. ok millert@
2018-05-31remove 'where' parameter from all x*() functions in utils.c, it doesn'tGilles Chehade
really help us with anything, propagate the change in codebase ok millert@
2018-05-29no need to parse and dump the relayhost in the lookup process.Eric Faurot
ok gilles@
2018-05-24switch smtpd to new grammarGilles Chehade
ok eric@
2018-01-03Use crypt_checkpass(3) instead of crypt(3).Sunil Nimmagadda
Based on a diff from Edgar Pettijohn. Ok gilles@ eric@
2017-11-27Show correct command execution status by checking against updateSunil Nimmagadda
operation return value. Issue reported by 'Zelest' (Jesper Wallin). Suggestions and ok eric@ gilles@.
2017-11-21no need to check the sending process in imsg handlers when there is noEric Faurot
ambiguity: just use a single switch. ok gilles@ sunil@
2017-05-17Introduce more use of freezero(). Also, remove ptr conditionals beforeTheo de Raadt
many functions which are free(NULL)-compat ok gilles
2017-01-09smtpd joins the 7 other daemons that share the same log.c file.Reyk Floeter
The only major difference was the "log_trace" concept that is only used by smtpd - move it from log.c into util.c and make it a local concept. This also needed to rename the global "verbose" variable to "tracing" in a few places. OK krw@ gilles@ eric@
2016-09-08Streamline the daemon shutdown sequence.Eric Faurot
Only the parent process handles SIGTERM and SIGINT. Upon receiving one of those, it closes all imsg sockets and waitpid() for the children. It fatal()s if one of the sockets is closed unexpectedly. Other processes exit() "normally" when one of the imsg sockets is closed. ok gilles@ sunil@
2016-09-04The smtpd processes are not expected to ever leave their event loop.Eric Faurot
So stop pretending that the *_shutdown() functions could ever be called in this context, and just fatal() if event_dispatch() returns. ok gilles@ sunil@ giovanni@
2016-09-03in lka specifically, use initgroups() so that users may share files betweenGilles Chehade
smtpd and another daemon by adding supplementary groups ok eric@
2016-09-01remove noop functionEric Faurot
ok sunil@
2016-05-28Implement the fork+exec pattern in smtpd.Eric Faurot
The parent process forks child processes and re-exec each of them with an additional "-x <proc>" argument. During the early setup phase, the parent process sends ipc socket pairs to interconnect the child processes as needed, and it passes the queue encryption key to the queue if necessary. When this is done, all processes have their environment set as in the fork-only case, and they can start doing their work as before. ok gilles@ jung@
2016-01-22in lka process, revoke proc/exec pledges after privsep-ed table backendsGilles Chehade
are forked at startup i thought i had committed this already, diff has been okayed several weeks ago... ok jung@, ok millert@, ok sunil@
2016-01-04add proc and exec to pledge in lka, required to run external add-ons outside ofJoerg Jung
the daemon memory space, makes -extras tables work again reported by Tim van der Molen on misc@opensmtpd.org verified together with sunil ok gilles
2015-12-28remove spaces after '!'Joerg Jung
no binary change ok millert
2015-12-14remove trailing whitespaceJoerg Jung
ok sunil gilles
2015-12-12remove CA from pki and no longer allow specifying a CA with 'pki' keyword.Gilles Chehade
introduce 'ca' keyword to allow specifying a custom CA. making CA part of pki was a bad idea and several people hit use-cases that plain couldn't work. instead of: pki foobar.org ca "/etc/mail/CA.pem" use now: ca foobar.org certificate "/etc/mail/CA.pem" ok sunil@, jung@
2015-12-12if no certificate matches name AND fallback hint was given, search for aGilles Chehade
global certificate
2015-12-12remove empty lineGilles Chehade
2015-12-12move the cert verify code to its own function outside the imsg handlingGilles Chehade
code, no functional change but this makes code easier to read, and will ease implementing DANE later on.
2015-12-12smtp / mta have been factored in the same process months ago, factor theGilles Chehade
code that handles the same imsg's too ok sunil@, ok jung@
2015-12-12Implement senders map.Sunil Nimmagadda
senders table allows to restrict the addresses that an authenticated user can use in the SMTP dialogue. Ok gilles@
2015-12-12prepare for asynchronous certificate verify, needed for a mechanicalGilles Chehade
cleanup and later on for DANE support
2015-12-11rename field member + whitespacesGilles Chehade
2015-11-30bring lka_mailaddrmap(), currently unused, required by sendermap/masqueradeGilles Chehade
ok jung@
2015-11-30mechanical rename of some IMSG constantsGilles Chehade
ok sunil@, ok jung@
2015-10-14whitespacesGilles Chehade
2015-10-14pledge() pony and lookupGilles Chehade
ok deraadt@
2015-10-02reset static pointer to NULL after we free it, just in case another bugGilles Chehade
leads us to reuse it.
2015-01-20use <limits.h> comprehensively. For now try to push <> includes toTheo de Raadt
each .c file, and out of the .h files. To avoid overinclude. ok gilles, in principle. If this has been done right, -portable should become easier to maintain.
2015-01-16Replace <sys/param.h> with <limits.h> and other less dirty headers whereTheo de Raadt
possible. Annotate <sys/param.h> lines with their current reasons. Switch to PATH_MAX, NGROUPS_MAX, HOST_NAME_MAX+1, LOGIN_NAME_MAX, etc. Change MIN() and MAX() to local definitions of MINIMUM() and MAXIMUM() where sensible to avoid pulling in the pollution. These are the files confirmed through binary verification. ok guenther, millert, doug (helped with the verification protocol)
2014-09-03if crypt(3) fails return an authentication errorGiovanni Bechis
ok gilles@
2014-07-10make the control process broadcast verbose/profile admin requests directly,Eric Faurot
rather than going through the parent process. simplify code in the meantime.
2014-07-08Update the table API: lookup functions can take an optional parametersEric Faurot
dictionnary (currently not set). While there, add a helper for forking external backends, and remove unused table functions. ok gilles@
2014-05-22when we reduced the number of iovec's we passed through an imsg, the iovecGilles Chehade
declaration was not bumped down causing us to pass extra junk leading to a crash in the pki lookup code. i'm amazed no one else crashed on that :-/ reported by Olivier Antoine who kindly provided access to his box
2014-05-01Move RSA keys from "lka" to a new dedicated "ca" process because lkaReyk Floeter
is handling some async requests and shouldn't be busy with sync RSA. ok gilles@
2014-04-29Implement RSA privilege separation for OpenSMTPD, based on my previousReyk Floeter
implementation for relayd(8). The smtpd(8) pony processes (mta client, smtp server) don't keep the private keys in memory but send their private key operations as imsgs to the "lookup"/mta process. It's worth mentioning that this prevents acidental private key leakage as it could have been caused by "Heartbleed". ok gilles@
2014-04-15reply with correct imsg when using non-system auth.Eric Faurot
reported by Stefan Sieg ok gilles@
2014-04-09need to change imsg type before forwarding.Eric Faurot
reported by jturner@ ok gilles@
2014-04-04Merge the mda, mta and smtp processes into a single unprivilegedEric Faurot
process managing message reception, delivery and transfer. Mostly mechanical, but very intrusive as it required to rewamp all IMSG to fix ambiguities. with and ok gilles@
2014-02-04pki code cleanupEric Faurot
- rename "struct ssl" and "cert" to "struct pki" and "cert" to "pki_name" - inherit pki conf on fork instead of passing it through imsg at startup - implement SNI on smtp listeners
2014-02-04add base64_encode/base64_decode helpersEric Faurot
2014-02-04get rid of fdlimit()Eric Faurot
2013-11-20Rework the mda and scheduler to use the holdq mechanism instead ofEric Faurot
tempfail for limiting the number of pending deliveries to the same user. This allows to reach optimal delivery time even in case of burst, while keeping the number of inflight envelopes low.
2013-11-18Allow overriding the local caEric Faurot
2013-11-13Fix case-folding issue with pki names. They are case-insensitive.Eric Faurot
Make sure a pki entry exists when used in a listen or relay rule.
2013-11-06Much much improved config parser and related changes.Eric Faurot
Simplify code and do not impose an order on conditions and rule options. Format changes that may require smtpd.conf update for some setups: - SSL certificates are no longer automatically loaded, but must be explicitely declared using the "pki" keyword. - "certificate" option becomes "pki" in listener and accept rules. - "ssl://" becomes "secure://" in relay via rules. - "helo" becomes "hostnames" in relay rules New features: - accept rules do not need an explicit action, in which case alias table or .forward must provide one. - new "forward-only" action to force relaying and reject rcpts that expand as local delivery. - "!" (negation) modifier on rule matching conditions. - new "recipient" rule matching condition. - new "verify" option on listeners and relay rules to reject invalid certificates. Other changes: - remember the helo name advertised on incoming mail and use it for sending bounces. - bump envelope version (existing envelopes are updated on-the-fly).