| Age | Commit message (Collapse) | Author |
|---|
|
descriptor keeps CLOEXEC flag then it will be closed unexpectedly by
exec().
ok tedu florian
|
|
misunderstanding.
|
|
group has write access, it's not ok if the world has write access.
ok eric@
|
|
ok gilles@
|
|
happening at filters level
|
|
|
|
|
|
|
|
|
|
Factorize code duplicated in smtp_session.c and mta_session.c
Implement a simple callback interface, with proper request management
and simplified imsg protocol.
Only add the necessary parts for now.
Exisiting code path will be adapted later.
input from gilles@ sunil@
ok gilles@
|
|
ok eric@
|
|
mail.mboxfile, remove pledge from parent process
diff from Edgar Pettijohn III <edgar@pettijohn-web.com>
|
|
|
|
|
|
them.
ok jung@, eric@
|
|
with the other MTA which assume a permfail unless the exit status is one
of a specific set. make smtpd honour the same exit statuses as postfix.
note that all errors that occur before the user mda is executed (fork, pipe
and related) are still considered tempfail, only errors coming from the mda
itself are handled as permfail.
this commit is a temporary solution as i believe the SIGCHLD handler is way
more complex than it should be and we'll simplify it after 6.4 is out.
ok eric@
|
|
process. Use it for the reverse lookups required by smtp and mta.
Until now, DNS-related lookups were implemented using ad-hoc IMSGs
between the lka and other processes. It turns out to be confusing and
difficult to maintain/extend. So we want to replace this with a better
set of IMSGs matching the standard resolver interface.
ok gilles@
|
|
|
|
of parse.y, there's still work to be done but it's now able to run twice if
we want (we don't) without failing due to some global side-effect.
ok millert@
|
|
- forkmda() creates the process that will be used for the delivery and does
the switching of privileges then calls mda_unpriv()
- mda_unpriv() runs with privileges of the recipient, it expands variables,
sets up environment and executes the mda
ok millert@ and eric@
|
|
really help us with anything, propagate the change in codebase
ok millert@
|
|
suggested by eric@
|
|
ok millert@, eric@
|
|
ok eric@
|
|
will be made irrelevant when the new config comes up soon
ok eric@
|
|
ok gilles@
|
|
here rework the switch proc_title(), both clang and gcc will now warn if all
possible values are not enumerated.
ok gilles@
|
|
ambiguity: just use a single switch.
ok gilles@ sunil@
|
|
ok gilles@
|
|
allow read/write of envelopes and messages, unfortunately the purge_task()
function which is in charge of garbage collecting left-overs from aborted
transactions is still executed as _smtpd preventing it from working.
issue reported by Philippe Meunier, fix from Edgar Pettijohn
|
|
The only major difference was the "log_trace" concept that is only
used by smtpd - move it from log.c into util.c and make it a local
concept. This also needed to rename the global "verbose" variable to
"tracing" in a few places.
OK krw@ gilles@ eric@
|
|
|
|
Only the parent process handles SIGTERM and SIGINT. Upon receiving one
of those, it closes all imsg sockets and waitpid() for the children. It
fatal()s if one of the sockets is closed unexpectedly. Other processes
exit() "normally" when one of the imsg sockets is closed.
ok gilles@ sunil@
|
|
the imsg socket.
ok gilles@ sunil@
|
|
So stop pretending that the *_shutdown() functions could ever be called
in this context, and just fatal() if event_dispatch() returns.
ok gilles@ sunil@ giovanni@
|
|
The daemon is stopped with kill(1).
ok gilles@
|
|
ok sunil@
|
|
ok gilles@ jung@ sunil@
|
|
ok gilles@ sunil@ jung@ millert@
|
|
causing it to exit, we could end up with a NULL deref in parent.
free commit offered by eric@, ok gilles@
|
|
-portable
|
|
The parent process forks child processes and re-exec each of them with
an additional "-x <proc>" argument. During the early setup phase, the
parent process sends ipc socket pairs to interconnect the child
processes as needed, and it passes the queue encryption key to the
queue if necessary. When this is done, all processes have their
environment set as in the fork-only case, and they can start doing
their work as before.
ok gilles@ jung@
|
|
default since it is computationally expensive and a potential DoS vector.
ok gilles@
|
|
Just NULL is not good practise as NULL is theoretically allowed to
be an integer rather than a pointer.
Use (char *)NULL consistently instead of scattering a few (char *)0
and (void *)NULL into the mix.
Prompted by and probably ok deraadt@ millert@ kettenis@
Definitely ok mestre@ ratchov@
|
|
ok gilles
|
|
titles (including flags) to distinguish between daemons, this makes it
possible to manage multiple copies of a daemon using the normal infrastructure
by symlinking rc.d scripts to a new name. ok jung@ ajacoutot@, smtpd ok gilles@
|
|
Ok jung@ gilles@ eric@
|
|
to stdin.
Ok millert@ jung@ gilles@
|
|
paths
this effectively reverts table.c r1.21 which was mainly introduced for a smooth
transition in -current
ok gilles
|
|
no binary change
ok millert
|
