diff options
| author | gshapiro <gshapiro@FreeBSD.org> | 2010-01-26 04:41:15 +0000 |
|---|---|---|
| committer | gshapiro <gshapiro@FreeBSD.org> | 2010-01-26 04:41:15 +0000 |
| commit | 06af2946772550af5ad9eea974674de7bde4243b (patch) | |
| tree | 6c6c3749a8b863bd3e7a5962fc9189f1a3e34f9c /contrib/sendmail/src | |
| parent | c1aec8d8e06eaf4b4e5066794fecde82622b6366 (diff) | |
| download | FreeBSD-src-06af2946772550af5ad9eea974674de7bde4243b.zip FreeBSD-src-06af2946772550af5ad9eea974674de7bde4243b.tar.gz | |
Merge sendmail 8.14.4 to HEAD
MFC after: 4 days
Diffstat (limited to 'contrib/sendmail/src')
25 files changed, 670 insertions, 229 deletions
diff --git a/contrib/sendmail/src/Makefile.m4 b/contrib/sendmail/src/Makefile.m4 index fd015b4..0fa3374 100644 --- a/contrib/sendmail/src/Makefile.m4 +++ b/contrib/sendmail/src/Makefile.m4 @@ -1,4 +1,4 @@ -dnl $Id: Makefile.m4,v 8.115 2008/03/27 16:13:33 ca Exp $ +dnl $Id: Makefile.m4,v 8.121 2009/12/15 22:39:23 ca Exp $ include(confBUILDTOOLSDIR`/M4/switch.m4') define(`confREQUIRE_LIBSM', `true') diff --git a/contrib/sendmail/src/README b/contrib/sendmail/src/README index 34313fc..9c4628f 100644 --- a/contrib/sendmail/src/README +++ b/contrib/sendmail/src/README @@ -9,7 +9,7 @@ # the sendmail distribution. # # -# $Id: README,v 8.391 2008/02/12 16:38:21 ca Exp $ +# $Id: README,v 8.392 2009/04/10 17:49:19 gshapiro Exp $ # This directory contains the source files for sendmail(TM). @@ -32,6 +32,7 @@ For detailed instructions, please read the document ../doc/op/op.me: cd ../doc/op ; make op.ps op.txt Sendmail is a trademark of Sendmail, Inc. +US Patent Numbers 6865671, 6986037. +-------------------+ @@ -1847,4 +1848,4 @@ util.c Some general purpose routines used by sendmail. version.c The version number and information about this version of sendmail. -(Version $Revision: 8.391 $, last update $Date: 2008/02/12 16:38:21 $ ) +(Version $Revision: 8.392 $, last update $Date: 2009/04/10 17:49:19 $ ) diff --git a/contrib/sendmail/src/TRACEFLAGS b/contrib/sendmail/src/TRACEFLAGS index a6249fd..6fdfdd9 100644 --- a/contrib/sendmail/src/TRACEFLAGS +++ b/contrib/sendmail/src/TRACEFLAGS @@ -1,4 +1,4 @@ -# $Id: TRACEFLAGS,v 8.47 2006/09/11 22:36:32 ca Exp $ +# $Id: TRACEFLAGS,v 8.48 2008/11/03 21:09:26 gshapiro Exp $ 0, 4 main.c main canonical name, UUCP node name, a.k.a.s 0, 15 main.c main print configuration 0, 44 util.c printav print address of each string @@ -86,6 +86,7 @@ 70 queue.c quarantining 71,>99 milter.c quarantine on errors 73 queue.c shared memory updates +74,>99 map.c LDAP map defer 80 content length 81 sun remote mode 83 collect.c timeout diff --git a/contrib/sendmail/src/collect.c b/contrib/sendmail/src/collect.c index 0a2cdab..f5d7247 100644 --- a/contrib/sendmail/src/collect.c +++ b/contrib/sendmail/src/collect.c @@ -13,7 +13,7 @@ #include <sendmail.h> -SM_RCSID("@(#)$Id: collect.c,v 8.282 2008/01/31 18:48:29 ca Exp $") +SM_RCSID("@(#)$Id: collect.c,v 8.284 2008/08/06 05:26:24 ca Exp $") static void eatfrom __P((char *volatile, ENVELOPE *)); static void collect_doheader __P((ENVELOPE *)); @@ -847,6 +847,9 @@ readerr: } /* Log collection information. */ + if (tTd(92, 2)) + sm_dprintf("collect: e_id=%s, EF_LOGSENDER=%d, LogLevel=%d\n", + e->e_id, bitset(EF_LOGSENDER, e->e_flags), LogLevel); if (bitset(EF_LOGSENDER, e->e_flags) && LogLevel > 4) { logsender(e, e->e_msgid); diff --git a/contrib/sendmail/src/conf.c b/contrib/sendmail/src/conf.c index bf97057..8d8f9ed 100644 --- a/contrib/sendmail/src/conf.c +++ b/contrib/sendmail/src/conf.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1998-2008 Sendmail, Inc. and its suppliers. + * Copyright (c) 1998-2009 Sendmail, Inc. and its suppliers. * All rights reserved. * Copyright (c) 1983, 1995-1997 Eric P. Allman. All rights reserved. * Copyright (c) 1988, 1993 @@ -13,7 +13,7 @@ #include <sendmail.h> -SM_RCSID("@(#)$Id: conf.c,v 8.1141 2008/04/14 02:09:35 ca Exp $") +SM_RCSID("@(#)$Id: conf.c,v 8.1153 2009/12/18 17:25:12 ca Exp $") #include <sm/sendmail.h> #include <sendmail/pathnames.h> @@ -392,6 +392,9 @@ setdefaults(e) #if REQUIRES_DIR_FSYNC RequiresDirfsync = true; #endif /* REQUIRES_DIR_FSYNC */ +#if _FFR_RCPTTHROTDELAY + BadRcptThrottleDelay = 1; +#endif /* _FFR_RCPTTHROTDELAY */ ConnectionRateWindowSize = 60; setupmaps(); setupqueues(); @@ -782,7 +785,7 @@ inithostmaps() else if (strcmp(maptype[i], "ldap") == 0 && stab("aliases.ldap", ST_MAP, ST_FIND) == NULL) { - (void) strlcpy(buf, "aliases.ldap ldap -b . -h localhost -k mail=%0 -v mailgroup", + (void) sm_strlcpy(buf, "aliases.ldap ldap -b . -h localhost -k mail=%0 -v mailgroup", sizeof buf); (void) makemapentry(buf); } @@ -968,7 +971,10 @@ switch_map_find(service, maptype, mapreturn) p = strpbrk(buf, "#\n"); if (p != NULL) *p = '\0'; - p = strpbrk(buf, " \t"); +#ifndef SM_NSSWITCH_DELIMS +# define SM_NSSWITCH_DELIMS " \t" +#endif /* SM_NSSWITCH_DELIMS */ + p = strpbrk(buf, SM_NSSWITCH_DELIMS); if (p != NULL) *p++ = '\0'; if (buf[0] == '\0') @@ -981,7 +987,7 @@ switch_map_find(service, maptype, mapreturn) buf); continue; } - while (isspace(*p)) + while (isascii(*p) && isspace(*p)) p++; if (*p == '\0') continue; @@ -1007,7 +1013,7 @@ switch_map_find(service, maptype, mapreturn) if (p == NULL) break; *p++ = '\0'; - while (isspace(*p)) + while (isascii(*p) && isspace(*p)) p++; } if (svcno < MAXMAPSTACK) @@ -2282,7 +2288,8 @@ refuseconnections(e, dn, active) # define MIN_DELAY_LOG 90 /* wait before logging this again */ # define D_MSG_LA "delaying connections on daemon %s: load average=%d >= %d" /* sleep to flatten out connection load */ - sm_setproctitle(true, e, D_MSG_LA, Daemons[dn].d_name, limit); + sm_setproctitle(true, e, D_MSG_LA, Daemons[dn].d_name, + CurrentLA, limit); if (LogLevel > 8 && (now = curtime()) > log_delay) { sm_syslog(LOG_INFO, NOQID, D_MSG_LA, @@ -3374,6 +3381,10 @@ enoughdiskspace(msize, e) { int i; +#if _FFR_TESTS + if (tTd(4, 101)) + return false; +#endif /* _FFR_TESTS */ if (MinBlocksFree <= 0 && msize <= 0) { if (tTd(4, 80)) @@ -4074,7 +4085,7 @@ strtol(nptr, endptr, base) */ do { c = *s++; - } while (isspace(c)); + } while (isascii(c) && isspace(c)); if (c == '-') { neg = 1; c = *s++; @@ -4110,9 +4121,9 @@ strtol(nptr, endptr, base) cutlim = cutoff % (unsigned long) base; cutoff /= (unsigned long) base; for (acc = 0, any = 0;; c = *s++) { - if (isdigit(c)) + if (isascii(c) && isdigit(c)) c -= '0'; - else if (isalpha(c)) + else if (isascii(c) && isalpha(c)) c -= isupper(c) ? 'A' - 10 : 'a' - 10; else break; @@ -6043,6 +6054,10 @@ char *FFRCompileOptions[] = /* Deal with MTAs that send a reply during the DATA phase. */ "_FFR_CATCH_BROKEN_MTAS", #endif /* _FFR_CATCH_BROKEN_MTAS */ +#if _FFR_CHECKCONFIG + /* New OpMode to check the configuration file */ + "_FFR_CHECKCONFIG", +#endif /* _FFR_CHECKCONFIG */ #if _FFR_CHK_QUEUE /* Stricter checks about queue directory permissions. */ "_FFR_CHK_QUEUE", @@ -6117,6 +6132,10 @@ char *FFRCompileOptions[] = /* EightBitAddrOK: allow 8-bit e-mail addresses */ "_FFR_EIGHT_BIT_ADDR_OK", #endif /* _FFR_EIGHT_BIT_ADDR_OK */ +#if _FFR_EXPDELAY + /* exponential queue delay */ + "_FFR_EXPDELAY", +#endif /* _FFR_EXPDELAY */ #if _FFR_EXTRA_MAP_CHECK /* perform extra checks on $( $) in R lines */ "_FFR_EXTRA_MAP_CHECK", @@ -6175,10 +6194,17 @@ char *FFRCompileOptions[] = /* Ignore extensions offered in response to HELO */ "_FFR_IGNORE_EXT_ON_HELO", #endif /* _FFR_IGNORE_EXT_ON_HELO */ +#if _FFR_LINUX_MHNL + /* Set MAXHOSTNAMELEN to 256 (Linux) */ + "_FFR_LINUX_MHNL", +#endif /* _FFR_LINUX_MHNL */ #if _FFR_LOCAL_DAEMON /* Local daemon mode (-bl) which only accepts loopback connections */ "_FFR_LOCAL_DAEMON", #endif /* _FFR_LOCAL_DAEMON */ +#if _FFR_MAIL_MACRO + "_FFR_MAIL_MACRO", +#endif /* _FFR_MAIL_MACRO */ #if _FFR_MAXDATASIZE /* ** It is possible that a header is larger than MILTER_CHUNK_SIZE, @@ -6199,6 +6225,10 @@ char *FFRCompileOptions[] = /* Limit sleep(2) time in libsm/clock.c */ "_FFR_MAX_SLEEP_TIME", #endif /* _FFR_MAX_SLEEP_TIME */ +#if _FFR_MDS_NEGOTIATE + /* MaxDataSize negotation with libmilter */ + "_FFR_MDS_NEGOTIATE", +#endif /* _FFR_MDS_NEGOTIATE */ #if _FFR_MEMSTAT /* Check free memory */ "_FFR_MEMSTAT", @@ -6232,6 +6262,10 @@ char *FFRCompileOptions[] = "_FFR_MILTER_CHECK_REJECTIONS_TOO", #endif /* _FFR_MILTER_CHECK_REJECTIONS_TOO */ +#if _FFR_MILTER_ENHSC + /* extract enhanced status code from milter replies for dsn= logging */ + "_FFR_MILTER_ENHSC", +#endif /* _FFR_MILTER_ENHSC */ #if _FFR_MIME7TO8_OLD /* Old mime7to8 code, the new is broken for at least one example. */ "_FFR_MIME7TO8_OLD", @@ -6285,6 +6319,10 @@ char *FFRCompileOptions[] = /* Debug output for the queue scheduler. */ "_FFR_QUEUE_SCHED_DBG", #endif /* _FFR_QUEUE_SCHED_DBG */ +#if _FFR_RCPTTHROTDELAY + /* configurable delay for BadRcptThrottle */ + "_FFR_RCPTTHROTDELAY" +#endif /* _FFR_RCPTTHROTDELAY */ #if _FFR_REDIRECTEMPTY /* ** envelope <> can't be sent to mailing lists, only owner- @@ -6361,6 +6399,10 @@ char *FFRCompileOptions[] = /* SuperSafe per DaemonPortOptions: 'T' (better letter?) */ "_FFR_SS_PER_DAEMON", #endif /* _FFR_SS_PER_DAEMON */ +#if _FFR_TESTS + /* enable some test code */ + "_FFR_TESTS", +#endif /* _FFR_TESTS */ #if _FFR_TIMERS /* Donated code (unused). */ "_FFR_TIMERS", diff --git a/contrib/sendmail/src/conf.h b/contrib/sendmail/src/conf.h index f1386c4..dff37ff 100644 --- a/contrib/sendmail/src/conf.h +++ b/contrib/sendmail/src/conf.h @@ -10,7 +10,7 @@ * the sendmail distribution. * * - * $Id: conf.h,v 8.574 2006/11/29 00:36:06 ca Exp $ + * $Id: conf.h,v 8.575 2009/03/25 20:04:00 ca Exp $ */ /* @@ -123,9 +123,18 @@ struct rusage; /* forward declaration to get gcc to shut up in wait.h */ #define DATA_PROGRESS_TIMEOUT 300 /* how often to check DATA progress */ #define ENHSCLEN 10 /* max len of enhanced status code */ #define DEFAULT_MAX_RCPT 100 /* max number of RCPTs per envelope */ -#define MAXQUEUEGROUPS 50 /* max # of queue groups */ +#ifndef MAXQUEUEGROUPS +# define MAXQUEUEGROUPS 50 /* max # of queue groups */ /* must be less than BITMAPBITS for DoQueueRun */ -#define MAXWORKGROUPS 50 /* max # of work groups */ +#endif /* MAXQUEUEGROUPS */ +#if MAXQUEUEGROUPS >= BITMAPBITS + ERROR _MAXQUEUEGROUPS must be less than _BITMAPBITS +#endif /* MAXQUEUEGROUPS >= BITMAPBITS */ + +#ifndef MAXWORKGROUPS +# define MAXWORKGROUPS 50 /* max # of work groups */ +#endif /* MAXWORKGROUPS */ + #define MAXFILESYS BITMAPBITS /* max # of queue file systems * must be <= BITMAPBITS */ #ifndef FILESYS_UPDATE_INTERVAL diff --git a/contrib/sendmail/src/daemon.c b/contrib/sendmail/src/daemon.c index 06a36c7..983ad2f 100644 --- a/contrib/sendmail/src/daemon.c +++ b/contrib/sendmail/src/daemon.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1998-2007 Sendmail, Inc. and its suppliers. + * Copyright (c) 1998-2007, 2009 Sendmail, Inc. and its suppliers. * All rights reserved. * Copyright (c) 1983, 1995-1997 Eric P. Allman. All rights reserved. * Copyright (c) 1988, 1993 @@ -14,7 +14,7 @@ #include <sendmail.h> #include "map.h" -SM_RCSID("@(#)$Id: daemon.c,v 8.680 2008/02/14 00:20:26 ca Exp $") +SM_RCSID("@(#)$Id: daemon.c,v 8.683 2009/12/18 01:12:40 ca Exp $") #if defined(SOCK_STREAM) || defined(__GNU_LIBRARY__) # define USE_SOCK_STREAM 1 @@ -199,7 +199,7 @@ getrequests(e) if (tTd(15, 1)) { for (idx = 0; idx < NDaemons; idx++) - sm_dprintf("getrequests: daemon %s: %d\n", + sm_dprintf("getrequests: daemon %s: socket %d\n", Daemons[idx].d_name, Daemons[idx].d_socket); } @@ -2161,7 +2161,8 @@ makeconnection(host, port, mci, e, enough) case AF_INET: clt_addr.sin.sin_addr.s_addr = inet_addr(p); if (clt_addr.sin.sin_addr.s_addr != INADDR_NONE && - clt_addr.sin.sin_addr.s_addr != INADDR_LOOPBACK) + clt_addr.sin.sin_addr.s_addr != + htonl(INADDR_LOOPBACK)) { clt_bind = true; socksize = sizeof(struct sockaddr_in); @@ -2342,7 +2343,7 @@ makeconnection(host, port, mci, e, enough) } } gothostent: - if (hp == NULL) + if (hp == NULL || hp->h_addr == NULL) { #if NAMED_BIND /* check for name server timeouts */ diff --git a/contrib/sendmail/src/deliver.c b/contrib/sendmail/src/deliver.c index ed60e47..0322c95 100644 --- a/contrib/sendmail/src/deliver.c +++ b/contrib/sendmail/src/deliver.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1998-2007 Sendmail, Inc. and its suppliers. + * Copyright (c) 1998-2008 Sendmail, Inc. and its suppliers. * All rights reserved. * Copyright (c) 1983, 1995-1997 Eric P. Allman. All rights reserved. * Copyright (c) 1988, 1993 @@ -14,7 +14,7 @@ #include <sendmail.h> #include <sm/time.h> -SM_RCSID("@(#)$Id: deliver.c,v 8.1015 2007/10/17 21:35:30 ca Exp $") +SM_RCSID("@(#)$Id: deliver.c,v 8.1020 2009/12/18 17:08:01 ca Exp $") #if HASSETUSERCONTEXT # include <login_cap.h> @@ -575,12 +575,12 @@ sendall(e, mode) #endif /* HASFLOCK */ if (e->e_nrcpts > 0) e->e_flags |= EF_INQUEUE; - dropenvelope(e, splitenv != NULL, true); + (void) dropenvelope(e, splitenv != NULL, true); for (ee = splitenv; ee != NULL; ee = ee->e_sibling) { if (ee->e_nrcpts > 0) ee->e_flags |= EF_INQUEUE; - dropenvelope(ee, false, true); + (void) dropenvelope(ee, false, true); } return; @@ -602,7 +602,7 @@ sendall(e, mode) /* now drop the envelope in the parent */ e->e_flags |= EF_INQUEUE; - dropenvelope(e, splitenv != NULL, false); + (void) dropenvelope(e, splitenv != NULL, false); /* arrange to reacquire lock after fork */ e->e_id = qid; @@ -615,7 +615,7 @@ sendall(e, mode) /* drop envelope in parent */ ee->e_flags |= EF_INQUEUE; - dropenvelope(ee, false, false); + (void) dropenvelope(ee, false, false); /* and save qid for reacquisition */ ee->e_id = qid; @@ -762,14 +762,14 @@ sendall(e, mode) } sendenvelope(e, mode); - dropenvelope(e, true, true); + (void) dropenvelope(e, true, true); for (ee = splitenv; ee != NULL; ee = ee->e_sibling) { CurEnv = ee; if (mode != SM_VERIFY) openxscript(ee); sendenvelope(ee, mode); - dropenvelope(ee, true, true); + (void) dropenvelope(ee, true, true); } CurEnv = e; @@ -1391,7 +1391,7 @@ deliver(e, firstto) else p = e->e_from.q_paddr; rpath = remotename(p, m, RF_SENDERADDR|RF_CANONICAL, &rcode, e); - if (strlen(rpath) > MAXSHORTSTR) + if (strlen(rpath) > MAXNAME) { rpath = shortenstring(rpath, MAXSHORTSTR); @@ -2978,7 +2978,7 @@ reconnect: /* after switching to an encrypted connection */ char *s; /* - ** TLS negotation failed, what to do? + ** TLS negotiation failed, what to do? ** fall back to unencrypted connection ** or abort? How to decide? ** set a macro and call a ruleset. @@ -3021,7 +3021,7 @@ reconnect: /* after switching to an encrypted connection */ /* ** rcode == EX_SOFTWARE is special: - ** the TLS negotation failed + ** the TLS negotiation failed ** we have to drop the connection no matter what ** However, we call tls_server to give it the chance ** to log the problem and return an appropriate @@ -6075,8 +6075,9 @@ initclttls(tls_ok) return false; if (clt_ctx != NULL) return true; /* already done */ - tls_ok_clt = inittls(&clt_ctx, TLS_I_CLT, false, CltCertFile, - CltKeyFile, CACertPath, CACertFile, DHParams); + tls_ok_clt = inittls(&clt_ctx, TLS_I_CLT, Clt_SSL_Options, false, + CltCertFile, CltKeyFile, + CACertPath, CACertFile, DHParams); return tls_ok_clt; } @@ -6108,6 +6109,16 @@ starttls(m, mci, e) if (clt_ctx == NULL && !initclttls(true)) return EX_TEMPFAIL; + +# if USE_OPENSSL_ENGINE + if (!SSL_set_engine(NULL)) + { + sm_syslog(LOG_ERR, NOQID, + "STARTTLS=client, SSL_set_engine=failed"); + return EX_TEMPFAIL; + } +# endif /* USE_OPENSSL_ENGINE */ + smtpmessage("STARTTLS", m, mci); /* get the reply */ diff --git a/contrib/sendmail/src/envelope.c b/contrib/sendmail/src/envelope.c index 641c621a..022c3ca 100644 --- a/contrib/sendmail/src/envelope.c +++ b/contrib/sendmail/src/envelope.c @@ -13,7 +13,7 @@ #include <sendmail.h> -SM_RCSID("@(#)$Id: envelope.c,v 8.305 2008/03/31 16:32:13 ca Exp $") +SM_RCSID("@(#)$Id: envelope.c,v 8.310 2009/12/18 17:08:01 ca Exp $") /* ** CLRSESSENVELOPE -- clear session oriented data in an envelope @@ -163,14 +163,14 @@ newenvelope(e, parent, rpool) ** split -- if true, split by recipient if message is queued up ** ** Returns: -** none. +** EX_* status (currently: 0: success, EX_IOERR on panic) ** ** Side Effects: ** housekeeping necessary to dispose of an envelope. ** Unlocks this queue file. */ -void +int dropenvelope(e, fulldrop, split) register ENVELOPE *e; bool fulldrop; @@ -209,12 +209,15 @@ dropenvelope(e, fulldrop, split) /* we must have an id to remove disk files */ if (id == NULL) - return; + return EX_OK; /* if verify-only mode, we can skip most of this */ if (OpMode == MD_VERIFY) goto simpledrop; + if (tTd(92, 2)) + sm_dprintf("dropenvelope: e_id=%s, EF_LOGSENDER=%d, LogLevel=%d\n", + e->e_id, bitset(EF_LOGSENDER, e->e_flags), LogLevel); if (LogLevel > 4 && bitset(EF_LOGSENDER, e->e_flags)) logsender(e, NULL); e->e_flags &= ~EF_LOGSENDER; @@ -618,7 +621,11 @@ simpledrop: } e->e_id = NULL; e->e_flags &= ~EF_HAS_DF; + if (panic) + return EX_IOERR; + return EX_OK; } + /* ** CLEARENVELOPE -- clear an envelope without unlocking ** @@ -714,6 +721,9 @@ clearenvelope(e, fullclear, rpool) bh = bh->h_link; nhp = &(*nhp)->h_link; } +#if _FFR_MILTER_ENHSC + e->e_enhsc[0] = '\0'; +#endif /* _FFR_MILTER_ENHSC */ } /* ** INITSYS -- initialize instantiation of system diff --git a/contrib/sendmail/src/headers.c b/contrib/sendmail/src/headers.c index 8e70fed..c4bdc87 100644 --- a/contrib/sendmail/src/headers.c +++ b/contrib/sendmail/src/headers.c @@ -14,7 +14,7 @@ #include <sendmail.h> #include <sm/sendmail.h> -SM_RCSID("@(#)$Id: headers.c,v 8.312 2007/06/19 18:52:11 ca Exp $") +SM_RCSID("@(#)$Id: headers.c,v 8.317 2008/08/27 20:11:55 gshapiro Exp $") static HDR *allocheader __P((char *, char *, int, SM_RPOOL_T *, bool)); static size_t fix_mime_header __P((HDR *, ENVELOPE *)); @@ -715,7 +715,16 @@ hvalue(field, header) { if (!bitset(H_DEFAULT, h->h_flags) && sm_strcasecmp(h->h_field, field) == 0) - return h->h_value; + { + char *s; + + s = h->h_value; + if (s == NULL) + return NULL; + while (isascii(*s) && isspace(*s)) + s++; + return s; + } } return NULL; } @@ -1065,6 +1074,10 @@ eatheader(e, full, log) ** Log collection information. */ + if (tTd(92, 2)) + sm_dprintf("eatheader: e_id=%s, EF_LOGSENDER=%d, LogLevel=%d, log=%d\n", + e->e_id, bitset(EF_LOGSENDER, e->e_flags), LogLevel, + log); if (log && bitset(EF_LOGSENDER, e->e_flags) && LogLevel > 4) { logsender(e, e->e_msgid); diff --git a/contrib/sendmail/src/main.c b/contrib/sendmail/src/main.c index d68d5b5..1bbb070 100644 --- a/contrib/sendmail/src/main.c +++ b/contrib/sendmail/src/main.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1998-2006, 2008 Sendmail, Inc. and its suppliers. + * Copyright (c) 1998-2006, 2008, 2009 Sendmail, Inc. and its suppliers. * All rights reserved. * Copyright (c) 1983, 1995-1997 Eric P. Allman. All rights reserved. * Copyright (c) 1988, 1993 @@ -26,7 +26,7 @@ SM_UNUSED(static char copyright[]) = The Regents of the University of California. All rights reserved.\n"; #endif /* ! lint */ -SM_RCSID("@(#)$Id: main.c,v 8.967 2008/03/31 16:32:13 ca Exp $") +SM_RCSID("@(#)$Id: main.c,v 8.971 2009/12/18 17:08:01 ca Exp $") #if NETINET || NETINET6 @@ -129,7 +129,7 @@ int SyslogPrefixLen; /* estimated length of syslog prefix */ { \ if (extraprivs && \ OpMode != MD_DELIVER && OpMode != MD_SMTP && \ - OpMode != MD_ARPAFTP && \ + OpMode != MD_ARPAFTP && OpMode != MD_CHECKCONFIG && \ OpMode != MD_VERIFY && OpMode != MD_TEST) \ { \ (void) sm_io_fprintf(smioout, SM_TIME_DEFAULT, \ @@ -401,6 +401,9 @@ main(argc, argv, envp) case MD_HOSTSTAT: case MD_PURGESTAT: case MD_ARPAFTP: +#if _FFR_CHECKCONFIG + case MD_CHECKCONFIG: +#endif /* _FFR_CHECKCONFIG */ OpMode = j; break; @@ -1192,7 +1195,7 @@ main(argc, argv, envp) } /* if we've had errors so far, exit now */ - if ((ExitStat != EX_OK && OpMode != MD_TEST) || + if ((ExitStat != EX_OK && OpMode != MD_TEST && OpMode != MD_CHECKCONFIG) || ExitStat == EX_OSERR) { finis(false, true, ExitStat); @@ -1566,6 +1569,7 @@ main(argc, argv, envp) break; case MD_TEST: + case MD_CHECKCONFIG: case MD_PRINT: case MD_PRINTNQE: case MD_FREEZE: @@ -1626,6 +1630,9 @@ main(argc, argv, envp) case MD_TEST: /* don't have persistent host status in test mode */ HostStatDir = NULL; + /* FALLTHROUGH */ + + case MD_CHECKCONFIG: if (Verbose == 0) Verbose = 2; BlankEnvelope.e_errormode = EM_PRINT; @@ -1933,8 +1940,8 @@ main(argc, argv, envp) } } - /* if we've had errors so far, exit now */ - if (ExitStat != EX_OK && OpMode != MD_TEST) + /* if checking config or have had errors so far, exit now */ + if (OpMode == MD_CHECKCONFIG || (ExitStat != EX_OK && OpMode != MD_TEST)) { finis(false, true, ExitStat); /* NOTREACHED */ @@ -1958,7 +1965,7 @@ main(argc, argv, envp) case MD_PRINT: /* print the queue */ HoldErrs = false; - dropenvelope(&BlankEnvelope, true, false); + (void) dropenvelope(&BlankEnvelope, true, false); (void) sm_signal(SIGPIPE, sigpipe); if (qgrp != NOQGRP) { @@ -1981,7 +1988,7 @@ main(argc, argv, envp) case MD_PRINTNQE: /* print number of entries in queue */ - dropenvelope(&BlankEnvelope, true, false); + (void) dropenvelope(&BlankEnvelope, true, false); (void) sm_signal(SIGPIPE, sigpipe); printnqe(smioout, NULL); finis(false, true, EX_OK); @@ -2133,8 +2140,8 @@ main(argc, argv, envp) else if (OpMode == MD_DAEMON || OpMode == MD_FGDAEMON || OpMode == MD_SMTP) { - /* check whether STARTTLS is turned off for the server */ - if (chkdaemonmodifiers(D_NOTLS)) + /* check whether STARTTLS is turned off */ + if (chkdaemonmodifiers(D_NOTLS) && chkclientmodifiers(D_NOTLS)) tls_ok = false; } else /* other modes don't need STARTTLS */ @@ -2530,7 +2537,7 @@ main(argc, argv, envp) } } } - dropenvelope(&MainEnvelope, true, false); + (void) dropenvelope(&MainEnvelope, true, false); #if STARTTLS /* init TLS for server, ignore result for now */ @@ -2952,7 +2959,11 @@ finis(drop, cleanup, exitstat) { if (CurEnv->e_id != NULL) { - dropenvelope(CurEnv, true, false); + int r; + + r = dropenvelope(CurEnv, true, false); + if (exitstat == EX_OK) + exitstat = r; sm_rpool_free(CurEnv->e_rpool); CurEnv->e_rpool = NULL; diff --git a/contrib/sendmail/src/map.c b/contrib/sendmail/src/map.c index 4248fd9..be88685 100644 --- a/contrib/sendmail/src/map.c +++ b/contrib/sendmail/src/map.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1998-2007 Sendmail, Inc. and its suppliers. + * Copyright (c) 1998-2008 Sendmail, Inc. and its suppliers. * All rights reserved. * Copyright (c) 1992, 1995-1997 Eric P. Allman. All rights reserved. * Copyright (c) 1992, 1993 @@ -13,7 +13,7 @@ #include <sendmail.h> -SM_RCSID("@(#)$Id: map.c,v 8.699 2007/10/10 00:06:45 ca Exp $") +SM_RCSID("@(#)$Id: map.c,v 8.705 2009/08/11 22:22:40 ca Exp $") #if LDAPMAP # include <sm/ldap.h> @@ -730,7 +730,7 @@ getcanonname(host, hbsize, trymx, pttl) int mapno; bool found = false; bool got_tempfail = false; - auto int status; + auto int status = EX_UNAVAILABLE; char *maptype[MAXMAPSTACK]; short mapreturn[MAXMAPACTIONS]; #if defined(SUN_EXTENSIONS) && defined(SUN_INIT_DOMAIN) @@ -1710,7 +1710,7 @@ lockdbm: { map->map_mflags |= MF_OPEN; map->map_pid = CurrentPid; - if ((omode && O_ACCMODE) == O_RDWR) + if ((omode & O_ACCMODE) == O_RDWR) map->map_mflags |= MF_WRITABLE; goto lockdbm; } @@ -2359,7 +2359,7 @@ db_map_lookup(map, name, av, statp) { map->map_mflags |= MF_OPEN; map->map_pid = CurrentPid; - if ((omode && O_ACCMODE) == O_RDWR) + if ((omode & O_ACCMODE) == O_RDWR) map->map_mflags |= MF_WRITABLE; db = (DB *) map->map_db2; goto lockdb; @@ -3415,6 +3415,18 @@ ldapmap_open(map, mode) else id = "localhost"; + if (tTd(74, 104)) + { + extern MAPCLASS NullMapClass; + + /* debug mode: don't actually open an LDAP connection */ + map->map_orgclass = map->map_class; + map->map_class = &NullMapClass; + map->map_mflags |= MF_OPEN; + map->map_pid = CurrentPid; + return true; + } + /* No connection yet, connect */ if (!sm_ldap_start(map->map_mname, lmap)) { @@ -3514,12 +3526,12 @@ sunet_id_hash(str) p_last = p; while (*p != '\0') { - if (islower(*p) || isdigit(*p)) + if (isascii(*p) && (islower(*p) || isdigit(*p))) { *p_last = *p; p_last++; } - else if (isupper(*p)) + else if (isascii(*p) && isupper(*p)) { *p_last = tolower(*p); p_last++; @@ -3967,6 +3979,10 @@ ldapmap_parseargs(map, args) map->map_coldelim = ' '; } +# if _FFR_LDAP_NETWORK_TIMEOUT + lmap->ldap_networktmo = 120; +# endif /* _FFR_LDAP_NETWORK_TIMEOUT */ + for (;;) { while (isascii(*p) && isspace(*p)) @@ -4066,7 +4082,7 @@ ldapmap_parseargs(map, args) case 'c': /* network (connect) timeout */ while (isascii(*++p) && isspace(*p)) continue; - lmap->ldap_networktmo.tv_sec = atoi(p); + lmap->ldap_networktmo = atoi(p); break; # endif /* _FFR_LDAP_NETWORK_TIMEOUT */ @@ -6687,6 +6703,13 @@ null_map_store(map, key, val) return; } +MAPCLASS NullMapClass = +{ + "null-map", NULL, 0, + NULL, null_map_lookup, null_map_store, + null_map_open, null_map_close, +}; + /* ** BOGUS stubs */ @@ -7325,7 +7348,8 @@ arith_map_lookup(map, name, av, statp) if (LogLevel > 10) sm_syslog(LOG_WARNING, NOQID, "arith_map: unknown operator %c", - isprint(*name) ? *name : '?'); + (isascii(*name) && isprint(*name)) ? + *name : '?'); return NULL; } if (boolres) diff --git a/contrib/sendmail/src/milter.c b/contrib/sendmail/src/milter.c index 816c7bf..773dfa8 100644 --- a/contrib/sendmail/src/milter.c +++ b/contrib/sendmail/src/milter.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1999-2006 Sendmail, Inc. and its suppliers. + * Copyright (c) 1999-2009 Sendmail, Inc. and its suppliers. * All rights reserved. * * By using this file, you agree to the terms and conditions set @@ -10,7 +10,7 @@ #include <sendmail.h> -SM_RCSID("@(#)$Id: milter.c,v 8.269 2007/06/06 17:26:12 ca Exp $") +SM_RCSID("@(#)$Id: milter.c,v 8.277 2009/11/06 00:57:06 ca Exp $") #if MILTER # include <sm/sendmail.h> @@ -514,7 +514,6 @@ milter_write(m, cmd, buf, len, to, e, where) ENVELOPE *e; const char *where; { - time_t writestart = (time_t) 0; ssize_t sl, i; int num_vectors; mi_int32 nl; @@ -532,12 +531,16 @@ milter_write(m, cmd, buf, len, to, e, where) if (len < 0 || len > MilterMaxDataSize) { if (tTd(64, 5)) - sm_dprintf("milter_write(%s): length %ld out of range\n", - m->mf_name, (long) len); + { + sm_dprintf("milter_write(%s): length %ld out of range, cmd=%c\n", + m->mf_name, (long) len, command); + sm_dprintf("milter_write(%s): buf=%s\n", + m->mf_name, str2prt(buf)); + } if (MilterLogLevel > 0) sm_syslog(LOG_ERR, e->e_id, - "milter_write(%s): length %ld out of range", - m->mf_name, (long) len); + "milter_write(%s): length %ld out of range, cmd=%c", + m->mf_name, (long) len, command); milter_error(m, e); return NULL; } @@ -594,10 +597,7 @@ milter_write(m, cmd, buf, len, to, e, where) } if (to > 0) - { - writestart = curtime(); MILTER_TIMEOUT("write", to, true, started, where); - } /* write the vector(s) */ i = writev(m->mf_sock, vector, num_vectors); @@ -1572,10 +1572,10 @@ static struct milteropt # define MO_LOGLEVEL 0x07 { "loglevel", MO_LOGLEVEL }, -# if _FFR_MAXDATASIZE +# if _FFR_MAXDATASIZE || _FFR_MDS_NEGOTIATE # define MO_MAXDATASIZE 0x08 { "maxdatasize", MO_MAXDATASIZE }, -# endif /* _FFR_MAXDATASIZE */ +# endif /* _FFR_MAXDATASIZE || _FFR_MDS_NEGOTIATE */ { NULL, (unsigned char)-1 }, }; @@ -1631,11 +1631,29 @@ milter_set_option(name, val, sticky) MilterLogLevel = atoi(val); break; -#if _FFR_MAXDATASIZE +# if _FFR_MAXDATASIZE || _FFR_MDS_NEGOTIATE case MO_MAXDATASIZE: +# if _FFR_MDS_NEGOTIATE MilterMaxDataSize = (size_t)atol(val); + if (MilterMaxDataSize != MILTER_MDS_64K && + MilterMaxDataSize != MILTER_MDS_256K && + MilterMaxDataSize != MILTER_MDS_1M) + { + sm_syslog(LOG_WARNING, NOQID, + "WARNING: Milter.%s=%d, allowed are only %d, %d, and %d", + name, MilterMaxDataSize, + MILTER_MDS_64K, MILTER_MDS_256K, + MILTER_MDS_1M); + if (MilterMaxDataSize < MILTER_MDS_64K) + MilterMaxDataSize = MILTER_MDS_64K; + else if (MilterMaxDataSize < MILTER_MDS_256K) + MilterMaxDataSize = MILTER_MDS_256K; + else + MilterMaxDataSize = MILTER_MDS_1M; + } +# endif /* _FFR_MDS_NEGOTIATE */ break; -#endif /* _FFR_MAXDATASIZE */ +# endif /* _FFR_MAXDATASIZE || _FFR_MDS_NEGOTIATE */ case MO_MACROS_CONNECT: if (macros == NULL) @@ -2411,6 +2429,12 @@ milter_negotiate(m, e, milters) mta_prot_flags = SMFI_CURR_PROT; mta_actions = SMFI_CURR_ACTS; #endif /* _FFR_MILTER_CHECK */ +#if _FFR_MDS_NEGOTIATE + if (MilterMaxDataSize == MILTER_MDS_256K) + mta_prot_flags |= SMFIP_MDS_256K; + else if (MilterMaxDataSize == MILTER_MDS_1M) + mta_prot_flags |= SMFIP_MDS_1M; +#endif /* _FFR_MDS_NEGOTIATE */ fvers = htonl(mta_prot_vers); pflags = htonl(mta_prot_flags); @@ -2525,6 +2549,39 @@ milter_negotiate(m, e, milters) goto error; } +#if _FFR_MDS_NEGOTIATE + /* use a table instead of sequence? */ + if (bitset(SMFIP_MDS_1M, m->mf_pflags)) + { + if (MilterMaxDataSize != MILTER_MDS_1M) + { + /* this should not happen... */ + sm_syslog(LOG_WARNING, NOQID, + "WARNING: Milter.maxdatasize: configured=%d, set by libmilter=%d", + MilterMaxDataSize, MILTER_MDS_1M); + MilterMaxDataSize = MILTER_MDS_1M; + } + } + else if (bitset(SMFIP_MDS_256K, m->mf_pflags)) + { + if (MilterMaxDataSize != MILTER_MDS_256K) + { + sm_syslog(LOG_WARNING, NOQID, + "WARNING: Milter.maxdatasize: configured=%d, set by libmilter=%d", + MilterMaxDataSize, MILTER_MDS_256K); + MilterMaxDataSize = MILTER_MDS_256K; + } + } + else if (MilterMaxDataSize != MILTER_MDS_64K) + { + sm_syslog(LOG_WARNING, NOQID, + "WARNING: Milter.maxdatasize: configured=%d, set by libmilter=%d", + MilterMaxDataSize, MILTER_MDS_64K); + MilterMaxDataSize = MILTER_MDS_64K; + } + m->mf_pflags &= ~SMFI_INTERNAL; +#endif /* _FFR_MDS_NEGOTIATE */ + /* check for protocol feature mismatch */ if ((m->mf_pflags & mta_prot_flags) != m->mf_pflags) { @@ -2976,7 +3033,7 @@ milter_addheader(m, response, rlen, e) h->h_value = mh_value; else { - h->h_value = addleadingspace (mh_value, e->e_rpool); + h->h_value = addleadingspace(mh_value, e->e_rpool); SM_FREE(mh_value); } h->h_flags |= H_USER; @@ -3277,7 +3334,7 @@ milter_changeheader(m, response, rlen, e) h->h_value = mh_value; else { - h->h_value = addleadingspace (mh_value, e->e_rpool); + h->h_value = addleadingspace(mh_value, e->e_rpool); SM_FREE(mh_value); } h->h_flags |= H_USER; @@ -3330,7 +3387,7 @@ milter_split_response(response, rlen, pargc) return NULL; /* last entry is only for the name */ - s = (char **)malloc(nelem * (sizeof(*s))); + s = (char **)malloc((nelem + 1) * (sizeof(*s))); if (s == NULL) return NULL; s[0] = response; @@ -3813,7 +3870,7 @@ milter_init(e, state, milters) m->mf_sock < 0 ? "open" : "negotiate"); - /* if negotation failure, close socket */ + /* if negotiation failure, close socket */ milter_error(m, e); MILTER_CHECK_ERROR(true, continue); continue; @@ -4383,7 +4440,7 @@ milter_data(e, state) response = milter_read(m, &rcmd, &rlen, m->mf_timeout[SMFTO_READ], e, - "body"); + "eom"); if (m->mf_state == SMFS_ERROR) break; diff --git a/contrib/sendmail/src/queue.c b/contrib/sendmail/src/queue.c index d4c6369..194f525 100644 --- a/contrib/sendmail/src/queue.c +++ b/contrib/sendmail/src/queue.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1998-2007 Sendmail, Inc. and its suppliers. + * Copyright (c) 1998-2009 Sendmail, Inc. and its suppliers. * All rights reserved. * Copyright (c) 1983, 1995-1997 Eric P. Allman. All rights reserved. * Copyright (c) 1988, 1993 @@ -14,7 +14,7 @@ #include <sendmail.h> #include <sm/sem.h> -SM_RCSID("@(#)$Id: queue.c,v 8.977 2008/02/15 23:19:58 ca Exp $") +SM_RCSID("@(#)$Id: queue.c,v 8.987 2009/12/18 17:08:01 ca Exp $") #include <dirent.h> @@ -134,7 +134,7 @@ static const char EmptyString[] = ""; static void grow_wlist __P((int, int)); static int multiqueue_cache __P((char *, int, QUEUEGRP *, int, unsigned int *)); -static int gatherq __P((int, int, bool, bool *, bool *)); +static int gatherq __P((int, int, bool, bool *, bool *, int *)); static int sortq __P((int)); static void printctladdr __P((ADDRESS *, SM_FILE_T *)); static bool readqf __P((ENVELOPE *, bool)); @@ -2106,7 +2106,7 @@ run_work_group(wgrp, flags) for (i = 0; i < Queue[qgrp]->qg_numqueues; i++) { - h = gatherq(qgrp, qdir, false, &full, &more); + (void) gatherq(qgrp, qdir, false, &full, &more, &h); #if SM_CONF_SHM if (ShmId != SM_SHM_NO_ID) QSHM_ENTRIES(Queue[qgrp]->qg_qpaths[qdir].qp_idx) = h; @@ -2450,6 +2450,7 @@ runqueueevent(ignore) ** full -- (optional) to be set 'true' if WorkList is full ** more -- (optional) to be set 'true' if there are still more ** messages in this queue not added to WorkList +** pnentries -- (optional) total nuber of entries in queue ** ** Returns: ** The number of request in the queue (not necessarily @@ -2472,25 +2473,26 @@ static int WorkListSize = 0; /* current max size of WorkList */ static int WorkListCount = 0; /* # of work items in WorkList */ static int -gatherq(qgrp, qdir, doall, full, more) +gatherq(qgrp, qdir, doall, full, more, pnentries) int qgrp; int qdir; bool doall; bool *full; bool *more; + int *pnentries; { register struct dirent *d; register WORK *w; register char *p; DIR *f; - int i, num_ent; - int wn; + int i, num_ent, wn, nentries; QUEUE_CHAR *check; char qd[MAXPATHLEN]; char qf[MAXPATHLEN]; wn = WorkListCount - 1; num_ent = 0; + nentries = 0; if (qdir == NOQDIR) (void) sm_strlcpy(qd, ".", sizeof(qd)); else @@ -2600,6 +2602,7 @@ gatherq(qgrp, qdir, doall, full, more) continue; } + ++nentries; check = QueueLimitId; while (check != NULL) { @@ -2855,6 +2858,21 @@ gatherq(qgrp, qdir, doall, full, more) break; case 'K': +#if _FFR_EXPDELAY + if (MaxQueueAge > 0) + { + time_t lasttry, delay; + + lasttry = (time_t) atol(&lbuf[1]); + delay = MIN(lasttry - w->w_ctime, + MaxQueueAge); + age = curtime() - lasttry; + if (age < delay) + w->w_tooyoung = true; + break; + } +#endif /* _FFR_EXPDELAY */ + age = curtime() - (time_t) atol(&lbuf[1]); if (age >= 0 && MinQueueAge > 0 && age < MinQueueAge) @@ -2900,6 +2918,8 @@ gatherq(qgrp, qdir, doall, full, more) *full = (wn >= MaxQueueRun && MaxQueueRun > 0) || (WorkList == NULL && wn > 0); + if (pnentries != NULL) + *pnentries = nentries; return i; } /* @@ -3331,8 +3351,8 @@ workcmpf4(a, b) ** WORKCMPF5 -- compare based on assigned random number ** ** Parameters: -** a -- the first argument (ignored). -** b -- the second argument (ignored). +** a -- the first argument. +** b -- the second argument. ** ** Returns: ** randomly 1/-1 @@ -3682,7 +3702,7 @@ dowork(qgrp, qdir, id, forkflag, requeueflag, e) finis(true, true, ExitStat); else { - dropenvelope(e, true, false); + (void) dropenvelope(e, true, false); sm_rpool_free(rpool); e->e_rpool = NULL; } @@ -3859,7 +3879,7 @@ doworklist(el, forkflag, requeueflag) /* do the delivery */ sendall(&e, SM_DELIVER); - dropenvelope(&e, true, false); + (void) dropenvelope(&e, true, false); } else { @@ -4834,7 +4854,7 @@ print_single_queue(qgrp, qdir) ** Read and order the queue. */ - nrequests = gatherq(qgrp, qdir, true, NULL, NULL); + nrequests = gatherq(qgrp, qdir, true, NULL, NULL, NULL); (void) sortq(Queue[qgrp]->qg_maxlist); /* @@ -5332,31 +5352,31 @@ static const char QueueIdChars[] = "0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefgh */ # define queuenextid() CurrentPid - +#define QIC_LEN_SQR (QIC_LEN * QIC_LEN) void assign_queueid(e) register ENVELOPE *e; { pid_t pid = queuenextid(); - static int cX = 0; - static long random_offset; + static unsigned int cX = 0; + static unsigned int random_offset; struct tm *tm; char idbuf[MAXQFNAME - 2]; - int seq; + unsigned int seq; if (e->e_id != NULL) return; /* see if we need to get a new base time/pid */ - if (cX >= QIC_LEN * QIC_LEN || LastQueueTime == 0 || - LastQueuePid != pid) + if (cX >= QIC_LEN_SQR || LastQueueTime == 0 || LastQueuePid != pid) { time_t then = LastQueueTime; /* if the first time through, pick a random offset */ if (LastQueueTime == 0) - random_offset = get_random(); + random_offset = ((unsigned int)get_random()) + % QIC_LEN_SQR; while ((LastQueueTime = curtime()) == then && LastQueuePid == pid) @@ -5368,16 +5388,16 @@ assign_queueid(e) } /* - ** Generate a new sequence number between 0 and QIC_LEN*QIC_LEN-1. - ** This lets us generate up to QIC_LEN*QIC_LEN unique queue ids + ** Generate a new sequence number between 0 and QIC_LEN_SQR-1. + ** This lets us generate up to QIC_LEN_SQR unique queue ids ** per second, per process. With envelope splitting, ** a single message can consume many queue ids. */ - seq = (int)((cX + random_offset) % (QIC_LEN * QIC_LEN)); + seq = (cX + random_offset) % QIC_LEN_SQR; ++cX; if (tTd(7, 50)) - sm_dprintf("assign_queueid: random_offset = %ld (%d)\n", + sm_dprintf("assign_queueid: random_offset=%u (%u)\n", random_offset, seq); tm = gmtime(&LastQueueTime); @@ -5430,6 +5450,7 @@ sync_queue_time() { #if FAST_PID_RECYCLE if (OpMode != MD_TEST && + OpMode != MD_CHECKCONFIG && OpMode != MD_VERIFY && LastQueueTime > 0 && LastQueuePid == CurrentPid && @@ -5740,6 +5761,10 @@ pickqdir(qg, fsize, e) else qdir = get_rand_mod(qg->qg_numqueues); +#if _FFR_TESTS + if (tTd(4, 101)) + return NOQDIR; +#endif /* _FFR_TESTS */ if (MinBlocksFree <= 0 && fsize <= 0) return qdir; @@ -6600,6 +6625,16 @@ init_sem(owner) (long) SemKey, SemId, sm_errstring(-SemId)); return; } + if (owner && RunAsUid != 0) + { + int r; + + r = sm_semsetowner(SemId, RunAsUid, RunAsGid, 0660); + if (r != 0) + sm_syslog(LOG_ERR, NOQID, + "key=%ld, sm_semsetowner=%d, RunAsUid=%d, RunAsGid=%d", + (long) SemKey, r, RunAsUid, RunAsGid); + } #endif /* SM_CONF_SEM */ #endif /* _FFR_USE_SEM_LOCKING */ return; @@ -8826,7 +8861,7 @@ quarantine_queue(reason, qgrplimit) if (StopRequest) stop_sendmail(); - nrequests = gatherq(qgrp, qdir, true, NULL, NULL); + nrequests = gatherq(qgrp, qdir, true, NULL, NULL, NULL); /* first see if there is anything */ if (nrequests <= 0) diff --git a/contrib/sendmail/src/ratectrl.c b/contrib/sendmail/src/ratectrl.c index 8b95b37..773955a 100644 --- a/contrib/sendmail/src/ratectrl.c +++ b/contrib/sendmail/src/ratectrl.c @@ -45,7 +45,7 @@ */ #include <sendmail.h> -SM_RCSID("@(#)$Id: ratectrl.c,v 8.12 2008/02/11 22:56:05 ca Exp $") +SM_RCSID("@(#)$Id: ratectrl.c,v 8.13 2009/05/05 23:19:34 ca Exp $") /* ** stuff included - given some warnings (inet_ntoa) @@ -69,9 +69,6 @@ SM_RCSID("@(#)$Id: ratectrl.c,v 8.12 2008/02/11 22:56:05 ca Exp $") /* forward declarations */ static int client_rate __P((time_t, SOCKADDR *, bool)); static int total_rate __P((time_t, bool)); -#if 0 -static int sockaddrcmp __P((SOCKADDR *, SOCKADDR *)); -#endif /* 0 */ /* ** CONNECTION_RATE_CHECK - updates connection history data @@ -485,50 +482,3 @@ total_rate(now, update) return cnt; } - -#if 0 -/* -** SOCKADDRCMP - compare two SOCKADDR structures -** this function may be used to compare SOCKADDR -** structures when using bsearch and qsort functions -** in the same way we do with strcmp -** -** Parameters: -** a, b - addresses -** -** Returns: -** 1 if a > b -** -1 if a < b -** 0 if a = b -** -** OBS: This call isn't used at the moment, it will -** be used when code will be extended to work with IPV6 -*/ - -static int -sockaddrcmp(a, b) - SOCKADDR *a; - SOCKADDR *b; -{ - if (a->sa.sa_family > b->sa.sa_family) - return 1; - if (a->sa.sa_family < b->sa.sa_family) - return -1; - - switch (a->sa.sa_family) - { - case AF_INET: - if (a->sin.sin_addr.s_addr > b->sin.sin_addr.s_addr) - return 1; - if (a->sin.sin_addr.s_addr < b->sin.sin_addr.s_addr) - return -1; - return 0; - break; - - case AF_INET6: - /* TO BE DONE */ - break; - } - return 0; -} -#endif /* 0 */ diff --git a/contrib/sendmail/src/readcf.c b/contrib/sendmail/src/readcf.c index 445df9e..c6d48a8 100644 --- a/contrib/sendmail/src/readcf.c +++ b/contrib/sendmail/src/readcf.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1998-2006, 2008 Sendmail, Inc. and its suppliers. + * Copyright (c) 1998-2006, 2008, 2009 Sendmail, Inc. and its suppliers. * All rights reserved. * Copyright (c) 1983, 1995-1997 Eric P. Allman. All rights reserved. * Copyright (c) 1988, 1993 @@ -14,7 +14,7 @@ #include <sendmail.h> #include <sm/sendmail.h> -SM_RCSID("@(#)$Id: readcf.c,v 8.666 2008/02/14 17:25:14 ca Exp $") +SM_RCSID("@(#)$Id: readcf.c,v 8.674 2009/10/26 17:47:00 ca Exp $") #if NETINET || NETINET6 # include <arpa/inet.h> @@ -113,6 +113,9 @@ readcf(cfname, safe, e) FileName = cfname; LineNumber = 0; +#if STARTTLS + Srv_SSL_Options = Clt_SSL_Options = SSL_OP_ALL; +#endif /* STARTTLS */ if (DontLockReadFiles) sff |= SFF_NOLOCK; cf = safefopen(cfname, O_RDONLY, 0444, sff); @@ -136,7 +139,7 @@ readcf(cfname, safe, e) if (OpMode != MD_TEST && bitset(S_IWGRP|S_IWOTH, statb.st_mode)) { - if (OpMode == MD_DAEMON || OpMode == MD_INITALIAS) + if (OpMode == MD_DAEMON || OpMode == MD_INITALIAS || OpMode == MD_CHECKCONFIG) (void) sm_io_fprintf(smioerr, SM_TIME_DEFAULT, "%s: WARNING: dangerous write permissions\n", FileName); @@ -462,7 +465,7 @@ readcf(cfname, safe, e) rwp = RewriteRules[ruleset]; if (rwp != NULL) { - if (OpMode == MD_TEST) + if (OpMode == MD_TEST || OpMode == MD_CHECKCONFIG) (void) sm_io_fprintf(smioout, SM_TIME_DEFAULT, "WARNING: Ruleset %s has multiple definitions\n", @@ -534,7 +537,6 @@ readcf(cfname, safe, e) p++; while (isascii(*p) && isspace(*p)) p++; - file = p; } else optional = false; @@ -2255,10 +2257,101 @@ static struct optioninfo # define O_RCPTSHUTDG 0xe2 { "BadRcptShutdownGood", O_RCPTSHUTDG, OI_SAFE }, #endif /* _FFR_BADRCPT_SHUTDOWN */ +#if STARTTLS && _FFR_TLS_1 +# define O_SRV_SSL_OPTIONS 0xe3 + { "ServerSSLOptions", O_SRV_SSL_OPTIONS, OI_NONE }, +# define O_CLT_SSL_OPTIONS 0xe4 + { "ClientSSLOptions", O_CLT_SSL_OPTIONS, OI_NONE }, +#endif /* STARTTLS && _FFR_TLS_1 */ +#if _FFR_EXPDELAY +# define O_MAX_QUEUE_AGE 0xe5 + { "MaxQueueAge", O_MAX_QUEUE_AGE, OI_NONE }, +#endif /* _FFR_EXPDELAY */ +#if _FFR_RCPTTHROTDELAY +# define O_RCPTTHROTDELAY 0xe6 + { "BadRcptThrottleDelay", O_RCPTTHROTDELAY, OI_SAFE }, +#endif /* _FFR_RCPTTHROTDELAY */ { NULL, '\0', OI_NONE } }; +#if STARTTLS && _FFR_TLS_1 +static struct ssl_options +{ + const char *sslopt_name; /* name of the flag */ + long sslopt_bits; /* bits to set/clear */ +} SSL_Option[] = +{ +/* these are turned on by default */ +#ifdef SSL_OP_MICROSOFT_SESS_ID_BUG + { "SSL_OP_MICROSOFT_SESS_ID_BUG", SSL_OP_MICROSOFT_SESS_ID_BUG }, +#endif /* SSL_OP_MICROSOFT_SESS_ID_BUG */ +#ifdef SSL_OP_NETSCAPE_CHALLENGE_BUG + { "SSL_OP_NETSCAPE_CHALLENGE_BUG", SSL_OP_NETSCAPE_CHALLENGE_BUG }, +#endif /* SSL_OP_NETSCAPE_CHALLENGE_BUG */ +#ifdef SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG + { "SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG", SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG }, +#endif /* SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG */ +#ifdef SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG + { "SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG", SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG }, +#endif /* SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG */ +#ifdef SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER + { "SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER", SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER }, +#endif /* SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER */ +#ifdef SSL_OP_MSIE_SSLV2_RSA_PADDING + { "SSL_OP_MSIE_SSLV2_RSA_PADDING", SSL_OP_MSIE_SSLV2_RSA_PADDING }, +#endif /* SSL_OP_MSIE_SSLV2_RSA_PADDING */ +#ifdef SSL_OP_SSLEAY_080_CLIENT_DH_BUG + { "SSL_OP_SSLEAY_080_CLIENT_DH_BUG", SSL_OP_SSLEAY_080_CLIENT_DH_BUG }, +#endif /* SSL_OP_SSLEAY_080_CLIENT_DH_BUG */ +#ifdef SSL_OP_TLS_D5_BUG + { "SSL_OP_TLS_D5_BUG", SSL_OP_TLS_D5_BUG }, +#endif /* SSL_OP_TLS_D5_BUG */ +#ifdef SSL_OP_TLS_BLOCK_PADDING_BUG + { "SSL_OP_TLS_BLOCK_PADDING_BUG", SSL_OP_TLS_BLOCK_PADDING_BUG }, +#endif /* SSL_OP_TLS_BLOCK_PADDING_BUG */ +#ifdef SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS + { "SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS", SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS }, +#endif /* SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS */ + { "SSL_OP_ALL", SSL_OP_ALL }, +#ifdef SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION + { "SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION", SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION }, +#endif /* SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION */ +#ifdef SSL_OP_EPHEMERAL_RSA + { "SSL_OP_EPHEMERAL_RSA", SSL_OP_EPHEMERAL_RSA }, +#endif /* SSL_OP_EPHEMERAL_RSA */ +#ifdef SSL_OP_CIPHER_SERVER_PREFERENCE + { "SSL_OP_CIPHER_SERVER_PREFERENCE", SSL_OP_CIPHER_SERVER_PREFERENCE }, +#endif /* SSL_OP_CIPHER_SERVER_PREFERENCE */ +#ifdef SSL_OP_TLS_ROLLBACK_BUG + { "SSL_OP_TLS_ROLLBACK_BUG", SSL_OP_TLS_ROLLBACK_BUG }, +#endif /* SSL_OP_TLS_ROLLBACK_BUG */ +#ifdef SSL_OP_NO_SSLv2 + { "SSL_OP_NO_SSLv2", SSL_OP_NO_SSLv2 }, +#endif /* SSL_OP_NO_SSLv2 */ +#ifdef SSL_OP_NO_SSLv3 + { "SSL_OP_NO_SSLv3", SSL_OP_NO_SSLv3 }, +#endif /* SSL_OP_NO_SSLv3 */ +#ifdef SSL_OP_NO_TLSv1 + { "SSL_OP_NO_TLSv1", SSL_OP_NO_TLSv1 }, +#endif /* SSL_OP_NO_TLSv1 */ +#ifdef SSL_OP_PKCS1_CHECK_1 + { "SSL_OP_PKCS1_CHECK_1", SSL_OP_PKCS1_CHECK_1 }, +#endif /* SSL_OP_PKCS1_CHECK_1 */ +#ifdef SSL_OP_PKCS1_CHECK_2 + { "SSL_OP_PKCS1_CHECK_2", SSL_OP_PKCS1_CHECK_2 }, +#endif /* SSL_OP_PKCS1_CHECK_2 */ +#ifdef SSL_OP_NETSCAPE_CA_DN_BUG + { "SSL_OP_NETSCAPE_CA_DN_BUG", SSL_OP_NETSCAPE_CA_DN_BUG }, +#endif /* SSL_OP_NETSCAPE_CA_DN_BUG */ +#ifdef SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG + { "SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG", SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG }, +#endif /* SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG */ + { NULL, 0 } +}; +#endif /* STARTTLS && _FFR_TLS_1 */ + + # define CANONIFY(val) # define SET_OPT_DEFAULT(opt, val) opt = val @@ -2299,6 +2392,9 @@ setoption(opt, val, safe, sticky, e) char *newval; char exbuf[MAXLINE]; #endif /* STARTTLS || SM_CONF_SHM */ +#if STARTTLS && _FFR_TLS_1 + long *pssloptions = NULL; +#endif /* STARTTLS && _FFR_TLS_1 */ errno = 0; if (opt == ' ') @@ -2995,6 +3091,12 @@ setoption(opt, val, safe, sticky, e) MinQueueAge = convtime(val, 'm'); break; +#if _FFR_EXPDELAY + case O_MAX_QUEUE_AGE: + MaxQueueAge = convtime(val, 'm'); + break; +#endif /* _FFR_EXPDELAY */ + case O_DEFCHARSET: /* default character set for mimefying */ DefaultCharSet = newstr(denlstring(val, true, true)); break; @@ -3317,6 +3419,12 @@ setoption(opt, val, safe, sticky, e) BadRcptThrottle = atoi(val); break; +#if _FFR_RCPTTHROTDELAY + case O_RCPTTHROTDELAY: + BadRcptThrottleDelay = atoi(val); + break; +#endif /* _FFR_RCPTTHROTDELAY */ + case O_DEADLETTER: CANONIFY(val); PSTRSET(DeadLetterDrop, val); @@ -3578,7 +3686,51 @@ setoption(opt, val, safe, sticky, e) SET_STRING_EXP(DHParams5); case O_CIPHERLIST: SET_STRING_EXP(CipherList); + case O_SRV_SSL_OPTIONS: + pssloptions = &Srv_SSL_Options; + case O_CLT_SSL_OPTIONS: + if (pssloptions == NULL) + pssloptions = &Clt_SSL_Options; + for (p = val; *p != 0; ) + { + bool clearmode; + char *q; + struct ssl_options *sslopts; + + while (*p == ' ') + p++; + if (*p == '\0') + break; + clearmode = false; + if (*p == '-' || *p == '+') + clearmode = *p++ == '-'; + q = p; + while (*p != '\0' && !(isascii(*p) && isspace(*p))) + p++; + if (*p != '\0') + *p++ = '\0'; + for (sslopts = SSL_Option; + sslopts->sslopt_name != NULL; sslopts++) + { + if (sm_strcasecmp(q, sslopts->sslopt_name) == 0) + break; + } + if (sslopts->sslopt_name == NULL) + { + errno = 0; + syserr("readcf: %s option value %s unrecognized", + o->o_name, q); + } + else if (clearmode) + *pssloptions &= ~sslopts->sslopt_bits; + else + *pssloptions |= sslopts->sslopt_bits; + } + pssloptions = NULL; + break; + # endif /* _FFR_TLS_1 */ + case O_CRLFILE: # if OPENSSL_VERSION_NUMBER > 0x00907000L SET_STRING_EXP(CRLFile); @@ -4026,8 +4178,7 @@ strtorwset(p, endp, stabmode) char *q = NULL; q = p; - while (*p != '\0' && isascii(*p) && - (isalnum(*p) || *p == '_')) + while (*p != '\0' && isascii(*p) && (isalnum(*p) || *p == '_')) p++; if (q == p || !(isascii(*q) && isalpha(*q))) { diff --git a/contrib/sendmail/src/savemail.c b/contrib/sendmail/src/savemail.c index cf72e8d..4178245 100644 --- a/contrib/sendmail/src/savemail.c +++ b/contrib/sendmail/src/savemail.c @@ -13,7 +13,7 @@ #include <sendmail.h> -SM_RCSID("@(#)$Id: savemail.c,v 8.313 2006/11/29 00:20:41 ca Exp $") +SM_RCSID("@(#)$Id: savemail.c,v 8.314 2009/12/18 17:08:01 ca Exp $") static bool errbody __P((MCI *, ENVELOPE *, char *)); static bool pruneroute __P((char *)); @@ -705,7 +705,7 @@ returntosender(msg, returnq, flags, e) sendall(ee, SM_DELIVER); /* restore state */ - dropenvelope(ee, true, false); + (void) dropenvelope(ee, true, false); sm_rpool_free(ee->e_rpool); CurEnv = oldcur; returndepth--; diff --git a/contrib/sendmail/src/sendmail.8 b/contrib/sendmail/src/sendmail.8 index 540d554..e5ce9ae 100644 --- a/contrib/sendmail/src/sendmail.8 +++ b/contrib/sendmail/src/sendmail.8 @@ -9,9 +9,9 @@ .\" the sendmail distribution. .\" .\" -.\" $Id: sendmail.8,v 8.58 2007/08/02 05:42:33 ca Exp $ +.\" $Id: sendmail.8,v 8.59 2009/04/10 17:49:19 gshapiro Exp $ .\" -.TH SENDMAIL 8 "$Date: 2007/08/02 05:42:33 $" +.TH SENDMAIL 8 "$Date: 2009/04/10 17:49:19 $" .SH NAME sendmail \- an electronic mail transport agent @@ -741,6 +741,8 @@ Internet Request For Comments No. 8, SMM. .PP http://www.sendmail.org/ +.PP +US Patent Numbers 6865671, 6986037. .SH HISTORY The .B sendmail diff --git a/contrib/sendmail/src/sendmail.h b/contrib/sendmail/src/sendmail.h index b6b231d..b170c2b 100644 --- a/contrib/sendmail/src/sendmail.h +++ b/contrib/sendmail/src/sendmail.h @@ -1,5 +1,5 @@ /* - * Copyright (c) 1998-2008 Sendmail, Inc. and its suppliers. + * Copyright (c) 1998-2009 Sendmail, Inc. and its suppliers. * All rights reserved. * Copyright (c) 1983, 1995-1997 Eric P. Allman. All rights reserved. * Copyright (c) 1988, 1993 @@ -52,7 +52,7 @@ #ifdef _DEFINE # ifndef lint -SM_UNUSED(static char SmailId[]) = "@(#)$Id: sendmail.h,v 8.1059 2008/02/15 23:19:58 ca Exp $"; +SM_UNUSED(static char SmailId[]) = "@(#)$Id: sendmail.h,v 8.1068 2009/12/18 17:08:01 ca Exp $"; # endif /* ! lint */ #endif /* _DEFINE */ @@ -607,7 +607,7 @@ extern bool filesys_free __P((long)); ERROR: change SASL_SEC_MASK_ notify sendmail.org! # endif /* SASL_SEC_NOPLAINTEXT & SASL_SEC_MASK) == 0 ... */ # endif /* SASL >= 20101 */ -# define MAXOUTLEN 8192 /* length of output buffer */ +# define MAXOUTLEN 8192 /* length of output buffer, should be 2^n */ /* functions */ extern char *intersect __P((char *, char *, SM_RPOOL_T *)); @@ -931,6 +931,10 @@ struct envelope int e_dlvr_flag; /* deliver by flag */ SM_RPOOL_T *e_rpool; /* resource pool for this envelope */ unsigned int e_features; /* server features */ +#if _FFR_MILTER_ENHSC +#define ENHSC_LEN 11 + char e_enhsc[ENHSC_LEN]; /* enhanced status code */ +#endif /* _FFR_MILTER_ENHSC */ }; /* values for e_flags */ @@ -982,7 +986,7 @@ extern ENVELOPE BlankEnvelope; /* functions */ extern void clearenvelope __P((ENVELOPE *, bool, SM_RPOOL_T *)); -extern void dropenvelope __P((ENVELOPE *, bool, bool)); +extern int dropenvelope __P((ENVELOPE *, bool, bool)); extern ENVELOPE *newenvelope __P((ENVELOPE *, ENVELOPE *, SM_RPOOL_T *)); extern void clrsessenvelope __P((ENVELOPE *)); extern void printenvflags __P((ENVELOPE *)); @@ -1561,6 +1565,7 @@ extern void stabapply __P((void (*)(STAB *, int), int)); #define MD_HOSTSTAT 'h' /* print persistent host stat info */ #define MD_PURGESTAT 'H' /* purge persistent host stat info */ #define MD_QUEUERUN 'q' /* queue run */ +#define MD_CHECKCONFIG 'C' /* check configuration file */ #if _FFR_LOCAL_DAEMON EXTERN bool LocalDaemon; @@ -1880,7 +1885,7 @@ struct termescape /* functions */ extern bool init_tls_library __P((void)); -extern bool inittls __P((SSL_CTX **, unsigned long, bool, char *, char *, char *, char *, char *)); +extern bool inittls __P((SSL_CTX **, unsigned long, long, bool, char *, char *, char *, char *, char *)); extern bool initclttls __P((bool)); extern void setclttls __P((bool)); extern bool initsrvtls __P((bool)); @@ -1906,6 +1911,7 @@ EXTERN char *CRLFile; /* file CRLs */ EXTERN char *CRLPath; /* path to CRLs (dir. with hashes) */ #endif /* _FFR_CRLPATH */ EXTERN unsigned long TLS_Srv_Opts; /* TLS server options */ +EXTERN long Srv_SSL_Options, Clt_SSL_Options; /* SSL options */ #endif /* STARTTLS */ /* @@ -1986,6 +1992,9 @@ EXTERN int QueueFileMode; /* mode on files in mail queue */ EXTERN int QueueMode; /* which queue items to act upon */ EXTERN int QueueSortOrder; /* queue sorting order algorithm */ EXTERN time_t MinQueueAge; /* min delivery interval */ +#if _FFR_EXPDELAY +EXTERN time_t MaxQueueAge; /* max delivery interval */ +#endif /* _FFR_EXPDELAY */ EXTERN time_t QueueIntvl; /* intervals between running the queue */ EXTERN char *QueueDir; /* location of queue directory */ EXTERN QUEUE_CHAR *QueueLimitId; /* limit queue run to id */ @@ -2235,11 +2244,16 @@ EXTERN bool UseNameServer; /* using DNS -- interpret h_errno & MX RRs */ EXTERN char InetMode; /* default network for daemon mode */ EXTERN char OpMode; /* operation mode, see below */ EXTERN char SpaceSub; /* substitution for <lwsp> */ -EXTERN int BadRcptThrottle; /* Throttle rejected RCPTs per SMTP message */ #if _FFR_BADRCPT_SHUTDOWN EXTERN int BadRcptShutdown; /* Shutdown connection for rejected RCPTs */ EXTERN int BadRcptShutdownGood; /* above even when there are good RCPTs */ #endif /* _FFR_BADRCPT_SHUTDOWN */ +EXTERN int BadRcptThrottle; /* Throttle rejected RCPTs per SMTP message */ +#if _FFR_RCPTTHROTDELAY +EXTERN unsigned int BadRcptThrottleDelay; /* delay for BadRcptThrottle */ +#else +# define BadRcptThrottleDelay 1 +#endif /* _FFR_RCPTTHROTDELAY */ EXTERN int CheckpointInterval; /* queue file checkpoint interval */ EXTERN int ConfigLevel; /* config file level */ EXTERN int ConnRateThrottle; /* throttle for SMTP connection rate */ diff --git a/contrib/sendmail/src/sfsasl.c b/contrib/sendmail/src/sfsasl.c index 67e919f..cad16db 100644 --- a/contrib/sendmail/src/sfsasl.c +++ b/contrib/sendmail/src/sfsasl.c @@ -9,7 +9,7 @@ */ #include <sm/gen.h> -SM_RCSID("@(#)$Id: sfsasl.c,v 8.117 2008/01/31 18:48:29 ca Exp $") +SM_RCSID("@(#)$Id: sfsasl.c,v 8.118 2008/07/22 15:12:48 ca Exp $") #include <stdlib.h> #include <sendmail.h> #include <sm/time.h> @@ -296,7 +296,7 @@ sasl_write(fp, buf, size) /* ** Fetch the maximum input buffer size for sasl_encode(). ** This can be less than the size set in attemptauth() - ** due to a negotation with the other side, e.g., + ** due to a negotiation with the other side, e.g., ** Cyrus IMAP lmtp program sets maxbuf=4096, ** digestmd5 substracts 25 and hence we'll get 4071 ** instead of 8192 (MAXOUTLEN). diff --git a/contrib/sendmail/src/srvrsmtp.c b/contrib/sendmail/src/srvrsmtp.c index fffcd0d..49016e4 100644 --- a/contrib/sendmail/src/srvrsmtp.c +++ b/contrib/sendmail/src/srvrsmtp.c @@ -17,7 +17,7 @@ # include <libmilter/mfdef.h> #endif /* MILTER */ -SM_RCSID("@(#)$Id: srvrsmtp.c,v 8.975 2008/03/31 16:32:13 ca Exp $") +SM_RCSID("@(#)$Id: srvrsmtp.c,v 8.989 2009/12/18 17:08:01 ca Exp $") #include <sm/time.h> #include <sm/fdset.h> @@ -479,6 +479,9 @@ do \ e->e_sendqueue = NULL; \ e->e_flags |= EF_CLRQUEUE; \ \ + if (tTd(92, 2)) \ + sm_dprintf("CLEAR_STATE: e_id=%s, EF_LOGSENDER=%d, LogLevel=%d\n",\ + e->e_id, bitset(EF_LOGSENDER, e->e_flags), LogLevel);\ if (LogLevel > 4 && bitset(EF_LOGSENDER, e->e_flags)) \ logsender(e, NULL); \ e->e_flags &= ~EF_LOGSENDER; \ @@ -486,7 +489,7 @@ do \ /* clean up a bit */ \ smtp.sm_gotmail = false; \ SuprErrs = true; \ - dropenvelope(e, true, false); \ + (void) dropenvelope(e, true, false); \ sm_rpool_free(e->e_rpool); \ e = newenvelope(e, CurEnv, sm_rpool_new_x(NULL)); \ CurEnv = e; \ @@ -906,6 +909,16 @@ smtp(nullserver, d_flags, e) #endif /* SASL */ #if STARTTLS +# if USE_OPENSSL_ENGINE + if (tls_ok_srv && bitset(SRV_OFFER_TLS, features) && + !SSL_set_engine(NULL)) + { + sm_syslog(LOG_ERR, NOQID, + "STARTTLS=server, SSL_set_engine=failed"); + tls_ok_srv = false; + } +# endif /* USE_OPENSSL_ENGINE */ + set_tls_rd_tmo(TimeOuts.to_nextcommand); #endif /* STARTTLS */ @@ -1272,7 +1285,8 @@ smtp(nullserver, d_flags, e) { if (++np_log < 3) sm_syslog(LOG_INFO, NOQID, - "unauthorized PIPELINING, sleeping"); + "unauthorized PIPELINING, sleeping, relay=%.100s", + CurSmtpClient); sleep(1); } @@ -1447,8 +1461,9 @@ smtp(nullserver, d_flags, e) message("454 4.5.4 Internal error: unable to encode64"); if (LogLevel > 5) sm_syslog(LOG_WARNING, e->e_id, - "AUTH encode64 error [%d for \"%s\"]", - result, out); + "AUTH encode64 error [%d for \"%s\"], relay=%.100s", + result, out, + CurSmtpClient); /* start over? */ authenticating = SASL_NOT_AUTH; } @@ -1469,16 +1484,17 @@ smtp(nullserver, d_flags, e) message("535 5.7.0 authentication failed"); if (LogLevel > 9) sm_syslog(LOG_WARNING, e->e_id, - "AUTH failure (%s): %s (%d) %s", + "AUTH failure (%s): %s (%d) %s, relay=%.100s", auth_type, sasl_errstring(result, NULL, NULL), result, # if SASL >= 20000 - sasl_errdetail(conn)); + sasl_errdetail(conn), # else /* SASL >= 20000 */ - errstr == NULL ? "" : errstr); + errstr == NULL ? "" : errstr, # endif /* SASL >= 20000 */ + CurSmtpClient); RESET_SASLCONN; authenticating = SASL_NOT_AUTH; } @@ -1700,8 +1716,9 @@ smtp(nullserver, d_flags, e) q); if (LogLevel > 5) sm_syslog(LOG_WARNING, e->e_id, - "AUTH decode64 error [%d for \"%s\"]", - result, q); + "AUTH decode64 error [%d for \"%s\"], relay=%.100s", + result, q, + CurSmtpClient); /* start over? */ authenticating = SASL_NOT_AUTH; # if SASL >= 20000 @@ -1734,16 +1751,17 @@ smtp(nullserver, d_flags, e) message("535 5.7.0 authentication failed"); if (LogLevel > 9) sm_syslog(LOG_ERR, e->e_id, - "AUTH failure (%s): %s (%d) %s", + "AUTH failure (%s): %s (%d) %s, relay=%.100s", p, sasl_errstring(result, NULL, NULL), result, # if SASL >= 20000 - sasl_errdetail(conn)); + sasl_errdetail(conn), # else /* SASL >= 20000 */ - errstr); + errstr, # endif /* SASL >= 20000 */ + CurSmtpClient); RESET_SASLCONN; break; } @@ -1893,8 +1911,9 @@ smtp(nullserver, d_flags, e) if (LogLevel > 5) { sm_syslog(LOG_WARNING, NOQID, - "STARTTLS=server, error: accept failed=%d, SSL_error=%d, errno=%d, retry=%d", - r, ssl_err, errno, i); + "STARTTLS=server, error: accept failed=%d, SSL_error=%d, errno=%d, retry=%d, relay=%.100s", + r, ssl_err, errno, i, + CurSmtpClient); if (LogLevel > 8) tlslogerr("server"); } @@ -2532,7 +2551,7 @@ smtp(nullserver, d_flags, e) #if _FFR_BADRCPT_SHUTDOWN /* ** hack to deal with hack, see below: - ** n_badrcpts is increased is limit is reached. + ** n_badrcpts is increased if limit is reached. */ n_badrcpts_adj = (BadRcptThrottle > 0 && @@ -2576,12 +2595,12 @@ smtp(nullserver, d_flags, e) /* ** Don't use exponential backoff for now. - ** Some servers will open more connections + ** Some systems will open more connections ** and actually overload the receiver even ** more. */ - (void) sleep(1); + (void) sleep(BadRcptThrottleDelay); } if (!smtp.sm_gotmail) { @@ -3147,6 +3166,11 @@ doquit: milter_quit(e); #endif /* MILTER */ + if (tTd(92, 2)) + sm_dprintf("QUIT: e_id=%s, EF_LOGSENDER=%d, LogLevel=%d\n", + e->e_id, + bitset(EF_LOGSENDER, e->e_flags), + LogLevel); if (LogLevel > 4 && bitset(EF_LOGSENDER, e->e_flags)) logsender(e, NULL); e->e_flags &= ~EF_LOGSENDER; @@ -3358,6 +3382,11 @@ smtp_data(smtp, e) response); LogUsrErrs = false; } +#if _FFR_MILTER_ENHSC + if (ISSMTPCODE(response)) + (void) extenhsc(response + 4, ' ', e->e_enhsc); +#endif /* _FFR_MILTER_ENHSC */ + usrerr(response); if (strncmp(response, "421 ", 4) == 0 || strncmp(response, "421-", 4) == 0) @@ -3374,6 +3403,10 @@ smtp_data(smtp, e) "Milter: cmd=data, reject=550 5.7.1 Command rejected"); LogUsrErrs = false; } +#if _FFR_MILTER_ENHSC + (void) sm_strlcpy(e->e_enhsc, "5.7.1", + sizeof(e->e_enhsc)); +#endif /* _FFR_MILTER_ENHSC */ usrerr("550 5.7.1 Command rejected"); return true; @@ -3392,6 +3425,9 @@ smtp_data(smtp, e) MSG_TEMPFAIL); LogUsrErrs = false; } +#if _FFR_MILTER_ENHSC + (void) extenhsc(MSG_TEMPFAIL + 4, ' ', e->e_enhsc); +#endif /* _FFR_MILTER_ENHSC */ usrerr(MSG_TEMPFAIL); return true; @@ -3467,7 +3503,14 @@ smtp_data(smtp, e) "Milter: data, reject=%s", response); milteraccept = false; +#if _FFR_MILTER_ENHSC + if (ISSMTPCODE(response)) + (void) extenhsc(response + 4, ' ', e->e_enhsc); +#endif /* _FFR_MILTER_ENHSC */ usrerr(response); + if (strncmp(response, "421 ", 4) == 0 + || strncmp(response, "421-", 4) == 0) + rv = false; break; case SMFIR_REJECT: @@ -3492,6 +3535,9 @@ smtp_data(smtp, e) "Milter: data, reject=%s", MSG_TEMPFAIL); milteraccept = false; +#if _FFR_MILTER_ENHSC + (void) extenhsc(MSG_TEMPFAIL + 4, ' ', e->e_enhsc); +#endif /* _FFR_MILTER_ENHSC */ usrerr(MSG_TEMPFAIL); break; @@ -3782,6 +3828,9 @@ smtp_data(smtp, e) } abortmessage: + if (tTd(92, 2)) + sm_dprintf("abortmessage: e_id=%s, EF_LOGSENDER=%d, LogLevel=%d\n", + e->e_id, bitset(EF_LOGSENDER, e->e_flags), LogLevel); if (LogLevel > 4 && bitset(EF_LOGSENDER, e->e_flags)) logsender(e, NULL); e->e_flags &= ~EF_LOGSENDER; @@ -3795,7 +3844,7 @@ smtp_data(smtp, e) */ if (aborting || bitset(EF_DISCARD, e->e_flags)) - dropenvelope(e, true, false); + (void) dropenvelope(e, true, false); else { for (ee = e; ee != NULL; ee = ee->e_sibling) @@ -3804,11 +3853,11 @@ smtp_data(smtp, e) QueueMode != QM_QUARANTINE && ee->e_quarmsg != NULL) { - dropenvelope(ee, true, false); + (void) dropenvelope(ee, true, false); continue; } if (WILL_BE_QUEUED(ee->e_sendmode)) - dropenvelope(ee, true, false); + (void) dropenvelope(ee, true, false); } } @@ -3870,8 +3919,13 @@ logundelrcpts(e, msg, level, all) if (!QS_IS_UNDELIVERED(a->q_state) && !all) continue; e->e_to = a->q_paddr; - logdelivery(NULL, NULL, a->q_status, msg, NULL, - (time_t) 0, e); + logdelivery(NULL, NULL, +#if _FFR_MILTER_ENHSC + (a->q_status == NULL && e->e_enhsc[0] != '\0') + ? e->e_enhsc : +#endif /* _FFR_MILTER_ENHSC */ + a->q_status, + msg, NULL, (time_t) 0, e); } e->e_to = NULL; } @@ -4692,8 +4746,9 @@ initsrvtls(tls_ok) return false; /* do NOT remove assignment */ - tls_ok_srv = inittls(&srv_ctx, TLS_Srv_Opts, true, SrvCertFile, - SrvKeyFile, CACertPath, CACertFile, DHParams); + tls_ok_srv = inittls(&srv_ctx, TLS_Srv_Opts, Srv_SSL_Options, true, + SrvCertFile, SrvKeyFile, + CACertPath, CACertFile, DHParams); return tls_ok_srv; } #endif /* STARTTLS */ diff --git a/contrib/sendmail/src/tls.c b/contrib/sendmail/src/tls.c index 1a213ca..7031994 100644 --- a/contrib/sendmail/src/tls.c +++ b/contrib/sendmail/src/tls.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 2000-2006 Sendmail, Inc. and its suppliers. + * Copyright (c) 2000-2006, 2008, 2009 Sendmail, Inc. and its suppliers. * All rights reserved. * * By using this file, you agree to the terms and conditions set @@ -10,7 +10,7 @@ #include <sendmail.h> -SM_RCSID("@(#)$Id: tls.c,v 8.107 2006/10/12 21:35:11 ca Exp $") +SM_RCSID("@(#)$Id: tls.c,v 8.114 2009/08/10 15:11:09 ca Exp $") #if STARTTLS # include <openssl/err.h> @@ -486,6 +486,7 @@ tls_safe_f(var, sff, srv) ** Parameters: ** ctx -- pointer to context ** req -- requirements for initialization (see sendmail.h) +** options -- options ** srv -- server side? ** certfile -- filename of certificate ** keyfile -- filename of private key @@ -514,9 +515,10 @@ static char server_session_id_context[] = "sendmail8"; #endif bool -inittls(ctx, req, srv, certfile, keyfile, cacertpath, cacertfile, dhparam) +inittls(ctx, req, options, srv, certfile, keyfile, cacertpath, cacertfile, dhparam) SSL_CTX **ctx; unsigned long req; + long options; bool srv; char *certfile, *keyfile, *cacertpath, *cacertfile, *dhparam; { @@ -525,7 +527,7 @@ inittls(ctx, req, srv, certfile, keyfile, cacertpath, cacertfile, dhparam) # endif /* !NO_DH */ int r; bool ok; - long sff, status, options; + long sff, status; char *who; # if _FFR_TLS_1 char *cf2, *kf2; @@ -643,7 +645,10 @@ inittls(ctx, req, srv, certfile, keyfile, cacertpath, cacertfile, dhparam) } } if (dhparam == NULL) + { dhparam = srv ? "1" : "5"; + req |= (srv ? TLS_I_DH1024 : TLS_I_DH512); + } else if (*dhparam == '/') { TLS_OK_F(dhparam, "DHParameters", @@ -913,7 +918,6 @@ inittls(ctx, req, srv, certfile, keyfile, cacertpath, cacertfile, dhparam) /* SSL_CTX_set_quiet_shutdown(*ctx, 1); violation of standard? */ - options = SSL_OP_ALL; /* bug compatibility? */ #if SM_SSL_OP_TLS_BLOCK_PADDING_BUG /* @@ -1196,23 +1200,62 @@ tls_get_info(ssl, srv, host, mac, certreq) if (cert != NULL) { unsigned int n; + X509_NAME *subj, *issuer; unsigned char md[EVP_MAX_MD_SIZE]; char buf[MAXNAME]; - X509_NAME_oneline(X509_get_subject_name(cert), - buf, sizeof(buf)); + subj = X509_get_subject_name(cert); + issuer = X509_get_issuer_name(cert); + X509_NAME_oneline(subj, buf, sizeof(buf)); macdefine(mac, A_TEMP, macid("{cert_subject}"), xtextify(buf, "<>\")")); - X509_NAME_oneline(X509_get_issuer_name(cert), - buf, sizeof(buf)); + X509_NAME_oneline(issuer, buf, sizeof(buf)); macdefine(mac, A_TEMP, macid("{cert_issuer}"), xtextify(buf, "<>\")")); - X509_NAME_get_text_by_NID(X509_get_subject_name(cert), - NID_commonName, buf, sizeof(buf)); + +#define CHECK_X509_NAME(which) \ + do { \ + if (r == -1) \ + { \ + sm_strlcpy(buf, "BadCertificateUnknown", sizeof(buf)); \ + if (LogLevel > 7) \ + sm_syslog(LOG_INFO, NOQID, \ + "STARTTLS=%s, relay=%.100s, field=%s, status=failed to extract CN", \ + who, \ + host == NULL ? "local" : host, \ + which); \ + } \ + else if ((size_t)r >= sizeof(buf) - 1) \ + { \ + sm_strlcpy(buf, "BadCertificateTooLong", sizeof(buf)); \ + if (LogLevel > 7) \ + sm_syslog(LOG_INFO, NOQID, \ + "STARTTLS=%s, relay=%.100s, field=%s, status=CN too long", \ + who, \ + host == NULL ? "local" : host, \ + which); \ + } \ + else if ((size_t)r > strlen(buf)) \ + { \ + sm_strlcpy(buf, "BadCertificateContainsNUL", \ + sizeof(buf)); \ + if (LogLevel > 7) \ + sm_syslog(LOG_INFO, NOQID, \ + "STARTTLS=%s, relay=%.100s, field=%s, status=CN contains NUL", \ + who, \ + host == NULL ? "local" : host, \ + which); \ + } \ + } while (0) + + r = X509_NAME_get_text_by_NID(subj, NID_commonName, buf, + sizeof buf); + CHECK_X509_NAME("cn_subject"); macdefine(mac, A_TEMP, macid("{cn_subject}"), xtextify(buf, "<>\")")); - X509_NAME_get_text_by_NID(X509_get_issuer_name(cert), - NID_commonName, buf, sizeof(buf)); + r = X509_NAME_get_text_by_NID(issuer, NID_commonName, buf, + sizeof buf); + CHECK_X509_NAME("cn_issuer"); macdefine(mac, A_TEMP, macid("{cn_issuer}"), xtextify(buf, "<>\")")); n = 0; @@ -1596,14 +1639,19 @@ tls_verify_cb(ctx, unused) { int ok; + /* + ** man SSL_CTX_set_cert_verify_callback(): + ** callback should return 1 to indicate verification success + ** and 0 to indicate verification failure. + */ + ok = X509_verify_cert(ctx); - if (ok == 0) + if (ok <= 0) { if (LogLevel > 13) return tls_verify_log(ok, ctx, "TLS"); - return 1; /* override it */ } - return ok; + return 1; } /* ** TLSLOGERR -- log the errors from the TLS error stack diff --git a/contrib/sendmail/src/usersmtp.c b/contrib/sendmail/src/usersmtp.c index b29495c..23278b0 100644 --- a/contrib/sendmail/src/usersmtp.c +++ b/contrib/sendmail/src/usersmtp.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1998-2006, 2008 Sendmail, Inc. and its suppliers. + * Copyright (c) 1998-2006, 2008, 2009 Sendmail, Inc. and its suppliers. * All rights reserved. * Copyright (c) 1983, 1995-1997 Eric P. Allman. All rights reserved. * Copyright (c) 1988, 1993 @@ -13,7 +13,7 @@ #include <sendmail.h> -SM_RCSID("@(#)$Id: usersmtp.c,v 8.472 2008/01/31 18:48:29 ca Exp $") +SM_RCSID("@(#)$Id: usersmtp.c,v 8.473 2009/06/17 17:26:51 ca Exp $") #include <sysexits.h> @@ -1568,7 +1568,9 @@ attemptauth(m, mci, e, sai) sasl_interact_t *client_interact = NULL; char *mechusing; sasl_security_properties_t ssp; - char in64[MAXOUTLEN]; + + /* MUST NOT be a multiple of 4: bug in some sasl_encode64() versions */ + char in64[MAXOUTLEN + 1]; #if NETINET || (NETINET6 && SASL >= 20000) extern SOCKADDR CurHostAddr; #endif /* NETINET || (NETINET6 && SASL >= 20000) */ @@ -1770,7 +1772,8 @@ attemptauth(m, mci, e, sai) } else { - saslresult = sasl_encode64(out, outlen, in64, MAXOUTLEN, NULL); + saslresult = sasl_encode64(out, outlen, in64, sizeof(in64), + NULL); if (saslresult != SASL_OK) /* internal error */ { if (LogLevel > 8) @@ -1837,7 +1840,7 @@ attemptauth(m, mci, e, sai) if (outlen > 0) { saslresult = sasl_encode64(out, outlen, in64, - MAXOUTLEN, NULL); + sizeof(in64), NULL); if (saslresult != SASL_OK) { /* give an error reply to the other side! */ diff --git a/contrib/sendmail/src/util.c b/contrib/sendmail/src/util.c index dab5961..ab491fb 100644 --- a/contrib/sendmail/src/util.c +++ b/contrib/sendmail/src/util.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1998-2007 Sendmail, Inc. and its suppliers. + * Copyright (c) 1998-2007, 2009 Sendmail, Inc. and its suppliers. * All rights reserved. * Copyright (c) 1983, 1995-1997 Eric P. Allman. All rights reserved. * Copyright (c) 1988, 1993 @@ -13,7 +13,7 @@ #include <sendmail.h> -SM_RCSID("@(#)$Id: util.c,v 8.414 2007/11/02 17:30:38 ca Exp $") +SM_RCSID("@(#)$Id: util.c,v 8.416 2009/12/18 17:05:26 ca Exp $") #include <sm/sendmail.h> #include <sysexits.h> @@ -868,7 +868,7 @@ xputs(fp, s) c &= 0177; } printchar: - if (isprint(c)) + if (isascii(c) && isprint(c)) { (void) sm_io_putc(fp, SM_TIME_DEFAULT, c); continue; @@ -895,7 +895,7 @@ xputs(fp, s) TermEscape.te_rv_on); shiftout = true; } - if (isprint(c)) + if (isascii(c) && isprint(c)) { (void) sm_io_putc(fp, SM_TIME_DEFAULT, '\\'); (void) sm_io_putc(fp, SM_TIME_DEFAULT, c); diff --git a/contrib/sendmail/src/version.c b/contrib/sendmail/src/version.c index 3e5ee8e..cb94d0f 100644 --- a/contrib/sendmail/src/version.c +++ b/contrib/sendmail/src/version.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1998-2008 Sendmail, Inc. and its suppliers. + * Copyright (c) 1998-2009 Sendmail, Inc. and its suppliers. * All rights reserved. * Copyright (c) 1983 Eric P. Allman. All rights reserved. * Copyright (c) 1988, 1993 @@ -13,6 +13,6 @@ #include <sm/gen.h> -SM_RCSID("@(#)$Id: version.c,v 8.208 2008/04/17 17:04:30 ca Exp $") +SM_RCSID("@(#)$Id: version.c,v 8.218 2009/12/23 04:43:09 ca Exp $") -char Version[] = "8.14.3"; +char Version[] = "8.14.4"; |
