diff options
| author | gshapiro <gshapiro@FreeBSD.org> | 2002-06-11 21:12:04 +0000 |
|---|---|---|
| committer | gshapiro <gshapiro@FreeBSD.org> | 2002-06-11 21:12:04 +0000 |
| commit | 4c57fa19878774f7bba7a3cfb57e04fd2cb1d0b7 (patch) | |
| tree | 72631e1a164e4f6eba8ddee32202a27360045af1 /contrib/sendmail/src | |
| parent | a46c40d9e18f668d90017ba3b702ab8aa8acea6e (diff) | |
| parent | faacdfb2c2946459651449cedf08a1bc29aee731 (diff) | |
| download | FreeBSD-src-4c57fa19878774f7bba7a3cfb57e04fd2cb1d0b7.zip FreeBSD-src-4c57fa19878774f7bba7a3cfb57e04fd2cb1d0b7.tar.gz | |
This commit was generated by cvs2svn to compensate for changes in r98121,
which included commits to RCS files with non-trunk default branches.
Diffstat (limited to 'contrib/sendmail/src')
49 files changed, 834 insertions, 181 deletions
diff --git a/contrib/sendmail/src/Makefile b/contrib/sendmail/src/Makefile index 85a8344..c86bbf5 100644 --- a/contrib/sendmail/src/Makefile +++ b/contrib/sendmail/src/Makefile @@ -1,4 +1,4 @@ -# $Id: Makefile,v 1.1.1.1 2000/08/12 21:54:34 gshapiro Exp $ +# $Id: Makefile,v 8.11 1999/09/23 22:36:42 ca Exp $ SHELL= /bin/sh BUILD= ./Build diff --git a/contrib/sendmail/src/Makefile.m4 b/contrib/sendmail/src/Makefile.m4 index 8004de4..bb5dc1a 100644 --- a/contrib/sendmail/src/Makefile.m4 +++ b/contrib/sendmail/src/Makefile.m4 @@ -4,7 +4,7 @@ define(`confREQUIRE_LIBSM', `true') bldPRODUCT_START(`executable', `sendmail') define(`bldBIN_TYPE', `G') define(`bldINSTALL_DIR', `') -define(`bldSOURCES', `main.c alias.c arpadate.c bf.c collect.c conf.c control.c convtime.c daemon.c deliver.c domain.c envelope.c err.c headers.c macro.c map.c mci.c milter.c mime.c parseaddr.c queue.c readcf.c recipient.c savemail.c sasl.c sfsasl.c shmticklib.c sm_resolve.c srvrsmtp.c stab.c stats.c sysexits.c timers.c tls.c trace.c udb.c usersmtp.c util.c version.c ') +define(`bldSOURCES', `main.c alias.c arpadate.c bf.c collect.c conf.c control.c convtime.c daemon.c deliver.c domain.c envelope.c err.c headers.c macro.c map.c mci.c milter.c mime.c parseaddr.c queue.c readcf.c recipient.c sasl.c savemail.c sfsasl.c shmticklib.c sm_resolve.c srvrsmtp.c stab.c stats.c sysexits.c timers.c tls.c trace.c udb.c usersmtp.c util.c version.c ') PREPENDDEF(`confENVDEF', `confMAPDEF') bldPUSH_SMLIB(`sm') bldPUSH_SMLIB(`smutil') @@ -35,6 +35,7 @@ bldPUSH_TARGET(`statistics') divert(bldTARGETS_SECTION) statistics: ${CP} /dev/null statistics + chmod ifdef(`confSTMODE', `confSTMODE', `0600') statistics ${DESTDIR}/etc/mail/submit.cf: @echo "Please read INSTALL if anything fails while installing the binary." @@ -81,7 +82,7 @@ install-hf: install-st: statistics if [ ! -d ${DESTDIR}${STDIR} ]; then mkdir -p ${DESTDIR}${STDIR}; else :; fi - ${INSTALL} -c -o ${SBINOWN} -g ${UBINGRP} -m 644 statistics ${DESTDIR}${STFILE} + ${INSTALL} -c -o ${SBINOWN} -g ${UBINGRP} -m ifdef(`confSTMODE', `confSTMODE', `0600') statistics ${DESTDIR}${STFILE} divert(0) bldPRODUCT_END diff --git a/contrib/sendmail/src/README b/contrib/sendmail/src/README index fb5a021..d24e47b 100644 --- a/contrib/sendmail/src/README +++ b/contrib/sendmail/src/README @@ -9,7 +9,7 @@ # the sendmail distribution. # # -# $Id: README,v 1.1.1.12 2002/04/10 03:04:47 gshapiro Exp $ +# $Id: README,v 8.355 2002/05/22 19:46:26 gshapiro Exp $ # This directory contains the source files for sendmail(TM). @@ -601,6 +601,8 @@ REQUIRES_DIR_FSYNC Turn on support for file systems that require to ReiserFS; it is enabled by default for Linux. An alternative to this compile time flag is to mount the queue directory without the -async option, or using chattr +S on Linux. +DBMMODE The default file permissions to use when creating new + database files for maps and aliases. Defaults to 0640. Generic notice: If you enable a compile time option that needs libraries or include files that don't come with sendmail or are @@ -1738,4 +1740,4 @@ util.c Some general purpose routines used by sendmail. version.c The version number and information about this version of sendmail. -(Version $Revision: 1.1.1.12 $, last update $Date: 2002/04/10 03:04:47 $ ) +(Version $Revision: 8.355 $, last update $Date: 2002/05/22 19:46:26 $ ) diff --git a/contrib/sendmail/src/SECURITY b/contrib/sendmail/src/SECURITY index 207eac7..e42c024 100644 --- a/contrib/sendmail/src/SECURITY +++ b/contrib/sendmail/src/SECURITY @@ -5,7 +5,7 @@ # forth in the LICENSE file which can be found at the top level of # the sendmail distribution. # -# $Id: SECURITY,v 1.1.1.2 2002/04/10 03:04:47 gshapiro Exp $ +# $Id: SECURITY,v 1.50 2002/03/29 19:45:48 ca Exp $ # This file gives some hints how to configure and run sendmail for diff --git a/contrib/sendmail/src/TRACEFLAGS b/contrib/sendmail/src/TRACEFLAGS index 4ef5504..c64afd1 100644 --- a/contrib/sendmail/src/TRACEFLAGS +++ b/contrib/sendmail/src/TRACEFLAGS @@ -1,5 +1,4 @@ -# $Id: TRACEFLAGS,v 1.1.1.5 2002/02/17 21:56:38 gshapiro Exp $ -0, 1 main.c main skip background fork +# $Id: TRACEFLAGS,v 8.37 2002/05/24 23:37:32 ca Exp $ 0, 4 main.c main canonical name, UUCP node name, a.k.a.s 0, 15 main.c main print configuration 0, 44 util.c printav print address of each string @@ -53,7 +52,7 @@ 41 queue.c orderq 42 mci.c mci_get 43 mime.c mime8to7 -44 recipient.c writeable +44 recipient.c writable 44 safefile.c safefile, safedirpath, filechanged 45 envelope.c setsender 46 envelope.c openxscript @@ -77,7 +76,6 @@ 64 multiple Milter 65 main.c permission checks 66 srvrsmtp.c conformance checks -67 conf.c signals 69 queue.c scheduling #if _FFR_QUARANTINE 70 queue.c quarantining @@ -88,5 +86,7 @@ 94,>99 srvrsmtp.c cause commands to fail (for protocol testing) 95 srvrsmtp.c AUTH 95 usersmtp.c AUTH +96 tls.c Activate SSL_CTX_set_info_callback() +97 srvrsmtp.c Trace automode settings for I/O 98 * timers 99 main.c avoid backgrounding (no printed output) diff --git a/contrib/sendmail/src/TUNING b/contrib/sendmail/src/TUNING index afeaa05..52da793 100644 --- a/contrib/sendmail/src/TUNING +++ b/contrib/sendmail/src/TUNING @@ -5,7 +5,7 @@ # forth in the LICENSE file which can be found at the top level of # the sendmail distribution. # -# $Id: TUNING,v 1.1.1.2 2002/04/10 03:04:47 gshapiro Exp $ +# $Id: TUNING,v 1.18 2002/03/03 03:38:21 ca Exp $ # ******************************************** diff --git a/contrib/sendmail/src/alias.c b/contrib/sendmail/src/alias.c index 4d43908..f5bd746 100644 --- a/contrib/sendmail/src/alias.c +++ b/contrib/sendmail/src/alias.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1998-2001 Sendmail, Inc. and its suppliers. + * Copyright (c) 1998-2002 Sendmail, Inc. and its suppliers. * All rights reserved. * Copyright (c) 1983, 1995-1997 Eric P. Allman. All rights reserved. * Copyright (c) 1988, 1993 @@ -13,7 +13,7 @@ #include <sendmail.h> -SM_RCSID("@(#)$Id: alias.c,v 1.1.1.7 2002/02/17 21:56:38 gshapiro Exp $") +SM_RCSID("@(#)$Id: alias.c,v 8.214 2002/05/24 20:50:16 gshapiro Exp $") #define SEPARATOR ':' # define ALIAS_SPEC_SEPARATORS " ,/:" @@ -393,7 +393,7 @@ aliaswait(map, ext, isopen) bool attimeout = false; time_t mtime; struct stat stb; - char buf[MAXNAME + 1]; + char buf[MAXPATHLEN]; if (tTd(27, 3)) sm_dprintf("aliaswait(%s:%s)\n", @@ -458,8 +458,17 @@ aliaswait(map, ext, isopen) return isopen; } mtime = stb.st_mtime; - (void) sm_strlcpyn(buf, sizeof buf, 2, - map->map_file, ext == NULL ? "" : ext); + if (sm_strlcpyn(buf, sizeof buf, 2, + map->map_file, ext == NULL ? "" : ext) >= sizeof buf) + { + if (LogLevel > 3) + sm_syslog(LOG_INFO, NOQID, + "alias database %s%s name too long", + map->map_file, ext == NULL ? "" : ext); + message("alias database %s%s name too long", + map->map_file, ext == NULL ? "" : ext); + } + if (stat(buf, &stb) < 0 || stb.st_mtime < mtime || attimeout) { if (LogLevel > 3) @@ -913,7 +922,7 @@ forward(user, sendq, aliaslevel, e) for (pp = ForwardPath; pp != NULL; pp = ep) { int err; - char buf[MAXPATHLEN + 1]; + char buf[MAXPATHLEN]; struct stat st; ep = strchr(pp, SEPARATOR); diff --git a/contrib/sendmail/src/aliases b/contrib/sendmail/src/aliases index 532111a..73899d4 100644 --- a/contrib/sendmail/src/aliases +++ b/contrib/sendmail/src/aliases @@ -1,5 +1,5 @@ # -# $Id: aliases,v 1.1.1.4 2002/02/17 21:56:38 gshapiro Exp $ +# $Id: aliases,v 8.4 2001/12/30 04:46:23 gshapiro Exp $ # @(#)aliases 8.2 (Berkeley) 3/5/94 # # Aliases in this file will NOT be expanded in the header from diff --git a/contrib/sendmail/src/arpadate.c b/contrib/sendmail/src/arpadate.c index 67f9c14..16082cd 100644 --- a/contrib/sendmail/src/arpadate.c +++ b/contrib/sendmail/src/arpadate.c @@ -13,7 +13,7 @@ #include <sendmail.h> -SM_RCSID("@(#)$Id: arpadate.c,v 1.1.1.6 2002/02/17 21:56:38 gshapiro Exp $") +SM_RCSID("@(#)$Id: arpadate.c,v 8.30 2001/09/11 04:05:12 gshapiro Exp $") /* ** ARPADATE -- Create date in ARPANET format diff --git a/contrib/sendmail/src/bf.c b/contrib/sendmail/src/bf.c index c70ed83..eb41798 100644 --- a/contrib/sendmail/src/bf.c +++ b/contrib/sendmail/src/bf.c @@ -18,7 +18,7 @@ */ #include <sm/gen.h> -SM_RCSID("@(#)$Id: bf.c,v 1.1.1.2 2002/04/10 03:04:47 gshapiro Exp $") +SM_RCSID("@(#)$Id: bf.c,v 8.54 2002/04/20 18:03:42 gshapiro Exp $") #include <sys/types.h> #include <sys/stat.h> @@ -202,12 +202,24 @@ sm_bfopen(fp, info, flags, rpool) ** any value of errno specified by sm_io_setinfo() */ +#ifdef __STDC__ +/* +** XXX This is a temporary hack since MODE_T on HP-UX 10.x is short. +** If we use K&R here, the compiler will complain about +** Inconsistent parameter list declaration +** due to the change from short to int. +*/ + +SM_FILE_T * +bfopen(char *filename, MODE_T fmode, size_t bsize, long flags) +#else /* __STDC__ */ SM_FILE_T * bfopen(filename, fmode, bsize, flags) char *filename; MODE_T fmode; size_t bsize; long flags; +#endif /* __STDC__ */ { MODE_T omask; SM_FILE_T SM_IO_SET_TYPE(vector, BF_FILE_TYPE, sm_bfopen, sm_bfclose, @@ -613,8 +625,8 @@ finished: ** 0 on success, -1 on error ** ** Side Effects: -** rewinds the SM_FILE_T * and puts it into read mode. Normally one -** would bfopen() a file, write to it, then bfrewind() and +** rewinds the SM_FILE_T * and puts it into read mode. Normally +** one would bfopen() a file, write to it, then bfrewind() and ** fread(). If fp is not a buffered file, this is equivalent to ** rewind(). ** @@ -786,8 +798,7 @@ sm_bftruncate(fp) return ftruncate(bfp->bf_disk_fd, 0); #endif /* NOFTRUNCATE */ } - else - return 0; + return 0; } /* diff --git a/contrib/sendmail/src/bf.h b/contrib/sendmail/src/bf.h index b37b027..5a02292 100644 --- a/contrib/sendmail/src/bf.h +++ b/contrib/sendmail/src/bf.h @@ -1,12 +1,12 @@ /* - * Copyright (c) 1999-2001 Sendmail, Inc. and its suppliers. + * Copyright (c) 1999-2002 Sendmail, Inc. and its suppliers. * All rights reserved. * * By using this file, you agree to the terms and conditions set * forth in the LICENSE file which can be found at the top level of * the sendmail distribution. * - * $Id: bf.h,v 1.1.1.3 2002/02/17 21:56:38 gshapiro Exp $ + * $Id: bf.h,v 8.16 2002/04/15 02:37:09 ca Exp $ * * Contributed by Exactis.com, Inc. * @@ -16,7 +16,6 @@ # define BF_H 1 extern SM_FILE_T *bfopen __P((char *, MODE_T, size_t, long)); -extern SM_FILE_T *bfdup __P((SM_FILE_T *)); extern int bfcommit __P((SM_FILE_T *)); extern int bfrewind __P((SM_FILE_T *)); extern int bftruncate __P((SM_FILE_T *)); diff --git a/contrib/sendmail/src/collect.c b/contrib/sendmail/src/collect.c index 013d104..a926d61 100644 --- a/contrib/sendmail/src/collect.c +++ b/contrib/sendmail/src/collect.c @@ -13,7 +13,7 @@ #include <sendmail.h> -SM_RCSID("@(#)$Id: collect.c,v 1.1.1.12 2002/04/10 03:04:47 gshapiro Exp $") +SM_RCSID("@(#)$Id: collect.c,v 8.242 2002/05/10 15:40:09 ca Exp $") static void collecttimeout __P((time_t)); static void dferror __P((SM_FILE_T *volatile, char *, ENVELOPE *)); @@ -980,7 +980,7 @@ dferror(df, msg, e) } else syserr("421 4.3.0 collect: Cannot write %s (%s, uid=%d, gid=%d)", - dfname, msg, geteuid(), getegid()); + dfname, msg, (int) geteuid(), (int) getegid()); if (sm_io_reopen(SmFtStdio, SM_TIME_DEFAULT, SM_PATH_DEVNULL, SM_IO_WRONLY, NULL, df) == NULL) sm_syslog(LOG_ERR, e->e_id, diff --git a/contrib/sendmail/src/control.c b/contrib/sendmail/src/control.c index ae975c7..88ff72f 100644 --- a/contrib/sendmail/src/control.c +++ b/contrib/sendmail/src/control.c @@ -10,7 +10,7 @@ #include <sendmail.h> -SM_RCSID("@(#)$Id: control.c,v 1.1.1.9 2002/04/10 03:04:48 gshapiro Exp $") +SM_RCSID("@(#)$Id: control.c,v 8.118 2002/03/19 00:23:27 gshapiro Exp $") /* values for cmd_code */ #define CMDERROR 0 /* bad command */ diff --git a/contrib/sendmail/src/convtime.c b/contrib/sendmail/src/convtime.c index 153605c..36edc1a 100644 --- a/contrib/sendmail/src/convtime.c +++ b/contrib/sendmail/src/convtime.c @@ -13,7 +13,7 @@ #include <sendmail.h> -SM_RCSID("@(#)$Id: convtime.c,v 1.1.1.4 2002/02/17 21:56:39 gshapiro Exp $") +SM_RCSID("@(#)$Id: convtime.c,v 8.39 2001/09/11 04:05:13 gshapiro Exp $") /* ** CONVTIME -- convert time diff --git a/contrib/sendmail/src/daemon.c b/contrib/sendmail/src/daemon.c index d806938..0b2cd94 100644 --- a/contrib/sendmail/src/daemon.c +++ b/contrib/sendmail/src/daemon.c @@ -13,7 +13,7 @@ #include <sendmail.h> -SM_RCSID("@(#)$Id: daemon.c,v 1.1.1.11 2002/04/10 03:04:48 gshapiro Exp $") +SM_RCSID("@(#)$Id: daemon.c,v 8.612 2002/05/02 19:40:52 ca Exp $") #if defined(SOCK_STREAM) || defined(__GNU_LIBRARY__) # define USE_SOCK_STREAM 1 @@ -2956,6 +2956,9 @@ restart_daemon() reason == NULL ? "implicit call" : reason); closecontrolsocket(true); +#if SM_CONF_SHM + cleanup_shm(DaemonPid == getpid()); +#endif /* SM_CONF_SHM */ /* ** Want to drop to the user who started the process in all cases @@ -2985,9 +2988,6 @@ restart_daemon() if ((j = fcntl(i, F_GETFD, 0)) != -1) (void) fcntl(i, F_SETFD, j | FD_CLOEXEC); } -#if SM_CONF_SHM - cleanup_shm(DaemonPid == getpid()); -#endif /* SM_CONF_SHM */ /* ** Need to allow signals before execve() to make them "harmless". diff --git a/contrib/sendmail/src/deliver.c b/contrib/sendmail/src/deliver.c index e190253..2b1fc4c 100644 --- a/contrib/sendmail/src/deliver.c +++ b/contrib/sendmail/src/deliver.c @@ -14,7 +14,7 @@ #include <sendmail.h> #include <sys/time.h> -SM_RCSID("@(#)$Id: deliver.c,v 1.1.1.11 2002/04/10 03:04:49 gshapiro Exp $") +SM_RCSID("@(#)$Id: deliver.c,v 8.939 2002/05/25 00:46:00 gshapiro Exp $") #if HASSETUSERCONTEXT # include <login_cap.h> @@ -1284,6 +1284,7 @@ deliver(e, firstto) char *mxhosts[MAXMXHOSTS + 1]; char *pv[MAXPV + 1]; char buf[MAXNAME + 1]; + char cbuf[MAXPATHLEN]; errno = 0; if (!QS_IS_OK(to->q_state)) @@ -2450,14 +2451,14 @@ tryhost: /* change root to some "safe" directory */ if (m->m_rootdir != NULL) { - expand(m->m_rootdir, buf, sizeof buf, e); + expand(m->m_rootdir, cbuf, sizeof cbuf, e); if (tTd(11, 20)) sm_dprintf("openmailer: chroot %s\n", - buf); - if (chroot(buf) < 0) + cbuf); + if (chroot(cbuf) < 0) { syserr("openmailer: Cannot chroot(%s)", - buf); + cbuf); exit(EX_TEMPFAIL); } if (chdir("/") < 0) @@ -2584,13 +2585,14 @@ tryhost: q = strchr(p, ':'); if (q != NULL) *q = '\0'; - expand(p, buf, sizeof buf, e); + expand(p, cbuf, sizeof cbuf, e); if (q != NULL) *q++ = ':'; if (tTd(11, 20)) sm_dprintf("openmailer: trydir %s\n", - buf); - if (buf[0] != '\0' && chdir(buf) >= 0) + cbuf); + if (cbuf[0] != '\0' && + chdir(cbuf) >= 0) break; } } @@ -3029,7 +3031,11 @@ reconnect: /* after switching to an encrypted connection */ /* Get security strength (features) */ result = sasl_getprop(mci->mci_conn, SASL_SSF, +# if SASL >= 20000 + (const void **) &ssf); +# else /* SASL >= 20000 */ (void **) &ssf); +# endif /* SASL >= 20000 */ /* XXX authid? */ if (LogLevel > 9) @@ -4974,8 +4980,8 @@ mailfile(filename, mailer, ctladdr, sfflags, e) char *p; char *volatile realfile; SM_EVENT *ev; - char buf[MAXLINE + 1]; - char targetfile[MAXPATHLEN + 1]; + char buf[MAXPATHLEN]; + char targetfile[MAXPATHLEN]; if (tTd(11, 1)) { diff --git a/contrib/sendmail/src/domain.c b/contrib/sendmail/src/domain.c index 9d87398..f48f987 100644 --- a/contrib/sendmail/src/domain.c +++ b/contrib/sendmail/src/domain.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1998-2001 Sendmail, Inc. and its suppliers. + * Copyright (c) 1998-2002 Sendmail, Inc. and its suppliers. * All rights reserved. * Copyright (c) 1986, 1995-1997 Eric P. Allman. All rights reserved. * Copyright (c) 1988, 1993 @@ -14,9 +14,9 @@ #include <sendmail.h> #if NAMED_BIND -SM_RCSID("@(#)$Id: domain.c,v 1.1.1.8 2002/04/10 03:04:49 gshapiro Exp $ (with name server)") +SM_RCSID("@(#)$Id: domain.c,v 8.181 2002/05/24 23:48:42 gshapiro Exp $ (with name server)") #else /* NAMED_BIND */ -SM_RCSID("@(#)$Id: domain.c,v 1.1.1.8 2002/04/10 03:04:49 gshapiro Exp $ (without name server)") +SM_RCSID("@(#)$Id: domain.c,v 8.181 2002/05/24 23:48:42 gshapiro Exp $ (without name server)") #endif /* NAMED_BIND */ #if NAMED_BIND @@ -810,7 +810,7 @@ dns_getcanonname(host, hbsize, trymx, statp, pttl) int loopcnt; char *xp; char nbuf[SM_MAX(MAXPACKET, MAXDNAME*2+2)]; - char *searchlist[MAXDNSRCH+2]; + char *searchlist[MAXDNSRCH + 2]; if (tTd(8, 2)) sm_dprintf("dns_getcanonname(%s, trymx=%d)\n", host, trymx); diff --git a/contrib/sendmail/src/envelope.c b/contrib/sendmail/src/envelope.c index 000cc2d..27ad7cb 100644 --- a/contrib/sendmail/src/envelope.c +++ b/contrib/sendmail/src/envelope.c @@ -13,7 +13,7 @@ #include <sendmail.h> -SM_RCSID("@(#)$Id: envelope.c,v 1.1.1.9 2002/04/10 03:04:49 gshapiro Exp $") +SM_RCSID("@(#)$Id: envelope.c,v 8.282 2002/05/10 15:41:11 ca Exp $") /* ** NEWENVELOPE -- fill in a new envelope @@ -518,7 +518,7 @@ simpledrop: { syserr("!dropenvelope(%s): cannot commit data file %s, uid=%d", e->e_id, queuename(e, DATAFL_LETTER), - geteuid()); + (int) geteuid()); } for (ee = e->e_sibling; ee != NULL; ee = ee->e_sibling) queueup(ee, false, true); diff --git a/contrib/sendmail/src/helpfile b/contrib/sendmail/src/helpfile index e6e2c64..931a06e 100644 --- a/contrib/sendmail/src/helpfile +++ b/contrib/sendmail/src/helpfile @@ -11,7 +11,7 @@ cpyr By using this file, you agree to the terms and conditions set cpyr forth in the LICENSE file which can be found at the top level of cpyr the sendmail distribution. cpyr -cpyr $$Id: helpfile,v 1.1.1.4 2002/04/10 03:04:49 gshapiro Exp $$ +cpyr $$Id: helpfile,v 8.40 2002/03/19 00:23:28 gshapiro Exp $$ cpyr smtp This is sendmail version $v smtp Topics: diff --git a/contrib/sendmail/src/macro.c b/contrib/sendmail/src/macro.c index 2cc6b88..fc7a2c2 100644 --- a/contrib/sendmail/src/macro.c +++ b/contrib/sendmail/src/macro.c @@ -13,7 +13,7 @@ #include <sendmail.h> -SM_RCSID("@(#)$Id: macro.c,v 1.1.1.7 2002/02/17 21:56:39 gshapiro Exp $") +SM_RCSID("@(#)$Id: macro.c,v 8.86 2001/09/11 04:05:14 gshapiro Exp $") #if MAXMACROID != (BITMAPBITS - 1) ERROR Read the comment in conf.h diff --git a/contrib/sendmail/src/main.c b/contrib/sendmail/src/main.c index 1451acb..78c1862 100644 --- a/contrib/sendmail/src/main.c +++ b/contrib/sendmail/src/main.c @@ -25,7 +25,7 @@ SM_UNUSED(static char copyright[]) = The Regents of the University of California. All rights reserved.\n"; #endif /* ! lint */ -SM_RCSID("@(#)$Id: main.c,v 1.1.1.11 2002/04/10 03:04:49 gshapiro Exp $") +SM_RCSID("@(#)$Id: main.c,v 8.882 2002/05/10 16:20:55 ca Exp $") #if NETINET || NETINET6 @@ -2697,6 +2697,13 @@ main(argc, argv, envp) /* NOTREACHED */ return -1; } + + /* set message size */ + (void) sm_snprintf(buf, sizeof buf, "%ld", + MainEnvelope.e_msgsize); + macdefine(&MainEnvelope.e_macro, A_TEMP, + macid("{msg_size}"), buf); + Errors = savederrors; MainEnvelope.e_flags |= savedflags; } @@ -2802,6 +2809,7 @@ finis(drop, cleanup, exitstat) bool cleanup; volatile int exitstat; { + /* Still want to process new timeouts added below */ sm_clear_events(); (void) sm_releasesignal(SIGALRM); diff --git a/contrib/sendmail/src/map.c b/contrib/sendmail/src/map.c index efae0d3..d8570d3 100644 --- a/contrib/sendmail/src/map.c +++ b/contrib/sendmail/src/map.c @@ -13,7 +13,7 @@ #include <sendmail.h> -SM_RCSID("@(#)$Id: map.c,v 1.1.1.12 2002/04/10 03:04:50 gshapiro Exp $") +SM_RCSID("@(#)$Id: map.c,v 8.645 2002/05/24 21:07:36 gshapiro Exp $") #if LDAPMAP # include <sm/ldap.h> @@ -121,8 +121,6 @@ static bool text_getcanonname __P((char *, int, int *)); ** to be more properly integrated into the map structure. */ -#define DBMMODE 0644 - #if O_EXLOCK && HASFLOCK && !BOGUS_O_EXCL # define LOCK_ON_OPEN 1 /* we can open/create a locked file */ #else /* O_EXLOCK && HASFLOCK && !BOGUS_O_EXCL */ @@ -1359,8 +1357,8 @@ ndbm_map_open(map, mode) long sff; int ret; int smode = S_IREAD; - char dirfile[MAXNAME + 1]; - char pagfile[MAXNAME + 1]; + char dirfile[MAXPATHLEN]; + char pagfile[MAXPATHLEN]; struct stat st; struct stat std, stp; @@ -1371,8 +1369,17 @@ ndbm_map_open(map, mode) mode &= O_ACCMODE; /* do initial file and directory checks */ - (void) sm_strlcpyn(dirfile, sizeof dirfile, 2, map->map_file, ".dir"); - (void) sm_strlcpyn(pagfile, sizeof pagfile, 2, map->map_file, ".pag"); + if (sm_strlcpyn(dirfile, sizeof dirfile, 2, + map->map_file, ".dir") >= sizeof dirfile || + sm_strlcpyn(pagfile, sizeof pagfile, 2, + map->map_file, ".pag") >= sizeof pagfile) + { + errno = 0; + if (!bitset(MF_OPTIONAL, map->map_mflags)) + syserr("dbm map \"%s\": map file %s name too long", + map->map_mname, map->map_file); + return false; + } sff = SFF_ROOTOK|SFF_REGONLY; if (mode == O_RDWR) { @@ -1944,13 +1951,29 @@ db_map_open(map, mode, mapclassname, dbtype, openinfo) long sff; int save_errno; struct stat st; - char buf[MAXNAME + 1]; + char buf[MAXPATHLEN]; /* do initial file and directory checks */ - (void) sm_strlcpy(buf, map->map_file, sizeof buf - 3); + if (sm_strlcpy(buf, map->map_file, sizeof buf) >= sizeof buf) + { + errno = 0; + if (!bitset(MF_OPTIONAL, map->map_mflags)) + syserr("map \"%s\": map file %s name too long", + map->map_mname, map->map_file); + return false; + } i = strlen(buf); if (i < 3 || strcmp(&buf[i - 3], ".db") != 0) - (void) sm_strlcat(buf, ".db", sizeof buf); + { + if (sm_strlcat(buf, ".db", sizeof buf) >= sizeof buf) + { + errno = 0; + if (!bitset(MF_OPTIONAL, map->map_mflags)) + syserr("map \"%s\": map file %s name too long", + map->map_mname, map->map_file); + return false; + } + } mode &= O_ACCMODE; omode = mode; @@ -2230,7 +2253,7 @@ db_map_lookup(map, name, av, statp) int fd; struct stat stbuf; char keybuf[MAXNAME + 1]; - char buf[MAXNAME + 1]; + char buf[MAXPATHLEN]; memset(&key, '\0', sizeof key); memset(&val, '\0', sizeof val); @@ -2239,10 +2262,15 @@ db_map_lookup(map, name, av, statp) sm_dprintf("db_map_lookup(%s, %s)\n", map->map_mname, name); - i = strlen(map->map_file); - if (i > MAXNAME) - i = MAXNAME; - (void) sm_strlcpy(buf, map->map_file, i + 1); + if (sm_strlcpy(buf, map->map_file, sizeof buf) >= sizeof buf) + { + errno = 0; + if (!bitset(MF_OPTIONAL, map->map_mflags)) + syserr("map \"%s\": map file %s name too long", + map->map_mname, map->map_file); + return NULL; + } + i = strlen(buf); if (i > 3 && strcmp(&buf[i - 3], ".db") == 0) buf[i - 3] = '\0'; @@ -4540,10 +4568,16 @@ ldapmap_parseargs(map, args) ldapmap_dequote(lmap->ldap_secret)); return false; } - lmap->ldap_secret = sfgets(m_tmp, LDAPMAP_MAX_PASSWD, + lmap->ldap_secret = sfgets(m_tmp, sizeof m_tmp, sfd, TimeOuts.to_fileopen, "ldapmap_parseargs"); (void) sm_io_close(sfd, SM_TIME_DEFAULT); + if (strlen(m_tmp) > LDAPMAP_MAX_PASSWD) + { + syserr("LDAP map: secret in %s too long", + ldapmap_dequote(lmap->ldap_secret)); + return false; + } if (lmap->ldap_secret != NULL && strlen(m_tmp) > 0) { @@ -4563,8 +4597,7 @@ ldapmap_parseargs(map, args) ** stashed */ - (void) sm_snprintf(m_tmp, - MAXPATHLEN + LDAPMAP_MAX_PASSWD, + (void) sm_snprintf(m_tmp, sizeof m_tmp, "KRBTKFILE=%s", ldapmap_dequote(lmap->ldap_secret)); lmap->ldap_secret = m_tmp; @@ -5833,7 +5866,8 @@ text_map_lookup(map, name, av, statp) } key_idx = map->map_keycolno; delim = map->map_coldelim; - while (sm_io_fgets(f, SM_TIME_DEFAULT, linebuf, MAXLINE) != NULL) + while (sm_io_fgets(f, SM_TIME_DEFAULT, + linebuf, sizeof linebuf) != NULL) { char *p; @@ -5906,7 +5940,8 @@ text_getcanonname(name, hbsize, statp) } found = false; while (!found && - sm_io_fgets(f, SM_TIME_DEFAULT, linebuf, MAXLINE) != NULL) + sm_io_fgets(f, SM_TIME_DEFAULT, + linebuf, sizeof linebuf) != NULL) { char *p = strpbrk(linebuf, "#\n"); @@ -7200,7 +7235,8 @@ nsd_map_lookup(map, name, av, statp) *statp = EX_UNAVAILABLE; return NULL; } - r = ns_lookup(ns_map, NULL, map->map_file, keybuf, NULL, buf, MAXLINE); + r = ns_lookup(ns_map, NULL, map->map_file, keybuf, NULL, + buf, sizeof buf); if (r == NS_UNAVAIL || r == NS_TRYAGAIN) { *statp = EX_TEMPFAIL; diff --git a/contrib/sendmail/src/milter.c b/contrib/sendmail/src/milter.c index b1be43e..f52a725 100644 --- a/contrib/sendmail/src/milter.c +++ b/contrib/sendmail/src/milter.c @@ -10,7 +10,7 @@ #include <sendmail.h> -SM_RCSID("@(#)$Id: milter.c,v 1.1.1.9 2002/04/10 03:04:50 gshapiro Exp $") +SM_RCSID("@(#)$Id: milter.c,v 8.196 2002/04/14 03:55:07 gshapiro Exp $") #if MILTER # include <libmilter/mfapi.h> diff --git a/contrib/sendmail/src/mime.c b/contrib/sendmail/src/mime.c index 403c239..2fd36d2 100644 --- a/contrib/sendmail/src/mime.c +++ b/contrib/sendmail/src/mime.c @@ -14,7 +14,7 @@ #include <sendmail.h> #include <string.h> -SM_RCSID("@(#)$Id: mime.c,v 1.1.1.7 2002/04/10 03:04:50 gshapiro Exp $") +SM_RCSID("@(#)$Id: mime.c,v 8.130 2002/05/21 03:39:34 ca Exp $") /* ** MIME support. @@ -377,7 +377,8 @@ mime8to7(mci, header, e, boundaries, flags) putheader(mci, hdr, e, flags); if (tTd(43, 101)) putline("+++after putheader", mci); - if (hvalue("MIME-Version", hdr) == NULL) + if (hvalue("MIME-Version", hdr) == NULL && + !bitset(M87F_NO8TO7, flags)) putline("MIME-Version: 1.0", mci); bt = mime8to7(mci, hdr, e, boundaries, flags); mci->mci_flags &= ~MCIF_INMIME; diff --git a/contrib/sendmail/src/newaliases.1 b/contrib/sendmail/src/newaliases.1 index 91edc57..20fd0e7 100644 --- a/contrib/sendmail/src/newaliases.1 +++ b/contrib/sendmail/src/newaliases.1 @@ -9,9 +9,9 @@ .\" the sendmail distribution. .\" .\" -.\" $Id: newaliases.1,v 1.1.1.5 2002/02/17 21:56:40 gshapiro Exp $ +.\" $Id: newaliases.1,v 8.19 2001/10/10 03:23:17 ca Exp $ .\" -.TH NEWALIASES 1 "$Date: 2002/02/17 21:56:40 $" +.TH NEWALIASES 1 "$Date: 2001/10/10 03:23:17 $" .SH NAME newaliases \- rebuild the data base for the mail aliases file diff --git a/contrib/sendmail/src/parseaddr.c b/contrib/sendmail/src/parseaddr.c index bf59196..aa0e31d 100644 --- a/contrib/sendmail/src/parseaddr.c +++ b/contrib/sendmail/src/parseaddr.c @@ -13,7 +13,7 @@ #include <sendmail.h> -SM_RCSID("@(#)$Id: parseaddr.c,v 1.1.1.10 2002/04/10 03:04:50 gshapiro Exp $") +SM_RCSID("@(#)$Id: parseaddr.c,v 8.359 2002/03/29 16:20:47 ca Exp $") static void allocaddr __P((ADDRESS *, int, char *, ENVELOPE *)); static int callsubr __P((char**, int, ENVELOPE *)); diff --git a/contrib/sendmail/src/queue.c b/contrib/sendmail/src/queue.c index c72248a..5920b1e 100644 --- a/contrib/sendmail/src/queue.c +++ b/contrib/sendmail/src/queue.c @@ -13,7 +13,7 @@ #include <sendmail.h> -SM_RCSID("@(#)$Id: queue.c,v 1.1.1.11 2002/04/10 03:04:51 gshapiro Exp $") +SM_RCSID("@(#)$Id: queue.c,v 8.862 2002/05/09 23:51:53 ca Exp $") #include <dirent.h> @@ -369,7 +369,7 @@ queueup(e, announce, msync) if (LogLevel > 0 && (i % 32) == 0) sm_syslog(LOG_ALERT, e->e_id, "queueup: cannot create %s, uid=%d: %s", - tf, geteuid(), + tf, (int) geteuid(), sm_errstring(errno)); } } @@ -405,7 +405,7 @@ queueup(e, announce, msync) printopenfds(true); errno = save_errno; syserr("!queueup: cannot create queue temp file %s, uid=%d", - tf, geteuid()); + tf, (int) geteuid()); } } @@ -449,7 +449,7 @@ queueup(e, announce, msync) errno != EINVAL) { syserr("!queueup: cannot commit data file %s, uid=%d", - queuename(e, DATAFL_LETTER), geteuid()); + queuename(e, DATAFL_LETTER), (int) geteuid()); } if (e->e_dfp != NULL && SuperSafe == SAFE_INTERACTIVE && msync) @@ -490,7 +490,7 @@ queueup(e, announce, msync) (void *) &dfd, SM_IO_WRONLY, NULL)) == NULL) syserr("!queueup: cannot create data temp file %s, uid=%d", - df, geteuid()); + df, (int) geteuid()); if (fstat(dfd, &stbuf) < 0) e->e_dfino = -1; else @@ -524,7 +524,7 @@ queueup(e, announce, msync) if (sm_io_close(dfp, SM_TIME_DEFAULT) < 0) syserr("!queueup: cannot save data temp file %s, uid=%d", - df, geteuid()); + df, (int) geteuid()); e->e_putbody = putbody; } @@ -831,7 +831,7 @@ queueup(e, announce, msync) sizeof qf); if (rename(tf, qf) < 0) syserr("cannot rename(%s, %s), uid=%d", - tf, qf, geteuid()); + tf, qf, (int) geteuid()); # if _FFR_QUARANTINE else { @@ -4391,6 +4391,10 @@ readqf(e, openonly) e->e_msgsize = st.st_size + hdrsize; e->e_dfdev = st.st_dev; e->e_dfino = ST_INODE(st); + (void) sm_snprintf(buf, sizeof buf, "%ld", + e->e_msgsize); + macdefine(&e->e_macro, A_TEMP, macid("{msg_size}"), + buf); } } @@ -5402,7 +5406,7 @@ loseqfile(e, why) p = queuename(e, LOSEQF_LETTER); if (rename(buf, p) < 0) syserr("cannot rename(%s, %s), uid=%d", - buf, p, geteuid()); + buf, p, (int) geteuid()); else if (LogLevel > 0) sm_syslog(LOG_ALERT, e->e_id, "Losing %s: %s", buf, why); @@ -5742,9 +5746,18 @@ chkqdir(name, sff) /* Print a warning if unsafe (but still use it) */ /* XXX do this only if we want the warning? */ i = safedirpath(name, RunAsUid, RunAsGid, NULL, sff, 0, 0); - if (i != 0 && tTd(41, 2)) - sm_dprintf("chkqdir: \"%s\": Not safe: %s\n", - name, sm_errstring(i)); + if (i != 0) + { + if (tTd(41, 2)) + sm_dprintf("chkqdir: \"%s\": Not safe: %s\n", + name, sm_errstring(i)); +#if _FFR_CHK_QUEUE + if (LogLevel > 8) + sm_syslog(LOG_WARNING, NOQID, + "queue directory \"%s\": Not safe: %s", + name, sm_errstring(i)); +#endif /* _FFR_CHK_QUEUE */ + } return true; } /* @@ -5809,6 +5822,11 @@ multiqueue_cache(basedir, blen, qg, qn, phash) /* If running as root, allow safedirpath() checks to use privs */ if (RunAsUid == 0) sff |= SFF_ROOTOK; +#if _FFR_CHK_QUEUE + sff |= SFF_SAFEDIRPATH|SFF_NOWWFILES; + if (!UseMSP) + sff |= SFF_NOGWFILES; +#endif /* _FFR_CHK_QUEUE */ if (!SM_IS_DIR_START(qg->qg_qdir)) { @@ -6825,7 +6843,7 @@ cleanup_shm(owner) if (ShmId != SM_SHM_NO_ID) { if (sm_shmstop(Pshm, ShmId, owner) < 0 && LogLevel > 8) - sm_syslog(LOG_INFO, NOQID, "sh_shmstop failed=%s", + sm_syslog(LOG_INFO, NOQID, "sm_shmstop failed=%s", sm_errstring(errno)); Pshm = NULL; ShmId = SM_SHM_NO_ID; @@ -8246,7 +8264,7 @@ quarantine_queue_item(qgrp, qdir, e, reason) } break; - case 'R': + case 'S': /* ** If we are quarantining an unquarantined item, ** need to put in a new 'q' line before it's diff --git a/contrib/sendmail/src/readcf.c b/contrib/sendmail/src/readcf.c index 9a98715..c4d0637 100644 --- a/contrib/sendmail/src/readcf.c +++ b/contrib/sendmail/src/readcf.c @@ -13,7 +13,7 @@ #include <sendmail.h> -SM_RCSID("@(#)$Id: readcf.c,v 1.1.1.13 2002/04/10 03:04:51 gshapiro Exp $") +SM_RCSID("@(#)$Id: readcf.c,v 8.606 2002/05/09 21:09:01 ca Exp $") #if NETINET || NETINET6 # include <arpa/inet.h> @@ -3350,6 +3350,14 @@ setoption(opt, val, safe, sticky, e) case 'f': SASLOpts |= SASL_SEC_FORWARD_SECRECY; break; +# if _FFR_SASL_OPT_M +/* to be activated in 8.13 */ +# if SASL >= 20101 + case 'm': + SASLOpts |= SASL_SEC_MUTUAL_AUTH; + break; +# endif /* SASL >= 20101 */ +# endif /* _FFR_SASL_OPT_M */ case 'p': SASLOpts |= SASL_SEC_NOPLAINTEXT; break; diff --git a/contrib/sendmail/src/recipient.c b/contrib/sendmail/src/recipient.c index e90238e..22b8377 100644 --- a/contrib/sendmail/src/recipient.c +++ b/contrib/sendmail/src/recipient.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1998-2001 Sendmail, Inc. and its suppliers. + * Copyright (c) 1998-2002 Sendmail, Inc. and its suppliers. * All rights reserved. * Copyright (c) 1983, 1995-1997 Eric P. Allman. All rights reserved. * Copyright (c) 1988, 1993 @@ -13,7 +13,7 @@ #include <sendmail.h> -SM_RCSID("@(#)$Id: recipient.c,v 1.1.1.8 2002/02/17 21:56:41 gshapiro Exp $") +SM_RCSID("@(#)$Id: recipient.c,v 8.330 2002/05/29 18:20:03 gshapiro Exp $") static void includetimeout __P((void)); static ADDRESS *self_reference __P((ADDRESS *)); @@ -1419,7 +1419,7 @@ include(fname, forwarding, ctladdr, sendq, aliaslevel, e) if (forwarding) { - sfflags |= SFF_MUSTOWN|SFF_ROOTOK|SFF_NOWLINK; + sfflags |= SFF_MUSTOWN|SFF_ROOTOK; if (!bitnset(DBS_GROUPWRITABLEFORWARDFILE, DontBlameSendmail)) sfflags |= SFF_NOGWFILES; if (!bitnset(DBS_WORLDWRITABLEFORWARDFILE, DontBlameSendmail)) @@ -1502,7 +1502,7 @@ include(fname, forwarding, ctladdr, sendq, aliaslevel, e) { rval = EAGAIN; syserr("seteuid(%d) failure (real=%d, eff=%d)", - uid, getuid(), geteuid()); + uid, (int) getuid(), (int) geteuid()); goto resetuid; } # endif /* MAILER_SETUID_METHOD == USE_SETEUID */ @@ -1511,7 +1511,7 @@ include(fname, forwarding, ctladdr, sendq, aliaslevel, e) { rval = EAGAIN; syserr("setreuid(0, %d) failure (real=%d, eff=%d)", - uid, getuid(), geteuid()); + uid, (int) getuid(), (int) geteuid()); goto resetuid; } # endif /* MAILER_SETUID_METHOD == USE_SETREUID */ @@ -1831,7 +1831,7 @@ resetuid: #endif /* 0 */ syserr("Attempt to forward to more than %d addresses (in %s)!", - MaxForwardEntries,fname); + MaxForwardEntries, fname); maxreached = true; } } diff --git a/contrib/sendmail/src/sasl.c b/contrib/sendmail/src/sasl.c index ca109de..beeece2 100644 --- a/contrib/sendmail/src/sasl.c +++ b/contrib/sendmail/src/sasl.c @@ -9,13 +9,12 @@ */ #include <sm/gen.h> -SM_RCSID("@(#)$Id: sasl.c,v 1.1.1.2 2002/04/10 03:04:51 gshapiro Exp $") +SM_RCSID("@(#)$Id: sasl.c,v 8.18 2002/05/25 00:26:42 gshapiro Exp $") #if SASL # include <stdlib.h> # include <sendmail.h> # include <errno.h> -# include <sasl.h> /* ** In order to ensure that storage leaks are tracked, and to prevent @@ -31,12 +30,12 @@ static void *sm_sasl_realloc __P((void *, unsigned long)); void sm_sasl_free __P((void *)); /* +** SASLv1: ** We can't use an rpool for Cyrus-SASL memory management routines, ** since the encryption/decryption routines in Cyrus-SASL ** allocate/deallocate a buffer each time. Since rpool ** don't release memory until the very end, memory consumption is ** proportional to the size of an e-mail, which is unacceptable. -** */ /* @@ -206,4 +205,79 @@ intersect(s1, s2, rpool) } return res; } +# if SASL >= 20000 +/* +** IPTOSTRING -- create string for SASL_IP*PORT property +** (borrowed from lib/iptostring.c in Cyrus-IMAP) +** +** Parameters: +** addr -- (pointer to) socket address +** addrlen -- length of socket address +** out -- output string (result) +** outlen -- maximum length of output string +** +** Returns: +** true iff successful. +** +** Side Effects: +** creates output string if successful. +** sets errno if unsuccessful. +*/ + +# include <arpa/inet.h> + +# ifndef NI_WITHSCOPEID +# define NI_WITHSCOPEID 0 +# endif +# ifndef NI_MAXHOST +# define NI_MAXHOST 1025 +# endif +# ifndef NI_MAXSERV +# define NI_MAXSERV 32 +# endif + +bool +iptostring(addr, addrlen, out, outlen) + SOCKADDR *addr; + SOCKADDR_LEN_T addrlen; + char *out; + unsigned outlen; +{ + char hbuf[NI_MAXHOST], pbuf[NI_MAXSERV]; + + if (addr == NULL || out == NULL) + { + errno = EINVAL; + return false; + } + +# if NETINET6 + if (getnameinfo((struct sockaddr *) addr, addrlen, + hbuf, sizeof hbuf, pbuf, sizeof pbuf, + NI_NUMERICHOST | NI_WITHSCOPEID | NI_NUMERICSERV) != 0) + return false; +# else /* NETINET6 */ + if (addr->sa.sa_family != AF_INET) + { + errno = EINVAL; + return false; + } + if (inet_ntop(AF_INET, &(addr->sin.sin_addr), + hbuf, sizeof hbuf) == NULL) + { + errno = EINVAL; + return false; + } + sm_snprintf(pbuf, sizeof pbuf, "%d", ntohs(addr->sin.sin_port)); +# endif /* NETINET6 */ + + if (outlen < strlen(hbuf) + strlen(pbuf) + 2) + { + errno = ENOMEM; + return false; + } + sm_snprintf(out, outlen, "%s;%s", hbuf, pbuf); + return true; +} +# endif /* SASL >= 20000 */ #endif /* SASL */ diff --git a/contrib/sendmail/src/sendmail.h b/contrib/sendmail/src/sendmail.h index dbefe5a..2284bd6 100644 --- a/contrib/sendmail/src/sendmail.h +++ b/contrib/sendmail/src/sendmail.h @@ -48,7 +48,7 @@ #ifdef _DEFINE # ifndef lint -SM_UNUSED(static char SmailId[]) = "@(#)$Id: sendmail.h,v 1.1.1.13 2002/04/10 03:04:51 gshapiro Exp $"; +SM_UNUSED(static char SmailId[]) = "@(#)$Id: sendmail.h,v 8.918 2002/05/23 20:01:56 gshapiro Exp $"; # endif /* ! lint */ #endif /* _DEFINE */ @@ -124,18 +124,26 @@ SM_UNUSED(static char SmailId[]) = "@(#)$Id: sendmail.h,v 1.1.1.13 2002/04/10 03 #endif /* STARTTLS */ #if SASL /* include the sasl include files if we have them */ -# include <sasl.h> + + +# if SASL == 2 || SASL >= 20000 +# include <sasl/sasl.h> +# include <sasl/saslutil.h> +# else /* SASL == 2 || SASL >= 20000 */ +# include <sasl.h> +# include <saslutil.h> +# endif /* SASL == 2 || SASL >= 20000 */ # if defined(SASL_VERSION_MAJOR) && defined(SASL_VERSION_MINOR) && defined(SASL_VERSION_STEP) # define SASL_VERSION (SASL_VERSION_MAJOR * 10000) + (SASL_VERSION_MINOR * 100) + SASL_VERSION_STEP -# if SASL == 1 +# if SASL == 1 || SASL == 2 # undef SASL # define SASL SASL_VERSION -# else /* SASL == 1 */ +# else /* SASL == 1 || SASL == 2 */ # if SASL != SASL_VERSION ERROR README: -DSASL (SASL) does not agree with the version of the CYRUS_SASL library (SASL_VERSION) ERROR README: see README! # endif /* SASL != SASL_VERSION */ -# endif /* SASL == 1 */ +# endif /* SASL == 1 || SASL == 2 */ # else /* defined(SASL_VERSION_MAJOR) && defined(SASL_VERSION_MINOR) && defined(SASL_VERSION_STEP) */ # if SASL == 1 ERROR README: please set -DSASL to the version of the CYRUS_SASL library @@ -559,8 +567,11 @@ extern bool filesys_free __P((long)); /* SASL options */ # define SASL_AUTH_AUTH 0x1000 /* use auth= only if authenticated */ -# define SASL_SEC_MASK 0x0fff /* mask for SASL_SEC_* values: sasl.h */ -# if (SASL_SEC_NOPLAINTEXT & SASL_SEC_MASK) == 0 || \ +# if SASL >= 20101 +# define SASL_SEC_MASK SASL_SEC_MAXIMUM /* mask for SASL_SEC_* values: sasl.h */ +# else /* SASL >= 20101 */ +# define SASL_SEC_MASK 0x0fff /* mask for SASL_SEC_* values: sasl.h */ +# if (SASL_SEC_NOPLAINTEXT & SASL_SEC_MASK) == 0 || \ (SASL_SEC_NOACTIVE & SASL_SEC_MASK) == 0 || \ (SASL_SEC_NODICTIONARY & SASL_SEC_MASK) == 0 || \ (SASL_SEC_FORWARD_SECRECY & SASL_SEC_MASK) == 0 || \ @@ -568,19 +579,23 @@ extern bool filesys_free __P((long)); (SASL_SEC_PASS_CREDENTIALS & SASL_SEC_MASK) == 0 ERROR: change SASL_SEC_MASK_ notify sendmail.org! # endif /* SASL_SEC_NOPLAINTEXT & SASL_SEC_MASK) == 0 ... */ +# endif /* SASL >= 20101 */ # define MAXOUTLEN 1024 /* length of output buffer */ /* functions */ extern char *intersect __P((char *, char *, SM_RPOOL_T *)); extern char *iteminlist __P((char *, char *, char *)); +# if SASL >= 20000 +extern int proxy_policy __P((sasl_conn_t *, void *, const char *, unsigned, const char *, unsigned, const char *, unsigned, struct propctx *)); +extern int safesaslfile __P((void *, const char *, sasl_verify_type_t)); +# else /* SASL >= 20000 */ extern int proxy_policy __P((void *, const char *, const char *, const char **, const char **)); -# if SASL > 10515 +# if SASL > 10515 extern int safesaslfile __P((void *, char *, int)); -# else /* SASL > 10515 */ +# else /* SASL > 10515 */ extern int safesaslfile __P((void *, char *)); -# endif /* SASL > 10515 */ -extern int sasl_decode64 __P((const char *, unsigned, char *, unsigned *)); -extern int sasl_encode64 __P((const char *, unsigned, char *, unsigned, unsigned *)); +# endif /* SASL > 10515 */ +# endif /* SASL >= 20000 */ extern void stop_sasl_client __P((void)); /* structure to store authinfo */ @@ -1611,6 +1626,9 @@ extern int anynet_pton __P((int, const char *, void *)); # endif /* NETINET6 */ extern char *hostnamebyanyaddr __P((SOCKADDR *)); extern char *validate_connection __P((SOCKADDR *, char *, ENVELOPE *)); +# if SASL >= 20000 +extern bool iptostring __P((SOCKADDR *, SOCKADDR_LEN_T, char *, unsigned)); +# endif /* SASL >= 20000 */ #endif /* NETINET || NETINET6 || NETUNIX || NETISO || NETNS || NETX25 */ diff --git a/contrib/sendmail/src/sfsasl.c b/contrib/sendmail/src/sfsasl.c index 5745395..cad58d2 100644 --- a/contrib/sendmail/src/sfsasl.c +++ b/contrib/sendmail/src/sfsasl.c @@ -9,12 +9,11 @@ */ #include <sm/gen.h> -SM_RCSID("@(#)$Id: sfsasl.c,v 1.1.1.7 2002/04/10 03:04:51 gshapiro Exp $") +SM_RCSID("@(#)$Id: sfsasl.c,v 8.90 2002/05/09 20:44:11 ca Exp $") #include <stdlib.h> #include <sendmail.h> #include <errno.h> #if SASL -# include <sasl.h> # include "sfsasl.h" /* Structure used by the "sasl" file type */ @@ -177,7 +176,11 @@ sasl_read(fp, buf, size) { int result; ssize_t len; +# if SASL >= 20000 + const char *outbuf = NULL; +# else /* SASL >= 20000 */ static char *outbuf = NULL; +# endif /* SASL >= 20000 */ static unsigned int outlen = 0; static unsigned int offset = 0; struct sasl_obj *so = (struct sasl_obj *) fp->f_cookie; @@ -225,7 +228,9 @@ sasl_read(fp, buf, size) /* return the rest of the buffer */ len = outlen - offset; (void) memcpy(buf, outbuf + offset, (size_t) len); +# if SASL < 20000 SASL_DEALLOC(outbuf); +# endif /* SASL < 20000 */ outbuf = NULL; offset = 0; outlen = 0; @@ -255,7 +260,11 @@ sasl_write(fp, buf, size) size_t size; { int result; +# if SASL >= 20000 + const char *outbuf; +# else /* SASL >= 20000 */ char *outbuf; +# endif /* SASL >= 20000 */ unsigned int outlen; size_t ret = 0, total = 0; struct sasl_obj *so = (struct sasl_obj *) fp->f_cookie; @@ -276,7 +285,9 @@ sasl_write(fp, buf, size) outlen -= ret; total += ret; } +# if SASL < 20000 SASL_DEALLOC(outbuf); +# endif /* SASL < 20000 */ } return size; } diff --git a/contrib/sendmail/src/sfsasl.h b/contrib/sendmail/src/sfsasl.h index b7d3a3a4..c75418a 100644 --- a/contrib/sendmail/src/sfsasl.h +++ b/contrib/sendmail/src/sfsasl.h @@ -6,7 +6,7 @@ * forth in the LICENSE file which can be found at the top level of * the sendmail distribution. * - * $Id: sfsasl.h,v 1.1.1.2 2002/02/17 21:56:41 gshapiro Exp $" + * $Id: sfsasl.h,v 8.17 2000/09/19 21:30:49 ca Exp $" */ #ifndef SFSASL_H diff --git a/contrib/sendmail/src/shmticklib.c b/contrib/sendmail/src/shmticklib.c index 034a9c0..6f5e301 100644 --- a/contrib/sendmail/src/shmticklib.c +++ b/contrib/sendmail/src/shmticklib.c @@ -11,7 +11,7 @@ */ #include <sm/gen.h> -SM_RCSID("@(#)$Id: shmticklib.c,v 1.1.1.2 2002/02/17 21:56:41 gshapiro Exp $") +SM_RCSID("@(#)$Id: shmticklib.c,v 8.14 2001/09/11 04:05:16 gshapiro Exp $") #if _FFR_SHM_STATUS # include <sys/types.h> diff --git a/contrib/sendmail/src/sm_resolve.c b/contrib/sendmail/src/sm_resolve.c index da955a2..e3eb77f 100644 --- a/contrib/sendmail/src/sm_resolve.c +++ b/contrib/sendmail/src/sm_resolve.c @@ -46,7 +46,7 @@ # if NAMED_BIND # include "sm_resolve.h" -SM_RCSID("$Id: sm_resolve.c,v 1.1.1.1 2002/02/17 21:56:41 gshapiro Exp $") +SM_RCSID("$Id: sm_resolve.c,v 8.24 2001/09/11 04:05:16 gshapiro Exp $") static struct stot { diff --git a/contrib/sendmail/src/sm_resolve.h b/contrib/sendmail/src/sm_resolve.h index a147830..7f169ba 100644 --- a/contrib/sendmail/src/sm_resolve.h +++ b/contrib/sendmail/src/sm_resolve.h @@ -41,7 +41,7 @@ * SUCH DAMAGE. */ -/* $Id: sm_resolve.h,v 1.1.1.1 2002/02/17 21:56:41 gshapiro Exp $ */ +/* $Id: sm_resolve.h,v 8.8 2001/09/01 00:06:02 gshapiro Exp $ */ #if DNSMAP # ifndef __ROKEN_RESOLVE_H__ diff --git a/contrib/sendmail/src/srvrsmtp.c b/contrib/sendmail/src/srvrsmtp.c index 1210ee8..bbcd31f 100644 --- a/contrib/sendmail/src/srvrsmtp.c +++ b/contrib/sendmail/src/srvrsmtp.c @@ -16,7 +16,7 @@ # include <libmilter/mfdef.h> #endif /* MILTER */ -SM_RCSID("@(#)$Id: srvrsmtp.c,v 1.1.1.10 2002/04/10 03:04:52 gshapiro Exp $") +SM_RCSID("@(#)$Id: srvrsmtp.c,v 8.827 2002/05/28 14:29:57 ca Exp $") #if SASL || STARTTLS # include <sys/time.h> @@ -380,17 +380,24 @@ smtp(nullserver, d_flags, e) int result; volatile int authenticating; char *user; - char *in, *out, *out2; + char *in, *out2; +# if SASL >= 20000 + char *auth_id; + const char *out; + sasl_ssf_t ext_ssf; +# else /* SASL >= 20000 */ + char *out; const char *errstr; + sasl_external_properties_t ext_ssf; +# endif /* SASL >= 20000 */ + sasl_security_properties_t ssp; + sasl_ssf_t *ssf; unsigned int inlen, out2len; unsigned int outlen; char *volatile auth_type; char *mechlist; volatile unsigned int n_mechs; unsigned int len; - sasl_security_properties_t ssp; - sasl_external_properties_t ext_ssf; - sasl_ssf_t *ssf; #endif /* SASL */ #if STARTTLS int r; @@ -507,14 +514,17 @@ smtp(nullserver, d_flags, e) /* SASL server new connection */ if (sasl_ok) { -# if SASL > 10505 +# if SASL >= 20000 + result = sasl_server_new("smtp", hostname, NULL, NULL, NULL, + NULL, 0, &conn); +# elif SASL > 10505 /* use empty realm: only works in SASL > 1.5.5 */ result = sasl_server_new("smtp", hostname, "", NULL, 0, &conn); -# else /* SASL > 10505 */ +# else /* SASL >= 20000 */ /* use no realm -> realm is set to hostname by SASL lib */ result = sasl_server_new("smtp", hostname, NULL, NULL, 0, &conn); -# endif /* SASL > 10505 */ +# endif /* SASL >= 20000 */ sasl_ok = result == SASL_OK; if (!sasl_ok) { @@ -529,13 +539,59 @@ smtp(nullserver, d_flags, e) /* ** SASL set properties for sasl ** set local/remote IP - ** XXX only IPv4: Cyrus SASL doesn't support anything else + ** XXX Cyrus SASL v1 only supports IPv4 ** ** XXX where exactly are these used/required? ** Kerberos_v4 */ -# if NETINET +# if SASL >= 20000 +# if NETINET || NETINET6 + in = macvalue(macid("{daemon_family}"), e); + if (in != NULL && ( +# if NETINET6 + strcmp(in, "inet6") == 0 || +# endif /* NETINET6 */ + strcmp(in, "inet") == 0)) + { + SOCKADDR_LEN_T addrsize; + SOCKADDR saddr_l; + SOCKADDR saddr_r; + char localip[60], remoteip[60]; + + addrsize = sizeof(saddr_r); + if (getpeername(sm_io_getinfo(InChannel, SM_IO_WHAT_FD, + NULL), + (struct sockaddr *) &saddr_r, + &addrsize) == 0) + { + if (iptostring(&saddr_r, addrsize, + remoteip, sizeof remoteip)) + { + sasl_setprop(conn, SASL_IPREMOTEPORT, + remoteip); + } + addrsize = sizeof(saddr_l); + if (getsockname(sm_io_getinfo(InChannel, + SM_IO_WHAT_FD, + NULL), + (struct sockaddr *) &saddr_l, + &addrsize) == 0) + { + if (iptostring(&saddr_l, addrsize, + localip, + sizeof localip)) + { + sasl_setprop(conn, + SASL_IPLOCALPORT, + localip); + } + } + } + } +# endif /* NETINET || NETINET6 */ +# else /* SASL >= 20000 */ +# if NETINET in = macvalue(macid("{daemon_family}"), e); if (in != NULL && strcmp(in, "inet") == 0) { @@ -560,7 +616,8 @@ smtp(nullserver, d_flags, e) &saddr_l); } } -# endif /* NETINET */ +# endif /* NETINET */ +# endif /* SASL >= 20000 */ auth_type = NULL; mechlist = NULL; @@ -591,10 +648,19 @@ smtp(nullserver, d_flags, e) ** currently we have none so zero */ +# if SASL >= 20000 + ext_ssf = 0; + auth_id = NULL; + sasl_ok = ((sasl_setprop(conn, SASL_SSF_EXTERNAL, + &ext_ssf) == SASL_OK) && + (sasl_setprop(conn, SASL_AUTH_EXTERNAL, + auth_id) == SASL_OK)); +# else /* SASL >= 20000 */ ext_ssf.ssf = 0; ext_ssf.auth_id = NULL; sasl_ok = sasl_setprop(conn, SASL_SSF_EXTERNAL, &ext_ssf) == SASL_OK; +# endif /* SASL >= 20000 */ } if (sasl_ok) n_mechs = saslmechs(conn, &mechlist); @@ -866,8 +932,14 @@ smtp(nullserver, d_flags, e) } /* could this be shorter? XXX */ +# if SASL >= 20000 + in = xalloc(strlen(inp) + 1); + result = sasl_decode64(inp, strlen(inp), in, + strlen(inp), &inlen); +# else /* SASL >= 20000 */ out = xalloc(strlen(inp)); result = sasl_decode64(inp, strlen(inp), out, &outlen); +# endif /* SASL >= 20000 */ if (result != SASL_OK) { authenticating = SASL_NOT_AUTH; @@ -875,11 +947,20 @@ smtp(nullserver, d_flags, e) /* rfc 2254 4. */ message("501 5.5.4 cannot decode AUTH parameter %s", inp); +# if SASL >= 20000 + sm_free(in); +# endif /* SASL >= 20000 */ continue; } +# if SASL >= 20000 + result = sasl_server_step(conn, in, inlen, + &out, &outlen); + sm_free(in); +# else /* SASL >= 20000 */ result = sasl_server_step(conn, out, outlen, &out, &outlen, &errstr); +# endif /* SASL >= 20000 */ /* get an OK if we're done */ if (result == SASL_OK) @@ -890,6 +971,13 @@ smtp(nullserver, d_flags, e) macdefine(&BlankEnvelope.e_macro, A_TEMP, macid("{auth_type}"), auth_type); +# if SASL >= 20000 + user = macvalue(macid("{auth_authen}"), e); + + /* get security strength (features) */ + result = sasl_getprop(conn, SASL_SSF, + (const void **) &ssf); +# else /* SASL >= 20000 */ result = sasl_getprop(conn, SASL_USERNAME, (void **)&user); if (result != SASL_OK) @@ -914,6 +1002,7 @@ smtp(nullserver, d_flags, e) /* get security strength (features) */ result = sasl_getprop(conn, SASL_SSF, (void **) &ssf); +# endif /* SASL >= 20000 */ if (result != SASL_OK) { macdefine(&BlankEnvelope.e_macro, @@ -995,11 +1084,14 @@ smtp(nullserver, d_flags, e) sm_dprintf("AUTH continue: msg='%s' len=%u\n", out2, out2len); } +# if SASL >= 20000 + sm_free(out2); +# endif /* SASL >= 20000 */ } else { /* not SASL_OK or SASL_CONT */ - message("500 5.7.0 authentication failed"); + message("535 5.7.0 authentication failed"); if (LogLevel > 9) sm_syslog(LOG_WARNING, e->e_id, "AUTH failure (%s): %s (%d) %s", @@ -1007,7 +1099,11 @@ smtp(nullserver, d_flags, e) sasl_errstring(result, NULL, NULL), result, +# if SASL >= 20000 + sasl_errdetail(conn)); +# else /* SASL >= 20000 */ errstr == NULL ? "" : errstr); +# endif /* SASL >= 20000 */ authenticating = SASL_NOT_AUTH; } } @@ -1181,10 +1277,16 @@ smtp(nullserver, d_flags, e) } } + if (*p == '\0') + { + message("501 5.5.2 AUTH mechanism must be specified"); + break; + } + /* check whether mechanism is available */ if (iteminlist(p, mechlist, " ") == NULL) { - message("503 5.3.3 AUTH mechanism %.32s not available", + message("504 5.3.3 AUTH mechanism %.32s not available", p); break; } @@ -1192,9 +1294,15 @@ smtp(nullserver, d_flags, e) if (ismore) { /* could this be shorter? XXX */ +# if SASL >= 20000 + in = xalloc(strlen(q) + 1); + result = sasl_decode64(q, strlen(q), in, + strlen(q), &inlen); +# else /* SASL >= 20000 */ in = sm_rpool_malloc(e->e_rpool, strlen(q)); result = sasl_decode64(q, strlen(q), in, &inlen); +# endif /* SASL >= 20000 */ if (result != SASL_OK) { message("501 5.5.4 cannot BASE64 decode '%s'", @@ -1205,6 +1313,9 @@ smtp(nullserver, d_flags, e) result, q); /* start over? */ authenticating = SASL_NOT_AUTH; +# if SASL >= 20000 + sm_free(in); +# endif /* SASL >= 20000 */ in = NULL; inlen = 0; break; @@ -1217,12 +1328,19 @@ smtp(nullserver, d_flags, e) } /* see if that auth type exists */ +# if SASL >= 20000 + result = sasl_server_start(conn, p, in, inlen, + &out, &outlen); + if (in != NULL) + sm_free(in); +# else /* SASL >= 20000 */ result = sasl_server_start(conn, p, in, inlen, &out, &outlen, &errstr); +# endif /* SASL >= 20000 */ if (result != SASL_OK && result != SASL_CONTINUE) { - message("500 5.7.0 authentication failed"); + message("535 5.7.0 authentication failed"); if (LogLevel > 9) sm_syslog(LOG_ERR, e->e_id, "AUTH failure (%s): %s (%d) %s", @@ -1230,7 +1348,11 @@ smtp(nullserver, d_flags, e) sasl_errstring(result, NULL, NULL), result, +# if SASL >= 20000 + sasl_errdetail(conn)); +# else /* SASL >= 20000 */ errstr); +# endif /* SASL >= 20000 */ break; } auth_type = newstr(p); @@ -1264,6 +1386,9 @@ smtp(nullserver, d_flags, e) message("334 %s", out2); authenticating = SASL_PROC_AUTH; } +# if SASL >= 20000 + sm_free(out2); +# endif /* SASL >= 20000 */ break; #endif /* SASL */ @@ -1494,12 +1619,23 @@ smtp(nullserver, d_flags, e) char *s; s = macvalue(macid("{cipher_bits}"), e); +# if SASL >= 20000 + if (s != NULL && (ext_ssf = atoi(s)) > 0) + { + auth_id = macvalue(macid("{cert_subject}"), + e); + sasl_ok = ((sasl_setprop(conn, SASL_SSF_EXTERNAL, + &ext_ssf) == SASL_OK) && + (sasl_setprop(conn, SASL_AUTH_EXTERNAL, + auth_id) == SASL_OK)); +# else /* SASL >= 20000 */ if (s != NULL && (ext_ssf.ssf = atoi(s)) > 0) { ext_ssf.auth_id = macvalue(macid("{cert_subject}"), e); sasl_ok = sasl_setprop(conn, SASL_SSF_EXTERNAL, &ext_ssf) == SASL_OK; +# endif /* SASL >= 20000 */ mechlist = NULL; if (sasl_ok) n_mechs = saslmechs(conn, @@ -1591,6 +1727,7 @@ smtp(nullserver, d_flags, e) break; } + ok = true; for (q = p; *q != '\0'; q++) { if (!isascii(*q)) @@ -1600,13 +1737,16 @@ smtp(nullserver, d_flags, e) if (isspace(*q)) { *q = '\0'; + + /* only complain if strict check */ + ok = AllowBogusHELO; break; } if (strchr("[].-_#", *q) == NULL) break; } - if (*q == '\0') + if (*q == '\0' && ok) { q = "pleased to meet you"; sendinghost = sm_strdup_x(p); @@ -2254,7 +2394,7 @@ smtp(nullserver, d_flags, e) macdefine(&e->e_macro, A_PERM, macid("{rcpt_mailer}"), NULL); macdefine(&e->e_macro, A_PERM, - macid("{rcpt_relay}"), NULL); + macid("{rcpt_host}"), NULL); macdefine(&e->e_macro, A_PERM, macid("{rcpt_addr}"), NULL); macdefine(&e->e_macro, A_PERM, @@ -2588,7 +2728,8 @@ doquit: logsender(e, NULL); e->e_flags &= ~EF_LOGSENDER; - if (lognullconnection && LogLevel > 5) + if (lognullconnection && LogLevel > 5 && + nullserver == NULL) { char *d; @@ -2725,6 +2866,7 @@ smtp_data(smtp, e) ADDRESS *a; ENVELOPE *ee; char *id; + char *oldid; char buf[32]; SmtpPhase = "server DATA"; @@ -2945,8 +3087,13 @@ smtp_data(smtp, e) ee->e_to = NULL; } + /* put back id for SMTP logging in putoutmsg() */ + oldid = CurEnv->e_id; + CurEnv->e_id = id; + /* issue success message */ message("250 2.0.0 %s Message accepted for delivery", id); + CurEnv->e_id = oldid; /* if we just queued, poke it */ if (doublequeue) @@ -3726,9 +3873,15 @@ saslmechs(conn, mechlist) int len, num, result; /* "user" is currently unused */ +# if SASL >= 20000 + result = sasl_listmech(conn, NULL, + "", " ", "", (const char **) mechlist, + (unsigned int *)&len, (unsigned int *)&num); +# else /* SASL >= 20000 */ result = sasl_listmech(conn, "user", /* XXX */ "", " ", "", mechlist, (unsigned int *)&len, (unsigned int *)&num); +# endif /* SASL >= 20000 */ if (result != SASL_OK) { if (LogLevel > 9) @@ -3754,6 +3907,52 @@ saslmechs(conn, mechlist) } return num; } + +# if SASL >= 20000 +/* +** PROXY_POLICY -- define proxy policy for AUTH +** +** Parameters: +** conn -- unused. +** context -- unused. +** requested_user -- authorization identity. +** rlen -- authorization identity length. +** auth_identity -- authentication identity. +** alen -- authentication identity length. +** def_realm -- default user realm. +** urlen -- user realm length. +** propctx -- unused. +** +** Returns: +** ok? +** +** Side Effects: +** sets {auth_authen} macro. +*/ + +int +proxy_policy(conn, context, requested_user, rlen, auth_identity, alen, + def_realm, urlen, propctx) + sasl_conn_t *conn; + void *context; + const char *requested_user; + unsigned rlen; + const char *auth_identity; + unsigned alen; + const char *def_realm; + unsigned urlen; + struct propctx *propctx; +{ + if (auth_identity == NULL) + return SASL_FAIL; + + macdefine(&BlankEnvelope.e_macro, A_TEMP, + macid("{auth_authen}"), (char *) auth_identity); + + return SASL_OK; +} +# else /* SASL >= 20000 */ + /* ** PROXY_POLICY -- define proxy policy for AUTH ** @@ -3781,6 +3980,7 @@ proxy_policy(context, auth_identity, requested_user, user, errstr) *user = newstr(auth_identity); return SASL_OK; } +# endif /* SASL >= 20000 */ #endif /* SASL */ #if STARTTLS diff --git a/contrib/sendmail/src/stab.c b/contrib/sendmail/src/stab.c index 8bc35d3..b2ad12d 100644 --- a/contrib/sendmail/src/stab.c +++ b/contrib/sendmail/src/stab.c @@ -13,7 +13,7 @@ #include <sendmail.h> -SM_RCSID("@(#)$Id: stab.c,v 1.1.1.6 2002/02/17 21:56:42 gshapiro Exp $") +SM_RCSID("@(#)$Id: stab.c,v 8.86 2001/12/29 04:27:56 ca Exp $") /* ** STAB -- manage the symbol table diff --git a/contrib/sendmail/src/stats.c b/contrib/sendmail/src/stats.c index d282cfb..bf9d33a 100644 --- a/contrib/sendmail/src/stats.c +++ b/contrib/sendmail/src/stats.c @@ -13,7 +13,7 @@ #include <sendmail.h> -SM_RCSID("@(#)$Id: stats.c,v 1.1.1.7 2002/04/10 03:04:52 gshapiro Exp $") +SM_RCSID("@(#)$Id: stats.c,v 8.55 2002/05/21 22:28:52 gshapiro Exp $") #include <sendmail/mailstats.h> @@ -154,7 +154,7 @@ poststats(sfile) if (!bitnset(DBS_WRITESTATSTOHARDLINK, DontBlameSendmail)) sff |= SFF_NOHLINK; - fd = safeopen(sfile, O_RDWR, 0644, sff); + fd = safeopen(sfile, O_RDWR, 0600, sff); if (fd < 0) { if (LogLevel > 12) diff --git a/contrib/sendmail/src/statusd_shm.h b/contrib/sendmail/src/statusd_shm.h index abfd1de..7d88964 100644 --- a/contrib/sendmail/src/statusd_shm.h +++ b/contrib/sendmail/src/statusd_shm.h @@ -6,7 +6,7 @@ * forth in the LICENSE file which can be found at the top level of * the sendmail distribution. * - * $Id: statusd_shm.h,v 1.1.1.2 2002/02/17 21:56:42 gshapiro Exp $ + * $Id: statusd_shm.h,v 8.7 2000/09/17 17:30:06 gshapiro Exp $ * * Contributed by Exactis.com, Inc. * diff --git a/contrib/sendmail/src/sysexits.c b/contrib/sendmail/src/sysexits.c index d54a995..5cce2b7 100644 --- a/contrib/sendmail/src/sysexits.c +++ b/contrib/sendmail/src/sysexits.c @@ -13,7 +13,7 @@ #include <sendmail.h> -SM_RCSID("@(#)$Id: sysexits.c,v 1.1.1.4 2002/02/17 21:56:42 gshapiro Exp $") +SM_RCSID("@(#)$Id: sysexits.c,v 8.33 2001/09/11 04:05:17 gshapiro Exp $") /* ** DSNTOEXITSTAT -- convert DSN-style error code to EX_ style. diff --git a/contrib/sendmail/src/timers.c b/contrib/sendmail/src/timers.c index 67c9f70..43dd73a 100644 --- a/contrib/sendmail/src/timers.c +++ b/contrib/sendmail/src/timers.c @@ -11,7 +11,7 @@ */ #include <sm/gen.h> -SM_RCSID("@(#)$Id: timers.c,v 1.1.1.3 2002/02/17 21:56:42 gshapiro Exp $") +SM_RCSID("@(#)$Id: timers.c,v 8.24 2001/09/11 04:05:17 gshapiro Exp $") #if _FFR_TIMERS # include <sys/types.h> diff --git a/contrib/sendmail/src/timers.h b/contrib/sendmail/src/timers.h index b184e0d..d7faee1 100644 --- a/contrib/sendmail/src/timers.h +++ b/contrib/sendmail/src/timers.h @@ -6,7 +6,7 @@ * forth in the LICENSE file which can be found at the top level of * the sendmail distribution. * - * $Id: timers.h,v 1.1.1.2 2002/02/17 21:56:42 gshapiro Exp $ + * $Id: timers.h,v 8.6 2001/04/03 01:53:18 gshapiro Exp $ * * Contributed by Exactis.com, Inc. * diff --git a/contrib/sendmail/src/tls.c b/contrib/sendmail/src/tls.c index 0f8dc8e..e2b1b14 100644 --- a/contrib/sendmail/src/tls.c +++ b/contrib/sendmail/src/tls.c @@ -10,7 +10,7 @@ #include <sendmail.h> -SM_RCSID("@(#)$Id: tls.c,v 1.1.1.2 2002/04/10 03:04:52 gshapiro Exp $") +SM_RCSID("@(#)$Id: tls.c,v 8.79 2002/03/21 22:24:13 gshapiro Exp $") #if STARTTLS # include <openssl/err.h> diff --git a/contrib/sendmail/src/trace.c b/contrib/sendmail/src/trace.c index 5279ad6..701a949 100644 --- a/contrib/sendmail/src/trace.c +++ b/contrib/sendmail/src/trace.c @@ -15,7 +15,7 @@ #include <sm/debug.h> #include <sm/string.h> -SM_RCSID("@(#)$Id: trace.c,v 1.1.1.6 2002/02/17 21:56:42 gshapiro Exp $") +SM_RCSID("@(#)$Id: trace.c,v 8.37 2001/09/11 04:05:17 gshapiro Exp $") static char *tTnewflag __P((char *)); static char *tToldflag __P((char *)); diff --git a/contrib/sendmail/src/udb.c b/contrib/sendmail/src/udb.c index ab3e469..1091cf2 100644 --- a/contrib/sendmail/src/udb.c +++ b/contrib/sendmail/src/udb.c @@ -14,9 +14,9 @@ #include <sendmail.h> #if USERDB -SM_RCSID("@(#)$Id: udb.c,v 1.1.1.7 2002/02/17 21:56:42 gshapiro Exp $ (with USERDB)") +SM_RCSID("@(#)$Id: udb.c,v 8.153 2001/09/11 04:05:17 gshapiro Exp $ (with USERDB)") #else /* USERDB */ -SM_RCSID("@(#)$Id: udb.c,v 1.1.1.7 2002/02/17 21:56:42 gshapiro Exp $ (without USERDB)") +SM_RCSID("@(#)$Id: udb.c,v 8.153 2001/09/11 04:05:17 gshapiro Exp $ (without USERDB)") #endif /* USERDB */ #if USERDB diff --git a/contrib/sendmail/src/usersmtp.c b/contrib/sendmail/src/usersmtp.c index 3996627..2ec9ac4 100644 --- a/contrib/sendmail/src/usersmtp.c +++ b/contrib/sendmail/src/usersmtp.c @@ -13,7 +13,7 @@ #include <sendmail.h> -SM_RCSID("@(#)$Id: usersmtp.c,v 1.1.1.11 2002/04/10 03:04:52 gshapiro Exp $") +SM_RCSID("@(#)$Id: usersmtp.c,v 8.437 2002/05/24 18:53:48 gshapiro Exp $") #include <sysexits.h> @@ -95,7 +95,7 @@ smtpinit(m, mci, e, onlyhelo) CurHostName = MyHostName; SmtpNeedIntro = true; state = mci->mci_state; - switch (mci->mci_state) + switch (state) { case MCIS_MAIL: case MCIS_RCPT: @@ -603,7 +603,9 @@ getsasldata(line, firstline, m, mci, e) { int len; int result; +# if SASL < 20000 char *out; +# endif /* SASL < 20000 */ /* if not a continue we don't care about it */ len = strlen(line); @@ -619,9 +621,29 @@ getsasldata(line, firstline, m, mci, e) /* forget about "334 " */ line += 4; len -= 4; +# if SASL >= 20000 + /* XXX put this into a macro/function? It's duplicated below */ + if (mci->mci_sasl_string != NULL) + { + if (mci->mci_sasl_string_len <= len) + { + sm_free(mci->mci_sasl_string); /* XXX */ + mci->mci_sasl_string = xalloc(len + 1); + } + } + else + mci->mci_sasl_string = xalloc(len + 1); + result = sasl_decode64(line, len, mci->mci_sasl_string, len + 1, + (unsigned int *) &mci->mci_sasl_string_len); + if (result != SASL_OK) + { + mci->mci_sasl_string_len = 0; + *mci->mci_sasl_string = '\0'; + } +# else /* SASL >= 20000 */ out = (char *) sm_rpool_malloc_x(mci->mci_rpool, len + 1); - result = sasl_decode64(line, len, out, (unsigned int *)&len); + result = sasl_decode64(line, len, out, (unsigned int *) &len); if (result != SASL_OK) { len = 0; @@ -648,6 +670,7 @@ getsasldata(line, firstline, m, mci, e) memcpy(mci->mci_sasl_string, out, len); mci->mci_sasl_string[len] = '\0'; mci->mci_sasl_string_len = len; +# endif /* SASL >= 20000 */ return; } /* @@ -894,8 +917,14 @@ getauth(mci, e, sai) unsigned int len; /* '=base64' (decode) */ +# if SASL >= 20000 + r = sasl_decode64(pvp[i + 1] + 3, + (unsigned int) l, (*sai)[r], + (unsigned int) l + 1, &len); +# else /* SASL >= 20000 */ r = sasl_decode64(pvp[i + 1] + 3, (unsigned int) l, (*sai)[r], &len); +# endif /* SASL >= 20000 */ if (r != SASL_OK) goto fail; got |= 1 << r; @@ -903,7 +932,7 @@ getauth(mci, e, sai) else goto fail; if (tTd(95, 5)) - sm_syslog(LOG_WARNING, NOQID, "getauth %s=%s", + sm_syslog(LOG_DEBUG, NOQID, "getauth %s=%s", sasl_info_name[r], (*sai)[r]); ++i; } @@ -949,6 +978,111 @@ getauth(mci, e, sai) (*sai)[i] = NULL; /* just clear; rpool */ return ret; } + +# if SASL >= 20000 +/* +** GETSIMPLE -- callback to get userid or authid +** +** Parameters: +** context -- sai +** id -- what to do +** result -- (pointer to) result +** len -- (pointer to) length of result +** +** Returns: +** OK/failure values +*/ + +static int +getsimple(context, id, result, len) + void *context; + int id; + const char **result; + unsigned *len; +{ + SASL_AI_T *sai; + + if (result == NULL || context == NULL) + return SASL_BADPARAM; + sai = (SASL_AI_T *) context; + + switch (id) + { + case SASL_CB_USER: + *result = (*sai)[SASL_USER]; + if (tTd(95, 5)) + sm_syslog(LOG_DEBUG, NOQID, "AUTH username '%s'", + *result); + if (len != NULL) + *len = *result != NULL ? strlen(*result) : 0; + break; + + case SASL_CB_AUTHNAME: + *result = (*sai)[SASL_AUTHID]; + if (tTd(95, 5)) + sm_syslog(LOG_DEBUG, NOQID, "AUTH authid '%s'", + *result); + if (len != NULL) + *len = *result != NULL ? strlen(*result) : 0; + break; + + case SASL_CB_LANGUAGE: + *result = NULL; + if (len != NULL) + *len = 0; + break; + + default: + return SASL_BADPARAM; + } + return SASL_OK; +} +/* +** GETSECRET -- callback to get password +** +** Parameters: +** conn -- connection information +** context -- sai +** id -- what to do +** psecret -- (pointer to) result +** +** Returns: +** OK/failure values +*/ + +static int +getsecret(conn, context, id, psecret) + sasl_conn_t *conn; + SM_UNUSED(void *context); + int id; + sasl_secret_t **psecret; +{ + int len; + char *authpass; + MCI *mci; + + if (conn == NULL || psecret == NULL || id != SASL_CB_PASS) + return SASL_BADPARAM; + + mci = (MCI *) context; + authpass = mci->mci_sai[SASL_PASSWORD]; + len = strlen(authpass); + + /* + ** use an rpool because we are responsible for free()ing the secret, + ** but we can't free() it until after the auth completes + */ + + *psecret = (sasl_secret_t *) sm_rpool_malloc(mci->mci_rpool, + sizeof(sasl_secret_t) + + len + 1); + if (*psecret == NULL) + return SASL_FAIL; + (void) sm_strlcpy((*psecret)->data, authpass, len + 1); + (*psecret)->len = (unsigned long) len; + return SASL_OK; +} +# else /* SASL >= 20000 */ /* ** GETSIMPLE -- callback to get userid or authid ** @@ -1013,7 +1147,7 @@ getsimple(context, id, result, len) (void) sm_strlcpy(s, (*sai)[SASL_USER], l); *result = s; if (tTd(95, 5)) - sm_syslog(LOG_WARNING, NOQID, "AUTH username '%s'", + sm_syslog(LOG_DEBUG, NOQID, "AUTH username '%s'", *result); if (len != NULL) *len = *result != NULL ? strlen(*result) : 0; @@ -1084,7 +1218,7 @@ getsimple(context, id, result, len) (void) sm_strlcpy(s, authid, l); *result = s; if (tTd(95, 5)) - sm_syslog(LOG_WARNING, NOQID, "AUTH authid '%s'", + sm_syslog(LOG_DEBUG, NOQID, "AUTH authid '%s'", *result); if (len != NULL) *len = authid ? strlen(authid) : 0; @@ -1139,6 +1273,8 @@ getsecret(conn, context, id, psecret) (*psecret)->len = (unsigned long) len; return SASL_OK; } +# endif /* SASL >= 20000 */ + /* ** SAFESASLFILE -- callback for sasl: is file safe? ** @@ -1161,9 +1297,17 @@ safesaslfile(context, file, type) safesaslfile(context, file) #endif /* SASL > 10515 */ void *context; +# if SASL >= 20000 + const char *file; +# else /* SASL >= 20000 */ char *file; +# endif /* SASL >= 20000 */ #if SASL > 10515 +# if SASL >= 20000 + sasl_verify_type_t type; +# else /* SASL >= 20000 */ int type; +# endif /* SASL >= 20000 */ #endif /* SASL > 10515 */ { long sff; @@ -1205,7 +1349,7 @@ safesaslfile(context, file) } #endif /* SASL <= 10515 */ - p = file; + p = (char *) file; if ((r = safefile(p, RunAsUid, RunAsGid, RunAsUserName, sff, S_IRUSR, NULL)) == 0) return SASL_OK; @@ -1401,16 +1545,22 @@ attemptauth(m, mci, e, sai) SASL_AI_T *sai; { int saslresult, smtpresult; +# if SASL >= 20000 + sasl_ssf_t ssf; + const char *auth_id; + const char *out; +# else /* SASL >= 20000 */ sasl_external_properties_t ssf; - sasl_interact_t *client_interact = NULL; char *out; +# endif /* SASL >= 20000 */ unsigned int outlen; + sasl_interact_t *client_interact = NULL; char *mechusing; sasl_security_properties_t ssp; char in64[MAXOUTLEN]; -#if NETINET +#if NETINET || (NETINET6 && SASL >= 20000) extern SOCKADDR CurHostAddr; -#endif /* NETINET */ +#endif /* NETINET || (NETINET6 && SASL >= 20000) */ /* no mechanism selected (yet) */ (*sai)[SASL_MECH] = NULL; @@ -1420,9 +1570,16 @@ attemptauth(m, mci, e, sai) sasl_dispose(&(mci->mci_conn)); /* make a new client sasl connection */ +# if SASL >= 20000 + saslresult = sasl_client_new(bitnset(M_LMTP, m->m_flags) ? "lmtp" + : "smtp", + CurHostName, NULL, NULL, NULL, 0, + &mci->mci_conn); +# else /* SASL >= 20000 */ saslresult = sasl_client_new(bitnset(M_LMTP, m->m_flags) ? "lmtp" : "smtp", CurHostName, NULL, 0, &mci->mci_conn); +# endif /* SASL >= 20000 */ if (saslresult != SASL_OK) return EX_TEMPFAIL; @@ -1443,22 +1600,96 @@ attemptauth(m, mci, e, sai) if (saslresult != SASL_OK) return EX_TEMPFAIL; +# if SASL >= 20000 + /* external security strength factor, authentication id */ + ssf = 0; + auth_id = NULL; +# if STARTTLS + out = macvalue(macid("{cert_subject}"), e); + if (out != NULL && *out != '\0') + auth_id = out; + out = macvalue(macid("{cipher_bits}"), e); + if (out != NULL && *out != '\0') + ssf = atoi(out); +# endif /* STARTTLS */ + saslresult = sasl_setprop(mci->mci_conn, SASL_SSF_EXTERNAL, &ssf); + if (saslresult != SASL_OK) + return EX_TEMPFAIL; + saslresult = sasl_setprop(mci->mci_conn, SASL_AUTH_EXTERNAL, auth_id); + if (saslresult != SASL_OK) + return EX_TEMPFAIL; + +# if NETINET || NETINET6 + /* set local/remote ipv4 addresses */ + if (mci->mci_out != NULL && ( +# if NETINET6 + CurHostAddr.sa.sa_family == AF_INET6 || +# endif /* NETINET6 */ + CurHostAddr.sa.sa_family == AF_INET)) + { + SOCKADDR_LEN_T addrsize; + SOCKADDR saddr_l; + char localip[60], remoteip[60]; + + switch (CurHostAddr.sa.sa_family) + { + case AF_INET: + addrsize = sizeof(struct sockaddr_in); + break; +# if NETINET6 + case AF_INET6: + addrsize = sizeof(struct sockaddr_in6); + break; +# endif /* NETINET6 */ + default: + break; + } + if (iptostring(&CurHostAddr, addrsize, + remoteip, sizeof remoteip)) + { + if (sasl_setprop(mci->mci_conn, SASL_IPREMOTEPORT, + remoteip) != SASL_OK) + return EX_TEMPFAIL; + } + addrsize = sizeof(saddr_l); + if (getsockname(sm_io_getinfo(mci->mci_out, SM_IO_WHAT_FD, + NULL), + (struct sockaddr *) &saddr_l, &addrsize) == 0) + { + if (iptostring(&saddr_l, addrsize, + localip, sizeof localip)) + { + if (sasl_setprop(mci->mci_conn, + SASL_IPLOCALPORT, + localip) != SASL_OK) + return EX_TEMPFAIL; + } + } + } +# endif /* NETINET || NETINET6 */ + + /* start client side of sasl */ + saslresult = sasl_client_start(mci->mci_conn, mci->mci_saslcap, + &client_interact, + &out, &outlen, + (const char **) &mechusing); +# else /* SASL >= 20000 */ /* external security strength factor, authentication id */ ssf.ssf = 0; ssf.auth_id = NULL; -#if STARTTLS +# if STARTTLS out = macvalue(macid("{cert_subject}"), e); if (out != NULL && *out != '\0') ssf.auth_id = out; out = macvalue(macid("{cipher_bits}"), e); if (out != NULL && *out != '\0') ssf.ssf = atoi(out); -#endif /* STARTTLS */ +# endif /* STARTTLS */ saslresult = sasl_setprop(mci->mci_conn, SASL_SSF_EXTERNAL, &ssf); if (saslresult != SASL_OK) return EX_TEMPFAIL; -#if NETINET +# if NETINET /* set local/remote ipv4 addresses */ if (mci->mci_out != NULL && CurHostAddr.sa.sa_family == AF_INET) { @@ -1479,13 +1710,14 @@ attemptauth(m, mci, e, sai) return EX_TEMPFAIL; } } -#endif /* NETINET */ +# endif /* NETINET */ /* start client side of sasl */ saslresult = sasl_client_start(mci->mci_conn, mci->mci_saslcap, NULL, &client_interact, &out, &outlen, - (const char **)&mechusing); + (const char **) &mechusing); +# endif /* SASL >= 20000 */ if (saslresult != SASL_OK && saslresult != SASL_CONTINUE) { @@ -1501,7 +1733,22 @@ attemptauth(m, mci, e, sai) (*sai)[SASL_MECH] = mechusing; /* send the info across the wire */ - if (outlen > 0) + if (out == NULL) + { + /* no initial response */ + smtpmessage("AUTH %s", m, mci, mechusing); + } + else if (outlen == 0) + { + /* + ** zero-length initial response, per RFC 2554 4.: + ** "Unlike a zero-length client answer to a 334 reply, a zero- + ** length initial response is sent as a single equals sign" + */ + + smtpmessage("AUTH %s =", m, mci, mechusing); + } + else { saslresult = sasl_encode64(out, outlen, in64, MAXOUTLEN, NULL); if (saslresult != SASL_OK) /* internal error */ @@ -1513,11 +1760,9 @@ attemptauth(m, mci, e, sai) } smtpmessage("AUTH %s %s", m, mci, mechusing, in64); } - else - { - smtpmessage("AUTH %s", m, mci, mechusing); - } +# if SASL < 20000 sm_sasl_free(out); /* XXX only if no rpool is used */ +# endif /* SASL < 20000 */ /* get the reply */ smtpresult = reply(m, mci, e, TimeOuts.to_auth, getsasldata, NULL); @@ -1581,7 +1826,9 @@ attemptauth(m, mci, e, sai) } else in64[0] = '\0'; +# if SASL < 20000 sm_sasl_free(out); /* XXX only if no rpool is used */ +# endif /* SASL < 20000 */ smtpmessage("%s", m, mci, in64); smtpresult = reply(m, mci, e, TimeOuts.to_auth, getsasldata, NULL); @@ -1660,12 +1907,16 @@ smtpauth(m, mci, e) return EX_UNAVAILABLE; /* set the context for the callback function to sai */ - callbacks[CB_PASS_IDX].context = (void *)&mci->mci_sai; - callbacks[CB_USER_IDX].context = (void *)&mci->mci_sai; - callbacks[CB_AUTHNAME_IDX].context = (void *)&mci->mci_sai; - callbacks[CB_GETREALM_IDX].context = (void *)&mci->mci_sai; +# if SASL >= 20000 + callbacks[CB_PASS_IDX].context = (void *) mci; +# else /* SASL >= 20000 */ + callbacks[CB_PASS_IDX].context = (void *) &mci->mci_sai; +# endif /* SASL >= 20000 */ + callbacks[CB_USER_IDX].context = (void *) &mci->mci_sai; + callbacks[CB_AUTHNAME_IDX].context = (void *) &mci->mci_sai; + callbacks[CB_GETREALM_IDX].context = (void *) &mci->mci_sai; #if 0 - callbacks[CB_SAFESASL_IDX].context = (void *)&mci->mci_sai; + callbacks[CB_SAFESASL_IDX].context = (void *) &mci->mci_sai; #endif /* 0 */ /* set default value for realm */ diff --git a/contrib/sendmail/src/util.c b/contrib/sendmail/src/util.c index a05cf65..4974541 100644 --- a/contrib/sendmail/src/util.c +++ b/contrib/sendmail/src/util.c @@ -13,7 +13,7 @@ #include <sendmail.h> -SM_RCSID("@(#)$Id: util.c,v 1.1.1.10 2002/04/10 03:04:52 gshapiro Exp $") +SM_RCSID("@(#)$Id: util.c,v 8.363 2002/05/24 20:44:05 gshapiro Exp $") #include <sysexits.h> #include <sm/xtrap.h> @@ -516,7 +516,7 @@ log_sendmail_pid(e) { long sff; SM_FILE_T *pidf; - char pidpath[MAXPATHLEN + 1]; + char pidpath[MAXPATHLEN]; extern char *CommandLineArgs; /* write the pid to the log file for posterity */ @@ -524,7 +524,7 @@ log_sendmail_pid(e) if (TrustedUid != 0 && RealUid == TrustedUid) sff |= SFF_OPENASROOT; expand(PidFile, pidpath, sizeof pidpath, e); - pidf = safefopen(pidpath, O_WRONLY|O_TRUNC, 0644, sff); + pidf = safefopen(pidpath, O_WRONLY|O_TRUNC, FileMode, sff); if (pidf == NULL) { sm_syslog(LOG_ERR, NOQID, "unable to write %s: %s", @@ -1919,7 +1919,7 @@ prog_open(argv, pfd, e) int ret; int fdv[2]; char *p, *q; - char buf[MAXLINE + 1]; + char buf[MAXPATHLEN]; extern int DtableSize; if (pipe(fdv) < 0) diff --git a/contrib/sendmail/src/version.c b/contrib/sendmail/src/version.c index d707e51..3e86eb0 100644 --- a/contrib/sendmail/src/version.c +++ b/contrib/sendmail/src/version.c @@ -13,6 +13,6 @@ #include <sm/gen.h> -SM_RCSID("@(#)$Id: version.c,v 1.1.1.12 2002/04/10 03:04:52 gshapiro Exp $") +SM_RCSID("@(#)$Id: version.c,v 8.102 2002/05/31 18:53:59 ca Exp $") -char Version[] = "8.12.3"; +char Version[] = "8.12.4"; |
