diff options
author | peter <peter@FreeBSD.org> | 1997-01-27 07:37:00 +0000 |
---|---|---|
committer | peter <peter@FreeBSD.org> | 1997-01-27 07:37:00 +0000 |
commit | 134f8fd9fc36c24fc03822a8eb5c47c0f825117a (patch) | |
tree | d0aee1db15e106c7e9da86c36185fe2357abaeb4 /usr.sbin/sendmail | |
parent | fe7a1e47bd429b92884cb10fd00713b54d052423 (diff) | |
download | FreeBSD-src-134f8fd9fc36c24fc03822a8eb5c47c0f825117a.zip FreeBSD-src-134f8fd9fc36c24fc03822a8eb5c47c0f825117a.tar.gz |
Import sendmail 8.8.5. See RELEASE_NOTES for changes.
Obtained from: ftp.sendmail.org:/pub/sendmail
Diffstat (limited to 'usr.sbin/sendmail')
33 files changed, 821 insertions, 273 deletions
diff --git a/usr.sbin/sendmail/RELEASE_NOTES b/usr.sbin/sendmail/RELEASE_NOTES index 621cbcc..a935a73 100644 --- a/usr.sbin/sendmail/RELEASE_NOTES +++ b/usr.sbin/sendmail/RELEASE_NOTES @@ -1,11 +1,157 @@ SENDMAIL RELEASE NOTES - @(#)RELEASE_NOTES 8.8.4.4 (Berkeley) 12/2/96 + @(#)RELEASE_NOTES 8.8.5.3 (Berkeley) 1/21/97 This listing shows the version of the sendmail binary, the version of the sendmail configuration files, the date of release, and a summary of the changes in that release. +8.8.5/8.8.5 97/01/21 + SECURITY: Clear out group list during startup. Without this, sendmail + will continue to run with the group permissions of the caller, + even if RunAsUser is specified. + SECURITY: Make purgestat (-bH) be root-only. This is not in response + to any known attack, but it's best to be conservative. + Suggested by Peter Wemm of DIALix. + SECURITY: Fix buffer overrun problem in MIME code that has possible + security implications. Patch from Alex Garthwaite of the + University of Pennsylvania. + Use of a -f flag with a phrase attached (e.g., "-f 'Full Name <addr>'") + would truncate the address after "Full". Although the -f + syntax is incorrect (since it is in the envelope, it + shouldn't have comments and full names), the failure mode + was unnecessarily awful. + Fix a possible null pointer dereference when converting 8-bit data + to a 7-bit format. Problem noted by Jim Hutchins of + Sandia National Labs and David James of British Telecom. + Clear out stale state that affected F=9 on SMTP mailers in queue + runs. Although this really shouldn't be used (F=9 is for + final delivery only, and using it on an SMTP mailer makes + it possible for a message to be converted from 8->7->8->7 + bits several times), it shouldn't have failed with a syserr. + Problem noted by Eric Hagberg of Morgan Stanley. + _Really_ fix the multiple :maildrop code in the user database + module. Patch from Roy Mongiovi of Georgia Tech. + Let F lines in the configuration file actually read root-only + files if the configuration file is safe. Based on a + patch from Keith Reynolds of SCO. + ETRN followed by QUIT would hold the connection open until the queue + run completed. Problem noted by Truck Lewis of TDK + Semiconductor Corp. + It turns out that despite the documentation, the TCP wrappers library + does _not_ log rejected connections. Do the logging ourselves. + Problem noted by Fletcher Mattox of the University of Texas + at Austin. + If sendmail finds a qf file in its queue directory that is an unknown + version (e.g., when backing out to an old version), the + error is reported on every queue run. Change it to only + give the error once (and rename the qf => Qf). Patch from + William A. Gianopoulos of Raytheon Company. + Start a new session when doing background delivery; currently it + ignored signals but didn't start a new signal, that caused + some problems if a background process tried to send mail + under certain circumstances. Problem noted by Eric Hagberg + of Morgan Stanley; fix from Kari Hurtta. + Simplify test for skipping a queue run to just check if the current + load average is >= the queueing load average. Previously + the check factored in some other parameters that caused it + to essentially never skip the queue run. Patch from Bryan + Costales. + If the SMTP server is running in "nullserver" mode (that is, it is + rejecting all commands), start sleeping after MAXBADCOMMAND + (25) commands; this helps prevent a bad guy from putting + you into a tight loop as a denial-of-service attack. Based + on an e-mail conversation with Brad Knowles of AOL. + Slow down when too many "light weight" commands have been issued; + this helps prevent a class of denial-of-service attacks. + The current values and defaults are: + MAXNOOPCOMMANDS 20 NOOP, VERB, ONEX, XUSR + MAXHELOCOMMANDS 3 HELO, EHLO + MAXVRFYCOMMANDS 6 VRFY, EXPN + MAXETRNCOMMANDS 8 ETRN + These will probably be configurable in a future release. + On systems that have uid_t typedefed to be an unsigned short, programs + that had the F=S flag and no U= equate would be invoked with + the real uid set to 65535 rather than being left unchanged. + In some cases, NOTIFY=NEVER was not being honored. Problem noted + by Steve Hubert of the University of Washington, Seattle. + Mail that was Quoted-Printable encoded and had a soft line break on + the last line (i.e., an incomplete continuation) had the last + line dropped. Since this appears to be illegal it isn't + clear what to do with it, but flushing the last line seems + to be a better "fail soft" approach. Based on a patch from + Eric Hagberg. + If AllowBogusHELO and PrivacyOptions=needmailhelo are both set, a + bogus HELO command still causes the "Polite people say HELO + first" error message. Problem pointed out by Chris Thomas + of UCLA; patch from John Beck of SunSoft. + Handle "sendmail -bp -qSfoobar" properly if restrictqrun is set + in PrivacyFlags. The -q shouldn't turn this command off. + Problem noted by Murray Kucherawy of Pacific Bell Internet; + based on a patch from Gregory Neil Shapiro of WPI. + Don't consider SMTP reply codes 452 or 552 (exceeded storage allocation) + in a DATA transaction to be sticky; these can occur because + a message is too large, and smaller messages should still go + through. Problem noted by Matt Dillon of Best Internet + Communications. + In some cases bounces were saved in /var/tmp/dead.letter even if they + had been successfully delivered to the envelope sender. + Problem noted Eric Hagberg of Morgan Stanley; solution from + Gregory Neil Shapiro of WPI. + Give better diagnostics on long alias lines. Based on code contributed + by Patrick Gosling of the University of Cambridge. + Increase the number of virtual interfaces that will be probed for + alternate names. Problem noted by Gregory Neil Shapiro of + WPI. + PORTABILITY: + UXP/DS V20L10 for Fujitsu DS/90: Makefile patches from + Toshiaki Nomura of Fujitsu Limited. + SunOS with LDAP support: compile problems with struct timeval. + Patch from Nick Cuccia of TCSI Corporation. + SCO: from Keith Reynolds of SCO. + Solaris: kstat load average computation wasn't being used. + Fixes from Michael Ju. Tokarev of Telecom Service, JSC + (Moscow). + OpenBSD: from Jason Downs of teeny.org. + Altos System V: from Tim Rice. + Solaris 2.5: from Alan Perry of SunSoft. + Solaris 2.6: from John Beck of SunSoft. + Harris Nighthawk PowerUX (mh6000 box): from Bob Miorelli + of Pratt & Whitney <miorelli@pweh.com>. + CONFIG: It seems that I hadn't gotten the Received: line syntax + _just_right_ yet. Tweak it again. I'll omit the names + of the "contributors" (quantity two) in this one case. + As of now, NO MORE DISCUSSION about the syntax of the + Received: line. + CONFIG: Although FEATURE(nullclient) uses EXPOSED_USER (class $=E), + it never inserts that class into the output file. Fix it + so it will honor EXPOSED_USER but will _not_ include root + automatically in this class. Problem noted by Ronan KERYELL + of Centre de Recherche en Informatique de l'École Nationale + Supérieure des Mines de Paris (CRI-ENSMP). + CONFIG: Clean up handling of "local:" syntax in relay specifications + such as LUSER_RELAY. This change permits the following + syntaxes: ``local:'' will send to the same user on the + local machine (e.g., in a mailertable entry for "host", + ``local:'' will cause an address addressed to user@host to + go to user on the local machone). ``local:user'' will send + to the named user on the local machine. ``local:user@host'' + is equivalent to ``local:user'' (the host is ignored). In + all cases, the original user@host is passed in $@ (i.e., the + detail information). Inspired by a report from Michael Fuhr + of Dimensional Communications, L.L.C. + CONFIG: Strip quotes from the first word of an "error:" host + indication. This lets you set (for example) the LUSER_RELAY + to be ``error:\"5.1.1\" Your Message Here''. Note the use + of the \" so that the resulting string is properly quoted. + Problem noted by Gregory Neil Shapiro of WPI. + OP.ME: documentation was inconsistent about whether sendmail did a + NOOP or a RSET to probe the connection (it does a RSET). + Inconsistency noted by Deeran Peethamparam. + OP.ME: insert additional blank pages so it will print properly on + a duplex printer. From Matthew Black of Cal State University, + Long Beach. + 8.8.4/8.8.4 96/12/02 SECURITY: under some circumstances, an attacker could get additional permissions by hard linking to files that were group diff --git a/usr.sbin/sendmail/cf/README b/usr.sbin/sendmail/cf/README index d71ffd2..6ea2998 100644 --- a/usr.sbin/sendmail/cf/README +++ b/usr.sbin/sendmail/cf/README @@ -4,7 +4,7 @@ Eric Allman <eric@CS.Berkeley.EDU> - @(#)README 8.108 (Berkeley) 11/16/96 + @(#)README 8.111 (Berkeley) 1/16/97 This document describes the sendmail configuration files being used @@ -31,8 +31,10 @@ This package requires a post-V7 version of m4; if you are running the 4.2bsd, SysV.2, or 7th Edition version, I suggest finding a friend with a newer version. You can m4-expand on their system, then run locally. SunOS's /usr/5bin/m4 or BSD-Net/2's m4 both work. GNU m4 version 1.1 -also works. Unfortunately, I'm told that the M4 on BSDI 1.0 doesn't -work -- you'll have to use a Net/2 or GNU version. +or later also works. Unfortunately, I'm told that the M4 on BSDI 1.0 +doesn't work -- you'll have to use a Net/2 or GNU version. GNU m4 is +available from ftp://prep.ai.mit.edu/pub/gnu/m4-1.4.tar.gz (check for +the latest version). IF YOU DON'T HAVE A BERKELEY MAKE, don't despair! Just run "m4 ../m4/cf.m4 foo.mc > foo.cf" -- that should be all you need. @@ -305,9 +307,13 @@ POP_MAILER_ARGS [pop $u] The arguments passed to the POP mailer. PROCMAIL_MAILER_PATH [/usr/local/bin/procmail] The path to the procmail program. This is also used by FEATURE(local_procmail). PROCMAIL_MAILER_FLAGS [Shu] Flags added to Procmail mailer. Flags - ``DFMmn'' are always set. + ``DFMmn'' are always set. This is NOT used by + FEATURE(local_procmail); tweak LOCAL_MAILER_FLAGS + instead. PROCMAIL_MAILER_ARGS [procmail -m $h $f $u] The arguments passed to - the Procmail mailer. + the Procmail mailer. This is NOT used by + FEATURE(local_procmail); tweak LOCAL_MAILER_ARGS + instead. PROCMAIL_MAILER_MAX [undefined] If set, the maximum size message that will be accepted by the procmail mailer. MAIL11_MAILER_PATH [/usr/etc/mail11] The path to the mail11 mailer. @@ -694,7 +700,10 @@ local_procmail Use procmail as the local mailer. This mailer can normally the +indicator is just tossed, but by default it is passed as the -a argument to procmail. The argument to this feature is the pathname of procmail, - which defaults to PROCMAIL_MAILER_PATH. + which defaults to PROCMAIL_MAILER_PATH. Note that this + does NOT use PROCMAIL_MAILER_FLAGS or PROCMAIL_MAILER_ARGS + for the local mailer; tweak LOCAL_MAILER_FLAGS and + LOCAL_MAILER_ARGS instead. bestmx_is_local Accept mail as though locally addressed for any host that lists us as the best possible MX record. This generates @@ -1426,7 +1435,10 @@ confCF_VERSION $Z macro If defined, this is appended to the confFROM_HEADER From: [$?x$x <$g>$|$g$.] The format of an internally generated From: address. confRECEIVED_HEADER Received: - [.$?_($?s$|from $.$_) $.by $j ($v/$Z)$?r with $r$. id $i$?u for $u$.; $b] + [$?sfrom $s .$?_($?s$|from $.$_) + $.by $j ($v/$Z)$?r with $r$. id $i$?u + for $u$.; + $b] The format of the Received: header in messages passed through this host. It is unwise to try to change this. diff --git a/usr.sbin/sendmail/cf/cf/Makefile b/usr.sbin/sendmail/cf/cf/Makefile index 33f5943..7450b2a 100644 --- a/usr.sbin/sendmail/cf/cf/Makefile +++ b/usr.sbin/sendmail/cf/cf/Makefile @@ -1,10 +1,10 @@ -# @(#)Makefile 8.17 (Berkeley) 9/12/95 +# @(#)Makefile 8.19 (Berkeley) 1/14/97 # # This Makefile uses the new Berkeley "make" program. See Makefile.dist # for a more vanilla version. # -# Configuration files are created using "m4 file.mc > file.cf"; +# Create configuration files using "m4 ../m4/cf.m4 file.mc > file.cf"; # this may be easier than tweaking the Makefile. You do need to # have a fairly modern M4 available (GNU m4 works). On SunOS, use # /usr/5bin/m4. @@ -31,7 +31,7 @@ ALL= generic-bsd4.4.cf generic-hpux9.cf generic-hpux10.cf \ cs-sunos4.1.cf cs-ultrix4.cf \ s2k-osf1.cf s2k-ultrix4.cf \ chez.cs.cf huginn.cs.cf mail.cs.cf mail.eecs.cf mailspool.cs.cf \ - python.cs.cf ucbarpa.cf ucbvax.cf vangogh.cs.cf + python.cs.cf ucbarpa.cf ucbvax.cf vangogh.cs.cf knecht.cf all: $(ALL) diff --git a/usr.sbin/sendmail/cf/cf/knecht.mc b/usr.sbin/sendmail/cf/cf/knecht.mc index 0cd17fa..f7d57e3 100644 --- a/usr.sbin/sendmail/cf/cf/knecht.mc +++ b/usr.sbin/sendmail/cf/cf/knecht.mc @@ -33,12 +33,19 @@ divert(-1) # SUCH DAMAGE. # -include(`../m4/cf.m4') -VERSIONID(`@(#)knecht.mc 8.1 (Berkeley) 6/7/93') -OSTYPE(ultrix4.1)dnl -DOMAIN(cs.exposed)dnl -define(`LOCAL_RELAY', CS.Berkeley.EDU)dnl -MAILER(smtp)dnl +# +# This is specific to Eric's home machine. +# -# our local domain -DDCS.Berkeley.EDU +divert(0)dnl +VERSIONID(`@(#)knecht.mc 8.4 (Berkeley) 11/24/96') +OSTYPE(bsd4.4)dnl +DOMAIN(generic)dnl +define(`confDEF_USER_ID', `mailnull')dnl +define(`confHOST_STATUS_DIRECTORY', `.hoststat')dnl +define(`confTO_ICONNECT', `10s')dnl +define(`confCOPY_ERRORS_TO', `Postmaster')dnl +define(`confTO_QUEUEWARN', `8h')dnl +FEATURE(virtusertable)dnl +MAILER(local)dnl +MAILER(smtp)dnl diff --git a/usr.sbin/sendmail/cf/m4/cfhead.m4 b/usr.sbin/sendmail/cf/m4/cfhead.m4 index 91d4b9a..6bef4c6 100644 --- a/usr.sbin/sendmail/cf/m4/cfhead.m4 +++ b/usr.sbin/sendmail/cf/m4/cfhead.m4 @@ -106,18 +106,18 @@ define(`SITE', `ifelse(CONCAT($'2`, $3), SU, CONCAT(C, $3, $'1`))') sinclude(_CF_DIR_`'siteconfig/$1.m4)') define(`EXPOSED_USER', `PUSHDIVERT(5)CE$1 -POPDIVERT`'dnl') +POPDIVERT`'dnl`'') define(`LOCAL_USER', `PUSHDIVERT(5)CL$1 -POPDIVERT`'dnl') +POPDIVERT`'dnl`'') define(`MASQUERADE_AS', `define(`MASQUERADE_NAME', $1)') define(`MASQUERADE_DOMAIN', `PUSHDIVERT(5)CM$1 -POPDIVERT`'dnl') +POPDIVERT`'dnl`'') define(`MASQUERADE_DOMAIN_FILE', `PUSHDIVERT(5)FM$1 -POPDIVERT`'dnl') +POPDIVERT`'dnl`'') define(`GENERICS_DOMAIN', `PUSHDIVERT(5)CG$1 -POPDIVERT`'dnl') +POPDIVERT`'dnl`'') define(`GENERICS_DOMAIN_FILE', `PUSHDIVERT(5)FG$1 -POPDIVERT`'dnl') +POPDIVERT`'dnl`'') define(`_OPTINS', `ifdef(`$1', `$2$1$3')') m4wrap(`include(_CF_DIR_`m4/proto.m4')') @@ -129,8 +129,9 @@ define(`confFROM_LINE', `From $g $d') define(`confOPERATORS', `.:%@!^/[]+') define(`confSMTP_LOGIN_MSG', `$j Sendmail $v/$Z; $b') define(`confRECEIVED_HEADER', `$?sfrom $s $.$?_($?s$|from $.$_) - $.by $j ($v/$Z)$?r with $r$. - id $i$?u for $u$.; $b') + $.by $j ($v/$Z)$?r with $r$. id $i$?u + for $u; $|; + $.$b') define(`confSEVEN_BIT_INPUT', `False') define(`confEIGHT_BIT_HANDLING', `pass8') define(`confALIAS_WAIT', `10') @@ -156,4 +157,4 @@ define(`confMIME_FORMAT_ERRORS', `True') define(`confFORWARD_PATH', `$z/.forward.$w:$z/.forward') divert(0)dnl -VERSIONID(`@(#)cfhead.m4 8.7 (Berkeley) 11/20/96') +VERSIONID(`@(#)cfhead.m4 8.9 (Berkeley) 1/18/97') diff --git a/usr.sbin/sendmail/cf/m4/proto.m4 b/usr.sbin/sendmail/cf/m4/proto.m4 index 676aa35..fc09fe0 100644 --- a/usr.sbin/sendmail/cf/m4/proto.m4 +++ b/usr.sbin/sendmail/cf/m4/proto.m4 @@ -34,7 +34,7 @@ divert(-1) # divert(0) -VERSIONID(`@(#)proto.m4 8.136 (Berkeley) 11/24/96') +VERSIONID(`@(#)proto.m4 8.139 (Berkeley) 12/31/96') MAILER(local)dnl @@ -171,17 +171,18 @@ DR`'ifdef(`LOCAL_RELAY', LOCAL_RELAY) # who gets all local email traffic ($R has precedence for unqualified names) DH`'ifdef(`MAIL_HUB', MAIL_HUB) -# class L: names that should be delivered locally, even if we have a relay +# dequoting map +Kdequote dequote + +divert(0)dnl # end of nullclient diversion # class E: names that should be exposed as from this host, even if we masquerade +ifdef(`_NULL_CLIENT_ONLY_', `#', +`# class L: names that should be delivered locally, even if we have a relay # class M: domains that should be converted to $M #CL root -CE root +')CE root undivert(5)dnl -# dequoting map -Kdequote dequote - -divert(0)dnl # end of nullclient diversion # who I masquerade as (null for no masquerading) (see also $=M) DM`'ifdef(`MASQUERADE_NAME', MASQUERADE_NAME) @@ -685,7 +686,7 @@ define(`X', ifdef(`VIRTUSER_TABLE', `', `#'))dnl X`'R$+ < @ $=w . > $: < $(virtuser $1 @ $2 $@ $1 $: @ $) > $1 < @ $2 . > X`'R< @ > $+ < @ $+ . > $: < $(virtuser @ $2 $@ $1 $: @ $) > $1 < @ $2 . > X`'R< @ > $+ $: $1 -X`'R< error : $- $+ > $* $#error $@ $1 $: $2 +X`'R< error : $- $+ > $* $#error $@ $( dequote $1 $) $: $2 X`'R< $+ > $+ < @ $+ > $: $>97 $1 undefine(`X')dnl @@ -798,6 +799,8 @@ R< > $+ + $* $#_LOCAL_ $@ $2 $: $1 R< > $+ $: < $H > $1 try hub R< > $+ $: < $R > $1 try relay R< > $+ $@ $1 nope, give up +R< local : $* > $* $: $>95 < local : $1 > $2 no host extension +R< error : $* > $* $: $>95 < error : $1 > $2 no host extension R< $- : $+ > $+ $: $>95 < $1 : $2 > $3 < @ $2 > R< $+ > $+ $@ $>95 < $1 > $2 < @ $1 > @@ -821,15 +824,33 @@ undefine(`X')dnl S95 R< > $* $@ $1 strip off null relay -R< error : $- $+ > $* $#error $@ $1 $: $2 special case errors -R< local : > $* < @ $* > $#local $@ $1@$2 $: $1 no host: use old user -R< local : $+ > $* <@ $* . > $* $#local $@ $2@$3 $: $1 special case local +R< error : $- $+ > $* $#error $@ $( dequote $1 $) $: $2 +R< local : $* > $* $>CanonLocal < $1 > $2 R< $- : $+ @ $+ > $*<$*>$* $# $1 $@ $3 $: $2<@$3> use literal user R< $- : $+ > $* $# $1 $@ $2 $: $3 try qualified mailer R< $=w > $* $@ $2 delete local host R< $+ > $* $#_RELAY_ $@ $1 $: $2 use unqualified mailer ################################################################### +### Ruleset CanonLocal -- canonify local: syntax ### +################################################################### + +SCanonLocal +# strip trailing dot from any host name that may appear +R< $* > $* < @ $* . > $: < $1 > $2 < @ $3 > + +# handle local: syntax -- use old user, either with or without host +R< > $* < @ $* > $* $#local $@ $1@$2 $: $1 +R< > $+ $#local $@ $1 $: $1 + +# handle local:user@host syntax -- ignore host part +R< $+ @ $+ > $* $: < $1 > $3 + +# handle local:user syntax +R< $+ > $* <@ $* > $* $#local $@ $2@$3 $: $1 +R< $+ > $* $#local $@ $2 $: $1 + +################################################################### ### Ruleset 93 -- convert header names to masqueraded form ### ################################################################### diff --git a/usr.sbin/sendmail/cf/m4/version.m4 b/usr.sbin/sendmail/cf/m4/version.m4 index b3ee9a7..1837c22 100644 --- a/usr.sbin/sendmail/cf/m4/version.m4 +++ b/usr.sbin/sendmail/cf/m4/version.m4 @@ -32,8 +32,8 @@ divert(-1) # OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF # SUCH DAMAGE. # -VERSIONID(`@(#)version.m4 8.8.4.2 (Berkeley) 11/26/96') +VERSIONID(`@(#)version.m4 8.8.5.3 (Berkeley) 1/21/97') # divert(0) # Configuration version number -DZ8.8.4`'ifdef(`confCF_VERSION', `/confCF_VERSION') +DZ8.8.5`'ifdef(`confCF_VERSION', `/confCF_VERSION') diff --git a/usr.sbin/sendmail/cf/ostype/powerux.m4 b/usr.sbin/sendmail/cf/ostype/powerux.m4 new file mode 100644 index 0000000..d0fd3dc --- /dev/null +++ b/usr.sbin/sendmail/cf/ostype/powerux.m4 @@ -0,0 +1,46 @@ +divert(-1) +# +# Copyright (c) 1983 Eric P. Allman +# Copyright (c) 1988, 1993 +# The Regents of the University of California. All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions +# are met: +# 1. Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in the +# documentation and/or other materials provided with the distribution. +# 3. All advertising materials mentioning features or use of this software +# must display the following acknowledgement: +# This product includes software developed by the University of +# California, Berkeley and its contributors. +# 4. Neither the name of the University nor the names of its contributors +# may be used to endorse or promote products derived from this software +# without specific prior written permission. +# +# THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND +# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +# ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE +# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +# SUCH DAMAGE. +# + +divert(0) +VERSIONID(`@(#)powerux.m4 8.1 (Berkeley) 1/16/97') + +define(`ALIAS_FILE', /etc/mail/aliases)dnl +ifdef(`HELP_FILE',,`define(`HELP_FILE', /etc/mail/sendmail.hf)')dnl +ifdef(`STATUS_FILE',,`define(`STATUS_FILE', /etc/mail/sendmail.st)')dnl +define(`LOCAL_MAILER_PATH', `/usr/bin/rmail')dnl +define(`LOCAL_MAILER_FLAGS', `mn9')dnl +define(`LOCAL_MAILER_ARGS', `rmail $u')dnl +define(`LOCAL_SHELL_FLAGS', `ehuP')dnl +define(`UUCP_MAILER_ARGS', `uux - -r -a$g -gmedium $h!rmail ($u)')dnl diff --git a/usr.sbin/sendmail/cf/ostype/sinix.m4 b/usr.sbin/sendmail/cf/ostype/sinix.m4 new file mode 100644 index 0000000..7b50e9e --- /dev/null +++ b/usr.sbin/sendmail/cf/ostype/sinix.m4 @@ -0,0 +1,45 @@ +divert(-1) +# +# Copyright (c) 1996 Eric P. Allman +# Copyright (c) 1988, 1993 +# The Regents of the University of California. All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions +# are met: +# 1. Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in the +# documentation and/or other materials provided with the distribution. +# 3. All advertising materials mentioning features or use of this software +# must display the following acknowledgement: +# This product includes software developed by the University of +# California, Berkeley and its contributors. +# 4. Neither the name of the University nor the names of its contributors +# may be used to endorse or promote products derived from this software +# without specific prior written permission. +# +# THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND +# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +# ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE +# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +# SUCH DAMAGE. +# + +divert(0) +VERSIONID(`@(#)sinix.m4 8.1 (Berkeley) 12/14/96') +define(`QUEUE_DIR', /usr/ucblib/mqueue)dnl +define(`ALIAS_FILE', /usr/ucblib/aliases)dnl +ifdef(`HELP_FILE',,`define(`HELP_FILE', /usr/ucblib/sendmail.hf)')dnl +ifdef(`STATUS_FILE',,`define(`STATUS_FILE', /usr/ucblib/sendmail.st)')dnl +define(`LOCAL_MAILER_PATH', `/usr/ucblib/mail.local')dnl +define(`LOCAL_MAILER_FLAGS', `rmn9')dnl +define(`LOCAL_SHELL_FLAGS', `ehuP')dnl +define(`UUCP_MAILER_ARGS', `uux - -r -a$g -gmedium $h!rmail ($u)')dnl diff --git a/usr.sbin/sendmail/doc/op/op.me b/usr.sbin/sendmail/doc/op/op.me index 4237497..88b69ea 100644 --- a/usr.sbin/sendmail/doc/op/op.me +++ b/usr.sbin/sendmail/doc/op/op.me @@ -30,7 +30,7 @@ .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" -.\" @(#)op.me 8.100 (Berkeley) 12/1/96 +.\" @(#)op.me 8.103 (Berkeley) 12/13/96 .\" .\" eqn op.me | pic | troff -me .eh 'SMM:08-%''Sendmail Installation and Operation Guide' @@ -65,10 +65,9 @@ .sp .r Eric Allman -InReference, Inc. eric@Sendmail.ORG .sp -Version 8.100 +Version 8.103 .sp For Sendmail Version 8.8 .)l @@ -161,6 +160,12 @@ Several major changes were introduced in version 8.7. You should not attempt to use this document for prior versions of .i sendmail . +.bp +.rs +.sp |4i +.ce 2 +This page intentionally left blank; +replace it with a blank sheet for double-sided output. .bp 7 .sh 1 "BASIC INSTALLATION" .pp @@ -2476,7 +2481,7 @@ When trying to open a connection the cache is first searched. If an open connection is found, it is probed to see if it is still active by sending a -.sm NOOP +.sm RSET command. It is not an error if this fails; instead, the connection is closed and reopened. @@ -8134,6 +8139,15 @@ Temporary versions of the qf files, used during queue file rebuild. .ip /var/spool/mqueue/xf* A transcript of the current session. +.if e \ +\{\ +. bp +. rs +. sp |4i +. ce 2 +This page intentionally left blank; +replace it with a blank sheet for double-sided output. +.\} .\".ro .\".ls 1 .\".tp @@ -8148,16 +8162,9 @@ A transcript of the current session. .\".sp .\".sz 10 .\"Eric Allman -.\"InReference, Inc. .\".sp -.\"Version 8.100 +.\"Version 8.103 .\".ce 0 -.bp 2 -.rs -.sp |4i -.ce 2 -This page intentionally left blank; -replace it with a blank sheet for double-sided output. .bp 3 .ce .sz 12 diff --git a/usr.sbin/sendmail/src/READ_ME b/usr.sbin/sendmail/src/READ_ME index 72e9a18..88fa68a 100644 --- a/usr.sbin/sendmail/src/READ_ME +++ b/usr.sbin/sendmail/src/READ_ME @@ -30,7 +30,7 @@ # OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF # SUCH DAMAGE. # -# @(#)READ_ME 8.132 (Berkeley) 12/1/96 +# @(#)READ_ME 8.135 (Berkeley) 1/21/97 # This directory contains the source files for sendmail. @@ -529,9 +529,7 @@ HES_GETMAILHOST Define this to 1 if you are using Hesiod with the XDEBUG Do additional internal checking. These don't cost too much; you might as well leave this on. TCPWRAPPERS Turns on support for the TCP wrappers library (-lwrap). - This library is available on ftp.win.tue.nl in /pub/security; - grab tcp_wrappers_<VER>.tar.gz (where <VER> is the highest - numbered version). + See below for further information. SECUREWARE Enable calls to the SecureWare luid enabling/changing routines. SecureWare is a C2 security package added to several UNIX's (notably ConvexOS) to get a C2 Secure system. This @@ -787,6 +785,12 @@ Solaris 2.4 (SunOS 5.4) >> >> here, path 2 would be the first used. +Solaris 2.6 (SunOS 5.6) + If you built sendmail 8.8.1 through 8.8.4 inclusive on a Solaris 2.5 + system, that binary will not run on Solaris 2.6, due to problems with + incompatible snprintf(3s) calls. This problem is fixed in sendmail + 8.8.5. + Ultrix By default, the IDENT protocol is turned off on Ultrix. If you are running Ultrix 4.4 or later, or if you have included patch @@ -803,7 +807,7 @@ Solaris 2.5.1 (SunOS 5.5.1) /usr/include/resolv.h:208: warning: `__P' redefined cdefs.h:58: warning: this is the location of the previous definition - If you are running with this patch, create a file in the + If you are running with this patch, create a resolv.h file in the obj.SunOS.5.5.1.* directory that reads: #undef __P @@ -1289,14 +1293,19 @@ LDAP send them along. TCP Wrappers - If you are using -DTCPWRAPPERS to get TCP Wrappers support, you will - also need to install libwrap.a (you can get it from ftp.win.tue.nl) - and modify the Makefile to include -lwrap in the LIBS line. + If you are using -DTCPWRAPPERS to get TCP Wrappers support you will + also need to install libwrap.a and modify the Makefile to include + -lwrap in the LIBS line (make sure that INCDIRS and LIBDIRS point + to where the tcpd.h and libwrap.a can be found). + + TCP Wrappers is available on ftp.win.tue.nl in /pub/security; + grab tcp_wrappers_<VER>.tar.gz (where <VER> is the highest + numbered version). If you have alternate MX sites for your site, be sure that all of your MX sites reject the same set of hosts. If not, a bad guy whom you reject will connect to your site, fail, and move on to the next - MX site, which will accept the mail for your and forward it on to you. + MX site, which will accept the mail for you and forward it on to you. +--------------+ @@ -1398,4 +1407,4 @@ version.c The version number and information about this Eric Allman -(Version 8.132, last update 12/1/96 09:34:37) +(Version 8.135, last update 1/21/97 07:47:02) diff --git a/usr.sbin/sendmail/src/alias.c b/usr.sbin/sendmail/src/alias.c index 95de1ee..b09a85d 100644 --- a/usr.sbin/sendmail/src/alias.c +++ b/usr.sbin/sendmail/src/alias.c @@ -35,7 +35,7 @@ # include "sendmail.h" #ifndef lint -static char sccsid[] = "@(#)alias.c 8.66 (Berkeley) 9/20/96"; +static char sccsid[] = "@(#)alias.c 8.67 (Berkeley) 1/18/97"; #endif /* not lint */ @@ -601,11 +601,24 @@ readaliases(map, af, announcestats, logstats) while (fgets(line, sizeof (line), af) != NULL) { int lhssize, rhssize; + int c; LineNumber++; p = strchr(line, '\n'); if (p != NULL) *p = '\0'; + else if (!feof(af)) + { + syserr("554 alias line too long"); + + /* flush to end of line */ + while ((c = getc(af)) != EOF && c != '\n') + continue; + + /* skip any continuation lines */ + skipping = TRUE; + continue; + } switch (line[0]) { case '#': @@ -655,7 +668,6 @@ readaliases(map, af, announcestats, logstats) rhs = p; for (;;) { - register char c; register char *nlp; nlp = &p[strlen(p)]; @@ -698,12 +710,19 @@ readaliases(map, af, announcestats, logstats) LineNumber++; /* check for line overflow */ - if (strchr(p, '\n') == NULL) + if (strchr(p, '\n') == NULL && !feof(af)) { usrerr("554 alias too long"); + while ((c = fgetc(af)) != EOF && c != '\n') + continue; + skipping = TRUE; break; } } + + if (skipping) + continue; + if (!bitnset(M_ALIASABLE, al.q_mailer->m_flags)) { syserr("554 %s... cannot alias non-local names", diff --git a/usr.sbin/sendmail/src/clock.c b/usr.sbin/sendmail/src/clock.c index 281ee60..5639f44 100644 --- a/usr.sbin/sendmail/src/clock.c +++ b/usr.sbin/sendmail/src/clock.c @@ -33,7 +33,7 @@ */ #ifndef lint -static char sccsid[] = "@(#)clock.c 8.16 (Berkeley) 11/27/96"; +static char sccsid[] = "@(#)clock.c 8.18 (Berkeley) 12/31/96"; #endif /* not lint */ # include "sendmail.h" @@ -60,7 +60,7 @@ static char sccsid[] = "@(#)clock.c 8.16 (Berkeley) 11/27/96"; ** none. */ -static void tick __P((int)); +static SIGFUNC_DECL tick __P((int)); EVENT * setevent(intvl, func, arg) @@ -161,7 +161,7 @@ clrevent(ev) ** calls the next function in EventQueue. */ -static void +static SIGFUNC_DECL tick(arg) int arg; { @@ -169,9 +169,6 @@ tick(arg) register EVENT *ev; int mypid = getpid(); int olderrno = errno; -#ifdef SIG_UNBLOCK - sigset_t ss; -#endif (void) setsignal(SIGALRM, SIG_IGN); (void) alarm(0); @@ -224,6 +221,7 @@ tick(arg) if (EventQueue != NULL) (void) alarm((unsigned) (EventQueue->ev_time - now)); errno = olderrno; + return SIGFUNC_RETURN; } /* ** SLEEP -- a version of sleep that works with this stuff diff --git a/usr.sbin/sendmail/src/collect.c b/usr.sbin/sendmail/src/collect.c index c5e1ceb..660521c 100644 --- a/usr.sbin/sendmail/src/collect.c +++ b/usr.sbin/sendmail/src/collect.c @@ -33,7 +33,7 @@ */ #ifndef lint -static char sccsid[] = "@(#)collect.c 8.61 (Berkeley) 11/24/96"; +static char sccsid[] = "@(#)collect.c 8.62 (Berkeley) 12/11/96"; #endif /* not lint */ # include <errno.h> @@ -501,6 +501,21 @@ readerr: markstats(e, (ADDRESS *) NULL); } +#ifdef _FFR_DSN_RRT + /* + ** If we have a Return-Receipt-To:, turn it into a DSN. + */ + + if (RrtImpliesDsn && hvalue("return-receipt-to", e->e_header) != NULL) + { + ADDRESS *q; + + for (q = e->e_sendqueue; q != NULL; q = q->q_next) + if (!bitset(QHASNOTIFY, q->q_flags)) + q->q_flags |= QHASNOTIFY|QPINGONSUCCESS; + } +#endif + /* ** Add an Apparently-To: line if we have no recipient lines. */ diff --git a/usr.sbin/sendmail/src/conf.c b/usr.sbin/sendmail/src/conf.c index f4a2219..e172a78 100644 --- a/usr.sbin/sendmail/src/conf.c +++ b/usr.sbin/sendmail/src/conf.c @@ -33,7 +33,7 @@ */ #ifndef lint -static char sccsid[] = "@(#)conf.c 8.325 (Berkeley) 12/1/96"; +static char sccsid[] = "@(#)conf.c 8.333 (Berkeley) 1/21/97"; #endif /* not lint */ # include "sendmail.h" @@ -127,14 +127,6 @@ struct hdrinfo HdrInfo[] = /* -** Location of system files/databases/etc. -*/ - -char *PidFile = _PATH_SENDMAILPID; /* stores daemon proc id */ - - - -/* ** Privacy values */ @@ -230,6 +222,7 @@ setdefaults(e) ServiceSwitchFile = "/etc/service.switch"; ServiceCacheMaxAge = (time_t) 10; HostsFile = _PATH_HOSTS; + PidFile = newstr(_PATH_SENDMAILPID); MustQuoteChars = "@,;:\\()[].'"; MciInfoTimeout = 30 MINUTES; MaxRuleRecursion = MAXRULERECURSION; @@ -1851,12 +1844,13 @@ int getla(void) int getla() { - kstat_ctl_t *kc; - kstat_t *ksp; + static kstat_ctl_t *kc = NULL; + static kstat_t *ksp = NULL; kstat_named_t *ksn; int la; - kc = kstat_open(); + if (kc == NULL) /* if not initialized before */ + kc = kstat_open(); if (kc == NULL) { if (tTd(3, 1)) @@ -1864,24 +1858,25 @@ getla() errstring(errno)); return -1; } - ksp = kstat_lookup(kc, "unix", 0, "system_misc"); /* NULL on error */ + if (ksp == NULL) + ksp = kstat_lookup(kc, "unix", 0, "system_misc"); if (ksp == NULL) { if (tTd(3, 1)) printf("getla: kstat_lookup(): %s\n", - errstring(errno); + errstring(errno)); return -1; } if (kstat_read(kc, ksp, NULL) < 0) { if (tTd(3, 1)) printf("getla: kstat_read(): %s\n", - errstring(errno); + errstring(errno)); return -1; } ksn = (kstat_named_t *) kstat_data_lookup(ksp, "avenrun_1min"); - la = (ksn->value.ul + FSCALE/2) >> FSHIFT; - kstat_close(kc); + la = ((double)ksn->value.ul + FSCALE/2) / FSCALE; + /* kstat_close(kc); /o do not close for fast access */ return la; } @@ -2377,7 +2372,7 @@ setproctitle(fmt, va_alist) ** Picks up extant zombies. */ -void +SIGFUNC_DECL reapchild(sig) int sig; { @@ -2419,6 +2414,7 @@ reapchild(sig) (void) setsignal(SIGCHLD, reapchild); # endif errno = olderrno; + return SIGFUNC_RETURN; } /* ** PUTENV -- emulation of putenv() in terms of setenv() @@ -2805,12 +2801,12 @@ getopt(nargc,nargv,ostr) if(!*place) { /* update scanning pointer */ if (optind >= nargc || *(place = nargv[optind]) != '-' || !*++place) { atend++; - return(EOF); + return -1; } if (*place == '-') { /* found "--" */ ++optind; atend++; - return(EOF); + return -1; } } /* option letter okay? */ if ((optopt = (int)*place++) == (int)':' || !(oli = strchr(ostr,optopt))) { @@ -3692,6 +3688,7 @@ lockfile(fd, filename, ext, type) # endif syserr("cannot lockf(%s%s, fd=%d, type=%o, omode=%o, euid=%d)", filename, ext, fd, type, omode, geteuid()); + dumpfd(fd, TRUE, TRUE); } # else if (ext == NULL) @@ -3721,6 +3718,7 @@ lockfile(fd, filename, ext, type) # endif syserr("cannot flock(%s%s, fd=%d, type=%o, omode=%o, euid=%d)", filename, ext, fd, type, omode, geteuid()); + dumpfd(fd, TRUE, TRUE); } # endif if (tTd(55, 60)) @@ -4011,8 +4009,10 @@ vendor_set_uid(uid) #if TCPWRAPPERS # include <tcpd.h> + +/* tcpwrappers does no logging, but you still have to declare these -- ugh */ int allow_severity = LOG_INFO; -int deny_severity = LOG_WARNING; +int deny_severity = LOG_NOTICE; #endif #if DAEMON @@ -4027,7 +4027,14 @@ validate_connection(sap, hostname, e) #if TCPWRAPPERS if (!hosts_ctl("sendmail", hostname, anynet_ntoa(sap), STRING_UNKNOWN)) + { +# ifdef LOG + if (LogLevel >= 4) + syslog(LOG_NOTICE, "tcpwrappers (%s, %s) rejection", + hostname, anynet_ntoa(sap)); +# endif return FALSE; + } #endif return TRUE; } @@ -4395,7 +4402,7 @@ load_if_names() int s; int i; struct ifconf ifc; - char interfacebuf[1024]; + char interfacebuf[10240]; s = socket(AF_INET, SOCK_DGRAM, 0); if (s == -1) @@ -4766,6 +4773,9 @@ char *OsCompileOptions[] = #if USE_SA_SIGACTION "USE_SA_SIGACTION", #endif +#if USE_SIGLONGJMP + "USE_SIGLONGJMP", +#endif #if USESETEUID "USESETEUID", #endif diff --git a/usr.sbin/sendmail/src/conf.h b/usr.sbin/sendmail/src/conf.h index 39a92f5..595ed43 100644 --- a/usr.sbin/sendmail/src/conf.h +++ b/usr.sbin/sendmail/src/conf.h @@ -31,7 +31,7 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * @(#)conf.h 8.279 (Berkeley) 12/1/96 + * @(#)conf.h 8.288 (Berkeley) 1/17/97 */ /* @@ -367,14 +367,12 @@ typedef int pid_t; #if defined(sun) && !defined(BSD) +# include <sys/time.h> # define HASINITGROUPS 1 /* has initgroups(3) call */ # define HASUNAME 1 /* use System V uname(2) system call */ # define HASGETUSERSHELL 1 /* DOES have getusershell(3) call in libc */ # define HASFCHMOD 1 /* has fchmod(2) syscall */ # define IP_SRCROUTE 1 /* can check IP source routing */ -# ifndef LA_TYPE -# define LA_TYPE LA_INT -# endif # ifdef SOLARIS_2_3 # define SOLARIS 20300 /* for back compat only -- use -DSOLARIS=20300 */ @@ -389,7 +387,6 @@ typedef int pid_t; # ifndef __svr4__ # define __svr4__ /* use all System V Releae 4 defines below */ # endif -# include <sys/time.h> # define GIDSET_T gid_t # define USE_SA_SIGACTION 1 /* use sa_sigaction field */ # ifndef _PATH_UNIX @@ -409,16 +406,14 @@ typedef int pid_t; # define USESETEUID 1 /* seteuid works as of 2.3 */ # endif # if SOLARIS >= 20500 || (SOLARIS < 10000 && SOLARIS >= 205) -# define HASSNPRINTF 1 /* has snprintf starting in 2.5 */ # define HASSETREUID 1 /* setreuid works as of 2.5 */ -# if SOLARIS == 20500 || SOLARIS == 205 -# define snprintf __snprintf /* but names it oddly in 2.5 */ -# define vsnprintf __vsnprintf -# endif # ifndef LA_TYPE # define LA_TYPE LA_KSTAT /* use kstat(3k) -- may work in < 2.5 */ # endif # endif +# if SOLARIS >= 20600 || (SOLARIS < 10000 && SOLARIS >= 206) +# define HASSNPRINTF 1 /* has snprintf starting in 2.6 */ +# endif # ifndef HASGETUSERSHELL # define HASGETUSERSHELL 0 /* getusershell(3) causes core dumps */ # endif @@ -454,7 +449,12 @@ extern char *getenv(); # endif # endif -#endif + +# ifndef LA_TYPE +# define LA_TYPE LA_INT +# endif + +#endif /* sun && !BSD */ /* ** DG/UX @@ -680,7 +680,7 @@ typedef int pid_t; /* -** FreeBSD / NetBSD (all architectures, all versions) +** FreeBSD / NetBSD / OpenBSD (all architectures, all versions) ** ** 4.3BSD clone, closer to 4.4BSD for FreeBSD 1.x and NetBSD 0.9x ** 4.4BSD-Lite based for FreeBSD 2.x and NetBSD 1.x @@ -688,7 +688,7 @@ typedef int pid_t; ** See also BSD defines. */ -#if defined(__FreeBSD__) || defined(__NetBSD__) +#if defined(__FreeBSD__) || defined(__NetBSD__) || defined(__OpenBSD__) # include <paths.h> # define HASUNSETENV 1 /* has unsetenv(3) call */ # define HASSETSID 1 /* has the setsid(2) POSIX syscall */ @@ -723,6 +723,10 @@ typedef int pid_t; # define SPT_PADCHAR '\0' /* pad process title with nulls */ # endif # endif +# if defined(__OpenBSD__) +# undef SPT_TYPE +# define SPT_TYPE SPT_BUILTIN /* setproctitle is in libc */ +# endif #endif @@ -832,6 +836,7 @@ extern int errno; # define SYSTEM5 1 /* include all the System V defines */ # define HASGETUSERSHELL 0 /* does not have getusershell(3) call */ # define NOFTRUNCATE 0 /* has (simulated) ftruncate call */ +# define USE_SIGLONGJMP 1 /* sigsetjmp needed for signal handling */ # define MAXPATHLEN PATHSIZE # define SFS_TYPE SFS_4ARGS /* use <sys/statfs.h> 4-arg impl */ # define SFS_BAVAIL f_bfree /* alternate field name */ @@ -904,6 +909,7 @@ extern int errno; # define WAITUNION 1 /* use "union wait" as wait argument type */ # define NEEDFSYNC 1 /* no fsync(2) in system library */ # define NEEDSTRSTR 1 /* need emulation of the strstr(3) call */ +# define NOFTRUNCATE 1 /* do not have ftruncate(2) */ # define MAXPATHLEN PATH_MAX # define LA_TYPE LA_SHORT # define SFS_TYPE SFS_STATFS /* use <sys/statfs.h> statfs() impl */ @@ -917,6 +923,7 @@ extern int errno; typedef unsigned short uid_t; typedef unsigned short gid_t; typedef short pid_t; +typedef unsigned long mode_t; /* some stuff that should have been in the include files */ # include <grp.h> @@ -1015,7 +1022,9 @@ extern struct group *getgrnam(); extern int errno; typedef int pid_t; -#define SIGFUNC_DEFINED +#define SIGFUNC_DEFINED +#define SIGFUNC_RETURN (0) +#define SIGFUNC_DECL int typedef int (*sigfunc_t)(); extern char *getenv(); extern void *malloc(); @@ -1110,6 +1119,8 @@ extern void *malloc(); # define HASINITGROUPS 1 /* has initgroups(3) call */ # define HASSETVBUF 1 /* we have setvbuf(3) in libc */ # define SIGFUNC_DEFINED /* sigfunc_t already defined */ +# define SIGFUNC_RETURN (0) /* XXX this is a guess */ +# define SIGFUNC_DECL int /* XXX this is a guess */ # ifndef IDENTPROTO # define IDENTPROTO 0 /* TCP/IP implementation is broken */ # endif @@ -1284,6 +1295,9 @@ typedef int pid_t; # define IDENTPROTO 0 /* TCP/IP implementation is broken */ # endif # define RLIMIT_NEEDS_SYS_TIME_H 1 +# if defined(NGROUPS_MAX) && !NGROUPS_MAX +# undef NGROUPS_MAX +# endif #endif @@ -1494,6 +1508,8 @@ extern struct group *getgrent(), *getgrnam(), *getgrgid(); typedef int pid_t; typedef int (*sigfunc_t)(); # define SIGFUNC_DEFINED +# define SIGFUNC_RETURN (0) +# define SIGFUNC_DECL int # else /* NEWS-OS 6.0.3 with /bin/cc */ @@ -1558,6 +1574,8 @@ typedef int (*sigfunc_t)(); typedef int pid_t; typedef int (*sigfunc_t)(); # define SIGFUNC_DEFINED +# define SIGFUNC_RETURN (0) +# define SIGFUNC_DECL int extern char *getenv(); extern int errno; # define _PATH_VENDOR_CF "/usr/lib/sendmail.cf" @@ -1662,6 +1680,28 @@ extern int errno; #endif +/* +** Harris Nighthawk PowerUX (nh6000 box) +** +** Contributed by Bob Miorelli, Pratt & Whitney <miorelli@pweh.com> +*/ + +#ifdef _PowerUX +# ifndef __svr4__ +# define __svr4__ +# endif +# define _PATH_VENDOR_CF "/etc/mail/sendmail.cf" +# ifndef _PATH_SENDMAILPID +# define _PATH_SENDMAILPID "/etc/mail/sendmail.pid" +# endif +# define SYSLOG_BUFSIZE 1024 +# define HASSNPRINTF 1 /* has snprintf(3) and vsnprintf(3) */ +# define LA_TYPE LA_ZERO +typedef struct msgb mblk_t; +# undef offsetof /* avoid stddefs.h and sys/sysmacros.h conflict */ +#endif + + /********************************************************************** ** End of Per-Operating System defines **********************************************************************/ @@ -1720,10 +1760,7 @@ extern int errno; # define SFS_TYPE SFS_STATVFS # endif -/* SVr4 uses different routines for setjmp/longjmp with signal support */ -# define jmp_buf sigjmp_buf -# define setjmp(env) sigsetjmp(env, 1) -# define longjmp(env, val) siglongjmp(env, val) +# define USE_SIGLONGJMP 1 /* sigsetjmp needed for signal handling */ #endif /* general System V defines */ @@ -1844,6 +1881,10 @@ extern int errno; # define SECUREWARE 0 /* assume no SecureWare C2 auditing hooks */ #endif +#ifndef USE_SIGLONGJMP +# define USE_SIGLONGJMP 0 /* assume setjmp handles signals properly */ +#endif + /* ** If no type for argument two of getgroups call is defined, assume ** it's an integer -- unfortunately, there seem to be several choices @@ -2070,6 +2111,12 @@ struct utsname #ifndef SIGFUNC_DEFINED typedef void (*sigfunc_t) __P((int)); #endif +#ifndef SIGFUNC_RETURN +# define SIGFUNC_RETURN +#endif +#ifndef SIGFUNC_DECL +# define SIGFUNC_DECL void +#endif /* size of syslog buffer */ #ifndef SYSLOG_BUFSIZE @@ -2116,3 +2163,22 @@ typedef void (*sigfunc_t) __P((int)); #ifndef SCANF # define SCANF 1 #endif + +/* +** SVr4 and similar systems use different routines for setjmp/longjmp +** with signal support +*/ + +#if USE_SIGLONGJMP +/* Silly SCO /usr/include/setjmp.h file has #define setjmp(env) setjmp(env) */ +# ifdef setjmp +# undef setjmp +# endif +# define jmp_buf sigjmp_buf +# define setjmp(env) sigsetjmp(env, 1) +# define longjmp(env, val) siglongjmp(env, val) +#endif + +#if !defined(NGROUPS_MAX) && defined(NGROUPS) +# define NGROUPS_MAX NGROUPS /* POSIX naming convention */ +#endif diff --git a/usr.sbin/sendmail/src/daemon.c b/usr.sbin/sendmail/src/daemon.c index c8516fc..bd8a914 100644 --- a/usr.sbin/sendmail/src/daemon.c +++ b/usr.sbin/sendmail/src/daemon.c @@ -37,9 +37,9 @@ #ifndef lint #ifdef DAEMON -static char sccsid[] = "@(#)daemon.c 8.156 (Berkeley) 12/1/96 (with daemon mode)"; +static char sccsid[] = "@(#)daemon.c 8.159 (Berkeley) 1/14/97 (with daemon mode)"; #else -static char sccsid[] = "@(#)daemon.c 8.156 (Berkeley) 12/1/96 (without daemon mode)"; +static char sccsid[] = "@(#)daemon.c 8.159 (Berkeley) 1/14/97 (without daemon mode)"; #endif #endif /* not lint */ @@ -165,7 +165,8 @@ getrequests(e) (void) setsignal(SIGCHLD, reapchild); /* write the pid to the log file for posterity */ - pidf = fopen(PidFile, "w"); + pidf = safefopen(PidFile, O_WRONLY|O_CREAT|O_TRUNC, 0644, + SFF_NOSLINK|SFF_ROOTOK|SFF_REGONLY|SFF_CREAT); if (pidf != NULL) { extern char *CommandLineArgs; @@ -316,7 +317,7 @@ getrequests(e) if (pid == 0) { char *p; - extern void intsig(); + extern SIGFUNC_DECL intsig __P((int)); FILE *inchannel, *outchannel; bool nullconn; diff --git a/usr.sbin/sendmail/src/deliver.c b/usr.sbin/sendmail/src/deliver.c index 576c166..97a1050 100644 --- a/usr.sbin/sendmail/src/deliver.c +++ b/usr.sbin/sendmail/src/deliver.c @@ -33,7 +33,7 @@ */ #ifndef lint -static char sccsid[] = "@(#)deliver.c 8.260 (Berkeley) 12/1/96"; +static char sccsid[] = "@(#)deliver.c 8.266 (Berkeley) 1/17/97"; #endif /* not lint */ #include "sendmail.h" @@ -314,7 +314,7 @@ sendall(e, mode) ee->e_errorqueue = copyqueue(e->e_errorqueue); ee->e_flags = e->e_flags & ~(EF_INQUEUE|EF_CLRQUEUE|EF_FATALERRS|EF_SENDRECEIPT|EF_RET_PARAM); ee->e_flags |= EF_NORECEIPT; - setsender(owner, ee, NULL, TRUE); + setsender(owner, ee, NULL, '\0', TRUE); if (tTd(13, 5)) { printf("sendall(split): QDONTSEND "); @@ -401,7 +401,7 @@ sendall(e, mode) if (owner != NULL) { - setsender(owner, e, NULL, TRUE); + setsender(owner, e, NULL, '\0', TRUE); if (tTd(13, 5)) { printf("sendall(owner): QDONTSEND "); @@ -470,6 +470,13 @@ sendall(e, mode) queueonly: if (e->e_nrcpts > 0) e->e_flags |= EF_INQUEUE; + dropenvelope(e, FALSE); + for (ee = splitenv; ee != NULL; ee = ee->e_sibling) + { + if (ee->e_nrcpts > 0) + ee->e_flags |= EF_INQUEUE; + dropenvelope(ee, FALSE); + } return; case SM_FORK: @@ -547,7 +554,7 @@ sendall(e, mode) exit(EX_OK); /* be sure we are immune from the terminal */ - disconnect(1, e); + disconnect(2, e); /* prevent parent from waiting if there was an error */ if (pid < 0) @@ -788,10 +795,10 @@ dofork() */ #ifndef NO_UID -# define NO_UID ((uid_t) -1) +# define NO_UID -1 #endif #ifndef NO_GID -# define NO_GID ((gid_t) -1) +# define NO_GID -1 #endif int @@ -1500,9 +1507,9 @@ tryhost: { int i; int saveerrno; - uid_t new_euid = NO_UID; - uid_t new_ruid = NO_UID; - gid_t new_gid = NO_GID; + int new_euid = NO_UID; + int new_ruid = NO_UID; + int new_gid = NO_GID; struct stat stb; extern int DtableSize; @@ -1765,12 +1772,13 @@ tryhost: } #endif + /* clear out per-message flags from connection structure */ + mci->mci_flags &= ~(MCIF_CVT7TO8|MCIF_CVT8TO7); + if (bitset(EF_HAS8BIT, e->e_flags) && !bitset(EF_DONT_MIME, e->e_flags) && bitnset(M_7BITS, m->m_flags)) mci->mci_flags |= MCIF_CVT8TO7; - else - mci->mci_flags &= ~MCIF_CVT8TO7; #if MIME7TO8 if (bitnset(M_MAKE8BIT, m->m_flags) && @@ -2000,7 +2008,7 @@ tryhost: e->e_statmsg = NULL; /* reset the mci state for the next transaction */ - if (mci->mci_state == MCIS_ACTIVE) + if (mci != NULL && mci->mci_state == MCIS_ACTIVE) mci->mci_state = MCIS_OPEN; } # endif @@ -2014,7 +2022,7 @@ tryhost: #if SMTP /* now close the connection */ - if (clever && mci->mci_state != MCIS_CLOSED && + if (clever && mci != NULL && mci->mci_state != MCIS_CLOSED && !bitset(MCIF_CACHED, mci->mci_flags)) smtpquit(m, mci, e); #endif diff --git a/usr.sbin/sendmail/src/envelope.c b/usr.sbin/sendmail/src/envelope.c index 6781522..c5e98f7e 100644 --- a/usr.sbin/sendmail/src/envelope.c +++ b/usr.sbin/sendmail/src/envelope.c @@ -33,7 +33,7 @@ */ #ifndef lint -static char sccsid[] = "@(#)envelope.c 8.99 (Berkeley) 12/1/96"; +static char sccsid[] = "@(#)envelope.c 8.101 (Berkeley) 12/16/96"; #endif /* not lint */ #include "sendmail.h" @@ -275,11 +275,14 @@ dropenvelope(e, fulldrop) if (bitset(EF_FATALERRS, e->e_flags) && !failure_return) { - failure_return = TRUE; for (q = e->e_sendqueue; q != NULL; q = q->q_next) { - if (!bitset(QDONTSEND, q->q_flags)) + if (!bitset(QDONTSEND, q->q_flags) && + bitset(QPINGONFAILURE, q->q_flags)) + { + failure_return = TRUE; q->q_flags |= QBADADDR; + } } } @@ -640,6 +643,8 @@ closexscript(e) ** e -- the envelope in which we would like the sender set. ** delimptr -- if non-NULL, set to the location of the ** trailing delimiter. +** delimchar -- the character that will delimit the sender +** address. ** internal -- set if this address is coming from an internal ** source such as an owner alias. ** @@ -651,16 +656,16 @@ closexscript(e) */ void -setsender(from, e, delimptr, internal) +setsender(from, e, delimptr, delimchar, internal) char *from; register ENVELOPE *e; char **delimptr; + int delimchar; bool internal; { register char **pvp; char *realname = NULL; register struct passwd *pw; - char delimchar; char *bp; char buf[MAXNAME + 2]; char pvpbuf[PSBUFSIZE]; @@ -683,7 +688,6 @@ setsender(from, e, delimptr, internal) if (ConfigLevel < 2) SuprErrs = TRUE; - delimchar = internal ? '\0' : ' '; e->e_from.q_flags = QBADADDR; if (from == NULL || parseaddr(from, &e->e_from, RF_COPYALL|RF_SENDERADDR, diff --git a/usr.sbin/sendmail/src/headers.c b/usr.sbin/sendmail/src/headers.c index ba1845d..d40d95f 100644 --- a/usr.sbin/sendmail/src/headers.c +++ b/usr.sbin/sendmail/src/headers.c @@ -33,7 +33,7 @@ */ #ifndef lint -static char sccsid[] = "@(#)headers.c 8.101 (Berkeley) 11/23/96"; +static char sccsid[] = "@(#)headers.c 8.103 (Berkeley) 12/11/96"; #endif /* not lint */ # include <errno.h> @@ -569,7 +569,7 @@ eatheader(e, full) if (tTd(32, 2)) printf("eatheader: setsender(*%s == %s)\n", hi->hi_field, p); - setsender(p, e, NULL, TRUE); + setsender(p, e, NULL, '\0', TRUE); } } @@ -1165,7 +1165,11 @@ putheader(mci, hdr, e) /* suppress return receipts if requested */ if (bitset(H_RECEIPTTO, h->h_flags) && +#if _FFR_DSN_RRT + (RrtImpliesDsn || bitset(EF_NORECEIPT, e->e_flags))) +#else bitset(EF_NORECEIPT, e->e_flags)) +#endif { if (tTd(34, 11)) printf(" (skipped (receipt))\n"); diff --git a/usr.sbin/sendmail/src/main.c b/usr.sbin/sendmail/src/main.c index fbd954a..3c30fb3 100644 --- a/usr.sbin/sendmail/src/main.c +++ b/usr.sbin/sendmail/src/main.c @@ -39,7 +39,7 @@ static char copyright[] = #endif /* not lint */ #ifndef lint -static char sccsid[] = "@(#)main.c 8.223 (Berkeley) 12/1/96"; +static char sccsid[] = "@(#)main.c 8.230 (Berkeley) 1/17/97"; #endif /* not lint */ #define _DEFINE @@ -145,12 +145,12 @@ main(argc, argv, envp) extern char *optarg; extern char **environ; extern time_t convtime(); - extern void intsig(); + extern SIGFUNC_DECL intsig __P((int)); extern struct hostent *myhostname(); extern char *getauthinfo(); extern char *getcfname(); - extern void sigusr1(); - extern void sighup(); + extern SIGFUNC_DECL sigusr1 __P((int)); + extern SIGFUNC_DECL sighup __P((int)); extern void initmacros __P((ENVELOPE *)); extern void init_md __P((int, char **)); extern int getdtsize __P((void)); @@ -165,6 +165,7 @@ main(argc, argv, envp) extern void printqueue __P((void)); extern void sendtoargv __P((char **, ENVELOPE *)); extern void resetlimits __P((void)); + extern void drop_privileges __P((void)); /* ** Check to see if we reentered. @@ -228,6 +229,9 @@ main(argc, argv, envp) tTsetup(tTdvect, sizeof tTdvect, "0-99.1"); + /* drop group id privileges (RunAsUser not yet set) */ + drop_privileges(); + /* Handle any non-getoptable constructions. */ obsolete(argv); @@ -245,7 +249,7 @@ main(argc, argv, envp) # define OPTIONS "B:b:C:cd:e:F:f:h:IiM:mN:nO:o:p:q:R:r:sTtUV:vX:" #endif opterr = 0; - while ((j = getopt(argc, argv, OPTIONS)) != EOF) + while ((j = getopt(argc, argv, OPTIONS)) != -1) { switch (j) { @@ -511,7 +515,7 @@ main(argc, argv, envp) OpMode = MD_PURGESTAT; optind = 1; - while ((j = getopt(argc, argv, OPTIONS)) != EOF) + while ((j = getopt(argc, argv, OPTIONS)) != -1) { switch (j) { @@ -806,10 +810,7 @@ main(argc, argv, envp) if (OpMode != MD_DAEMON && OpMode != MD_FGDAEMON) { /* drop privileges -- daemon mode done after socket/bind */ - if (RunAsGid != 0) - (void) setgid(RunAsGid); - if (RunAsUid != 0) - (void) setuid(RunAsUid); + drop_privileges(); } /* @@ -900,6 +901,20 @@ main(argc, argv, envp) printf("Warning: HostStatusDirectory required for SingleThreadDelivery\n"); } + /* check for permissions */ + if ((OpMode == MD_DAEMON || OpMode == MD_PURGESTAT) && RealUid != 0) + { +#ifdef LOG + if (LogLevel > 1) + syslog(LOG_ALERT, "user %d attempted to %s", + RealUid, + OpMode == MD_DAEMON ? "run daemon" + : "purge host status"); +#endif + usrerr("Permission denied"); + exit(EX_USAGE); + } + if (MeToo) BlankEnvelope.e_flags |= EF_METOO; @@ -916,17 +931,6 @@ main(argc, argv, envp) /* fall through ... */ case MD_DAEMON: - /* check for permissions */ - if (RealUid != 0) - { -#ifdef LOG - if (LogLevel > 1) - syslog(LOG_ALERT, "user %d attempted to run daemon", - RealUid); -#endif - usrerr("Permission denied"); - exit(EX_USAGE); - } vendor_daemon_setup(CurEnv); /* remove things that don't make sense in daemon mode */ @@ -948,6 +952,11 @@ main(argc, argv, envp) Verbose = TRUE; /* fall through... */ + case MD_PRINT: + /* to handle sendmail -bp -qSfoobar properly */ + queuemode = FALSE; + /* fall through... */ + default: /* arrange to exit cleanly on hangup signal */ if (setsignal(SIGHUP, SIG_IGN) == (sigfunc_t) SIG_DFL) @@ -1214,7 +1223,7 @@ main(argc, argv, envp) if (OpMode == MD_TEST) { char buf[MAXLINE]; - void intindebug(); + SIGFUNC_DECL intindebug __P((int)); if (isatty(fileno(stdin))) Verbose = TRUE; @@ -1318,10 +1327,7 @@ main(argc, argv, envp) nullserver = getrequests(CurEnv); /* drop privileges */ - if (RunAsGid != 0) - (void) setgid(RunAsGid); - if (RunAsUid != 0) - (void) setuid(RunAsUid); + drop_privileges(); /* at this point we are in a child: reset state */ (void) newenvelope(CurEnv, CurEnv); @@ -1385,7 +1391,7 @@ main(argc, argv, envp) if (warn_f_flag != '\0' && !wordinclass(RealUserName, 't')) auth_warning(CurEnv, "%s set sender to %s using -%c", RealUserName, from, warn_f_flag); - setsender(from, CurEnv, NULL, FALSE); + setsender(from, CurEnv, NULL, '\0', FALSE); if (macvalue('s', CurEnv) == NULL) define('s', RealHostName, CurEnv); @@ -1450,10 +1456,12 @@ main(argc, argv, envp) } -void -intindebug() +SIGFUNC_DECL +intindebug(sig) + int sig; { longjmp(TopFrame, 1); + return SIGFUNC_RETURN; } @@ -1528,8 +1536,9 @@ finis() ** Unlocks the current job. */ -void -intsig() +SIGFUNC_DECL +intsig(sig) + int sig; { #ifdef LOG if (LogLevel > 79) @@ -1944,15 +1953,18 @@ dumpstate(when) } -void -sigusr1() +SIGFUNC_DECL +sigusr1(sig) + int sig; { dumpstate("user signal"); + return SIGFUNC_RETURN; } -void -sighup() +SIGFUNC_DECL +sighup(sig) + int sig; { if (SaveArgv[0][0] != '/') { @@ -1984,6 +1996,31 @@ sighup() exit(EX_OSFILE); } /* +** DROP_PRIVILEGES -- reduce privileges to those of the RunAsUser option +** +** Parameters: +** none. +** +** Returns: +** none. +*/ + +void +drop_privileges() +{ +#ifdef NGROUPS_MAX + /* reset group permissions; these can be set later */ + GIDSET_T emptygidset[NGROUPS_MAX]; + + emptygidset[0] = RunAsGid == 0 ? getegid() : RunAsGid; + (void) setgroups(1, emptygidset); +#endif + if (RunAsGid != 0) + (void) setgid(RunAsGid); + if (RunAsUid != 0) + (void) setuid(RunAsUid); +} +/* ** TESTMODELINE -- process a test mode input line ** ** Parameters: diff --git a/usr.sbin/sendmail/src/map.c b/usr.sbin/sendmail/src/map.c index 1b0f086..3d40d62 100644 --- a/usr.sbin/sendmail/src/map.c +++ b/usr.sbin/sendmail/src/map.c @@ -33,7 +33,7 @@ */ #ifndef lint -static char sccsid[] = "@(#)map.c 8.146 (Berkeley) 11/24/96"; +static char sccsid[] = "@(#)map.c 8.147 (Berkeley) 1/17/97"; #endif /* not lint */ #include "sendmail.h" @@ -1610,7 +1610,8 @@ nis_getcanonname(name, hbsize, statp) #ifdef NISPLUS -#undef NIS /* symbol conflict in nis.h */ +#undef NIS /* symbol conflict in nis.h */ +#undef T_UNSPEC /* symbol conflict in nis.h -> ... -> sys/tiuser.h */ #include <rpcsvc/nis.h> #include <rpcsvc/nislib.h> diff --git a/usr.sbin/sendmail/src/mime.c b/usr.sbin/sendmail/src/mime.c index bdb91a2..999c5ab 100644 --- a/usr.sbin/sendmail/src/mime.c +++ b/usr.sbin/sendmail/src/mime.c @@ -36,7 +36,7 @@ # include <string.h> #ifndef lint -static char sccsid[] = "@(#)mime.c 8.51 (Berkeley) 11/24/96"; +static char sccsid[] = "@(#)mime.c 8.54 (Berkeley) 1/14/97"; #endif /* not lint */ /* @@ -958,10 +958,8 @@ mime7to8(mci, header, e) register char *p; char *cte; char **pvp; - u_char *obp; u_char *fbufp; char buf[MAXLINE]; - u_char obuf[MAXLINE + 1]; u_char fbuf[MAXLINE + 1]; char pvpbuf[MAXLINE]; extern u_char MimeTokenTab[256]; @@ -1045,9 +1043,10 @@ mime7to8(mci, header, e) c2 = CHAR64(c2); *fbufp = (c1 << 2) | ((c2 & 0x30) >> 4); - if (*fbufp++ == '\n' || fbuf >= &fbuf[MAXLINE]) + if (*fbufp++ == '\n' || fbufp >= &fbuf[MAXLINE]) { - if (*--fbufp != '\n' || *--fbufp != '\r') + if (*--fbufp != '\n' || + (fbufp > fbuf && *--fbufp != '\r')) fbufp++; *fbufp = '\0'; putline((char *) fbuf, mci); @@ -1057,9 +1056,10 @@ mime7to8(mci, header, e) continue; c3 = CHAR64(c3); *fbufp = ((c2 & 0x0f) << 4) | ((c3 & 0x3c) >> 2); - if (*fbufp++ == '\n' || fbuf >= &fbuf[MAXLINE]) + if (*fbufp++ == '\n' || fbufp >= &fbuf[MAXLINE]) { - if (*--fbufp != '\n' || *--fbufp != '\r') + if (*--fbufp != '\n' || + (fbufp > fbuf && *--fbufp != '\r')) fbufp++; *fbufp = '\0'; putline((char *) fbuf, mci); @@ -1069,36 +1069,38 @@ mime7to8(mci, header, e) continue; c4 = CHAR64(c4); *fbufp = ((c3 & 0x03) << 6) | c4; - if (*fbufp++ == '\n' || fbuf >= &fbuf[MAXLINE]) + if (*fbufp++ == '\n' || fbufp >= &fbuf[MAXLINE]) { - if (*--fbufp != '\n' || *--fbufp != '\r') + if (*--fbufp != '\n' || + (fbufp > fbuf && *--fbufp != '\r')) fbufp++; *fbufp = '\0'; putline((char *) fbuf, mci); fbufp = fbuf; } } - - /* force out partial last line */ - if (fbufp > fbuf) - { - *fbufp = '\0'; - putline((char *) fbuf, mci); - } } else { /* quoted-printable */ - obp = obuf; + fbufp = fbuf; while (fgets(buf, sizeof buf, e->e_dfp) != NULL) { - if (mime_fromqp((u_char *) buf, &obp, 0, &obuf[MAXLINE] - obp) == 0) + if (mime_fromqp((u_char *) buf, &fbufp, 0, + &fbuf[MAXLINE] - fbufp) == 0) continue; - putline((char *) obuf, mci); - obp = obuf; + putline((char *) fbuf, mci); + fbufp = fbuf; } } + + /* force out partial last line */ + if (fbufp > fbuf) + { + *fbufp = '\0'; + putline((char *) fbuf, mci); + } if (tTd(43, 3)) printf("\t\t\tmime7to8 => %s to 8bit done\n", cte); } diff --git a/usr.sbin/sendmail/src/queue.c b/usr.sbin/sendmail/src/queue.c index 5d00b9f..2afa73d 100644 --- a/usr.sbin/sendmail/src/queue.c +++ b/usr.sbin/sendmail/src/queue.c @@ -36,9 +36,9 @@ #ifndef lint #if QUEUE -static char sccsid[] = "@(#)queue.c 8.145 (Berkeley) 12/2/96 (with queueing)"; +static char sccsid[] = "@(#)queue.c 8.153 (Berkeley) 1/14/97 (with queueing)"; #else -static char sccsid[] = "@(#)queue.c 8.145 (Berkeley) 12/2/96 (without queueing)"; +static char sccsid[] = "@(#)queue.c 8.153 (Berkeley) 1/14/97 (without queueing)"; #endif #endif /* not lint */ @@ -68,10 +68,6 @@ WORK *WorkQ; /* queue of things to be done */ #define QF_VERSION 2 /* version number of this queue format */ -#if !defined(NGROUPS_MAX) && defined(NGROUPS) -# define NGROUPS_MAX NGROUPS /* POSIX naming convention */ -#endif - extern int orderq __P((bool)); /* ** QUEUEUP -- queue a message up for future transmission. @@ -553,6 +549,7 @@ runqueue(forkflag, verbose) extern ENVELOPE BlankEnvelope; extern void clrdaemon __P((void)); extern void runqueueevent __P((bool)); + extern void drop_privileges __P((void)); /* ** If no work will ever be selected, don't even bother reading @@ -561,7 +558,7 @@ runqueue(forkflag, verbose) CurrentLA = getla(); /* get load average */ - if (shouldqueue(0L, curtime())) + if (CurrentLA >= QueueLA) { char *msg = "Skipping queue run -- load average too high"; @@ -583,9 +580,9 @@ runqueue(forkflag, verbose) if (forkflag) { pid_t pid; - extern void intsig(); + extern SIGFUNC_DECL intsig __P((int)); #ifdef SIGCHLD - extern void reapchild(); + extern SIGFUNC_DECL reapchild __P((int)); blocksignal(SIGCHLD); (void) setsignal(SIGCHLD, reapchild); @@ -633,7 +630,6 @@ runqueue(forkflag, verbose) (void) setsignal(SIGCHLD, SIG_DFL); #endif /* SIGCHLD */ (void) setsignal(SIGHUP, intsig); - Verbose = FALSE; } setproctitle("running queue: %s", QueueDir); @@ -657,12 +653,7 @@ runqueue(forkflag, verbose) /* drop privileges */ if (geteuid() == (uid_t) 0) - { - if (RunAsGid != (gid_t) 0) - (void) setgid(RunAsGid); - if (RunAsUid != (uid_t) 0) - (void) setuid(RunAsUid); - } + drop_privileges(); /* ** Create ourselves an envelope @@ -672,6 +663,10 @@ runqueue(forkflag, verbose) e = newenvelope(&QueueEnvelope, CurEnv); e->e_flags = BlankEnvelope.e_flags; + /* make sure we have disconnected from parent */ + if (forkflag) + disconnect(1, e); + /* ** Make sure the alias database is open. */ @@ -1569,12 +1564,13 @@ readqf(e) { case 'V': /* queue file version number */ qfver = atoi(&bp[1]); - if (qfver > QF_VERSION) - { - syserr("Version number in qf (%d) greater than max (%d)", - qfver, QF_VERSION); - } - break; + if (qfver <= QF_VERSION) + break; + syserr("Version number in qf (%d) greater than max (%d)", + qfver, QF_VERSION); + fclose(qfp); + loseqfile(e, "unsupported qf file version"); + return FALSE; case 'C': /* specify controlling user */ ctladdr = setctluser(&bp[1], qfver); @@ -1645,7 +1641,7 @@ readqf(e) break; case 'S': /* sender */ - setsender(newstr(&bp[1]), e, NULL, TRUE); + setsender(newstr(&bp[1]), e, NULL, '\0', TRUE); break; case 'B': /* body type */ diff --git a/usr.sbin/sendmail/src/readcf.c b/usr.sbin/sendmail/src/readcf.c index 58c4a3a..ca0100f 100644 --- a/usr.sbin/sendmail/src/readcf.c +++ b/usr.sbin/sendmail/src/readcf.c @@ -33,7 +33,7 @@ */ #ifndef lint -static char sccsid[] = "@(#)readcf.c 8.181 (Berkeley) 12/1/96"; +static char sccsid[] = "@(#)readcf.c 8.184 (Berkeley) 1/14/97"; #endif /* not lint */ # include "sendmail.h" @@ -1482,6 +1482,14 @@ struct optioninfo { "SingleThreadDelivery", O_SINGTHREAD, FALSE }, #define O_RUNASUSER 0x9d { "RunAsUser", O_RUNASUSER, FALSE }, +#ifdef _FFR_DSN_RRT +#define O_DSN_RRT 0x9e + { "RrtImpliesDsn", O_DSN_RRT, FALSE }, +#endif +#ifdef _FFR_PIDFILE_OPT +#define O_PIDFILE 0x9f + { "PidFile", O_PIDFILE, FALSE }, +#endif { NULL, '\0', FALSE } }; @@ -2264,6 +2272,19 @@ setoption(opt, val, safe, sticky, e) } break; +#ifdef _FFR_DSN_RRT + case O_DSN_RRT: + RrtImpliesDsn = atobool(p); + break; +#endif + +#ifdef _FFR_PIDFILE_OPT + case O_PIDFILE: + free(PidFile); + PidFile = newstr(p); + break; +#endif + default: if (tTd(37, 1)) { diff --git a/usr.sbin/sendmail/src/savemail.c b/usr.sbin/sendmail/src/savemail.c index 4abad53..0d949f8 100644 --- a/usr.sbin/sendmail/src/savemail.c +++ b/usr.sbin/sendmail/src/savemail.c @@ -33,7 +33,7 @@ */ #ifndef lint -static char sccsid[] = "@(#)savemail.c 8.101 (Berkeley) 11/24/96"; +static char sccsid[] = "@(#)savemail.c 8.103 (Berkeley) 1/18/97"; #endif /* not lint */ # include "sendmail.h" @@ -643,7 +643,7 @@ returntosender(msg, returnq, flags, e) markstats(ee, NULLADDR); /* actually deliver the error message */ - sendall(ee, SM_DEFAULT); + sendall(ee, SM_DELIVER); /* restore state */ dropenvelope(ee, TRUE); @@ -1388,7 +1388,8 @@ xuntextify(t) ** XTEXTOK -- check if a string is legal xtext ** ** Xtext is used in Delivery Status Notifications. The spec was -** taken from draft-ietf-notary-mime-delivery-04.txt. +** taken from RFC 1891, ``SMTP Service Extension for Delivery +** Status Notifications''. ** ** Parameters: ** s -- the string to check. diff --git a/usr.sbin/sendmail/src/sendmail.8 b/usr.sbin/sendmail/src/sendmail.8 index f7c8750..81a4440 100644 --- a/usr.sbin/sendmail/src/sendmail.8 +++ b/usr.sbin/sendmail/src/sendmail.8 @@ -29,9 +29,9 @@ .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" -.\" @(#)sendmail.8 8.10 (Berkeley) 9/20/96 +.\" @(#)sendmail.8 8.11 (Berkeley) 1/16/97 .\" -.Dd September 20, 1996 +.Dd January 16, 1997 .Dt SENDMAIL 8 .Os BSD 4 .Sh NAME @@ -293,7 +293,7 @@ be set when called by a network delivery agent such as .Nm rmail . .It Fl V Ar envid Set the original envelope id. -This is propogated across SMTP to servers that support DSNs +This is propagated across SMTP to servers that support DSNs and is returned in DSN-compliant error messages. .It Fl v Go into verbose mode. diff --git a/usr.sbin/sendmail/src/sendmail.h b/usr.sbin/sendmail/src/sendmail.h index 6aba9ab..9c0e3e2 100644 --- a/usr.sbin/sendmail/src/sendmail.h +++ b/usr.sbin/sendmail/src/sendmail.h @@ -31,7 +31,7 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * @(#)sendmail.h 8.216 (Berkeley) 12/1/96 + * @(#)sendmail.h 8.219 (Berkeley) 1/14/97 */ /* @@ -41,7 +41,7 @@ # ifdef _DEFINE # define EXTERN # ifndef lint -static char SmailSccsId[] = "@(#)sendmail.h 8.216 12/1/96"; +static char SmailSccsId[] = "@(#)sendmail.h 8.219 1/14/97"; # endif # else /* _DEFINE */ # define EXTERN extern @@ -1135,7 +1135,7 @@ EXTERN bool HasWildcardMX; /* don't use MX records when canonifying */ EXTERN char SpaceSub; /* substitution for <lwsp> */ EXTERN int PrivacyFlags; /* privacy flags */ EXTERN char *ConfFile; /* location of configuration file [conf.c] */ -extern char *PidFile; /* location of proc id file [conf.c] */ +EXTERN char *PidFile; /* location of proc id file [conf.c] */ extern ADDRESS NullAddress; /* a null (template) address [main.c] */ EXTERN long WkClassFact; /* multiplier for message class -> priority */ EXTERN long WkRecipFact; /* multiplier for # of recipients -> priority */ @@ -1165,6 +1165,9 @@ EXTERN bool AllowBogusHELO; /* allow syntax errors on HELO command */ EXTERN bool UserSubmission; /* initial (user) mail submission */ EXTERN uid_t RunAsUid; /* UID to become for bulk of run */ EXTERN gid_t RunAsGid; /* GID to become for bulk of run */ +#ifdef _FFR_DSN_RRT +EXTERN bool RrtImpliesDsn; /* turn Return-Receipt-To: into DSN */ +#endif EXTERN bool IgnoreHostStatus; /* ignore long term host status files */ EXTERN bool SingleThreadDelivery; /* single thread hosts on delivery */ EXTERN bool UnsafeGroupWrites; /* group-writable files are unsafe */ @@ -1291,7 +1294,7 @@ extern void makelower __P((char *)); extern void rebuildaliases __P((MAP *, bool)); extern void readaliases __P((MAP *, FILE *, bool, bool)); extern void finis __P(()); -extern void setsender __P((char *, ENVELOPE *, char **, bool)); +extern void setsender __P((char *, ENVELOPE *, char **, int, bool)); extern FILE *safefopen __P((char *, int, int, int)); extern void xputs __P((const char *)); extern void logsender __P((ENVELOPE *, char *)); diff --git a/usr.sbin/sendmail/src/srvrsmtp.c b/usr.sbin/sendmail/src/srvrsmtp.c index 895cce5..83bd463 100644 --- a/usr.sbin/sendmail/src/srvrsmtp.c +++ b/usr.sbin/sendmail/src/srvrsmtp.c @@ -36,9 +36,9 @@ #ifndef lint #if SMTP -static char sccsid[] = "@(#)srvrsmtp.c 8.131 (Berkeley) 12/1/96 (with SMTP)"; +static char sccsid[] = "@(#)srvrsmtp.c 8.136 (Berkeley) 1/17/97 (with SMTP)"; #else -static char sccsid[] = "@(#)srvrsmtp.c 8.131 (Berkeley) 12/1/96 (without SMTP)"; +static char sccsid[] = "@(#)srvrsmtp.c 8.136 (Berkeley) 1/17/97 (without SMTP)"; #endif #endif /* not lint */ @@ -121,7 +121,11 @@ char *CurSmtpClient; /* who's at the other end of channel */ static char *skipword(); -#define MAXBADCOMMANDS 25 /* maximum number of bad commands */ +#define MAXBADCOMMANDS 25 /* maximum number of bad commands */ +#define MAXNOOPCOMMANDS 20 /* max "noise" commands before slowdown */ +#define MAXHELOCOMMANDS 3 /* max HELO/EHLO commands before slowdown */ +#define MAXVRFYCOMMANDS 6 /* max VRFY/EXPN commands before slowdown */ +#define MAXETRNCOMMANDS 8 /* max ETRN commands before slowdown */ void smtp(nullserver, e) @@ -146,6 +150,8 @@ smtp(nullserver, e) volatile int badcommands = 0; /* count of bad commands */ volatile int nverifies = 0; /* count of VRFY/EXPN commands */ volatile int n_etrn = 0; /* count of ETRN commands */ + volatile int n_noop = 0; /* count of NOOP/VERB/ONEX etc cmds */ + volatile int n_helo = 0; /* count of HELO/EHLO commands */ bool ok; char inp[MAXLINE]; char cmdbuf[MAXLINE]; @@ -154,6 +160,7 @@ smtp(nullserver, e) extern void settime __P((ENVELOPE *)); extern bool enoughdiskspace __P((long)); extern int runinchild __P((char *, ENVELOPE *)); + extern void checksmtpattack __P((volatile int *, int, char *)); if (fileno(OutChannel) != fileno(stdout)) { @@ -303,10 +310,23 @@ smtp(nullserver, e) ** to everything. */ - if (nullserver && c->cmdcode != CMDQUIT) + if (nullserver) { - message("550 Access denied"); - continue; + switch (c->cmdcode) + { + case CMDQUIT: + case CMDHELO: + case CMDEHLO: + case CMDNOOP: + /* process normally */ + break; + + default: + if (++badcommands > MAXBADCOMMANDS) + sleep(1); + message("550 Access denied"); + continue; + } } /* non-null server */ @@ -325,6 +345,17 @@ smtp(nullserver, e) SmtpPhase = "server HELO"; } + /* avoid denial-of-service */ + checksmtpattack(&n_helo, MAXHELOCOMMANDS, "HELO/EHLO"); + + /* check for duplicate HELO/EHLO per RFC 1651 4.2 */ + if (gothello) + { + message("503 %s Duplicate HELO/EHLO", + MyHostName); + break; + } + /* check for valid domain name (re 1123 5.2.5) */ if (*p == '\0' && !AllowBogusHELO) { @@ -355,20 +386,15 @@ smtp(nullserver, e) if (!AllowBogusHELO) message("501 Invalid domain name"); else + { message("250 %s Invalid domain name, accepting anyway", MyHostName); + gothello = TRUE; + } break; } } - /* check for duplicate HELO/EHLO per RFC 1651 4.2 */ - if (gothello) - { - message("503 %s Duplicate HELO/EHLO", - MyHostName); - break; - } - sendinghost = newstr(p); gothello = TRUE; if (c->cmdcode != CMDEHLO) @@ -484,7 +510,7 @@ smtp(nullserver, e) /* must parse sender first */ delimptr = NULL; - setsender(p, e, &delimptr, FALSE); + setsender(p, e, &delimptr, ' ', FALSE); if (delimptr != NULL && *delimptr != '\0') *delimptr++ = '\0'; @@ -775,18 +801,8 @@ smtp(nullserver, e) case CMDVRFY: /* vrfy -- verify address */ case CMDEXPN: /* expn -- expand address */ - if (++nverifies >= MAXBADCOMMANDS) - { -#ifdef LOG - if (nverifies == MAXBADCOMMANDS && - LogLevel > 5) - { - syslog(LOG_INFO, "%.100s: VRFY attack?", - CurSmtpClient); - } -#endif - sleep(1); - } + checksmtpattack(&nverifies, MAXVRFYCOMMANDS, + c->cmdcode == CMDVRFY ? "VRFY" : "EXPN"); vrfy = c->cmdcode == CMDVRFY; if (bitset(vrfy ? PRIV_NOVRFY : PRIV_NOEXPN, PrivacyFlags)) @@ -867,8 +883,8 @@ smtp(nullserver, e) } /* crude way to avoid denial-of-service attacks */ - if (n_etrn++ >= 3) - sleep(3); + checksmtpattack(&n_etrn, MAXETRNCOMMANDS, "ETRN"); + id = p; if (*id == '@') id++; @@ -892,6 +908,7 @@ smtp(nullserver, e) break; case CMDNOOP: /* noop -- do nothing */ + checksmtpattack(&n_noop, MAXNOOPCOMMANDS, "NOOP"); message("250 OK"); break; @@ -916,17 +933,20 @@ doquit: message("502 Verbose unavailable"); break; } + checksmtpattack(&n_noop, MAXNOOPCOMMANDS, "VERB"); Verbose = TRUE; e->e_sendmode = SM_DELIVER; message("250 Verbose mode"); break; case CMDONEX: /* doing one transaction only */ + checksmtpattack(&n_noop, MAXNOOPCOMMANDS, "ONEX"); OneXact = TRUE; message("250 Only one transaction"); break; case CMDXUSR: /* initial (user) submission */ + checksmtpattack(&n_noop, MAXNOOPCOMMANDS, "XUSR"); UserSubmission = TRUE; message("250 Initial submission"); break; @@ -976,6 +996,40 @@ doquit: } } /* +** CHECKSMTPATTACK -- check for denial-of-service attack by repetition +** +** Parameters: +** pcounter -- pointer to a counter for this command. +** maxcount -- maximum value for this counter before we +** slow down. +** cname -- command name for logging. +** +** Returns: +** none. +** +** Side Effects: +** Slows down if we seem to be under attack. +*/ + +void +checksmtpattack(pcounter, maxcount, cname) + volatile int *pcounter; + int maxcount; + char *cname; +{ + if (++(*pcounter) >= maxcount) + { +#ifdef LOG + if (*pcounter == maxcount && LogLevel > 5) + { + syslog(LOG_INFO, "%.100s: %.40s attack?", + CurSmtpClient, cname); + } +#endif + sleep(*pcounter / maxcount); + } +} +/* ** SKIPWORD -- skip a fixed word. ** ** Parameters: diff --git a/usr.sbin/sendmail/src/udb.c b/usr.sbin/sendmail/src/udb.c index 8c34c23..bb54ee8 100644 --- a/usr.sbin/sendmail/src/udb.c +++ b/usr.sbin/sendmail/src/udb.c @@ -36,9 +36,9 @@ #ifndef lint #if USERDB -static char sccsid [] = "@(#)udb.c 8.46 (Berkeley) 12/1/96 (with USERDB)"; +static char sccsid [] = "@(#)udb.c 8.47 (Berkeley) 12/6/96 (with USERDB)"; #else -static char sccsid [] = "@(#)udb.c 8.46 (Berkeley) 12/1/96 (without USERDB)"; +static char sccsid [] = "@(#)udb.c 8.47 (Berkeley) 12/6/96 (without USERDB)"; #endif #endif @@ -275,7 +275,7 @@ udbexpand(a, sendq, aliaslevel, e) userleft--; } bcopy(info.data, p, info.size); - user[info.size] = '\0'; + p[info.size] = '\0'; userleft -= info.size; /* get the next record */ diff --git a/usr.sbin/sendmail/src/usersmtp.c b/usr.sbin/sendmail/src/usersmtp.c index 7bd976b..d98841a 100644 --- a/usr.sbin/sendmail/src/usersmtp.c +++ b/usr.sbin/sendmail/src/usersmtp.c @@ -36,9 +36,9 @@ #ifndef lint #if SMTP -static char sccsid[] = "@(#)usersmtp.c 8.79 (Berkeley) 12/1/96 (with SMTP)"; +static char sccsid[] = "@(#)usersmtp.c 8.80 (Berkeley) 1/18/97 (with SMTP)"; #else -static char sccsid[] = "@(#)usersmtp.c 8.79 (Berkeley) 12/1/96 (without SMTP)"; +static char sccsid[] = "@(#)usersmtp.c 8.80 (Berkeley) 1/18/97 (without SMTP)"; #endif #endif /* not lint */ @@ -493,6 +493,12 @@ smtpmailfrom(m, mci, e) smtpquit(m, mci, e); return EX_TEMPFAIL; } + else if (r == 452 && bitset(MCIF_SIZE, mci->mci_flags) && + e->e_msgsize > 0) + { + mci_setstat(mci, EX_NOTSTICKY, smtptodsn(r), SmtpReplyBuffer); + return EX_TEMPFAIL; + } else if (REPLYTYPE(r) == 4) { mci_setstat(mci, EX_TEMPFAIL, smtptodsn(r), SmtpReplyBuffer); @@ -684,6 +690,7 @@ smtpdata(m, mci, e) register int r; register EVENT *ev; int rstat; + int xstat; time_t timeout; /* @@ -790,17 +797,22 @@ smtpdata(m, mci, e) return EX_TEMPFAIL; } mci->mci_state = MCIS_OPEN; - if (REPLYTYPE(r) == 4) + xstat = EX_NOTSTICKY; + if (r == 452) rstat = EX_TEMPFAIL; + else if (r == 552) + rstat = EX_UNAVAILABLE; + else if (REPLYTYPE(r) == 4) + rstat = xstat = EX_TEMPFAIL; else if (REPLYCLASS(r) != 5) - rstat = EX_PROTOCOL; + rstat = xstat = EX_PROTOCOL; else if (REPLYTYPE(r) == 2) - rstat = EX_OK; + rstat = xstat = EX_OK; else if (REPLYTYPE(r) == 5) - rstat = EX_UNAVAILABLE; + rstat = xstat = EX_UNAVAILABLE; else rstat = EX_PROTOCOL; - mci_setstat(mci, rstat, smtptodsn(r), SmtpReplyBuffer); + mci_setstat(mci, xstat, smtptodsn(r), SmtpReplyBuffer); if (e->e_statmsg != NULL) free(e->e_statmsg); e->e_statmsg = newstr(&SmtpReplyBuffer[4]); diff --git a/usr.sbin/sendmail/src/util.c b/usr.sbin/sendmail/src/util.c index eae587ba..dbe7655 100644 --- a/usr.sbin/sendmail/src/util.c +++ b/usr.sbin/sendmail/src/util.c @@ -33,7 +33,7 @@ */ #ifndef lint -static char sccsid[] = "@(#)util.c 8.113 (Berkeley) 11/24/96"; +static char sccsid[] = "@(#)util.c 8.115 (Berkeley) 1/5/97"; #endif /* not lint */ # include "sendmail.h" @@ -313,7 +313,7 @@ xputs(s) { if (bitset(0200, *s)) printf("{%s}", macname(*s++ & 0377)); - else + else if (*s != '\0') printf("%c", *s++); } if (mp->metaname != '\0') @@ -670,7 +670,9 @@ safefile(fn, uid, gid, uname, flags, mode, st) return EPERM; } - if (uid == 0 && !bitset(SFF_ROOTOK, flags)) + if (uid == 0 && bitset(SFF_OPENASROOT, flags)) + ; + else if (uid == 0 && !bitset(SFF_ROOTOK, flags)) mode >>= 6; else if (st->st_uid != uid) { diff --git a/usr.sbin/sendmail/src/version.c b/usr.sbin/sendmail/src/version.c index 617e11a..a6b4f16 100644 --- a/usr.sbin/sendmail/src/version.c +++ b/usr.sbin/sendmail/src/version.c @@ -33,7 +33,7 @@ */ #ifndef lint -static char sccsid[] = "@(#)version.c 8.8.4.4 (Berkeley) 12/2/96"; +static char sccsid[] = "@(#)version.c 8.8.5.3 (Berkeley) 1/21/97"; #endif /* not lint */ -char Version[] = "8.8.4"; +char Version[] = "8.8.5"; |