aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorPeter Wemm <peter@FreeBSD.org>1997-08-04 05:00:07 +0000
committerPeter Wemm <peter@FreeBSD.org>1997-08-04 05:00:07 +0000
commite54babdf0c067b521dc066286e05db2ab1add3df (patch)
tree3c16228d674b46f5459461ac48876de4f2e21e95
parentf3a1fc342b4423150f71e23e50f24d073a6d238b (diff)
downloadsrc-e54babdf0c067b521dc066286e05db2ab1add3df.tar.gz
src-e54babdf0c067b521dc066286e05db2ab1add3df.zip
Import sendmail-8.8.7 onto vendor branch.
Obtained from: ftp.sendmail.org
Notes
Notes: svn path=/vendor/sendmail/dist-old/; revision=27876
-rw-r--r--usr.sbin/sendmail/FAQ6
-rw-r--r--usr.sbin/sendmail/READ_ME38
-rw-r--r--usr.sbin/sendmail/RELEASE_NOTES155
-rw-r--r--usr.sbin/sendmail/cf/README135
-rw-r--r--usr.sbin/sendmail/cf/cf/knecht.mc67
-rw-r--r--usr.sbin/sendmail/cf/m4/proto.m46
-rw-r--r--usr.sbin/sendmail/cf/m4/version.m44
-rw-r--r--usr.sbin/sendmail/cf/mailer/fax.m410
-rw-r--r--usr.sbin/sendmail/cf/ostype/nextstep.m43
-rw-r--r--usr.sbin/sendmail/cf/ostype/sco-uw-2.1.m416
-rwxr-xr-xusr.sbin/sendmail/contrib/etrn.pl12
-rw-r--r--usr.sbin/sendmail/contrib/passwd-to-alias.pl4
-rw-r--r--usr.sbin/sendmail/doc/op/op.me34
-rw-r--r--usr.sbin/sendmail/mail.local/mail.local.c39
-rw-r--r--usr.sbin/sendmail/makemap/makemap.84
-rw-r--r--usr.sbin/sendmail/makemap/makemap.c27
-rw-r--r--usr.sbin/sendmail/src/READ_ME29
-rw-r--r--usr.sbin/sendmail/src/TRACEFLAGS3
-rw-r--r--usr.sbin/sendmail/src/collect.c7
-rw-r--r--usr.sbin/sendmail/src/conf.c55
-rw-r--r--usr.sbin/sendmail/src/conf.h169
-rw-r--r--usr.sbin/sendmail/src/daemon.c109
-rw-r--r--usr.sbin/sendmail/src/deliver.c20
-rw-r--r--usr.sbin/sendmail/src/domain.c9
-rw-r--r--usr.sbin/sendmail/src/envelope.c4
-rw-r--r--usr.sbin/sendmail/src/err.c32
-rw-r--r--usr.sbin/sendmail/src/headers.c5
-rw-r--r--usr.sbin/sendmail/src/main.c160
-rw-r--r--usr.sbin/sendmail/src/map.c330
-rw-r--r--usr.sbin/sendmail/src/mci.c10
-rw-r--r--usr.sbin/sendmail/src/parseaddr.c38
-rw-r--r--usr.sbin/sendmail/src/queue.c24
-rw-r--r--usr.sbin/sendmail/src/readcf.c65
-rw-r--r--usr.sbin/sendmail/src/safefile.c32
-rw-r--r--usr.sbin/sendmail/src/savemail.c31
-rw-r--r--usr.sbin/sendmail/src/sendmail.h31
-rw-r--r--usr.sbin/sendmail/src/srvrsmtp.c179
-rw-r--r--usr.sbin/sendmail/src/util.c42
-rw-r--r--usr.sbin/sendmail/src/version.c4
-rw-r--r--usr.sbin/sendmail/test/t_exclopen.c91
40 files changed, 1452 insertions, 587 deletions
diff --git a/usr.sbin/sendmail/FAQ b/usr.sbin/sendmail/FAQ
index 28f957c80b2e..522e7c87ae1d 100644
--- a/usr.sbin/sendmail/FAQ
+++ b/usr.sbin/sendmail/FAQ
@@ -1,11 +1,11 @@
The FAQ is no longer maintained with the sendmail release. It is
posted regularly to comp.mail.sendmail, comp.mail.misc, comp.mail.smail,
comp.answers, and news.answers, and can be obtained via anonymous FTP
-from ftp://rtfm.mit.edu/pub/usenet/news.answers/mail/sendmail-faq.
+from ftp://rtfm.mit.edu/pub/usenet/news.answers/mail/sendmail-faq/.
If you do not have access to anonymous FTP, you can retrieve it by
sending email to mail-server@rtfm.mit.edu with the command "send
usenet/news.answers/mail/sendmail-faq" in the message.
-An HTML version is also available at http://www.sendmail.org/faq.
+An HTML version is also available at http://www.sendmail.org/faq/.
- --Eric Allman 14 June 1997
+ --Eric Allman 19 June 1997
diff --git a/usr.sbin/sendmail/READ_ME b/usr.sbin/sendmail/READ_ME
index e632ca4886fb..08b5affb04f9 100644
--- a/usr.sbin/sendmail/READ_ME
+++ b/usr.sbin/sendmail/READ_ME
@@ -1,5 +1,5 @@
/*-
- * @(#)READ_ME 8.30 (Berkeley) 5/8/97
+ * @(#)READ_ME 8.32 (Berkeley) 7/6/97
*/
SENDMAIL RELEASE 8
@@ -164,10 +164,10 @@ RFC1035.
IF YOU WANT TO RUN THE NEW BERKELEY DB SOFTWARE: **** DO NOT ****
use the version that was on the Net2 tape -- it has a number of
nefarious bugs that were bad enough when I got them; you shouldn't have
-to go through the same thing. Instead, get a new version via public
-FTP from ftp.sleepycat.com, file db/packages/db.1.85.tar.gz. This
-software is highly recommended; it gets rid of several stupid limits, it's
-much faster, and the interface is nicer to animals and plants. You will
+to go through the same thing. Instead, get a new version via the web at
+http://www.sleepycat.com/packages/db.1.85.tar.gz. This software is
+highly recommended; it gets rid of several stupid limits, it's much
+faster, and the interface is nicer to animals and plants. You will
also probably find that you have to add -I/where/you/put/db/include
to the sendmail makefile to get db.h to work properly.
@@ -253,6 +253,34 @@ Makefiles, so you could drop it in as your default make.
For more details, see src/READ_ME.
++-----------------------+
+| DIRECTORY PERMISSIONS |
++-----------------------+
+
+Sendmail often gets blamed for many problems that are actually the
+result of other problems, such as overly permissive modes on directories.
+For this reason, sendmail checks the modes on system directories and
+files to determine if they have been trusted. For sendmail to run
+without complaining, you MUST execute the following command:
+
+ chmod go-w / /etc /usr /var /var/spool /var/spool/mqueue
+
+You will probably have to tweak this for your environment (for example,
+some systems put the spool directory into /usr/spool instead of
+/var/spool). As a general rule, after you have compiled sendmail,
+run the command
+
+ sendmail -v -bi
+
+to initialize the alias database. If it gives messages such as
+
+ WARNING: writable directory /etc
+ WARNING: writable directory /usr/spool/mqueue
+
+then the directories listed have inappropriate write permissions and
+should be secured to avoid various possible security attacks.
+
+
+---------------------+
| DIRECTORY STRUCTURE |
+---------------------+
diff --git a/usr.sbin/sendmail/RELEASE_NOTES b/usr.sbin/sendmail/RELEASE_NOTES
index 77d72f92357c..9f4f3abd54f3 100644
--- a/usr.sbin/sendmail/RELEASE_NOTES
+++ b/usr.sbin/sendmail/RELEASE_NOTES
@@ -1,11 +1,163 @@
SENDMAIL RELEASE NOTES
- @(#)RELEASE_NOTES 8.8.6.11 (Berkeley) 6/14/97
+ @(#)RELEASE_NOTES 8.8.7.7 (Berkeley) 8/3/97
This listing shows the version of the sendmail binary, the version
of the sendmail configuration files, the date of release, and a
summary of the changes in that release.
+8.8.7/8.8.7 97/08/03
+ If using Berkeley DB on systems without O_EXLOCK (open a file with
+ an exclusive lock already set -- i.e., almost all systems
+ except 4.4-BSD derived systems), the initial attempt at
+ rebuilding aliases file if the database didn't already
+ exist would fail. Patch from Raymund Will of LST Software
+ GmbH.
+ Bogus incoming SMTP commands would reset the SMTP conversation.
+ Problem noted by Fredrik Jnsson of the Royal Institute
+ of Technology, Stockholm.
+ Since TCP Wrappers includes setenv(), unsetenv(), and putenv(),
+ some environments could give "multiple definitions" for these
+ routines during compilation. If using TCP Wrappers, assume
+ that these routines are included as though they were in the
+ C library. Patch from Robert La Ferla.
+ When a NEWDB database map was rebuilt at the same time it was being
+ used by a queue run, the maps could be left locked for the
+ duration of the queue run, causing other processes to hang.
+ Problem noted by Kendall Libby of Shore.NET.
+ In some cases, NoRecipientAction=add-bcc was being ignored, so the
+ mail was passed on without any recipient header. This could
+ cause problems downstream. Problem noted by Xander Jansen
+ of SURFnet ExpertiseCentrum.
+ Give error when GDBM is used with sendmail. GDBM's locking and
+ linking of the .dir and .pag files interferes with sendmail's
+ locking and security checks. Problems noted by Fyodor
+ Yarochkin of the Kyrgyz Republic FreeNet.
+ Don't fsync qf files if SuperSafe option is not set.
+ Avoid extra calls to gethostbyname for addresses for which a
+ gethostbyaddr found no value. Also, ignore any returns
+ from gethostbyaddr that look like a dotted quad.
+ If PTR lookup fails when looking up an SMTP peer, don't tag it as
+ "may be forged", since at the network level we pretty much
+ have to assume that the information is good.
+ In some cases, errors during an SMTP session could leave files
+ open or locked.
+ Better handling of missing file descriptors (0, 1, 2) on startup.
+ Better handling of non-setuid binaries -- avoids certain obnoxious
+ errors during testing.
+ Errors in file locking of NEWDB maps had the incorrect file name
+ printed in the error message.
+ If the AllowBogusHELO option were set and an EHLO with a bad or
+ missing parameter were issued, the EHLO behaved like a HELO.
+ Load limiting never kicked in for incoming SMTP transactions if the
+ DeliverMode=background and any recipient was an alias or
+ had a .forward file. From Nik Conwell of Boston University.
+ On some non-Posix systems, the decision of whether chown(2) permits
+ file giveaway was undefined. From Tetsu Ushijima of the
+ Tokyo Institute of Technology.
+ Fix race condition that could cause the body of a message to be
+ lost (so only the header was delivered). This only occurs
+ on systems that do not use flock(2), and only when a queue
+ runner runs during a critical section in another message
+ delivery. Based on a patch from Steve Schweinhart of
+ Results Computing.
+ If a qf file was found in a mail queue directory that had a problem
+ (wrong ownership, bad format, etc.) and the file name was
+ exactly MAXQFNAME bytes long, then instead of being tried
+ once, it would be tried on every queue run. Problem noted
+ by Bryan Costales of Mercury Mail.
+ If the system supports an st_gen field in the status structure,
+ include it when reporting that a file has changed after open.
+ This adds a new compile flag, HAS_ST_GEN (0/1 option).
+ This out to be checked as well as reported, since it is
+ theoretically possible for an attacker to remove a file after
+ it is opened and replace it with another file that has the
+ same i-number, but some filesystems (notably AFS) return
+ garbage in this field, and hence always look like the file
+ has changed. As a practical matter this is not a security
+ problem, since the files can be neither hard nor soft links,
+ and on no filesystem (that I am aware of) is it possible to
+ have two files on the same filesystem with the same i-number
+ simultaneously.
+ Delete the root Makefile from the distribution -- it is only for
+ use internally, and does not work at customer sites.
+ Fix botch that caused the second MAIL FROM: command in a single
+ transaction to clear the entire transaction. Problem
+ noted by John Kennedy of Cal State University, Chico.
+ Work properly on machines that have _PATH_VARTMP defined without
+ a trailing slash. (And a pox on vendors that decide to
+ ignore the established conventions!) Problem noted by
+ Gregory Neil Shapiro of WPI.
+ Internal changes to make it easier to add another protocol family
+ (intended for IPv6). Patches are from John Kennedy of
+ CSU Chico.
+ In certain cases, 7->8 bit MIME decoding of Base64 text could leave
+ an extra space at the beginning of some lines. Problem
+ noted by Charles Karney of Princeton University; fix based
+ on a patch from Christophe Wolfhugel.
+ Portability:
+ Allow _PATH_VENDOR_CF to be set in Makefile for consistency
+ with the _Sendmail_ book, 2nd edition. Note that
+ the book is actually wrong: _PATH_SENDMAILCF should
+ be used instead.
+ AIX 3.x: Include <sys/select.h>. Patch from Gene Rackow
+ of Argonne National Laboratory.
+ OpenBSD from from Paul DuBois of the University of Wisconsin.
+ RISC/os 4.0 from Paul DuBois of the University of Wisconsin.
+ SunOS: Include <memory.h> to fix warning from util.c. From
+ James Aldridge of EUnet Ltd.
+ Solaris: Change STDIR (location of status file) to /etc/mail
+ in Makefiles.
+ Linux, Dynix, UNICOS: Remove -DNDBM and -lgdbm from
+ Makefiles. Use NEWDB on Linux instead.
+ NCR MP-RAS 3.x with STREAMware TCP/IP: SIOCGIFNUM ioctl
+ exists but behaves differently than other OSes.
+ Add SIOCGIFNUM_IS_BROKEN compile flag to get
+ around the problem. Problem noted by Tom Moore of
+ NCR Corp.
+ HP-UX 9.x: fix compile warnings for old select API. Problem
+ noted by Tom Smith of Digital Equipment Corp.
+ UnixWare 2.x: compile warnings on offsetof macro. Problem
+ noted by Tom Good of the Community Access Information
+ Resource Network
+ SCO 4.2: compile problems caused by a change in the type of
+ the "length" parameters passed to accept, getpeername,
+ getsockname, and getsockopt. Adds new compile flags
+ SOCKADDR_SIZE_T and SOCKOPT_SIZE_T. Problem reported
+ by Tom Good of St. Vincent's North Richmond Community
+ Mental Health Center Residential Services.
+ AIX 4: Use size_t for SOCKADDR_SIZE_T and SOCKOPT_SIZE_T.
+ Suggested by Brett Hogden of Rochester Gas & Electric
+ Corp.
+ Linux: avoid compile problem for versions of <setjmp.h> that
+ #define both setjmp and longjmp. Problem pointed out
+ by J.R. Oldroyd of TerraNet.
+ CONFIG: SCO UnixWare 2.1: Support for OSTYPE(sco-uw-2.1)
+ from Christopher Durham of SCO.
+ CONFIG: NEXTSTEP: define confCW_FILE to
+ /etc/sendmail/sendmail.cw to match the usual
+ configuration. Patch from Dennis Glatting of
+ PlainTalk.
+ CONFIG: MAILER(fax) called a program that hasn't existed for a long
+ time. Convert to use the HylaFAX 4.0 conventions. Suggested
+ by Harry Styron.
+ CONFIG: Improve sample anti-spam rulesets in cf/cf/knecht.mc. These
+ are the rulesets in use on sendmail.org.
+ MAKEMAP: give error on GDBM files.
+ MAIL.LOCAL: Make error messages a bit more explicit, for example,
+ telling more details on what actually changed when "file
+ changed after open".
+ CONTRIB: etrn.pl: Ignore comments in Fw files. Support multiple Fw
+ files.
+ CONTRIB: passwd-to-alias.pl: Handle 8 bit characters and '-'.
+ NEW FILES:
+ src/Makefiles/Makefile.OpenBSD
+ src/Makefiles/Makefile.RISCos.4_0
+ test/t_exclopen.c
+ cf/ostype/sco-uw-2.1.m4
+ DELETED FILES:
+ Makefile
+
8.8.6/8.8.6 97/06/14
*************************************************************
* The extensive assistance of Gregory Neil Shapiro of WPI *
@@ -303,7 +455,6 @@ summary of the changes in that release.
cf/ostype/gnuhurd.m4
cf/ostype/irix6.m4
contrib/passwd-to-alias.pl
- test/t_exclopen.c
src/Makefiles/Makefile.IRIX64.6.1
src/Makefiles/Makefile.IRIX64.6.x
RENAMED FILES:
diff --git a/usr.sbin/sendmail/cf/README b/usr.sbin/sendmail/cf/README
index a41ea37ebf4b..af8cdb1c7bb8 100644
--- a/usr.sbin/sendmail/cf/README
+++ b/usr.sbin/sendmail/cf/README
@@ -4,7 +4,7 @@
Eric Allman <eric@CS.Berkeley.EDU>
- @(#)README 8.120 (Berkeley) 6/14/97
+ @(#)README 8.122 (Berkeley) 7/6/97
This document describes the sendmail configuration files being used
@@ -443,8 +443,8 @@ usenet Usenet (network news) delivery. If this is specified,
and may be considered a security problem.
fax Facsimile transmission. This is experimental and based
- on Sam Leffler's FlexFAX software. For more information,
- see below.
+ on Sam Leffler's HylaFAX software. For more information,
+ see http://www.vix.com/hylafax/.
pop Post Office Protocol.
@@ -1297,133 +1297,6 @@ In general, file giveaways are a mistake -- if you can turn them
off I recommend you do so.
-+------------------+
-| FlexFAX SOFTWARE |
-+------------------+
-
-Sam Leffler's FlexFAX software is still in beta test -- but he expects a
-public version out "later this week" [as of 3/1/93]. The following
-blurb is direct from Sam:
-
- $Header: /usr/people/sam/fax/RCS/HOWTO,v 1.14 93/05/24 11:42:16 sam Exp $
-
- How To Obtain This Software (in case all you get is this file)
- --------------------------------------------------------------
- The source code is available for public ftp on
- sgi.com sgi/fax/v2.1.src.tar.Z
- (192.48.153.1)
-
- You can also obtain inst'able images for Silicon Graphics machines from
- sgi.com sgi/fax/v2.1.inst.tar
- (192.48.153.1)
-
- For example,
- % ftp -n sgi.com
- ....
- ftp> user anonymous
- ... <type in password>
- ftp> cd sgi/fax
- ftp> binary
- ftp> get v2.1.src.tar.Z
-
- In general, the latest version of the 2.1 release of the software is
- always available as "v2.1.src.tar.Z" or "v2.1.inst.tar" in the ftp
- directory. This file is a link to the appropriate released version (so
- don't waste your time retrieving the linked file as well!) Any files of
- the form v2.1.*.patch are shell scripts that can be used to patch older
- versions of the source code. For example, the file v2.1.0.patch would
- contain patches to update v2.1.0.tar.Z. (Note to beta testers: this is
- different than the naming conventions used during beta testing.) Patch
- files only work to go between consecutive versions, so if you are
- multiple versions behind the latest release, you will need to apply
- each patch file between your current version and the latest.
-
-
- Obtaining the Software by Electronic Mail
- -----------------------------------------
- Do not send me requests for the software; they will be ignored (without
- response). If you cannot use FTP at all, there is a service called
- "ftpmail" available from gatekeeper.dec.com: you can send e-mail to
- this machine and it will use FTP to retrieve files for you and send you
- the files back again via e-mail. To find out more about the ftpmail
- service, send a message to "ftpmail@gatekeeper.dec.com" whose body
- consists of the single line "help".
-
-
- Obtaining the Software Within Silicon Graphics
- ----------------------------------------------
- Internal to Silicon Graphics there are inst'able images on the host
- flake.asd in the directory /usr/dist. Thus you can do something like:
-
- % inst -f flake.asd.sgi.com:/usr/dist/flexfax
-
- to install the latest version of the software on your machine.
-
-
- What to do Once You've Retrieved Stuff
- --------------------------------------
- The external distributions come in a compressed or uncompressed tar
- file. To extract the source distribution:
-
- % zcat v2.1.src.tar.Z | tar xf -
-
- (uncompress and extract individual files in current directory). To
- unpack and install the client portion of the inst'able distribution:
-
- % mkdir dist
- % cd dist; tar xf ../v2.1.inst.tar; cd ..
- % inst -f dist/flexfax
- ...
- inst> go
-
- (Note, the dist subdirectory is because some versions of inst fail if
- the files are in the current directory.) Server binaries are also
- included in the inst'able images as flexfax.server.*. They are not
- installed by default, so to get them also you need to do:
-
- % inst -f flexfax
- ...
- inst> install flexfax.server.*
- inst> go
-
- The SGI binaries were built for Version 4.0.5H of the IRIX operating
- system. They should work w/o problem on earlier versions of the
- system, but I have not fully tested this. Also, note that to install a
- server on an SGI machine, you need to have installed the Display
- PostScript execution environment product (dps_eoe). Otherwise, the fax
- server will not be able to convert PostScript to facsimile for
- transmission.
-
- If you are working from the source distribution, look at the file
- README in the top of the source tree. If you are working from the inst
- images, the subsystem flexfax.man.readme contains the README file and
- other useful pieces of information--the installed files are placed in
- the directory /usr/local/doc/flexfax). Basically you will need to run
- the faxaddmodem script to setup and configure your fax modem. Consult
- the README file and the manual page for faxaddmodem for information.
-
-
- FlexFAX Mail List
- -----------------
- A mailing list for users of this software is located on sgi.com.
- If you want to join this mailing list or have a list-related request
- such as getting your name removed from it, send a request to
-
- majordomo@whizzer.wpd.sgi.com
-
- For example, to subscribe, send the line "subscribe flexfax" in
- the body of your message. The line "help" will return a list of
- the commands understood by the mailing list management software.
-
- Submissions (including bug reports) should be directed to:
-
- flexfax@sgi.com
-
- When corresponding about this software please always specify what
- version you have, what system you're running on, and, if the problem is
- specific to your modem, identify the modem and firmware revision.
-
-
+--------------------------------+
| TWEAKING CONFIGURATION OPTIONS |
+--------------------------------+
@@ -1905,7 +1778,7 @@ MAILERS
1 [e]smtp, relay SMTP channel
2 uucp-* UNIX-to-UNIX Copy Program
3 netnews Network News delivery
- 4 fax Sam Leffler's FlexFAX software
+ 4 fax Sam Leffler's HylaFAX software
5 mail11 DECnet mailer
diff --git a/usr.sbin/sendmail/cf/cf/knecht.mc b/usr.sbin/sendmail/cf/cf/knecht.mc
index 648b9709ed20..111ac7828846 100644
--- a/usr.sbin/sendmail/cf/cf/knecht.mc
+++ b/usr.sbin/sendmail/cf/cf/knecht.mc
@@ -38,9 +38,10 @@ divert(-1)
#
divert(0)dnl
-VERSIONID(`@(#)knecht.mc 8.11 (Berkeley) 6/12/97')
+VERSIONID(`@(#)knecht.mc 8.13 (Berkeley) 7/7/97')
OSTYPE(bsd4.4)dnl
DOMAIN(generic)dnl
+define(`confFORWARD_PATH', `$z/.forward.$w:$z/.forward+$h:$z/.forward')dnl
define(`confDEF_USER_ID', `mailnull')dnl
define(`confHOST_STATUS_DIRECTORY', `.hoststat')dnl
define(`confTO_ICONNECT', `10s')dnl
@@ -61,23 +62,71 @@ Kdomaincheck hash -o /etc/domaincheck
LOCAL_RULESETS
-# reject bogus return addresses
+######################################################################
+### LookUpDomain -- search for domain in domaincheck database
+###
+### Parameters:
+### <$1> -- key (domain name)
+### <$2> -- default (what to return if not found in db)
+### <$3> -- passthru (additional data passed through)
+######################################################################
+
+SLookUpDomain
+R<$+> <$+> <$*> $: < $( domaincheck $1 $: ? $) > <$1> <$2> <$3>
+R<OK> <$+> <$+> <$*> $@ <OK> < $3 >
+R<?> <$+.$+> <$+> <$*> $@ $>LookUpDomain <. $2> <$3> <$4>
+R<?> <$+> <$+> <$*> $@ <$2> <$3>
+R<$+> $* $#error $: $1
+
+
+######################################################################
+### LookUpAddress -- search for host address in domaincheck database
+###
+### Parameters:
+### <$1> -- key (dot quadded host address)
+### <$2> -- default (what to return if not found in db)
+### <$3> -- passthru (additional data passed through)
+######################################################################
+
+SLookUpAddress
+R<$+> <$+> <$*> $: < $( domaincheck $1 $: ? $) > <$1> <$2> <$3>
+R<OK> <$+> <$+> <$*> $@ <OK> < $3 >
+R<?> <$+.$-> <$+> <$*> $@ $>LookUpAddress <$1> <$3> <$4>
+R<?> <$+> <$+> <$*> $@ <$2> <$3>
+R<$+> $* $#error $: $1
+
+######################################################################
+### check_relay
+######################################################################
+
+Scheck_relay
+R$+ $| $+ $: $>LookUpDomain < $1 > <?> < $2 >
+R<?> < $+ > $: $>LookUpAddress < $1 > <OK> <>
+
+######################################################################
+### check_mail
+######################################################################
+
Scheck_mail
R<> $@ <OK>
R$* $: <?> $>Parse0 $>3 $1 make domain canonical
-R<?> $* < @ $+ . > $* $: < $( domaincheck $2 $: OK $) > $1 < @ $2 . > $3
- tag resolved names
-R<?> $* < @ $+ > $* $: < $( domaincheck $2 $: ? $) > $1 < @ $2 > $3
- check for overrides
+R<?> $* < @ $+ . > $* $: <OK> $1 < @ $2 > $3 pick default tag
+R<?> $* < @ $+ > $* $: <FAIL> $1 < @ $2 > $3 ... OK or FAIL
+R<$+> $* < @ $+ > $* $: $>LookUpDomain <$3> <$1> <>
R<OK> $* $@ <OK>
-R<?> $* < @ $+ > $* $#error $: 451 Sender domain must resolve
-R<?> $* $: < ? $&{client_name} > $1 no @domain on address...
+R<FAIL> $* $#error $: 451 Sender domain must resolve
+
+# handle case of no @domain on address
+R<?> $* $: < ? $&{client_name} > $1
R<?> $* $@ <OK> ...local unqualed ok
R<? $+> $* $#error $: 551 Domain name required
...remote is not
R<$+> $* $#error $: $1 error from domaincheck
-# disallow relaying
+######################################################################
+### check_rcpt
+######################################################################
+
Scheck_rcpt
# anything terminating locally is ok
R$* $: $>Parse0 $>3 $1 strip local crud
diff --git a/usr.sbin/sendmail/cf/m4/proto.m4 b/usr.sbin/sendmail/cf/m4/proto.m4
index dd085b531787..78fa195ef2ac 100644
--- a/usr.sbin/sendmail/cf/m4/proto.m4
+++ b/usr.sbin/sendmail/cf/m4/proto.m4
@@ -34,7 +34,7 @@ divert(-1)
#
divert(0)
-VERSIONID(`@(#)proto.m4 8.149 (Berkeley) 4/30/97')
+VERSIONID(`@(#)proto.m4 8.151 (Berkeley) 7/31/97')
MAILER(local)dnl
@@ -871,7 +871,9 @@ S93
# handle generics database
define(`X', ifdef(`GENERICS_TABLE', `', `#'))dnl
-X`'R$+ < @ $=G . > $: < $1@$2 > $1 < @ $2 . > @ mark
+ifdef(`_GENERICS_ENTIRE_DOMAIN_',
+`X`'R$+ < @ $* $=G . > $: < $1@$2$3 > $1 < @ $2$3 . > @ mark',
+`X`'R$+ < @ $=G . > $: < $1@$2 > $1 < @ $2 . > @ mark')
X`'R$+ < @ *LOCAL* > $: < $1@$j > $1 < @ *LOCAL* > @ mark
X`'R< $+ > $+ < $* > @ $: < $(generics $1 $: $) > $2 < $3 >
X`'R< > $+ < @ $+ > $: < $(generics $1 $: $) > $1 < @ $2 >
diff --git a/usr.sbin/sendmail/cf/m4/version.m4 b/usr.sbin/sendmail/cf/m4/version.m4
index c9b3228d1108..0e03173f7000 100644
--- a/usr.sbin/sendmail/cf/m4/version.m4
+++ b/usr.sbin/sendmail/cf/m4/version.m4
@@ -32,8 +32,8 @@ divert(-1)
# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
# SUCH DAMAGE.
#
-VERSIONID(`@(#)version.m4 8.8.6.1 (Berkeley) 6/14/97')
+VERSIONID(`@(#)version.m4 8.8.7.1 (Berkeley) 8/1/97')
#
divert(0)
# Configuration version number
-DZ8.8.6`'ifdef(`confCF_VERSION', `/confCF_VERSION')
+DZ8.8.7`'ifdef(`confCF_VERSION', `/confCF_VERSION')
diff --git a/usr.sbin/sendmail/cf/mailer/fax.m4 b/usr.sbin/sendmail/cf/mailer/fax.m4
index 726c83a2dce0..77124650ee76 100644
--- a/usr.sbin/sendmail/cf/mailer/fax.m4
+++ b/usr.sbin/sendmail/cf/mailer/fax.m4
@@ -4,7 +4,9 @@ PUSHDIVERT(-1)
# Copyright (c) 1988, 1993
# The Regents of the University of California. All rights reserved.
#
-# This assumes you already have Sam Leffler's FAX software.
+# This assumes you already have Sam Leffler's HylaFAX software.
+#
+# Tested with HylaFAX 4.0pl1
#
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions
@@ -36,9 +38,9 @@ PUSHDIVERT(-1)
#
ifdef(`FAX_MAILER_ARGS',,
- `define(`FAX_MAILER_ARGS', mailfax $u $h $f)')
+ `define(`FAX_MAILER_ARGS', faxmail -d $u@$h $f)')
ifdef(`FAX_MAILER_PATH',,
- `define(`FAX_MAILER_PATH', /usr/local/lib/fax/mailfax)')
+ `define(`FAX_MAILER_PATH', /usr/local/bin/faxmail)')
ifdef(`FAX_MAILER_MAX',,
`define(`FAX_MAILER_MAX', 100000)')
POPDIVERT
@@ -46,7 +48,7 @@ POPDIVERT
### FAX Mailer specification ###
####################################
-VERSIONID(`@(#)fax.m4 8.5 (Berkeley) 5/10/96')
+VERSIONID(`@(#)fax.m4 8.6 (Berkeley) 7/6/97')
Mfax, P=FAX_MAILER_PATH, F=DFMhu, S=14, R=24, M=FAX_MAILER_MAX, T=X-Phone/X-FAX/X-Unix,
A=FAX_MAILER_ARGS
diff --git a/usr.sbin/sendmail/cf/ostype/nextstep.m4 b/usr.sbin/sendmail/cf/ostype/nextstep.m4
index dcdf47cb3abb..80139756c666 100644
--- a/usr.sbin/sendmail/cf/ostype/nextstep.m4
+++ b/usr.sbin/sendmail/cf/ostype/nextstep.m4
@@ -34,8 +34,9 @@ divert(-1)
#
divert(0)
-VERSIONID(`@(#)nextstep.m4 8.7 (Berkeley) 9/25/96')
+VERSIONID(`@(#)nextstep.m4 8.8 (Berkeley) 6/18/97')
define(`ALIAS_FILE', /etc/sendmail/aliases)dnl
+define(`confCW_FILE', /etc/sendmail/sendmail.cw)dnl
ifdef(`HELP_FILE',, `define(`HELP_FILE', /usr/lib/sendmail.hf)')dnl
ifdef(`STATUS_FILE',, `define(`STATUS_FILE', /etc/sendmail/sendmail.st)')dnl
ifdef(`UUCP_MAILER_PATH',, `define(`UUCP_MAILER_PATH', /usr/bin/uux)')dnl
diff --git a/usr.sbin/sendmail/cf/ostype/sco-uw-2.1.m4 b/usr.sbin/sendmail/cf/ostype/sco-uw-2.1.m4
new file mode 100644
index 000000000000..ebce4991def7
--- /dev/null
+++ b/usr.sbin/sendmail/cf/ostype/sco-uw-2.1.m4
@@ -0,0 +1,16 @@
+#
+# SCO UnixWare 2.1.2 ostype file
+#
+# Contributed by Christopher Durham <chrisdu@SCO.COM> of SCO.
+#
+divert(0)
+VERSIONID(`@(#)sco-uw-2.1.m4 8.1 (Berkeley) 7/6/97')
+
+define(`ALIAS_FILE', /usr/lib/mail/aliases)dnl
+ifdef(`HELP_FILE',,`define(`HELP_FILE', /usr/ucblib/sendmail.hf)')dnl
+ifdef(`STATUS_FILE',,`define(`STATUS_FILE', /usr/ucblib/sendmail.st)')dnl
+define(`LOCAL_MAILER_PATH', `/usr/bin/rmail')dnl
+define(`LOCAL_MAILER_FLAGS', `fhCEn9')dnl
+define(`LOCAL_SHELL_FLAGS', `ehuP')dnl
+define(`UUCP_MAILER_ARGS', `uux - -r -a$g -gmedium $h!rmail ($u)')dnl
+define(`LOCAL_MAILER_ARGS',`rmail $u')dnl
diff --git a/usr.sbin/sendmail/contrib/etrn.pl b/usr.sbin/sendmail/contrib/etrn.pl
index 6dfafaa898d3..1e2cba9177ce 100755
--- a/usr.sbin/sendmail/contrib/etrn.pl
+++ b/usr.sbin/sendmail/contrib/etrn.pl
@@ -70,6 +70,7 @@ $debug = $opt_d;
$server = shift(@ARGV);
@hosts = @ARGV;
die $usage unless $server;
+@cwfiles = ();
if (!@hosts) {
push(@hosts,$hostname);
@@ -82,6 +83,12 @@ if (!@hosts) {
chop($cwfile);
$optional = /^Fw-o/;
$cwfile =~ s,^Fw[^/]*,,; # extract the file name
+
+ if (-r $cwfile) {
+ push (@cwfiles, $cwfile);
+ } else {
+ die "$cwfile is not readable" unless $optional;
+ }
}
if (/^Cw(.*)$/){ # look for a line starting with "Cw"
@cws = split (' ', $1);
@@ -93,17 +100,18 @@ if (!@hosts) {
}
close(CF);
- if ($cwfile){
+ for $cwfile (@cwfiles) {
$0 = "$av0 - reading $cwfile";
if (open(CW, "<$cwfile")){
while (<CW>){
+ next if /^\#/;
$thishost = $_;
chop($thishost);
push(@hosts, $thishost) unless $thishost =~ $hostname;
}
close(CW);
} else {
- die "open $cwfile: $!" unless $optional;
+ die "open $cwfile: $!";
}
}
}
diff --git a/usr.sbin/sendmail/contrib/passwd-to-alias.pl b/usr.sbin/sendmail/contrib/passwd-to-alias.pl
index b2bbab541f86..05a51b93496f 100644
--- a/usr.sbin/sendmail/contrib/passwd-to-alias.pl
+++ b/usr.sbin/sendmail/contrib/passwd-to-alias.pl
@@ -18,7 +18,9 @@ while (@a = getpwent) {
}
$fullname =~ s/\.*[ _]+\.*/./g;
- if ($fullname =~ /^[a-zA-Z]+(\.[a-zA-Z]+)+$/) {
+ $fullname =~ tr [] [aaoAAOe]; # <hakan@af.lu.se> 1997-06-15
+ if ($fullname =~ /^[a-zA-Z][a-zA-Z-]+(\.[a-zA-Z][a-zA-Z-]+)+$/) {
+# if ($fullname =~ /^[a-zA-Z]+(\.[a-zA-Z]+)+$/) { # Kari E. Hurtta
print "$fullname: $name\n";
} else {
print "# $fullname: $name\n";
diff --git a/usr.sbin/sendmail/doc/op/op.me b/usr.sbin/sendmail/doc/op/op.me
index 6e288a584a1f..fc8ca3ad43c7 100644
--- a/usr.sbin/sendmail/doc/op/op.me
+++ b/usr.sbin/sendmail/doc/op/op.me
@@ -30,7 +30,7 @@
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
.\" SUCH DAMAGE.
.\"
-.\" @(#)op.me 8.104 (Berkeley) 3/10/97
+.\" @(#)op.me 8.105 (Berkeley) 7/3/97
.\"
.\" eqn op.me | pic | troff -me
.eh 'SMM:08-%''Sendmail Installation and Operation Guide'
@@ -67,7 +67,7 @@
Eric Allman
eric@Sendmail.ORG
.sp
-Version 8.104
+Version 8.105
.sp
For Sendmail Version 8.8
.)l
@@ -675,7 +675,7 @@ routines preset the mode reasonably,
so this step can be skipped.
The actual path of this file
is defined in the
-.b A
+.b AliasFile
option of the
.i sendmail.cf
file.
@@ -1179,6 +1179,32 @@ and the other system routines that would be necessary
to make this work seamlessly.
.sh 2 "The Alias Database"
.pp
+After recipient addresses are read from the SMTP connection
+or command line
+they are parsed by ruleset 0,
+which must resolve to a
+{\c
+.i mailer ,
+.i host ,
+.i user }
+triple.
+If the flags selected by the
+.i mailer
+includes the
+.b A
+(aliasable) flag,
+the
+.i user
+part of the triple is looked up as the key
+(i.e., the left hand side)
+into the alias database
+If there is a match, the address is deleted from the send queue
+and all addresses on the right hand side of the alias
+are added in place of the alias that was found.
+This is a recursive operation,
+so aliases found in the right hand side of the alias
+are similarly expanded.
+.pp
The alias database exists in two forms.
One is a text form,
maintained in the file
@@ -8159,7 +8185,7 @@ replace it with a blank sheet for double-sided output.
.\".sz 10
.\"Eric Allman
.\".sp
-.\"Version 8.104
+.\"Version 8.105
.\".ce 0
.bp 3
.ce
diff --git a/usr.sbin/sendmail/mail.local/mail.local.c b/usr.sbin/sendmail/mail.local/mail.local.c
index 06cb52d8a473..e7f121103e09 100644
--- a/usr.sbin/sendmail/mail.local/mail.local.c
+++ b/usr.sbin/sendmail/mail.local/mail.local.c
@@ -38,7 +38,7 @@ static char copyright[] =
#endif /* not lint */
#ifndef lint
-static char sccsid[] = "@(#)mail.local.c 8.39 (Berkeley) 5/28/97";
+static char sccsid[] = "@(#)mail.local.c 8.43 (Berkeley) 8/2/97";
#endif /* not lint */
/*
@@ -143,24 +143,24 @@ static char sccsid[] = "@(#)mail.local.c 8.39 (Berkeley) 5/28/97";
# endif
#endif
-#ifndef BSD4_4
+#ifdef BSD4_4
+# define HAS_ST_GEN 1
+#else
# define _BSD_VA_LIST_ va_list
#endif
#if defined(BSD4_4) || defined(linux)
# define HASSNPRINTF 1
+#else
+extern char *strerror __P((int));
+extern int snprintf __P((char *, size_t, const char *, ...));
+extern FILE *fdopen __P((int, const char *));
#endif
#if SOLARIS >= 20600 || (SOLARIS < 10000 && SOLARIS >= 206)
# define HASSNPRINTF 1 /* has snprintf starting in 2.6 */
#endif
-#if !defined(BSD4_4) && !defined(linux)
-extern char *strerror __P((int));
-extern int snprintf __P((char *, size_t, const char *, ...));
-extern FILE *fdopen __P((int, const char *));
-#endif
-
/*
* If you don't have setreuid, and you have saved uids, and you have
* a seteuid() call that doesn't try to emulate using setuid(), then
@@ -387,7 +387,11 @@ tryagain:
mbfd = open(path,
O_APPEND|O_CREAT|O_EXCL|O_WRONLY, S_IRUSR|S_IWUSR);
if (lstat(path, &sb) < 0)
- goto filechanged;
+ {
+ eval = EX_CANTCREAT;
+ warn("%s: lstat: file changed after open", path);
+ goto err1;
+ }
else
sb.st_uid = pw->pw_uid;
if (mbfd == -1) {
@@ -415,12 +419,17 @@ tryagain:
warn("%s: %s", path, strerror(errno));
goto err0;
} else if (fstat(mbfd, &fsb) < 0 ||
- fsb.st_nlink != 1 || sb.st_nlink != 1 ||
- !S_ISREG(fsb.st_mode) || sb.st_dev != fsb.st_dev ||
- sb.st_ino != fsb.st_ino || sb.st_uid != fsb.st_uid) {
-filechanged:
- eval = EX_CANTCREAT;
- warn("%s: file changed after open", path);
+ fsb.st_nlink != 1 ||
+ sb.st_nlink != 1 ||
+ !S_ISREG(fsb.st_mode) ||
+ sb.st_dev != fsb.st_dev ||
+ sb.st_ino != fsb.st_ino ||
+#if HAS_ST_GEN && 0 /* AFS returns random values for st_gen */
+ sb.st_gen != fsb.st_gen ||
+#endif
+ sb.st_uid != fsb.st_uid) {
+ eval = EX_TEMPFAIL;
+ warn("%s: fstat: file changed after open", path);
goto err1;
}
diff --git a/usr.sbin/sendmail/makemap/makemap.8 b/usr.sbin/sendmail/makemap/makemap.8
index 23ac522a568f..3c1f6fad260a 100644
--- a/usr.sbin/sendmail/makemap/makemap.8
+++ b/usr.sbin/sendmail/makemap/makemap.8
@@ -29,7 +29,7 @@
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
.\" SUCH DAMAGE.
.\"
-.\" @(#)makemap.8 8.3 (Berkeley) 7/24/94
+.\" @(#)makemap.8 8.4 (Berkeley) 7/23/97
.\"
.Dd November 16, 1992
.Dt MAKEMAP 8
@@ -89,7 +89,7 @@ the second is the value.
The value may contain
``%\fIn\fP''
strings to indicated parameter substitution.
-Literal parentheses should be doubled
+Literal percents should be doubled
(``%%'').
Blank lines and lines beginning with ``#'' are ignored.
.Ss Flags
diff --git a/usr.sbin/sendmail/makemap/makemap.c b/usr.sbin/sendmail/makemap/makemap.c
index 027d208c5d89..50dc48270ad8 100644
--- a/usr.sbin/sendmail/makemap/makemap.c
+++ b/usr.sbin/sendmail/makemap/makemap.c
@@ -33,7 +33,7 @@
*/
#ifndef lint
-static char sccsid[] = "@(#)makemap.c 8.35 (Berkeley) 6/10/97";
+static char sccsid[] = "@(#)makemap.c 8.37 (Berkeley) 7/10/97";
#endif /* not lint */
#include <sys/types.h>
@@ -137,7 +137,7 @@ main(argc, argv)
RunAsUid = RealUid = getuid();
RunAsGid = RealGid = getgid();
pw = getpwuid(RealUid);
- if (pw != NULL)
+ if (pw != NULL)
{
if (strlen(pw->pw_name) > MAXNAME - 1)
pw->pw_name[MAXNAME] = 0;
@@ -314,7 +314,7 @@ main(argc, argv)
if (!notrunc)
sff |= SFF_CREAT;
- switch (type)
+ switch (type)
{
#ifdef NEWDB
case T_BTREE:
@@ -328,7 +328,7 @@ main(argc, argv)
strcpy(dbuf, mapname);
if (!ignoresafeties &&
(st = safefile(dbuf, RealUid, RealGid, RealUserName,
- sff, S_IWUSR, &std)) != 0)
+ sff, S_IWUSR, &std)) != 0)
{
fprintf(stderr,
"%s: could not create: %s\n",
@@ -346,9 +346,8 @@ main(argc, argv)
exit(EX_USAGE);
}
sprintf(dbuf, "%s.dir", mapname);
- if (!ignoresafeties &&
- (st = safefile(dbuf, RealUid, RealGid, RealUserName,
- sff, S_IWUSR, &std)) != 0)
+ if ((st = safefile(dbuf, RealUid, RealGid, RealUserName,
+ sff, S_IWUSR, &std)) != 0 && !ignoresafeties)
{
fprintf(stderr,
"%s: could not create: %s\n",
@@ -356,15 +355,21 @@ main(argc, argv)
exit(EX_CANTCREAT);
}
sprintf(pbuf, "%s.pag", mapname);
- if (!ignoresafeties &&
- (st = safefile(pbuf, RealUid, RealGid, RealUserName,
- sff, S_IWUSR, &stp)) != 0)
+ if ((st = safefile(pbuf, RealUid, RealGid, RealUserName,
+ sff, S_IWUSR, &stp)) != 0 && !ignoresafeties)
{
fprintf(stderr,
"%s: could not create: %s\n",
pbuf, errstring(st));
exit(EX_CANTCREAT);
}
+ if (std.st_dev == stp.st_dev && std.st_ino == stp.st_ino)
+ {
+ fprintf(stderr,
+ "%s: cannot run with GDBM\n",
+ mapname);
+ exit(EX_CONFIG);
+ }
break;
#endif
default:
@@ -765,7 +770,7 @@ errstring(err)
#if HASSTRERROR
return strerror(err);
#else
- if (err < 0 || err > sys_nerr)
+ if (err < 0 || err > sys_nerr)
{
sprintf(errstr, "Error %d", err);
return errstr;
diff --git a/usr.sbin/sendmail/src/READ_ME b/usr.sbin/sendmail/src/READ_ME
index 8046d41ac299..154916a0a6e6 100644
--- a/usr.sbin/sendmail/src/READ_ME
+++ b/usr.sbin/sendmail/src/READ_ME
@@ -30,7 +30,7 @@
# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
# SUCH DAMAGE.
#
-# @(#)READ_ME 8.142 (Berkeley) 6/3/97
+# @(#)READ_ME 8.148 (Berkeley) 8/1/97
#
This directory contains the source files for sendmail.
@@ -149,7 +149,7 @@ The options are:
NEWDB The new Berkeley DB package. Some systems (e.g., BSD/OS and
Digital UNIX 4.0) have this package pre-installed. If your
system does not have NEWDB installed, get the latest version
- from FTP://ftp.sleepycat.com/db/packages/db.1.85.tar.gz.
+ from http://www.sleepycat.com/packages/db.1.85.tar.gz.
DO NOT use the version from the Net2 distribution. If you are
still running BSD/386 1.x, you will also need to define
OLD_NEWDB.
@@ -295,6 +295,8 @@ HASULIMIT Define this if you have the ulimit(2) syscall (System V
HASWAITPID Define this if you have the waitpid(2) syscall.
HASGETDTABLESIZE
Define this if you have the getdtablesize(2) syscall.
+HAS_ST_GEN Define this to 1 if your system has the st_gen field in
+ the stat structure (see stat(2)).
USESTRERROR Define this if you have the libc strerror function (which
should be declared in <errno.h>), and it should be used
instead of sys_errlist.
@@ -339,6 +341,12 @@ SLEEP_T The type returned by the system sleep() function.
ARBPTR_T The type of an arbitrary pointer -- defaults to "void *".
If you are an very old compiler you may need to define
this to be "char *".
+SOCKADDR_LEN_T The type used for the third parameter to accept(2),
+ getsockname(2), and getpeername(2), representing the
+ length of a struct sockaddr. Defaults to int.
+SOCKOPT_LEN_T The type used for the fifth parameter to getsockopt(2)
+ and setsockopt(2), representing the length of the option
+ buffer. Defaults to int.
LA_TYPE The type of load average your kernel supports. These
can be one of:
LA_ZERO (1) -- it always returns the load average as
@@ -457,6 +465,14 @@ SAFENFSPATHCONF Set this to 1 if and only if you have verified that a
assumption! The test/t_pathconf.c program will try this
for you -- you have to run it in a directory that is
mounted from a server that allows file giveaway.
+SIOCGIFCONF_IS_BROKEN
+ Set this if your system has an SIOCGIFCONF ioctl defined,
+ but it doesn't behave the same way as "most" systems (BSD,
+ Solaris, SunOS, HP-UX, etc.)
+SIOCGIFNUM_IS_BROKEN
+ Set this if your system has an SIOCGIFNUM ioctl defined,
+ but it doesn't behave the same way as "most" systems
+ (Solaris, HP-UX).
@@ -633,6 +649,12 @@ GCC 2.7.x problems
problems. I recommend against using -O on that architecture. This
has been seen on FreeBSD 2.0.5 RELEASE.
+GDBM GDBM does not work with sendmail 8.8 because the additional
+ security checks and file locking cause problems. Unfortunately,
+ gdbm does not provide a compile flag in its version of ndbm.h so
+ the code can adapt. We expect this to be fixed in 8.9, but
+ probably at the cost of a new command line compile flag.
+
Configuration file location
Up to 8.6, sendmail tried to find the sendmail.cf file in the same
place as the vendors had put it, even when this was obviously
@@ -960,6 +982,7 @@ A/UX
then re-compile sendmail with "-lgdbm", "-DNDBM", and using the
ndbm.h header file that comes with the gnu-package. This makes
things behave properly.
+ [NOTE: see comment above about GDBM]
I suppose porting the New Berkeley db package is another route,
however, I made a quick attempt at it, and found it difficult
@@ -1416,4 +1439,4 @@ version.c The version number and information about this
Eric Allman
-(Version 8.142, last update 6/3/97 11:34:09)
+(Version 8.148, last update 8/1/97 16:41:54)
diff --git a/usr.sbin/sendmail/src/TRACEFLAGS b/usr.sbin/sendmail/src/TRACEFLAGS
index e9d4818356fd..db461db60fc4 100644
--- a/usr.sbin/sendmail/src/TRACEFLAGS
+++ b/usr.sbin/sendmail/src/TRACEFLAGS
@@ -55,6 +55,9 @@
44 safefile.c safefile, safedirpath, filechanged
45 envelope.c setsender
46 envelope.c openxscript
+47 main.c drop_privileges
+48 parseaddr.c rscheck
+48 conf.c validate_connection
49 conf.c checkcompat
50 envelope.c dropenvelope
51 queue.c unlockqueue
diff --git a/usr.sbin/sendmail/src/collect.c b/usr.sbin/sendmail/src/collect.c
index 219a47f7b8b0..de4ee064879f 100644
--- a/usr.sbin/sendmail/src/collect.c
+++ b/usr.sbin/sendmail/src/collect.c
@@ -33,7 +33,7 @@
*/
#ifndef lint
-static char sccsid[] = "@(#)collect.c 8.69 (Berkeley) 5/29/97";
+static char sccsid[] = "@(#)collect.c 8.71 (Berkeley) 6/30/97";
#endif /* not lint */
# include <errno.h>
@@ -427,7 +427,8 @@ readerr:
return;
if (tf != NULL &&
- (fflush(tf) != 0 || ferror(tf) || fsync(fileno(tf)) < 0 ||
+ (fflush(tf) != 0 || ferror(tf) ||
+ (SuperSafe && fsync(fileno(tf)) < 0) ||
fclose(tf) < 0))
{
tferror(tf, e);
@@ -541,7 +542,7 @@ readerr:
break;
case NRA_ADD_BCC:
- addheader("Bcc", "", &e->e_header);
+ addheader("Bcc", " ", &e->e_header);
break;
case NRA_ADD_TO_UNDISCLOSED:
diff --git a/usr.sbin/sendmail/src/conf.c b/usr.sbin/sendmail/src/conf.c
index e9a5d250ee4c..1c394628412d 100644
--- a/usr.sbin/sendmail/src/conf.c
+++ b/usr.sbin/sendmail/src/conf.c
@@ -33,7 +33,7 @@
*/
#ifndef lint
-static char sccsid[] = "@(#)conf.c 8.362 (Berkeley) 6/14/97";
+static char sccsid[] = "@(#)conf.c 8.374 (Berkeley) 8/2/97";
#endif /* not lint */
# include "sendmail.h"
@@ -177,6 +177,10 @@ int DtableSize = 50; /* max open files; reset in 4.2bsd */
#define HOURS * 60 MINUTES
#define DAYS * 24 HOURS
+#ifndef _PATH_VARTMP
+# define _PATH_VARTMP "/usr/tmp/"
+#endif
+
#ifndef MAXRULERECURSION
# define MAXRULERECURSION 50 /* max ruleset recursion depth */
#endif
@@ -186,6 +190,7 @@ setdefaults(e)
register ENVELOPE *e;
{
int i;
+ char buf[MAXNAME];
extern void inittimeouts();
extern void setdefuser();
extern void setupmaps();
@@ -233,7 +238,12 @@ setdefaults(e)
MaxAliasRecursion = 10;
MaxMacroRecursion = 10;
ColonOkInAddr = TRUE;
+ DontLockReadFiles = TRUE;
DoubleBounceAddr = "postmaster";
+ snprintf(buf, sizeof buf, "%s%sdead.letter",
+ _PATH_VARTMP,
+ _PATH_VARTMP[sizeof _PATH_VARTMP - 2] == '/' ? "" : "/");
+ DeadLetterDrop = newstr(buf);
setdefuser();
setupmaps();
setupmailers();
@@ -412,6 +422,13 @@ setupmaps()
MAPDEF("null", NULL, MCF_ALIASOK|MCF_OPTFILE,
map_parseargs, null_map_open, null_map_close,
null_map_lookup, null_map_store);
+
+#if _FFR_SYSLOG_MAP
+ /* syslog map -- logs information to syslog */
+ MAPDEF("syslog", NULL, 0,
+ syslog_map_parseargs, null_map_open, null_map_close,
+ syslog_map_lookup, null_map_store);
+#endif
}
#undef MAPDEF
@@ -3826,8 +3843,8 @@ chownsafe(fd, safedir)
int fd;
bool safedir;
{
-#if !defined(_POSIX_CHOWN_RESTRICTED) || _POSIX_CHOWN_RESTRICTED != -1
-# if defined(_PC_CHOWN_RESTRICTED)
+#if (!defined(_POSIX_CHOWN_RESTRICTED) || _POSIX_CHOWN_RESTRICTED != -1) && \
+ defined(_PC_CHOWN_RESTRICTED)
int rval;
/* give the system administrator a chance to override */
@@ -3842,11 +3859,10 @@ chownsafe(fd, safedir)
errno = 0;
rval = fpathconf(fd, _PC_CHOWN_RESTRICTED);
-# if SAFENFSPATHCONF
+# if SAFENFSPATHCONF
return errno == 0 && rval IS_SAFE_CHOWN;
-# else
+# else
return safedir && errno == 0 && rval IS_SAFE_CHOWN;
-# endif
# endif
#else
return ChownAlwaysSafe;
@@ -3985,7 +4001,7 @@ vendor_pre_defaults(e)
/* OTHERUID is defined in shares.h, do not be alarmed */
DefShareUid = OTHERUID;
#endif
-#ifdef SUN_EXTENSIONS
+#if defined(SUN_EXTENSIONS) && defined(SUN_DEFAULT_VALUES)
sun_pre_defaults(e);
#endif
#ifdef apollo
@@ -4000,7 +4016,7 @@ void
vendor_post_defaults(e)
ENVELOPE *e;
{
-#ifdef SUN_EXTENSIONS
+#if defined(SUN_EXTENSIONS) && defined(SUN_DEFAULT_VALUES)
sun_post_defaults(e);
#endif
}
@@ -4080,12 +4096,22 @@ validate_connection(sap, hostname, e)
char *hostname;
ENVELOPE *e;
{
+ if (tTd(48, 3))
+ printf("validate_connection(%s, %s)\n",
+ hostname, anynet_ntoa(sap));
+
if (rscheck("check_relay", hostname, anynet_ntoa(sap), e) != EX_OK)
+ {
+ if (tTd(48, 4))
+ printf(" ... validate_connection: BAD (rscheck)\n");
return FALSE;
+ }
#if TCPWRAPPERS
if (!hosts_ctl("sendmail", hostname, anynet_ntoa(sap), STRING_UNKNOWN))
{
+ if (tTd(48, 4))
+ printf(" ... validate_connection: BAD (tcpwrappers)\n");
if (LogLevel >= 4)
sm_syslog(LOG_NOTICE, NOQID,
"tcpwrappers (%s, %s) rejection",
@@ -4093,6 +4119,8 @@ validate_connection(sap, hostname, e)
return FALSE;
}
#endif
+ if (tTd(48, 4))
+ printf(" ... validate_connection: OK\n");
return TRUE;
}
@@ -4466,7 +4494,7 @@ load_if_names()
return;
/* get the list of known IP address from the kernel */
-# ifdef SIOCGIFNUM
+# if defined(SIOCGIFNUM) && !SIOCGIFNUM_IS_BROKEN
if (ioctl(s, SIOCGIFNUM, (char *) &numifs) < 0)
{
/* can't get number of interfaces -- fall back */
@@ -4971,6 +4999,9 @@ char *OsCompileOptions[] =
#if HASSNPRINTF
"HASSNPRINTF",
#endif
+#if HAS_ST_GEN
+ "HAS_ST_GEN",
+#endif
#if HASSTRERROR
"HASSTRERROR",
#endif
@@ -4992,6 +5023,9 @@ char *OsCompileOptions[] =
#if IP_SRCROUTE
"IP_SRCROUTE",
#endif
+#if O_EXLOCK && HASFLOCK && !BOGUS_O_EXCL
+ "LOCK_ON_OPEN",
+#endif
#if NEEDFSYNC
"NEEDFSYNC",
#endif
@@ -5013,6 +5047,9 @@ char *OsCompileOptions[] =
#if SIOCGIFCONF_IS_BROKEN
"SIOCGIFCONF_IS_BROKEN",
#endif
+#if SIOCGIFNUM_IS_BROKEN
+ "SIOCGIFNUM_IS_BROKEN",
+#endif
#if SYS5SETPGRP
"SYS5SETPGRP",
#endif
diff --git a/usr.sbin/sendmail/src/conf.h b/usr.sbin/sendmail/src/conf.h
index bf81bbfa3421..7414904429d7 100644
--- a/usr.sbin/sendmail/src/conf.h
+++ b/usr.sbin/sendmail/src/conf.h
@@ -31,7 +31,7 @@
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
- * @(#)conf.h 8.313 (Berkeley) 6/11/97
+ * @(#)conf.h 8.328 (Berkeley) 8/3/97
*/
/*
@@ -192,7 +192,9 @@ struct rusage; /* forward declaration to get gcc to shut up in wait.h */
# ifdef V4FS
/* HP-UX 10.x */
# define _PATH_UNIX "/stand/vmunix"
-# define _PATH_VENDOR_CF "/etc/mail/sendmail.cf"
+# ifndef _PATH_VENDOR_CF
+# define _PATH_VENDOR_CF "/etc/mail/sendmail.cf"
+# endif
# ifndef _PATH_SENDMAILPID
# define _PATH_SENDMAILPID "/etc/mail/sendmail.pid"
# endif
@@ -203,13 +205,16 @@ struct rusage; /* forward declaration to get gcc to shut up in wait.h */
# else
/* HP-UX 9.x */
# define _PATH_UNIX "/hp-ux"
-# define _PATH_VENDOR_CF "/usr/lib/sendmail.cf"
+# ifndef _PATH_VENDOR_CF
+# define _PATH_VENDOR_CF "/usr/lib/sendmail.cf"
+# endif
# ifndef IDENTPROTO
# define IDENTPROTO 0 /* TCP/IP implementation is broken */
# endif
# ifdef __STDC__
extern void hard_syslog(int, char *, ...);
# endif
+# define FDSET_CAST (int *) /* cast for fd_set parameters to select */
# endif
#endif
@@ -220,10 +225,11 @@ extern void hard_syslog(int, char *, ...);
*/
#ifdef _AIX4
-# include <sys/select.h>
# define _AIX3 1 /* pull in AIX3 stuff */
# define USESETEUID 1 /* seteuid(2) works */
# define TZ_TYPE TZ_NAME /* use tzname[] vector */
+# define SOCKADDR_LEN_T size_t /* e.g., arg#3 to accept, getsockname */
+# define SOCKOPT_LEN_T size_t /* arg#5 to getsockopt */
# if _AIX4 >= 40200
# define HASSETREUID 1 /* setreuid(2) works as of AIX 4.2 */
# endif
@@ -237,6 +243,7 @@ extern void hard_syslog(int, char *, ...);
#ifdef _AIX3
# include <paths.h>
# include <sys/machine.h> /* to get byte order */
+# include <sys/select.h>
# define HASINITGROUPS 1 /* has initgroups(3) call */
# define HASUNAME 1 /* use System V uname(2) system call */
# define HASGETUSERSHELL 0 /* does not have getusershell(3) call */
@@ -398,7 +405,9 @@ typedef int pid_t;
# ifndef _PATH_UNIX
# define _PATH_UNIX "/dev/ksyms"
# endif
-# define _PATH_VENDOR_CF "/etc/mail/sendmail.cf"
+# ifndef _PATH_VENDOR_CF
+# define _PATH_VENDOR_CF "/etc/mail/sendmail.cf"
+# endif
# ifndef _PATH_SENDMAILPID
# define _PATH_SENDMAILPID "/etc/mail/sendmail.pid"
# endif
@@ -435,6 +444,7 @@ typedef int pid_t;
# endif
# define SFS_TYPE SFS_VFS /* use <sys/vfs.h> statfs() implementation */
# define TZ_TYPE TZ_TM_ZONE /* use tm->tm_zone */
+# include <memory.h>
# include <vfork.h>
# ifdef SUNOS403
@@ -585,12 +595,15 @@ extern long dgux_inet_addr();
# define HASINITGROUPS 1 /* has initgroups(3) call */
# define HASFCHMOD 1 /* has fchmod(2) syscall */
# define IP_SRCROUTE 1 /* can check IP source routing */
+# define HAS_ST_GEN 1 /* has st_gen field in stat struct */
# ifndef HASFLOCK
# define HASFLOCK 1 /* has flock(2) call */
# endif
# define LA_TYPE LA_ALPHAOSF
# define SFS_TYPE SFS_MOUNT /* use <sys/mount.h> statfs() impl */
-# define _PATH_VENDOR_CF "/var/adm/sendmail/sendmail.cf"
+# ifndef _PATH_VENDOR_CF
+# define _PATH_VENDOR_CF "/var/adm/sendmail/sendmail.cf"
+# endif
# ifndef _PATH_SENDMAILPID
# define _PATH_SENDMAILPID "/var/run/sendmail.pid"
# endif
@@ -625,10 +638,20 @@ typedef int pid_t;
# undef WEXITSTATUS
# undef WIFEXITED
# endif
-# define _PATH_VENDOR_CF "/etc/sendmail/sendmail.cf"
+# ifndef _PATH_VENDOR_CF
+# define _PATH_VENDOR_CF "/etc/sendmail/sendmail.cf"
+# endif
# ifndef _PATH_SENDMAILPID
# define _PATH_SENDMAILPID "/etc/sendmail/sendmail.pid"
# endif
+
+# ifdef TCPWRAPPERS
+# ifndef HASUNSETENV
+# define HASUNSETENV 1
+# endif
+# undef NEEDPUTENV
+# endif
+
#endif
@@ -645,6 +668,7 @@ typedef int pid_t;
# define HASFCHMOD 1 /* has fchmod(2) syscall */
# define HASSNPRINTF 1 /* has snprintf(3) and vsnprintf(3) */
# define HASSTRERROR 1 /* has strerror(3) */
+# define HAS_ST_GEN 1 /* has st_gen field in stat struct */
# include <sys/cdefs.h>
# define ERRLIST_PREDEFINED /* don't declare sys_errlist */
# define BSD4_4_SOCKADDR /* has sa_len */
@@ -671,6 +695,7 @@ typedef int pid_t;
# define HASSNPRINTF 1 /* has snprintf(3) and vsnprintf(3) */
# define HASUNAME 1 /* has uname(2) syscall */
# define HASSTRERROR 1 /* has strerror(3) */
+# define HAS_ST_GEN 1 /* has st_gen field in stat struct */
# include <sys/cdefs.h>
# define ERRLIST_PREDEFINED /* don't declare sys_errlist */
# define BSD4_4_SOCKADDR /* has sa_len */
@@ -713,6 +738,7 @@ typedef int pid_t;
# define HASSNPRINTF 1 /* has snprintf(3) and vsnprintf(3) */
# define HASUNAME 1 /* has uname(2) syscall */
# define HASSTRERROR 1 /* has strerror(3) */
+# define HAS_ST_GEN 1 /* has st_gen field in stat struct */
# include <sys/cdefs.h>
# define ERRLIST_PREDEFINED /* don't declare sys_errlist */
# define BSD4_4_SOCKADDR /* has sa_len */
@@ -772,7 +798,9 @@ typedef int pid_t;
# undef HASSETVBUF /* don't actually have setvbuf(3) */
# undef WEXITSTATUS
# undef WIFEXITED
-# define _PATH_VENDOR_CF "/usr/lib/sendmail.cf"
+# ifndef _PATH_VENDOR_CF
+# define _PATH_VENDOR_CF "/usr/lib/sendmail.cf"
+# endif
# ifndef _PATH_SENDMAILPID
# define _PATH_SENDMAILPID "/etc/sendmail.pid"
# endif
@@ -840,7 +868,9 @@ typedef int pid_t;
# ifndef LA_TYPE
# define LA_TYPE LA_FLOAT
# endif
-# define _PATH_VENDOR_CF "/usr/lib/sendmail.cf"
+# ifndef _PATH_VENDOR_CF
+# define _PATH_VENDOR_CF "/usr/lib/sendmail.cf"
+# endif
# ifndef IDENTPROTO
# define IDENTPROTO 0 /* TCP/IP implementation is broken */
# endif
@@ -884,6 +914,8 @@ extern int errno;
# define LA_TYPE LA_DEVSHORT
# endif
# define _PATH_AVENRUN "/dev/table/avenrun"
+# define SOCKADDR_LEN_T size_t /* e.g., arg#3 to accept, getsockname */
+# define SOCKOPT_LEN_T size_t /* arg#5 to getsockopt */
#endif
/* SCO UNIX 3.2v4.2/Open Desktop 3.0 */
@@ -908,7 +940,9 @@ extern int errno;
# define GID_T gid_t
# define GIDSET_T gid_t
# define _PATH_UNIX "/unix"
-# define _PATH_VENDOR_CF "/usr/lib/sendmail.cf"
+# ifndef _PATH_VENDOR_CF
+# define _PATH_VENDOR_CF "/usr/lib/sendmail.cf"
+# endif
# ifndef _PATH_SENDMAILPID
# define _PATH_SENDMAILPID "/etc/sendmail.pid"
# endif
@@ -949,7 +983,9 @@ extern int errno;
# define SFS_TYPE SFS_STATFS /* use <sys/statfs.h> statfs() impl */
# define SFS_BAVAIL f_bfree /* alternate field name */
# define _PATH_UNIX "/unix"
-# define _PATH_VENDOR_CF "/usr/lib/sendmail.cf"
+# ifndef _PATH_VENDOR_CF
+# define _PATH_VENDOR_CF "/usr/lib/sendmail.cf"
+# endif
# ifndef _PATH_SENDMAILPID
# define _PATH_SENDMAILPID "/etc/sendmail.pid"
# endif
@@ -1028,7 +1064,9 @@ extern struct group *getgrnam();
# define IP_SRCROUTE 0 /* Something is broken with getsockopt() */
# define LA_TYPE LA_FLOAT
# define SFS_TYPE SFS_VFS /* use <sys/vfs.h> statfs() implementation */
-# define _PATH_VENDOR_CF "/usr/lib/sendmail.cf"
+# ifndef _PATH_VENDOR_CF
+# define _PATH_VENDOR_CF "/usr/lib/sendmail.cf"
+# endif
# ifndef S_IREAD
# define S_IREAD _S_IREAD
# define S_IWRITE _S_IWRITE
@@ -1084,13 +1122,22 @@ extern struct group *getgrnam();
extern int errno;
typedef int pid_t;
-#define SIGFUNC_DEFINED
-#define SIGFUNC_RETURN (0)
-#define SIGFUNC_DECL int
+# define SIGFUNC_DEFINED
+# define SIGFUNC_RETURN (0)
+# define SIGFUNC_DECL int
typedef int (*sigfunc_t)();
extern char *getenv();
extern void *malloc();
+/* added for RISC/os 4.01...which is dumber than 4.50 */
+# ifdef RISCOS_4_0
+# ifndef ARBPTR_T
+# define ARBPTR_T char *
+# endif
+# undef HASFLOCK
+# define HASFLOCK 0
+# endif /* RISCOS_4_0 */
+
# include <sys/time.h>
#endif
@@ -1199,7 +1246,9 @@ extern void *malloc();
# ifndef _PATH_UNIX
# define _PATH_UNIX "/unix" /* should be in <paths.h> */
# endif
-# define _PATH_VENDOR_CF "/usr/lib/sendmail.cf"
+# ifndef _PATH_VENDOR_CF
+# define _PATH_VENDOR_CF "/usr/lib/sendmail.cf"
+# endif
# undef WIFEXITED
# undef WEXITSTATUS
#endif
@@ -1279,8 +1328,9 @@ typedef int pid_t;
# ifndef _PATH_UNIX
# define _PATH_UNIX "/dynix"
# endif
-# define _PATH_VENDOR_CF "/usr/lib/sendmail.cf"
-
+# ifndef _PATH_VENDOR_CF
+# define _PATH_VENDOR_CF "/usr/lib/sendmail.cf"
+# endif
#endif
@@ -1308,7 +1358,9 @@ typedef int pid_t;
# ifndef IDENTPROTO
# define IDENTPROTO 0 /* TCP/IP implementation is broken */
# endif
-# define _PATH_VENDOR_CF "/usr/lib/sendmail.cf"
+# ifndef _PATH_VENDOR_CF
+# define _PATH_VENDOR_CF "/usr/lib/sendmail.cf"
+# endif
# ifndef _PATH_SENDMAILPID
# define _PATH_SENDMAILPID "/etc/sendmail.pid"
# endif
@@ -1349,7 +1401,9 @@ typedef int pid_t;
# define SFS_TYPE SFS_4ARGS /* four argument statfs() call */
# define SFS_BAVAIL f_bfree /* alternate field name */
# define TZ_TYPE TZ_TZNAME
-# define _PATH_VENDOR_CF "/usr/lib/sendmail.cf"
+# ifndef _PATH_VENDOR_CF
+# define _PATH_VENDOR_CF "/usr/lib/sendmail.cf"
+# endif
# ifndef _PATH_SENDMAILPID
# define _PATH_SENDMAILPID "/etc/sendmail.pid"
# endif
@@ -1373,6 +1427,7 @@ typedef int pid_t;
#ifdef UNIXWARE2
# define UNIXWARE 1
# define HASSNPRINTF 1 /* has snprintf(3) and vsnprintf(3) */
+# undef offsetof /* avoid stddefs.h, sys/sysmacros.h conflict */
#endif
@@ -1397,7 +1452,9 @@ typedef int pid_t;
# undef WIFEXITED
# undef WEXITSTATUS
# define _PATH_UNIX "/unix"
-# define _PATH_VENDOR_CF "/usr/ucblib/sendmail.cf"
+# ifndef _PATH_VENDOR_CF
+# define _PATH_VENDOR_CF "/usr/ucblib/sendmail.cf"
+# endif
# ifndef _PATH_SENDMAILPID
# define _PATH_SENDMAILPID "/usr/ucblib/sendmail.pid"
# endif
@@ -1447,8 +1504,9 @@ typedef int pid_t;
#ifdef NCR_MP_RAS3
# define __svr4__
+# define SIOCGIFNUM_IS_BROKEN 1 /* SIOCGIFNUM has non-std interface */
# define SYSLOG_BUFSIZE 1024
-# define SPT_TYPE SPT_NONE
+# define SPT_TYPE SPT_NONE
#endif
@@ -1483,7 +1541,9 @@ typedef int pid_t;
# ifndef _PATH_UNIX
# define _PATH_UNIX "/HI-UX"
# endif
-# define _PATH_VENDOR_CF "/usr/lib/sendmail.cf"
+# ifndef _PATH_VENDOR_CF
+# define _PATH_VENDOR_CF "/usr/lib/sendmail.cf"
+# endif
# ifndef IDENTPROTO
# define IDENTPROTO 0 /* TCP/IP implementation is broken */
# endif
@@ -1524,7 +1584,9 @@ extern int syslog(int, char *, ...);
# define SFS_TYPE SFS_4ARGS /* use 4-arg statfs() */
# define SFS_BAVAIL f_bfree /* alternate field name */
# define _PATH_UNIX "/unix"
-# define _PATH_VENDOR_CF "/usr/lib/sendmail.cf"
+# ifndef _PATH_VENDOR_CF
+# define _PATH_VENDOR_CF "/usr/lib/sendmail.cf"
+# endif
#endif
/*
@@ -1594,7 +1656,9 @@ typedef int (*sigfunc_t)();
# define SYSLOG_BUFSIZE 1024
# endif
# define _PATH_UNIX "/stand/unix"
-# define _PATH_VENDOR_CF "/etc/mail/sendmail.cf"
+# ifndef _PATH_VENDOR_CF
+# define _PATH_VENDOR_CF "/etc/mail/sendmail.cf"
+# endif
# ifndef _PATH_SENDMAILPID
# define _PATH_SENDMAILPID "/etc/mail/sendmail.pid"
# endif
@@ -1643,7 +1707,9 @@ typedef int (*sigfunc_t)();
# define SIGFUNC_DECL int
extern char *getenv();
extern int errno;
-# define _PATH_VENDOR_CF "/usr/lib/sendmail.cf"
+# ifndef _PATH_VENDOR_CF
+# define _PATH_VENDOR_CF "/usr/lib/sendmail.cf"
+# endif
#endif
@@ -1692,7 +1758,9 @@ extern int errno;
# define HASSNPRINTF 1 /* has snprintf(3) and vsnprintf(3) */
# endif
# define _PATH_UNIX "/stand/unix"
-# define _PATH_VENDOR_CF "/usr/ucblib/sendmail.cf"
+# ifndef _PATH_VENDOR_CF
+# define _PATH_VENDOR_CF "/usr/ucblib/sendmail.cf"
+# endif
# ifndef _PATH_SENDMAILPID
# define _PATH_SENDMAILPID "/usr/ucblib/sendmail.pid"
# endif
@@ -1755,7 +1823,9 @@ extern int errno;
# ifndef __svr4__
# define __svr4__
# endif
-# define _PATH_VENDOR_CF "/etc/mail/sendmail.cf"
+# ifndef _PATH_VENDOR_CF
+# define _PATH_VENDOR_CF "/etc/mail/sendmail.cf"
+# endif
# ifndef _PATH_SENDMAILPID
# define _PATH_SENDMAILPID "/etc/mail/sendmail.pid"
# endif
@@ -1950,6 +2020,10 @@ typedef struct msgb mblk_t;
# define USE_SIGLONGJMP 0 /* assume setjmp handles signals properly */
#endif
+#ifndef FDSET_CAST
+# define FDSET_CAST /* (empty) cast for fd_set arg to select */
+#endif
+
/*
** If no type for argument two of getgroups call is defined, assume
** it's an integer -- unfortunately, there seem to be several choices
@@ -1979,6 +2053,14 @@ typedef struct msgb mblk_t;
#ifndef ARGV_T
# define ARGV_T char **
#endif
+
+#ifndef SOCKADDR_LEN_T
+# define SOCKADDR_LEN_T int
+#endif
+
+#ifndef SOCKOPT_LEN_T
+# define SOCKOPT_LEN_T int
+#endif
/**********************************************************************
** Remaining definitions should never have to be changed. They are
** primarily to provide back compatibility for older systems -- for
@@ -2073,28 +2155,6 @@ extern int h_errno;
#endif
/*
-** The size of an IP address -- can't use sizeof because of problems
-** on Crays, where everything is 64 bits. This will break if/when
-** IP addresses are expanded to eight bytes.
-*/
-
-#ifndef INADDRSZ
-# define INADDRSZ 4
-#endif
-
-/*
-** The size of various known types -- for reading network protocols.
-** Again, we can't use sizeof because of compiler randomness.
-*/
-
-#ifndef INT16SZ
-# define INT16SZ 2
-#endif
-#ifndef INT32SZ
-# define INT32SZ 4
-#endif
-
-/*
** Do some required dependencies
*/
@@ -2252,12 +2312,17 @@ typedef void (*sigfunc_t) __P((int));
*/
#if USE_SIGLONGJMP
-/* Silly SCO /usr/include/setjmp.h file has #define setjmp(env) setjmp(env) */
+# ifdef jmp_buf
+# undef jmp_buf
+# endif
+# define jmp_buf sigjmp_buf
# ifdef setjmp
# undef setjmp
# endif
-# define jmp_buf sigjmp_buf
# define setjmp(env) sigsetjmp(env, 1)
+# ifdef longjmp
+# undef longjmp
+# endif
# define longjmp(env, val) siglongjmp(env, val)
#endif
diff --git a/usr.sbin/sendmail/src/daemon.c b/usr.sbin/sendmail/src/daemon.c
index 41f1a7286d77..bc8fd6f1e906 100644
--- a/usr.sbin/sendmail/src/daemon.c
+++ b/usr.sbin/sendmail/src/daemon.c
@@ -37,9 +37,9 @@
#ifndef lint
#ifdef DAEMON
-static char sccsid[] = "@(#)daemon.c 8.175 (Berkeley) 6/1/97 (with daemon mode)";
+static char sccsid[] = "@(#)daemon.c 8.186 (Berkeley) 8/2/97 (with daemon mode)";
#else
-static char sccsid[] = "@(#)daemon.c 8.175 (Berkeley) 6/1/97 (without daemon mode)";
+static char sccsid[] = "@(#)daemon.c 8.186 (Berkeley) 8/2/97 (without daemon mode)";
#endif
#endif /* not lint */
@@ -130,6 +130,7 @@ getrequests(e)
bool refusingconnections = TRUE;
FILE *pidf;
int socksize;
+ u_short port;
#if XDEBUG
bool j_has_dot;
#endif
@@ -140,11 +141,24 @@ getrequests(e)
** Set up the address for the mailer.
*/
- if (DaemonAddr.sin.sin_family == 0)
- DaemonAddr.sin.sin_family = AF_INET;
- if (DaemonAddr.sin.sin_addr.s_addr == 0)
- DaemonAddr.sin.sin_addr.s_addr = INADDR_ANY;
- if (DaemonAddr.sin.sin_port == 0)
+ switch (DaemonAddr.sa.sa_family)
+ {
+ case AF_UNSPEC:
+ DaemonAddr.sa.sa_family = AF_INET;
+ /* fall through ... */
+
+ case AF_INET:
+ if (DaemonAddr.sin.sin_addr.s_addr == 0)
+ DaemonAddr.sin.sin_addr.s_addr = INADDR_ANY;
+ port = DaemonAddr.sin.sin_port;
+ break;
+
+ default:
+ /* unknown protocol */
+ port = 0;
+ break;
+ }
+ if (port == 0)
{
register struct servent *sp;
@@ -152,10 +166,21 @@ getrequests(e)
if (sp == NULL)
{
syserr("554 service \"smtp\" unknown");
- DaemonAddr.sin.sin_port = htons(25);
+ port = htons(25);
}
else
- DaemonAddr.sin.sin_port = sp->s_port;
+ port = sp->s_port;
+ }
+
+ switch (DaemonAddr.sa.sa_family)
+ {
+ case AF_INET:
+ DaemonAddr.sin.sin_port = port;
+ break;
+
+ default:
+ /* unknown protocol */
+ break;
}
/*
@@ -171,7 +196,7 @@ getrequests(e)
(void) setsignal(SIGCHLD, reapchild);
/* write the pid to the log file for posterity */
- pidf = safefopen(PidFile, O_WRONLY|O_CREAT|O_TRUNC, 0644,
+ pidf = safefopen(PidFile, O_WRONLY|O_TRUNC, 0644,
SFF_NOLINK|SFF_ROOTOK|SFF_REGONLY|SFF_CREAT);
if (pidf == NULL)
{
@@ -206,7 +231,7 @@ getrequests(e)
for (;;)
{
register pid_t pid;
- auto int lotherend;
+ auto SOCKADDR_LEN_T lotherend;
int savederrno;
int pipefd[2];
extern bool refuseconnections();
@@ -281,7 +306,8 @@ getrequests(e)
timeout.tv_sec = 60;
timeout.tv_usec = 0;
- t = select(DaemonSocket + 1, &readfds, NULL, NULL, &timeout);
+ t = select(DaemonSocket + 1, FDSET_CAST &readfds,
+ NULL, NULL, &timeout);
if (DoQueueRun)
(void) runqueue(TRUE, FALSE);
if (t <= 0 || !FD_ISSET(DaemonSocket, &readfds))
@@ -972,7 +998,7 @@ gothostent:
}
else
{
- s = socket(AF_INET, SOCK_STREAM, 0);
+ s = socket(addr.sa.sa_family, SOCK_STREAM, 0);
}
if (s < 0)
{
@@ -1176,6 +1202,35 @@ myhostname(hostbuf, size)
return (hp);
}
/*
+** ADDRCMP -- compare two host addresses
+**
+** Parameters:
+** hp -- hostent structure for the first address
+** ha -- actual first address
+** sa -- second address
+**
+** Returns:
+** 0 -- if ha and sa match
+** else -- they don't match
+*/
+
+int
+addrcmp(hp, ha, sa)
+ struct hostent *hp;
+ char *ha;
+ SOCKADDR *sa;
+{
+ switch (sa->sa.sa_family)
+ {
+ case AF_INET:
+ if (hp->h_addrtype == AF_INET)
+ return bcmp(ha, (char *) &sa->sin.sin_addr, hp->h_length);
+ break;
+
+ }
+ return -1;
+}
+ /*
** GETAUTHINFO -- get the real host name asociated with a file descriptor
**
** Uses RFC1413 protocol to try to get info from the other end.
@@ -1199,10 +1254,10 @@ char *
getauthinfo(fd)
int fd;
{
- int falen;
+ SOCKADDR_LEN_T falen;
register char *volatile p = NULL;
SOCKADDR la;
- int lalen;
+ SOCKADDR_LEN_T lalen;
register struct servent *sp;
volatile int s;
int i;
@@ -1239,19 +1294,22 @@ getauthinfo(fd)
/* address is not a socket */
may_be_forged = FALSE;
}
+ else if (RealHostName[0] == '[')
+ {
+ /* have IP address with no forward lookup */
+ may_be_forged = FALSE;
+ }
else
{
/* try to match the reverse against the forward lookup */
- hp = gethostbyname(RealHostName);
+ hp = sm_gethostbyname(RealHostName);
if (hp == NULL)
may_be_forged = TRUE;
else
{
for (ha = hp->h_addr_list; *ha != NULL; ha++)
- if (bcmp(*ha,
- (char *) &RealHostAddr.sin.sin_addr,
- hp->h_length) == 0)
+ if (addrcmp(hp, *ha, &RealHostAddr) == 0)
break;
may_be_forged = *ha == NULL;
}
@@ -1412,7 +1470,8 @@ postident:
if (RealHostAddr.sa.sa_family == AF_INET)
{
- int ipoptlen, j;
+ SOCKOPT_LEN_T ipoptlen;
+ int j;
u_char *q;
u_char *o;
int l;
@@ -1573,6 +1632,14 @@ host_map_lookup(map, name, av, statp)
}
if (*statp != EX_OK)
return NULL;
+ if (s->s_namecanon.nc_cname == NULL)
+ {
+ syserr("host_map_lookup(%s): bogus NULL cache entry, errno = %d, h_errno = %d",
+ name,
+ s->s_namecanon.nc_errno,
+ s->s_namecanon.nc_herrno);
+ return NULL;
+ }
if (bitset(MF_MATCHONLY, map->map_mflags))
cp = map_rewrite(map, name, strlen(name), NULL);
else
@@ -1959,7 +2026,7 @@ hostnamebyanyaddr(sap)
_res.retry = saveretry;
#endif /* NAMED_BIND */
- if (hp != NULL)
+ if (hp != NULL && hp->h_name[0] != '[')
return (char *) hp->h_name;
else
{
diff --git a/usr.sbin/sendmail/src/deliver.c b/usr.sbin/sendmail/src/deliver.c
index c98c4bcbca98..741af15de1dd 100644
--- a/usr.sbin/sendmail/src/deliver.c
+++ b/usr.sbin/sendmail/src/deliver.c
@@ -33,7 +33,7 @@
*/
#ifndef lint
-static char sccsid[] = "@(#)deliver.c 8.282 (Berkeley) 6/11/97";
+static char sccsid[] = "@(#)deliver.c 8.285 (Berkeley) 8/2/97";
#endif /* not lint */
#include "sendmail.h"
@@ -543,7 +543,7 @@ sendall(e, mode)
}
/* be sure to give error messages in child */
- QuickAbort = OnlyOneError = FALSE;
+ QuickAbort = FALSE;
/*
** Close any cached connections.
@@ -3105,7 +3105,7 @@ mailfile(filename, ctladdr, sfflags, e)
{
register FILE *f;
register pid_t pid = -1;
- int mode;
+ int mode = ST_MODE_NOFILE;
bool suidwarn = geteuid() == 0;
if (tTd(11, 1))
@@ -3153,19 +3153,20 @@ mailfile(filename, ctladdr, sfflags, e)
ExitStat = EX_OK;
#ifdef HASLSTAT
- if ((SafeFileEnv != NULL ? lstat(filename, &stb)
- : stat(filename, &stb)) < 0)
+ if (lstat(filename, &stb) < 0)
#else
if (stat(filename, &stb) < 0)
#endif
{
- stb.st_mode = FileMode;
+ stb.st_mode = ST_MODE_NOFILE;
+ mode = FileMode;
oflags |= O_CREAT|O_EXCL;
}
else if (bitset(0111, stb.st_mode) || stb.st_nlink != 1 ||
(SafeFileEnv != NULL && !S_ISREG(stb.st_mode)))
exit(EX_CANTCREAT);
- mode = stb.st_mode;
+ if (mode == ST_MODE_NOFILE)
+ mode = stb.st_mode;
/* limit the errors to those actually caused in the child */
errno = 0;
@@ -3275,6 +3276,11 @@ mailfile(filename, ctladdr, sfflags, e)
message("554 cannot open: %s", errstring(errno));
exit(EX_CANTCREAT);
}
+ if (filechanged(filename, fileno(f), &stb, sfflags))
+ {
+ message("554 file changed after open");
+ exit(EX_CANTCREAT);
+ }
if (fstat(fileno(f), &stb) < 0)
{
message("554 cannot fstat %s", errstring(errno));
diff --git a/usr.sbin/sendmail/src/domain.c b/usr.sbin/sendmail/src/domain.c
index 802ae6cbd33e..2031726ba447 100644
--- a/usr.sbin/sendmail/src/domain.c
+++ b/usr.sbin/sendmail/src/domain.c
@@ -36,9 +36,9 @@
#ifndef lint
#if NAMED_BIND
-static char sccsid[] = "@(#)domain.c 8.67 (Berkeley) 4/9/97 (with name server)";
+static char sccsid[] = "@(#)domain.c 8.68 (Berkeley) 8/2/97 (with name server)";
#else
-static char sccsid[] = "@(#)domain.c 8.67 (Berkeley) 4/9/97 (without name server)";
+static char sccsid[] = "@(#)domain.c 8.68 (Berkeley) 8/2/97 (without name server)";
#endif
#endif /* not lint */
@@ -854,12 +854,15 @@ gethostalias(host)
char *fname;
FILE *fp;
register char *p = NULL;
+ int sff = SFF_REGONLY;
char buf[MAXLINE];
static char hbuf[MAXDNAME];
+ if (DontLockReadFiles)
+ sff |= SFF_NOLOCK;
fname = getenv("HOSTALIASES");
if (fname == NULL ||
- (fp = safefopen(fname, O_RDONLY, 0, SFF_REGONLY)) == NULL)
+ (fp = safefopen(fname, O_RDONLY, 0, sff)) == NULL)
return NULL;
while (fgets(buf, sizeof buf, fp) != NULL)
{
diff --git a/usr.sbin/sendmail/src/envelope.c b/usr.sbin/sendmail/src/envelope.c
index 4dc07ae7fc33..3e0fc204020d 100644
--- a/usr.sbin/sendmail/src/envelope.c
+++ b/usr.sbin/sendmail/src/envelope.c
@@ -33,7 +33,7 @@
*/
#ifndef lint
-static char sccsid[] = "@(#)envelope.c 8.104 (Berkeley) 6/3/97";
+static char sccsid[] = "@(#)envelope.c 8.105 (Berkeley) 6/24/97";
#endif /* not lint */
#include "sendmail.h"
@@ -178,7 +178,7 @@ dropenvelope(e, fulldrop)
{
failure_return = TRUE;
if (q->q_owner == NULL && !emptyaddr(&e->e_from))
- (void) sendtolist(e->e_from.q_paddr, NULL,
+ (void) sendtolist(e->e_from.q_paddr, NULLADDR,
&e->e_errorqueue, 0, e);
}
else if (bitset(QPINGONSUCCESS, q->q_flags) &&
diff --git a/usr.sbin/sendmail/src/err.c b/usr.sbin/sendmail/src/err.c
index 5bec0884d02a..f4f95e6cd0f2 100644
--- a/usr.sbin/sendmail/src/err.c
+++ b/usr.sbin/sendmail/src/err.c
@@ -33,7 +33,7 @@
*/
#ifndef lint
-static char sccsid[] = "@(#)err.c 8.62 (Berkeley) 6/5/97";
+static char sccsid[] = "@(#)err.c 8.64 (Berkeley) 7/25/97";
#endif /* not lint */
# include "sendmail.h"
@@ -112,7 +112,7 @@ syserr(fmt, va_alist)
puterrmsg(MsgBuf);
/* save this message for mailq printing */
- if (!panic)
+ if (!panic && CurEnv != NULL)
{
if (CurEnv->e_message != NULL)
free(CurEnv->e_message);
@@ -140,9 +140,10 @@ syserr(fmt, va_alist)
}
if (LogLevel > 0)
- sm_syslog(panic ? LOG_ALERT : LOG_CRIT, CurEnv->e_id,
- "SYSERR(%s): %.900s",
- uname, &MsgBuf[4]);
+ sm_syslog(panic ? LOG_ALERT : LOG_CRIT,
+ CurEnv == NULL ? NOQID : CurEnv->e_id,
+ "SYSERR(%s): %.900s",
+ uname, &MsgBuf[4]);
switch (olderrno)
{
case EBADF:
@@ -178,7 +179,7 @@ syserr(fmt, va_alist)
exit(EX_OSERR);
}
errno = 0;
- if (QuickAbort || (OnlyOneError && !HoldErrs))
+ if (QuickAbort)
longjmp(TopFrame, 2);
}
/*
@@ -254,7 +255,7 @@ usrerr(fmt, va_alist)
"%.900s",
&MsgBuf[4]);
- if (QuickAbort || (OnlyOneError && !HoldErrs))
+ if (QuickAbort)
longjmp(TopFrame, 1);
}
/*
@@ -397,7 +398,8 @@ putoutmsg(msg, holdmsg, heldmsg)
msg[0] = '4';
/* output to transcript if serious */
- if (!heldmsg && CurEnv->e_xfp != NULL && strchr("45", msg[0]) != NULL)
+ if (!heldmsg && CurEnv != NULL && CurEnv->e_xfp != NULL &&
+ strchr("45", msg[0]) != NULL)
fprintf(CurEnv->e_xfp, "%s\n", msg);
if (LogLevel >= 15 && (OpMode == MD_SMTP || OpMode == MD_DAEMON))
@@ -421,6 +423,9 @@ putoutmsg(msg, holdmsg, heldmsg)
(void) fflush(stdout);
+ if (OutChannel == NULL)
+ return;
+
/* if DisConnected, OutChannel now points to the transcript */
if (!DisConnected &&
(OpMode == MD_SMTP || OpMode == MD_DAEMON || OpMode == MD_ARPAFTP))
@@ -441,7 +446,8 @@ putoutmsg(msg, holdmsg, heldmsg)
** rude servers don't read result.
*/
- if (feof(InChannel) || ferror(InChannel) || strncmp(msg, "221", 3) == 0)
+ if (InChannel == NULL || feof(InChannel) || ferror(InChannel) ||
+ strncmp(msg, "221", 3) == 0)
return;
/* can't call syserr, 'cause we are using MsgBuf */
@@ -474,8 +480,16 @@ puterrmsg(msg)
/* output the message as usual */
putoutmsg(msg, HoldErrs, FALSE);
+ /* be careful about multiple error messages */
+ if (OnlyOneError)
+ HoldErrs = TRUE;
+
/* signal the error */
Errors++;
+
+ if (CurEnv == NULL)
+ return;
+
if (msgcode == '6')
{
/* notify the postmaster */
diff --git a/usr.sbin/sendmail/src/headers.c b/usr.sbin/sendmail/src/headers.c
index a4ece010dded..5bfd40003310 100644
--- a/usr.sbin/sendmail/src/headers.c
+++ b/usr.sbin/sendmail/src/headers.c
@@ -33,7 +33,7 @@
*/
#ifndef lint
-static char sccsid[] = "@(#)headers.c 8.110 (Berkeley) 6/14/97";
+static char sccsid[] = "@(#)headers.c 8.111 (Berkeley) 7/9/97";
#endif /* not lint */
# include <errno.h>
@@ -192,7 +192,8 @@ chompheader(line, def, hdrp, e)
printf("no header flags match\n");
else
printf("header match, flags=%x, ruleset=%s\n",
- hi->hi_flags, hi->hi_ruleset);
+ hi->hi_flags,
+ hi->hi_ruleset == NULL ? "<NULL>" : hi->hi_ruleset);
}
/* see if this is a resent message */
diff --git a/usr.sbin/sendmail/src/main.c b/usr.sbin/sendmail/src/main.c
index 880b181ca25f..5a303822edc2 100644
--- a/usr.sbin/sendmail/src/main.c
+++ b/usr.sbin/sendmail/src/main.c
@@ -39,7 +39,7 @@ static char copyright[] =
#endif /* not lint */
#ifndef lint
-static char sccsid[] = "@(#)main.c 8.246 (Berkeley) 6/11/97";
+static char sccsid[] = "@(#)main.c 8.249 (Berkeley) 7/25/97";
#endif /* not lint */
#define _DEFINE
@@ -93,6 +93,7 @@ ADDRESS NullAddress = /* a null address */
char *CommandLineArgs; /* command line args for pid file */
bool Warn_Q_option = FALSE; /* warn about Q option use */
char **SaveArgv; /* argument vector for re-execing */
+int MissingFds = 0; /* bit map of fds missing on startup */
#ifdef NGROUPS_MAX
GIDSET_T InitialGidSet[NGROUPS_MAX];
@@ -164,7 +165,6 @@ main(argc, argv, envp)
extern void printqueue __P((void));
extern void sendtoargv __P((char **, ENVELOPE *));
extern void resetlimits __P((void));
- extern void drop_privileges __P((void));
/*
** Check to see if we reentered.
@@ -185,11 +185,6 @@ main(argc, argv, envp)
/* do machine-dependent initializations */
init_md(argc, argv);
-#ifdef SIGUSR1
- /* arrange to dump state on user-1 signal */
- setsignal(SIGUSR1, sigusr1);
-#endif
-
/* in 4.4BSD, the table can be huge; impose a reasonable limit */
DtableSize = getdtsize();
if (DtableSize > 256)
@@ -200,15 +195,9 @@ main(argc, argv, envp)
** But also be sure that 0, 1, & 2 are open.
*/
- i = open("/dev/null", O_RDWR, 0);
- if (fstat(STDIN_FILENO, &stb) < 0 && errno != EOPNOTSUPP)
- (void) dup2(i, STDIN_FILENO);
- if (fstat(STDOUT_FILENO, &stb) < 0 && errno != EOPNOTSUPP)
- (void) dup2(i, STDOUT_FILENO);
- if (fstat(STDERR_FILENO, &stb) < 0 && errno != EOPNOTSUPP)
- (void) dup2(i, STDERR_FILENO);
- if (i != STDIN_FILENO && i != STDOUT_FILENO && i != STDERR_FILENO)
- (void) close(i);
+ fill_fd(STDIN_FILENO, NULL);
+ fill_fd(STDOUT_FILENO, NULL);
+ fill_fd(STDERR_FILENO, NULL);
i = DtableSize;
while (--i > 0)
@@ -226,6 +215,28 @@ main(argc, argv, envp)
# endif
#endif
+ if (MissingFds != 0)
+ {
+ char mbuf[MAXLINE];
+
+ mbuf[0] = '\0';
+ if (bitset(1 << STDIN_FILENO, MissingFds))
+ strcat(mbuf, ", stdin");
+ if (bitset(1 << STDOUT_FILENO, MissingFds))
+ strcat(mbuf, ", stdout");
+ if (bitset(1 << STDERR_FILENO, MissingFds))
+ strcat(mbuf, ", stderr");
+ syserr("File descriptors missing on startup: %s", &mbuf[2]);
+ }
+
+ /* reset status from syserr() calls for missing file descriptors */
+ Errors = 0;
+ ExitStat = EX_OK;
+
+#if XDEBUG
+ checkfd012("after openlog");
+#endif
+
tTsetup(tTdvect, sizeof tTdvect, "0-99.1");
#ifdef NGROUPS_MAX
@@ -238,7 +249,12 @@ main(argc, argv, envp)
#endif
/* drop group id privileges (RunAsUser not yet set) */
- drop_privileges();
+ (void) drop_privileges(FALSE);
+
+#ifdef SIGUSR1
+ /* arrange to dump state on user-1 signal */
+ setsignal(SIGUSR1, sigusr1);
+#endif
/* Handle any non-getoptable constructions. */
obsolete(argv);
@@ -301,6 +317,17 @@ main(argc, argv, envp)
(void) snprintf(rnamebuf, sizeof rnamebuf, "Unknown UID %d", RealUid);
RealUserName = rnamebuf;
+ /* if running non-setuid binary, pretend we are the RunAsUid */
+ if (geteuid() == RealUid)
+ {
+ if (tTd(47, 1))
+ printf("Non-setuid binary: RunAsUid = RealUid = %d\n",
+ RealUid);
+ RunAsUid = RealUid;
+ }
+ if (getegid() == RealGid)
+ RunAsGid = RealGid;
+
/* save command line arguments */
i = 0;
for (av = argv; *av != NULL; )
@@ -572,9 +599,7 @@ main(argc, argv, envp)
if (RealUid != 0)
warn_C_flag = TRUE;
ConfFile = optarg;
- endpwent();
- (void) setgid(RealGid);
- (void) setuid(RealUid);
+ (void) drop_privileges(TRUE);
safecf = FALSE;
break;
@@ -726,9 +751,7 @@ main(argc, argv, envp)
break;
case 'X': /* traffic log file */
- endpwent();
- setgid(RealGid);
- setuid(RealUid);
+ (void) drop_privileges(TRUE);
TrafficLogFile = fopen(optarg, "a");
if (TrafficLogFile == NULL)
{
@@ -815,7 +838,7 @@ main(argc, argv, envp)
if (OpMode != MD_DAEMON && OpMode != MD_FGDAEMON)
{
/* drop privileges -- daemon mode done after socket/bind */
- drop_privileges();
+ (void) drop_privileges(FALSE);
}
/*
@@ -1351,7 +1374,7 @@ main(argc, argv, envp)
nullserver = getrequests(CurEnv);
/* drop privileges */
- drop_privileges();
+ (void) drop_privileges(FALSE);
/* at this point we are in a child: reset state */
(void) newenvelope(CurEnv, CurEnv);
@@ -2017,11 +2040,11 @@ sighup(sig)
sm_syslog(LOG_INFO, NOQID, "restarting %s on signal", SaveArgv[0]);
alarm(0);
releasesignal(SIGHUP);
- if (setgid(RealGid) < 0 || setuid(RealUid) < 0)
+ if (drop_privileges(TRUE) != EX_OK)
{
if (LogLevel > 0)
sm_syslog(LOG_ALERT, NOQID, "could not set[ug]id(%d, %d): %m",
- RealUid, RealGid);
+ RunAsUid, RunAsGid);
exit(EX_OSERR);
}
execv(SaveArgv[0], (ARGV_T) SaveArgv);
@@ -2033,26 +2056,91 @@ sighup(sig)
** DROP_PRIVILEGES -- reduce privileges to those of the RunAsUser option
**
** Parameters:
-** none.
+** to_real_uid -- if set, drop to the real uid instead
+** of the RunAsUser.
**
** Returns:
-** none.
+** EX_OSERR if the setuid failed.
+** EX_OK otherwise.
*/
-void
-drop_privileges()
+int
+drop_privileges(to_real_uid)
+ bool to_real_uid;
{
+ int rval = EX_OK;
#ifdef NGROUPS_MAX
- /* reset group permissions; these can be set later */
GIDSET_T emptygidset[NGROUPS_MAX];
+#endif
+
+ if (tTd(47, 1))
+ printf("drop_privileges(%d): Real[UG]id=%d:%d, RunAs[UG]id=%d:%d\n",
+ to_real_uid, RealUid, RealGid, RunAsUid, RunAsGid);
+
+ if (to_real_uid)
+ {
+ RunAsUserName = RealUserName;
+ RunAsUid = RealUid;
+ RunAsGid = RealGid;
+ }
+
+ /* make sure no one can grab open descriptors for secret files */
+ endpwent();
+#ifdef NGROUPS_MAX
+ /* reset group permissions; these can be set later */
emptygidset[0] = RunAsGid == 0 ? getegid() : RunAsGid;
(void) setgroups(1, emptygidset);
#endif
- if (RunAsGid != 0)
- (void) setgid(RunAsGid);
- if (RunAsUid != 0)
- (void) setuid(RunAsUid);
+
+ /* reset primary group and user id */
+ if (RunAsGid != 0 && setgid(RunAsGid) < 0)
+ rval = EX_OSERR;
+ if (RunAsUid != 0 && setuid(RunAsUid) < 0)
+ rval = EX_OSERR;
+ return rval;
+}
+ /*
+** FILL_FD -- make sure a file descriptor has been properly allocated
+**
+** Used to make sure that stdin/out/err are allocated on startup
+**
+** Parameters:
+** fd -- the file descriptor to be filled.
+** where -- a string used for logging. If NULL, this is
+** being called on startup, and logging should
+** not be done.
+**
+** Returns:
+** none
+*/
+
+void
+fill_fd(fd, where)
+ int fd;
+ char *where;
+{
+ int i;
+ struct stat stbuf;
+
+ if (fstat(fd, &stbuf) >= 0 || errno != EBADF)
+ return;
+
+ if (where != NULL)
+ syserr("fill_fd: %s: fd %d not open", where, fd);
+ else
+ MissingFds |= 1 << fd;
+ i = open("/dev/null", fd == 0 ? O_RDONLY : O_WRONLY, 0666);
+ if (i < 0)
+ {
+ syserr("!fill_fd: %s: cannot open /dev/null",
+ where == NULL ? "startup" : where);
+ }
+ if (fd != i)
+ {
+ (void) dup2(i, fd);
+ (void) close(i);
+ }
}
/*
** TESTMODELINE -- process a test mode input line
diff --git a/usr.sbin/sendmail/src/map.c b/usr.sbin/sendmail/src/map.c
index e0a0fd240884..88e82b19f98a 100644
--- a/usr.sbin/sendmail/src/map.c
+++ b/usr.sbin/sendmail/src/map.c
@@ -33,7 +33,7 @@
*/
#ifndef lint
-static char sccsid[] = "@(#)map.c 8.168 (Berkeley) 6/14/97";
+static char sccsid[] = "@(#)map.c 8.181 (Berkeley) 7/9/97";
#endif /* not lint */
#include "sendmail.h"
@@ -113,14 +113,6 @@ extern bool extract_canonname __P((char *, char *, char[], int));
# define LOCK_ON_OPEN 0 /* no such luck -- bend over backwards */
#endif
-#ifndef O_LEAVELOCKED
-# if O_SHLOCK
-# define O_LEAVELOCKED O_SHLOCK
-# else
-# define O_LEAVELOCKED 0x1000
-# endif
-#endif
-
#ifndef O_ACCMODE
# define O_ACCMODE (O_RDONLY|O_WRONLY|O_RDWR)
#endif
@@ -733,7 +725,7 @@ extract_canonname(name, line, cbuf, cbuflen)
#ifdef NDBM
/*
-** DBM_MAP_OPEN -- DBM-style map open
+** NDBM_MAP_OPEN -- DBM-style map open
*/
bool
@@ -743,7 +735,8 @@ ndbm_map_open(map, mode)
{
register DBM *dbm;
struct stat st;
- int fd;
+ int dfd;
+ int pfd;
int sff;
int ret;
int smode = S_IREAD;
@@ -760,10 +753,10 @@ ndbm_map_open(map, mode)
/* do initial file and directory checks */
snprintf(dirfile, sizeof dirfile, "%s.dir", map->map_file);
snprintf(pagfile, sizeof pagfile, "%s.pag", map->map_file);
- sff = SFF_ROOTOK|SFF_REGONLY|SFF_CREAT;
+ sff = SFF_ROOTOK|SFF_REGONLY;
if (mode == O_RDWR)
{
- sff |= SFF_NOLINK;
+ sff |= SFF_NOLINK|SFF_CREAT;
smode = S_IWRITE;
}
else
@@ -786,13 +779,21 @@ ndbm_map_open(map, mode)
return FALSE;
}
if (std.st_mode == ST_MODE_NOFILE)
- mode |= O_EXCL;
+ mode |= O_CREAT|O_EXCL;
+
+ /* heuristic: if files are linked, this is actually gdbm */
+ if (std.st_dev == stp.st_dev && std.st_ino == stp.st_ino)
+ {
+ syserr("dbm map \"%s\": cannot support GDBM",
+ map->map_mname);
+ return FALSE;
+ }
#if LOCK_ON_OPEN
if (mode == O_RDONLY)
mode |= O_SHLOCK;
else
- mode |= O_CREAT|O_TRUNC|O_EXLOCK;
+ mode |= O_TRUNC|O_EXLOCK;
#else
if ((mode & O_ACCMODE) == O_RDWR)
{
@@ -804,7 +805,7 @@ ndbm_map_open(map, mode)
** but there isn't anything we can do about it.
*/
- mode |= O_CREAT|O_TRUNC;
+ mode |= O_TRUNC;
# else
/*
** This ugly code opens the map without truncating it,
@@ -815,29 +816,57 @@ ndbm_map_open(map, mode)
int dirfd;
int pagfd;
- dirfd = safeopen(dirfile, mode|O_CREAT, DBMMODE,
+ dirfd = safeopen(dirfile, mode, DBMMODE,
SFF_NOLINK|SFF_CREAT|SFF_OPENASROOT);
- pagfd = safeopen(pagfile, mode|O_CREAT, DBMMODE,
+ pagfd = safeopen(pagfile, mode, DBMMODE,
SFF_NOLINK|SFF_CREAT|SFF_OPENASROOT);
if (dirfd < 0 || pagfd < 0)
{
+ int save_errno = errno;
+
+ if (dirfd >= 0)
+ (void) close(dirfd);
+ if (pagfd >= 0)
+ (void) close(pagfd);
+ errno = save_errno;
syserr("ndbm_map_open: cannot create database %s",
map->map_file);
- close(dirfd);
- close(pagfd);
return FALSE;
}
- if (ftruncate(dirfd, (off_t) 0) < 0)
- syserr("ndbm_map_open: cannot truncate %s.dir",
+ if (ftruncate(dirfd, (off_t) 0) < 0 ||
+ ftruncate(pagfd, (off_t) 0) < 0)
+ {
+ int save_errno = errno;
+
+ (void) close(dirfd);
+ (void) close(pagfd);
+ errno = save_errno;
+ syserr("ndbm_map_open: cannot truncate %s.{dir,pag}",
map->map_file);
- if (ftruncate(pagfd, (off_t) 0) < 0)
- syserr("ndbm_map_open: cannot truncate %s.pag",
+ return FALSE;
+ }
+
+ /* if new file, get "before" bits for later filechanged check */
+ if (std.st_mode == ST_MODE_NOFILE &&
+ (fstat(dirfd, &std) < 0 || fstat(pagfd, &stp) < 0))
+ {
+ int save_errno = errno;
+
+ (void) close(dirfd);
+ (void) close(pagfd);
+ errno = save_errno;
+ syserr("ndbm_map_open(%s.{dir,pag}): cannot fstat pre-opened file",
map->map_file);
+ return FALSE;
+ }
/* have to save the lock for the duration (bletch) */
map->map_lockfd = dirfd;
close(pagfd);
+
+ /* twiddle bits for dbm_open */
+ mode &= ~(O_CREAT|O_EXCL);
# endif
}
#endif
@@ -846,37 +875,46 @@ ndbm_map_open(map, mode)
dbm = dbm_open(map->map_file, mode, DBMMODE);
if (dbm == NULL)
{
+ int save_errno = errno;
+
if (bitset(MF_ALIAS, map->map_mflags) &&
aliaswait(map, ".pag", FALSE))
return TRUE;
- if (!bitset(MF_OPTIONAL, map->map_mflags))
- syserr("Cannot open DBM database %s", map->map_file);
#if !LOCK_ON_OPEN && !NOFTRUNCATE
if (map->map_lockfd >= 0)
close(map->map_lockfd);
#endif
+ errno = save_errno;
+ if (!bitset(MF_OPTIONAL, map->map_mflags))
+ syserr("Cannot open DBM database %s", map->map_file);
return FALSE;
}
- if (filechanged(dirfile, dbm_dirfno(dbm), &std, sff) ||
- filechanged(pagfile, dbm_pagfno(dbm), &stp, sff))
+ dfd = dbm_dirfno(dbm);
+ pfd = dbm_pagfno(dbm);
+ if (filechanged(dirfile, dfd, &std, sff) ||
+ filechanged(pagfile, pfd, &stp, sff))
{
- syserr("ndbm_map_open(%s): file changed after open",
- map->map_file);
+ int save_errno = errno;
+
dbm_close(dbm);
#if !LOCK_ON_OPEN && !NOFTRUNCATE
if (map->map_lockfd >= 0)
close(map->map_lockfd);
#endif
+ errno = save_errno;
+ syserr("ndbm_map_open(%s): file changed after open",
+ map->map_file);
return FALSE;
}
- map->map_db1 = (void *) dbm;
- fd = dbm_dirfno((DBM *) map->map_db1);
+ map->map_db1 = (ARBPTR_T) dbm;
if (mode == O_RDONLY)
{
#if LOCK_ON_OPEN
- if (fd >= 0)
- (void) lockfile(fd, map->map_file, ".pag", LOCK_UN);
+ if (dfd >= 0)
+ (void) lockfile(dfd, map->map_file, ".dir", LOCK_UN);
+ if (pfd >= 0)
+ (void) lockfile(pfd, map->map_file, ".pag", LOCK_UN);
#endif
if (bitset(MF_ALIAS, map->map_mflags) &&
!aliaswait(map, ".pag", TRUE))
@@ -886,14 +924,14 @@ ndbm_map_open(map, mode)
{
map->map_mflags |= MF_LOCKED;
}
- if (fstat(dbm_dirfno((DBM *) map->map_db1), &st) >= 0)
+ if (fstat(dfd, &st) >= 0)
map->map_mtime = st.st_mtime;
return TRUE;
}
/*
-** DBM_MAP_LOOKUP -- look up a datum in a DBM-type map
+** NDBM_MAP_LOOKUP -- look up a datum in a DBM-type map
*/
char *
@@ -951,7 +989,7 @@ ndbm_map_lookup(map, name, av, statp)
/*
-** DBM_MAP_STORE -- store a datum in the database
+** NDBM_MAP_STORE -- store a datum in the database
*/
void
@@ -994,7 +1032,7 @@ ndbm_map_store(map, lhs, rhs)
if (stat > 0)
{
if (!bitset(MF_APPEND, map->map_mflags))
- usrerr("050 Warning: duplicate alias name %s", lhs);
+ message("050 Warning: duplicate alias name %s", lhs);
else
{
static char *buf = NULL;
@@ -1157,7 +1195,6 @@ db_map_open(map, mode, mapclassname, dbtype, openinfo)
int fd;
int sff;
int saveerrno;
- bool leavelocked = bitset(O_LEAVELOCKED, mode);
struct stat st;
char buf[MAXNAME + 1];
@@ -1170,10 +1207,10 @@ db_map_open(map, mode, mapclassname, dbtype, openinfo)
mode &= O_ACCMODE;
omode = mode;
- sff = SFF_ROOTOK|SFF_REGONLY|SFF_CREAT;
+ sff = SFF_ROOTOK|SFF_REGONLY;
if (mode == O_RDWR)
{
- sff |= SFF_NOLINK;
+ sff |= SFF_NOLINK|SFF_CREAT;
smode = S_IWRITE;
}
else
@@ -1187,28 +1224,26 @@ db_map_open(map, mode, mapclassname, dbtype, openinfo)
{
/* cannot open this map */
if (tTd(38, 2))
- printf("\tunsafe map file: %d\n", i);
+ printf("\tunsafe map file: %s\n", errstring(i));
+ errno = i;
if (!bitset(MF_OPTIONAL, map->map_mflags))
syserr("%s map \"%s\": unsafe map file %s",
mapclassname, map->map_mname, map->map_file);
return FALSE;
}
if (st.st_mode == ST_MODE_NOFILE)
- omode |= O_EXCL;
+ omode |= O_CREAT|O_EXCL;
map->map_lockfd = -1;
#if LOCK_ON_OPEN
if (mode == O_RDWR)
- omode |= O_CREAT|O_TRUNC|O_EXLOCK;
+ omode |= O_TRUNC|O_EXLOCK;
# if !OLD_NEWDB
else
omode |= O_SHLOCK;
# endif
#else
- if (mode == O_RDWR)
- omode |= O_CREAT;
-
/*
** Pre-lock the file to avoid race conditions. In particular,
** since dbopen returns NULL if the file is zero length, we
@@ -1216,26 +1251,51 @@ db_map_open(map, mode, mapclassname, dbtype, openinfo)
*/
fd = open(buf, omode, DBMMODE);
-
if (fd < 0)
{
if (!bitset(MF_OPTIONAL, map->map_mflags))
syserr("db_map_open: cannot pre-open database %s", buf);
- close(fd);
return FALSE;
}
- if (!lockfile(fd, map->map_file, ".db",
- mode == O_RDONLY ? LOCK_SH : LOCK_EX))
+
+ /* make sure no baddies slipped in just before the open... */
+ if (filechanged(buf, fd, &st, sff))
+ {
+ int save_errno = errno;
+
+ (void) close(fd);
+ errno = save_errno;
+ syserr("db_map_open(%s): file changed after pre-open", buf);
+ return FALSE;
+ }
+
+ /* if new file, get the "before" bits for later filechanged check */
+ if (st.st_mode == ST_MODE_NOFILE && fstat(fd, &st) < 0)
+ {
+ int save_errno = errno;
+
+ (void) close(fd);
+ errno = save_errno;
+ syserr("db_map_open(%s): cannot fstat pre-opened file",
+ buf);
+ return FALSE;
+ }
+
+ /* actually lock the pre-opened file */
+ if (!lockfile(fd, buf, NULL, mode == O_RDONLY ? LOCK_SH : LOCK_EX))
syserr("db_map_open: cannot lock %s", buf);
+
+ /* set up mode bits for dbopen */
if (mode == O_RDWR)
omode |= O_TRUNC;
+ omode &= ~(O_EXCL|O_CREAT);
#endif
db = dbopen(buf, omode, DBMMODE, dbtype, openinfo);
saveerrno = errno;
#if !LOCK_ON_OPEN
- if (leavelocked || mode == O_RDWR)
+ if (mode == O_RDWR)
map->map_lockfd = fd;
else
(void) close(fd);
@@ -1246,25 +1306,28 @@ db_map_open(map, mode, mapclassname, dbtype, openinfo)
if (mode == O_RDONLY && bitset(MF_ALIAS, map->map_mflags) &&
aliaswait(map, ".db", FALSE))
return TRUE;
- errno = saveerrno;
- if (!bitset(MF_OPTIONAL, map->map_mflags))
- syserr("Cannot open %s database %s",
- mapclassname, map->map_file);
#if !LOCK_ON_OPEN
if (map->map_lockfd >= 0)
(void) close(map->map_lockfd);
#endif
+ errno = saveerrno;
+ if (!bitset(MF_OPTIONAL, map->map_mflags))
+ syserr("Cannot open %s database %s",
+ mapclassname, map->map_file);
return FALSE;
}
if (filechanged(buf, db->fd(db), &st, sff))
{
- syserr("db_map_open(%s): file changed after open", buf);
+ int save_errno = errno;
+
db->close(db);
#if !LOCK_ON_OPEN
if (map->map_lockfd >= 0)
close(map->map_lockfd);
#endif
+ errno = save_errno;
+ syserr("db_map_open(%s): file changed after open", buf);
return FALSE;
}
@@ -1273,9 +1336,9 @@ db_map_open(map, mode, mapclassname, dbtype, openinfo)
#if !OLD_NEWDB
fd = db->fd(db);
# if LOCK_ON_OPEN
- if (fd >= 0 && mode == O_RDONLY && !leavelocked)
+ if (fd >= 0 && mode == O_RDONLY)
{
- (void) lockfile(fd, map->map_file, ".db", LOCK_UN);
+ (void) lockfile(fd, buf, NULL, LOCK_UN);
}
# endif
#endif
@@ -1291,7 +1354,7 @@ db_map_open(map, mode, mapclassname, dbtype, openinfo)
map->map_mtime = st.st_mtime;
#endif
- map->map_db2 = (void *) db;
+ map->map_db2 = (ARBPTR_T) db;
if (mode == O_RDONLY && bitset(MF_ALIAS, map->map_mflags) &&
!aliaswait(map, ".db", TRUE))
return FALSE;
@@ -1312,16 +1375,26 @@ db_map_lookup(map, name, av, statp)
{
DBT key, val;
register DB *db = (DB *) map->map_db2;
+ int i;
int st;
int saveerrno;
int fd;
struct stat stbuf;
char keybuf[MAXNAME + 1];
+ char buf[MAXNAME + 1];
if (tTd(38, 20))
printf("db_map_lookup(%s, %s)\n",
map->map_mname, name);
+ i = strlen(map->map_file);
+ if (i > MAXNAME)
+ i = MAXNAME;
+ strncpy(buf, map->map_file, i);
+ buf[i] = '\0';
+ if (i > 3 && strcmp(&buf[i - 3], ".db") == 0)
+ buf[i - 3] = '\0';
+
key.size = strlen(name);
if (key.size > sizeof keybuf - 1)
key.size = sizeof keybuf - 1;
@@ -1331,9 +1404,10 @@ db_map_lookup(map, name, av, statp)
if (!bitset(MF_NOFOLDCASE, map->map_mflags))
makelower(keybuf);
#if !OLD_NEWDB
+ lockdb:
fd = db->fd(db);
if (fd >= 0 && !bitset(MF_LOCKED, map->map_mflags))
- (void) lockfile(fd, map->map_file, ".db", LOCK_SH);
+ (void) lockfile(fd, buf, ".db", LOCK_SH);
if (fd < 0 || fstat(fd, &stbuf) < 0 || stbuf.st_mtime > map->map_mtime)
{
/* Reopen the database to sync the cache */
@@ -1342,14 +1416,13 @@ db_map_lookup(map, name, av, statp)
map->map_class->map_close(map);
map->map_mflags &= ~(MF_OPEN|MF_WRITABLE);
- omode |= O_LEAVELOCKED;
if (map->map_class->map_open(map, omode))
{
map->map_mflags |= MF_OPEN;
if ((omode && O_ACCMODE) == O_RDWR)
map->map_mflags |= MF_WRITABLE;
db = (DB *) map->map_db2;
- fd = db->fd(db);
+ goto lockdb;
}
else
{
@@ -1385,7 +1458,7 @@ db_map_lookup(map, name, av, statp)
saveerrno = errno;
#if !OLD_NEWDB
if (fd >= 0 && !bitset(MF_LOCKED, map->map_mflags))
- (void) lockfile(fd, map->map_file, ".db", LOCK_UN);
+ (void) lockfile(fd, buf, ".db", LOCK_UN);
#endif
if (st != 0)
{
@@ -1446,7 +1519,7 @@ db_map_store(map, lhs, rhs)
if (stat > 0)
{
if (!bitset(MF_APPEND, map->map_mflags))
- usrerr("050 Warning: duplicate alias name %s", lhs);
+ message("050 Warning: duplicate alias name %s", lhs);
else
{
static char *buf = NULL;
@@ -1500,13 +1573,19 @@ db_map_close(map)
db_map_store(map, "@", "@");
}
- if (db->close(db) != 0)
- syserr("readaliases: db close failure");
+#if OLD_NEWDB
+ (void) db->sync(db);
+#else
+ (void) db->sync(db, 0);
+#endif
#if !LOCK_ON_OPEN
if (map->map_lockfd >= 0)
(void) close(map->map_lockfd);
#endif
+
+ if (db->close(db) != 0)
+ syserr("readaliases: db close failure");
}
#endif
@@ -2735,6 +2814,123 @@ ldap_map_parseargs(map,args)
#endif /* LDAP Modules */
/*
+** syslog map
+*/
+
+#if _FFR_SYSLOG_MAP
+
+#define map_prio map_lockfd /* overload field */
+
+/*
+** SYSLOG_MAP_PARSEARGS -- check for priority level to syslog messages.
+*/
+
+bool
+syslog_map_parseargs(map, args)
+ MAP *map;
+ char *args;
+{
+ char *p = args;
+ char *priority = NULL;
+
+ for (;;)
+ {
+ while (isascii(*p) && isspace(*p))
+ p++;
+ if (*p != '-')
+ break;
+ if (*++p == 'L')
+ priority = ++p;
+ while (*p != '\0' && !(isascii(*p) && isspace(*p)))
+ p++;
+ if (*p != '\0')
+ *p++ = '\0';
+ }
+
+ if (priority == NULL)
+ map->map_prio = LOG_INFO;
+ else
+ {
+ if (strncasecmp("LOG_", priority, 4) == 0)
+ priority += 4;
+
+#ifdef LOG_EMERG
+ if (strcasecmp("EMERG", priority) == 0)
+ map->map_prio = LOG_EMERG;
+ else
+#endif
+#ifdef LOG_ALERT
+ if (strcasecmp("ALERT", priority) == 0)
+ map->map_prio = LOG_ALERT;
+ else
+#endif
+#ifdef LOG_CRIT
+ if (strcasecmp("CRIT", priority) == 0)
+ map->map_prio = LOG_CRIT;
+ else
+#endif
+#ifdef LOG_ERR
+ if (strcasecmp("ERR", priority) == 0)
+ map->map_prio = LOG_ERR;
+ else
+#endif
+#ifdef LOG_WARNING
+ if (strcasecmp("WARNING", priority) == 0)
+ map->map_prio = LOG_WARNING;
+ else
+#endif
+#ifdef LOG_NOTICE
+ if (strcasecmp("NOTICE", priority) == 0)
+ map->map_prio = LOG_NOTICE;
+ else
+#endif
+#ifdef LOG_INFO
+ if (strcasecmp("INFO", priority) == 0)
+ map->map_prio = LOG_INFO;
+ else
+#endif
+#ifdef LOG_DEBUG
+ if (strcasecmp("DEBUG", priority) == 0)
+ map->map_prio = LOG_DEBUG;
+ else
+#endif
+ {
+ syserr("syslog_map_parseargs: Unknown priority %s\n",
+ priority);
+ return FALSE;
+ }
+ }
+ return TRUE;
+}
+
+/*
+** SYSLOG_MAP_LOOKUP -- rewrite and syslog message. Always return empty string
+*/
+
+char *
+syslog_map_lookup(map, string, args, statp)
+ MAP *map;
+ char *string;
+ char **args;
+ int *statp;
+{
+ char *ptr = map_rewrite(map, string, strlen(string), args);
+
+ if (ptr != NULL)
+ {
+ if (tTd(38, 20))
+ printf("syslog_map_lookup(%s (priority %d): %s\n",
+ map->map_mname, map->map_prio, ptr);
+
+ sm_syslog(map->map_prio, CurEnv->e_id, "%s", ptr);
+ }
+
+ *statp = EX_OK;
+ return "";
+}
+
+#endif /* _FFR_SYSLOG_MAP */
+ /*
** HESIOD Modules
*/
diff --git a/usr.sbin/sendmail/src/mci.c b/usr.sbin/sendmail/src/mci.c
index f8ba789ff8a0..929d82d463a3 100644
--- a/usr.sbin/sendmail/src/mci.c
+++ b/usr.sbin/sendmail/src/mci.c
@@ -33,7 +33,7 @@
*/
#ifndef lint
-static char sccsid[] = "@(#)mci.c 8.62 (Berkeley) 5/29/97";
+static char sccsid[] = "@(#)mci.c 8.66 (Berkeley) 8/2/97";
#endif /* not lint */
#include "sendmail.h"
@@ -330,10 +330,10 @@ mci_get(host, m)
{
/* get peer host address for logging reasons only */
/* (this should really be in the mci struct) */
- int socksize = sizeof CurHostAddr;
+ SOCKADDR_LEN_T socklen = sizeof CurHostAddr;
(void) getpeername(fileno(mci->mci_in),
- (struct sockaddr *) &CurHostAddr, &socksize);
+ (struct sockaddr *) &CurHostAddr, &socklen);
}
# endif
}
@@ -571,7 +571,7 @@ mci_lock_host_statfile(mci)
goto cleanup;
}
- mci->mci_statfile = safefopen(fname, O_RDWR|O_CREAT, FileMode,
+ mci->mci_statfile = safefopen(fname, O_RDWR, FileMode,
SFF_NOLOCK|SFF_NOLINK|SFF_OPENASROOT|SFF_REGONLY|SFF_CREAT);
if (mci->mci_statfile == NULL)
@@ -694,7 +694,7 @@ mci_load_persistent(mci)
}
fp = safefopen(fname, O_RDONLY, FileMode,
- SFF_NOLOCK|SFF_NOLINK|SFF_OPENASROOT|SFF_REGONLY);
+ SFF_NOLINK|SFF_OPENASROOT|SFF_REGONLY);
if (fp == NULL)
{
/* I can't think of any reason this should ever happen */
diff --git a/usr.sbin/sendmail/src/parseaddr.c b/usr.sbin/sendmail/src/parseaddr.c
index 258e0a9f6abf..75b90898f218 100644
--- a/usr.sbin/sendmail/src/parseaddr.c
+++ b/usr.sbin/sendmail/src/parseaddr.c
@@ -33,7 +33,7 @@
*/
#ifndef lint
-static char sccsid[] = "@(#)parseaddr.c 8.128 (Berkeley) 6/14/97";
+static char sccsid[] = "@(#)parseaddr.c 8.130 (Berkeley) 8/2/97";
#endif /* not lint */
# include "sendmail.h"
@@ -2349,7 +2349,6 @@ rscheck(rwset, p1, p2, e)
auto ADDRESS a1;
bool saveQuickAbort = QuickAbort;
bool saveSuprErrs = SuprErrs;
- bool saveOnlyOneError = OnlyOneError;
char buf0[MAXLINE];
char pvpbuf[PSBUFSIZE];
extern char MsgBuf[];
@@ -2387,7 +2386,7 @@ rscheck(rwset, p1, p2, e)
(void) snprintf(buf, bufsize, "%s", p1);
}
SuprErrs = TRUE;
- OnlyOneError = QuickAbort = FALSE;
+ QuickAbort = FALSE;
pvp = prescan(buf, '\0', pvpbuf, sizeof pvpbuf, NULL, NULL);
SuprErrs = saveSuprErrs;
if (pvp == NULL)
@@ -2413,25 +2412,38 @@ rscheck(rwset, p1, p2, e)
if (LogLevel >= 4)
{
- if (p2 == NULL)
- sm_syslog(LOG_NOTICE, e->e_id,
- "Ruleset %s (%s) rejection: %s",
- rwset, p1, MsgBuf);
- else
- sm_syslog(LOG_NOTICE, e->e_id,
- "Ruleset %s (%s, %s) rejection: %s",
- rwset, p1, p2, MsgBuf);
+ char *relay;
+ char *p;
+ char lbuf[MAXLINE];
+
+ p = lbuf;
+ if (p2 != NULL)
+ {
+ snprintf(p, SPACELEFT(lbuf, p),
+ ", arg2=%s",
+ p2);
+ p += strlen(p);
+ }
+ if ((relay = macvalue('_', e)) != NULL)
+ {
+ snprintf(p, SPACELEFT(lbuf, p),
+ ", relay=%s", relay);
+ p += strlen(p);
+ }
+ *p = '\0';
+ sm_syslog(LOG_NOTICE, e->e_id,
+ "ruleset=%s, arg1=%s%s, reject=%s",
+ rwset, p1, lbuf, MsgBuf);
}
finis:
/* clean up */
QuickAbort = saveQuickAbort;
- OnlyOneError = saveOnlyOneError;
setstat(rstat);
if (buf != buf0)
free(buf);
- if (rstat != EX_OK && (QuickAbort || (OnlyOneError && !HoldErrs)))
+ if (rstat != EX_OK && QuickAbort)
longjmp(TopFrame, 2);
return rstat;
}
diff --git a/usr.sbin/sendmail/src/queue.c b/usr.sbin/sendmail/src/queue.c
index 13965de01be2..1d812b8f50d6 100644
--- a/usr.sbin/sendmail/src/queue.c
+++ b/usr.sbin/sendmail/src/queue.c
@@ -36,9 +36,9 @@
#ifndef lint
#if QUEUE
-static char sccsid[] = "@(#)queue.c 8.169 (Berkeley) 6/14/97 (with queueing)";
+static char sccsid[] = "@(#)queue.c 8.174 (Berkeley) 7/23/97 (with queueing)";
#else
-static char sccsid[] = "@(#)queue.c 8.169 (Berkeley) 6/14/97 (without queueing)";
+static char sccsid[] = "@(#)queue.c 8.174 (Berkeley) 7/23/97 (without queueing)";
#endif
#endif /* not lint */
@@ -431,7 +431,9 @@ queueup(e, announce)
fprintf(tfp, ".\n");
- if (fflush(tfp) < 0 || fsync(fileno(tfp)) < 0 || ferror(tfp))
+ if (fflush(tfp) < 0 ||
+ (SuperSafe && fsync(fileno(tfp)) < 0) ||
+ ferror(tfp))
{
if (newid)
syserr("!552 Error writing control file %s", tf);
@@ -553,7 +555,6 @@ runqueue(forkflag, verbose)
extern ENVELOPE BlankEnvelope;
extern void clrdaemon __P((void));
extern void runqueueevent __P((void));
- extern void drop_privileges __P((void));
DoQueueRun = FALSE;
@@ -670,7 +671,7 @@ runqueue(forkflag, verbose)
/* drop privileges */
if (geteuid() == (uid_t) 0)
- drop_privileges();
+ (void) drop_privileges(FALSE);
/*
** Create ourselves an envelope
@@ -684,7 +685,7 @@ runqueue(forkflag, verbose)
if (forkflag)
{
disconnect(1, e);
- OnlyOneError = QuickAbort = FALSE;
+ QuickAbort = FALSE;
}
/*
@@ -1463,6 +1464,7 @@ dowork(id, forkflag, requeueflag, e)
{
if (tTd(40, 4))
printf("readqf(%s) failed\n", e->e_id);
+ e->e_id = NULL;
if (forkflag)
exit(EX_OK);
else
@@ -2325,13 +2327,17 @@ loseqfile(e, why)
char *why;
{
char *p;
- char buf[MAXQFNAME];
+ char buf[MAXQFNAME + 1];
if (e == NULL || e->e_id == NULL)
return;
- if (strlen(e->e_id) > (SIZE_T) sizeof buf - 4)
+ p = queuename(e, 'q');
+ if (strlen(p) > MAXQFNAME)
+ {
+ syserr("loseqfile: queuename (%s) too long", p);
return;
- strcpy(buf, queuename(e, 'q'));
+ }
+ strcpy(buf, p);
p = queuename(e, 'Q');
if (rename(buf, p) < 0)
syserr("cannot rename(%s, %s), uid=%d", buf, p, geteuid());
diff --git a/usr.sbin/sendmail/src/readcf.c b/usr.sbin/sendmail/src/readcf.c
index 23470e3ae40a..a1e42387fa89 100644
--- a/usr.sbin/sendmail/src/readcf.c
+++ b/usr.sbin/sendmail/src/readcf.c
@@ -33,7 +33,7 @@
*/
#ifndef lint
-static char sccsid[] = "@(#)readcf.c 8.196 (Berkeley) 5/29/97";
+static char sccsid[] = "@(#)readcf.c 8.200 (Berkeley) 8/2/97";
#endif /* not lint */
# include "sendmail.h"
@@ -105,13 +105,14 @@ readcf(cfname, safe, e)
char *file;
bool optional;
int mid;
- char buf[MAXLINE];
register char *p;
- extern char **copyplist();
+ int sff = SFF_OPENASROOT;
struct stat statb;
+ char buf[MAXLINE];
char exbuf[MAXLINE];
char pvpbuf[MAXLINE + MAXATOM];
static char *null_list[1] = { NULL };
+ extern char **copyplist __P((char **, bool));
extern char *munchstring __P((char *, char **, int));
extern void fileclass __P((int, char *, char *, bool, bool));
extern void toomany __P((int, int));
@@ -121,7 +122,9 @@ readcf(cfname, safe, e)
FileName = cfname;
LineNumber = 0;
- cf = safefopen(cfname, O_RDONLY, 0444, SFF_OPENASROOT|SFF_NOLOCK);
+ if (DontLockReadFiles)
+ sff |= SFF_NOLOCK;
+ cf = safefopen(cfname, O_RDONLY, 0444, sff);
if (cf == NULL)
{
syserr("cannot open");
@@ -438,11 +441,14 @@ readcf(cfname, safe, e)
break;
#endif
-#ifdef SUN_EXTENSIONS
+#if defined(SUN_EXTENSIONS) && defined(SUN_LOOKUP_MACRO)
case 'L': /* lookup macro */
case 'G': /* lookup class */
/* reserved for Sun -- NIS+ database lookup */
- goto badline;
+ if (VendorCode != VENDOR_SUN)
+ goto badline;
+ sun_lg_config_line(bp, e);
+ break;
#endif
case 'M': /* define mailer */
@@ -747,6 +753,8 @@ fileclass(class, filename, fmt, safe, optional)
sff = SFF_REGONLY|SFF_NOWLINK;
if (safe)
sff |= SFF_OPENASROOT;
+ if (DontLockReadFiles)
+ sff |= SFF_NOLOCK;
f = safefopen(filename, O_RDONLY, 0, sff);
}
if (f == NULL)
@@ -1505,6 +1513,14 @@ struct optioninfo
#define O_MAXRCPT 0xa3
{ "MaxRecipientPerMessage", O_MAXRCPT, FALSE },
#endif
+#if _FFR_DEADLETTERDROP_OPTION
+#define O_DEADLETTER 0xa4
+ { "DeadLetterDrop", O_DEADLETTER, FALSE },
+#endif
+#if _FFR_DONTLOCKFILESFORREAD_OPTION
+#define O_DONTLOCK 0xa5
+ { "DontLockFilesForRead", O_DONTLOCK, FALSE },
+#endif
{ NULL, '\0', FALSE }
};
@@ -1644,14 +1660,7 @@ setoption(opt, val, safe, sticky, e)
{
if (tTd(37, 1))
printf(" (unsafe)");
- if (RealUid != geteuid())
- {
- if (tTd(37, 1))
- printf("(Resetting uid)");
- endpwent();
- (void) setgid(RealGid);
- (void) setuid(RealUid);
- }
+ (void) drop_privileges(TRUE);
}
}
if (tTd(37, 1))
@@ -2256,7 +2265,10 @@ setoption(opt, val, safe, sticky, e)
}
}
if (isascii(*val) && isdigit(*val))
- RunAsUid = atoi(val);
+ {
+ if (RunAsUid == 0)
+ RunAsUid = atoi(val);
+ }
else
{
register struct passwd *pw;
@@ -2264,7 +2276,7 @@ setoption(opt, val, safe, sticky, e)
pw = sm_getpwnam(val);
if (pw == NULL)
syserr("readcf: option RunAsUser: unknown user %s", val);
- else
+ else if (RunAsUid == 0)
{
if (*p == '\0')
RunAsUserName = newstr(val);
@@ -2275,7 +2287,10 @@ setoption(opt, val, safe, sticky, e)
if (*p == '\0')
break;
if (isascii(*p) && isdigit(*p))
- RunAsGid = atoi(p);
+ {
+ if (RunAsGid == 0)
+ RunAsGid = atoi(p);
+ }
else
{
register struct group *gr;
@@ -2284,7 +2299,7 @@ setoption(opt, val, safe, sticky, e)
if (gr == NULL)
syserr("readcf: option RunAsUser: unknown group %s",
p);
- else
+ else if (RunAsGid == 0)
RunAsGid = gr->gr_gid;
}
break;
@@ -2326,6 +2341,20 @@ setoption(opt, val, safe, sticky, e)
break;
#endif
+#if _FFR_DEADLETTERDROP_OPTION
+ case O_DEADLETTER:
+ if (DeadLetterDrop != NULL)
+ free(DeadLetterDrop);
+ DeadLetterDrop = newstr(val);
+ break;
+#endif
+
+#if _FFR_DONTLOCKFILESFORREAD_OPTION
+ case O_DONTLOCK:
+ DontLockReadFiles = atobool(val);
+ break;
+#endif
+
default:
if (tTd(37, 1))
{
diff --git a/usr.sbin/sendmail/src/safefile.c b/usr.sbin/sendmail/src/safefile.c
index 08660347cafe..842a09f8ca86 100644
--- a/usr.sbin/sendmail/src/safefile.c
+++ b/usr.sbin/sendmail/src/safefile.c
@@ -33,7 +33,7 @@
*/
#ifndef lint
-static char sccsid[] = "@(#)safefile.c 8.12 (Berkeley) 6/14/97";
+static char sccsid[] = "@(#)safefile.c 8.18 (Berkeley) 8/1/97";
#endif /* not lint */
# include "sendmail.h"
@@ -108,6 +108,10 @@ safefile(fn, uid, gid, uname, flags, mode, st)
strcpy(fbuf, fn);
fn = fbuf;
+ /* ignore SFF_SAFEDIRPATH if we are debugging */
+ if (RealUid != 0 && RunAsUid == RealUid)
+ flags &= ~SFF_SAFEDIRPATH;
+
/* first check to see if the file exists at all */
#ifdef HASLSTAT
if ((bitset(SFF_NOSLINK, flags) ? lstat(fn, st)
@@ -464,6 +468,7 @@ safeopen(fn, omode, cmode, sff)
if (bitset(O_CREAT, omode))
sff |= SFF_CREAT;
+ omode &= ~O_CREAT;
smode = 0;
switch (omode & O_ACCMODE)
{
@@ -494,8 +499,8 @@ safeopen(fn, omode, cmode, sff)
errno = rval;
return -1;
}
- if (stb.st_mode == ST_MODE_NOFILE)
- omode |= O_EXCL;
+ if (stb.st_mode == ST_MODE_NOFILE && bitset(SFF_CREAT, sff))
+ omode |= O_EXCL|O_CREAT;
fd = dfopen(fn, omode, cmode, sff);
if (fd < 0)
@@ -561,10 +566,24 @@ safefopen(fn, omode, cmode, sff)
}
fd = safeopen(fn, omode, cmode, sff);
if (fd < 0)
+ {
+ if (tTd(44, 10))
+ printf("safefopen: safeopen failed: %s\n",
+ errstring(errno));
return NULL;
+ }
fp = fdopen(fd, fmode);
if (fp != NULL)
return fp;
+
+ if (tTd(44, 10))
+ {
+ printf("safefopen: fdopen(%s, %s) failed: omode=%x, sff=%x, err=%s\n",
+ fn, fmode, omode, sff, errstring(errno));
+#ifndef NOT_SENDMAIL
+ dumpfd(fd, TRUE, FALSE);
+#endif
+ }
(void) close(fd);
return NULL;
}
@@ -607,6 +626,9 @@ filechanged(fn, fd, stb, sff)
if (sta.st_nlink != stb->st_nlink ||
sta.st_dev != stb->st_dev ||
sta.st_ino != stb->st_ino ||
+#if HAS_ST_GEN && 0 /* AFS returns garbage in st_gen */
+ sta.st_gen != stb->st_gen ||
+#endif
sta.st_uid != stb->st_uid ||
sta.st_gid != stb->st_gid)
{
@@ -619,6 +641,10 @@ filechanged(fn, fd, stb, sff)
(long) stb->st_dev, (long) sta.st_dev);
printf(" ino = %ld/%ld\n",
(long) stb->st_ino, (long) sta.st_ino);
+#if HAS_ST_GEN
+ printf(" gen = %ld/%ld\n",
+ (long) stb->st_gen, (long) sta.st_gen);
+#endif
printf(" uid = %ld/%ld\n",
(long) stb->st_uid, (long) sta.st_uid);
printf(" gid = %ld/%ld\n",
diff --git a/usr.sbin/sendmail/src/savemail.c b/usr.sbin/sendmail/src/savemail.c
index 9cabcfa4b446..1d39df8c7678 100644
--- a/usr.sbin/sendmail/src/savemail.c
+++ b/usr.sbin/sendmail/src/savemail.c
@@ -33,7 +33,7 @@
*/
#ifndef lint
-static char sccsid[] = "@(#)savemail.c 8.110 (Berkeley) 4/7/97";
+static char sccsid[] = "@(#)savemail.c 8.114 (Berkeley) 8/2/97";
#endif /* not lint */
# include "sendmail.h"
@@ -70,10 +70,6 @@ static char sccsid[] = "@(#)savemail.c 8.110 (Berkeley) 4/7/97";
# define ESM_PANIC 6 /* leave the locked queue/transcript files */
# define ESM_DONE 7 /* the message is successfully delivered */
-# ifndef _PATH_VARTMP
-# define _PATH_VARTMP "/usr/tmp/"
-# endif
-
void
savemail(e, sendbody)
@@ -301,7 +297,8 @@ savemail(e, sendbody)
*/
q = NULL;
- if (sendtolist(DoubleBounceAddr, NULL, &q, 0, e) <= 0)
+ if (sendtolist(DoubleBounceAddr,
+ NULLADDR, &q, 0, e) <= 0)
{
syserr("553 cannot parse %s!", DoubleBounceAddr);
ExitStat = EX_SOFTWARE;
@@ -375,17 +372,16 @@ savemail(e, sendbody)
break;
}
- if (SafeFileEnv != NULL && SafeFileEnv[0] != '\0')
+ if ((SafeFileEnv != NULL && SafeFileEnv[0] != '\0') ||
+ DeadLetterDrop == NULL || DeadLetterDrop[0] == '\0')
{
state = ESM_PANIC;
break;
}
- snprintf(buf, sizeof buf, "%sdead.letter", _PATH_VARTMP);
-
flags = SFF_NOLINK|SFF_CREAT|SFF_REGONLY|SFF_OPENASROOT|SFF_MUSTOWN;
- if (!writable(buf, NULL, flags) ||
- (fp = safefopen(buf, O_WRONLY|O_CREAT|O_APPEND,
+ if (!writable(DeadLetterDrop, NULL, flags) ||
+ (fp = safefopen(DeadLetterDrop, O_WRONLY|O_APPEND,
FileMode, flags)) == NULL)
{
state = ESM_PANIC;
@@ -410,15 +406,15 @@ savemail(e, sendbody)
int oldverb = Verbose;
Verbose = 1;
- message("Saved message in %s", buf);
+ message("Saved message in %s", DeadLetterDrop);
Verbose = oldverb;
if (LogLevel > 3)
sm_syslog(LOG_NOTICE, e->e_id,
"Saved message in %s",
- buf);
+ DeadLetterDrop);
state = ESM_DONE;
}
- (void) xfclose(fp, "savemail", buf);
+ (void) xfclose(fp, "savemail", DeadLetterDrop);
break;
default:
@@ -758,8 +754,11 @@ errbody(mci, e, separator)
{
if (*ErrMsgFile == '/')
{
- xfile = safefopen(ErrMsgFile, O_RDONLY, 0444,
- SFF_ROOTOK|SFF_REGONLY);
+ int sff = SFF_ROOTOK|SFF_REGONLY;
+
+ if (DontLockReadFiles)
+ sff |= SFF_NOLOCK;
+ xfile = safefopen(ErrMsgFile, O_RDONLY, 0444, sff);
if (xfile != NULL)
{
while (fgets(buf, sizeof buf, xfile) != NULL)
diff --git a/usr.sbin/sendmail/src/sendmail.h b/usr.sbin/sendmail/src/sendmail.h
index 2eb40c8d6a98..00559ea1dffd 100644
--- a/usr.sbin/sendmail/src/sendmail.h
+++ b/usr.sbin/sendmail/src/sendmail.h
@@ -31,7 +31,7 @@
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
- * @(#)sendmail.h 8.236 (Berkeley) 6/5/97
+ * @(#)sendmail.h 8.242 (Berkeley) 8/2/97
*/
/*
@@ -41,7 +41,7 @@
# ifdef _DEFINE
# define EXTERN
# ifndef lint
-static char SmailSccsId[] = "@(#)sendmail.h 8.236 6/5/97";
+static char SmailSccsId[] = "@(#)sendmail.h 8.242 8/2/97";
# endif
# else /* _DEFINE */
# define EXTERN extern
@@ -94,6 +94,25 @@ static char SmailSccsId[] = "@(#)sendmail.h 8.236 6/5/97";
# endif
#endif
+/*
+** Following are "sort of" configuration constants, but they should
+** be pretty solid on most architectures today. They have to be
+** defined after <arpa/nameser.h> because some versions of that
+** file also define them. In all cases, we can't use sizeof because
+** some systems (e.g., Crays) always treat everything as being at
+** least 64 bits.
+*/
+
+#ifndef INADDRSZ
+# define INADDRSZ 4 /* size of an IPv4 address in bytes */
+#endif
+#ifndef INT16SZ
+# define INT16SZ 2 /* size of a 16 bit integer in bytes */
+#endif
+#ifndef INT32SZ
+# define INT32SZ 4 /* size of a 32 bit integer in bytes */
+#endif
+
/* forward references for prototypes */
@@ -426,7 +445,7 @@ extern void addheader __P((char *, char *, HDR **));
extern char *hvalue __P((char *, HDR *));
extern void commaize __P((HDR *, char *, bool, MCI *, ENVELOPE *));
extern void put_vanilla_header __P((HDR *, char *, MCI *));
-extern void eatheader __P((ENVELOPE *e, bool));
+extern void eatheader __P((ENVELOPE *, bool));
extern int chompheader __P((char *, bool, HDR **, ENVELOPE *));
/*
** Envelope structure.
@@ -1197,12 +1216,14 @@ EXTERN bool DoQueueRun; /* non-interrupt time queue run needed */
#if _FFR_DSN_RRT_OPTION
EXTERN bool RrtImpliesDsn; /* turn Return-Receipt-To: into DSN */
#endif
+EXTERN char *DeadLetterDrop; /* path to dead letter office */
EXTERN bool DontProbeInterfaces; /* don't probe interfaces for names */
EXTERN bool ChownAlwaysSafe; /* treat chown(2) as safe */
EXTERN bool IgnoreHostStatus; /* ignore long term host status files */
EXTERN bool SingleThreadDelivery; /* single thread hosts on delivery */
EXTERN bool UnsafeGroupWrites; /* group-writable files are unsafe */
EXTERN bool SingleLineFromHeader; /* force From: header to be one line */
+EXTERN bool DontLockReadFiles; /* don't read lock support files */
EXTERN int ConnRateThrottle; /* throttle for SMTP connection rate */
EXTERN int MaxAliasRecursion; /* maximum depth of alias recursion */
EXTERN int MaxMacroRecursion; /* maximum depth of macro recursion */
@@ -1396,6 +1417,8 @@ extern int prog_open __P((char **, int *, ENVELOPE *));
extern bool getcanonname __P((char *, int, bool));
extern bool path_is_dir __P((char *, bool));
extern pid_t dowork __P((char *, bool, bool, ENVELOPE *));
+extern int drop_privileges __P((bool));
+extern void fill_fd __P((int, char *));
extern const char *errstring __P((int));
extern sigfunc_t setsignal __P((int, sigfunc_t));
@@ -1419,7 +1442,7 @@ extern void syserr(const char *, ...);
extern void usrerr(const char *, ...);
extern void message(const char *, ...);
extern void nmessage(const char *, ...);
-extern void setproctitle(const char *fmt, ...);
+extern void setproctitle(const char *, ...);
extern void sm_syslog(int, const char *, const char *, ...);
#else
extern void auth_warning();
diff --git a/usr.sbin/sendmail/src/srvrsmtp.c b/usr.sbin/sendmail/src/srvrsmtp.c
index ca40a75c1c68..3255e83eeb80 100644
--- a/usr.sbin/sendmail/src/srvrsmtp.c
+++ b/usr.sbin/sendmail/src/srvrsmtp.c
@@ -36,9 +36,9 @@
#ifndef lint
#if SMTP
-static char sccsid[] = "@(#)srvrsmtp.c 8.146 (Berkeley) 6/11/97 (with SMTP)";
+static char sccsid[] = "@(#)srvrsmtp.c 8.154 (Berkeley) 8/2/97 (with SMTP)";
#else
-static char sccsid[] = "@(#)srvrsmtp.c 8.146 (Berkeley) 6/11/97 (without SMTP)";
+static char sccsid[] = "@(#)srvrsmtp.c 8.154 (Berkeley) 8/2/97 (without SMTP)";
#endif
#endif /* not lint */
@@ -154,6 +154,7 @@ smtp(nullserver, e)
volatile int n_helo = 0; /* count of HELO/EHLO commands */
bool ok;
int lognullconnection = TRUE;
+ register char *q;
char inp[MAXLINE];
char cmdbuf[MAXLINE];
extern ENVELOPE BlankEnvelope;
@@ -221,16 +222,7 @@ smtp(nullserver, e)
for (;;)
{
/* arrange for backout */
- if (setjmp(TopFrame) > 0)
- {
- /* if() nesting is necessary for Cray UNICOS */
- if (InChild)
- {
- QuickAbort = FALSE;
- SuprErrs = TRUE;
- finis();
- }
- }
+ (void) setjmp(TopFrame);
QuickAbort = FALSE;
HoldErrs = FALSE;
SuprErrs = FALSE;
@@ -375,51 +367,50 @@ smtp(nullserver, e)
cmdbuf);
break;
}
- else
- {
- register char *q;
- for (q = p; *q != '\0'; q++)
- {
- if (!isascii(*q))
- break;
- if (isalnum(*q))
- continue;
- if (isspace(*q))
- {
- *q = '\0';
- break;
- }
- if (strchr("[].-_#", *q) == NULL)
- break;
- }
- if (*q != '\0')
+ for (q = p; *q != '\0'; q++)
+ {
+ if (!isascii(*q))
+ break;
+ if (isalnum(*q))
+ continue;
+ if (isspace(*q))
{
- if (!AllowBogusHELO)
- usrerr("501 Invalid domain name");
- else
- {
- message("250 %s Invalid domain name, accepting anyway",
- MyHostName);
- gothello = TRUE;
- }
+ *q = '\0';
break;
}
+ if (strchr("[].-_#", *q) == NULL)
+ break;
+ }
+ if (*q == '\0')
+ {
+ q = "pleased to meet you";
+ sendinghost = newstr(p);
+ }
+ else if (!AllowBogusHELO)
+ {
+ usrerr("501 Invalid domain name");
+ break;
+ }
+ else
+ {
+ q = "accepting invalid domain name";
}
- sendinghost = newstr(p);
gothello = TRUE;
+
+ /* print HELO response message */
if (c->cmdcode != CMDEHLO)
{
- /* print old message and be done with it */
- message("250 %s Hello %s, pleased to meet you",
- MyHostName, CurSmtpClient);
+ message("250 %s Hello %s, %s",
+ MyHostName, CurSmtpClient, q);
break;
}
-
- /* print extended message and brag */
- message("250-%s Hello %s, pleased to meet you",
- MyHostName, CurSmtpClient);
+
+ message("250-%s Hello %s, %s",
+ MyHostName, CurSmtpClient, q);
+
+ /* print EHLO features list */
if (!bitset(PRIV_NOEXPN, PrivacyFlags))
{
message("250-EXPN");
@@ -446,23 +437,14 @@ smtp(nullserver, e)
SmtpPhase = "server MAIL";
/* check for validity of this command */
- if (!gothello)
+ if (!gothello && bitset(PRIV_NEEDMAILHELO, PrivacyFlags))
{
- /* set sending host to our known value */
- if (sendinghost == NULL)
- sendinghost = peerhostname;
-
- if (bitset(PRIV_NEEDMAILHELO, PrivacyFlags))
- {
- usrerr("503 Polite people say HELO first");
- break;
- }
+ usrerr("503 Polite people say HELO first");
+ break;
}
if (gotmail)
{
usrerr("503 Sender already specified");
- if (InChild)
- finis();
break;
}
if (InChild)
@@ -472,6 +454,10 @@ smtp(nullserver, e)
finis();
}
+ /* make sure we know who the sending host is */
+ if (sendinghost == NULL)
+ sendinghost = peerhostname;
+
p = skipword(p, "from");
if (p == NULL)
break;
@@ -479,6 +465,8 @@ smtp(nullserver, e)
/* fork a subprocess to process this command */
if (runinchild("SMTP-MAIL", e) > 0)
break;
+ if (Errors > 0)
+ goto undo_subproc_no_pm;
if (!gothello)
{
auth_warning(e,
@@ -500,6 +488,8 @@ smtp(nullserver, e)
define('r', protocol, e);
define('s', sendinghost, e);
initsys(e);
+ if (Errors > 0)
+ goto undo_subproc_no_pm;
nrcpts = 0;
e->e_flags |= EF_LOGSENDER|EF_CLRQUEUE;
setproctitle("%s %s: %.80s", e->e_id, CurSmtpClient, inp);
@@ -508,6 +498,8 @@ smtp(nullserver, e)
if (setjmp(TopFrame) > 0)
{
/* this failed -- undo work */
+ undo_subproc_no_pm:
+ e->e_flags &= ~EF_PM_NOTIFY;
undo_subproc:
if (InChild)
{
@@ -525,10 +517,13 @@ smtp(nullserver, e)
setsender(p, e, &delimptr, ' ', FALSE);
if (delimptr != NULL && *delimptr != '\0')
*delimptr++ = '\0';
+ if (Errors > 0)
+ goto undo_subproc_no_pm;
/* do config file checking of the sender */
- if (rscheck("check_mail", p, NULL, e) != EX_OK)
- goto undo_subproc;
+ if (rscheck("check_mail", p, NULL, e) != EX_OK ||
+ Errors > 0)
+ goto undo_subproc_no_pm;
/* check for possible spoofing */
if (RealUid != 0 && OpMode == MD_SMTP &&
@@ -579,20 +574,26 @@ smtp(nullserver, e)
vp == NULL ? "<null>" : vp);
mail_esmtp_args(kp, vp, e);
+ if (Errors > 0)
+ goto undo_subproc_no_pm;
}
+ if (Errors > 0)
+ goto undo_subproc_no_pm;
if (MaxMessageSize > 0 && e->e_msgsize > MaxMessageSize)
{
usrerr("552 Message size exceeds fixed maximum message size (%ld)",
MaxMessageSize);
- /* NOTREACHED */
+ goto undo_subproc_no_pm;
}
if (!enoughdiskspace(e->e_msgsize))
{
usrerr("452 Insufficient disk space; try again later");
- break;
+ goto undo_subproc_no_pm;
}
+ if (Errors > 0)
+ goto undo_subproc_no_pm;
message("250 Sender ok");
gotmail = TRUE;
break;
@@ -615,7 +616,7 @@ smtp(nullserver, e)
/* limit flooding of our machine */
if (MaxRcptPerMsg > 0 && nrcpts >= MaxRcptPerMsg)
{
- usrerr("450 Too many recipients");
+ usrerr("452 Too many recipients");
break;
}
@@ -626,13 +627,14 @@ smtp(nullserver, e)
if (p == NULL)
break;
a = parseaddr(p, NULLADDR, RF_COPYALL, ' ', &delimptr, e);
- if (a == NULL)
+ if (a == NULL || Errors > 0)
break;
if (delimptr != NULL && *delimptr != '\0')
*delimptr++ = '\0';
/* do config file checking of the recipient */
- if (rscheck("check_rcpt", p, NULL, e) != EX_OK)
+ if (rscheck("check_rcpt", p, NULL, e) != EX_OK ||
+ Errors > 0)
break;
/* now parse ESMTP arguments */
@@ -673,12 +675,15 @@ smtp(nullserver, e)
vp == NULL ? "<null>" : vp);
rcpt_esmtp_args(a, kp, vp, e);
+ if (Errors > 0)
+ break;
}
+ if (Errors > 0)
+ break;
/* save in recipient list after ESMTP mods */
a = recipient(a, &e->e_sendqueue, 0, e);
-
- if (Errors != 0)
+ if (Errors > 0)
break;
/* no errors during parsing, but might be a duplicate */
@@ -732,9 +737,12 @@ smtp(nullserver, e)
SmtpPhase = "collect";
buffer_errors();
collect(InChannel, TRUE, NULL, e);
- flush_errors(TRUE);
- if (Errors != 0)
+ if (Errors > 0)
+ {
+ flush_errors(TRUE);
+ buffer_errors();
goto abortmessage;
+ }
/* make sure we actually do delivery */
e->e_flags &= ~EF_CLRQUEUE;
@@ -781,13 +789,19 @@ smtp(nullserver, e)
message("250 %s Message accepted for delivery", id);
/* if we just queued, poke it */
- if (doublequeue && e->e_sendmode != SM_QUEUE &&
+ if (doublequeue &&
+ e->e_sendmode != SM_QUEUE &&
e->e_sendmode != SM_DEFER)
{
- extern pid_t dowork();
+ CurrentLA = getla();
+
+ if (!shouldqueue(e->e_msgpriority, e->e_ctime))
+ {
+ extern pid_t dowork();
- unlockqueue(e);
- (void) dowork(id, TRUE, TRUE, e);
+ unlockqueue(e);
+ (void) dowork(id, TRUE, TRUE, e);
+ }
}
abortmessage:
@@ -849,11 +863,15 @@ smtp(nullserver, e)
}
if (runinchild(vrfy ? "SMTP-VRFY" : "SMTP-EXPN", e) > 0)
break;
+ if (Errors > 0)
+ goto undo_subproc;
if (LogLevel > 5)
sm_syslog(LOG_INFO, e->e_id,
"%.100s: %s",
CurSmtpClient,
shortenstring(inp, 203));
+ if (setjmp(TopFrame) > 0)
+ goto undo_subproc;
vrfyqueue = NULL;
if (vrfy)
e->e_flags |= EF_VRFYONLY;
@@ -867,12 +885,8 @@ smtp(nullserver, e)
{
(void) sendtolist(p, NULLADDR, &vrfyqueue, 0, e);
}
- if (Errors != 0)
- {
- if (InChild)
- finis();
- break;
- }
+ if (Errors > 0)
+ goto undo_subproc;
if (vrfyqueue == NULL)
{
usrerr("554 Nothing to %s", vrfy ? "VRFY" : "EXPN");
@@ -916,7 +930,7 @@ smtp(nullserver, e)
QueueLimitRecipient = id;
ok = runqueue(TRUE, TRUE);
QueueLimitRecipient = NULL;
- if (ok)
+ if (ok && Errors == 0)
message("250 Queuing for node %s started", p);
break;
@@ -1427,12 +1441,15 @@ help(topic)
register FILE *hf;
int len;
bool noinfo;
+ int sff = SFF_OPENASROOT|SFF_REGONLY;
char buf[MAXLINE];
extern char Version[];
+ if (DontLockReadFiles)
+ sff |= SFF_NOLOCK;
if (HelpFile == NULL ||
- (hf = safefopen(HelpFile, O_RDONLY, 0444, SFF_OPENASROOT|SFF_REGONLY|SFF_NOLOCK)) == NULL)
+ (hf = safefopen(HelpFile, O_RDONLY, 0444, sff)) == NULL)
{
/* no help */
errno = 0;
diff --git a/usr.sbin/sendmail/src/util.c b/usr.sbin/sendmail/src/util.c
index 98435f3aa7fe..36592a007a8b 100644
--- a/usr.sbin/sendmail/src/util.c
+++ b/usr.sbin/sendmail/src/util.c
@@ -33,7 +33,7 @@
*/
#ifndef lint
-static char sccsid[] = "@(#)util.c 8.129 (Berkeley) 6/11/97";
+static char sccsid[] = "@(#)util.c 8.133 (Berkeley) 8/1/97";
#endif /* not lint */
# include "sendmail.h"
@@ -536,13 +536,14 @@ putxline(l, len, mci, pxflags)
int pxflags;
{
register char *p, *end;
- register char svchar;
int slop = 0;
/* strip out 0200 bits -- these can look like TELNET protocol */
if (bitset(MCIF_7BIT, mci->mci_flags) ||
bitset(PXLF_STRIP8BIT, pxflags))
{
+ register char svchar;
+
for (p = l; (svchar = *p) != '\0'; ++p)
if (bitset(0200, svchar))
*p = svchar &~ 0200;
@@ -563,10 +564,9 @@ putxline(l, len, mci, pxflags)
while (mci->mci_mailer->m_linelimit > 0 &&
(p - l + slop) > mci->mci_mailer->m_linelimit)
{
+ char *l_base = l;
register char *q = &l[mci->mci_mailer->m_linelimit - slop - 1];
- svchar = *q;
- *q = '\0';
if (l[0] == '.' && slop == 0 &&
bitnset(M_XDOT, mci->mci_mailer->m_flags))
{
@@ -583,19 +583,18 @@ putxline(l, len, mci, pxflags)
if (TrafficLogFile != NULL)
(void) putc('>', TrafficLogFile);
}
- fputs(l, mci->mci_out);
+ while (l < q)
+ (void) putc(*l++, mci->mci_out);
(void) putc('!', mci->mci_out);
fputs(mci->mci_mailer->m_eol, mci->mci_out);
(void) putc(' ', mci->mci_out);
if (TrafficLogFile != NULL)
{
- for ( ; l < q; ++l)
+ for (l = l_base; l < q; l++)
(void) putc(*l, TrafficLogFile);
fprintf(TrafficLogFile, "!\n%05d >>> ",
(int) getpid());
}
- *q = svchar;
- l = q;
slop = 1;
}
@@ -625,7 +624,7 @@ putxline(l, len, mci, pxflags)
if (TrafficLogFile != NULL)
(void) putc('\n', TrafficLogFile);
fputs(mci->mci_mailer->m_eol, mci->mci_out);
- if (*l == '\n')
+ if (l < end && *l == '\n')
{
if (*++l != ' ' && *l != '\t' && *l != '\0')
{
@@ -1062,21 +1061,7 @@ checkfd012(where)
struct stat stbuf;
for (i = 0; i < 3; i++)
- {
- if (fstat(i, &stbuf) < 0 && errno == EBADF)
- {
- /* oops.... */
- int fd;
-
- syserr("%s: fd %d not open", where, i);
- fd = open("/dev/null", i == 0 ? O_RDONLY : O_WRONLY, 0666);
- if (fd != i)
- {
- (void) dup2(fd, i);
- (void) close(fd);
- }
- }
- }
+ fill_fd(i, where);
#endif /* XDEBUG */
}
/*
@@ -1210,7 +1195,8 @@ dumpfd(fd, printclosed, logit)
#ifdef S_IFSOCK
SOCKADDR sa;
#endif
- auto int slen;
+ auto SOCKADDR_LEN_T slen;
+ int i;
struct stat st;
char buf[200];
extern char *hostnamebyanyaddr();
@@ -1235,10 +1221,10 @@ dumpfd(fd, printclosed, logit)
return;
}
- slen = fcntl(fd, F_GETFL, NULL);
- if (slen != -1)
+ i = fcntl(fd, F_GETFL, NULL);
+ if (i != -1)
{
- snprintf(p, SPACELEFT(buf, p), "fl=0x%x, ", slen);
+ snprintf(p, SPACELEFT(buf, p), "fl=0x%x, ", i);
p += strlen(p);
}
diff --git a/usr.sbin/sendmail/src/version.c b/usr.sbin/sendmail/src/version.c
index 6f6ffad0c8ea..c531c5bdf075 100644
--- a/usr.sbin/sendmail/src/version.c
+++ b/usr.sbin/sendmail/src/version.c
@@ -33,7 +33,7 @@
*/
#ifndef lint
-static char sccsid[] = "@(#)version.c 8.8.6.1 (Berkeley) 6/14/97";
+static char sccsid[] = "@(#)version.c 8.8.7.3 (Berkeley) 8/3/97";
#endif /* not lint */
-char Version[] = "8.8.6";
+char Version[] = "8.8.7";
diff --git a/usr.sbin/sendmail/test/t_exclopen.c b/usr.sbin/sendmail/test/t_exclopen.c
new file mode 100644
index 000000000000..54f7873f4b33
--- /dev/null
+++ b/usr.sbin/sendmail/test/t_exclopen.c
@@ -0,0 +1,91 @@
+/*
+** This program tests your system to see if you have the lovely
+** security-defeating semantics that an open with O_CREAT|O_EXCL
+** set will successfully open a file named by a symbolic link that
+** points to a non-existent file. Sadly, Posix is mute on what
+** should happen in this situation.
+**
+** Results to date:
+** AIX 3.2 OK
+** BSD family OK
+** BSD/OS 2.1 OK
+** FreeBSD 2.1 OK
+** DEC OSF/1 3.0 OK
+** HP-UX 9.04 FAIL
+** HP-UX 9.05 FAIL
+** HP-UX 9.07 OK
+** HP-UX 10.01 OK
+** HP-UX 10.10 OK
+** HP-UX 10.20 OK
+** Irix 5.3 OK
+** Irix 6.2 OK
+** Linux OK
+** NeXT 2.1 OK
+** Solaris 2.x OK
+** SunOS 4.x OK
+** Ultrix 4.3 OK
+*/
+
+#include <stdio.h>
+#include <errno.h>
+#include <sys/types.h>
+#include <sys/stat.h>
+#include <fcntl.h>
+
+char Attacker[128];
+char Attackee[128];
+
+main(argc, argv)
+ int argc;
+ char **argv;
+{
+ struct stat st;
+
+ sprintf(Attacker, "/tmp/attacker.%d.%ld", getpid(), time(NULL));
+ sprintf(Attackee, "/tmp/attackee.%d.%ld", getpid(), time(NULL));
+
+ if (symlink(Attackee, Attacker) < 0)
+ {
+ printf("Could not create %s->%s symlink: %d\n",
+ Attacker, Attackee, errno);
+ bail(1);
+ }
+ (void) unlink(Attackee);
+ if (stat(Attackee, &st) >= 0)
+ {
+ printf("%s already exists -- remove and try again.\n",
+ Attackee);
+ bail(1);
+ }
+ if (open(Attacker, O_WRONLY|O_CREAT|O_EXCL, 0644) < 0)
+ {
+ int saveerr = errno;
+
+ if (stat(Attackee, &st) >= 0)
+ {
+ printf("Weird. Open failed but %s was created anyhow (errno = %d)\n",
+ Attackee, saveerr);
+ bail(1);
+ }
+ printf("Good show! Exclusive open works properly with symbolic links (errno = %d).\n",
+ saveerr);
+ bail(0);
+ }
+ if (stat(Attackee, &st) < 0)
+ {
+ printf("Weird. Open succeeded but %s was not created\n",
+ Attackee);
+ bail(2);
+ }
+ printf("Bad news: you can do an exclusive open through a symbolic link\n");
+ printf("\tBe sure you #define BOGUS_O_EXCL in conf.h\n");
+ bail(1);
+}
+
+bail(stat)
+ int stat;
+{
+ (void) unlink(Attacker);
+ (void) unlink(Attackee);
+ exit(stat);
+}