introduce mda_mbox() to handle mbox delivery in its own code path, and make

it use execle() since we know all parameters and don't need command line to
be parsed.

ok millert@ and jung@

6 files changed, 84 insertions, 11 deletions

diff --git a/mda_mbox.c b/mda_mbox.c
new file mode 100644
index 00000000..e664bb3e
--- /dev/null
+++ b/mda_mbox.c
@@ -0,0 +1,64 @@
+/*	$OpenBSD: mda_mbox.c,v 1.1 2020/01/31 22:01:20 gilles Exp $	*/
+
+/*
+ * Copyright (c) 2018 Gilles Chehade <gilles@poolp.org>
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+
+#include <sys/types.h>
+#include <sys/queue.h>
+#include <sys/tree.h>
+#include <sys/socket.h>
+
+#include <err.h>
+#include <errno.h>
+#include <event.h>
+#include <imsg.h>
+#include <paths.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <unistd.h>
+#include <limits.h>
+
+#include "smtpd.h"
+
+
+void
+mda_mbox(struct deliver *deliver)
+{
+	int		ret;
+	char		sender[LINE_MAX];
+	char		*envp[] = {
+		"HOME=/",
+		"PATH=" _PATH_DEFPATH,
+		"LOGNAME=root",
+		"USER=root",
+		NULL,
+	};
+
+	if (deliver->sender.user[0] == '\0' &&
+	    deliver->sender.domain[0] == '\0')
+		ret = snprintf(sender, sizeof sender, "MAILER-DAEMON");
+	else
+		ret = snprintf(sender, sizeof sender, "%s@%s",
+			       deliver->sender.user, deliver->sender.domain);
+	if (ret < 0 || (size_t)ret >= sizeof sender)
+		errx(1, "sender address too long");
+
+	execle(PATH_MAILLOCAL, PATH_MAILLOCAL, "-f",
+	       sender, deliver->userinfo.username, (char *)NULL, envp);
+	perror("execl");
+	_exit(1);
+}
diff --git a/parse.y b/parse.y
index ef332a7f..eaa465ae 100644
--- a/parse.y
+++ b/parse.y
@@ -1,4 +1,4 @@
-/*	$OpenBSD: parse.y,v 1.273 2020/01/08 01:41:11 gilles Exp $	*/
+/*	$OpenBSD: parse.y,v 1.274 2020/01/31 22:01:20 gilles Exp $	*/
 
 /*
  * Copyright (c) 2008 Gilles Chehade <gilles@poolp.org>
@@ -566,7 +566,7 @@ SRS KEY STRING {
 
 dispatcher_local_option:
 USER STRING {
-	if (dispatcher->u.local.requires_root) {
+	if (dispatcher->u.local.is_mbox) {
 		yyerror("user may not be specified for this dispatcher");
 		YYERROR;
 	}
@@ -662,9 +662,9 @@ dispatcher_local_option dispatcher_local_options
 
 dispatcher_local:
 MBOX {
-	dispatcher->u.local.requires_root = 1;
+	dispatcher->u.local.is_mbox = 1;
 	dispatcher->u.local.user = xstrdup("root");
-	asprintf(&dispatcher->u.local.command, "/usr/libexec/mail.local -f %%{mbox.from} %%{user.username}");
+	asprintf(&dispatcher->u.local.command, "/usr/libexec/mail.local -f %%{mbox.from} -- %%{user.username}");
 } dispatcher_local_options
 | MAILDIR {
 	asprintf(&dispatcher->u.local.command, "/usr/libexec/mail.maildir");
diff --git a/smtpd-defines.h b/smtpd-defines.h
index 3b9038cd..abdb208e 100644
--- a/smtpd-defines.h
+++ b/smtpd-defines.h
@@ -1,4 +1,4 @@
-/*	$OpenBSD: smtpd-defines.h,v 1.10 2018/12/27 15:41:50 gilles Exp $	*/
+/*	$OpenBSD: smtpd-defines.h,v 1.11 2020/01/31 22:01:20 gilles Exp $	*/
 
 /*
  * Copyright (c) 2013 Gilles Chehade <gilles@poolp.org>
@@ -37,6 +37,7 @@
 #define SMTPD_QUEUE_USER	"_smtpq"
 #define SMTPD_QUEUE_GROUP	"_smtpq"
 #define PATH_SPOOL		"/var/spool/smtpd"
+#define	PATH_MAILLOCAL		"/usr/libexec/mail.local"
 
 #define SUBADDRESSING_DELIMITER	"+"
 
diff --git a/smtpd.c b/smtpd.c
index 2b5d0ebb..98b73422 100644
--- a/smtpd.c
+++ b/smtpd.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: smtpd.c,v 1.328 2019/12/18 10:00:39 gilles Exp $	*/
+/*	$OpenBSD: smtpd.c,v 1.329 2020/01/31 22:01:20 gilles Exp $	*/
 
 /*
  * Copyright (c) 2008 Gilles Chehade <gilles@poolp.org>
@@ -1444,7 +1444,7 @@ forkmda(struct mproc *p, uint64_t id, struct deliver *deliver)
 		pw_dir = deliver->userinfo.directory;
 	}
 
-	if (pw_uid == 0 && !dsp->u.local.requires_root) {
+	if (pw_uid == 0 && !dsp->u.local.is_mbox) {
 		(void)snprintf(ebuf, sizeof ebuf, "not allowed to deliver to: %s",
 		    deliver->userinfo.username);
 		m_create(p_pony, IMSG_MDA_DONE, 0, 0, -1);
@@ -1534,7 +1534,10 @@ forkmda(struct mproc *p, uint64_t id, struct deliver *deliver)
 	/* avoid hangs by setting 5m timeout */
 	alarm(300);
 
-	mda_unpriv(dsp, deliver, pw_name, pw_dir);
+	if (dsp->u.local.is_mbox && dsp->u.local.mda_wrapper == NULL)
+		mda_mbox(deliver);
+	else
+		mda_unpriv(dsp, deliver, pw_name, pw_dir);
 }
 
 static void
diff --git a/smtpd.h b/smtpd.h
index 11a1fd17..619cf2c7 100644
--- a/smtpd.h
+++ b/smtpd.h
@@ -1,4 +1,4 @@
-/*	$OpenBSD: smtpd.h,v 1.651 2020/01/30 13:10:06 solene Exp $	*/
+/*	$OpenBSD: smtpd.h,v 1.652 2020/01/31 22:01:20 gilles Exp $	*/
 
 /*
  * Copyright (c) 2008 Gilles Chehade <gilles@poolp.org>
@@ -1152,7 +1152,7 @@ enum dispatcher_type {
 };
 
 struct dispatcher_local {
-	uint8_t requires_root;	/* only for MBOX */
+	uint8_t is_mbox;	/* only for MBOX */
 
 	uint8_t	expand_only;
 	uint8_t	forward_only;
@@ -1418,6 +1418,10 @@ void mda_postprivdrop(void);
 void mda_imsg(struct mproc *, struct imsg *);
 
 
+/* mda_mbox.c */
+void mda_mbox(struct deliver *);
+
+
 /* mda_unpriv.c */
 void mda_unpriv(struct dispatcher *, struct deliver *, const char *, const char *);
 
diff --git a/smtpd/Makefile b/smtpd/Makefile
index b6f08933..8a9474e3 100644
--- a/smtpd/Makefile
+++ b/smtpd/Makefile
@@ -1,4 +1,4 @@
-#	$OpenBSD: Makefile,v 1.106 2019/12/13 12:43:56 gilles Exp $
+#	$OpenBSD: Makefile,v 1.107 2020/01/31 22:01:20 gilles Exp $
 
 .PATH:		${.CURDIR}/..
 
@@ -28,6 +28,7 @@ SRCS+=	lka_session.c
 SRCS+=	log.c
 SRCS+=	mailaddr.c
 SRCS+=	mda.c
+SRCS+=	mda_mbox.c
 SRCS+=	mda_unpriv.c
 SRCS+=	mda_variables.c
 SRCS+=	mproc.c