diff options
author | Gilles Chehade <gilles@poolp.org> | 2019-09-29 12:17:26 +0200 |
---|---|---|
committer | Gilles Chehade <gilles@poolp.org> | 2019-09-29 12:17:26 +0200 |
commit | cf56f2b96d69bae11feeb5cc982cc2e23c44b549 (patch) | |
tree | 5c4b848bf02000ec0e86c6ca90f4d2ce4b9e8469 | |
parent | Merge branch 'master' into portable (diff) | |
parent | sync (diff) | |
download | OpenSMTPD-cf56f2b96d69bae11feeb5cc982cc2e23c44b549.tar.xz OpenSMTPD-cf56f2b96d69bae11feeb5cc982cc2e23c44b549.zip |
Merge branch 'master' into portable
-rw-r--r-- | smtpd/ca.c | 6 | ||||
-rw-r--r-- | smtpd/lka_report.c | 7 | ||||
-rw-r--r-- | smtpd/parse.y | 6 | ||||
-rw-r--r-- | smtpd/smtp_session.c | 3 | ||||
-rw-r--r-- | smtpd/smtpc.c | 6 | ||||
-rw-r--r-- | smtpd/smtpd.conf.5 | 5 | ||||
-rw-r--r-- | smtpd/smtpd.h | 5 | ||||
-rw-r--r-- | smtpd/smtpd/Makefile | 1 | ||||
-rw-r--r-- | smtpd/spfwalk.c | 16 | ||||
-rw-r--r-- | smtpd/srs.c | 26 | ||||
-rw-r--r-- | smtpd/util.c | 22 |
11 files changed, 62 insertions, 41 deletions
@@ -1,4 +1,4 @@ -/* $OpenBSD: ca.c,v 1.35 2019/07/23 08:05:44 gilles Exp $ */ +/* $OpenBSD: ca.c,v 1.36 2019/09/21 07:46:53 semarie Exp $ */ /* * Copyright (c) 2014 Reyk Floeter <reyk@openbsd.org> @@ -718,8 +718,10 @@ ecdsa_engine_init(void) ENGINE *e; const char *errstr, *name; - if ((ecdsae_method = ECDSA_METHOD_new_temporary("ECDSA privsep engine", 0)) == NULL) + if ((ecdsae_method = ECDSA_METHOD_new_temporary("ECDSA privsep engine", 0)) == NULL) { + errstr = "ECDSA_METHOD_new_temporary"; goto fail; + } ecdsae_method->ecdsa_do_sign = ecdsae_do_sign; ecdsae_method->ecdsa_sign_setup = ecdsae_sign_setup; diff --git a/smtpd/lka_report.c b/smtpd/lka_report.c index f2246864..46c6836f 100644 --- a/smtpd/lka_report.c +++ b/smtpd/lka_report.c @@ -1,4 +1,4 @@ -/* $OpenBSD: lka_report.c,v 1.32 2019/09/11 04:19:19 martijn Exp $ */ +/* $OpenBSD: lka_report.c,v 1.33 2019/09/21 08:10:44 semarie Exp $ */ /* * Copyright (c) 2018 Gilles Chehade <gilles@poolp.org> @@ -157,9 +157,12 @@ report_smtp_broadcast(uint64_t reqid, const char *direction, struct timeval *tv, if (strcmp("smtp-in", direction) == 0) d = &smtp_in; - if (strcmp("smtp-out", direction) == 0) + else if (strcmp("smtp-out", direction) == 0) d = &smtp_out; + else + fatalx("unexpected direction: %s", direction); + tailq = dict_xget(d, event); TAILQ_FOREACH(rp, tailq, entries) { if (!lka_filter_proc_in_session(reqid, rp->name)) diff --git a/smtpd/parse.y b/smtpd/parse.y index 76180938..e7ee2c8c 100644 --- a/smtpd/parse.y +++ b/smtpd/parse.y @@ -1,4 +1,4 @@ -/* $OpenBSD: parse.y,v 1.262 2019/09/20 17:46:05 gilles Exp $ */ +/* $OpenBSD: parse.y,v 1.263 2019/09/22 11:49:53 semarie Exp $ */ /* * Copyright (c) 2008 Gilles Chehade <gilles@poolp.org> @@ -548,8 +548,8 @@ srs: SRS KEY STRING { conf->sc_srs_key = $3; } -SRS KEY BACKUP STRING { - conf->sc_srs_key_backup = $3; +| SRS KEY BACKUP STRING { + conf->sc_srs_key_backup = $4; } | SRS TTL STRING { conf->sc_srs_ttl = delaytonum($3); diff --git a/smtpd/smtp_session.c b/smtpd/smtp_session.c index 29bb5ff2..5e340906 100644 --- a/smtpd/smtp_session.c +++ b/smtpd/smtp_session.c @@ -1,4 +1,4 @@ -/* $OpenBSD: smtp_session.c,v 1.411 2019/09/19 16:00:59 gilles Exp $ */ +/* $OpenBSD: smtp_session.c,v 1.412 2019/09/21 09:01:52 semarie Exp $ */ /* * Copyright (c) 2008 Gilles Chehade <gilles@poolp.org> @@ -304,7 +304,6 @@ header_append_domain_buffer(char *buffer, char *domain, size_t len) int pos_bracket, pos_component, pos_insert; char copy[APPEND_DOMAIN_BUFFER_SIZE]; - i = 0; escape = quote = comment = bracket = 0; has_domain = has_bracket = has_group = 0; pos_bracket = pos_insert = pos_component = 0; diff --git a/smtpd/smtpc.c b/smtpd/smtpc.c index 4c8c0476..9dfc4f0e 100644 --- a/smtpd/smtpc.c +++ b/smtpd/smtpc.c @@ -1,4 +1,4 @@ -/* $OpenBSD: smtpc.c,v 1.9 2019/09/18 11:26:30 eric Exp $ */ +/* $OpenBSD: smtpc.c,v 1.10 2019/09/21 09:04:08 semarie Exp $ */ /* * Copyright (c) 2018 Eric Faurot <eric@openbsd.org> @@ -357,10 +357,10 @@ smtp_verify_server_cert(void *tag, struct smtp_client *proto, void *ctx) SSL *ssl = ctx; X509 *cert; long res; - int r, match; + int match; if ((cert = SSL_get_peer_certificate(ssl))) { - r = ssl_check_name(cert, servname, &match); + (void)ssl_check_name(cert, servname, &match); X509_free(cert); res = SSL_get_verify_result(ssl); if (res == X509_V_OK) { diff --git a/smtpd/smtpd.conf.5 b/smtpd/smtpd.conf.5 index 1da4189c..580d5838 100644 --- a/smtpd/smtpd.conf.5 +++ b/smtpd/smtpd.conf.5 @@ -1,4 +1,4 @@ -.\" $OpenBSD: smtpd.conf.5,v 1.225 2019/09/20 17:46:05 gilles Exp $ +.\" $OpenBSD: smtpd.conf.5,v 1.226 2019/09/20 18:47:23 jmc Exp $ .\" .\" Copyright (c) 2008 Janne Johansson <jj@openbsd.org> .\" Copyright (c) 2009 Jacek Masiulaniec <jacekm@dobremiasto.net> @@ -850,14 +850,13 @@ Set the secret key to use for SRS, the Sender Rewriting Scheme. .It Ic srs Cm key backup Ar secret Set a backup secret key to use as a fallback for SRS. -This can be used to implementation SRS key rotation. +This can be used to implement SRS key rotation. .It Ic srs Cm ttl Ar delay Set the time-to-live delay for SRS envelopes. After this delay, a bounce reply to the SRS address will be discarded to limit risks of forged addresses. The default is four days .Pq 4d . -The delay .It Ic table Ar name Oo Ar type : Oc Ns Ar pathname Tables provide additional configuration information for .Xr smtpd 8 diff --git a/smtpd/smtpd.h b/smtpd/smtpd.h index ab4eb839..f3983395 100644 --- a/smtpd/smtpd.h +++ b/smtpd/smtpd.h @@ -1,4 +1,4 @@ -/* $OpenBSD: smtpd.h,v 1.639 2019/09/20 17:46:05 gilles Exp $ */ +/* $OpenBSD: smtpd.h,v 1.640 2019/09/29 10:03:49 gilles Exp $ */ /* * Copyright (c) 2008 Gilles Chehade <gilles@poolp.org> @@ -1734,7 +1734,10 @@ int session_socket_error(int); int getmailname(char *, size_t); int base64_encode(unsigned char const *, size_t, char *, size_t); int base64_decode(char const *, unsigned char *, size_t); +int base64_encode_rfc3548(unsigned char const *, size_t, + char *, size_t); void xclosefrom(int); + void log_trace_verbose(int); void log_trace(int, const char *, ...) __attribute__((format (printf, 2, 3))); diff --git a/smtpd/smtpd/Makefile b/smtpd/smtpd/Makefile index 12386737..00c7951f 100644 --- a/smtpd/smtpd/Makefile +++ b/smtpd/smtpd/Makefile @@ -49,6 +49,7 @@ SRCS+= scheduler_backend.c SRCS+= smtp.c SRCS+= smtp_session.c SRCS+= smtpd.c +SRCS+= srs.c SRCS+= ssl.c SRCS+= ssl_smtpd.c SRCS+= ssl_verify.c diff --git a/smtpd/spfwalk.c b/smtpd/spfwalk.c index 8200dbf2..338d8f77 100644 --- a/smtpd/spfwalk.c +++ b/smtpd/spfwalk.c @@ -196,6 +196,13 @@ dispatch_txt(struct dns_rr *rr) printf("%s\n", *(ap) + 4); continue; } + if (strcasecmp("a", *ap) == 0) { + print_dname(rr->rr_dname, buf2, sizeof(buf2)); + buf2[strlen(buf2) - 1] = '\0'; + lookup_record(T_A, buf2, dispatch_a); + lookup_record(T_AAAA, buf2, dispatch_aaaa); + continue; + } if (strncasecmp("a:", *ap, 2) == 0) { lookup_record(T_A, *(ap) + 2, dispatch_a); lookup_record(T_AAAA, *(ap) + 2, dispatch_aaaa); @@ -213,17 +220,14 @@ dispatch_txt(struct dns_rr *rr) lookup_record(T_TXT, *(ap) + 9, dispatch_txt); continue; } - if (strcasecmp(*ap, "mx") == 0 || strcasecmp(*ap, "+mx") == 0) { + if (strcasecmp("mx", *ap) == 0) { print_dname(rr->rr_dname, buf2, sizeof(buf2)); buf2[strlen(buf2) - 1] = '\0'; lookup_record(T_MX, buf2, dispatch_mx); continue; } - if (strcasecmp(*ap, "a") == 0 || strcasecmp(*ap, "+a") == 0) { - print_dname(rr->rr_dname, buf2, sizeof(buf2)); - buf2[strlen(buf2) - 1] = '\0'; - lookup_record(T_A, buf2, dispatch_a); - lookup_record(T_AAAA, buf2, dispatch_aaaa); + if (strncasecmp("mx:", *ap, 2) == 0) { + lookup_record(T_MX, *(ap) + 2, dispatch_mx); continue; } } diff --git a/smtpd/srs.c b/smtpd/srs.c index 9d0daade..05737d8d 100644 --- a/smtpd/srs.c +++ b/smtpd/srs.c @@ -1,4 +1,4 @@ -/* $OpenBSD: srs.c,v 1.1 2019/09/20 17:46:05 gilles Exp $ */ +/* $OpenBSD: srs.c,v 1.3 2019/09/29 10:03:49 gilles Exp $ */ /* * Copyright (c) 2019 Gilles Chehade <gilles@poolp.org> @@ -16,8 +16,6 @@ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ -#include "includes.h" - #include <sys/types.h> #include <sys/queue.h> #include <sys/tree.h> @@ -127,7 +125,7 @@ srs0_encode(const char *sender, const char *rcpt_domain) return sender; /* compute HHHH */ - base64_encode(srs_hash(env->sc_srs_key, tmp), SHA_DIGEST_LENGTH, + base64_encode_rfc3548(srs_hash(env->sc_srs_key, tmp), SHA_DIGEST_LENGTH, md, sizeof md); /* prepend SRS0=HHHH= prefix */ @@ -146,12 +144,8 @@ srs1_encode_srs0(const char *sender, const char *rcpt_domain) char tmp[SMTPD_MAXMAILADDRSIZE]; char md[SHA_DIGEST_LENGTH*4+1]; struct mailaddr maddr; - uint16_t timestamp; int ret; - /* compute 10 bits timestamp according to spec */ - timestamp = (time(NULL) / (60 * 60 * 24)) % 1024; - /* parse sender into user and domain */ if (! text_to_mailaddr(&maddr, sender)) return sender; @@ -163,7 +157,7 @@ srs1_encode_srs0(const char *sender, const char *rcpt_domain) return sender; /* compute HHHH */ - base64_encode(srs_hash(env->sc_srs_key, tmp), SHA_DIGEST_LENGTH, + base64_encode_rfc3548(srs_hash(env->sc_srs_key, tmp), SHA_DIGEST_LENGTH, md, sizeof md); /* prepend SRS1=HHHH= prefix */ @@ -182,12 +176,8 @@ srs1_encode_srs1(const char *sender, const char *rcpt_domain) char tmp[SMTPD_MAXMAILADDRSIZE]; char md[SHA_DIGEST_LENGTH*4+1]; struct mailaddr maddr; - uint16_t timestamp; int ret; - /* compute 10 bits timestamp according to spec */ - timestamp = (time(NULL) / (60 * 60 * 24)) % 1024; - /* parse sender into user and domain */ if (! text_to_mailaddr(&maddr, sender)) return sender; @@ -206,7 +196,7 @@ srs1_encode_srs1(const char *sender, const char *rcpt_domain) return sender; /* compute HHHH */ - base64_encode(srs_hash(env->sc_srs_key, tmp + 5), SHA_DIGEST_LENGTH, + base64_encode_rfc3548(srs_hash(env->sc_srs_key, tmp + 5), SHA_DIGEST_LENGTH, md, sizeof md); /* prepend SRS1=HHHH= prefix skipping previous hops' HHHH */ @@ -244,14 +234,14 @@ srs0_decode(const char *rcpt) return NULL; /* compute checksum */ - base64_encode(srs_hash(env->sc_srs_key, rcpt+5), SHA_DIGEST_LENGTH, + base64_encode_rfc3548(srs_hash(env->sc_srs_key, rcpt+5), SHA_DIGEST_LENGTH, md, sizeof md); /* compare prefix checksum with computed checksum */ if (strncmp(md, rcpt, 4) != 0) { if (env->sc_srs_key_backup == NULL) return NULL; - base64_encode(srs_hash(env->sc_srs_key_backup, rcpt+5), + base64_encode_rfc3548(srs_hash(env->sc_srs_key_backup, rcpt+5), SHA_DIGEST_LENGTH, md, sizeof md); if (strncmp(md, rcpt, 4) != 0) return NULL; @@ -312,14 +302,14 @@ srs1_decode(const char *rcpt) return NULL; /* compute checksum */ - base64_encode(srs_hash(env->sc_srs_key, rcpt+5), SHA_DIGEST_LENGTH, + base64_encode_rfc3548(srs_hash(env->sc_srs_key, rcpt+5), SHA_DIGEST_LENGTH, md, sizeof md); /* compare prefix checksum with computed checksum */ if (strncmp(md, rcpt, 4) != 0) { if (env->sc_srs_key_backup == NULL) return NULL; - base64_encode(srs_hash(env->sc_srs_key_backup, rcpt+5), + base64_encode_rfc3548(srs_hash(env->sc_srs_key_backup, rcpt+5), SHA_DIGEST_LENGTH, md, sizeof md); if (strncmp(md, rcpt, 4) != 0) return NULL; diff --git a/smtpd/util.c b/smtpd/util.c index 11cf70ce..c8d87974 100644 --- a/smtpd/util.c +++ b/smtpd/util.c @@ -1,4 +1,4 @@ -/* $OpenBSD: util.c,v 1.147 2019/08/28 19:46:20 eric Exp $ */ +/* $OpenBSD: util.c,v 1.148 2019/09/29 10:03:49 gilles Exp $ */ /* * Copyright (c) 2000,2001 Markus Friedl. All rights reserved. @@ -862,6 +862,26 @@ base64_decode(char const *src, unsigned char *dest, size_t destsize) return __b64_pton(src, dest, destsize); } +int +base64_encode_rfc3548(unsigned char const *src, size_t srclen, + char *dest, size_t destsize) +{ + size_t i; + int ret; + + if ((ret = base64_encode(src, srclen, dest, destsize)) == -1) + return -1; + + for (i = 0; i < destsize; ++i) { + if (dest[i] == '/') + dest[i] = '_'; + else if (dest[i] == '+') + dest[i] = '-'; + } + + return ret; +} + void log_trace(int mask, const char *emsg, ...) { |