From 70ace60b92796ff17d186683093d43f283955c1a Mon Sep 17 00:00:00 2001 From: Gilles Chehade Date: Sat, 28 Sep 2019 14:52:00 +0000 Subject: what about linking srs.c to the build ? --- smtpd/smtpd/Makefile | 1 + 1 file changed, 1 insertion(+) diff --git a/smtpd/smtpd/Makefile b/smtpd/smtpd/Makefile index 12386737..00c7951f 100644 --- a/smtpd/smtpd/Makefile +++ b/smtpd/smtpd/Makefile @@ -49,6 +49,7 @@ SRCS+= scheduler_backend.c SRCS+= smtp.c SRCS+= smtp_session.c SRCS+= smtpd.c +SRCS+= srs.c SRCS+= ssl.c SRCS+= ssl_smtpd.c SRCS+= ssl_verify.c -- cgit v1.2.3-59-g8ed1b From ac7a62b7b643a412c9169f5a97fb6d49ae826f16 Mon Sep 17 00:00:00 2001 From: Gilles Chehade Date: Sat, 28 Sep 2019 17:24:56 +0200 Subject: sync --- smtpd/ca.c | 6 ++++-- smtpd/lka_report.c | 7 +++++-- smtpd/parse.y | 6 +++--- smtpd/smtp_session.c | 3 +-- smtpd/smtpc.c | 6 +++--- smtpd/smtpd.conf.5 | 5 ++--- smtpd/srs.c | 12 +----------- 7 files changed, 19 insertions(+), 26 deletions(-) diff --git a/smtpd/ca.c b/smtpd/ca.c index 7afcfb7d..fdc177e2 100644 --- a/smtpd/ca.c +++ b/smtpd/ca.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ca.c,v 1.35 2019/07/23 08:05:44 gilles Exp $ */ +/* $OpenBSD: ca.c,v 1.36 2019/09/21 07:46:53 semarie Exp $ */ /* * Copyright (c) 2014 Reyk Floeter @@ -705,8 +705,10 @@ ecdsa_engine_init(void) ENGINE *e; const char *errstr, *name; - if ((ecdsae_method = ECDSA_METHOD_new_temporary("ECDSA privsep engine", 0)) == NULL) + if ((ecdsae_method = ECDSA_METHOD_new_temporary("ECDSA privsep engine", 0)) == NULL) { + errstr = "ECDSA_METHOD_new_temporary"; goto fail; + } ecdsae_method->ecdsa_do_sign = ecdsae_do_sign; ecdsae_method->ecdsa_sign_setup = ecdsae_sign_setup; diff --git a/smtpd/lka_report.c b/smtpd/lka_report.c index 8b745935..109609a5 100644 --- a/smtpd/lka_report.c +++ b/smtpd/lka_report.c @@ -1,4 +1,4 @@ -/* $OpenBSD: lka_report.c,v 1.32 2019/09/11 04:19:19 martijn Exp $ */ +/* $OpenBSD: lka_report.c,v 1.33 2019/09/21 08:10:44 semarie Exp $ */ /* * Copyright (c) 2018 Gilles Chehade @@ -155,9 +155,12 @@ report_smtp_broadcast(uint64_t reqid, const char *direction, struct timeval *tv, if (strcmp("smtp-in", direction) == 0) d = &smtp_in; - if (strcmp("smtp-out", direction) == 0) + else if (strcmp("smtp-out", direction) == 0) d = &smtp_out; + else + fatalx("unexpected direction: %s", direction); + tailq = dict_xget(d, event); TAILQ_FOREACH(rp, tailq, entries) { if (!lka_filter_proc_in_session(reqid, rp->name)) diff --git a/smtpd/parse.y b/smtpd/parse.y index 4801d14f..2fff100e 100644 --- a/smtpd/parse.y +++ b/smtpd/parse.y @@ -1,4 +1,4 @@ -/* $OpenBSD: parse.y,v 1.262 2019/09/20 17:46:05 gilles Exp $ */ +/* $OpenBSD: parse.y,v 1.263 2019/09/22 11:49:53 semarie Exp $ */ /* * Copyright (c) 2008 Gilles Chehade @@ -542,8 +542,8 @@ srs: SRS KEY STRING { conf->sc_srs_key = $3; } -SRS KEY BACKUP STRING { - conf->sc_srs_key_backup = $3; +| SRS KEY BACKUP STRING { + conf->sc_srs_key_backup = $4; } | SRS TTL STRING { conf->sc_srs_ttl = delaytonum($3); diff --git a/smtpd/smtp_session.c b/smtpd/smtp_session.c index 4e4978e4..5df9476e 100644 --- a/smtpd/smtp_session.c +++ b/smtpd/smtp_session.c @@ -1,4 +1,4 @@ -/* $OpenBSD: smtp_session.c,v 1.411 2019/09/19 16:00:59 gilles Exp $ */ +/* $OpenBSD: smtp_session.c,v 1.412 2019/09/21 09:01:52 semarie Exp $ */ /* * Copyright (c) 2008 Gilles Chehade @@ -298,7 +298,6 @@ header_append_domain_buffer(char *buffer, char *domain, size_t len) int pos_bracket, pos_component, pos_insert; char copy[APPEND_DOMAIN_BUFFER_SIZE]; - i = 0; escape = quote = comment = bracket = 0; has_domain = has_bracket = has_group = 0; pos_bracket = pos_insert = pos_component = 0; diff --git a/smtpd/smtpc.c b/smtpd/smtpc.c index fb6d711d..deb99c63 100644 --- a/smtpd/smtpc.c +++ b/smtpd/smtpc.c @@ -1,4 +1,4 @@ -/* $OpenBSD: smtpc.c,v 1.9 2019/09/18 11:26:30 eric Exp $ */ +/* $OpenBSD: smtpc.c,v 1.10 2019/09/21 09:04:08 semarie Exp $ */ /* * Copyright (c) 2018 Eric Faurot @@ -351,10 +351,10 @@ smtp_verify_server_cert(void *tag, struct smtp_client *proto, void *ctx) SSL *ssl = ctx; X509 *cert; long res; - int r, match; + int match; if ((cert = SSL_get_peer_certificate(ssl))) { - r = ssl_check_name(cert, servname, &match); + (void)ssl_check_name(cert, servname, &match); X509_free(cert); res = SSL_get_verify_result(ssl); if (res == X509_V_OK) { diff --git a/smtpd/smtpd.conf.5 b/smtpd/smtpd.conf.5 index 1da4189c..580d5838 100644 --- a/smtpd/smtpd.conf.5 +++ b/smtpd/smtpd.conf.5 @@ -1,4 +1,4 @@ -.\" $OpenBSD: smtpd.conf.5,v 1.225 2019/09/20 17:46:05 gilles Exp $ +.\" $OpenBSD: smtpd.conf.5,v 1.226 2019/09/20 18:47:23 jmc Exp $ .\" .\" Copyright (c) 2008 Janne Johansson .\" Copyright (c) 2009 Jacek Masiulaniec @@ -850,14 +850,13 @@ Set the secret key to use for SRS, the Sender Rewriting Scheme. .It Ic srs Cm key backup Ar secret Set a backup secret key to use as a fallback for SRS. -This can be used to implementation SRS key rotation. +This can be used to implement SRS key rotation. .It Ic srs Cm ttl Ar delay Set the time-to-live delay for SRS envelopes. After this delay, a bounce reply to the SRS address will be discarded to limit risks of forged addresses. The default is four days .Pq 4d . -The delay .It Ic table Ar name Oo Ar type : Oc Ns Ar pathname Tables provide additional configuration information for .Xr smtpd 8 diff --git a/smtpd/srs.c b/smtpd/srs.c index 9d0daade..dc34ae48 100644 --- a/smtpd/srs.c +++ b/smtpd/srs.c @@ -1,4 +1,4 @@ -/* $OpenBSD: srs.c,v 1.1 2019/09/20 17:46:05 gilles Exp $ */ +/* $OpenBSD: srs.c,v 1.2 2019/09/21 06:40:48 semarie Exp $ */ /* * Copyright (c) 2019 Gilles Chehade @@ -16,8 +16,6 @@ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ -#include "includes.h" - #include #include #include @@ -146,12 +144,8 @@ srs1_encode_srs0(const char *sender, const char *rcpt_domain) char tmp[SMTPD_MAXMAILADDRSIZE]; char md[SHA_DIGEST_LENGTH*4+1]; struct mailaddr maddr; - uint16_t timestamp; int ret; - /* compute 10 bits timestamp according to spec */ - timestamp = (time(NULL) / (60 * 60 * 24)) % 1024; - /* parse sender into user and domain */ if (! text_to_mailaddr(&maddr, sender)) return sender; @@ -182,12 +176,8 @@ srs1_encode_srs1(const char *sender, const char *rcpt_domain) char tmp[SMTPD_MAXMAILADDRSIZE]; char md[SHA_DIGEST_LENGTH*4+1]; struct mailaddr maddr; - uint16_t timestamp; int ret; - /* compute 10 bits timestamp according to spec */ - timestamp = (time(NULL) / (60 * 60 * 24)) % 1024; - /* parse sender into user and domain */ if (! text_to_mailaddr(&maddr, sender)) return sender; -- cgit v1.2.3-59-g8ed1b From 458c97075320b5977d86b8f47c96ecbc14e14032 Mon Sep 17 00:00:00 2001 From: Gilles Chehade Date: Sun, 29 Sep 2019 12:16:40 +0200 Subject: sync --- smtpd/smtpd.h | 4 +++- smtpd/spfwalk.c | 16 ++++++++++------ smtpd/srs.c | 16 ++++++++-------- smtpd/util.c | 22 +++++++++++++++++++++- 4 files changed, 42 insertions(+), 16 deletions(-) diff --git a/smtpd/smtpd.h b/smtpd/smtpd.h index 7ba6a472..ceefa269 100644 --- a/smtpd/smtpd.h +++ b/smtpd/smtpd.h @@ -1,4 +1,4 @@ -/* $OpenBSD: smtpd.h,v 1.639 2019/09/20 17:46:05 gilles Exp $ */ +/* $OpenBSD: smtpd.h,v 1.640 2019/09/29 10:03:49 gilles Exp $ */ /* * Copyright (c) 2008 Gilles Chehade @@ -1708,6 +1708,8 @@ int session_socket_error(int); int getmailname(char *, size_t); int base64_encode(unsigned char const *, size_t, char *, size_t); int base64_decode(char const *, unsigned char *, size_t); +int base64_encode_rfc3548(unsigned char const *, size_t, + char *, size_t); void log_trace_verbose(int); void log_trace(int, const char *, ...) diff --git a/smtpd/spfwalk.c b/smtpd/spfwalk.c index 40d4888d..3987af61 100644 --- a/smtpd/spfwalk.c +++ b/smtpd/spfwalk.c @@ -190,6 +190,13 @@ dispatch_txt(struct dns_rr *rr) printf("%s\n", *(ap) + 4); continue; } + if (strcasecmp("a", *ap) == 0) { + print_dname(rr->rr_dname, buf2, sizeof(buf2)); + buf2[strlen(buf2) - 1] = '\0'; + lookup_record(T_A, buf2, dispatch_a); + lookup_record(T_AAAA, buf2, dispatch_aaaa); + continue; + } if (strncasecmp("a:", *ap, 2) == 0) { lookup_record(T_A, *(ap) + 2, dispatch_a); lookup_record(T_AAAA, *(ap) + 2, dispatch_aaaa); @@ -207,17 +214,14 @@ dispatch_txt(struct dns_rr *rr) lookup_record(T_TXT, *(ap) + 9, dispatch_txt); continue; } - if (strcasecmp(*ap, "mx") == 0 || strcasecmp(*ap, "+mx") == 0) { + if (strcasecmp("mx", *ap) == 0) { print_dname(rr->rr_dname, buf2, sizeof(buf2)); buf2[strlen(buf2) - 1] = '\0'; lookup_record(T_MX, buf2, dispatch_mx); continue; } - if (strcasecmp(*ap, "a") == 0 || strcasecmp(*ap, "+a") == 0) { - print_dname(rr->rr_dname, buf2, sizeof(buf2)); - buf2[strlen(buf2) - 1] = '\0'; - lookup_record(T_A, buf2, dispatch_a); - lookup_record(T_AAAA, buf2, dispatch_aaaa); + if (strncasecmp("mx:", *ap, 2) == 0) { + lookup_record(T_MX, *(ap) + 2, dispatch_mx); continue; } } diff --git a/smtpd/srs.c b/smtpd/srs.c index dc34ae48..05737d8d 100644 --- a/smtpd/srs.c +++ b/smtpd/srs.c @@ -1,4 +1,4 @@ -/* $OpenBSD: srs.c,v 1.2 2019/09/21 06:40:48 semarie Exp $ */ +/* $OpenBSD: srs.c,v 1.3 2019/09/29 10:03:49 gilles Exp $ */ /* * Copyright (c) 2019 Gilles Chehade @@ -125,7 +125,7 @@ srs0_encode(const char *sender, const char *rcpt_domain) return sender; /* compute HHHH */ - base64_encode(srs_hash(env->sc_srs_key, tmp), SHA_DIGEST_LENGTH, + base64_encode_rfc3548(srs_hash(env->sc_srs_key, tmp), SHA_DIGEST_LENGTH, md, sizeof md); /* prepend SRS0=HHHH= prefix */ @@ -157,7 +157,7 @@ srs1_encode_srs0(const char *sender, const char *rcpt_domain) return sender; /* compute HHHH */ - base64_encode(srs_hash(env->sc_srs_key, tmp), SHA_DIGEST_LENGTH, + base64_encode_rfc3548(srs_hash(env->sc_srs_key, tmp), SHA_DIGEST_LENGTH, md, sizeof md); /* prepend SRS1=HHHH= prefix */ @@ -196,7 +196,7 @@ srs1_encode_srs1(const char *sender, const char *rcpt_domain) return sender; /* compute HHHH */ - base64_encode(srs_hash(env->sc_srs_key, tmp + 5), SHA_DIGEST_LENGTH, + base64_encode_rfc3548(srs_hash(env->sc_srs_key, tmp + 5), SHA_DIGEST_LENGTH, md, sizeof md); /* prepend SRS1=HHHH= prefix skipping previous hops' HHHH */ @@ -234,14 +234,14 @@ srs0_decode(const char *rcpt) return NULL; /* compute checksum */ - base64_encode(srs_hash(env->sc_srs_key, rcpt+5), SHA_DIGEST_LENGTH, + base64_encode_rfc3548(srs_hash(env->sc_srs_key, rcpt+5), SHA_DIGEST_LENGTH, md, sizeof md); /* compare prefix checksum with computed checksum */ if (strncmp(md, rcpt, 4) != 0) { if (env->sc_srs_key_backup == NULL) return NULL; - base64_encode(srs_hash(env->sc_srs_key_backup, rcpt+5), + base64_encode_rfc3548(srs_hash(env->sc_srs_key_backup, rcpt+5), SHA_DIGEST_LENGTH, md, sizeof md); if (strncmp(md, rcpt, 4) != 0) return NULL; @@ -302,14 +302,14 @@ srs1_decode(const char *rcpt) return NULL; /* compute checksum */ - base64_encode(srs_hash(env->sc_srs_key, rcpt+5), SHA_DIGEST_LENGTH, + base64_encode_rfc3548(srs_hash(env->sc_srs_key, rcpt+5), SHA_DIGEST_LENGTH, md, sizeof md); /* compare prefix checksum with computed checksum */ if (strncmp(md, rcpt, 4) != 0) { if (env->sc_srs_key_backup == NULL) return NULL; - base64_encode(srs_hash(env->sc_srs_key_backup, rcpt+5), + base64_encode_rfc3548(srs_hash(env->sc_srs_key_backup, rcpt+5), SHA_DIGEST_LENGTH, md, sizeof md); if (strncmp(md, rcpt, 4) != 0) return NULL; diff --git a/smtpd/util.c b/smtpd/util.c index fff0f774..2138d1a4 100644 --- a/smtpd/util.c +++ b/smtpd/util.c @@ -1,4 +1,4 @@ -/* $OpenBSD: util.c,v 1.147 2019/08/28 19:46:20 eric Exp $ */ +/* $OpenBSD: util.c,v 1.148 2019/09/29 10:03:49 gilles Exp $ */ /* * Copyright (c) 2000,2001 Markus Friedl. All rights reserved. @@ -860,6 +860,26 @@ base64_decode(char const *src, unsigned char *dest, size_t destsize) return __b64_pton(src, dest, destsize); } +int +base64_encode_rfc3548(unsigned char const *src, size_t srclen, + char *dest, size_t destsize) +{ + size_t i; + int ret; + + if ((ret = base64_encode(src, srclen, dest, destsize)) == -1) + return -1; + + for (i = 0; i < destsize; ++i) { + if (dest[i] == '/') + dest[i] = '_'; + else if (dest[i] == '+') + dest[i] = '-'; + } + + return ret; +} + void log_trace(int mask, const char *emsg, ...) { -- cgit v1.2.3-59-g8ed1b