disallow root deliveries for "deliver to filename" and "deliver to mda"

rules, we only allow them for mbox and maildir though users should really create a root alias ... discussed with eric@ and chl@, ok both
author: gilles <gilles@openbsd.org> 2012-10-03 17:58:03 +0000
committer: gilles <gilles@openbsd.org> 2012-10-03 17:58:03 +0000
commit: 69de27315438c961296e72e96fd27766a1a7345f (patch)
tree: 264438c9868998a88d00daf3ab9f3f6ff5c466e7
parent: don't try to cope with iobuf_init() failure, make it fatal() instead. (diff)
download: wireguard-openbsd-69de27315438c961296e72e96fd27766a1a7345f.tar.xz
wireguard-openbsd-69de27315438c961296e72e96fd27766a1a7345f.zip
6 files changed, 19 insertions, 11 deletions
diff --git a/usr.sbin/smtpd/delivery_filename.c b/usr.sbin/smtpd/delivery_filename.c
index fa013f89971..d0aa28bf186 100644
--- a/usr.sbin/smtpd/delivery_filename.c
+++ b/usr.sbin/smtpd/delivery_filename.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: delivery_filename.c,v 1.5 2012/05/25 13:51:41 chl Exp $	*/
+/*	$OpenBSD: delivery_filename.c,v 1.6 2012/10/03 17:58:03 gilles Exp $	*/
 
 /*
  * Copyright (c) 2011 Gilles Chehade <gilles@openbsd.org>
@@ -45,7 +45,7 @@ extern char	**environ;
 static void delivery_filename_open(struct deliver *);
 
 struct delivery_backend delivery_backend_filename = {
-	delivery_filename_open
+	0, delivery_filename_open
 };
 
 
diff --git a/usr.sbin/smtpd/delivery_maildir.c b/usr.sbin/smtpd/delivery_maildir.c
index f576772c771..493cbce2fc7 100644
--- a/usr.sbin/smtpd/delivery_maildir.c
+++ b/usr.sbin/smtpd/delivery_maildir.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: delivery_maildir.c,v 1.8 2012/09/16 11:53:57 gilles Exp $	*/
+/*	$OpenBSD: delivery_maildir.c,v 1.9 2012/10/03 17:58:03 gilles Exp $	*/
 
 /*
  * Copyright (c) 2011 Gilles Chehade <gilles@openbsd.org>
@@ -45,7 +45,7 @@ extern char	**environ;
 static void delivery_maildir_open(struct deliver *);
 
 struct delivery_backend delivery_backend_maildir = {
-	delivery_maildir_open
+	1, delivery_maildir_open
 };
 
 
diff --git a/usr.sbin/smtpd/delivery_mbox.c b/usr.sbin/smtpd/delivery_mbox.c
index ae8d2bcae20..28002d8f54e 100644
--- a/usr.sbin/smtpd/delivery_mbox.c
+++ b/usr.sbin/smtpd/delivery_mbox.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: delivery_mbox.c,v 1.5 2012/03/07 23:04:00 gilles Exp $	*/
+/*	$OpenBSD: delivery_mbox.c,v 1.6 2012/10/03 17:58:03 gilles Exp $	*/
 
 /*
  * Copyright (c) 2011 Gilles Chehade <gilles@openbsd.org>
@@ -44,7 +44,7 @@ extern char	**environ;
 static void delivery_mbox_open(struct deliver *);
 
 struct delivery_backend delivery_backend_mbox = {
-	delivery_mbox_open
+	1, delivery_mbox_open
 };
 
 
diff --git a/usr.sbin/smtpd/delivery_mda.c b/usr.sbin/smtpd/delivery_mda.c
index 9a259e4c671..9568bdfbc5f 100644
--- a/usr.sbin/smtpd/delivery_mda.c
+++ b/usr.sbin/smtpd/delivery_mda.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: delivery_mda.c,v 1.4 2012/03/07 23:04:00 gilles Exp $	*/
+/*	$OpenBSD: delivery_mda.c,v 1.5 2012/10/03 17:58:03 gilles Exp $	*/
 
 /*
  * Copyright (c) 2011 Gilles Chehade <gilles@openbsd.org>
@@ -42,7 +42,7 @@ extern char	**environ;
 static void delivery_mda_open(struct deliver *);
 
 struct delivery_backend delivery_backend_mda = {
-	delivery_mda_open
+	0, delivery_mda_open
 };
 
 
diff --git a/usr.sbin/smtpd/smtpd.c b/usr.sbin/smtpd/smtpd.c
index c7e79cd672f..4b87cb6e45d 100644
--- a/usr.sbin/smtpd/smtpd.c
+++ b/usr.sbin/smtpd/smtpd.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: smtpd.c,v 1.172 2012/09/28 17:28:30 eric Exp $	*/
+/*	$OpenBSD: smtpd.c,v 1.173 2012/10/03 17:58:03 gilles Exp $	*/
 
 /*
  * Copyright (c) 2008 Gilles Chehade <gilles@openbsd.org>
@@ -829,6 +829,13 @@ forkmda(struct imsgev *iev, uint32_t id,
 	if (db == NULL)
 		return;
 
+	if (u.uid == 0 && ! db->allow_root) {
+		n = snprintf(ebuf, sizeof ebuf, "not allowed to deliver to: %s",
+		    deliver->user);
+		imsg_compose_event(iev, IMSG_MDA_DONE, id, 0, -1, ebuf, n + 1);
+		return;
+	}
+
 	/* lower privs early to allow fork fail due to ulimit */
 	if (seteuid(u.uid) < 0)
 		fatal("smtpd: forkmda: cannot lower privileges");
diff --git a/usr.sbin/smtpd/smtpd.h b/usr.sbin/smtpd/smtpd.h
index 22b2582c244..8397d346249 100644
--- a/usr.sbin/smtpd/smtpd.h
+++ b/usr.sbin/smtpd/smtpd.h
@@ -1,4 +1,4 @@
-/*	$OpenBSD: smtpd.h,v 1.376 2012/09/30 14:28:16 gilles Exp $	*/
+/*	$OpenBSD: smtpd.h,v 1.377 2012/10/03 17:58:03 gilles Exp $	*/
 
 /*
  * Copyright (c) 2008 Gilles Chehade <gilles@openbsd.org>
@@ -799,7 +799,8 @@ struct user_backend {
 
 /* delivery_backend */
 struct delivery_backend {
-	void	(*open)(struct deliver *);
+	int			allow_root;
+	void (*open)(struct deliver *);
 };
 
 struct scheduler_info {
author	gilles <gilles@openbsd.org>	2012-10-03 17:58:03 +0000
committer	gilles <gilles@openbsd.org>	2012-10-03 17:58:03 +0000
commit	69de27315438c961296e72e96fd27766a1a7345f (patch)
tree	264438c9868998a88d00daf3ab9f3f6ff5c466e7
parent	don't try to cope with iobuf_init() failure, make it fatal() instead. (diff)
download	wireguard-openbsd-69de27315438c961296e72e96fd27766a1a7345f.tar.xz wireguard-openbsd-69de27315438c961296e72e96fd27766a1a7345f.zip