diff options
| author |   millert <millert@openbsd.org> | 2011-05-17 15:54:23 +0000 |
|---|---|---|
| committer | millert <millert@openbsd.org> | 2011-05-17 15:54:23 +0000 |
| commit | ab17230123e3935c308cda93897d8d52e1b314f5 (patch) | |
| tree | f058970b3b2e0ac8b9f15553eefb47be8d852c7b | |
| parent | typo fix from Andreas Bartelt; (diff) | |
| download | wireguard-openbsd-ab17230123e3935c308cda93897d8d52e1b314f5.tar.xz wireguard-openbsd-ab17230123e3935c308cda93897d8d52e1b314f5.zip | |
Update to sendmail 8.14.5
74 files changed, 1890 insertions, 783 deletions
diff --git a/gnu/usr.sbin/sendmail/CACerts b/gnu/usr.sbin/sendmail/CACerts index 37c09635c52..1a7d6fcae4a 100644 --- a/gnu/usr.sbin/sendmail/CACerts +++ b/gnu/usr.sbin/sendmail/CACerts @@ -1,4 +1,4 @@ -# $Sendmail: CACerts,v 8.3 2007/06/11 22:04:46 ca Exp $ +# $Sendmail: CACerts,v 8.5 2011/05/06 23:05:10 ca Exp $ # This file contains some CA certificates that are used to sign the # certificates of mail servers of members of the sendmail consortium # who may reply to questions etc sent to sendmail.org. @@ -9,228 +9,94 @@ Certificate: Data: Version: 3 (0x2) - Serial Number: 0 (0x0) - Signature Algorithm: md5WithRSAEncryption - Issuer: C=US, ST=California, L=Berkeley, O=Sendmail Consortium, CN=Certificate Authority/emailAddress=certificates@sendmail.org - Validity - Not Before: Feb 1 21:51:47 2003 GMT - Not After : Jan 31 21:51:47 2008 GMT - Subject: C=US, ST=California, L=Berkeley, O=Sendmail Consortium, CN=Certificate Authority/emailAddress=certificates@sendmail.org - Subject Public Key Info: - Public Key Algorithm: rsaEncryption - RSA Public Key: (1024 bit) - Modulus (1024 bit): - 00:9a:fb:dc:4c:a3:58:21:1b:84:78:0a:53:56:b3: - 8d:84:05:b7:db:dd:d7:81:ea:dd:c1:ab:d4:be:d9: - 2b:12:e0:6d:3a:31:d5:f0:7b:13:fc:d8:da:09:0b: - 71:11:8e:b9:48:c4:ab:ae:f5:9c:4c:e2:04:27:8e: - c8:03:3a:aa:00:8b:46:f2:79:09:ae:65:b2:9a:66: - e7:ac:a9:ea:32:f7:4a:4e:fd:da:41:48:34:5a:9d: - b0:42:ea:55:40:17:27:5e:67:9e:e5:ce:dc:84:6d: - 1d:48:37:23:11:68:9d:a8:d4:58:02:05:ea:88:35: - bd:0d:b6:28:d5:cd:d4:d8:95 - Exponent: 65537 (0x10001) - X509v3 extensions: - X509v3 Subject Key Identifier: - DE:CD:6E:B8:89:34:06:3D:E9:CD:A7:FE:45:4F:4E:FB:E1:8D:E7:79 - X509v3 Authority Key Identifier: - keyid:DE:CD:6E:B8:89:34:06:3D:E9:CD:A7:FE:45:4F:4E:FB:E1:8D:E7:79 - DirName:/C=US/ST=California/L=Berkeley/O=Sendmail Consortium/CN=Certificate Authority/emailAddress=certificates@sendmail.org - serial:00 - - X509v3 Basic Constraints: - CA:TRUE - Signature Algorithm: md5WithRSAEncryption - 66:92:b9:57:17:3b:6a:0e:72:b1:85:29:53:9f:11:68:a0:0d: - 79:43:d0:7c:48:73:b9:71:09:50:08:02:03:0b:28:0c:33:9a: - 00:ac:94:69:4f:bc:0f:45:6b:f5:3a:ca:6a:87:a1:7f:28:f7: - 9a:c4:b6:b0:f3:dc:a3:eb:42:95:9f:99:19:f8:b8:84:6d:f1: - 1d:bc:9f:f0:a0:cc:60:2d:00:6b:17:55:33:16:85:d1:73:e1: - 00:59:89:33:19:c4:2e:29:5a:39:a7:0e:e7:9b:d2:4c:c7:b9: - 7d:6a:3e:b4:00:83:86:d3:16:28:fd:ad:55:65:60:4e:14:02: - 46:d3 ------BEGIN CERTIFICATE----- -MIIDsDCCAxmgAwIBAgIBADANBgkqhkiG9w0BAQQFADCBnTELMAkGA1UEBhMCVVMx -EzARBgNVBAgTCkNhbGlmb3JuaWExETAPBgNVBAcTCEJlcmtlbGV5MRwwGgYDVQQK -ExNTZW5kbWFpbCBDb25zb3J0aXVtMR4wHAYDVQQDExVDZXJ0aWZpY2F0ZSBBdXRo -b3JpdHkxKDAmBgkqhkiG9w0BCQEWGWNlcnRpZmljYXRlc0BzZW5kbWFpbC5vcmcw -HhcNMDMwMjAxMjE1MTQ3WhcNMDgwMTMxMjE1MTQ3WjCBnTELMAkGA1UEBhMCVVMx -EzARBgNVBAgTCkNhbGlmb3JuaWExETAPBgNVBAcTCEJlcmtlbGV5MRwwGgYDVQQK -ExNTZW5kbWFpbCBDb25zb3J0aXVtMR4wHAYDVQQDExVDZXJ0aWZpY2F0ZSBBdXRo -b3JpdHkxKDAmBgkqhkiG9w0BCQEWGWNlcnRpZmljYXRlc0BzZW5kbWFpbC5vcmcw -gZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAJr73EyjWCEbhHgKU1azjYQFt9vd -14Hq3cGr1L7ZKxLgbTox1fB7E/zY2gkLcRGOuUjEq671nEziBCeOyAM6qgCLRvJ5 -Ca5lsppm56yp6jL3Sk792kFINFqdsELqVUAXJ15nnuXO3IRtHUg3IxFonajUWAIF -6og1vQ22KNXN1NiVAgMBAAGjgf0wgfowHQYDVR0OBBYEFN7NbriJNAY96c2n/kVP -Tvvhjed5MIHKBgNVHSMEgcIwgb+AFN7NbriJNAY96c2n/kVPTvvhjed5oYGjpIGg -MIGdMQswCQYDVQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTERMA8GA1UEBxMI -QmVya2VsZXkxHDAaBgNVBAoTE1NlbmRtYWlsIENvbnNvcnRpdW0xHjAcBgNVBAMT -FUNlcnRpZmljYXRlIEF1dGhvcml0eTEoMCYGCSqGSIb3DQEJARYZY2VydGlmaWNh -dGVzQHNlbmRtYWlsLm9yZ4IBADAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBBAUA -A4GBAGaSuVcXO2oOcrGFKVOfEWigDXlD0HxIc7lxCVAIAgMLKAwzmgCslGlPvA9F -a/U6ymqHoX8o95rEtrDz3KPrQpWfmRn4uIRt8R28n/CgzGAtAGsXVTMWhdFz4QBZ -iTMZxC4pWjmnDueb0kzHuX1qPrQAg4bTFij9rVVlYE4UAkbT ------END CERTIFICATE----- - - -Certificate: - Data: - Version: 3 (0x2) - Serial Number: 0 (0x0) - Signature Algorithm: md5WithRSAEncryption - Issuer: C=US, ST=Illinois, L=De Kalb, O=Northern Illinois University, OU=Computer Science, CN=Neil Rickert/emailAddress=rickert@cs.niu.edu - Validity - Not Before: May 12 00:40:50 2000 GMT - Not After : May 20 00:40:50 2010 GMT - Subject: C=US, ST=Illinois, L=De Kalb, O=Northern Illinois University, OU=Computer Science, CN=Neil Rickert/emailAddress=rickert@cs.niu.edu - Subject Public Key Info: - Public Key Algorithm: rsaEncryption - RSA Public Key: (1024 bit) - Modulus (1024 bit): - 00:b1:1b:49:06:ef:3f:44:e0:93:ad:8c:a7:f7:21: - 7c:87:cb:da:35:f6:4b:a2:fd:8a:a0:07:5b:cc:6a: - 9b:89:33:fc:24:f5:b1:24:59:5a:25:50:fd:16:d7: - d4:bc:c7:04:1d:df:90:9b:5e:c3:a8:e9:8b:7d:a3: - 5d:9a:e9:7f:e5:2b:ea:15:a7:ad:ba:58:26:0a:11: - 49:4f:da:9a:67:7f:b0:a6:66:f4:27:b6:61:4e:3c: - c8:3e:a0:2f:6a:b4:0e:15:d6:39:f8:92:60:85:df: - a6:34:f3:fa:a4:a5:e4:47:49:e7:87:a4:a5:5c:8e: - 6a:2f:13:76:5f:29:f3:64:73 - Exponent: 65537 (0x10001) - X509v3 extensions: - X509v3 Subject Key Identifier: - B6:31:78:BB:7E:AA:4D:A1:5D:FD:A2:24:18:C6:90:5A:2D:2F:19:48 - X509v3 Authority Key Identifier: - keyid:B6:31:78:BB:7E:AA:4D:A1:5D:FD:A2:24:18:C6:90:5A:2D:2F:19:48 - DirName:/C=US/ST=Illinois/L=De Kalb/O=Northern Illinois University/OU=Computer Science/CN=Neil Rickert/emailAddress=rickert@cs.niu.edu - serial:00 - - X509v3 Basic Constraints: - CA:TRUE - Signature Algorithm: md5WithRSAEncryption - 60:69:23:65:97:51:5c:06:a4:42:cb:00:e7:9a:dc:39:70:c3: - d3:5d:bf:0f:e0:04:54:4d:d9:dc:12:57:12:6c:67:fd:5b:b0: - 39:63:ea:c4:12:65:51:bb:3d:f1:f7:25:b4:cd:0b:f6:5b:7a: - 61:25:ad:06:0a:01:55:dc:71:05:29:0d:73:e9:30:51:be:d3: - e1:b2:89:fc:0f:28:f7:06:75:96:1b:34:75:e0:07:e5:3b:b3: - 0b:28:24:e5:79:ea:55:39:e7:d2:ee:ec:63:b4:e4:c6:ee:cb: - 15:d0:c8:eb:3b:4f:36:10:a4:6a:c0:6b:03:e8:29:72:c7:a7: - 10:00 ------BEGIN CERTIFICATE----- -MIID5TCCA06gAwIBAgIBADANBgkqhkiG9w0BAQQFADCBrjELMAkGA1UEBhMCVVMx -ETAPBgNVBAgTCElsbGlub2lzMRAwDgYDVQQHEwdEZSBLYWxiMSUwIwYDVQQKExxO -b3J0aGVybiBJbGxpbm9pcyBVbml2ZXJzaXR5MRkwFwYDVQQLExBDb21wdXRlciBT -Y2llbmNlMRUwEwYDVQQDEwxOZWlsIFJpY2tlcnQxITAfBgkqhkiG9w0BCQEWEnJp -Y2tlcnRAY3Mubml1LmVkdTAeFw0wMDA1MTIwMDQwNTBaFw0xMDA1MjAwMDQwNTBa -MIGuMQswCQYDVQQGEwJVUzERMA8GA1UECBMISWxsaW5vaXMxEDAOBgNVBAcTB0Rl -IEthbGIxJTAjBgNVBAoTHE5vcnRoZXJuIElsbGlub2lzIFVuaXZlcnNpdHkxGTAX -BgNVBAsTEENvbXB1dGVyIFNjaWVuY2UxFTATBgNVBAMTDE5laWwgUmlja2VydDEh -MB8GCSqGSIb3DQEJARYScmlja2VydEBjcy5uaXUuZWR1MIGfMA0GCSqGSIb3DQEB -AQUAA4GNADCBiQKBgQCxG0kG7z9E4JOtjKf3IXyHy9o19kui/YqgB1vMapuJM/wk -9bEkWVolUP0W19S8xwQd35CbXsOo6Yt9o12a6X/lK+oVp626WCYKEUlP2ppnf7Cm -ZvQntmFOPMg+oC9qtA4V1jn4kmCF36Y08/qkpeRHSeeHpKVcjmovE3ZfKfNkcwID -AQABo4IBDzCCAQswHQYDVR0OBBYEFLYxeLt+qk2hXf2iJBjGkFotLxlIMIHbBgNV -HSMEgdMwgdCAFLYxeLt+qk2hXf2iJBjGkFotLxlIoYG0pIGxMIGuMQswCQYDVQQG -EwJVUzERMA8GA1UECBMISWxsaW5vaXMxEDAOBgNVBAcTB0RlIEthbGIxJTAjBgNV -BAoTHE5vcnRoZXJuIElsbGlub2lzIFVuaXZlcnNpdHkxGTAXBgNVBAsTEENvbXB1 -dGVyIFNjaWVuY2UxFTATBgNVBAMTDE5laWwgUmlja2VydDEhMB8GCSqGSIb3DQEJ -ARYScmlja2VydEBjcy5uaXUuZWR1ggEAMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcN -AQEEBQADgYEAYGkjZZdRXAakQssA55rcOXDD012/D+AEVE3Z3BJXEmxn/VuwOWPq -xBJlUbs98fcltM0L9lt6YSWtBgoBVdxxBSkNc+kwUb7T4bKJ/A8o9wZ1lhs0deAH -5TuzCygk5XnqVTnn0u7sY7Tkxu7LFdDI6ztPNhCkasBrA+gpcsenEAA= ------END CERTIFICATE----- - -Certificate: - Data: - Version: 3 (0x2) Serial Number: - fa:7c:2c:80:29:3f:c2:64 + c2:3c:61:67:3b:0a:cc:5e Signature Algorithm: md5WithRSAEncryption - Issuer: C=US, ST=California, L=Berkeley, O=Endmail Org, OU=MTA, CN=Claus Assmann CA RSA 2007/emailAddress=ca+ca-rsa2007@esmtp.org + Issuer: C=US, ST=California, L=Berkeley, O=Endmail Org, OU=MTA, CN=Claus Assmann CA RSA 2009/emailAddress=ca+ca-rsa2009@esmtp.org Validity - Not Before: May 4 02:07:56 2007 GMT - Not After : May 3 02:07:56 2010 GMT - Subject: C=US, ST=California, L=Berkeley, O=Endmail Org, OU=MTA, CN=Claus Assmann CA RSA 2007/emailAddress=ca+ca-rsa2007@esmtp.org + Not Before: May 14 04:42:18 2009 GMT + Not After : May 13 04:42:18 2012 GMT + Subject: C=US, ST=California, L=Berkeley, O=Endmail Org, OU=MTA, CN=Claus Assmann CA RSA 2009/emailAddress=ca+ca-rsa2009@esmtp.org Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public Key: (2048 bit) Modulus (2048 bit): - 00:b0:28:91:31:af:82:ce:72:ef:36:ab:7d:e9:b1: - f5:77:66:38:4b:38:1f:5f:3d:12:d3:c8:fd:9a:f4: - d4:f6:b8:90:f9:26:5f:29:f7:43:f9:34:ec:65:62: - 01:bb:64:f1:5d:ea:75:04:3d:92:65:60:a2:06:62: - fa:88:ca:d8:20:50:c8:1e:38:53:b5:18:dd:b7:bd: - c7:08:35:4c:d9:dc:c6:97:56:37:b6:65:33:74:5a: - b2:c3:85:08:2b:b7:26:70:ff:38:02:1a:67:6a:d0: - 49:18:10:4b:f8:db:af:06:9c:b1:a8:82:a1:b1:75: - d2:52:9b:53:0c:ca:a7:e3:15:38:79:6d:a1:f5:ef: - 7c:8b:fd:bd:04:78:f9:e8:1e:b9:92:ea:74:d7:45: - 1e:4c:c8:bd:f4:5c:fc:1a:7f:e7:31:c6:ab:cb:78: - c7:4d:2f:b5:72:10:35:27:4a:1a:fa:53:19:f8:a7: - 59:63:eb:e9:15:ab:dc:71:69:8c:42:1c:96:4e:89: - 80:66:c9:9e:21:d5:3d:08:19:74:a5:f5:07:a0:ae: - de:79:af:fd:42:c2:79:7e:8c:f8:39:22:3b:c3:c4: - 58:3b:d0:0d:e6:a9:11:b6:a2:cd:2e:e5:16:66:fd: - 7e:65:33:94:b0:36:80:27:f5:80:76:a9:e5:df:f2: - cf:ef + 00:d5:f8:d3:48:38:75:df:2e:6b:8b:c4:8d:1d:41: + 5e:ad:4b:96:3d:48:c2:dc:e5:ff:61:98:95:32:03: + e9:b6:71:5a:68:31:bc:e1:5c:aa:0e:70:a7:bc:51: + b7:13:6a:78:54:ae:a6:d0:44:49:1b:5e:37:5b:59: + 20:01:47:a7:ec:41:4c:11:79:8c:25:c1:1b:c0:ed: + 85:b2:de:0f:10:9f:e7:b2:a3:c4:f1:fc:85:51:aa: + d6:68:49:51:3e:04:e1:eb:e9:cd:87:1b:d0:9d:97: + 7b:4c:e1:1e:b1:6a:be:01:0a:a9:97:9a:50:89:e3: + 66:06:4c:07:cb:7e:99:70:13:e8:b4:9c:e7:e6:52: + 38:c0:64:90:42:d0:f5:cf:22:46:22:60:e9:34:70: + 1d:e3:d1:13:33:3a:31:ba:13:06:a8:c2:34:90:47: + c5:a1:bd:2d:7d:98:21:70:de:22:d0:13:11:e5:08: + dd:a0:77:0b:df:34:a7:07:55:de:5a:71:f6:6c:9e: + ec:f7:45:75:1f:22:a9:84:06:c6:4f:84:3d:4e:05: + d7:e4:e5:98:41:61:7b:8e:c9:3b:a6:ed:31:80:7d: + fd:fa:f0:dc:b7:07:82:b8:ec:27:20:39:5f:78:95: + f1:0d:93:8d:f9:4d:21:08:fd:72:89:01:ff:2c:a0: + 71:9d Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Subject Key Identifier: - B2:49:6B:52:45:EE:90:36:D2:79:47:03:33:D9:A0:BA:80:50:DA:1C + A7:61:FA:31:AF:A8:E2:5E:93:B6:84:9E:74:08:A2:76:50:87:69:7C X509v3 Authority Key Identifier: - keyid:B2:49:6B:52:45:EE:90:36:D2:79:47:03:33:D9:A0:BA:80:50:DA:1C - DirName:/C=US/ST=California/L=Berkeley/O=Endmail Org/OU=MTA/CN=Claus Assmann CA RSA 2007/emailAddress=ca+ca-rsa2007@esmtp.org - serial:FA:7C:2C:80:29:3F:C2:64 + keyid:A7:61:FA:31:AF:A8:E2:5E:93:B6:84:9E:74:08:A2:76:50:87:69:7C + DirName:/C=US/ST=California/L=Berkeley/O=Endmail Org/OU=MTA/CN=Claus Assmann CA RSA 2009/emailAddress=ca+ca-rsa2009@esmtp.org + serial:C2:3C:61:67:3B:0A:CC:5E X509v3 Basic Constraints: - CA:TRUE + CA:TRUE X509v3 Subject Alternative Name: - email:ca+ca-rsa2007@esmtp.org + email:ca+ca-rsa2009@esmtp.org X509v3 Issuer Alternative Name: - email:ca+ca-rsa2007@esmtp.org + email:ca+ca-rsa2009@esmtp.org Signature Algorithm: md5WithRSAEncryption - 98:98:7c:d3:d0:5b:72:47:15:e6:22:68:bb:78:0e:78:66:e9: - 56:16:d8:bc:9d:5a:dc:27:29:fb:91:2d:6a:21:35:18:56:b4: - 4f:2a:09:c0:08:6f:9a:59:2b:2e:72:9a:fb:50:ba:c7:a9:91: - a0:f9:6c:be:cf:78:42:43:02:70:53:97:ba:6a:e3:da:17:e8: - 1f:c7:3a:5b:e7:bc:eb:e5:24:4c:f5:cf:61:34:1e:20:ed:17: - 63:ef:81:d3:9e:25:fe:cc:05:19:cc:8a:82:c9:4c:3a:b5:6b: - 49:51:76:46:02:aa:60:bb:c4:b9:61:48:33:da:79:8d:46:a3: - 06:20:98:f3:b2:db:3b:ad:c9:1d:0e:97:3d:b7:14:19:d3:7d: - 04:8b:6a:81:e0:11:5b:e1:35:a3:ff:2f:11:86:1c:31:85:7a: - fd:3f:36:ef:99:25:46:2e:b0:cb:43:45:4a:ec:be:d3:3f:a4: - 77:9b:79:cc:ce:92:63:a5:d9:ed:db:a0:9d:5d:7c:d7:80:f6: - c9:41:fb:02:96:8e:fd:f3:da:05:9d:81:a7:25:da:26:35:3b: - a9:0c:8c:f5:a7:5d:48:ec:87:c7:7a:60:51:76:f2:de:9b:14: - 2b:55:8a:43:df:99:19:f3:eb:e7:03:e6:a7:a2:a2:28:dd:d5: - 07:6a:3f:f7 + b3:38:e0:da:a8:07:d8:cc:b8:4d:8c:20:a6:06:2c:f8:27:db: + 8e:28:0f:39:bd:d9:24:c7:9f:e0:4d:d6:b6:63:42:36:0f:d8: + 70:41:e7:9e:a2:24:64:05:ea:85:97:ac:f2:cc:c2:a6:71:bb: + 30:21:c1:c7:c4:54:34:1d:30:09:f0:9b:74:27:93:59:12:4c: + 53:0b:8c:3e:d0:39:ed:4a:d0:d9:66:24:d8:e7:e5:9c:a8:6d: + 5f:56:5d:9a:91:fe:1b:7d:b9:7c:79:9e:1c:b9:71:74:14:f8: + 0c:30:50:f9:b1:22:56:a8:4d:6f:4b:9b:e5:8a:81:33:1b:77: + 75:f6:d8:ce:d4:90:34:86:34:d1:86:75:a9:e1:23:e6:af:c1: + 8e:28:97:47:20:4d:1b:57:09:39:f4:56:01:d2:87:43:3e:29: + f6:c4:5b:7d:8f:9e:bd:ad:36:79:cf:09:70:43:30:21:98:23: + 31:c8:0d:39:ee:77:e1:4a:44:1a:5c:79:2f:6c:ec:8a:3c:db: + 99:a0:11:bc:1a:46:24:51:e7:75:d6:9a:db:ad:dd:55:d4:dd: + ca:81:a0:10:77:96:91:9c:76:30:38:18:f0:82:43:b3:7c:41: + 64:4c:4e:da:66:22:67:cf:b7:d7:10:ba:ed:f4:6d:43:59:00: + d0:82:1e:07 -----BEGIN CERTIFICATE----- -MIIFJzCCBA+gAwIBAgIJAPp8LIApP8JkMA0GCSqGSIb3DQEBBAUAMIGlMQswCQYD +MIIFJzCCBA+gAwIBAgIJAMI8YWc7CsxeMA0GCSqGSIb3DQEBBAUAMIGlMQswCQYD VQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTERMA8GA1UEBxMIQmVya2VsZXkx FDASBgNVBAoTC0VuZG1haWwgT3JnMQwwCgYDVQQLEwNNVEExIjAgBgNVBAMTGUNs -YXVzIEFzc21hbm4gQ0EgUlNBIDIwMDcxJjAkBgkqhkiG9w0BCQEWF2NhK2NhLXJz -YTIwMDdAZXNtdHAub3JnMB4XDTA3MDUwNDAyMDc1NloXDTEwMDUwMzAyMDc1Nlow +YXVzIEFzc21hbm4gQ0EgUlNBIDIwMDkxJjAkBgkqhkiG9w0BCQEWF2NhK2NhLXJz +YTIwMDlAZXNtdHAub3JnMB4XDTA5MDUxNDA0NDIxOFoXDTEyMDUxMzA0NDIxOFow gaUxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMREwDwYDVQQHEwhC ZXJrZWxleTEUMBIGA1UEChMLRW5kbWFpbCBPcmcxDDAKBgNVBAsTA01UQTEiMCAG -A1UEAxMZQ2xhdXMgQXNzbWFubiBDQSBSU0EgMjAwNzEmMCQGCSqGSIb3DQEJARYX -Y2ErY2EtcnNhMjAwN0Blc210cC5vcmcwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw -ggEKAoIBAQCwKJExr4LOcu82q33psfV3ZjhLOB9fPRLTyP2a9NT2uJD5Jl8p90P5 -NOxlYgG7ZPFd6nUEPZJlYKIGYvqIytggUMgeOFO1GN23vccINUzZ3MaXVje2ZTN0 -WrLDhQgrtyZw/zgCGmdq0EkYEEv4268GnLGogqGxddJSm1MMyqfjFTh5baH173yL -/b0EePnoHrmS6nTXRR5MyL30XPwaf+cxxqvLeMdNL7VyEDUnShr6Uxn4p1lj6+kV -q9xxaYxCHJZOiYBmyZ4h1T0IGXSl9Qegrt55r/1Cwnl+jPg5IjvDxFg70A3mqRG2 -os0u5RZm/X5lM5SwNoAn9YB2qeXf8s/vAgMBAAGjggFWMIIBUjAdBgNVHQ4EFgQU -sklrUkXukDbSeUcDM9mguoBQ2hwwgdoGA1UdIwSB0jCBz4AUsklrUkXukDbSeUcD -M9mguoBQ2hyhgaukgagwgaUxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9y +A1UEAxMZQ2xhdXMgQXNzbWFubiBDQSBSU0EgMjAwOTEmMCQGCSqGSIb3DQEJARYX +Y2ErY2EtcnNhMjAwOUBlc210cC5vcmcwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw +ggEKAoIBAQDV+NNIOHXfLmuLxI0dQV6tS5Y9SMLc5f9hmJUyA+m2cVpoMbzhXKoO +cKe8UbcTanhUrqbQREkbXjdbWSABR6fsQUwReYwlwRvA7YWy3g8Qn+eyo8Tx/IVR +qtZoSVE+BOHr6c2HG9Cdl3tM4R6xar4BCqmXmlCJ42YGTAfLfplwE+i0nOfmUjjA +ZJBC0PXPIkYiYOk0cB3j0RMzOjG6EwaowjSQR8WhvS19mCFw3iLQExHlCN2gdwvf +NKcHVd5acfZsnuz3RXUfIqmEBsZPhD1OBdfk5ZhBYXuOyTum7TGAff368Ny3B4K4 +7CcgOV94lfENk435TSEI/XKJAf8soHGdAgMBAAGjggFWMIIBUjAdBgNVHQ4EFgQU +p2H6Ma+o4l6TtoSedAiidlCHaXwwgdoGA1UdIwSB0jCBz4AUp2H6Ma+o4l6TtoSe +dAiidlCHaXyhgaukgagwgaUxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9y bmlhMREwDwYDVQQHEwhCZXJrZWxleTEUMBIGA1UEChMLRW5kbWFpbCBPcmcxDDAK -BgNVBAsTA01UQTEiMCAGA1UEAxMZQ2xhdXMgQXNzbWFubiBDQSBSU0EgMjAwNzEm -MCQGCSqGSIb3DQEJARYXY2ErY2EtcnNhMjAwN0Blc210cC5vcmeCCQD6fCyAKT/C -ZDAMBgNVHRMEBTADAQH/MCIGA1UdEQQbMBmBF2NhK2NhLXJzYTIwMDdAZXNtdHAu -b3JnMCIGA1UdEgQbMBmBF2NhK2NhLXJzYTIwMDdAZXNtdHAub3JnMA0GCSqGSIb3 -DQEBBAUAA4IBAQCYmHzT0FtyRxXmImi7eA54ZulWFti8nVrcJyn7kS1qITUYVrRP -KgnACG+aWSsucpr7ULrHqZGg+Wy+z3hCQwJwU5e6auPaF+gfxzpb57zr5SRM9c9h -NB4g7Rdj74HTniX+zAUZzIqCyUw6tWtJUXZGAqpgu8S5YUgz2nmNRqMGIJjzsts7 -rckdDpc9txQZ030Ei2qB4BFb4TWj/y8RhhwxhXr9PzbvmSVGLrDLQ0VK7L7TP6R3 -m3nMzpJjpdnt26CdXXzXgPbJQfsClo7989oFnYGnJdomNTupDIz1p11I7IfHemBR -dvLemxQrVYpD35kZ8+vnA+anoqIo3dUHaj/3 +BgNVBAsTA01UQTEiMCAGA1UEAxMZQ2xhdXMgQXNzbWFubiBDQSBSU0EgMjAwOTEm +MCQGCSqGSIb3DQEJARYXY2ErY2EtcnNhMjAwOUBlc210cC5vcmeCCQDCPGFnOwrM +XjAMBgNVHRMEBTADAQH/MCIGA1UdEQQbMBmBF2NhK2NhLXJzYTIwMDlAZXNtdHAu +b3JnMCIGA1UdEgQbMBmBF2NhK2NhLXJzYTIwMDlAZXNtdHAub3JnMA0GCSqGSIb3 +DQEBBAUAA4IBAQCzOODaqAfYzLhNjCCmBiz4J9uOKA85vdkkx5/gTda2Y0I2D9hw +QeeeoiRkBeqFl6zyzMKmcbswIcHHxFQ0HTAJ8Jt0J5NZEkxTC4w+0DntStDZZiTY +5+WcqG1fVl2akf4bfbl8eZ4cuXF0FPgMMFD5sSJWqE1vS5vlioEzG3d19tjO1JA0 +hjTRhnWp4SPmr8GOKJdHIE0bVwk59FYB0odDPin2xFt9j569rTZ5zwlwQzAhmCMx +yA057nfhSkQaXHkvbOyKPNuZoBG8GkYkUed11prbrd1V1N3KgaAQd5aRnHYwOBjw +gkOzfEFkTE7aZiJnz7fXELrt9G1DWQDQgh4H -----END CERTIFICATE----- diff --git a/gnu/usr.sbin/sendmail/KNOWNBUGS b/gnu/usr.sbin/sendmail/KNOWNBUGS index 198ec2476bd..ce396875d0e 100644 --- a/gnu/usr.sbin/sendmail/KNOWNBUGS +++ b/gnu/usr.sbin/sendmail/KNOWNBUGS @@ -12,6 +12,14 @@ distribution). This list is not guaranteed to be complete. +* Header values which are too long may be truncated. + + If a value of a structured header is longer than 256 (MAXNAME) + characters then it may be truncated during output. For example, + if a single address in the To: header is longer than 256 characters + then it will be truncated which may result in a syntactically + invalid address. + * Delivery to programs that generate too much output may cause problems If e-mail is delivered to a program which generates too much @@ -258,4 +266,4 @@ Kresolve sequence dnsmx canon be used if set instead of LOCAL_RELAY ($R). This will be fixed in a future version. -$Revision: 1.12 $, Last updated $Date: 2008/05/04 18:34:04 $ +$Revision: 1.13 $, Last updated $Date: 2011/05/17 15:54:23 $ diff --git a/gnu/usr.sbin/sendmail/LICENSE b/gnu/usr.sbin/sendmail/LICENSE index c1f56fedc0c..b0e2c0ed84b 100644 --- a/gnu/usr.sbin/sendmail/LICENSE +++ b/gnu/usr.sbin/sendmail/LICENSE @@ -1,8 +1,9 @@ SENDMAIL LICENSE -The following license terms and conditions apply, unless a different -license is obtained from Sendmail, Inc., 6425 Christie Ave, Fourth Floor, -Emeryville, CA 94608, USA, or by electronic mail at license@sendmail.com. +The following license terms and conditions apply, unless a redistribution +agreement or other license is obtained from Sendmail, Inc., 6475 Christie +Ave, Third Floor, Emeryville, CA 94608, USA, or by electronic mail at +license@sendmail.com. License Terms: @@ -22,10 +23,11 @@ each of the following conditions is met: must allow further use, modification, and redistribution of the Source Code under substantially the same terms as this license. For the purposes of redistribution "Source Code" means the complete compilable - and linkable source code of sendmail including all modifications. + and linkable source code of sendmail and associated libraries and + utilities in the sendmail distribution including all modifications. -2. Redistributions of source code must retain the copyright notices as they - appear in each source code file, these license terms, and the +2. Redistributions of Source Code must retain the copyright notices as they + appear in each Source Code file, these license terms, and the disclaimer/limitation of liability set forth as paragraph 6 below. 3. Redistributions in binary form must reproduce the Copyright Notice, @@ -33,16 +35,16 @@ each of the following conditions is met: forth as paragraph 6 below, in the documentation and/or other materials provided with the distribution. For the purposes of binary distribution the "Copyright Notice" refers to the following language: - "Copyright (c) 1998-2004 Sendmail, Inc. All rights reserved." + "Copyright (c) 1998-2010 Sendmail, Inc. All rights reserved." 4. Neither the name of Sendmail, Inc. nor the University of California nor - the names of their contributors may be used to endorse or promote + names of their contributors may be used to endorse or promote products derived from this software without specific prior written permission. The name "sendmail" is a trademark of Sendmail, Inc. 5. All redistributions must comply with the conditions imposed by the - University of California on certain embedded code, whose copyright - notice and conditions for redistribution are as follows: + University of California on certain embedded code, which copyright + Notice and conditions for redistribution are as follows: (a) Copyright (c) 1988, 1993 The Regents of the University of California. All rights reserved. @@ -76,4 +78,4 @@ each of the following conditions is met: (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. -$Revision: 1.8 $, Last updated $Date: 2004/06/24 03:59:23 $ +$Revision: 1.9 $, Last updated $Date: 2011/05/17 15:54:23 $, Document 139848.1 diff --git a/gnu/usr.sbin/sendmail/README b/gnu/usr.sbin/sendmail/README index 8609e12be72..3b40e3e5f61 100644 --- a/gnu/usr.sbin/sendmail/README +++ b/gnu/usr.sbin/sendmail/README @@ -38,6 +38,7 @@ the latest updates. 4. Read cf/README. Sendmail is a trademark of Sendmail, Inc. +US Patent Numbers 6865671, 6986037. +-----------------------+ | DIRECTORY PERMISSIONS | @@ -464,4 +465,4 @@ sendmail Source for the sendmail program itself. test Some test scripts (currently only for compilation aids). vacation Source for the vacation program. NOT PART OF SENDMAIL! -$Revision: 1.11 $, Last updated $Date: 2008/05/04 18:34:04 $ +$Revision: 1.12 $, Last updated $Date: 2011/05/17 15:54:23 $ diff --git a/gnu/usr.sbin/sendmail/RELEASE_NOTES b/gnu/usr.sbin/sendmail/RELEASE_NOTES index 30df00b5c06..fbbf4ca7b86 100644 --- a/gnu/usr.sbin/sendmail/RELEASE_NOTES +++ b/gnu/usr.sbin/sendmail/RELEASE_NOTES @@ -1,11 +1,160 @@ SENDMAIL RELEASE NOTES - $Sendmail: RELEASE_NOTES,v 8.1926 2008/05/03 03:34:26 ca Exp $ + $Sendmail: RELEASE_NOTES,v 8.1991 2011/05/15 04:28:16 ca Exp $ This listing shows the version of the sendmail binary, the version of the sendmail configuration files, the date of release, and a summary of the changes in that release. +8.14.5/8.14.5 2011/05/17 + Do not cache SMTP extensions across connections as the cache + is based on hostname which may not be a unique identifier + for a server, i.e., different machines may have the + same hostname but provide different SMTP extensions. + Problem noted by Jim Hermann. + Avoid an out-of-bounds access in case a resolver reply for a DNS + map lookup returns a size larger than 1K. Based on a + patch from Dr. Werner Fink of SuSE. + If a job is aborted using the interrupt signal (e.g., control-C from + the keyboard), perform minimal cleanup to avoid invoking + functions that are not signal-safe. Note: in previous + versions the mail might have been queued up already + and would be delivered subsequently, now an interrupt + will always remove the queue files and thus prevent + delivery. + Per RFC 6176, when operating as a TLS client, do not offer SSLv2. + Since TLS session resumption is never used as a client, disable + use of RFC 4507-style session tickets. + Work around gcc4 versions which reverse 25 years of history and + no longer align char buffers on the stack, breaking calls + to resolver functions on strict alignment platforms. + Found by Stuart Henderson of OpenBSD. + Read at most two AUTH lines from a server greeting (up to two + lines are read because servers may use "AUTH mechs" and + "AUTH=mechs"). Otherwise a malicious server may exhaust + the memory of the client. Bug report by Nils of MWR + InfoSecurity. + Avoid triggering an assertion in the OpenLDAP code when the + connection to an LDAP server is lost while making a query. + Problem noted and patch provided by Andy Fiddaman. + If ConnectOnlyTo is set and sendmail is compiled with NETINET6 + it would try to use an IPv6 address if an IPv4 (or + unparseable) address is specified. + If SASLv2 is used, make sure that the macro {auth_authen} is + stored in xtext format to avoid problems with parsing + it. Problem noted by Christophe Wolfhugel. + CONFIG: FEATURE(`ldap_routing') in 8.14.4 tried to add a missing + -T<TMPF> that is required, but failed for some cases + that did not use LDAP. This change has been undone + until a better solution can be implemented. Problem + found by Andy Fiddaman. + CONFIG: Add cf/ostype/solaris11.m4 for Solaris11 support. + Contributed by Casper Dik of Oracle. + CONTRIB: qtool.pl: Deal with H entries that do not have a + letter between the question marks. Patch from + Stefan Christensen. + DOC: Use a better description for the -i option in sendmail. + Patch from Mitchell Berger. + Portability: + Add support for Darwin 10.x (Mac OS X 10.6). + Enable HAVE_NANOSLEEP for FreeBSD 3 and later. Patch + from John Marshall. + Enable HAVE_NANOSLEEP for OpenBSD 4.3 and later. + Use new directory "/system/volatile" for PidFile on + Solaris 11. Patch from Casper Dik of Oracle. + Fix compilation on Solaris 11 (and maybe some other + OSs) when using OpenSSL 1.0. Based on patch from + Jan Pechanec of Oracle. + Set SOCKADDR_LEN_T and SOCKOPT_LEN_T to socklen_t + for Solaris 11. Patch from Roger Faulkner of Oracle. + New Files: + cf/ostype/solaris11.m4 + +8.14.4/8.14.4 2009/12/30 + SECURITY: Handle bogus certificates containing NUL characters + in CNs by placing a string indicating a bad certificate + in the {cn_subject} or {cn_issuer} macro. Patch inspired + by Matthias Andree's changes for fetchmail. + During the generation of a queue identifier an integer overflow + could occur which might result in bogus characters + being used. Based on patch from John Vannoy of + Pepperdine University. + The value of headers, e.g., Precedence, Content-Type, et.al., + was not processed correctly. Patch from Per Hedeland. + Between 8.11.7 and 8.12.0 the length limitation on a return + path was erroneously reduced from MAXNAME (256) to + MAXSHORTSTR (203). Patch from John Gardiner Myers + of Proofpoint; the problem was also noted by Steve + Hubert of University of Washington. + Prevent a crash when a hostname lookup returns a seemingly + valid result which contains a NULL pointer (this seems + to be happening on some Linux versions). + The process title was missing the current load average when + the MTA was delaying connections due to DelayLA. + Patch from Dick St.Peters of NetHeaven. + Do not reset the number of queue entries in shared memory if + only some of them are processed. + Fix overflow of an internal array when parsing some replies + from a milter. Problem found by Scott Rotondo + of Sun Microsystems. + If STARTTLS is turned off in the server (via M=S) then it + would not be initialized for use in the client either. + Patch from Kazuteru Okahashi of IIJ. + If a Diffie-Hellman cipher is selected for STARTTLS, the + handshake could fail with some TLS implementations + because the prime used by the server is not long enough. + Note: the initialization of the DSA/DH parameters for + the server can take a significant amount of time on slow + machines. This can be turned off by setting DHParameters + to none or a file (see doc/op/op.me). Patch from + Petr Lampa of the Brno University of Technology. + Fix handling of `b' modifier for DaemonPortOptions on little + endian machines for loopback address. Patch from + John Beck of Sun Microsystems. + Fix a potential memory leak in libsmdb/smdb1.c found by parfait. + Based on patch from Jonathan Gray of OpenBSD. + If a milter sets the reply code to "421" during the transfer + of the body, the SMTP server will terminate the SMTP session + with that error to match the behavior of the other callbacks. + Return EX_IOERR (instead of 0) if a mail submission fails due to + missing disk space in the mail queue. Based on patch + from Martin Poole of RedHat. + CONFIG: Using FEATURE(`ldap_routing')'s `nodomain' argument would + cause addresses not found in LDAP to be misparsed. + CONFIG: Using a CN restriction did not work for TLS_Clt as it + referred to a wrong macro. Patch from John Gardiner + Myers of Proofpoint. + CONFIG: The option relaytofulladdress of FEATURE(`access_db') + did not work if FEATURE(`relay_hosts_only') is used too. + Problem noted by Kristian Shaw. + CONFIG: The internal function lower() was broken and hence + strcasecmp() did not work either, which could cause + problems for some FEATURE()s if upper case arguments + were used. Patch from Vesa-Matti J Kari of the + University of Helsinki. + LIBMILTER: Fix internal check whether a milter application + is compiled against the same version of libmilter as + it is linked against (especially useful for dynamic + libraries). + LIBMILTER: Fix memory leak that occurred when smfi_setsymlist() + was used. Based on patch by Dan Lukes. + LIBMILTER: Document the effect of SMFIP_HDR_LEADSPC for filters + which add, insert, or replace headers. From Benjamin + Pineau. + LIBMILTER: Fix error messages which refer to "select()" to be + correct if SM_CONF_POLL is used. Based on patch from + John Nemeth. + LIBSM: Fix handling of LDAP search failures where the error is + carried in the search result itself, such as seen with + OpenLDAP proxy servers. + VACATION: Do not refer to a local variable outside its scope. + Based on patch from Mark Costlow of Southwest Cyberport. + Portability: + Enable HAVE_NANOSLEEP for SunOS 5.11. Patch from + John Beck of Sun Microsystems. + Drop NISPLUS from default SunOS 5.11 map definitions. + Patch from John Beck of Sun Microsystems. + 8.14.3/8.14.3 2008/05/03 During ruleset processing the generation of a key for a map lookup and the parsing of the default value was broken @@ -37,7 +186,7 @@ summary of the changes in that release. Support shared libraries in Darwin 8 and 9. Patch from Chris Behrens of Concentric. Add support for SCO OpenServer 6, patch from Boyd Gerber. - DEVTOOLS: Clarify that confSHAREDLIBDIR requires a trailing path. + DEVTOOLS: Clarify that confSHAREDLIBDIR requires a trailing slash. Added Files: devtools/OS/Darwin.9.x devtools/OS/OSR.i386 diff --git a/gnu/usr.sbin/sendmail/cf/README b/gnu/usr.sbin/sendmail/cf/README index f03d9d5cd5a..46b4d1da046 100644 --- a/gnu/usr.sbin/sendmail/cf/README +++ b/gnu/usr.sbin/sendmail/cf/README @@ -3142,7 +3142,7 @@ starts with '+' and the items are separated by '++'. Allowed extensions are: CN:name name must match ${cn_subject} -CN ${server_name} must match ${cn_subject} +CN ${client_name}/${server_name} must match ${cn_subject} CS:name name must match ${cert_subject} CI:name name must match ${cert_issuer} @@ -4701,4 +4701,4 @@ M4 DIVERSIONS 8 DNS based blacklists 9 special local rulesets (1 and 2) -$Revision: 1.28 $, Last updated $Date: 2008/05/04 18:34:04 $ +$Revision: 1.29 $, Last updated $Date: 2011/05/17 15:54:23 $ diff --git a/gnu/usr.sbin/sendmail/cf/feature/ldap_routing.m4 b/gnu/usr.sbin/sendmail/cf/feature/ldap_routing.m4 index 23dc343d61f..2351bde2628 100644 --- a/gnu/usr.sbin/sendmail/cf/feature/ldap_routing.m4 +++ b/gnu/usr.sbin/sendmail/cf/feature/ldap_routing.m4 @@ -10,7 +10,7 @@ divert(-1) # divert(0) -VERSIONID(`$Sendmail: ldap_routing.m4,v 8.15 2007/05/01 17:38:25 ca Exp $') +VERSIONID(`$Sendmail: ldap_routing.m4,v 8.18 2010/01/05 00:57:27 ca Exp $') divert(-1) # Check first two arguments. If they aren't set, may need to warn in proto.m4 diff --git a/gnu/usr.sbin/sendmail/cf/m4/cfhead.m4 b/gnu/usr.sbin/sendmail/cf/m4/cfhead.m4 index e35178bfd4d..c7670493a03 100644 --- a/gnu/usr.sbin/sendmail/cf/m4/cfhead.m4 +++ b/gnu/usr.sbin/sendmail/cf/m4/cfhead.m4 @@ -1,5 +1,5 @@ # -# Copyright (c) 1998-2004 Sendmail, Inc. and its suppliers. +# Copyright (c) 1998-2004, 2009, 2010 Sendmail, Inc. and its suppliers. # All rights reserved. # Copyright (c) 1983, 1995 Eric P. Allman. All rights reserved. # Copyright (c) 1988, 1993 @@ -48,7 +48,7 @@ define(`OSTYPE', define(`_ARG_', $2) include(_CF_DIR_`'ostype/$1.m4)POPDIVERT`'') ## helpful functions -define(`lower', `translit(`$1', `ABCDEFGHIJKLMNOPQRSTUVWXYZ', `abcdefghijklmnopqrstuvwx')') +define(`lower', `translit(`$1', `ABCDEFGHIJKLMNOPQRSTUVWXYZ', `abcdefghijklmnopqrstuvwxyz')') define(`strcasecmp', `ifelse(lower($1), lower($2), `1', `0')') ## access to further arguments in FEATURE/HACK define(`_ACC_ARG_1_',`$1') @@ -188,6 +188,7 @@ SLocal_tls_server') define(`LOCAL_RULE_3', `divert(2)') define(`LOCAL_CONFIG', `divert(6)') define(`MAILER_DEFINITIONS', `divert(7)') +define(`LOCAL_DNSBL', `divert(8)') define(`LOCAL_NET_CONFIG', `define(`_LOCAL_RULES_', 1)divert(1)') define(`UUCPSMTP', `R DOL(*) < @ $1 .UUCP > DOL(*) DOL(1) < @ $2 > DOL(2)') define(`CONCAT', `$1$2$3$4$5$6$7') @@ -306,4 +307,4 @@ define(`confMILTER_MACROS_EOM', `{msg_id}') divert(0)dnl -VERSIONID(`$Sendmail: cfhead.m4,v 8.116 2004/01/28 22:02:22 ca Exp $') +VERSIONID(`$Sendmail: cfhead.m4,v 8.121 2010/01/07 18:20:19 ca Exp $') diff --git a/gnu/usr.sbin/sendmail/cf/m4/proto.m4 b/gnu/usr.sbin/sendmail/cf/m4/proto.m4 index 640b89f401d..12884694eec 100644 --- a/gnu/usr.sbin/sendmail/cf/m4/proto.m4 +++ b/gnu/usr.sbin/sendmail/cf/m4/proto.m4 @@ -1,6 +1,6 @@ divert(-1) # -# Copyright (c) 1998-2007 Sendmail, Inc. and its suppliers. +# Copyright (c) 1998-2010 Sendmail, Inc. and its suppliers. # All rights reserved. # Copyright (c) 1983, 1995 Eric P. Allman. All rights reserved. # Copyright (c) 1988, 1993 @@ -13,10 +13,10 @@ divert(-1) # divert(0) -VERSIONID(`$Sendmail: proto.m4,v 8.734 2008/01/24 23:42:01 ca Exp $') +VERSIONID(`$Sendmail: proto.m4,v 8.744 2010/11/23 20:29:47 guenther Exp $') # level CF_LEVEL config file format -V`'CF_LEVEL/ifdef(`VENDOR_NAME', `VENDOR_NAME', `Berkeley') +V`'CF_LEVEL`'ifdef(`NO_VENDOR',`', `/ifdef(`VENDOR_NAME', `VENDOR_NAME', `Berkeley')') divert(-1) dnl if MAILER(`local') not defined: do it ourself; be nice @@ -580,6 +580,7 @@ _OPTION(MaxRecipientsPerMessage, `confMAX_RCPTS_PER_MESSAGE', `0') # once the threshold number of recipients have been rejected _OPTION(BadRcptThrottle, `confBAD_RCPT_THROTTLE', `0') + # shall we get local names from our installed interfaces? _OPTION(DontProbeInterfaces, `confDONT_PROBE_INTERFACES', `False') @@ -640,6 +641,7 @@ _OPTION(AuthMaxBits, `confAUTH_MAX_BITS', `') # SMTP STARTTLS server options _OPTION(TLSSrvOptions, `confTLS_SRV_OPTIONS', `') + # Input mail filters _OPTION(InputMailFilters, `confINPUT_MAIL_FILTERS', `') @@ -1509,7 +1511,9 @@ ifdef(`_LDAP_ROUTE_DETAIL_', # try without +detail R<> <> <$+> <$+ + $* @ $+> <> $@ $>LDAPExpand <$1> <$2 @ $4> <+$3>')dnl -ifdef(`_LDAP_ROUTE_NODOMAIN_', `dnl', ` +ifdef(`_LDAP_ROUTE_NODOMAIN_', ` +# pretend we did the @domain lookup +R<> <> <$+> <$+ @ $+> <$*> $: <> <> <$1> <@ $3> <$4>', ` # if still no mailRoutingAddress and no mailHost, # try @domain ifelse(_LDAP_ROUTE_DETAIL_, `_PRESERVE_', `dnl @@ -1791,7 +1795,7 @@ ifdef(`_CONN_CONTROL_',`dnl ifdef(`_CONN_CONTROL_IMMEDIATE_',`',`dnl dnl workspace: ignored... R$* $: $>"ConnControl" dummy')', `dnl') -undivert(8) +undivert(8)dnl LOCAL_DNSBL ifdef(`_REQUIRE_RDNS_', `dnl R$* $: $&{client_addr} $| $&{client_resolve} R$=R $* $@ RELAY We relay for these @@ -2139,7 +2143,10 @@ R$+ < @ $=w > $@ RELAY ifdef(`_RELAY_HOSTS_ONLY_', `R$+ < @ $=R > $@ RELAY ifdef(`_ACCESS_TABLE_', `dnl -R$+ < @ $+ > $: <$(access To:$2 $: ? $)> <$1 < @ $2 >> +ifdef(`_RELAY_FULL_ADDR_', `dnl +R$+ < @ $+ > $: <$(access To:$1@$2 $: ? $)> <$1 < @ $2 >> +R<?> <$+ < @ $+ >> $: <$(access To:$2 $: ? $)> <$1 < @ $2 >>',` +R$+ < @ $+ > $: <$(access To:$2 $: ? $)> <$1 < @ $2 >>') dnl workspace: <Result-of-lookup | ?> <localpart<@domain>> R<?> <$+ < @ $+ >> $: <$(access $2 $: ? $)> <$1 < @ $2 >>',`dnl')', `R$+ < @ $* $=R > $@ RELAY @@ -2691,7 +2698,7 @@ R$* <?> $#$* $#$2 R$* <?> $* $: $1', `dnl') ifdef(`_ACCESS_TABLE_', `dnl dnl store name of other side -R$* $: $(macro {TLS_Name} $@ $&{server_name} $) $1 +R$* $: $(macro {TLS_Name} $@ $&{client_name} $) $1 dnl ignore second arg for now dnl maybe use it to distinguish permanent/temporary error? dnl if MAIL: permanent (STARTTLS has not been offered) diff --git a/gnu/usr.sbin/sendmail/cf/m4/version.m4 b/gnu/usr.sbin/sendmail/cf/m4/version.m4 index fb3f1c13164..262cd0e69d1 100644 --- a/gnu/usr.sbin/sendmail/cf/m4/version.m4 +++ b/gnu/usr.sbin/sendmail/cf/m4/version.m4 @@ -1,6 +1,6 @@ divert(-1) # -# Copyright (c) 1998-2008 Sendmail, Inc. and its suppliers. +# Copyright (c) 1998-2011 Sendmail, Inc. and its suppliers. # All rights reserved. # Copyright (c) 1983 Eric P. Allman. All rights reserved. # Copyright (c) 1988, 1993 @@ -11,8 +11,8 @@ divert(-1) # the sendmail distribution. # # -VERSIONID(`$Sendmail: version.m4,v 8.195 2008/04/17 17:04:30 ca Exp $') +VERSIONID(`$Sendmail: version.m4,v 8.214 2011/04/26 23:02:36 ca Exp $') # divert(0) # Configuration version number -DZ8.14.3`'ifdef(`confCF_VERSION', `/confCF_VERSION') +DZ8.14.5`'ifdef(`confCF_VERSION', `/confCF_VERSION') diff --git a/gnu/usr.sbin/sendmail/contrib/qtool.pl b/gnu/usr.sbin/sendmail/contrib/qtool.pl index 0dcd614b8e1..648771de246 100644 --- a/gnu/usr.sbin/sendmail/contrib/qtool.pl +++ b/gnu/usr.sbin/sendmail/contrib/qtool.pl @@ -3,7 +3,7 @@ ## Copyright (c) 1998-2002 Sendmail, Inc. and its suppliers. ## All rights reserved. ## -## $Sendmail: qtool.pl,v 8.29 2007/02/16 01:12:08 ca Exp $ +## $Sendmail: qtool.pl,v 8.31 2010/11/10 19:11:54 ca Exp $ ## use strict; use File::Basename; @@ -450,7 +450,7 @@ sub unlock_file ## ## Parameters: ## src_name -- The name of the file to be move. -## dst_nome -- The name of the place to move it to. +## dst_name -- The name of the place to move it to. ## ## Returns: ## error_string -- If undef then no problem. Otherwise it is a @@ -607,7 +607,7 @@ sub parse_header $first_char = substr($line, 0, 1); if ($first_char eq "?") { - $line = substr($line, 3); + $line = (split(/\?/, $line,3))[2]; } elsif ($first_char eq "\t") { @@ -1193,7 +1193,7 @@ sub bounce ## ## This Condition Class checks the modification time of the ## source file and returns true if the file's modification time is -## older than the number of seconds the class was initialzed with. +## older than the number of seconds the class was initialized with. ## package OlderThan; @@ -1286,7 +1286,7 @@ sub check_move ## Eval ## ## Takes a perl expression and evaluates it. The ControlFile object -## for the source QueuedMessage is avaliable through the name '$msg'. +## for the source QueuedMessage is available through the name '$msg'. ## package Eval; diff --git a/gnu/usr.sbin/sendmail/contrib/smcontrol.pl b/gnu/usr.sbin/sendmail/contrib/smcontrol.pl index 4987460e4d4..2ff54e64f6e 100644 --- a/gnu/usr.sbin/sendmail/contrib/smcontrol.pl +++ b/gnu/usr.sbin/sendmail/contrib/smcontrol.pl @@ -1,4 +1,6 @@ -#!/usr/local/bin/perl -w +#!/usr/bin/perl -w + +# $Sendmail: smcontrol.pl,v 8.8 2008/07/21 21:31:43 ca Exp $ use strict; use Getopt::Std; diff --git a/gnu/usr.sbin/sendmail/doc/op/op.me b/gnu/usr.sbin/sendmail/doc/op/op.me index 9ea96ebe8bc..d4c495cb646 100644 --- a/gnu/usr.sbin/sendmail/doc/op/op.me +++ b/gnu/usr.sbin/sendmail/doc/op/op.me @@ -9,7 +9,7 @@ .\" the sendmail distribution. .\" .\" -.\" $Sendmail: op.me,v 8.741 2007/06/22 23:08:59 ca Exp $ +.\" $Sendmail: op.me,v 8.747 2010/05/08 04:18:27 ca Exp $ .\" .\" eqn op.me | pic | troff -me .\" @@ -90,13 +90,14 @@ Sendmail, Inc. .de Ve Version \\$2 .. -.Ve $Revision: 1.27 $ +.Ve $Revision: 1.28 $ .rm Ve .sp For Sendmail Version 8.14 .)l .(f Sendmail is a trademark of Sendmail, Inc. +US Patent Numbers 6865671, 6986037. .)f .sp 2 .pp @@ -1094,6 +1095,9 @@ The number of envelope recipients for this message (after aliasing and forwarding). .ip msgid The message id of the message (from the header). +.ip bodytype +The message body type (7BIT or 8BITMIME), +as determined from the envelope. .ip proto The protocol used to receive this message (e.g., ESMTP or UUCP) .ip daemon @@ -4952,9 +4956,21 @@ as "(may be forged)". .ip ${cn_issuer} The CN (common name) of the CA that signed the presented certificate (STARTTLS only). +Note: if the CN cannot be extracted properly it will be replaced by +one of these strings based on the encountered error: +.(b +.ta 25n +BadCertificateContainsNUL CN contains a NUL character +BadCertificateTooLong CN is too long +BadCertificateUnknown CN could not be extracted +.)b +In the last case, some other (unspecific) error occurred. .ip ${cn_subject} The CN (common name) of the presented certificate (STARTTLS only). +See +.b ${cn_issuer} +for possible replacements. .ip ${currHeader} Header value as quoted string (possibly truncated to @@ -5130,7 +5146,7 @@ The total number of incoming connections over the time interval specified by ConnectionRateWindowSize. .ip ${verify} The result of the verification of the presented cert; -only defined after STARTTLS has been used. +only defined after STARTTLS has been used (or attempted). Possible values are: .(b .ta 13n @@ -5141,7 +5157,8 @@ FAIL cert presented but could not be verified, e.g., the signing CA is missing. NONE STARTTLS has not been performed. TEMP temporary error occurred. -PROTOCOL some protocol error occurred. +PROTOCOL some protocol error occurred + at the ESMTP level (not TLS). SOFTWARE STARTTLS handshake failed, which is a fatal error for this session, the e-mail will be queued. @@ -6710,10 +6727,25 @@ CRL checking requires at least OpenSSL version 0.9.7. Note: if a CRLFile is specified but the file is unusable, STARTTLS is disabled. .ip DHParameters -File with DH parameters for STARTTLS. +Possible values are: +.(b +.ta 1i +5 use 512 bit prime +1 use 1024 bit prime +none do not use Diffie-Hellman +NAME load prime from file +.)b This is only required if a ciphersuite containing DSA/DH is used. -This is only for people with a good knowledge of TLS, all others -can ignore this option. +If ``5'' is selected, then precomputed, fixed primes are used. +This is the default for the client side. +If ``1'' is selected, then prime values are computed during startup. +This is the default for the server side. +Note: this operation can take a significant amount of time on a +slow machine (several seconds), but it is only done once at startup. +If ``none'' is selected, then TLS ciphersuites containing DSA/DH +cannot be used. +If a file name is specified (which must be an absolute path), +then the primes are read from it. .ip DaemonPortOptions=\fIoptions\fP [O] Set server SMTP options. @@ -11435,7 +11467,7 @@ replace it with a blank sheet for double-sided output. .\".sz 10 .\"Eric Allman .\".sp -.\"Version $Revision: 1.27 $ +.\"Version $Revision: 1.28 $ .\".ce 0 .bp 3 .ce diff --git a/gnu/usr.sbin/sendmail/include/libmilter/mfapi.h b/gnu/usr.sbin/sendmail/include/libmilter/mfapi.h index 06717365228..aa71cfa7e8a 100644 --- a/gnu/usr.sbin/sendmail/include/libmilter/mfapi.h +++ b/gnu/usr.sbin/sendmail/include/libmilter/mfapi.h @@ -7,7 +7,7 @@ * the sendmail distribution. * * - * $Sendmail: mfapi.h,v 8.78 2008/02/27 22:30:34 ca Exp $ + * $Sendmail: mfapi.h,v 8.80 2009/11/06 00:57:08 ca Exp $ */ /* @@ -18,7 +18,14 @@ # define _LIBMILTER_MFAPI_H 1 #ifndef SMFI_VERSION -# define SMFI_VERSION 0x01000001 /* libmilter version number */ +# if _FFR_MDS_NEGOTIATE +# define SMFI_VERSION 0x01000002 /* libmilter version number */ + + /* first libmilter version that has MDS support */ +# define SMFI_VERSION_MDS 0x01000002 +# else /* _FFR_MDS_NEGOTIATE */ +# define SMFI_VERSION 0x01000001 /* libmilter version number */ +# endif /* _FFR_MDS_NEGOTIATE */ #endif /* ! SMFI_VERSION */ #define SM_LM_VRS_MAJOR(v) (((v) & 0x7f000000) >> 24) @@ -163,9 +170,7 @@ LIBMILTER_API int smfi_setdbg __P((int)); LIBMILTER_API int smfi_settimeout __P((int)); LIBMILTER_API int smfi_setconn __P((char *)); LIBMILTER_API int smfi_stop __P((void)); -#if _FFR_MAXDATASIZE LIBMILTER_API size_t smfi_setmaxdatasize __P((size_t)); -#endif /* _FFR_MAXDATASIZE */ LIBMILTER_API int smfi_version __P((unsigned int *, unsigned int *, unsigned int *)); /* diff --git a/gnu/usr.sbin/sendmail/include/libmilter/mfdef.h b/gnu/usr.sbin/sendmail/include/libmilter/mfdef.h index 497dc3b1043..ecb639b8627 100644 --- a/gnu/usr.sbin/sendmail/include/libmilter/mfdef.h +++ b/gnu/usr.sbin/sendmail/include/libmilter/mfdef.h @@ -7,7 +7,7 @@ * the sendmail distribution. * * - * $Sendmail: mfdef.h,v 8.38 2007/03/27 18:53:48 ca Exp $ + * $Sendmail: mfdef.h,v 8.39 2009/11/06 00:57:08 ca Exp $ */ /* @@ -27,6 +27,12 @@ #define MILTER_CHUNK_SIZE 65535 /* body chunk size */ #define MILTER_MAX_DATA_SIZE 65535 /* default milter command data limit */ +#if _FFR_MDS_NEGOTIATE +# define MILTER_MDS_64K ((64 * 1024) - 1) +# define MILTER_MDS_256K ((256 * 1024) - 1) +# define MILTER_MDS_1M ((1024 * 1024) - 1) +#endif /* _FFR_MDS_NEGOTIATE */ + /* These apply to SMFIF_* flags */ #define SMFI_V1_ACTS 0x0000000FL /* The actions of V1 filter */ #define SMFI_V2_ACTS 0x0000003FL /* The actions of V2 filter */ @@ -100,6 +106,9 @@ #define SMFIP_NR_EOH 0x00040000L /* No reply for eoh */ #define SMFIP_NR_BODY 0x00080000L /* No reply for body chunk */ #define SMFIP_HDR_LEADSPC 0x00100000L /* header value leading space */ +#define SMFIP_MDS_256K 0x10000000L /* MILTER_MAX_DATA_SIZE=256K */ +#define SMFIP_MDS_1M 0x20000000L /* MILTER_MAX_DATA_SIZE=1M */ +/* #define SMFIP_ 0x40000000L reserved: see SMFI_INTERNAL*/ #define SMFI_V1_PROT 0x0000003FL /* The protocol of V1 filter */ #define SMFI_V2_PROT 0x0000007FL /* The protocol of V2 filter */ @@ -107,4 +116,11 @@ /* all defined protocol bits */ #define SMFI_CURR_PROT 0x001FFFFFL +/* internal flags: only used between MTA and libmilter */ +#define SMFI_INTERNAL 0x70000000L + +#if _FFR_MILTER_CHECK +# define SMFIP_TEST 0x80000000L +#endif /* _FFR_MILTER_CHECK */ + #endif /* !_LIBMILTER_MFDEF_H */ diff --git a/gnu/usr.sbin/sendmail/include/sm/conf.h b/gnu/usr.sbin/sendmail/include/sm/conf.h index 15b87552aed..63843296911 100644 --- a/gnu/usr.sbin/sendmail/include/sm/conf.h +++ b/gnu/usr.sbin/sendmail/include/sm/conf.h @@ -1,5 +1,5 @@ /* - * Copyright (c) 1998-2007 Sendmail, Inc. and its suppliers. + * Copyright (c) 1998-2011 Sendmail, Inc. and its suppliers. * All rights reserved. * Copyright (c) 1983, 1995-1997 Eric P. Allman. All rights reserved. * Copyright (c) 1988, 1993 @@ -10,7 +10,7 @@ * the sendmail distribution. * * - * $Sendmail: conf.h,v 1.134 2007/09/24 23:05:37 ca Exp $ + * $Sendmail: conf.h,v 1.144 2011/05/03 16:24:00 ca Exp $ */ /* @@ -381,6 +381,12 @@ typedef int pid_t; # ifndef __svr4__ # define __svr4__ /* use all System V Release 4 defines below */ # endif /* ! __svr4__ */ +# if SOLARIS >= 21100 +# include <paths.h> +# endif /* SOLARIS >= 21100 */ +# ifndef _PATH_VARRUN +# define _PATH_VARRUN "/var/run/" +# endif /* _PATH_VARRUN */ # define GIDSET_T gid_t # define USE_SA_SIGACTION 1 /* use sa_sigaction field */ # define BROKEN_PTHREAD_SLEEP 1 /* sleep after pthread_create() fails */ @@ -443,7 +449,7 @@ typedef int pid_t; # endif /* SOLARIS >= 20700 || (SOLARIS < 10000 && SOLARIS >= 207) */ # if SOLARIS >= 20800 || (SOLARIS < 10000 && SOLARIS >= 208) # undef _PATH_SENDMAILPID /* tmpfs /var/run added in 2.8 */ -# define _PATH_SENDMAILPID "/var/run/sendmail.pid" +# define _PATH_SENDMAILPID _PATH_VARRUN "sendmail.pid" # ifndef SMRSH_CMDDIR # define SMRSH_CMDDIR "/var/adm/sm.bin" # endif /* ! SMRSH_CMDDIR */ @@ -460,6 +466,9 @@ typedef int pid_t; # endif /* SOLARIS >= 21000 || (SOLARIS < 10000 && SOLARIS >= 210) */ # if SOLARIS >= 21100 || (SOLARIS < 10000 && SOLARIS >= 211) # define GETLDAPALIASBYNAME_VERSION 2 /* changed in S11 */ +# define HAVE_NANOSLEEP 1 /* moved from librt to libc in S11 */ +# define SOCKADDR_LEN_T socklen_t /* arg#3 to accept, getsockname */ +# define SOCKOPT_LEN_T socklen_t /* arg#5 to getsockopt */ # endif /* SOLARIS >= 21100 || (SOLARIS < 10000 && SOLARIS >= 211) */ # ifndef HASGETUSERSHELL # define HASGETUSERSHELL 0 /* getusershell(3) causes core dumps pre-2.7 */ @@ -1013,6 +1022,9 @@ extern unsigned int sleepX __P((unsigned int seconds)); # if __FreeBSD_version >= 222000 /* 2.2.2-release and later */ # define HASSETUSERCONTEXT 1 /* BSDI-style login classes */ # endif /* __FreeBSD_version >= 222000 */ +# if __FreeBSD_version >= 300000 /* 3.0.0-release and later */ +# define HAVE_NANOSLEEP 1 /* has nanosleep(2) */ +# endif /* __FreeBSD_version >= 300000 */ # if __FreeBSD_version >= 330000 /* 3.3.0-release and later */ # ifndef SMRSH_CMDDIR # define SMRSH_CMDDIR "/usr/libexec/sm.bin" @@ -1021,6 +1033,10 @@ extern unsigned int sleepX __P((unsigned int seconds)); # define SMRSH_PATH "/bin:/usr/bin" # endif /* ! SMRSH_PATH */ # endif /* __FreeBSD_version >= 330000 */ +# if __FreeBSD_version >= 430000 /* 4.3.0-release and later */ +# define SOCKADDR_LEN_T socklen_t /* e.g., arg#3 to accept, getsockname */ +# define SOCKOPT_LEN_T socklen_t /* arg#5 to getsockopt */ +# endif /* __FreeBSD_version >= 430000 */ # define USESYSCTL 1 /* use sysctl(3) for getting ncpus */ # include <sys/sysctl.h> # endif /* __FreeBSD__ >= 2 */ @@ -1050,6 +1066,9 @@ extern unsigned int sleepX __P((unsigned int seconds)); # if OpenBSD >= 200505 # undef NETISO /* iso.h removed in 3.7 */ # endif /* OpenBSD >= 200505 */ +# if OpenBSD >= 200800 +# define HAVE_NANOSLEEP 1 /* has nanosleep(2) */ +# endif /* OpenBSD >= 200800 */ # endif /* defined(__OpenBSD__) */ # endif /* defined(__DragonFly__) || defined(__FreeBSD__) || defined(__NetBSD__) || defined(__OpenBSD__) */ @@ -2800,6 +2819,20 @@ struct utsname # define MAXHOSTNAMELEN 256 # endif /* !defined(MAXHOSTNAMELEN) && !defined(_SCO_unix_) && !defined(NonStop_UX_BXX) && !defined(ALTOS_SYSTEM_V) */ + +# if _FFR_LINUX_MHNL && defined(__linux__) && MAXHOSTNAMELEN < 255 + /* + ** override Linux weirdness: a FQHN can be 255 chars long + ** SUSv3 requires HOST_NAME_MAX ("Maximum length of a host + ** name (not including the terminating null) as returned from the + ** gethostname() function.") to be at least 255. c.f.: + ** http://www.opengroup.org/onlinepubs/009695399 + ** but Linux defines that to 64 too. + */ +# undef MAXHOSTNAMELEN +# define MAXHOSTNAMELEN 256 +# endif /* _FFR_LINUX_MHNL && defined(__linux__) && MAXHOSTNAMELEN < 255 */ + # if !defined(SIGCHLD) && defined(SIGCLD) # define SIGCHLD SIGCLD # endif /* !defined(SIGCHLD) && defined(SIGCLD) */ diff --git a/gnu/usr.sbin/sendmail/include/sm/ldap.h b/gnu/usr.sbin/sendmail/include/sm/ldap.h index 2be6fbf11b4..0bb2b0c1586 100644 --- a/gnu/usr.sbin/sendmail/include/sm/ldap.h +++ b/gnu/usr.sbin/sendmail/include/sm/ldap.h @@ -6,7 +6,7 @@ * forth in the LICENSE file which can be found at the top level of * the sendmail distribution. * - * $Sendmail: ldap.h,v 1.33 2007/10/10 00:06:44 ca Exp $ + * $Sendmail: ldap.h,v 1.34 2008/11/17 21:02:54 ca Exp $ */ #ifndef SM_LDAP_H @@ -92,7 +92,7 @@ struct sm_ldap_struct char ldap_attrsep; # if _FFR_LDAP_NETWORK_TIMEOUT - struct timeval ldap_networktmo; + int ldap_networktmo; # endif /* _FFR_LDAP_NETWORK_TIMEOUT */ /* Linked list of maps sharing the same LDAP binding */ diff --git a/gnu/usr.sbin/sendmail/include/sm/sem.h b/gnu/usr.sbin/sendmail/include/sm/sem.h index d8d645924c1..10195a8b257 100644 --- a/gnu/usr.sbin/sendmail/include/sm/sem.h +++ b/gnu/usr.sbin/sendmail/include/sm/sem.h @@ -1,12 +1,12 @@ /* - * Copyright (c) 2000-2001, 2005 Sendmail, Inc. and its suppliers. + * Copyright (c) 2000-2001, 2005, 2008 Sendmail, Inc. and its suppliers. * All rights reserved. * * By using this file, you agree to the terms and conditions set * forth in the LICENSE file which can be found at the top level of * the sendmail distribution. * - * $Sendmail: sem.h,v 1.9 2005/02/17 22:08:58 ca Exp $ + * $Sendmail: sem.h,v 1.10 2008/05/30 16:26:39 ca Exp $ */ #ifndef SM_SEM_H @@ -47,6 +47,7 @@ extern int sm_sem_stop __P((int)); extern int sm_sem_acq __P((int, int, int)); extern int sm_sem_rel __P((int, int, int)); extern int sm_sem_get __P((int, int)); +extern int sm_semsetowner __P((int, uid_t, gid_t, mode_t)); # else /* SM_CONF_SEM > 0 */ # define sm_sem_start(key, nsem, semflg, owner) 0 diff --git a/gnu/usr.sbin/sendmail/libmilter/comm.c b/gnu/usr.sbin/sendmail/libmilter/comm.c index 218a86228b0..deee96c74a3 100644 --- a/gnu/usr.sbin/sendmail/libmilter/comm.c +++ b/gnu/usr.sbin/sendmail/libmilter/comm.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1999-2004 Sendmail, Inc. and its suppliers. + * Copyright (c) 1999-2004, 2009 Sendmail, Inc. and its suppliers. * All rights reserved. * * By using this file, you agree to the terms and conditions set @@ -9,7 +9,7 @@ */ #include <sm/gen.h> -SM_RCSID("@(#)$Sendmail: comm.c,v 8.67 2006/11/02 17:54:44 ca Exp $") +SM_RCSID("@(#)$Sendmail: comm.c,v 8.70 2009/12/16 16:33:48 ca Exp $") #include "libmilter.h" #include <sm/errstring.h> @@ -18,7 +18,6 @@ SM_RCSID("@(#)$Sendmail: comm.c,v 8.67 2006/11/02 17:54:44 ca Exp $") static ssize_t retry_writev __P((socket_t, struct iovec *, int, struct timeval *)); static size_t Maxdatasize = MILTER_MAX_DATA_SIZE; -#if _FFR_MAXDATASIZE /* ** SMFI_SETMAXDATASIZE -- set limit for milter data read/write. ** @@ -39,7 +38,6 @@ smfi_setmaxdatasize(sz) Maxdatasize = sz; return old; } -#endif /* _FFR_MAXDATASIZE */ /* ** MI_RD_CMD -- read a command @@ -122,8 +120,8 @@ mi_rd_cmd(sd, timeout, cmd, rlen, name) else if (ret < 0) { smi_log(SMI_LOG_ERR, - "%s: mi_rd_cmd: select returned %d: %s", - name, ret, sm_errstring(errno)); + "%s: mi_rd_cmd: %s() returned %d: %s", + name, MI_POLLSELECT, ret, sm_errstring(errno)); *cmd = SMFIC_RECVERR; return NULL; } @@ -214,8 +212,8 @@ mi_rd_cmd(sd, timeout, cmd, rlen, name) if (ret < 0) { smi_log(SMI_LOG_ERR, - "%s: mi_rd_cmd: select returned %d: %s", - name, ret, sm_errstring(save_errno)); + "%s: mi_rd_cmd: %s() returned %d: %s", + name, MI_POLLSELECT, ret, sm_errstring(save_errno)); *cmd = SMFIC_RECVERR; return NULL; } @@ -326,7 +324,7 @@ mi_wr_cmd(sd, timeout, cmd, buf, len) char *buf; size_t len; { - size_t sl, i; + size_t sl; ssize_t l; mi_int32 nl; int iovcnt; @@ -339,7 +337,6 @@ mi_wr_cmd(sd, timeout, cmd, buf, len) nl = htonl(len + 1); /* add 1 for the cmd char */ (void) memcpy(data, (void *) &nl, MILTER_LEN_BYTES); data[MILTER_LEN_BYTES] = (char) cmd; - i = 0; sl = MILTER_LEN_BYTES + 1; /* set up the vector for the size / command */ diff --git a/gnu/usr.sbin/sendmail/libmilter/docs/api.html b/gnu/usr.sbin/sendmail/libmilter/docs/api.html index 4b217270d3a..529abd6c271 100644 --- a/gnu/usr.sbin/sendmail/libmilter/docs/api.html +++ b/gnu/usr.sbin/sendmail/libmilter/docs/api.html @@ -2,7 +2,7 @@ <HEAD><TITLE>Milter API</TITLE></HEAD> <BODY> <!-- -$Sendmail: api.html,v 1.35 2006/11/30 23:09:23 ca Exp $ +$Sendmail: api.html,v 1.37 2009/05/19 00:40:52 ca Exp $ --> <H1>Milter API</H1> @@ -80,7 +80,9 @@ The following functions change a message's contents and attributes. <EM>They may only be called in <A HREF="xxfi_eom.html">xxfi_eom</A></EM>. All of these functions may invoke additional communication with the MTA. They will return either MI_SUCCESS or MI_FAILURE to indicate the status of -the operation. +the operation. Message data (senders, recipients, headers, body chunks) +passed to these functions via parameters is copied and does not need to be +preserved (i.e., allocated memory can be freed). <P> A filter must have set the appropriate flag (listed below) in the @@ -310,7 +312,7 @@ for a protocol stage. <HR SIZE="1"> <FONT SIZE="-1"> -Copyright (c) 2000, 2003, 2006 Sendmail, Inc. and its suppliers. +Copyright (c) 2000, 2003, 2006, 2009 Sendmail, Inc. and its suppliers. All rights reserved. <BR> By using this file, you agree to the terms and conditions set diff --git a/gnu/usr.sbin/sendmail/libmilter/docs/overview.html b/gnu/usr.sbin/sendmail/libmilter/docs/overview.html index 4c156a4cc4f..ef1c6a50ede 100644 --- a/gnu/usr.sbin/sendmail/libmilter/docs/overview.html +++ b/gnu/usr.sbin/sendmail/libmilter/docs/overview.html @@ -4,7 +4,7 @@ </HEAD> <BODY> <!-- -$Sendmail: overview.html,v 1.19 2006/12/21 18:23:47 ca Exp $ +$Sendmail: overview.html,v 1.21 2010/12/14 20:59:52 ca Exp $ --> <H1>Technical Overview</H1> @@ -60,7 +60,9 @@ returns to <CODE>MESSAGE</CODE>. For each of N connections { For each filter - process connection/helo (<A HREF="xxfi_connect.html">xxfi_connect</A>, <A HREF="xxfi_helo.html">xxfi_helo</A>) + process connection (<A HREF="xxfi_connect.html">xxfi_connect</A>) + For each filter + process helo/ehlo (<A HREF="xxfi_helo.html">xxfi_helo</A>) MESSAGE:For each message in this connection (sequentially) { For each filter @@ -124,7 +126,7 @@ messages may be sent in a single connection. Note also that a message or connection may be aborted by either the remote host or the MTA at any point during the SMTP transaction. -f this occurs during a message (between the MAIL command and the final "."), +If this occurs during a message (between the MAIL command and the final "."), the filter's <A HREF="xxfi_abort.html">xxfi_abort</A> routine will be called. <A HREF="xxfi_close.html">xxfi_close</A> is called any time the diff --git a/gnu/usr.sbin/sendmail/libmilter/docs/smfi_addheader.html b/gnu/usr.sbin/sendmail/libmilter/docs/smfi_addheader.html index 18d524fa123..f823838e2c8 100644 --- a/gnu/usr.sbin/sendmail/libmilter/docs/smfi_addheader.html +++ b/gnu/usr.sbin/sendmail/libmilter/docs/smfi_addheader.html @@ -2,7 +2,7 @@ <HEAD><TITLE>smfi_addheader</TITLE></HEAD> <BODY> <!-- -$Sendmail: smfi_addheader.html,v 1.19 2006/12/21 18:30:35 ca Exp $ +$Sendmail: smfi_addheader.html,v 1.20 2009/05/18 23:51:23 ca Exp $ --> <H1>smfi_addheader</H1> @@ -90,7 +90,11 @@ To change a header's current value, use the MTA will add this automatically. <B>It is the filter writer's responsibility to ensure that no standards are violated.</B> - <LI>The MTA adds a leading space to an added header value. + <LI>The MTA adds a leading space to an added header value unless + the flag +<A HREF="xxfi_negotiate.html#SMFIP_HDR_LEADSPC"><CODE>SMFIP_HDR_LEADSPC</CODE></A> + is set, in which case the milter + must include any desired leading spaces itself. </UL> </TD> </TR> @@ -116,7 +120,7 @@ To change a header's current value, use <HR size="1"> <FONT size="-1"> -Copyright (c) 2000-2003, 2006 Sendmail, Inc. and its suppliers. +Copyright (c) 2000-2003, 2006, 2009 Sendmail, Inc. and its suppliers. All rights reserved. <BR> By using this file, you agree to the terms and conditions set diff --git a/gnu/usr.sbin/sendmail/libmilter/docs/smfi_chgheader.html b/gnu/usr.sbin/sendmail/libmilter/docs/smfi_chgheader.html index ccc25a512d5..6757f999568 100644 --- a/gnu/usr.sbin/sendmail/libmilter/docs/smfi_chgheader.html +++ b/gnu/usr.sbin/sendmail/libmilter/docs/smfi_chgheader.html @@ -2,7 +2,7 @@ <HEAD><TITLE>smfi_chgheader</TITLE></HEAD> <BODY> <!-- -$Sendmail: smfi_chgheader.html,v 1.17 2006/12/21 18:30:35 ca Exp $ +$Sendmail: smfi_chgheader.html,v 1.18 2009/05/18 23:51:23 ca Exp $ --> <H1>smfi_chgheader</H1> @@ -85,6 +85,11 @@ Otherwise, it returns MI_SUCCESS. carriage return (ASCII 0x0d); the MTA will add this automatically. <B>It is the filter writer's responsibility to ensure that no standards are violated.</B> + <LI>The MTA adds a leading space to a header value unless + the flag +<A HREF="xxfi_negotiate.html#SMFIP_HDR_LEADSPC"><CODE>SMFIP_HDR_LEADSPC</CODE></A> + is set, in which case the milter + must include any desired leading spaces itself. </UL> </TD> </TR> @@ -110,7 +115,7 @@ Otherwise, it returns MI_SUCCESS. <HR size="1"> <FONT size="-1"> -Copyright (c) 2000-2003 Sendmail, Inc. and its suppliers. +Copyright (c) 2000-2003, 2009 Sendmail, Inc. and its suppliers. All rights reserved. <BR> By using this file, you agree to the terms and conditions set diff --git a/gnu/usr.sbin/sendmail/libmilter/docs/smfi_insheader.html b/gnu/usr.sbin/sendmail/libmilter/docs/smfi_insheader.html index edd9368d397..eee3227f383 100644 --- a/gnu/usr.sbin/sendmail/libmilter/docs/smfi_insheader.html +++ b/gnu/usr.sbin/sendmail/libmilter/docs/smfi_insheader.html @@ -2,7 +2,7 @@ <HEAD><TITLE>smfi_insheader</TITLE></HEAD> <BODY> <!-- -$Sendmail: smfi_insheader.html,v 1.9 2006/12/21 18:30:35 ca Exp $ +$Sendmail: smfi_insheader.html,v 1.10 2009/05/18 23:51:23 ca Exp $ --> <H1>smfi_insheader</H1> @@ -111,6 +111,11 @@ Otherwise, it returns MI_SUCCESS. the MTA will add this automatically. <B>It is the filter writer's responsibility to ensure that no standards are violated.</B> + <LI>The MTA adds a leading space to an inserted header value unless + the flag +<A HREF="xxfi_negotiate.html#SMFIP_HDR_LEADSPC"><CODE>SMFIP_HDR_LEADSPC</CODE></A> + is set, in which case the milter + must include any desired leading spaces itself. </UL> </TD> </TR> @@ -135,7 +140,7 @@ Otherwise, it returns MI_SUCCESS. <HR size="1"> <FONT size="-1"> -Copyright (c) 2004, 2006 Sendmail, Inc. and its suppliers. +Copyright (c) 2004, 2006, 2009 Sendmail, Inc. and its suppliers. All rights reserved. <BR> By using this file, you agree to the terms and conditions set diff --git a/gnu/usr.sbin/sendmail/libmilter/docs/smfi_stop.html b/gnu/usr.sbin/sendmail/libmilter/docs/smfi_stop.html index d8619191dcf..7994ef02bf4 100644 --- a/gnu/usr.sbin/sendmail/libmilter/docs/smfi_stop.html +++ b/gnu/usr.sbin/sendmail/libmilter/docs/smfi_stop.html @@ -2,7 +2,7 @@ <HEAD><TITLE>smfi_stop</TITLE></HEAD> <BODY> <!-- -$Sendmail: smfi_stop.html,v 1.6 2006/12/21 18:30:35 ca Exp $ +$Sendmail: smfi_stop.html,v 1.7 2010/12/13 16:16:01 ca Exp $ --> <H1>smfi_stop</H1> @@ -42,7 +42,7 @@ which may then exit or warm-restart. <TABLE border="1" cellspacing=0> <TR bgcolor="#dddddd"><TH>Argument</TH><TH>Description</TH></TR> <TR valign="top"><TD>void</TD> - <TD>Takes no arguement. + <TD>Takes no argument. </TD></TR> </TABLE> </TD></TR> diff --git a/gnu/usr.sbin/sendmail/libmilter/docs/xxfi_envrcpt.html b/gnu/usr.sbin/sendmail/libmilter/docs/xxfi_envrcpt.html index a65f746a333..7d68dd25044 100644 --- a/gnu/usr.sbin/sendmail/libmilter/docs/xxfi_envrcpt.html +++ b/gnu/usr.sbin/sendmail/libmilter/docs/xxfi_envrcpt.html @@ -2,7 +2,7 @@ <HEAD><TITLE>xxfi_envrcpt</TITLE></HEAD> <BODY> <!-- -$Sendmail: xxfi_envrcpt.html,v 1.15 2007/01/25 01:00:20 ca Exp $ +$Sendmail: xxfi_envrcpt.html,v 1.16 2010/07/14 04:41:03 ca Exp $ --> <H1>xxfi_envrcpt</H1> @@ -71,7 +71,8 @@ Handle the envelope RCPT command. </TR> <TR valign="top"> <TD>SMFIS_ACCEPT</TD> - <TD>Accept recipient. <A href="xxfi_abort.html">xxfi_abort</A> will not be called. + <TD>Accept this message. + <A href="xxfi_abort.html">xxfi_abort</A> will not be called. </TD> </TR> </TABLE> @@ -87,7 +88,7 @@ Handle the envelope RCPT command. <HR size="1"> <FONT size="-1"> -Copyright (c) 2000, 2003 Sendmail, Inc. and its suppliers. +Copyright (c) 2000, 2003, 2010 Sendmail, Inc. and its suppliers. All rights reserved. <BR> By using this file, you agree to the terms and conditions set diff --git a/gnu/usr.sbin/sendmail/libmilter/engine.c b/gnu/usr.sbin/sendmail/libmilter/engine.c index c29cd8fcd56..fb0bd6f3e37 100644 --- a/gnu/usr.sbin/sendmail/libmilter/engine.c +++ b/gnu/usr.sbin/sendmail/libmilter/engine.c @@ -9,7 +9,7 @@ */ #include <sm/gen.h> -SM_RCSID("@(#)$Sendmail: engine.c,v 8.162 2008/02/27 01:34:14 ca Exp $") +SM_RCSID("@(#)$Sendmail: engine.c,v 8.167 2011/03/03 06:09:15 ca Exp $") #include "libmilter.h" @@ -113,6 +113,7 @@ static void fix_stm __P((SMFICTX_PTR)); static bool trans_ok __P((int, int)); static char **dec_argv __P((char *, size_t)); static int dec_arg2 __P((char *, size_t, char **, char **)); +static void mi_clr_symlist __P((SMFICTX_PTR)); #if _FFR_WORKERS_POOL static bool mi_rd_socket_ready __P((int)); @@ -283,7 +284,7 @@ mi_engine(ctx) if (mi_stop() == MILTER_ABRT) { if (ctx->ctx_dbg > 3) - sm_dprintf("[%ld] milter_abort\n", + sm_dprintf("[%lu] milter_abort\n", (long) ctx->ctx_id); ret = MI_FAILURE; break; @@ -314,7 +315,7 @@ mi_engine(ctx) cmd < SMFIC_VALIDCMD) { if (ctx->ctx_dbg > 5) - sm_dprintf("[%ld] mi_engine: mi_rd_cmd error (%x)\n", + sm_dprintf("[%lu] mi_engine: mi_rd_cmd error (%x)\n", (long) ctx->ctx_id, (int) cmd); /* @@ -327,7 +328,7 @@ mi_engine(ctx) break; } if (ctx->ctx_dbg > 4) - sm_dprintf("[%ld] got cmd '%c' len %d\n", + sm_dprintf("[%lu] got cmd '%c' len %d\n", (long) ctx->ctx_id, cmd, (int) len); for (i = 0; i < ncmds; i++) { @@ -338,7 +339,7 @@ mi_engine(ctx) { /* unknown command */ if (ctx->ctx_dbg > 1) - sm_dprintf("[%ld] cmd '%c' unknown\n", + sm_dprintf("[%lu] cmd '%c' unknown\n", (long) ctx->ctx_id, cmd); ret = MI_FAILURE; break; @@ -347,7 +348,7 @@ mi_engine(ctx) { /* stop for now */ if (ctx->ctx_dbg > 1) - sm_dprintf("[%ld] cmd '%c' not impl\n", + sm_dprintf("[%lu] cmd '%c' not impl\n", (long) ctx->ctx_id, cmd); ret = MI_FAILURE; break; @@ -356,14 +357,14 @@ mi_engine(ctx) /* is new state ok? */ newstate = cmds[i].cm_next; if (ctx->ctx_dbg > 5) - sm_dprintf("[%ld] cur %x new %x nextmask %x\n", + sm_dprintf("[%lu] cur %x new %x nextmask %x\n", (long) ctx->ctx_id, curstate, newstate, next_states[curstate]); if (newstate != ST_NONE && !trans_ok(curstate, newstate)) { if (ctx->ctx_dbg > 1) - sm_dprintf("[%ld] abort: cur %d (%x) new %d (%x) next %x\n", + sm_dprintf("[%lu] abort: cur %d (%x) new %d (%x) next %x\n", (long) ctx->ctx_id, curstate, MI_MASK(curstate), newstate, MI_MASK(newstate), @@ -433,7 +434,7 @@ mi_engine(ctx) else if (r == _SMFIS_ABORT) { if (ctx->ctx_dbg > 5) - sm_dprintf("[%ld] function returned abort\n", + sm_dprintf("[%lu] function returned abort\n", (long) ctx->ctx_id); ret = MI_FAILURE; break; @@ -758,6 +759,69 @@ mi_clr_macros(ctx, m) } /* +** MI_CLR_SYMLIST -- clear list of macros +** +** Parameters: +** ctx -- context structure +** +** Returns: +** None. +*/ + +static void +mi_clr_symlist(ctx) + SMFICTX *ctx; +{ + int i; + + SM_ASSERT(ctx != NULL); + for (i = SMFIM_FIRST; i <= SMFIM_LAST; i++) + { + if (ctx->ctx_mac_list[i] != NULL) + { + free(ctx->ctx_mac_list[i]); + ctx->ctx_mac_list[i] = NULL; + } + } +} + +/* +** MI_CLR_CTX -- clear context +** +** Parameters: +** ctx -- context structure +** +** Returns: +** None. +*/ + +void +mi_clr_ctx(ctx) + SMFICTX *ctx; +{ + SM_ASSERT(ctx != NULL); + if (ValidSocket(ctx->ctx_sd)) + { + (void) closesocket(ctx->ctx_sd); + ctx->ctx_sd = INVALID_SOCKET; + } + if (ctx->ctx_reply != NULL) + { + free(ctx->ctx_reply); + ctx->ctx_reply = NULL; + } + if (ctx->ctx_privdata != NULL) + { + smi_log(SMI_LOG_WARN, + "%s: private data not NULL", + ctx->ctx_smfi->xxfi_name); + } + mi_clr_macros(ctx, 0); + mi_clr_symlist(ctx); + free(ctx); +} + +/* ** ST_OPTIONNEG -- negotiate options ** ** Parameters: @@ -771,8 +835,11 @@ static int st_optionneg(g) genarg *g; { - mi_int32 i, v, fake_pflags; + mi_int32 i, v, fake_pflags, internal_pflags; SMFICTX_PTR ctx; +#if _FFR_MILTER_CHECK + bool testmode = false; +#endif /* _FFR_MILTER_CHECK */ int (*fi_negotiate) __P((SMFICTX *, unsigned long, unsigned long, unsigned long, unsigned long, @@ -826,6 +893,7 @@ st_optionneg(g) v = SMFI_V1_ACTS; ctx->ctx_mta_aflags = v; /* MTA action flags */ + internal_pflags = 0; (void) memcpy((void *) &i, (void *) &(g->a_buf[MILTER_LEN_BYTES * 2]), MILTER_LEN_BYTES); v = ntohl(i); @@ -833,7 +901,51 @@ st_optionneg(g) /* no flags? set to default value for V1 protocol */ if (v == 0) v = SMFI_V1_PROT; - ctx->ctx_mta_pflags = v; /* MTA protocol flags */ +#if _FFR_MDS_NEGOTIATE + else if (ctx->ctx_smfi->xxfi_version >= SMFI_VERSION_MDS) + { + /* + ** Allow changing the size only if milter is compiled + ** against a version that supports this. + ** If a milter is dynamically linked against a newer + ** libmilter version, we don't want to "surprise" + ** it with a larger buffer as it may rely on it + ** even though it is not documented as a limit. + */ + + if (bitset(SMFIP_MDS_1M, v)) + { + internal_pflags |= SMFIP_MDS_1M; + (void) smfi_setmaxdatasize(MILTER_MDS_1M); + } + else if (bitset(SMFIP_MDS_256K, v)) + { + internal_pflags |= SMFIP_MDS_256K; + (void) smfi_setmaxdatasize(MILTER_MDS_256K); + } + } +# if 0 + /* don't log this for now... */ + else if (ctx->ctx_smfi->xxfi_version < SMFI_VERSION_MDS && + bitset(SMFIP_MDS_1M|SMFIP_MDS_256K, v)) + { + smi_log(SMI_LOG_WARN, + "%s: st_optionneg[%ld]: milter version=%X, trying flags=%X", + ctx->ctx_smfi->xxfi_name, + (long) ctx->ctx_id, ctx->ctx_smfi->xxfi_version, v); + } +# endif /* 0 */ +#endif /* _FFR_MDS_NEGOTIATE */ + + /* + ** MTA protocol flags. + ** We pass the internal flags to the milter as "read only", + ** i.e., a milter can read them so it knows which size + ** will be used, but any changes by a milter will be ignored + ** (see below, search for SMFI_INTERNAL). + */ + + ctx->ctx_mta_pflags = (v & ~SMFI_INTERNAL) | internal_pflags; /* ** Copy flags from milter struct into libmilter context; @@ -880,6 +992,12 @@ st_optionneg(g) 0, 0, &m_aflags, &m_pflags, &m_f2, &m_f3); +#if _FFR_MILTER_CHECK + testmode = bitset(SMFIP_TEST, m_pflags); + if (testmode) + m_pflags &= ~SMFIP_TEST; +#endif /* _FFR_MILTER_CHECK */ + /* ** Types of protocol flags (pflags): ** 1. do NOT send protocol step X @@ -1004,13 +1122,32 @@ st_optionneg(g) fix_stm(ctx); if (ctx->ctx_dbg > 3) - sm_dprintf("[%ld] milter_negotiate:" + sm_dprintf("[%lu] milter_negotiate:" " mta_actions=0x%lx, mta_flags=0x%lx" " actions=0x%lx, flags=0x%lx\n" , (long) ctx->ctx_id , ctx->ctx_mta_aflags, ctx->ctx_mta_pflags , ctx->ctx_aflags, ctx->ctx_pflags); +#if _FFR_MILTER_CHECK + if (ctx->ctx_dbg > 3) + sm_dprintf("[%lu] milter_negotiate:" + " testmode=%d, pflags2mta=%X, internal_pflags=%X\n" + , (long) ctx->ctx_id, testmode + , ctx->ctx_pflags2mta, internal_pflags); + + /* in test mode: take flags without further modifications */ + if (!testmode) + /* Warning: check statement below! */ +#endif /* _FFR_MILTER_CHECK */ + + /* + ** Remove the internal flags that might have been set by a milter + ** and set only those determined above. + */ + + ctx->ctx_pflags2mta = (ctx->ctx_pflags2mta & ~SMFI_INTERNAL) + | internal_pflags; return _SMFIS_OPTIONS; } diff --git a/gnu/usr.sbin/sendmail/libmilter/example.c b/gnu/usr.sbin/sendmail/libmilter/example.c index 66a9d4fcab9..e42e6a509e5 100644 --- a/gnu/usr.sbin/sendmail/libmilter/example.c +++ b/gnu/usr.sbin/sendmail/libmilter/example.c @@ -6,7 +6,7 @@ * forth in the LICENSE file which can be found at the top level of * the sendmail distribution. * - * $Sendmail: example.c,v 8.3 2006/12/20 21:22:34 ca Exp $ + * $Sendmail: example.c,v 8.4 2008/07/22 15:12:47 ca Exp $ */ /* @@ -252,7 +252,7 @@ struct smfiDesc smfilter = mlfi_close, /* connection cleanup */ mlfi_unknown, /* unknown/unimplemented SMTP commands */ mlfi_data, /* DATA command filter */ - mlfi_negotiate /* option negotation at connection startup */ + mlfi_negotiate /* option negotiation at connection startup */ }; int diff --git a/gnu/usr.sbin/sendmail/libmilter/handler.c b/gnu/usr.sbin/sendmail/libmilter/handler.c index b1ff8935444..6397fbaa79c 100644 --- a/gnu/usr.sbin/sendmail/libmilter/handler.c +++ b/gnu/usr.sbin/sendmail/libmilter/handler.c @@ -9,7 +9,7 @@ */ #include <sm/gen.h> -SM_RCSID("@(#)$Sendmail: handler.c,v 8.38 2006/11/02 02:38:22 ca Exp $") +SM_RCSID("@(#)$Sendmail: handler.c,v 8.39 2008/11/25 01:14:16 ca Exp $") #include "libmilter.h" @@ -43,24 +43,7 @@ mi_handle_session(ctx) ret = MI_FAILURE; else ret = mi_engine(ctx); - if (ValidSocket(ctx->ctx_sd)) - { - (void) closesocket(ctx->ctx_sd); - ctx->ctx_sd = INVALID_SOCKET; - } - if (ctx->ctx_reply != NULL) - { - free(ctx->ctx_reply); - ctx->ctx_reply = NULL; - } - if (ctx->ctx_privdata != NULL) - { - smi_log(SMI_LOG_WARN, - "%s: private data not NULL", - ctx->ctx_smfi->xxfi_name); - } - mi_clr_macros(ctx, 0); - free(ctx); + mi_clr_ctx(ctx); ctx = NULL; return ret; } diff --git a/gnu/usr.sbin/sendmail/libmilter/libmilter.h b/gnu/usr.sbin/sendmail/libmilter/libmilter.h index 0034e0f07dc..d9a6c4c9596 100644 --- a/gnu/usr.sbin/sendmail/libmilter/libmilter.h +++ b/gnu/usr.sbin/sendmail/libmilter/libmilter.h @@ -19,7 +19,7 @@ #ifdef _DEFINE # define EXTERN # define INIT(x) = x -SM_IDSTR(MilterlId, "@(#)$Sendmail: libmilter.h,v 8.74 2006/12/19 18:19:52 ca Exp $") +SM_IDSTR(MilterlId, "@(#)$Sendmail: libmilter.h,v 8.77 2008/11/25 18:28:18 ca Exp $") #else /* _DEFINE */ # define EXTERN extern # define INIT(x) @@ -282,6 +282,7 @@ extern int mi_handle_session __P((SMFICTX_PTR)); extern int mi_engine __P((SMFICTX_PTR)); extern int mi_listener __P((char *, int, smfiDesc_ptr, time_t, int)); extern void mi_clr_macros __P((SMFICTX_PTR, int)); +extern void mi_clr_ctx __P((SMFICTX_PTR)); extern int mi_stop __P((void)); extern int mi_control_startup __P((char *)); extern void mi_stop_milters __P((int)); diff --git a/gnu/usr.sbin/sendmail/libmilter/listener.c b/gnu/usr.sbin/sendmail/libmilter/listener.c index 05c070be186..e1c9e551e07 100644 --- a/gnu/usr.sbin/sendmail/libmilter/listener.c +++ b/gnu/usr.sbin/sendmail/libmilter/listener.c @@ -9,7 +9,7 @@ */ #include <sm/gen.h> -SM_RCSID("@(#)$Sendmail: listener.c,v 8.124 2007/04/23 22:22:50 ca Exp $") +SM_RCSID("@(#)$Sendmail: listener.c,v 8.126 2009/12/16 16:40:23 ca Exp $") /* ** listener.c -- threaded network listener @@ -777,8 +777,9 @@ mi_listener(conn, dbg, smfi, timeout, backlog) continue; scnt++; smi_log(SMI_LOG_ERR, - "%s: select() failed (%s), %s", - smfi->xxfi_name, sm_errstring(save_errno), + "%s: %s() failed (%s), %s", + smfi->xxfi_name, MI_POLLSELECT, + sm_errstring(save_errno), scnt >= MAX_FAILS_S ? "abort" : "try again"); MI_SLEEP(scnt); if (scnt >= MAX_FAILS_S) diff --git a/gnu/usr.sbin/sendmail/libmilter/main.c b/gnu/usr.sbin/sendmail/libmilter/main.c index 7233e7c48ef..9da4cc66ef1 100644 --- a/gnu/usr.sbin/sendmail/libmilter/main.c +++ b/gnu/usr.sbin/sendmail/libmilter/main.c @@ -9,7 +9,7 @@ */ #include <sm/gen.h> -SM_RCSID("@(#)$Sendmail: main.c,v 8.83 2007/04/23 22:22:50 ca Exp $") +SM_RCSID("@(#)$Sendmail: main.c,v 8.84 2008/09/02 05:37:06 ca Exp $") #define _DEFINE 1 #include "libmilter.h" @@ -52,7 +52,8 @@ smfi_register(smfilter) (void) sm_strlcpy(smfi->xxfi_name, smfilter.xxfi_name, len); /* compare milter version with hard coded version */ - if (smfi->xxfi_version != SMFI_VERSION && + if ((SM_LM_VRS_MAJOR(smfi->xxfi_version) != SM_LM_VRS_MAJOR(SMFI_VERSION) || + SM_LM_VRS_MINOR(smfi->xxfi_version) != SM_LM_VRS_MINOR(SMFI_VERSION)) && smfi->xxfi_version != 2 && smfi->xxfi_version != 3 && smfi->xxfi_version != 4) diff --git a/gnu/usr.sbin/sendmail/libmilter/sm_gethost.c b/gnu/usr.sbin/sendmail/libmilter/sm_gethost.c index 73ce816410c..1c68b8d471c 100644 --- a/gnu/usr.sbin/sendmail/libmilter/sm_gethost.c +++ b/gnu/usr.sbin/sendmail/libmilter/sm_gethost.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1999-2001, 2004 Sendmail, Inc. and its suppliers. + * Copyright (c) 1999-2001, 2004, 2010 Sendmail, Inc. and its suppliers. * All rights reserved. * * By using this file, you agree to the terms and conditions set @@ -9,7 +9,7 @@ */ #include <sm/gen.h> -SM_RCSID("@(#)$Sendmail: sm_gethost.c,v 8.27 2004/08/20 21:12:37 ca Exp $") +SM_RCSID("@(#)$Sendmail: sm_gethost.c,v 8.29 2010/07/27 01:09:31 ca Exp $") #include <sendmail.h> #if NETINET || NETINET6 @@ -30,7 +30,7 @@ SM_RCSID("@(#)$Sendmail: sm_gethost.c,v 8.27 2004/08/20 21:12:37 ca Exp $") #if NETINET6 && NEEDSGETIPNODE -static struct hostent *getipnodebyname __P((char *, int, int, int *)); +static struct hostent *sm_getipnodebyname __P((const char *, int, int, int *)); # ifndef AI_ADDRCONFIG # define AI_ADDRCONFIG 0 /* dummy */ @@ -43,8 +43,8 @@ static struct hostent *getipnodebyname __P((char *, int, int, int *)); # endif /* ! AI_DEFAULT */ static struct hostent * -getipnodebyname(name, family, flags, err) - char *name; +sm_getipnodebyname(name, family, flags, err) + const char *name; int family; int flags; int *err; @@ -77,6 +77,8 @@ freehostent(h) return; } +#else /* NEEDSGETIPNODE && NETINET6 */ +#define sm_getipnodebyname getipnodebyname #endif /* NEEDSGETIPNODE && NETINET6 */ struct hostent * @@ -107,7 +109,7 @@ mi_gethostbyname(name, family) # if ADDRCONFIG_IS_BROKEN flags &= ~AI_ADDRCONFIG; # endif /* ADDRCONFIG_IS_BROKEN */ - h = getipnodebyname(name, family, flags, &err); + h = sm_getipnodebyname(name, family, flags, &err); SM_SET_H_ERRNO(err); # else /* NETINET6 */ h = gethostbyname(name); diff --git a/gnu/usr.sbin/sendmail/libmilter/worker.c b/gnu/usr.sbin/sendmail/libmilter/worker.c index 3787598e941..ce47cc9e38b 100644 --- a/gnu/usr.sbin/sendmail/libmilter/worker.c +++ b/gnu/usr.sbin/sendmail/libmilter/worker.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 2003-2004, 2007 Sendmail, Inc. and its suppliers. + * Copyright (c) 2003-2004, 2007, 2009-2011 Sendmail, Inc. and its suppliers. * All rights reserved. * * By using this file, you agree to the terms and conditions set @@ -11,7 +11,7 @@ */ #include <sm/gen.h> -SM_RCSID("@(#)$Sendmail: worker.c,v 8.10 2007/12/03 22:06:05 ca Exp $") +SM_RCSID("@(#)$Sendmail: worker.c,v 8.19 2011/02/14 23:33:48 ca Exp $") #include "libmilter.h" @@ -165,7 +165,9 @@ mi_start_session(ctx) { static long id = 0; - SM_ASSERT(Tskmgr.tm_signature == TM_SIGNATURE); + /* this can happen if the milter is shutting down */ + if (Tskmgr.tm_signature != TM_SIGNATURE) + return MI_FAILURE; SM_ASSERT(ctx != NULL); POOL_LEV_DPRINTF(4, ("PIPE r=[%d] w=[%d]", RD_PIPE, WR_PIPE)); TASKMGR_LOCK(); @@ -210,24 +212,43 @@ mi_close_session(ctx) SM_ASSERT(ctx != NULL); (void) mi_list_del_ctx(ctx); - if (ValidSocket(ctx->ctx_sd)) - { - (void) closesocket(ctx->ctx_sd); - ctx->ctx_sd = INVALID_SOCKET; - } - if (ctx->ctx_reply != NULL) + mi_clr_ctx(ctx); + + return MI_SUCCESS; +} + +/* +** NONBLOCKING -- set nonblocking mode for a file descriptor. +** +** Parameters: +** fd -- file descriptor +** name -- name for (error) logging +** +** Returns: +** MI_SUCCESS/MI_FAILURE +*/ + +static int +nonblocking(int fd, const char *name) +{ + int r; + + errno = 0; + r = fcntl(fd, F_GETFL, 0); + if (r == -1) { - free(ctx->ctx_reply); - ctx->ctx_reply = NULL; + smi_log(SMI_LOG_ERR, "fcntl(%s, F_GETFL)=%s", + name, sm_errstring(errno)); + return MI_FAILURE; } - if (ctx->ctx_privdata != NULL) + errno = 0; + r = fcntl(fd, F_SETFL, r | O_NONBLOCK); + if (r == -1) { - smi_log(SMI_LOG_WARN, "%s: private data not NULL", - ctx->ctx_smfi->xxfi_name); + smi_log(SMI_LOG_ERR, "fcntl(%s, F_SETFL, O_NONBLOCK)=%s", + name, sm_errstring(errno)); + return MI_FAILURE; } - mi_clr_macros(ctx, 0); - free(ctx); - return MI_SUCCESS; } @@ -259,9 +280,15 @@ mi_pool_controller_init() if (pipe(Tskmgr.tm_p) != 0) { smi_log(SMI_LOG_ERR, "can't create event pipe: %s", - sm_errstring(r)); + sm_errstring(errno)); return MI_FAILURE; } + r = nonblocking(WR_PIPE, "WR_PIPE"); + if (r != MI_SUCCESS) + return r; + r = nonblocking(RD_PIPE, "RD_PIPE"); + if (r != MI_SUCCESS) + return r; (void) smutex_init(&Tskmgr.tm_w_mutex); (void) scond_init(&Tskmgr.tm_w_cond); @@ -328,6 +355,7 @@ mi_pool_controller(arg) int dim_pfd = 0; bool rebuild_set = true; int pcnt = 0; /* error count for poll() failures */ + time_t lastcheck; Tskmgr.tm_tid = sthread_get_id(); if (pthread_detach(Tskmgr.tm_tid) != 0) @@ -345,12 +373,12 @@ mi_pool_controller(arg) } dim_pfd = PFD_STEP; + lastcheck = time(NULL); for (;;) { SMFICTX_PTR ctx; int nfd, rfd, i; time_t now; - time_t lastcheck; POOL_LEV_DPRINTF(4, ("Let's %s again...", WAITFN)); @@ -364,20 +392,20 @@ mi_pool_controller(arg) /* check for timed out sessions? */ if (lastcheck + DT_CHECK_OLD_SESSIONS < now) { - SM_TAILQ_FOREACH(ctx, &WRK_CTX_HEAD, ctx_link) + ctx = SM_TAILQ_FIRST(&WRK_CTX_HEAD); + while (ctx != SM_TAILQ_END(&WRK_CTX_HEAD)) { + SMFICTX_PTR ctx_nxt; + + ctx_nxt = SM_TAILQ_NEXT(ctx, ctx_link); if (ctx->ctx_wstate == WKST_WAITING) { if (ctx->ctx_wait == 0) - { ctx->ctx_wait = now; - continue; - } - - /* if session timed out, close it */ - if (ctx->ctx_wait + OLD_SESSION_TIMEOUT - < now) + else if (ctx->ctx_wait + OLD_SESSION_TIMEOUT + < now) { + /* if session timed out, close it */ sfsistat (*fi_close) __P((SMFICTX *)); POOL_LEV_DPRINTF(4, @@ -389,10 +417,9 @@ mi_pool_controller(arg) (void) (*fi_close)(ctx); mi_close_session(ctx); - ctx = SM_TAILQ_FIRST(&WRK_CTX_HEAD); - continue; } } + ctx = ctx_nxt; } lastcheck = now; } @@ -465,6 +492,7 @@ mi_pool_controller(arg) } } } + rebuild_set = false; } TASKMGR_UNLOCK(); @@ -510,25 +538,23 @@ mi_pool_controller(arg) /* has a worker signaled an end of task ? */ if (WAIT_FD(i) == RD_PIPE) { - char evt = 0; - int r = 0; + char evts[256]; + ssize_t r; POOL_LEV_DPRINTF(4, ("PIPE WILL READ evt = %08X %08X", pfd[i].events, pfd[i].revents)); - if ((pfd[i].revents & MI_POLL_RD_FLAGS) != 0) + r = 1; + while ((pfd[i].revents & MI_POLL_RD_FLAGS) != 0 + && r != -1) { - r = read(RD_PIPE, &evt, sizeof(evt)); - if (r == sizeof(evt)) - { - /* Do nothing */ - } + r = read(RD_PIPE, evts, sizeof(evts)); } POOL_LEV_DPRINTF(4, ("PIPE DONE READ i=[%d] fd=[%d] r=[%d] evt=[%d]", - i, RD_PIPE, r, evt)); + i, RD_PIPE, (int) r, evts[0])); if ((pfd[i].revents & ~MI_POLL_RD_FLAGS) != 0) { diff --git a/gnu/usr.sbin/sendmail/libsm/debug.c b/gnu/usr.sbin/sendmail/libsm/debug.c index 16471ff89a0..13667a7bebd 100644 --- a/gnu/usr.sbin/sendmail/libsm/debug.c +++ b/gnu/usr.sbin/sendmail/libsm/debug.c @@ -8,7 +8,7 @@ */ #include <sm/gen.h> -SM_RCSID("@(#)$Sendmail: debug.c,v 1.30 2004/08/03 20:10:26 ca Exp $") +SM_RCSID("@(#)$Sendmail: debug.c,v 1.32 2009/09/20 05:38:46 ca Exp $") /* ** libsm debugging and tracing @@ -17,6 +17,10 @@ SM_RCSID("@(#)$Sendmail: debug.c,v 1.30 2004/08/03 20:10:26 ca Exp $") #include <ctype.h> #include <stdlib.h> +#if _FFR_DEBUG_PID_TIME +#include <unistd.h> +#include <time.h> +#endif /* _FFR_DEBUG_PID_TIME */ #include <setjmp.h> #include <sm/io.h> #include <sm/assert.h> @@ -112,6 +116,11 @@ sm_debug_close() ** none. */ +#if _FFR_DEBUG_PID_TIME +SM_DEBUG_T SmDBGPidTime = SM_DEBUG_INITIALIZER("sm_trace_pid_time", + "@(#)$Debug: sm_trace_pid_time - print pid and time in debug $"); +#endif /* _FFR_DEBUG_PID_TIME */ + void #if SM_VA_STD sm_dprintf(char *fmt, ...) @@ -125,6 +134,26 @@ sm_dprintf(fmt, va_alist) if (SmDebugOutput == NULL) return; +#if _FFR_DEBUG_PID_TIME + /* note: this is ugly if the output isn't a full line! */ + if (sm_debug_active(&SmDBGPidTime, 1)) + { + static char str[32] = "[1900-00-00/00:00:00] "; + struct tm *tmp; + time_t currt; + + currt = time((time_t *)0); + tmp = localtime(&currt); + snprintf(str, sizeof(str), "[%d-%02d-%02d/%02d:%02d:%02d] ", + 1900 + tmp->tm_year, /* HACK */ + tmp->tm_mon + 1, + tmp->tm_mday, + tmp->tm_hour, tmp->tm_min, tmp->tm_sec); + sm_io_fprintf(SmDebugOutput, SmDebugOutput->f_timeout, + "%ld: %s ", (long) getpid(), str); + } +#endif /* _FFR_DEBUG_PID_TIME */ + SM_VA_START(ap, fmt); sm_io_vfprintf(SmDebugOutput, SmDebugOutput->f_timeout, fmt, ap); SM_VA_END(ap); diff --git a/gnu/usr.sbin/sendmail/libsm/ldap.c b/gnu/usr.sbin/sendmail/libsm/ldap.c index 9424825154b..4dfe4639f37 100644 --- a/gnu/usr.sbin/sendmail/libsm/ldap.c +++ b/gnu/usr.sbin/sendmail/libsm/ldap.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 2001-2007 Sendmail, Inc. and its suppliers. + * Copyright (c) 2001-2009 Sendmail, Inc. and its suppliers. * All rights reserved. * * By using this file, you agree to the terms and conditions set @@ -11,7 +11,7 @@ #define LDAP_DEPRECATED 1 #include <sm/gen.h> -SM_RCSID("@(#)$Sendmail: ldap.c,v 1.80 2007/10/12 00:19:44 ca Exp $") +SM_RCSID("@(#)$Sendmail: ldap.c,v 1.85 2011/04/18 22:20:20 ca Exp $") #if LDAPMAP # include <sys/types.h> @@ -1098,6 +1098,28 @@ sm_ldap_results(lmap, msgid, flags, delim, rpool, result, if (ret == 0) save_errno = ETIMEDOUT; + else if (ret == LDAP_RES_SEARCH_RESULT) + { + /* + ** We may have gotten an LDAP_RES_SEARCH_RESULT response + ** with an error inside it, so we have to extract that + ** with ldap_parse_result(). This can happen when talking + ** to an LDAP proxy whose backend has gone down. + */ + + if (lmap->ldap_res == NULL) + save_errno = LDAP_UNAVAILABLE; + else + { + int rc; + + save_errno = ldap_parse_result(lmap->ldap_ld, + lmap->ldap_res, &rc, NULL, NULL, + NULL, NULL, 0); + if (save_errno == LDAP_SUCCESS) + save_errno = rc; + } + } else save_errno = sm_ldap_geterrno(lmap->ldap_ld); if (save_errno != LDAP_SUCCESS) @@ -1370,9 +1392,16 @@ sm_ldap_setopts(ld, lmap) ldap_set_option(ld, LDAP_OPT_REFERRALS, LDAP_OPT_OFF); ldap_set_option(ld, LDAP_OPT_SIZELIMIT, &lmap->ldap_sizelimit); ldap_set_option(ld, LDAP_OPT_TIMELIMIT, &lmap->ldap_timelimit); -# if _FFR_LDAP_NETWORK_TIMEOUT && defined(LDAP_OPT_NETWORK_TIMEOUT) - ldap_set_option(ld, LDAP_OPT_NETWORK_TIMEOUT, &lmap->ldap_networktmo); -# endif /* _FFR_LDAP_NETWORK_TIMEOUT && defined(LDAP_OPT_NETWORK_TIMEOUT) */ +# if _FFR_LDAP_NETWORK_TIMEOUT && defined(LDAP_OPT_NETWORK_TIMEOUT) + if (lmap->ldap_networktmo > 0) + { + struct timeval tmo; + + tmo.tv_sec = lmap->ldap_networktmo; + tmo.tv_usec = 0; + ldap_set_option(ld, LDAP_OPT_NETWORK_TIMEOUT, &tmo); + } +# endif /* _FFR_LDAP_NETWORK_TIMEOUT && defined(LDAP_OPT_NETWORK_TIMEOUT) */ # ifdef LDAP_OPT_RESTART ldap_set_option(ld, LDAP_OPT_RESTART, LDAP_OPT_ON); # endif /* LDAP_OPT_RESTART */ diff --git a/gnu/usr.sbin/sendmail/libsm/mbdb.c b/gnu/usr.sbin/sendmail/libsm/mbdb.c index cf1f3277b82..e114060bbd2 100644 --- a/gnu/usr.sbin/sendmail/libsm/mbdb.c +++ b/gnu/usr.sbin/sendmail/libsm/mbdb.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 2001-2002 Sendmail, Inc. and its suppliers. + * Copyright (c) 2001-2003,2009 Sendmail, Inc. and its suppliers. * All rights reserved. * * By using this file, you agree to the terms and conditions set @@ -8,7 +8,7 @@ */ #include <sm/gen.h> -SM_RCSID("@(#)$Sendmail: mbdb.c,v 1.40 2003/12/10 03:19:07 gshapiro Exp $") +SM_RCSID("@(#)$Sendmail: mbdb.c,v 1.41 2009/06/19 22:02:26 guenther Exp $") #include <sys/param.h> @@ -564,7 +564,20 @@ mbdb_ldap_lookup(name, user) entry = ldap_first_entry(LDAPLMAP.ldap_ld, LDAPLMAP.ldap_res); if (entry == NULL) { - save_errno = sm_ldap_geterrno(LDAPLMAP.ldap_ld); + int rc; + + /* + ** We may have gotten an LDAP_RES_SEARCH_RESULT response + ** with an error inside it, so we have to extract that + ** with ldap_parse_result(). This can happen when talking + ** to an LDAP proxy whose backend has gone down. + */ + + save_errno = ldap_parse_result(LDAPLMAP.ldap_ld, + LDAPLMAP.ldap_res, &rc, NULL, + NULL, NULL, NULL, 0); + if (save_errno == LDAP_SUCCESS) + save_errno = rc; if (save_errno == LDAP_SUCCESS) { errno = ENOENT; diff --git a/gnu/usr.sbin/sendmail/libsm/sem.c b/gnu/usr.sbin/sendmail/libsm/sem.c index a2e408b8c67..24acbdb9bb2 100644 --- a/gnu/usr.sbin/sendmail/libsm/sem.c +++ b/gnu/usr.sbin/sendmail/libsm/sem.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 2000-2001, 2005 Sendmail, Inc. and its suppliers. + * Copyright (c) 2000-2001, 2005, 2008 Sendmail, Inc. and its suppliers. * All rights reserved. * * By using this file, you agree to the terms and conditions set @@ -8,11 +8,12 @@ */ #include <sm/gen.h> -SM_RCSID("@(#)$Sendmail: sem.c,v 1.13 2005/08/12 20:39:59 ca Exp $") +SM_RCSID("@(#)$Sendmail: sem.c,v 1.14 2008/05/30 16:26:38 ca Exp $") #if SM_CONF_SEM # include <stdlib.h> # include <unistd.h> +# include <sm/string.h> # include <sm/sem.h> # include <sm/heap.h> # include <errno.h> @@ -200,4 +201,45 @@ sm_sem_get(semid, semnum) return -1; return semval; } + +/* +** SM_SEMSETOWNER -- set owner/group/mode of semaphores. +** +** Parameters: +** semid -- id for semaphores. +** uid -- uid to use +** gid -- gid to use +** mode -- mode to use +** +** Returns: +** 0 on success. +** < 0 on failure. +*/ + +int +sm_semsetowner(semid, uid, gid, mode) + int semid; + uid_t uid; + gid_t gid; + mode_t mode; +{ + int r; + struct semid_ds semidds; + union semun { + int val; + struct semid_ds *buf; + ushort *array; + } arg; + + memset(&semidds, 0, sizeof(semidds)); + arg.buf = &semidds; + if ((r = semctl(semid, 1, IPC_STAT, arg)) < 0) + return r; + semidds.sem_perm.uid = uid; + semidds.sem_perm.gid = gid; + semidds.sem_perm.mode = mode; + if ((r = semctl(semid, 1, IPC_SET, arg)) < 0) + return r; + return 0; +} #endif /* SM_CONF_SEM */ diff --git a/gnu/usr.sbin/sendmail/libsm/t-sem.c b/gnu/usr.sbin/sendmail/libsm/t-sem.c index f92f772eb6b..137770d687e 100644 --- a/gnu/usr.sbin/sendmail/libsm/t-sem.c +++ b/gnu/usr.sbin/sendmail/libsm/t-sem.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 2000-2001, 2005-2007 Sendmail, Inc. and its suppliers. + * Copyright (c) 2000-2001, 2005-2008 Sendmail, Inc. and its suppliers. * All rights reserved. * * By using this file, you agree to the terms and conditions set @@ -8,7 +8,7 @@ */ #include <sm/gen.h> -SM_RCSID("@(#)$Sendmail: t-sem.c,v 1.16 2007/03/21 23:22:10 ca Exp $") +SM_RCSID("@(#)$Sendmail: t-sem.c,v 1.17 2008/05/30 16:26:38 ca Exp $") #include <stdio.h> @@ -127,6 +127,20 @@ sem_cleanup(sig) exit(EX_UNAVAILABLE); } +static int +drop_priv(uid, gid) + uid_t uid; + gid_t gid; +{ + int r; + + r = setgid(gid); + if (r != 0) + return r; + r = setuid(uid); + return r; +} + /* ** SEMTEST -- test of semaphores ** @@ -141,12 +155,23 @@ sem_cleanup(sig) # define MAX_CNT 10 static int -semtest(owner) +semtest(owner, uid, gid) int owner; + uid_t uid; + gid_t gid; { int semid, r; int cnt = 0; + if (!owner && uid != 0) + { + r = drop_priv(uid, gid); + if (r < 0) + { + perror("drop_priv child failed"); + return -1; + } + } semid = sm_sem_start(T_SM_SEM_KEY, 1, 0, owner); if (semid < 0) { @@ -156,6 +181,22 @@ semtest(owner) if (owner) { + if (uid != 0) + { + r = sm_semsetowner(semid, uid, gid, 0660); + if (r < 0) + { + perror("sm_semsetowner failed"); + return -1; + } + r = drop_priv(uid, gid); + if (r < 0) + { + perror("drop_priv owner failed"); + return -1; + } + } + /* just in case someone kills the program... */ semid_c = semid; (void) sm_signal(SIGHUP, sem_cleanup); @@ -281,18 +322,31 @@ main(argc, argv) { bool interactive = false; bool owner = false; - int ch; - int r = 0; + int ch, r; + uid_t uid; + gid_t gid; + + uid = 0; + gid = 0; + r = 0; -# define OPTIONS "io" +# define OPTIONS "iog:u:" while ((ch = getopt(argc, argv, OPTIONS)) != -1) { switch ((char) ch) { + case 'g': + gid = (gid_t)strtoul(optarg, 0, 0); + break; + case 'i': interactive = true; break; + case 'u': + uid = (uid_t)strtoul(optarg, 0, 0); + break; + case 'o': owner = true; break; @@ -323,11 +377,11 @@ main(argc, argv) { /* give the parent the chance to setup data */ sleep(1); - r = semtest(false); + r = semtest(false, uid, gid); } else { - r = semtest(true); + r = semtest(true, uid, gid); } SM_TEST(r == 0); return sm_test_end(); diff --git a/gnu/usr.sbin/sendmail/libsmutil/safefile.c b/gnu/usr.sbin/sendmail/libsmutil/safefile.c index 868155fb755..a69cbe58e39 100644 --- a/gnu/usr.sbin/sendmail/libsmutil/safefile.c +++ b/gnu/usr.sbin/sendmail/libsmutil/safefile.c @@ -15,7 +15,7 @@ #include <sm/io.h> #include <sm/errstring.h> -SM_RCSID("@(#)$Sendmail: safefile.c,v 8.128 2004/09/30 18:15:49 ca Exp $") +SM_RCSID("@(#)$Sendmail: safefile.c,v 8.129 2008/08/04 18:07:04 gshapiro Exp $") /* @@ -699,7 +699,6 @@ safeopen(fn, omode, cmode, sff) if (bitset(O_CREAT, omode)) sff |= SFF_CREAT; omode &= ~O_CREAT; - smode = 0; switch (omode & O_ACCMODE) { case O_RDONLY: diff --git a/gnu/usr.sbin/sendmail/makemap/makemap.c b/gnu/usr.sbin/sendmail/makemap/makemap.c index f38e7b2aafd..d1423cdb22f 100644 --- a/gnu/usr.sbin/sendmail/makemap/makemap.c +++ b/gnu/usr.sbin/sendmail/makemap/makemap.c @@ -20,7 +20,7 @@ SM_IDSTR(copyright, Copyright (c) 1992, 1993\n\ The Regents of the University of California. All rights reserved.\n") -SM_IDSTR(id, "@(#)$Sendmail: makemap.c,v 8.179 2008/04/14 02:06:16 ca Exp $") +SM_IDSTR(id, "@(#)$Sendmail: makemap.c,v 8.180 2010/11/23 02:35:08 gshapiro Exp $") #include <sys/types.h> @@ -238,7 +238,7 @@ main(argc, argv) if ((cfp = sm_io_open(SmFtStdio, SM_TIME_DEFAULT, cfile, SM_IO_RDONLY, NULL)) == NULL) { - sm_io_fprintf(smioerr, SM_TIME_DEFAULT, "makemap: %s: %s", + sm_io_fprintf(smioerr, SM_TIME_DEFAULT, "makemap: %s: %s\n", cfile, sm_errstring(errno)); exit(EX_NOINPUT); } diff --git a/gnu/usr.sbin/sendmail/praliases/praliases.1 b/gnu/usr.sbin/sendmail/praliases/praliases.1 index 48e9fb071cb..89d837039fb 100644 --- a/gnu/usr.sbin/sendmail/praliases/praliases.1 +++ b/gnu/usr.sbin/sendmail/praliases/praliases.1 @@ -1,4 +1,4 @@ -.\" $OpenBSD: praliases.1,v 1.8 2010/09/23 14:51:57 jmc Exp $ +.\" Copyright (c) 1998-2000, 2008 Sendmail, Inc. and its suppliers. .\" .\" Copyright (c) 1998-2000 Sendmail, Inc. and its suppliers. .\" All rights reserved. @@ -8,9 +8,9 @@ .\" the sendmail distribution. .\" .\" -.\" $Sendmail: praliases.8,v 8.17 2000/12/15 19:53:45 gshapiro Exp $ +.\" $Sendmail: praliases.8,v 8.19 2008/07/10 20:13:10 ca Exp $ .\" -.Dd $Mdocdate: September 23 2010 $ +.Dd $Mdocdate: May 17 2011 $ .Dt PRALIASES 1 .Os .Sh NAME diff --git a/gnu/usr.sbin/sendmail/praliases/praliases.c b/gnu/usr.sbin/sendmail/praliases/praliases.c index 0094148e1a3..84e6a2b4654 100644 --- a/gnu/usr.sbin/sendmail/praliases/praliases.c +++ b/gnu/usr.sbin/sendmail/praliases/praliases.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1998-2001 Sendmail, Inc. and its suppliers. + * Copyright (c) 1998-2001, 2008 Sendmail, Inc. and its suppliers. * All rights reserved. * Copyright (c) 1983 Eric P. Allman. All rights reserved. * Copyright (c) 1988, 1993 @@ -20,7 +20,7 @@ SM_IDSTR(copyright, Copyright (c) 1988, 1993\n\ The Regents of the University of California. All rights reserved.\n") -SM_IDSTR(id, "@(#)$Sendmail: praliases.c,v 8.94 2007/05/11 18:50:36 ca Exp $") +SM_IDSTR(id, "@(#)$Sendmail: praliases.c,v 8.96 2008/07/10 20:13:10 ca Exp $") #include <sys/types.h> #include <ctype.h> @@ -99,7 +99,8 @@ main(argc, argv) case '?': default: (void) sm_io_fprintf(smioerr, SM_TIME_DEFAULT, - "usage: praliases [-C cffile] [-f aliasfile]\n"); + "usage: praliases [-C cffile] [-f aliasfile]" + " [key ...]\n"); exit(EX_USAGE); } } diff --git a/gnu/usr.sbin/sendmail/sendmail/README b/gnu/usr.sbin/sendmail/sendmail/README index 7c77f0928d1..6bb4d72aaf6 100644 --- a/gnu/usr.sbin/sendmail/sendmail/README +++ b/gnu/usr.sbin/sendmail/sendmail/README @@ -9,7 +9,7 @@ # the sendmail distribution. # # -# $Sendmail: README,v 8.391 2008/02/12 16:38:21 ca Exp $ +# $Sendmail: README,v 8.392 2009/04/10 17:49:19 gshapiro Exp $ # This directory contains the source files for sendmail(TM). @@ -32,6 +32,7 @@ For detailed instructions, please read the document ../doc/op/op.me: cd ../doc/op ; make op.ps op.txt Sendmail is a trademark of Sendmail, Inc. +US Patent Numbers 6865671, 6986037. +-------------------+ @@ -1847,4 +1848,4 @@ util.c Some general purpose routines used by sendmail. version.c The version number and information about this version of sendmail. -(Version $Revision: 1.27 $, last update $Date: 2008/05/04 18:34:05 $ ) +(Version $Revision: 1.28 $, last update $Date: 2011/05/17 15:54:23 $ ) diff --git a/gnu/usr.sbin/sendmail/sendmail/TRACEFLAGS b/gnu/usr.sbin/sendmail/sendmail/TRACEFLAGS index 48abf28634a..4beafc27fa0 100644 --- a/gnu/usr.sbin/sendmail/sendmail/TRACEFLAGS +++ b/gnu/usr.sbin/sendmail/sendmail/TRACEFLAGS @@ -1,4 +1,4 @@ -# $Sendmail: TRACEFLAGS,v 8.47 2006/09/11 22:36:32 ca Exp $ +# $Sendmail: TRACEFLAGS,v 8.48 2008/11/03 21:09:26 gshapiro Exp $ 0, 4 main.c main canonical name, UUCP node name, a.k.a.s 0, 15 main.c main print configuration 0, 44 util.c printav print address of each string @@ -86,6 +86,7 @@ 70 queue.c quarantining 71,>99 milter.c quarantine on errors 73 queue.c shared memory updates +74,>99 map.c LDAP map defer 80 content length 81 sun remote mode 83 collect.c timeout diff --git a/gnu/usr.sbin/sendmail/sendmail/collect.c b/gnu/usr.sbin/sendmail/sendmail/collect.c index 939b7e36ef1..659932cd1ef 100644 --- a/gnu/usr.sbin/sendmail/sendmail/collect.c +++ b/gnu/usr.sbin/sendmail/sendmail/collect.c @@ -13,7 +13,7 @@ #include <sendmail.h> -SM_RCSID("@(#)$Sendmail: collect.c,v 8.282 2008/01/31 18:48:29 ca Exp $") +SM_RCSID("@(#)$Sendmail: collect.c,v 8.284 2008/08/06 05:26:24 ca Exp $") static void eatfrom __P((char *volatile, ENVELOPE *)); static void collect_doheader __P((ENVELOPE *)); @@ -847,6 +847,9 @@ readerr: } /* Log collection information. */ + if (tTd(92, 2)) + sm_dprintf("collect: e_id=%s, EF_LOGSENDER=%d, LogLevel=%d\n", + e->e_id, bitset(EF_LOGSENDER, e->e_flags), LogLevel); if (bitset(EF_LOGSENDER, e->e_flags) && LogLevel > 4) { logsender(e, e->e_msgid); diff --git a/gnu/usr.sbin/sendmail/sendmail/conf.c b/gnu/usr.sbin/sendmail/sendmail/conf.c index 0199b6a1c65..6f3c3cdcae8 100644 --- a/gnu/usr.sbin/sendmail/sendmail/conf.c +++ b/gnu/usr.sbin/sendmail/sendmail/conf.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1998-2008 Sendmail, Inc. and its suppliers. + * Copyright (c) 1998-2010 Sendmail, Inc. and its suppliers. * All rights reserved. * Copyright (c) 1983, 1995-1997 Eric P. Allman. All rights reserved. * Copyright (c) 1988, 1993 @@ -13,7 +13,7 @@ #include <sendmail.h> -SM_RCSID("@(#)$Sendmail: conf.c,v 8.1141 2008/04/14 02:09:35 ca Exp $") +SM_RCSID("@(#)$Sendmail: conf.c,v 8.1168 2011/01/25 18:31:30 ca Exp $") #include <sm/sendmail.h> #include <sendmail/pathnames.h> @@ -50,8 +50,11 @@ static int get_num_procs_online __P((void)); static int add_hostnames __P((SOCKADDR *)); #if NETINET6 && NEEDSGETIPNODE -static struct hostent *getipnodebyname __P((char *, int, int, int *)); -static struct hostent *getipnodebyaddr __P((char *, int, int, int *)); +static struct hostent *sm_getipnodebyname __P((const char *, int, int, int *)); +static struct hostent *sm_getipnodebyaddr __P((const void *, size_t, int, int *)); +#else /* NETINET6 && NEEDSGETIPNODE */ +#define sm_getipnodebyname getipnodebyname +#define sm_getipnodebyaddr getipnodebyaddr #endif /* NETINET6 && NEEDSGETIPNODE */ @@ -392,6 +395,9 @@ setdefaults(e) #if REQUIRES_DIR_FSYNC RequiresDirfsync = true; #endif /* REQUIRES_DIR_FSYNC */ +#if _FFR_RCPTTHROTDELAY + BadRcptThrottleDelay = 1; +#endif /* _FFR_RCPTTHROTDELAY */ ConnectionRateWindowSize = 60; setupmaps(); setupqueues(); @@ -782,7 +788,7 @@ inithostmaps() else if (strcmp(maptype[i], "ldap") == 0 && stab("aliases.ldap", ST_MAP, ST_FIND) == NULL) { - (void) strlcpy(buf, "aliases.ldap ldap -b . -h localhost -k mail=%0 -v mailgroup", + (void) sm_strlcpy(buf, "aliases.ldap ldap -b . -h localhost -k mail=%0 -v mailgroup", sizeof buf); (void) makemapentry(buf); } @@ -968,7 +974,10 @@ switch_map_find(service, maptype, mapreturn) p = strpbrk(buf, "#\n"); if (p != NULL) *p = '\0'; - p = strpbrk(buf, " \t"); +#ifndef SM_NSSWITCH_DELIMS +# define SM_NSSWITCH_DELIMS " \t" +#endif /* SM_NSSWITCH_DELIMS */ + p = strpbrk(buf, SM_NSSWITCH_DELIMS); if (p != NULL) *p++ = '\0'; if (buf[0] == '\0') @@ -981,7 +990,7 @@ switch_map_find(service, maptype, mapreturn) buf); continue; } - while (isspace(*p)) + while (isascii(*p) && isspace(*p)) p++; if (*p == '\0') continue; @@ -1007,7 +1016,7 @@ switch_map_find(service, maptype, mapreturn) if (p == NULL) break; *p++ = '\0'; - while (isspace(*p)) + while (isascii(*p) && isspace(*p)) p++; } if (svcno < MAXMAPSTACK) @@ -2282,7 +2291,8 @@ refuseconnections(e, dn, active) # define MIN_DELAY_LOG 90 /* wait before logging this again */ # define D_MSG_LA "delaying connections on daemon %s: load average=%d >= %d" /* sleep to flatten out connection load */ - sm_setproctitle(true, e, D_MSG_LA, Daemons[dn].d_name, limit); + sm_setproctitle(true, e, D_MSG_LA, Daemons[dn].d_name, + CurrentLA, limit); if (LogLevel > 8 && (now = curtime()) > log_delay) { sm_syslog(LOG_INFO, NOQID, D_MSG_LA, @@ -2593,7 +2603,7 @@ setproctitle(fmt, va_alist) ** none. */ -/*VARARGS2*/ +/*VARARGS3*/ void #ifdef __STDC__ sm_setproctitle(bool status, ENVELOPE *e, const char *fmt, ...) @@ -3376,6 +3386,10 @@ enoughdiskspace(msize, e) { int i; +#if _FFR_TESTS + if (tTd(4, 101)) + return false; +#endif /* _FFR_TESTS */ if (MinBlocksFree <= 0 && msize <= 0) { if (tTd(4, 80)) @@ -4076,7 +4090,7 @@ strtol(nptr, endptr, base) */ do { c = *s++; - } while (isspace(c)); + } while (isascii(c) && isspace(c)); if (c == '-') { neg = 1; c = *s++; @@ -4112,9 +4126,9 @@ strtol(nptr, endptr, base) cutlim = cutoff % (unsigned long) base; cutoff /= (unsigned long) base; for (acc = 0, any = 0;; c = *s++) { - if (isdigit(c)) + if (isascii(c) && isdigit(c)) c -= '0'; - else if (isalpha(c)) + else if (isascii(c) && isalpha(c)) c -= isupper(c) ? 'A' - 10 : 'a' - 10; else break; @@ -4179,7 +4193,7 @@ strstr(big, little) /* ** SM_GETHOSTBY{NAME,ADDR} -- compatibility routines for gethostbyXXX ** -** Some operating systems have wierd problems with the gethostbyXXX +** Some operating systems have weird problems with the gethostbyXXX ** routines. For example, Solaris versions at least through 2.3 ** don't properly deliver a canonical h_name field. This tries to ** work around these problems. @@ -4203,8 +4217,8 @@ strstr(big, little) # endif /* ! AI_ALL */ static struct hostent * -getipnodebyname(name, family, flags, err) - char *name; +sm_getipnodebyname(name, family, flags, err) + const char *name; int family; int flags; int *err; @@ -4227,9 +4241,9 @@ getipnodebyname(name, family, flags, err) } static struct hostent * -getipnodebyaddr(addr, len, family, err) - char *addr; - int len; +sm_getipnodebyaddr(addr, len, family, err) + const void *addr; + size_t len; int family; int *err; { @@ -4296,7 +4310,7 @@ sm_gethostbyname(name, family) # if ADDRCONFIG_IS_BROKEN flags &= ~AI_ADDRCONFIG; # endif /* ADDRCONFIG_IS_BROKEN */ - h = getipnodebyname(name, family, flags, &err); + h = sm_getipnodebyname(name, family, flags, &err); SM_SET_H_ERRNO(err); # else /* NETINET6 */ h = gethostbyname(name); @@ -4335,7 +4349,7 @@ sm_gethostbyname(name, family) hbuf, family); # if NETINET6 - h = getipnodebyname(hbuf, family, flags, &err); + h = sm_getipnodebyname(hbuf, family, flags, &err); SM_SET_H_ERRNO(err); save_errno = errno; # else /* NETINET6 */ @@ -4432,7 +4446,7 @@ sm_gethostbyaddr(addr, len, type) { int err; - hp = getipnodebyaddr(addr, len, type, &err); + hp = sm_getipnodebyaddr(addr, len, type, &err); SM_SET_H_ERRNO(err); } # else /* NETINET6 */ @@ -4855,6 +4869,7 @@ load_if_names() switch (af) { case AF_INET6: + SETV6LOOPBACKADDRFOUND(*sa); # ifdef __KAME__ /* convert into proper scoped address */ if ((IN6_IS_ADDR_LINKLOCAL(&sa->sin6.sin6_addr) || @@ -5054,6 +5069,7 @@ load_if_names() # if NETINET6 case AF_INET6: + SETV6LOOPBACKADDRFOUND(*sa); # ifdef __KAME__ /* convert into proper scoped address */ if ((IN6_IS_ADDR_LINKLOCAL(&sa->sin6.sin6_addr) || @@ -5919,6 +5935,9 @@ char *OsCompileOptions[] = #if HASWAITPID "HASWAITPID", #endif /* HASWAITPID */ +#if HAVE_NANOSLEEP + "HAVE_NANOSLEEP", +#endif /* HAVE_NANOSLEEP */ #if IDENTPROTO "IDENTPROTO", #endif /* IDENTPROTO */ @@ -6009,6 +6028,9 @@ char *OsCompileOptions[] = #ifdef USESYSCTL "USESYSCTL", #endif /* USESYSCTL */ +#if USE_OPENSSL_ENGINE + "USE_OPENSSL_ENGINE", +#endif /* USE_OPENSSL_ENGINE */ #if USING_NETSCAPE_LDAP "USING_NETSCAPE_LDAP", #endif /* USING_NETSCAPE_LDAP */ @@ -6045,6 +6067,10 @@ char *FFRCompileOptions[] = /* Deal with MTAs that send a reply during the DATA phase. */ "_FFR_CATCH_BROKEN_MTAS", #endif /* _FFR_CATCH_BROKEN_MTAS */ +#if _FFR_CHECKCONFIG + /* New OpMode to check the configuration file */ + "_FFR_CHECKCONFIG", +#endif /* _FFR_CHECKCONFIG */ #if _FFR_CHK_QUEUE /* Stricter checks about queue directory permissions. */ "_FFR_CHK_QUEUE", @@ -6119,6 +6145,10 @@ char *FFRCompileOptions[] = /* EightBitAddrOK: allow 8-bit e-mail addresses */ "_FFR_EIGHT_BIT_ADDR_OK", #endif /* _FFR_EIGHT_BIT_ADDR_OK */ +#if _FFR_EXPDELAY + /* exponential queue delay */ + "_FFR_EXPDELAY", +#endif /* _FFR_EXPDELAY */ #if _FFR_EXTRA_MAP_CHECK /* perform extra checks on $( $) in R lines */ "_FFR_EXTRA_MAP_CHECK", @@ -6177,10 +6207,17 @@ char *FFRCompileOptions[] = /* Ignore extensions offered in response to HELO */ "_FFR_IGNORE_EXT_ON_HELO", #endif /* _FFR_IGNORE_EXT_ON_HELO */ +#if _FFR_LINUX_MHNL + /* Set MAXHOSTNAMELEN to 256 (Linux) */ + "_FFR_LINUX_MHNL", +#endif /* _FFR_LINUX_MHNL */ #if _FFR_LOCAL_DAEMON /* Local daemon mode (-bl) which only accepts loopback connections */ "_FFR_LOCAL_DAEMON", #endif /* _FFR_LOCAL_DAEMON */ +#if _FFR_MAIL_MACRO + "_FFR_MAIL_MACRO", +#endif /* _FFR_MAIL_MACRO */ #if _FFR_MAXDATASIZE /* ** It is possible that a header is larger than MILTER_CHUNK_SIZE, @@ -6201,6 +6238,10 @@ char *FFRCompileOptions[] = /* Limit sleep(2) time in libsm/clock.c */ "_FFR_MAX_SLEEP_TIME", #endif /* _FFR_MAX_SLEEP_TIME */ +#if _FFR_MDS_NEGOTIATE + /* MaxDataSize negotation with libmilter */ + "_FFR_MDS_NEGOTIATE", +#endif /* _FFR_MDS_NEGOTIATE */ #if _FFR_MEMSTAT /* Check free memory */ "_FFR_MEMSTAT", @@ -6234,6 +6275,10 @@ char *FFRCompileOptions[] = "_FFR_MILTER_CHECK_REJECTIONS_TOO", #endif /* _FFR_MILTER_CHECK_REJECTIONS_TOO */ +#if _FFR_MILTER_ENHSC + /* extract enhanced status code from milter replies for dsn= logging */ + "_FFR_MILTER_ENHSC", +#endif /* _FFR_MILTER_ENHSC */ #if _FFR_MIME7TO8_OLD /* Old mime7to8 code, the new is broken for at least one example. */ "_FFR_MIME7TO8_OLD", @@ -6287,6 +6332,10 @@ char *FFRCompileOptions[] = /* Debug output for the queue scheduler. */ "_FFR_QUEUE_SCHED_DBG", #endif /* _FFR_QUEUE_SCHED_DBG */ +#if _FFR_RCPTTHROTDELAY + /* configurable delay for BadRcptThrottle */ + "_FFR_RCPTTHROTDELAY", +#endif /* _FFR_RCPTTHROTDELAY */ #if _FFR_REDIRECTEMPTY /* ** envelope <> can't be sent to mailing lists, only owner- @@ -6363,6 +6412,10 @@ char *FFRCompileOptions[] = /* SuperSafe per DaemonPortOptions: 'T' (better letter?) */ "_FFR_SS_PER_DAEMON", #endif /* _FFR_SS_PER_DAEMON */ +#if _FFR_TESTS + /* enable some test code */ + "_FFR_TESTS", +#endif /* _FFR_TESTS */ #if _FFR_TIMERS /* Donated code (unused). */ "_FFR_TIMERS", diff --git a/gnu/usr.sbin/sendmail/sendmail/conf.h b/gnu/usr.sbin/sendmail/sendmail/conf.h index c932477f739..2f4517c6c56 100644 --- a/gnu/usr.sbin/sendmail/sendmail/conf.h +++ b/gnu/usr.sbin/sendmail/sendmail/conf.h @@ -10,7 +10,7 @@ * the sendmail distribution. * * - * $Sendmail: conf.h,v 8.574 2006/11/29 00:36:06 ca Exp $ + * $Sendmail: conf.h,v 8.575 2009/03/25 20:04:00 ca Exp $ */ /* @@ -123,9 +123,18 @@ struct rusage; /* forward declaration to get gcc to shut up in wait.h */ #define DATA_PROGRESS_TIMEOUT 300 /* how often to check DATA progress */ #define ENHSCLEN 10 /* max len of enhanced status code */ #define DEFAULT_MAX_RCPT 100 /* max number of RCPTs per envelope */ -#define MAXQUEUEGROUPS 50 /* max # of queue groups */ +#ifndef MAXQUEUEGROUPS +# define MAXQUEUEGROUPS 50 /* max # of queue groups */ /* must be less than BITMAPBITS for DoQueueRun */ -#define MAXWORKGROUPS 50 /* max # of work groups */ +#endif /* MAXQUEUEGROUPS */ +#if MAXQUEUEGROUPS >= BITMAPBITS + ERROR _MAXQUEUEGROUPS must be less than _BITMAPBITS +#endif /* MAXQUEUEGROUPS >= BITMAPBITS */ + +#ifndef MAXWORKGROUPS +# define MAXWORKGROUPS 50 /* max # of work groups */ +#endif /* MAXWORKGROUPS */ + #define MAXFILESYS BITMAPBITS /* max # of queue file systems * must be <= BITMAPBITS */ #ifndef FILESYS_UPDATE_INTERVAL diff --git a/gnu/usr.sbin/sendmail/sendmail/daemon.c b/gnu/usr.sbin/sendmail/sendmail/daemon.c index bef537b507a..e035a30883c 100644 --- a/gnu/usr.sbin/sendmail/sendmail/daemon.c +++ b/gnu/usr.sbin/sendmail/sendmail/daemon.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1998-2007 Sendmail, Inc. and its suppliers. + * Copyright (c) 1998-2007, 2009, 2010 Sendmail, Inc. and its suppliers. * All rights reserved. * Copyright (c) 1983, 1995-1997 Eric P. Allman. All rights reserved. * Copyright (c) 1988, 1993 @@ -14,7 +14,7 @@ #include <sendmail.h> #include "map.h" -SM_RCSID("@(#)$Sendmail: daemon.c,v 8.680 2008/02/14 00:20:26 ca Exp $") +SM_RCSID("@(#)$Sendmail: daemon.c,v 8.691 2011/01/25 18:31:30 ca Exp $") #if defined(SOCK_STREAM) || defined(__GNU_LIBRARY__) # define USE_SOCK_STREAM 1 @@ -199,7 +199,7 @@ getrequests(e) if (tTd(15, 1)) { for (idx = 0; idx < NDaemons; idx++) - sm_dprintf("getrequests: daemon %s: %d\n", + sm_dprintf("getrequests: daemon %s: socket %d\n", Daemons[idx].d_name, Daemons[idx].d_socket); } @@ -1267,7 +1267,8 @@ setupdaemon(daemonaddr) case AF_INET6: if (IN6_IS_ADDR_UNSPECIFIED(&daemonaddr->sin6.sin6_addr)) daemonaddr->sin6.sin6_addr = - LocalDaemon ? in6addr_loopback : in6addr_any; + (LocalDaemon && V6LoopbackAddrFound) ? + in6addr_loopback : in6addr_any; port = daemonaddr->sin6.sin6_port; break; #endif /* NETINET6 */ @@ -2161,7 +2162,8 @@ makeconnection(host, port, mci, e, enough) case AF_INET: clt_addr.sin.sin_addr.s_addr = inet_addr(p); if (clt_addr.sin.sin_addr.s_addr != INADDR_NONE && - clt_addr.sin.sin_addr.s_addr != INADDR_LOOPBACK) + clt_addr.sin.sin_addr.s_addr != + htonl(INADDR_LOOPBACK)) { clt_bind = true; socksize = sizeof(struct sockaddr_in); @@ -2218,7 +2220,8 @@ makeconnection(host, port, mci, e, enough) #if NETINET6 case AF_INET6: if (IN6_IS_ADDR_UNSPECIFIED(&clt_addr.sin6.sin6_addr)) - clt_addr.sin6.sin6_addr = LocalDaemon ? + clt_addr.sin6.sin6_addr = + (LocalDaemon && V6LoopbackAddrFound) ? in6addr_loopback : in6addr_any; else clt_bind = true; @@ -2342,7 +2345,7 @@ makeconnection(host, port, mci, e, enough) } } gothostent: - if (hp == NULL) + if (hp == NULL || hp->h_addr == NULL) { #if NAMED_BIND /* check for name server timeouts */ @@ -2664,6 +2667,7 @@ gothostent: #if NETINET case AF_INET: addr.sin.sin_addr.s_addr = ConnectOnlyTo.sin.sin_addr.s_addr; + addr.sa.sa_family = ConnectOnlyTo.sa.sa_family; break; #endif /* NETINET */ @@ -2871,7 +2875,10 @@ nextaddr: /* Use the configured HeloName as appropriate */ if (HeloName != NULL && HeloName[0] != '\0') + { + SM_FREE_CLR(mci->mci_heloname); mci->mci_heloname = newstr(HeloName); + } mci_setstat(mci, EX_OK, NULL, NULL); return EX_OK; diff --git a/gnu/usr.sbin/sendmail/sendmail/deliver.c b/gnu/usr.sbin/sendmail/sendmail/deliver.c index 396f6262cd4..6e2cec07304 100644 --- a/gnu/usr.sbin/sendmail/sendmail/deliver.c +++ b/gnu/usr.sbin/sendmail/sendmail/deliver.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1998-2007 Sendmail, Inc. and its suppliers. + * Copyright (c) 1998-2010 Sendmail, Inc. and its suppliers. * All rights reserved. * Copyright (c) 1983, 1995-1997 Eric P. Allman. All rights reserved. * Copyright (c) 1988, 1993 @@ -14,7 +14,7 @@ #include <sendmail.h> #include <sm/time.h> -SM_RCSID("@(#)$Sendmail: deliver.c,v 8.1015 2007/10/17 21:35:30 ca Exp $") +SM_RCSID("@(#)$Sendmail: deliver.c,v 8.1024 2011/01/12 23:52:59 ca Exp $") #if HASSETUSERCONTEXT # include <login_cap.h> @@ -575,12 +575,12 @@ sendall(e, mode) #endif /* HASFLOCK */ if (e->e_nrcpts > 0) e->e_flags |= EF_INQUEUE; - dropenvelope(e, splitenv != NULL, true); + (void) dropenvelope(e, splitenv != NULL, true); for (ee = splitenv; ee != NULL; ee = ee->e_sibling) { if (ee->e_nrcpts > 0) ee->e_flags |= EF_INQUEUE; - dropenvelope(ee, false, true); + (void) dropenvelope(ee, false, true); } return; @@ -602,7 +602,7 @@ sendall(e, mode) /* now drop the envelope in the parent */ e->e_flags |= EF_INQUEUE; - dropenvelope(e, splitenv != NULL, false); + (void) dropenvelope(e, splitenv != NULL, false); /* arrange to reacquire lock after fork */ e->e_id = qid; @@ -615,7 +615,7 @@ sendall(e, mode) /* drop envelope in parent */ ee->e_flags |= EF_INQUEUE; - dropenvelope(ee, false, false); + (void) dropenvelope(ee, false, false); /* and save qid for reacquisition */ ee->e_id = qid; @@ -762,14 +762,14 @@ sendall(e, mode) } sendenvelope(e, mode); - dropenvelope(e, true, true); + (void) dropenvelope(e, true, true); for (ee = splitenv; ee != NULL; ee = ee->e_sibling) { CurEnv = ee; if (mode != SM_VERIFY) openxscript(ee); sendenvelope(ee, mode); - dropenvelope(ee, true, true); + (void) dropenvelope(ee, true, true); } CurEnv = e; @@ -1391,7 +1391,7 @@ deliver(e, firstto) else p = e->e_from.q_paddr; rpath = remotename(p, m, RF_SENDERADDR|RF_CANONICAL, &rcode, e); - if (strlen(rpath) > MAXSHORTSTR) + if (strlen(rpath) > MAXNAME) { rpath = shortenstring(rpath, MAXSHORTSTR); @@ -1850,7 +1850,7 @@ deliver(e, firstto) ** If we are running SMTP, we just need to clean up. */ - /* XXX this seems a bit wierd */ + /* XXX this seems a bit weird */ if (ctladdr == NULL && m != ProgMailer && m != FileMailer && bitset(QGOODUID, e->e_from.q_flags)) ctladdr = &e->e_from; @@ -2144,6 +2144,7 @@ tryhost: mci->mci_lastuse = curtime(); mci->mci_deliveries = 0; mci->mci_exitstat = i; + mci_clr_extensions(mci); # if NAMED_BIND mci->mci_herrno = h_errno; # endif /* NAMED_BIND */ @@ -2978,7 +2979,7 @@ reconnect: /* after switching to an encrypted connection */ char *s; /* - ** TLS negotation failed, what to do? + ** TLS negotiation failed, what to do? ** fall back to unencrypted connection ** or abort? How to decide? ** set a macro and call a ruleset. @@ -3021,7 +3022,7 @@ reconnect: /* after switching to an encrypted connection */ /* ** rcode == EX_SOFTWARE is special: - ** the TLS negotation failed + ** the TLS negotiation failed ** we have to drop the connection no matter what ** However, we call tls_server to give it the chance ** to log the problem and return an appropriate @@ -3104,7 +3105,7 @@ reconnect: /* after switching to an encrypted connection */ mci->mci_state != MCIS_CLOSED) { SET_HELO(mci->mci_flags); - mci->mci_flags &= ~MCIF_EXTENS; + mci_clr_extensions(mci); goto reconnect; } } @@ -3157,7 +3158,7 @@ reconnect: /* after switching to an encrypted connection */ &mci->mci_out, mci->mci_conn, tmo) == 0) { - mci->mci_flags &= ~MCIF_EXTENS; + mci_clr_extensions(mci); mci->mci_flags |= MCIF_AUTHACT| MCIF_ONLY_EHLO; goto reconnect; @@ -6075,8 +6076,9 @@ initclttls(tls_ok) return false; if (clt_ctx != NULL) return true; /* already done */ - tls_ok_clt = inittls(&clt_ctx, TLS_I_CLT, false, CltCertFile, - CltKeyFile, CACertPath, CACertFile, DHParams); + tls_ok_clt = inittls(&clt_ctx, TLS_I_CLT, Clt_SSL_Options, false, + CltCertFile, CltKeyFile, + CACertPath, CACertFile, DHParams); return tls_ok_clt; } @@ -6108,6 +6110,17 @@ starttls(m, mci, e) if (clt_ctx == NULL && !initclttls(true)) return EX_TEMPFAIL; + +# if USE_OPENSSL_ENGINE + if (!SSLEngineInitialized && !SSL_set_engine(NULL)) + { + sm_syslog(LOG_ERR, NOQID, + "STARTTLS=client, SSL_set_engine=failed"); + return EX_TEMPFAIL; + } + SSLEngineInitialized = true; +# endif /* USE_OPENSSL_ENGINE */ + smtpmessage("STARTTLS", m, mci); /* get the reply */ diff --git a/gnu/usr.sbin/sendmail/sendmail/domain.c b/gnu/usr.sbin/sendmail/sendmail/domain.c index 25fab61f9ff..2e31330f807 100644 --- a/gnu/usr.sbin/sendmail/sendmail/domain.c +++ b/gnu/usr.sbin/sendmail/sendmail/domain.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1998-2004, 2006 Sendmail, Inc. and its suppliers. + * Copyright (c) 1998-2004, 2006, 2010 Sendmail, Inc. and its suppliers. * All rights reserved. * Copyright (c) 1986, 1995-1997 Eric P. Allman. All rights reserved. * Copyright (c) 1988, 1993 @@ -15,9 +15,9 @@ #include "map.h" #if NAMED_BIND -SM_RCSID("@(#)$Sendmail: domain.c,v 8.202 2006/12/19 01:15:07 ca Exp $ (with name server)") +SM_RCSID("@(#)$Sendmail: domain.c,v 8.204 2010/06/29 15:35:33 ca Exp $ (with name server)") #else /* NAMED_BIND */ -SM_RCSID("@(#)$Sendmail: domain.c,v 8.202 2006/12/19 01:15:07 ca Exp $ (without name server)") +SM_RCSID("@(#)$Sendmail: domain.c,v 8.204 2010/06/29 15:35:33 ca Exp $ (without name server)") #endif /* NAMED_BIND */ #if NAMED_BIND @@ -25,25 +25,6 @@ SM_RCSID("@(#)$Sendmail: domain.c,v 8.202 2006/12/19 01:15:07 ca Exp $ (without # include <arpa/inet.h> -/* -** The standard udp packet size PACKETSZ (512) is not sufficient for some -** nameserver answers containing very many resource records. The resolver -** may switch to tcp and retry if it detects udp packet overflow. -** Also note that the resolver routines res_query and res_search return -** the size of the *un*truncated answer in case the supplied answer buffer -** it not big enough to accommodate the entire answer. -*/ - -# ifndef MAXPACKET -# define MAXPACKET 8192 /* max packet size used internally by BIND */ -# endif /* ! MAXPACKET */ - -typedef union -{ - HEADER qb1; - unsigned char qb2[MAXPACKET]; -} querybuf; - # ifndef MXHOSTBUFSIZE # define MXHOSTBUFSIZE (128 * MAXMXHOSTS) # endif /* ! MXHOSTBUFSIZE */ diff --git a/gnu/usr.sbin/sendmail/sendmail/envelope.c b/gnu/usr.sbin/sendmail/sendmail/envelope.c index 33f8c83fbb3..dc85000c4f6 100644 --- a/gnu/usr.sbin/sendmail/sendmail/envelope.c +++ b/gnu/usr.sbin/sendmail/sendmail/envelope.c @@ -13,7 +13,7 @@ #include <sendmail.h> -SM_RCSID("@(#)$Sendmail: envelope.c,v 8.305 2008/03/31 16:32:13 ca Exp $") +SM_RCSID("@(#)$Sendmail: envelope.c,v 8.312 2010/02/03 16:36:40 ca Exp $") /* ** CLRSESSENVELOPE -- clear session oriented data in an envelope @@ -163,14 +163,14 @@ newenvelope(e, parent, rpool) ** split -- if true, split by recipient if message is queued up ** ** Returns: -** none. +** EX_* status (currently: 0: success, EX_IOERR on panic) ** ** Side Effects: ** housekeeping necessary to dispose of an envelope. ** Unlocks this queue file. */ -void +int dropenvelope(e, fulldrop, split) register ENVELOPE *e; bool fulldrop; @@ -209,12 +209,15 @@ dropenvelope(e, fulldrop, split) /* we must have an id to remove disk files */ if (id == NULL) - return; + return EX_OK; /* if verify-only mode, we can skip most of this */ if (OpMode == MD_VERIFY) goto simpledrop; + if (tTd(92, 2)) + sm_dprintf("dropenvelope: e_id=%s, EF_LOGSENDER=%d, LogLevel=%d\n", + e->e_id, bitset(EF_LOGSENDER, e->e_flags), LogLevel); if (LogLevel > 4 && bitset(EF_LOGSENDER, e->e_flags)) logsender(e, NULL); e->e_flags &= ~EF_LOGSENDER; @@ -243,12 +246,14 @@ dropenvelope(e, fulldrop, split) e->e_flags |= EF_FATALERRS|EF_CLRQUEUE; } + e->e_flags &= ~EF_QUEUERUN; for (q = e->e_sendqueue; q != NULL; q = q->q_next) { if (QS_IS_UNDELIVERED(q->q_state)) queueit = true; + /* see if a notification is needed */ if (bitset(QPINGONFAILURE, q->q_flags) && ((IS_MSG_ERR(msg_timeout) && @@ -618,7 +623,11 @@ simpledrop: } e->e_id = NULL; e->e_flags &= ~EF_HAS_DF; + if (panic) + return EX_IOERR; + return EX_OK; } + /* ** CLEARENVELOPE -- clear an envelope without unlocking ** @@ -714,6 +723,9 @@ clearenvelope(e, fullclear, rpool) bh = bh->h_link; nhp = &(*nhp)->h_link; } +#if _FFR_MILTER_ENHSC + e->e_enhsc[0] = '\0'; +#endif /* _FFR_MILTER_ENHSC */ } /* ** INITSYS -- initialize instantiation of system diff --git a/gnu/usr.sbin/sendmail/sendmail/err.c b/gnu/usr.sbin/sendmail/sendmail/err.c index 4e400062501..6fd03631810 100644 --- a/gnu/usr.sbin/sendmail/sendmail/err.c +++ b/gnu/usr.sbin/sendmail/sendmail/err.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1998-2003 Sendmail, Inc. and its suppliers. + * Copyright (c) 1998-2003, 2010 Sendmail, Inc. and its suppliers. * All rights reserved. * Copyright (c) 1983, 1995-1997 Eric P. Allman. All rights reserved. * Copyright (c) 1988, 1993 @@ -13,7 +13,7 @@ #include <sendmail.h> -SM_RCSID("@(#)$Sendmail: err.c,v 8.196 2006/11/10 23:14:08 ca Exp $") +SM_RCSID("@(#)$Sendmail: err.c,v 8.205 2010/02/03 23:22:41 ca Exp $") #if LDAPMAP # include <lber.h> @@ -359,7 +359,7 @@ usrerr(fmt, va_alist) ** increments Errors. */ -/*VARARGS1*/ +/*VARARGS2*/ void #ifdef __STDC__ usrerrenh(char *enhsc, const char *fmt, ...) @@ -427,6 +427,7 @@ usrerrenh(enhsc, fmt, va_alist) if (QuickAbort) sm_exc_raisenew_x(&EtypeQuickAbort, 1); } + /* ** MESSAGE -- print message (not necessarily an error) ** @@ -473,11 +474,12 @@ message(msg, va_alist) case '5': if (CurEnv->e_rpool == NULL && CurEnv->e_message != NULL) sm_free(CurEnv->e_message); - CurEnv->e_message = - sm_rpool_strdup_x(CurEnv->e_rpool, errtxt); + CurEnv->e_message = sm_rpool_strdup_x(CurEnv->e_rpool, errtxt); break; } } + + /* ** NMESSAGE -- print message (not necessarily an error) ** diff --git a/gnu/usr.sbin/sendmail/sendmail/headers.c b/gnu/usr.sbin/sendmail/sendmail/headers.c index 928078a5741..dd5659aded2 100644 --- a/gnu/usr.sbin/sendmail/sendmail/headers.c +++ b/gnu/usr.sbin/sendmail/sendmail/headers.c @@ -14,7 +14,7 @@ #include <sendmail.h> #include <sm/sendmail.h> -SM_RCSID("@(#)$Sendmail: headers.c,v 8.312 2007/06/19 18:52:11 ca Exp $") +SM_RCSID("@(#)$Sendmail: headers.c,v 8.317 2008/08/27 20:11:55 gshapiro Exp $") static HDR *allocheader __P((char *, char *, int, SM_RPOOL_T *, bool)); static size_t fix_mime_header __P((HDR *, ENVELOPE *)); @@ -715,7 +715,16 @@ hvalue(field, header) { if (!bitset(H_DEFAULT, h->h_flags) && sm_strcasecmp(h->h_field, field) == 0) - return h->h_value; + { + char *s; + + s = h->h_value; + if (s == NULL) + return NULL; + while (isascii(*s) && isspace(*s)) + s++; + return s; + } } return NULL; } @@ -1065,6 +1074,10 @@ eatheader(e, full, log) ** Log collection information. */ + if (tTd(92, 2)) + sm_dprintf("eatheader: e_id=%s, EF_LOGSENDER=%d, LogLevel=%d, log=%d\n", + e->e_id, bitset(EF_LOGSENDER, e->e_flags), LogLevel, + log); if (log && bitset(EF_LOGSENDER, e->e_flags) && LogLevel > 4) { logsender(e, e->e_msgid); diff --git a/gnu/usr.sbin/sendmail/sendmail/main.c b/gnu/usr.sbin/sendmail/sendmail/main.c index 069b4f06faa..652ac7d3d76 100644 --- a/gnu/usr.sbin/sendmail/sendmail/main.c +++ b/gnu/usr.sbin/sendmail/sendmail/main.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1998-2006, 2008 Sendmail, Inc. and its suppliers. + * Copyright (c) 1998-2006, 2008, 2009, 2011 Sendmail, Inc. and its suppliers. * All rights reserved. * Copyright (c) 1983, 1995-1997 Eric P. Allman. All rights reserved. * Copyright (c) 1988, 1993 @@ -26,7 +26,7 @@ SM_UNUSED(static char copyright[]) = The Regents of the University of California. All rights reserved.\n"; #endif /* ! lint */ -SM_RCSID("@(#)$Sendmail: main.c,v 8.967 2008/03/31 16:32:13 ca Exp $") +SM_RCSID("@(#)$Sendmail: main.c,v 8.976 2011/03/15 23:14:36 ca Exp $") #if NETINET || NETINET6 @@ -129,7 +129,7 @@ int SyslogPrefixLen; /* estimated length of syslog prefix */ { \ if (extraprivs && \ OpMode != MD_DELIVER && OpMode != MD_SMTP && \ - OpMode != MD_ARPAFTP && \ + OpMode != MD_ARPAFTP && OpMode != MD_CHECKCONFIG && \ OpMode != MD_VERIFY && OpMode != MD_TEST) \ { \ (void) sm_io_fprintf(smioout, SM_TIME_DEFAULT, \ @@ -304,6 +304,9 @@ main(argc, argv, envp) SubmitMode = SUBMIT_UNKNOWN; #if _FFR_LOCAL_DAEMON LocalDaemon = false; +# if NETINET6 + V6LoopbackAddrFound = false; +# endif /* NETINET6 */ #endif /* _FFR_LOCAL_DAEMON */ #if XDEBUG checkfd012("after openlog"); @@ -401,6 +404,9 @@ main(argc, argv, envp) case MD_HOSTSTAT: case MD_PURGESTAT: case MD_ARPAFTP: +#if _FFR_CHECKCONFIG + case MD_CHECKCONFIG: +#endif /* _FFR_CHECKCONFIG */ OpMode = j; break; @@ -1192,7 +1198,7 @@ main(argc, argv, envp) } /* if we've had errors so far, exit now */ - if ((ExitStat != EX_OK && OpMode != MD_TEST) || + if ((ExitStat != EX_OK && OpMode != MD_TEST && OpMode != MD_CHECKCONFIG) || ExitStat == EX_OSERR) { finis(false, true, ExitStat); @@ -1305,7 +1311,7 @@ main(argc, argv, envp) (void) getfallbackmxrr(FallbackMX); #endif /* NAMED_BIND */ - if (SuperSafe == SAFE_INTERACTIVE && CurEnv->e_sendmode != SM_DELIVER) + if (SuperSafe == SAFE_INTERACTIVE && !SM_IS_INTERACTIVE(CurEnv->e_sendmode)) { (void) sm_io_fprintf(smioout, SM_TIME_DEFAULT, "WARNING: SuperSafe=interactive should only be used with\n DeliveryMode=interactive\n"); @@ -1566,6 +1572,7 @@ main(argc, argv, envp) break; case MD_TEST: + case MD_CHECKCONFIG: case MD_PRINT: case MD_PRINTNQE: case MD_FREEZE: @@ -1626,6 +1633,9 @@ main(argc, argv, envp) case MD_TEST: /* don't have persistent host status in test mode */ HostStatDir = NULL; + /* FALLTHROUGH */ + + case MD_CHECKCONFIG: if (Verbose == 0) Verbose = 2; BlankEnvelope.e_errormode = EM_PRINT; @@ -1933,8 +1943,8 @@ main(argc, argv, envp) } } - /* if we've had errors so far, exit now */ - if (ExitStat != EX_OK && OpMode != MD_TEST) + /* if checking config or have had errors so far, exit now */ + if (OpMode == MD_CHECKCONFIG || (ExitStat != EX_OK && OpMode != MD_TEST)) { finis(false, true, ExitStat); /* NOTREACHED */ @@ -1958,7 +1968,7 @@ main(argc, argv, envp) case MD_PRINT: /* print the queue */ HoldErrs = false; - dropenvelope(&BlankEnvelope, true, false); + (void) dropenvelope(&BlankEnvelope, true, false); (void) sm_signal(SIGPIPE, sigpipe); if (qgrp != NOQGRP) { @@ -1981,7 +1991,7 @@ main(argc, argv, envp) case MD_PRINTNQE: /* print number of entries in queue */ - dropenvelope(&BlankEnvelope, true, false); + (void) dropenvelope(&BlankEnvelope, true, false); (void) sm_signal(SIGPIPE, sigpipe); printnqe(smioout, NULL); finis(false, true, EX_OK); @@ -2133,8 +2143,8 @@ main(argc, argv, envp) else if (OpMode == MD_DAEMON || OpMode == MD_FGDAEMON || OpMode == MD_SMTP) { - /* check whether STARTTLS is turned off for the server */ - if (chkdaemonmodifiers(D_NOTLS)) + /* check whether STARTTLS is turned off */ + if (chkdaemonmodifiers(D_NOTLS) && chkclientmodifiers(D_NOTLS)) tls_ok = false; } else /* other modes don't need STARTTLS */ @@ -2530,7 +2540,7 @@ main(argc, argv, envp) } } } - dropenvelope(&MainEnvelope, true, false); + (void) dropenvelope(&MainEnvelope, true, false); #if STARTTLS /* init TLS for server, ignore result for now */ @@ -2952,7 +2962,11 @@ finis(drop, cleanup, exitstat) { if (CurEnv->e_id != NULL) { - dropenvelope(CurEnv, true, false); + int r; + + r = dropenvelope(CurEnv, true, false); + if (exitstat == EX_OK) + exitstat = r; sm_rpool_free(CurEnv->e_rpool); CurEnv->e_rpool = NULL; @@ -3179,7 +3193,7 @@ sigpipe(sig) ** may resend a message. ** ** Parameters: -** none. +** sig -- incoming signal. ** ** Returns: ** none. @@ -3190,8 +3204,6 @@ sigpipe(sig) ** NOTE: THIS CAN BE CALLED FROM A SIGNAL HANDLER. DO NOT ADD ** ANYTHING TO THIS ROUTINE UNLESS YOU KNOW WHAT YOU ARE ** DOING. -** -** XXX: More work is needed for this signal handler. */ /* ARGSUSED */ @@ -3206,38 +3218,34 @@ intsig(sig) errno = save_errno; CHECK_CRITICAL(sig); sm_allsignals(true); + IntSig = true; - if (sig != 0 && LogLevel > 79) - sm_syslog(LOG_DEBUG, CurEnv->e_id, "interrupt"); FileName = NULL; /* Clean-up on aborted stdin message submission */ - if (CurEnv->e_id != NULL && - (OpMode == MD_SMTP || + if (OpMode == MD_SMTP || OpMode == MD_DELIVER || - OpMode == MD_ARPAFTP)) + OpMode == MD_ARPAFTP) { - register ADDRESS *q; - - /* don't return an error indication */ - CurEnv->e_to = NULL; - CurEnv->e_flags &= ~EF_FATALERRS; - CurEnv->e_flags |= EF_CLRQUEUE; - - /* - ** Spin through the addresses and - ** mark them dead to prevent bounces - */ - - for (q = CurEnv->e_sendqueue; q != NULL; q = q->q_next) - q->q_state = QS_DONTSEND; - - drop = true; + if (CurEnv->e_id != NULL) + { + char *fn; + + fn = queuename(CurEnv, DATAFL_LETTER); + if (fn != NULL) + (void) unlink(fn); + fn = queuename(CurEnv, ANYQFL_LETTER); + if (fn != NULL) + (void) unlink(fn); + } + _exit(EX_OK); + /* NOTREACHED */ } - else if (OpMode != MD_TEST) - { + + if (sig != 0 && LogLevel > 79) + sm_syslog(LOG_DEBUG, CurEnv->e_id, "interrupt"); + if (OpMode != MD_TEST) unlockqueue(CurEnv); - } finis(drop, false, EX_OK); /* NOTREACHED */ diff --git a/gnu/usr.sbin/sendmail/sendmail/map.c b/gnu/usr.sbin/sendmail/sendmail/map.c index 0f4eda0df8f..05c59bcf743 100644 --- a/gnu/usr.sbin/sendmail/sendmail/map.c +++ b/gnu/usr.sbin/sendmail/sendmail/map.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1998-2007 Sendmail, Inc. and its suppliers. + * Copyright (c) 1998-2008 Sendmail, Inc. and its suppliers. * All rights reserved. * Copyright (c) 1992, 1995-1997 Eric P. Allman. All rights reserved. * Copyright (c) 1992, 1993 @@ -13,7 +13,7 @@ #include <sendmail.h> -SM_RCSID("@(#)$Sendmail: map.c,v 8.699 2007/10/10 00:06:45 ca Exp $") +SM_RCSID("@(#)$Sendmail: map.c,v 8.706 2010/07/27 03:35:42 ca Exp $") #if LDAPMAP # include <sm/ldap.h> @@ -730,7 +730,7 @@ getcanonname(host, hbsize, trymx, pttl) int mapno; bool found = false; bool got_tempfail = false; - auto int status; + auto int status = EX_UNAVAILABLE; char *maptype[MAXMAPSTACK]; short mapreturn[MAXMAPACTIONS]; #if defined(SUN_EXTENSIONS) && defined(SUN_INIT_DOMAIN) @@ -3415,6 +3415,18 @@ ldapmap_open(map, mode) else id = "localhost"; + if (tTd(74, 104)) + { + extern MAPCLASS NullMapClass; + + /* debug mode: don't actually open an LDAP connection */ + map->map_orgclass = map->map_class; + map->map_class = &NullMapClass; + map->map_mflags |= MF_OPEN; + map->map_pid = CurrentPid; + return true; + } + /* No connection yet, connect */ if (!sm_ldap_start(map->map_mname, lmap)) { @@ -3514,12 +3526,12 @@ sunet_id_hash(str) p_last = p; while (*p != '\0') { - if (islower(*p) || isdigit(*p)) + if (isascii(*p) && (islower(*p) || isdigit(*p))) { *p_last = *p; p_last++; } - else if (isupper(*p)) + else if (isascii(*p) && isupper(*p)) { *p_last = tolower(*p); p_last++; @@ -3967,6 +3979,10 @@ ldapmap_parseargs(map, args) map->map_coldelim = ' '; } +# if _FFR_LDAP_NETWORK_TIMEOUT + lmap->ldap_networktmo = 120; +# endif /* _FFR_LDAP_NETWORK_TIMEOUT */ + for (;;) { while (isascii(*p) && isspace(*p)) @@ -4066,7 +4082,7 @@ ldapmap_parseargs(map, args) case 'c': /* network (connect) timeout */ while (isascii(*++p) && isspace(*p)) continue; - lmap->ldap_networktmo.tv_sec = atoi(p); + lmap->ldap_networktmo = atoi(p); break; # endif /* _FFR_LDAP_NETWORK_TIMEOUT */ @@ -5969,7 +5985,7 @@ stab_map_store(map, lhs, rhs) /* ** STAB_MAP_OPEN -- initialize (reads data file) ** -** This is a wierd case -- it is only intended as a fallback for +** This is a weird case -- it is only intended as a fallback for ** aliases. For this reason, opens for write (only during a ** "newaliases") always fails, and opens for read open the ** actual underlying text file instead of the database. @@ -6687,6 +6703,13 @@ null_map_store(map, key, val) return; } +MAPCLASS NullMapClass = +{ + "null-map", NULL, 0, + NULL, null_map_lookup, null_map_store, + null_map_open, null_map_close, +}; + /* ** BOGUS stubs */ @@ -7325,7 +7348,8 @@ arith_map_lookup(map, name, av, statp) if (LogLevel > 10) sm_syslog(LOG_WARNING, NOQID, "arith_map: unknown operator %c", - isprint(*name) ? *name : '?'); + (isascii(*name) && isprint(*name)) ? + *name : '?'); return NULL; } if (boolres) diff --git a/gnu/usr.sbin/sendmail/sendmail/mci.c b/gnu/usr.sbin/sendmail/sendmail/mci.c index e3450e45532..947ad131f3e 100644 --- a/gnu/usr.sbin/sendmail/sendmail/mci.c +++ b/gnu/usr.sbin/sendmail/sendmail/mci.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1998-2005 Sendmail, Inc. and its suppliers. + * Copyright (c) 1998-2005, 2010 Sendmail, Inc. and its suppliers. * All rights reserved. * Copyright (c) 1995-1997 Eric P. Allman. All rights reserved. * Copyright (c) 1988, 1993 @@ -13,7 +13,7 @@ #include <sendmail.h> -SM_RCSID("@(#)$Sendmail: mci.c,v 8.221 2007/11/13 23:44:25 gshapiro Exp $") +SM_RCSID("@(#)$Sendmail: mci.c,v 8.223 2010/03/10 04:35:28 ca Exp $") #if NETINET || NETINET6 # include <arpa/inet.h> @@ -288,6 +288,32 @@ mci_flush(doquit, allbut) mci_uncache(&MciCache[i], doquit); } } + +/* +** MCI_CLR_EXTENSIONS -- clear knowledge about SMTP extensions +** +** Parameters: +** mci -- the connection to clear. +** +** Returns: +** none. +*/ + +void +mci_clr_extensions(mci) + MCI *mci; +{ + if (mci == NULL) + return; + + mci->mci_flags &= ~MCIF_EXTENS; + mci->mci_maxsize = 0; + mci->mci_min_by = 0; +#if SASL + mci->mci_saslcap = NULL; +#endif /* SASL */ +} + /* ** MCI_GET -- get information about a particular host ** @@ -567,6 +593,7 @@ static struct mcifbits MciFlags[] = { MCIF_CVT7TO8, "CVT7TO8" }, { MCIF_INMIME, "INMIME" }, { MCIF_AUTH, "AUTH" }, + { MCIF_AUTH2, "AUTH2" }, { MCIF_AUTHACT, "AUTHACT" }, { MCIF_ENHSTAT, "ENHSTAT" }, { MCIF_PIPELINED, "PIPELINED" }, diff --git a/gnu/usr.sbin/sendmail/sendmail/milter.c b/gnu/usr.sbin/sendmail/sendmail/milter.c index 4d6d4c7e922..4beac6b5190 100644 --- a/gnu/usr.sbin/sendmail/sendmail/milter.c +++ b/gnu/usr.sbin/sendmail/sendmail/milter.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1999-2006 Sendmail, Inc. and its suppliers. + * Copyright (c) 1999-2009 Sendmail, Inc. and its suppliers. * All rights reserved. * * By using this file, you agree to the terms and conditions set @@ -10,7 +10,7 @@ #include <sendmail.h> -SM_RCSID("@(#)$Sendmail: milter.c,v 8.269 2007/06/06 17:26:12 ca Exp $") +SM_RCSID("@(#)$Sendmail: milter.c,v 8.277 2009/11/06 00:57:06 ca Exp $") #if MILTER # include <sm/sendmail.h> @@ -514,7 +514,6 @@ milter_write(m, cmd, buf, len, to, e, where) ENVELOPE *e; const char *where; { - time_t writestart = (time_t) 0; ssize_t sl, i; int num_vectors; mi_int32 nl; @@ -532,12 +531,16 @@ milter_write(m, cmd, buf, len, to, e, where) if (len < 0 || len > MilterMaxDataSize) { if (tTd(64, 5)) - sm_dprintf("milter_write(%s): length %ld out of range\n", - m->mf_name, (long) len); + { + sm_dprintf("milter_write(%s): length %ld out of range, cmd=%c\n", + m->mf_name, (long) len, command); + sm_dprintf("milter_write(%s): buf=%s\n", + m->mf_name, str2prt(buf)); + } if (MilterLogLevel > 0) sm_syslog(LOG_ERR, e->e_id, - "milter_write(%s): length %ld out of range", - m->mf_name, (long) len); + "milter_write(%s): length %ld out of range, cmd=%c", + m->mf_name, (long) len, command); milter_error(m, e); return NULL; } @@ -594,10 +597,7 @@ milter_write(m, cmd, buf, len, to, e, where) } if (to > 0) - { - writestart = curtime(); MILTER_TIMEOUT("write", to, true, started, where); - } /* write the vector(s) */ i = writev(m->mf_sock, vector, num_vectors); @@ -1572,10 +1572,10 @@ static struct milteropt # define MO_LOGLEVEL 0x07 { "loglevel", MO_LOGLEVEL }, -# if _FFR_MAXDATASIZE +# if _FFR_MAXDATASIZE || _FFR_MDS_NEGOTIATE # define MO_MAXDATASIZE 0x08 { "maxdatasize", MO_MAXDATASIZE }, -# endif /* _FFR_MAXDATASIZE */ +# endif /* _FFR_MAXDATASIZE || _FFR_MDS_NEGOTIATE */ { NULL, (unsigned char)-1 }, }; @@ -1631,11 +1631,29 @@ milter_set_option(name, val, sticky) MilterLogLevel = atoi(val); break; -#if _FFR_MAXDATASIZE +# if _FFR_MAXDATASIZE || _FFR_MDS_NEGOTIATE case MO_MAXDATASIZE: +# if _FFR_MDS_NEGOTIATE MilterMaxDataSize = (size_t)atol(val); + if (MilterMaxDataSize != MILTER_MDS_64K && + MilterMaxDataSize != MILTER_MDS_256K && + MilterMaxDataSize != MILTER_MDS_1M) + { + sm_syslog(LOG_WARNING, NOQID, + "WARNING: Milter.%s=%d, allowed are only %d, %d, and %d", + name, MilterMaxDataSize, + MILTER_MDS_64K, MILTER_MDS_256K, + MILTER_MDS_1M); + if (MilterMaxDataSize < MILTER_MDS_64K) + MilterMaxDataSize = MILTER_MDS_64K; + else if (MilterMaxDataSize < MILTER_MDS_256K) + MilterMaxDataSize = MILTER_MDS_256K; + else + MilterMaxDataSize = MILTER_MDS_1M; + } +# endif /* _FFR_MDS_NEGOTIATE */ break; -#endif /* _FFR_MAXDATASIZE */ +# endif /* _FFR_MAXDATASIZE || _FFR_MDS_NEGOTIATE */ case MO_MACROS_CONNECT: if (macros == NULL) @@ -2411,6 +2429,12 @@ milter_negotiate(m, e, milters) mta_prot_flags = SMFI_CURR_PROT; mta_actions = SMFI_CURR_ACTS; #endif /* _FFR_MILTER_CHECK */ +#if _FFR_MDS_NEGOTIATE + if (MilterMaxDataSize == MILTER_MDS_256K) + mta_prot_flags |= SMFIP_MDS_256K; + else if (MilterMaxDataSize == MILTER_MDS_1M) + mta_prot_flags |= SMFIP_MDS_1M; +#endif /* _FFR_MDS_NEGOTIATE */ fvers = htonl(mta_prot_vers); pflags = htonl(mta_prot_flags); @@ -2525,6 +2549,39 @@ milter_negotiate(m, e, milters) goto error; } +#if _FFR_MDS_NEGOTIATE + /* use a table instead of sequence? */ + if (bitset(SMFIP_MDS_1M, m->mf_pflags)) + { + if (MilterMaxDataSize != MILTER_MDS_1M) + { + /* this should not happen... */ + sm_syslog(LOG_WARNING, NOQID, + "WARNING: Milter.maxdatasize: configured=%d, set by libmilter=%d", + MilterMaxDataSize, MILTER_MDS_1M); + MilterMaxDataSize = MILTER_MDS_1M; + } + } + else if (bitset(SMFIP_MDS_256K, m->mf_pflags)) + { + if (MilterMaxDataSize != MILTER_MDS_256K) + { + sm_syslog(LOG_WARNING, NOQID, + "WARNING: Milter.maxdatasize: configured=%d, set by libmilter=%d", + MilterMaxDataSize, MILTER_MDS_256K); + MilterMaxDataSize = MILTER_MDS_256K; + } + } + else if (MilterMaxDataSize != MILTER_MDS_64K) + { + sm_syslog(LOG_WARNING, NOQID, + "WARNING: Milter.maxdatasize: configured=%d, set by libmilter=%d", + MilterMaxDataSize, MILTER_MDS_64K); + MilterMaxDataSize = MILTER_MDS_64K; + } + m->mf_pflags &= ~SMFI_INTERNAL; +#endif /* _FFR_MDS_NEGOTIATE */ + /* check for protocol feature mismatch */ if ((m->mf_pflags & mta_prot_flags) != m->mf_pflags) { @@ -2976,7 +3033,7 @@ milter_addheader(m, response, rlen, e) h->h_value = mh_value; else { - h->h_value = addleadingspace (mh_value, e->e_rpool); + h->h_value = addleadingspace(mh_value, e->e_rpool); SM_FREE(mh_value); } h->h_flags |= H_USER; @@ -3277,7 +3334,7 @@ milter_changeheader(m, response, rlen, e) h->h_value = mh_value; else { - h->h_value = addleadingspace (mh_value, e->e_rpool); + h->h_value = addleadingspace(mh_value, e->e_rpool); SM_FREE(mh_value); } h->h_flags |= H_USER; @@ -3330,7 +3387,7 @@ milter_split_response(response, rlen, pargc) return NULL; /* last entry is only for the name */ - s = (char **)malloc(nelem * (sizeof(*s))); + s = (char **)malloc((nelem + 1) * (sizeof(*s))); if (s == NULL) return NULL; s[0] = response; @@ -3813,7 +3870,7 @@ milter_init(e, state, milters) m->mf_sock < 0 ? "open" : "negotiate"); - /* if negotation failure, close socket */ + /* if negotiation failure, close socket */ milter_error(m, e); MILTER_CHECK_ERROR(true, continue); continue; @@ -4383,7 +4440,7 @@ milter_data(e, state) response = milter_read(m, &rcmd, &rlen, m->mf_timeout[SMFTO_READ], e, - "body"); + "eom"); if (m->mf_state == SMFS_ERROR) break; diff --git a/gnu/usr.sbin/sendmail/sendmail/parseaddr.c b/gnu/usr.sbin/sendmail/sendmail/parseaddr.c index 54eb1dd3ce4..cb35b37f2a9 100644 --- a/gnu/usr.sbin/sendmail/sendmail/parseaddr.c +++ b/gnu/usr.sbin/sendmail/sendmail/parseaddr.c @@ -13,7 +13,7 @@ #include <sendmail.h> -SM_RCSID("@(#)$Sendmail: parseaddr.c,v 8.403 2008/02/08 02:27:35 ca Exp $") +SM_RCSID("@(#)$Sendmail: parseaddr.c,v 8.404 2010/07/27 03:35:42 ca Exp $") #include <sm/sendmail.h> #include "map.h" @@ -319,7 +319,7 @@ delim: ** is invalid and should be "repaired". ** ** Returns: -** true -- if the address has any "wierd" characters or +** true -- if the address has any "weird" characters or ** non-printable characters or if a quote is unbalanced. ** false -- otherwise. */ diff --git a/gnu/usr.sbin/sendmail/sendmail/queue.c b/gnu/usr.sbin/sendmail/sendmail/queue.c index f3e91a951a0..53ca18d2f3e 100644 --- a/gnu/usr.sbin/sendmail/sendmail/queue.c +++ b/gnu/usr.sbin/sendmail/sendmail/queue.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1998-2007 Sendmail, Inc. and its suppliers. + * Copyright (c) 1998-2009, 2011 Sendmail, Inc. and its suppliers. * All rights reserved. * Copyright (c) 1983, 1995-1997 Eric P. Allman. All rights reserved. * Copyright (c) 1988, 1993 @@ -14,7 +14,7 @@ #include <sendmail.h> #include <sm/sem.h> -SM_RCSID("@(#)$Sendmail: queue.c,v 8.977 2008/02/15 23:19:58 ca Exp $") +SM_RCSID("@(#)$Sendmail: queue.c,v 8.991 2011/03/15 23:14:36 ca Exp $") #include <dirent.h> @@ -134,7 +134,7 @@ static const char EmptyString[] = ""; static void grow_wlist __P((int, int)); static int multiqueue_cache __P((char *, int, QUEUEGRP *, int, unsigned int *)); -static int gatherq __P((int, int, bool, bool *, bool *)); +static int gatherq __P((int, int, bool, bool *, bool *, int *)); static int sortq __P((int)); static void printctladdr __P((ADDRESS *, SM_FILE_T *)); static bool readqf __P((ENVELOPE *, bool)); @@ -203,7 +203,7 @@ static const char *FSPath[MAXFILESYS]; /* pathnames for file systems */ ** tag -- should be a unique id to avoid misinterpretations by others. ** idea: hash over configuration data that will be stored here. ** NumFileSys -- number of file systems. -** FileSys -- (arrary of) structure for used file systems. +** FileSys -- (array of) structure for used file systems. ** RSATmpCnt -- counter for number of uses of ephemeral RSA key. ** QShm -- (array of) structure for information about queue directories. */ @@ -633,7 +633,6 @@ queueup(e, announce, msync) } /* output inode number of data file */ - /* XXX should probably include device major/minor too */ if (e->e_dfino != -1) { (void) sm_io_fprintf(tfp, SM_TIME_DEFAULT, "I%ld/%ld/%llu\n", @@ -2106,7 +2105,7 @@ run_work_group(wgrp, flags) for (i = 0; i < Queue[qgrp]->qg_numqueues; i++) { - h = gatherq(qgrp, qdir, false, &full, &more); + (void) gatherq(qgrp, qdir, false, &full, &more, &h); #if SM_CONF_SHM if (ShmId != SM_SHM_NO_ID) QSHM_ENTRIES(Queue[qgrp]->qg_qpaths[qdir].qp_idx) = h; @@ -2450,6 +2449,7 @@ runqueueevent(ignore) ** full -- (optional) to be set 'true' if WorkList is full ** more -- (optional) to be set 'true' if there are still more ** messages in this queue not added to WorkList +** pnentries -- (optional) total nuber of entries in queue ** ** Returns: ** The number of request in the queue (not necessarily @@ -2472,25 +2472,26 @@ static int WorkListSize = 0; /* current max size of WorkList */ static int WorkListCount = 0; /* # of work items in WorkList */ static int -gatherq(qgrp, qdir, doall, full, more) +gatherq(qgrp, qdir, doall, full, more, pnentries) int qgrp; int qdir; bool doall; bool *full; bool *more; + int *pnentries; { register struct dirent *d; register WORK *w; register char *p; DIR *f; - int i, num_ent; - int wn; + int i, num_ent, wn, nentries; QUEUE_CHAR *check; char qd[MAXPATHLEN]; char qf[MAXPATHLEN]; wn = WorkListCount - 1; num_ent = 0; + nentries = 0; if (qdir == NOQDIR) (void) sm_strlcpy(qd, ".", sizeof(qd)); else @@ -2600,6 +2601,7 @@ gatherq(qgrp, qdir, doall, full, more) continue; } + ++nentries; check = QueueLimitId; while (check != NULL) { @@ -2855,6 +2857,21 @@ gatherq(qgrp, qdir, doall, full, more) break; case 'K': +#if _FFR_EXPDELAY + if (MaxQueueAge > 0) + { + time_t lasttry, delay; + + lasttry = (time_t) atol(&lbuf[1]); + delay = MIN(lasttry - w->w_ctime, + MaxQueueAge); + age = curtime() - lasttry; + if (age < delay) + w->w_tooyoung = true; + break; + } +#endif /* _FFR_EXPDELAY */ + age = curtime() - (time_t) atol(&lbuf[1]); if (age >= 0 && MinQueueAge > 0 && age < MinQueueAge) @@ -2900,6 +2917,8 @@ gatherq(qgrp, qdir, doall, full, more) *full = (wn >= MaxQueueRun && MaxQueueRun > 0) || (WorkList == NULL && wn > 0); + if (pnentries != NULL) + *pnentries = nentries; return i; } /* @@ -3331,8 +3350,8 @@ workcmpf4(a, b) ** WORKCMPF5 -- compare based on assigned random number ** ** Parameters: -** a -- the first argument (ignored). -** b -- the second argument (ignored). +** a -- the first argument. +** b -- the second argument. ** ** Returns: ** randomly 1/-1 @@ -3682,7 +3701,7 @@ dowork(qgrp, qdir, id, forkflag, requeueflag, e) finis(true, true, ExitStat); else { - dropenvelope(e, true, false); + (void) dropenvelope(e, true, false); sm_rpool_free(rpool); e->e_rpool = NULL; } @@ -3859,7 +3878,7 @@ doworklist(el, forkflag, requeueflag) /* do the delivery */ sendall(&e, SM_DELIVER); - dropenvelope(&e, true, false); + (void) dropenvelope(&e, true, false); } else { @@ -4834,7 +4853,7 @@ print_single_queue(qgrp, qdir) ** Read and order the queue. */ - nrequests = gatherq(qgrp, qdir, true, NULL, NULL); + nrequests = gatherq(qgrp, qdir, true, NULL, NULL, NULL); (void) sortq(Queue[qgrp]->qg_maxlist); /* @@ -5175,7 +5194,11 @@ queuename(e, type) /* Assign an ID if needed */ if (e->e_id == NULL) + { + if (IntSig) + return NULL; assign_queueid(e); + } type = queue_letter(e, type); /* begin of filename */ @@ -5219,7 +5242,11 @@ queuename(e, type) else { if (e->e_qgrp == NOQGRP || e->e_qdir == NOQDIR) + { + if (IntSig) + return NULL; (void) setnewqueue(e); + } if (type == DATAFL_LETTER) { qd = e->e_dfqdir; @@ -5259,6 +5286,8 @@ queuename(e, type) break; default: + if (IntSig) + return NULL; sm_abort("queuename: bad queue file type %d", type); } @@ -5332,31 +5361,31 @@ static const char QueueIdChars[] = "0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefgh */ # define queuenextid() CurrentPid - +#define QIC_LEN_SQR (QIC_LEN * QIC_LEN) void assign_queueid(e) register ENVELOPE *e; { pid_t pid = queuenextid(); - static int cX = 0; - static long random_offset; + static unsigned int cX = 0; + static unsigned int random_offset; struct tm *tm; char idbuf[MAXQFNAME - 2]; - int seq; + unsigned int seq; if (e->e_id != NULL) return; /* see if we need to get a new base time/pid */ - if (cX >= QIC_LEN * QIC_LEN || LastQueueTime == 0 || - LastQueuePid != pid) + if (cX >= QIC_LEN_SQR || LastQueueTime == 0 || LastQueuePid != pid) { time_t then = LastQueueTime; /* if the first time through, pick a random offset */ if (LastQueueTime == 0) - random_offset = get_random(); + random_offset = ((unsigned int)get_random()) + % QIC_LEN_SQR; while ((LastQueueTime = curtime()) == then && LastQueuePid == pid) @@ -5368,16 +5397,16 @@ assign_queueid(e) } /* - ** Generate a new sequence number between 0 and QIC_LEN*QIC_LEN-1. - ** This lets us generate up to QIC_LEN*QIC_LEN unique queue ids + ** Generate a new sequence number between 0 and QIC_LEN_SQR-1. + ** This lets us generate up to QIC_LEN_SQR unique queue ids ** per second, per process. With envelope splitting, ** a single message can consume many queue ids. */ - seq = (int)((cX + random_offset) % (QIC_LEN * QIC_LEN)); + seq = (cX + random_offset) % QIC_LEN_SQR; ++cX; if (tTd(7, 50)) - sm_dprintf("assign_queueid: random_offset = %ld (%d)\n", + sm_dprintf("assign_queueid: random_offset=%u (%u)\n", random_offset, seq); tm = gmtime(&LastQueueTime); @@ -5430,6 +5459,7 @@ sync_queue_time() { #if FAST_PID_RECYCLE if (OpMode != MD_TEST && + OpMode != MD_CHECKCONFIG && OpMode != MD_VERIFY && LastQueueTime > 0 && LastQueuePid == CurrentPid && @@ -5740,6 +5770,10 @@ pickqdir(qg, fsize, e) else qdir = get_rand_mod(qg->qg_numqueues); +#if _FFR_TESTS + if (tTd(4, 101)) + return NOQDIR; +#endif /* _FFR_TESTS */ if (MinBlocksFree <= 0 && fsize <= 0) return qdir; @@ -6600,6 +6634,16 @@ init_sem(owner) (long) SemKey, SemId, sm_errstring(-SemId)); return; } + if (owner && RunAsUid != 0) + { + int r; + + r = sm_semsetowner(SemId, RunAsUid, RunAsGid, 0660); + if (r != 0) + sm_syslog(LOG_ERR, NOQID, + "key=%ld, sm_semsetowner=%d, RunAsUid=%d, RunAsGid=%d", + (long) SemKey, r, RunAsUid, RunAsGid); + } #endif /* SM_CONF_SEM */ #endif /* _FFR_USE_SEM_LOCKING */ return; @@ -8826,7 +8870,7 @@ quarantine_queue(reason, qgrplimit) if (StopRequest) stop_sendmail(); - nrequests = gatherq(qgrp, qdir, true, NULL, NULL); + nrequests = gatherq(qgrp, qdir, true, NULL, NULL, NULL); /* first see if there is anything */ if (nrequests <= 0) diff --git a/gnu/usr.sbin/sendmail/sendmail/ratectrl.c b/gnu/usr.sbin/sendmail/sendmail/ratectrl.c index 976a996396c..48babeb7b2f 100644 --- a/gnu/usr.sbin/sendmail/sendmail/ratectrl.c +++ b/gnu/usr.sbin/sendmail/sendmail/ratectrl.c @@ -45,7 +45,7 @@ */ #include <sendmail.h> -SM_RCSID("@(#)$Sendmail: ratectrl.c,v 8.12 2008/02/11 22:56:05 ca Exp $") +SM_RCSID("@(#)$Sendmail: ratectrl.c,v 8.13 2009/05/05 23:19:34 ca Exp $") /* ** stuff included - given some warnings (inet_ntoa) @@ -69,9 +69,6 @@ SM_RCSID("@(#)$Sendmail: ratectrl.c,v 8.12 2008/02/11 22:56:05 ca Exp $") /* forward declarations */ static int client_rate __P((time_t, SOCKADDR *, bool)); static int total_rate __P((time_t, bool)); -#if 0 -static int sockaddrcmp __P((SOCKADDR *, SOCKADDR *)); -#endif /* 0 */ /* ** CONNECTION_RATE_CHECK - updates connection history data @@ -485,50 +482,3 @@ total_rate(now, update) return cnt; } - -#if 0 -/* -** SOCKADDRCMP - compare two SOCKADDR structures -** this function may be used to compare SOCKADDR -** structures when using bsearch and qsort functions -** in the same way we do with strcmp -** -** Parameters: -** a, b - addresses -** -** Returns: -** 1 if a > b -** -1 if a < b -** 0 if a = b -** -** OBS: This call isn't used at the moment, it will -** be used when code will be extended to work with IPV6 -*/ - -static int -sockaddrcmp(a, b) - SOCKADDR *a; - SOCKADDR *b; -{ - if (a->sa.sa_family > b->sa.sa_family) - return 1; - if (a->sa.sa_family < b->sa.sa_family) - return -1; - - switch (a->sa.sa_family) - { - case AF_INET: - if (a->sin.sin_addr.s_addr > b->sin.sin_addr.s_addr) - return 1; - if (a->sin.sin_addr.s_addr < b->sin.sin_addr.s_addr) - return -1; - return 0; - break; - - case AF_INET6: - /* TO BE DONE */ - break; - } - return 0; -} -#endif /* 0 */ diff --git a/gnu/usr.sbin/sendmail/sendmail/readcf.c b/gnu/usr.sbin/sendmail/sendmail/readcf.c index 83a00c6d8f7..77409d26e2a 100644 --- a/gnu/usr.sbin/sendmail/sendmail/readcf.c +++ b/gnu/usr.sbin/sendmail/sendmail/readcf.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1998-2006, 2008 Sendmail, Inc. and its suppliers. + * Copyright (c) 1998-2006, 2008-2010 Sendmail, Inc. and its suppliers. * All rights reserved. * Copyright (c) 1983, 1995-1997 Eric P. Allman. All rights reserved. * Copyright (c) 1988, 1993 @@ -14,12 +14,13 @@ #include <sendmail.h> #include <sm/sendmail.h> -SM_RCSID("@(#)$Sendmail: readcf.c,v 8.666 2008/02/14 17:25:14 ca Exp $") +SM_RCSID("@(#)$Sendmail: readcf.c,v 8.684 2011/03/15 17:29:29 guenther Exp $") #if NETINET || NETINET6 # include <arpa/inet.h> #endif /* NETINET || NETINET6 */ + #define SECONDS #define MINUTES * 60 #define HOUR * 3600 @@ -113,6 +114,17 @@ readcf(cfname, safe, e) FileName = cfname; LineNumber = 0; +#if STARTTLS + Srv_SSL_Options = SSL_OP_ALL; + Clt_SSL_Options = SSL_OP_ALL +#ifdef SSL_OP_NO_SSLv2 + | SSL_OP_NO_SSLv2 +#endif +#ifdef SSL_OP_NO_TICKET + | SSL_OP_NO_TICKET +#endif + ; +#endif /* STARTTLS */ if (DontLockReadFiles) sff |= SFF_NOLOCK; cf = safefopen(cfname, O_RDONLY, 0444, sff); @@ -136,7 +148,7 @@ readcf(cfname, safe, e) if (OpMode != MD_TEST && bitset(S_IWGRP|S_IWOTH, statb.st_mode)) { - if (OpMode == MD_DAEMON || OpMode == MD_INITALIAS) + if (OpMode == MD_DAEMON || OpMode == MD_INITALIAS || OpMode == MD_CHECKCONFIG) (void) sm_io_fprintf(smioerr, SM_TIME_DEFAULT, "%s: WARNING: dangerous write permissions\n", FileName); @@ -462,7 +474,7 @@ readcf(cfname, safe, e) rwp = RewriteRules[ruleset]; if (rwp != NULL) { - if (OpMode == MD_TEST) + if (OpMode == MD_TEST || OpMode == MD_CHECKCONFIG) (void) sm_io_fprintf(smioout, SM_TIME_DEFAULT, "WARNING: Ruleset %s has multiple definitions\n", @@ -534,7 +546,6 @@ readcf(cfname, safe, e) p++; while (isascii(*p) && isspace(*p)) p++; - file = p; } else optional = false; @@ -2255,10 +2266,122 @@ static struct optioninfo # define O_RCPTSHUTDG 0xe2 { "BadRcptShutdownGood", O_RCPTSHUTDG, OI_SAFE }, #endif /* _FFR_BADRCPT_SHUTDOWN */ +#if STARTTLS && _FFR_TLS_1 +# define O_SRV_SSL_OPTIONS 0xe3 + { "ServerSSLOptions", O_SRV_SSL_OPTIONS, OI_NONE }, +# define O_CLT_SSL_OPTIONS 0xe4 + { "ClientSSLOptions", O_CLT_SSL_OPTIONS, OI_NONE }, +#endif /* STARTTLS && _FFR_TLS_1 */ +#if _FFR_EXPDELAY +# define O_MAX_QUEUE_AGE 0xe5 + { "MaxQueueAge", O_MAX_QUEUE_AGE, OI_NONE }, +#endif /* _FFR_EXPDELAY */ +#if _FFR_RCPTTHROTDELAY +# define O_RCPTTHROTDELAY 0xe6 + { "BadRcptThrottleDelay", O_RCPTTHROTDELAY, OI_SAFE }, +#endif /* _FFR_RCPTTHROTDELAY */ +#if 0 && _FFR_QOS && defined(SOL_IP) && defined(IP_TOS) +# define O_INETQOS 0xe7 /* reserved for FFR_QOS */ + { "InetQoS", O_INETQOS, OI_NONE }, +#endif { NULL, '\0', OI_NONE } }; +#if STARTTLS && _FFR_TLS_1 +static struct ssl_options +{ + const char *sslopt_name; /* name of the flag */ + long sslopt_bits; /* bits to set/clear */ +} SSL_Option[] = +{ +/* these are turned on by default */ +#ifdef SSL_OP_MICROSOFT_SESS_ID_BUG + { "SSL_OP_MICROSOFT_SESS_ID_BUG", SSL_OP_MICROSOFT_SESS_ID_BUG }, +#endif +#ifdef SSL_OP_NETSCAPE_CHALLENGE_BUG + { "SSL_OP_NETSCAPE_CHALLENGE_BUG", SSL_OP_NETSCAPE_CHALLENGE_BUG }, +#endif +#ifdef SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG + { "SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG", SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG }, +#endif +#ifdef SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG + { "SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG", SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG }, +#endif +#ifdef SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER + { "SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER", SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER }, +#endif +#ifdef SSL_OP_MSIE_SSLV2_RSA_PADDING + { "SSL_OP_MSIE_SSLV2_RSA_PADDING", SSL_OP_MSIE_SSLV2_RSA_PADDING }, +#endif +#ifdef SSL_OP_SSLEAY_080_CLIENT_DH_BUG + { "SSL_OP_SSLEAY_080_CLIENT_DH_BUG", SSL_OP_SSLEAY_080_CLIENT_DH_BUG }, +#endif +#ifdef SSL_OP_TLS_D5_BUG + { "SSL_OP_TLS_D5_BUG", SSL_OP_TLS_D5_BUG }, +#endif +#ifdef SSL_OP_TLS_BLOCK_PADDING_BUG + { "SSL_OP_TLS_BLOCK_PADDING_BUG", SSL_OP_TLS_BLOCK_PADDING_BUG }, +#endif +#ifdef SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS + { "SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS", SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS }, +#endif +#ifdef SSL_OP_ALL + { "SSL_OP_ALL", SSL_OP_ALL }, +#endif +#ifdef SSL_OP_NO_QUERY_MTU + { "SSL_OP_NO_QUERY_MTU", SSL_OP_NO_QUERY_MTU }, +#endif +#ifdef SSL_OP_COOKIE_EXCHANGE + { "SSL_OP_COOKIE_EXCHANGE", SSL_OP_COOKIE_EXCHANGE }, +#endif +#ifdef SSL_OP_NO_TICKET + { "SSL_OP_NO_TICKET", SSL_OP_NO_TICKET }, +#endif +#ifdef SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION + { "SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION", SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION }, +#endif +#ifdef SSL_OP_SINGLE_ECDH_USE + { "SSL_OP_SINGLE_ECDH_USE", SSL_OP_SINGLE_ECDH_USE }, +#endif +#ifdef SSL_OP_SINGLE_DH_USE + { "SSL_OP_SINGLE_DH_USE", SSL_OP_SINGLE_DH_USE }, +#endif +#ifdef SSL_OP_EPHEMERAL_RSA + { "SSL_OP_EPHEMERAL_RSA", SSL_OP_EPHEMERAL_RSA }, +#endif +#ifdef SSL_OP_CIPHER_SERVER_PREFERENCE + { "SSL_OP_CIPHER_SERVER_PREFERENCE", SSL_OP_CIPHER_SERVER_PREFERENCE }, +#endif +#ifdef SSL_OP_TLS_ROLLBACK_BUG + { "SSL_OP_TLS_ROLLBACK_BUG", SSL_OP_TLS_ROLLBACK_BUG }, +#endif +#ifdef SSL_OP_NO_SSLv2 + { "SSL_OP_NO_SSLv2", SSL_OP_NO_SSLv2 }, +#endif +#ifdef SSL_OP_NO_SSLv3 + { "SSL_OP_NO_SSLv3", SSL_OP_NO_SSLv3 }, +#endif +#ifdef SSL_OP_NO_TLSv1 + { "SSL_OP_NO_TLSv1", SSL_OP_NO_TLSv1 }, +#endif +#ifdef SSL_OP_PKCS1_CHECK_1 + { "SSL_OP_PKCS1_CHECK_1", SSL_OP_PKCS1_CHECK_1 }, +#endif +#ifdef SSL_OP_PKCS1_CHECK_2 + { "SSL_OP_PKCS1_CHECK_2", SSL_OP_PKCS1_CHECK_2 }, +#endif +#ifdef SSL_OP_NETSCAPE_CA_DN_BUG + { "SSL_OP_NETSCAPE_CA_DN_BUG", SSL_OP_NETSCAPE_CA_DN_BUG }, +#endif +#ifdef SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG + { "SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG", SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG }, +#endif + { NULL, 0 } +}; +#endif /* STARTTLS && _FFR_TLS_1 */ + + # define CANONIFY(val) # define SET_OPT_DEFAULT(opt, val) opt = val @@ -2299,6 +2422,9 @@ setoption(opt, val, safe, sticky, e) char *newval; char exbuf[MAXLINE]; #endif /* STARTTLS || SM_CONF_SHM */ +#if STARTTLS && _FFR_TLS_1 + long *pssloptions = NULL; +#endif /* STARTTLS && _FFR_TLS_1 */ errno = 0; if (opt == ' ') @@ -2543,6 +2669,7 @@ setoption(opt, val, safe, sticky, e) set_delivery_mode(*val, e); break; + default: syserr("Unknown delivery mode %c", *val); finis(false, true, EX_USAGE); @@ -2995,6 +3122,12 @@ setoption(opt, val, safe, sticky, e) MinQueueAge = convtime(val, 'm'); break; +#if _FFR_EXPDELAY + case O_MAX_QUEUE_AGE: + MaxQueueAge = convtime(val, 'm'); + break; +#endif /* _FFR_EXPDELAY */ + case O_DEFCHARSET: /* default character set for mimefying */ DefaultCharSet = newstr(denlstring(val, true, true)); break; @@ -3317,6 +3450,12 @@ setoption(opt, val, safe, sticky, e) BadRcptThrottle = atoi(val); break; +#if _FFR_RCPTTHROTDELAY + case O_RCPTTHROTDELAY: + BadRcptThrottleDelay = atoi(val); + break; +#endif /* _FFR_RCPTTHROTDELAY */ + case O_DEADLETTER: CANONIFY(val); PSTRSET(DeadLetterDrop, val); @@ -3338,7 +3477,7 @@ setoption(opt, val, safe, sticky, e) ConnectOnlyTo.sa.sa_family = AF_UNSPEC; # if NETINET6 if (anynet_pton(AF_INET6, val, - &ConnectOnlyTo.sin6.sin6_addr) != 1) + &ConnectOnlyTo.sin6.sin6_addr) == 1) ConnectOnlyTo.sa.sa_family = AF_INET6; else # endif /* NETINET6 */ @@ -3578,7 +3717,51 @@ setoption(opt, val, safe, sticky, e) SET_STRING_EXP(DHParams5); case O_CIPHERLIST: SET_STRING_EXP(CipherList); + case O_SRV_SSL_OPTIONS: + pssloptions = &Srv_SSL_Options; + case O_CLT_SSL_OPTIONS: + if (pssloptions == NULL) + pssloptions = &Clt_SSL_Options; + for (p = val; *p != 0; ) + { + bool clearmode; + char *q; + struct ssl_options *sslopts; + + while (*p == ' ') + p++; + if (*p == '\0') + break; + clearmode = false; + if (*p == '-' || *p == '+') + clearmode = *p++ == '-'; + q = p; + while (*p != '\0' && !(isascii(*p) && isspace(*p))) + p++; + if (*p != '\0') + *p++ = '\0'; + for (sslopts = SSL_Option; + sslopts->sslopt_name != NULL; sslopts++) + { + if (sm_strcasecmp(q, sslopts->sslopt_name) == 0) + break; + } + if (sslopts->sslopt_name == NULL) + { + errno = 0; + syserr("readcf: %s option value %s unrecognized", + o->o_name, q); + } + else if (clearmode) + *pssloptions &= ~sslopts->sslopt_bits; + else + *pssloptions |= sslopts->sslopt_bits; + } + pssloptions = NULL; + break; + # endif /* _FFR_TLS_1 */ + case O_CRLFILE: # if OPENSSL_VERSION_NUMBER > 0x00907000L SET_STRING_EXP(CRLFile); @@ -4026,8 +4209,7 @@ strtorwset(p, endp, stabmode) char *q = NULL; q = p; - while (*p != '\0' && isascii(*p) && - (isalnum(*p) || *p == '_')) + while (*p != '\0' && isascii(*p) && (isalnum(*p) || *p == '_')) p++; if (q == p || !(isascii(*q) && isalpha(*q))) { diff --git a/gnu/usr.sbin/sendmail/sendmail/savemail.c b/gnu/usr.sbin/sendmail/sendmail/savemail.c index ce5d584cce5..d39d1621183 100644 --- a/gnu/usr.sbin/sendmail/sendmail/savemail.c +++ b/gnu/usr.sbin/sendmail/sendmail/savemail.c @@ -13,7 +13,7 @@ #include <sendmail.h> -SM_RCSID("@(#)$Sendmail: savemail.c,v 8.313 2006/11/29 00:20:41 ca Exp $") +SM_RCSID("@(#)$Sendmail: savemail.c,v 8.314 2009/12/18 17:08:01 ca Exp $") static bool errbody __P((MCI *, ENVELOPE *, char *)); static bool pruneroute __P((char *)); @@ -705,7 +705,7 @@ returntosender(msg, returnq, flags, e) sendall(ee, SM_DELIVER); /* restore state */ - dropenvelope(ee, true, false); + (void) dropenvelope(ee, true, false); sm_rpool_free(ee->e_rpool); CurEnv = oldcur; returndepth--; diff --git a/gnu/usr.sbin/sendmail/sendmail/sendmail.8 b/gnu/usr.sbin/sendmail/sendmail/sendmail.8 index a78d47e7500..d6b4278bb59 100644 --- a/gnu/usr.sbin/sendmail/sendmail/sendmail.8 +++ b/gnu/usr.sbin/sendmail/sendmail/sendmail.8 @@ -1,4 +1,4 @@ -.\" $OpenBSD: sendmail.8,v 1.33 2010/10/18 14:42:16 jmc Exp $ +.\" $OpenBSD: sendmail.8,v 1.34 2011/05/17 15:54:24 millert Exp $ .\" .\" Copyright (c) 1998-2003 Sendmail, Inc. and its suppliers. .\" All rights reserved. @@ -11,9 +11,9 @@ .\" the sendmail distribution. .\" .\" -.\" $Sendmail: sendmail.8,v 8.58 2007/08/02 05:42:33 ca Exp $ +.\" $Sendmail: sendmail.8,v 8.60 2011/03/07 23:44:48 ca Exp $ .\" -.Dd $Mdocdate: October 18 2010 $ +.Dd $Mdocdate: May 17 2011 $ .Dt SENDMAIL 8 .Os .Sh NAME @@ -213,7 +213,9 @@ the victim of an aliasing loop. If not specified, ``Received:'' lines in the message are counted. .It Fl i -Ignore dots alone on lines by themselves in incoming messages. +Do not strip a leading dot from lines in incoming messages, +and do not treat a dot on a line by itself +as the end of an incoming message. This should be set if you are reading data from a file. .It Fl L Ar tag Set the identifier used in syslog messages to the supplied @@ -668,6 +670,8 @@ RFC 819, RFC 821, RFC 2822. .Pa /usr/share/doc/html/milter/index.html . .Pp http://www.sendmail.org/ +.Pp +US Patent Numbers 6865671, 6986037. .Sh HISTORY The .Nm diff --git a/gnu/usr.sbin/sendmail/sendmail/sendmail.h b/gnu/usr.sbin/sendmail/sendmail/sendmail.h index deb95950362..72e82d7e817 100644 --- a/gnu/usr.sbin/sendmail/sendmail/sendmail.h +++ b/gnu/usr.sbin/sendmail/sendmail/sendmail.h @@ -1,5 +1,5 @@ /* - * Copyright (c) 1998-2008 Sendmail, Inc. and its suppliers. + * Copyright (c) 1998-2011 Sendmail, Inc. and its suppliers. * All rights reserved. * Copyright (c) 1983, 1995-1997 Eric P. Allman. All rights reserved. * Copyright (c) 1988, 1993 @@ -52,7 +52,7 @@ #ifdef _DEFINE # ifndef lint -SM_UNUSED(static char SmailId[]) = "@(#)$Sendmail: sendmail.h,v 8.1059 2008/02/15 23:19:58 ca Exp $"; +SM_UNUSED(static char SmailId[]) = "@(#)$Sendmail: sendmail.h,v 8.1089 2011/03/15 23:14:36 ca Exp $"; # endif /* ! lint */ #endif /* _DEFINE */ @@ -327,7 +327,7 @@ typedef struct address ADDRESS; (s) == QS_SENT || \ (s) == QS_DISCARDED) #define QS_IS_DEAD(s) ((s) >= QS_DONTSEND) - +#define QS_IS_TEMPFAIL(s) ((s) == QS_QUEUEUP || (s) == QS_RETRY) #define NULLADDR ((ADDRESS *) NULL) @@ -607,7 +607,7 @@ extern bool filesys_free __P((long)); ERROR: change SASL_SEC_MASK_ notify sendmail.org! # endif /* SASL_SEC_NOPLAINTEXT & SASL_SEC_MASK) == 0 ... */ # endif /* SASL >= 20101 */ -# define MAXOUTLEN 8192 /* length of output buffer */ +# define MAXOUTLEN 8192 /* length of output buffer, should be 2^n */ /* functions */ extern char *intersect __P((char *, char *, SM_RPOOL_T *)); @@ -730,6 +730,7 @@ MCI # define MCIF_HELO 0x00800000 /* we used HELO: ignore extensions */ #endif /* _FFR_IGNORE_EXT_ON_HELO */ #define MCIF_INLONGLINE 0x01000000 /* in the middle of a long line */ +#define MCIF_AUTH2 0x02000000 /* got 2 AUTH lines */ #define MCIF_ONLY_EHLO 0x10000000 /* use only EHLO in smtpinit */ /* states */ @@ -749,6 +750,7 @@ extern void mci_close __P((MCI *, char *where)); extern void mci_dump __P((SM_FILE_T *, MCI *, bool)); extern void mci_dump_all __P((SM_FILE_T *, bool)); extern void mci_flush __P((bool, MCI *)); +extern void mci_clr_extensions __P((MCI *)); extern MCI *mci_get __P((char *, MAILER *)); extern int mci_lock_host __P((MCI *)); extern bool mci_match __P((char *, MAILER *)); @@ -931,6 +933,10 @@ struct envelope int e_dlvr_flag; /* deliver by flag */ SM_RPOOL_T *e_rpool; /* resource pool for this envelope */ unsigned int e_features; /* server features */ +#if _FFR_MILTER_ENHSC +#define ENHSC_LEN 11 + char e_enhsc[ENHSC_LEN]; /* enhanced status code */ +#endif /* _FFR_MILTER_ENHSC */ }; /* values for e_flags */ @@ -982,7 +988,7 @@ extern ENVELOPE BlankEnvelope; /* functions */ extern void clearenvelope __P((ENVELOPE *, bool, SM_RPOOL_T *)); -extern void dropenvelope __P((ENVELOPE *, bool, bool)); +extern int dropenvelope __P((ENVELOPE *, bool, bool)); extern ENVELOPE *newenvelope __P((ENVELOPE *, ENVELOPE *, SM_RPOOL_T *)); extern void clrsessenvelope __P((ENVELOPE *)); extern void printenvflags __P((ENVELOPE *)); @@ -1163,6 +1169,33 @@ struct hostsig_t typedef struct hostsig_t HOSTSIG_T; +/* +** The standard udp packet size PACKETSZ (512) is not sufficient for some +** nameserver answers containing very many resource records. The resolver +** may switch to tcp and retry if it detects udp packet overflow. +** Also note that the resolver routines res_query and res_search return +** the size of the *un*truncated answer in case the supplied answer buffer +** it not big enough to accommodate the entire answer. +*/ + +# ifndef MAXPACKET +# define MAXPACKET 8192 /* max packet size used internally by BIND */ +# endif /* ! MAXPACKET */ + +/* +** The resolver functions res_{send,query,querydomain} expect the +** answer buffer to be aligned, but some versions of gcc4 reverse +** 25 years of history and no longer align char buffers on the +** stack, resulting in crashes on strict-alignment platforms. Use +** this union when putting the buffer on the stack to force the +** alignment, then cast to (HEADER *) or (unsigned char *) as needed. +*/ +typedef union +{ + HEADER qb1; + unsigned char qb2[MAXPACKET]; +} querybuf; + /* functions */ extern bool getcanonname __P((char *, int, bool, int *)); extern int getmxrr __P((char *, char **, unsigned short *, bool, int *, bool, int *)); @@ -1242,11 +1275,15 @@ MAP #define MF_OPENBOGUS 0x00800000 /* open failed, don't call map_close */ #define MF_CLOSING 0x01000000 /* map is being closed */ -#define DYNOPENMAP(map) if (!bitset(MF_OPEN, (map)->map_mflags)) \ - { \ - if (!openmap(map)) \ - return NULL; \ - } +#define DYNOPENMAP(map) \ + do \ + { \ + if (!bitset(MF_OPEN, (map)->map_mflags)) \ + { \ + if (!openmap(map)) \ + return NULL; \ + } \ + } while (0) /* indices for map_actions */ @@ -1561,11 +1598,23 @@ extern void stabapply __P((void (*)(STAB *, int), int)); #define MD_HOSTSTAT 'h' /* print persistent host stat info */ #define MD_PURGESTAT 'H' /* purge persistent host stat info */ #define MD_QUEUERUN 'q' /* queue run */ +#define MD_CHECKCONFIG 'C' /* check configuration file */ #if _FFR_LOCAL_DAEMON EXTERN bool LocalDaemon; +# if NETINET6 +EXTERN bool V6LoopbackAddrFound; /* found an IPv6 loopback address */ +# define SETV6LOOPBACKADDRFOUND(sa) \ + do \ + { \ + if (isloopback(sa)) \ + V6LoopbackAddrFound = true; \ + } while (0) +# endif /* NETINET6 */ #else /* _FFR_LOCAL_DAEMON */ # define LocalDaemon false +# define V6LoopbackAddrFound false +# define SETV6LOOPBACKADDRFOUND(sa) #endif /* _FFR_LOCAL_DAEMON */ /* Note: see also include/sendmail/pathnames.h: GET_CLIENT_CF */ @@ -1580,6 +1629,7 @@ EXTERN bool LocalDaemon; #define SM_DEFER 'd' /* defer map lookups as well as queue */ #define SM_VERIFY 'v' /* verify only (used internally) */ #define DM_NOTSET (-1) /* DeliveryMode (per daemon) option not set */ +# define SM_IS_INTERACTIVE(m) ((m) == SM_DELIVER) #define WILL_BE_QUEUED(m) ((m) == SM_QUEUE || (m) == SM_DEFER) @@ -1880,7 +1930,7 @@ struct termescape /* functions */ extern bool init_tls_library __P((void)); -extern bool inittls __P((SSL_CTX **, unsigned long, bool, char *, char *, char *, char *, char *)); +extern bool inittls __P((SSL_CTX **, unsigned long, long, bool, char *, char *, char *, char *, char *)); extern bool initclttls __P((bool)); extern void setclttls __P((bool)); extern bool initsrvtls __P((bool)); @@ -1906,6 +1956,7 @@ EXTERN char *CRLFile; /* file CRLs */ EXTERN char *CRLPath; /* path to CRLs (dir. with hashes) */ #endif /* _FFR_CRLPATH */ EXTERN unsigned long TLS_Srv_Opts; /* TLS server options */ +EXTERN long Srv_SSL_Options, Clt_SSL_Options; /* SSL options */ #endif /* STARTTLS */ /* @@ -1986,6 +2037,9 @@ EXTERN int QueueFileMode; /* mode on files in mail queue */ EXTERN int QueueMode; /* which queue items to act upon */ EXTERN int QueueSortOrder; /* queue sorting order algorithm */ EXTERN time_t MinQueueAge; /* min delivery interval */ +#if _FFR_EXPDELAY +EXTERN time_t MaxQueueAge; /* max delivery interval */ +#endif /* _FFR_EXPDELAY */ EXTERN time_t QueueIntvl; /* intervals between running the queue */ EXTERN char *QueueDir; /* location of queue directory */ EXTERN QUEUE_CHAR *QueueLimitId; /* limit queue run to id */ @@ -2091,7 +2145,11 @@ extern void inittimeouts __P((char *, bool)); */ /* macros for debugging flags */ -#define tTd(flag, level) (tTdvect[flag] >= (unsigned char)level) +#if NOT_SENDMAIL +# define tTd(flag, level) (tTdvect[flag] >= (unsigned char)level) +#else +# define tTd(flag, level) (tTdvect[flag] >= (unsigned char)level && !IntSig) +#endif #define tTdlevel(flag) (tTdvect[flag]) /* variables */ @@ -2114,22 +2172,26 @@ extern unsigned char tTdvect[100]; /* trace vector */ */ /* set exit status */ -#define setstat(s) { \ - if (ExitStat == EX_OK || ExitStat == EX_TEMPFAIL) \ - ExitStat = s; \ - } +#define setstat(s) \ + do \ + { \ + if (ExitStat == EX_OK || ExitStat == EX_TEMPFAIL) \ + ExitStat = s; \ + } while (0) #define STRUCTCOPY(s, d) d = s /* free a pointer if it isn't NULL and set it to NULL */ #define SM_FREE_CLR(p) \ - if ((p) != NULL) \ - { \ - sm_free(p); \ - (p) = NULL; \ - } \ - else + do \ + { \ + if ((p) != NULL) \ + { \ + sm_free(p); \ + (p) = NULL; \ + } \ + } while (0) /* ** Update a permanent string variable with a new value. @@ -2176,6 +2238,15 @@ extern unsigned char tTdvect[100]; /* trace vector */ #define XS_DEFAULT 0 #define XS_STARTTLS 1 #define XS_AUTH 2 +#define XS_GREET 3 +#define XS_EHLO 4 +#define XS_MAIL 5 +#define XS_RCPT 6 +#define XS_DATA 7 +#define XS_EOM 8 +#define XS_DATA2 9 +#define XS_RCPT2 10 +#define XS_QUIT 15 /* ** Global variables. @@ -2235,11 +2306,16 @@ EXTERN bool UseNameServer; /* using DNS -- interpret h_errno & MX RRs */ EXTERN char InetMode; /* default network for daemon mode */ EXTERN char OpMode; /* operation mode, see below */ EXTERN char SpaceSub; /* substitution for <lwsp> */ -EXTERN int BadRcptThrottle; /* Throttle rejected RCPTs per SMTP message */ #if _FFR_BADRCPT_SHUTDOWN EXTERN int BadRcptShutdown; /* Shutdown connection for rejected RCPTs */ EXTERN int BadRcptShutdownGood; /* above even when there are good RCPTs */ #endif /* _FFR_BADRCPT_SHUTDOWN */ +EXTERN int BadRcptThrottle; /* Throttle rejected RCPTs per SMTP message */ +#if _FFR_RCPTTHROTDELAY +EXTERN unsigned int BadRcptThrottleDelay; /* delay for BadRcptThrottle */ +#else +# define BadRcptThrottleDelay 1 +#endif /* _FFR_RCPTTHROTDELAY */ EXTERN int CheckpointInterval; /* queue file checkpoint interval */ EXTERN int ConfigLevel; /* config file level */ EXTERN int ConnRateThrottle; /* throttle for SMTP connection rate */ @@ -2349,6 +2425,7 @@ EXTERN char *RunAsUserName; /* user to become for bulk of run */ EXTERN char *SafeFileEnv; /* chroot location for file delivery */ EXTERN char *ServiceSwitchFile; /* backup service switch */ EXTERN char *volatile ShutdownRequest;/* a sendmail shutdown has been requested */ +EXTERN bool volatile IntSig; EXTERN char *SmtpGreeting; /* SMTP greeting message (old $e macro) */ EXTERN char *SmtpPhase; /* current phase in SMTP processing */ EXTERN char SmtpError[MAXLINE]; /* save failure error messages */ @@ -2376,6 +2453,9 @@ extern const SM_EXC_TYPE_T EtypeQuickAbort; /* type of a QuickAbort exception */ EXTERN int ConnectionRateWindowSize; +#if STARTTLS && USE_OPENSSL_ENGINE +EXTERN bool SSLEngineInitialized; +#endif /* STARTTLS && USE_OPENSSL_ENGINE */ /* ** Declarations of useful functions @@ -2428,6 +2508,8 @@ extern int smtprcpt __P((ADDRESS *, MAILER *, MCI *, ENVELOPE *, ADDRESS *, time extern void smtprset __P((MAILER *, MCI *, ENVELOPE *)); #define REPLYTYPE(r) ((r) / 100) /* first digit of reply code */ +#define REPLYCLASS(r) (((r) / 10) % 10) /* second digit of reply code */ +#define REPLYMINOR(r) ((r) % 10) /* last digit of reply code */ #define ISSMTPCODE(c) (isascii(c[0]) && isdigit(c[0]) && \ isascii(c[1]) && isdigit(c[1]) && \ isascii(c[2]) && isdigit(c[2])) diff --git a/gnu/usr.sbin/sendmail/sendmail/sfsasl.c b/gnu/usr.sbin/sendmail/sendmail/sfsasl.c index 32cd983c8a9..9c29ef64527 100644 --- a/gnu/usr.sbin/sendmail/sendmail/sfsasl.c +++ b/gnu/usr.sbin/sendmail/sendmail/sfsasl.c @@ -9,7 +9,7 @@ */ #include <sm/gen.h> -SM_RCSID("@(#)$Sendmail: sfsasl.c,v 8.117 2008/01/31 18:48:29 ca Exp $") +SM_RCSID("@(#)$Sendmail: sfsasl.c,v 8.118 2008/07/22 15:12:48 ca Exp $") #include <stdlib.h> #include <sendmail.h> #include <sm/time.h> @@ -296,7 +296,7 @@ sasl_write(fp, buf, size) /* ** Fetch the maximum input buffer size for sasl_encode(). ** This can be less than the size set in attemptauth() - ** due to a negotation with the other side, e.g., + ** due to a negotiation with the other side, e.g., ** Cyrus IMAP lmtp program sets maxbuf=4096, ** digestmd5 substracts 25 and hence we'll get 4071 ** instead of 8192 (MAXOUTLEN). diff --git a/gnu/usr.sbin/sendmail/sendmail/sm_resolve.c b/gnu/usr.sbin/sendmail/sendmail/sm_resolve.c index 27a06bac2f8..be27b9aaedc 100644 --- a/gnu/usr.sbin/sendmail/sendmail/sm_resolve.c +++ b/gnu/usr.sbin/sendmail/sendmail/sm_resolve.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 2000-2004 Sendmail, Inc. and its suppliers. + * Copyright (c) 2000-2004, 2010 Sendmail, Inc. and its suppliers. * All rights reserved. * * By using this file, you agree to the terms and conditions set @@ -44,9 +44,13 @@ #include <sendmail.h> #if DNSMAP # if NAMED_BIND +# if NETINET +# include <netinet/in_systm.h> +# include <netinet/ip.h> +# endif /* NETINET */ # include "sm_resolve.h" -SM_RCSID("$Sendmail: sm_resolve.c,v 8.36 2008/02/11 23:04:16 ca Exp $") +SM_RCSID("$Sendmail: sm_resolve.c,v 8.39 2010/06/29 15:35:33 ca Exp $") static struct stot { @@ -394,7 +398,13 @@ dns_lookup_int(domain, rr_class, rr_type, retrans, retry) time_t save_retrans = 0; int save_retry = 0; DNS_REPLY_T *r = NULL; - unsigned char reply[1024]; + querybuf reply_buf; + unsigned char *reply; + +#define SMRBSIZE sizeof(reply_buf) +#ifndef IP_MAXPACKET +# define IP_MAXPACKET 65535 +#endif if (tTd(8, 16)) { @@ -415,15 +425,44 @@ dns_lookup_int(domain, rr_class, rr_type, retrans, retry) } errno = 0; SM_SET_H_ERRNO(0); - len = res_search(domain, rr_class, rr_type, reply, sizeof(reply)); + reply = (unsigned char *)&reply_buf; + len = res_search(domain, rr_class, rr_type, reply, SMRBSIZE); + if (len >= SMRBSIZE) + { + if (len >= IP_MAXPACKET) + { + if (tTd(8, 4)) + sm_dprintf("dns_lookup: domain=%s, length=%d, default_size=%d, max=%d, status=response too long\n", + domain, len, (int) SMRBSIZE, + IP_MAXPACKET); + } + else + { + if (tTd(8, 6)) + sm_dprintf("dns_lookup: domain=%s, length=%d, default_size=%d, max=%d, status=response longer than default size, resizing\n", + domain, len, (int) SMRBSIZE, + IP_MAXPACKET); + reply = (unsigned char *)sm_malloc(IP_MAXPACKET); + if (reply == NULL) + SM_SET_H_ERRNO(TRY_AGAIN); + else + len = res_search(domain, rr_class, rr_type, + reply, IP_MAXPACKET); + } + } if (tTd(8, 16)) { _res.options = old_options; sm_dprintf("dns_lookup(%s, %d, %s) --> %d\n", domain, rr_class, dns_type_to_string(rr_type), len); } - if (len >= 0) + if (len >= 0 && len < IP_MAXPACKET && reply != NULL) r = parse_dns_reply(reply, len); + if (reply != (unsigned char *)&reply_buf && reply != NULL) + { + sm_free(reply); + reply = NULL; + } if (retrans > 0) _res.retrans = save_retrans; if (retry > 0) diff --git a/gnu/usr.sbin/sendmail/sendmail/srvrsmtp.c b/gnu/usr.sbin/sendmail/sendmail/srvrsmtp.c index 01873096583..49c39303741 100644 --- a/gnu/usr.sbin/sendmail/sendmail/srvrsmtp.c +++ b/gnu/usr.sbin/sendmail/sendmail/srvrsmtp.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1998-2008 Sendmail, Inc. and its suppliers. + * Copyright (c) 1998-2010 Sendmail, Inc. and its suppliers. * All rights reserved. * Copyright (c) 1983, 1995-1997 Eric P. Allman. All rights reserved. * Copyright (c) 1988, 1993 @@ -17,7 +17,7 @@ # include <libmilter/mfdef.h> #endif /* MILTER */ -SM_RCSID("@(#)$Sendmail: srvrsmtp.c,v 8.975 2008/03/31 16:32:13 ca Exp $") +SM_RCSID("@(#)$Sendmail: srvrsmtp.c,v 8.1008 2011/01/12 23:52:59 ca Exp $") #include <sm/time.h> #include <sm/fdset.h> @@ -479,6 +479,9 @@ do \ e->e_sendqueue = NULL; \ e->e_flags |= EF_CLRQUEUE; \ \ + if (tTd(92, 2)) \ + sm_dprintf("CLEAR_STATE: e_id=%s, EF_LOGSENDER=%d, LogLevel=%d\n",\ + e->e_id, bitset(EF_LOGSENDER, e->e_flags), LogLevel);\ if (LogLevel > 4 && bitset(EF_LOGSENDER, e->e_flags)) \ logsender(e, NULL); \ e->e_flags &= ~EF_LOGSENDER; \ @@ -486,7 +489,7 @@ do \ /* clean up a bit */ \ smtp.sm_gotmail = false; \ SuprErrs = true; \ - dropenvelope(e, true, false); \ + (void) dropenvelope(e, true, false); \ sm_rpool_free(e->e_rpool); \ e = newenvelope(e, CurEnv, sm_rpool_new_x(NULL)); \ CurEnv = e; \ @@ -872,10 +875,8 @@ smtp(nullserver, d_flags, e) /* XXX should these be options settable via .cf ? */ /* ssp.min_ssf = 0; is default due to memset() */ - { - ssp.max_ssf = MaxSLBits; - ssp.maxbufsize = MAXOUTLEN; - } + ssp.max_ssf = MaxSLBits; + ssp.maxbufsize = MAXOUTLEN; ssp.security_flags = SASLOpts & SASL_SEC_MASK; sasl_ok = sasl_setprop(conn, SASL_SEC_PROPS, &ssp) == SASL_OK; @@ -907,6 +908,7 @@ smtp(nullserver, d_flags, e) #if STARTTLS + set_tls_rd_tmo(TimeOuts.to_nextcommand); #endif /* STARTTLS */ @@ -1272,7 +1274,8 @@ smtp(nullserver, d_flags, e) { if (++np_log < 3) sm_syslog(LOG_INFO, NOQID, - "unauthorized PIPELINING, sleeping"); + "unauthorized PIPELINING, sleeping, relay=%.100s", + CurSmtpClient); sleep(1); } @@ -1447,8 +1450,9 @@ smtp(nullserver, d_flags, e) message("454 4.5.4 Internal error: unable to encode64"); if (LogLevel > 5) sm_syslog(LOG_WARNING, e->e_id, - "AUTH encode64 error [%d for \"%s\"]", - result, out); + "AUTH encode64 error [%d for \"%s\"], relay=%.100s", + result, out, + CurSmtpClient); /* start over? */ authenticating = SASL_NOT_AUTH; } @@ -1469,16 +1473,17 @@ smtp(nullserver, d_flags, e) message("535 5.7.0 authentication failed"); if (LogLevel > 9) sm_syslog(LOG_WARNING, e->e_id, - "AUTH failure (%s): %s (%d) %s", + "AUTH failure (%s): %s (%d) %s, relay=%.100s", auth_type, sasl_errstring(result, NULL, NULL), result, # if SASL >= 20000 - sasl_errdetail(conn)); + sasl_errdetail(conn), # else /* SASL >= 20000 */ - errstr == NULL ? "" : errstr); + errstr == NULL ? "" : errstr, # endif /* SASL >= 20000 */ + CurSmtpClient); RESET_SASLCONN; authenticating = SASL_NOT_AUTH; } @@ -1700,8 +1705,9 @@ smtp(nullserver, d_flags, e) q); if (LogLevel > 5) sm_syslog(LOG_WARNING, e->e_id, - "AUTH decode64 error [%d for \"%s\"]", - result, q); + "AUTH decode64 error [%d for \"%s\"], relay=%.100s", + result, q, + CurSmtpClient); /* start over? */ authenticating = SASL_NOT_AUTH; # if SASL >= 20000 @@ -1734,16 +1740,17 @@ smtp(nullserver, d_flags, e) message("535 5.7.0 authentication failed"); if (LogLevel > 9) sm_syslog(LOG_ERR, e->e_id, - "AUTH failure (%s): %s (%d) %s", + "AUTH failure (%s): %s (%d) %s, relay=%.100s", p, sasl_errstring(result, NULL, NULL), result, # if SASL >= 20000 - sasl_errdetail(conn)); + sasl_errdetail(conn), # else /* SASL >= 20000 */ - errstr); + errstr, # endif /* SASL >= 20000 */ + CurSmtpClient); RESET_SASLCONN; break; } @@ -1818,6 +1825,21 @@ smtp(nullserver, d_flags, e) break; } starttls: +# if USE_OPENSSL_ENGINE + if (!SSLEngineInitialized) + { + if (!SSL_set_engine(NULL)) + { + sm_syslog(LOG_ERR, NOQID, + "STARTTLS=server, SSL_set_engine=failed"); + tls_ok_srv = false; + message("454 4.3.3 TLS not available right now"); + break; + } + else + SSLEngineInitialized = true; + } +# endif /* USE_OPENSSL_ENGINE */ # if TLS_NO_RSA /* ** XXX do we need a temp key ? @@ -1893,8 +1915,9 @@ smtp(nullserver, d_flags, e) if (LogLevel > 5) { sm_syslog(LOG_WARNING, NOQID, - "STARTTLS=server, error: accept failed=%d, SSL_error=%d, errno=%d, retry=%d", - r, ssl_err, errno, i); + "STARTTLS=server, error: accept failed=%d, SSL_error=%d, errno=%d, retry=%d, relay=%.100s", + r, ssl_err, errno, i, + CurSmtpClient); if (LogLevel > 8) tlslogerr("server"); } @@ -2241,8 +2264,7 @@ smtp(nullserver, d_flags, e) message("250-AUTH %s", mechlist); #endif /* SASL */ #if STARTTLS - if (tls_ok_srv && - bitset(SRV_OFFER_TLS, features)) + if (tls_ok_srv && bitset(SRV_OFFER_TLS, features)) message("250-STARTTLS"); #endif /* STARTTLS */ if (DeliverByMin > 0) @@ -2532,7 +2554,7 @@ smtp(nullserver, d_flags, e) #if _FFR_BADRCPT_SHUTDOWN /* ** hack to deal with hack, see below: - ** n_badrcpts is increased is limit is reached. + ** n_badrcpts is increased if limit is reached. */ n_badrcpts_adj = (BadRcptThrottle > 0 && @@ -2576,12 +2598,12 @@ smtp(nullserver, d_flags, e) /* ** Don't use exponential backoff for now. - ** Some servers will open more connections + ** Some systems will open more connections ** and actually overload the receiver even ** more. */ - (void) sleep(1); + (void) sleep(BadRcptThrottleDelay); } if (!smtp.sm_gotmail) { @@ -2603,7 +2625,7 @@ smtp(nullserver, d_flags, e) goto rcpt_done; } - if (e->e_sendmode != SM_DELIVER + if (!SM_IS_INTERACTIVE(e->e_sendmode) #if _FFR_DM_ONE && (NotFirstDelivery || SM_DM_ONE != e->e_sendmode) #endif /* _FFR_DM_ONE */ @@ -3147,6 +3169,11 @@ doquit: milter_quit(e); #endif /* MILTER */ + if (tTd(92, 2)) + sm_dprintf("QUIT: e_id=%s, EF_LOGSENDER=%d, LogLevel=%d\n", + e->e_id, + bitset(EF_LOGSENDER, e->e_flags), + LogLevel); if (LogLevel > 4 && bitset(EF_LOGSENDER, e->e_flags)) logsender(e, NULL); e->e_flags &= ~EF_LOGSENDER; @@ -3358,6 +3385,11 @@ smtp_data(smtp, e) response); LogUsrErrs = false; } +#if _FFR_MILTER_ENHSC + if (ISSMTPCODE(response)) + (void) extenhsc(response + 4, ' ', e->e_enhsc); +#endif /* _FFR_MILTER_ENHSC */ + usrerr(response); if (strncmp(response, "421 ", 4) == 0 || strncmp(response, "421-", 4) == 0) @@ -3374,6 +3406,10 @@ smtp_data(smtp, e) "Milter: cmd=data, reject=550 5.7.1 Command rejected"); LogUsrErrs = false; } +#if _FFR_MILTER_ENHSC + (void) sm_strlcpy(e->e_enhsc, "5.7.1", + sizeof(e->e_enhsc)); +#endif /* _FFR_MILTER_ENHSC */ usrerr("550 5.7.1 Command rejected"); return true; @@ -3392,6 +3428,9 @@ smtp_data(smtp, e) MSG_TEMPFAIL); LogUsrErrs = false; } +#if _FFR_MILTER_ENHSC + (void) extenhsc(MSG_TEMPFAIL + 4, ' ', e->e_enhsc); +#endif /* _FFR_MILTER_ENHSC */ usrerr(MSG_TEMPFAIL); return true; @@ -3467,7 +3506,14 @@ smtp_data(smtp, e) "Milter: data, reject=%s", response); milteraccept = false; +#if _FFR_MILTER_ENHSC + if (ISSMTPCODE(response)) + (void) extenhsc(response + 4, ' ', e->e_enhsc); +#endif /* _FFR_MILTER_ENHSC */ usrerr(response); + if (strncmp(response, "421 ", 4) == 0 + || strncmp(response, "421-", 4) == 0) + rv = false; break; case SMFIR_REJECT: @@ -3492,6 +3538,9 @@ smtp_data(smtp, e) "Milter: data, reject=%s", MSG_TEMPFAIL); milteraccept = false; +#if _FFR_MILTER_ENHSC + (void) extenhsc(MSG_TEMPFAIL + 4, ' ', e->e_enhsc); +#endif /* _FFR_MILTER_ENHSC */ usrerr(MSG_TEMPFAIL); break; @@ -3678,6 +3727,7 @@ smtp_data(smtp, e) _res.retrans = TimeOuts.res_retrans[RES_TO_FIRST]; #endif /* NAMED_BIND */ + for (ee = e; ee != NULL; ee = ee->e_sibling) { /* make sure we actually do delivery */ @@ -3721,18 +3771,18 @@ smtp_data(smtp, e) oldid = CurEnv->e_id; CurEnv->e_id = id; - /* issue success message */ + /* issue success message */ #if _FFR_MSG_ACCEPT - if (MessageAccept != NULL && *MessageAccept != '\0') - { - char msg[MAXLINE]; + if (MessageAccept != NULL && *MessageAccept != '\0') + { + char msg[MAXLINE]; - expand(MessageAccept, msg, sizeof(msg), e); - message("250 2.0.0 %s", msg); - } - else + expand(MessageAccept, msg, sizeof(msg), e); + message("250 2.0.0 %s", msg); + } + else #endif /* _FFR_MSG_ACCEPT */ - message("250 2.0.0 %s Message accepted for delivery", id); + message("250 2.0.0 %s Message accepted for delivery", id); CurEnv->e_id = oldid; /* if we just queued, poke it */ @@ -3782,6 +3832,9 @@ smtp_data(smtp, e) } abortmessage: + if (tTd(92, 2)) + sm_dprintf("abortmessage: e_id=%s, EF_LOGSENDER=%d, LogLevel=%d\n", + e->e_id, bitset(EF_LOGSENDER, e->e_flags), LogLevel); if (LogLevel > 4 && bitset(EF_LOGSENDER, e->e_flags)) logsender(e, NULL); e->e_flags &= ~EF_LOGSENDER; @@ -3795,7 +3848,7 @@ smtp_data(smtp, e) */ if (aborting || bitset(EF_DISCARD, e->e_flags)) - dropenvelope(e, true, false); + (void) dropenvelope(e, true, false); else { for (ee = e; ee != NULL; ee = ee->e_sibling) @@ -3804,11 +3857,11 @@ smtp_data(smtp, e) QueueMode != QM_QUARANTINE && ee->e_quarmsg != NULL) { - dropenvelope(ee, true, false); + (void) dropenvelope(ee, true, false); continue; } if (WILL_BE_QUEUED(ee->e_sendmode)) - dropenvelope(ee, true, false); + (void) dropenvelope(ee, true, false); } } @@ -3870,8 +3923,13 @@ logundelrcpts(e, msg, level, all) if (!QS_IS_UNDELIVERED(a->q_state) && !all) continue; e->e_to = a->q_paddr; - logdelivery(NULL, NULL, a->q_status, msg, NULL, - (time_t) 0, e); + logdelivery(NULL, NULL, +#if _FFR_MILTER_ENHSC + (a->q_status == NULL && e->e_enhsc[0] != '\0') + ? e->e_enhsc : +#endif /* _FFR_MILTER_ENHSC */ + a->q_status, + msg, NULL, (time_t) 0, e); } e->e_to = NULL; } @@ -4633,7 +4691,8 @@ proxy_policy(conn, context, requested_user, rlen, auth_identity, alen, return SASL_FAIL; macdefine(&BlankEnvelope.e_macro, A_TEMP, - macid("{auth_authen}"), (char *) auth_identity); + macid("{auth_authen}"), + xtextify((char *) auth_identity, "=<>\")")); return SASL_OK; } @@ -4692,8 +4751,9 @@ initsrvtls(tls_ok) return false; /* do NOT remove assignment */ - tls_ok_srv = inittls(&srv_ctx, TLS_Srv_Opts, true, SrvCertFile, - SrvKeyFile, CACertPath, CACertFile, DHParams); + tls_ok_srv = inittls(&srv_ctx, TLS_Srv_Opts, Srv_SSL_Options, true, + SrvCertFile, SrvKeyFile, + CACertPath, CACertFile, DHParams); return tls_ok_srv; } #endif /* STARTTLS */ diff --git a/gnu/usr.sbin/sendmail/sendmail/tls.c b/gnu/usr.sbin/sendmail/sendmail/tls.c index 0ac12fee497..4d4aab34c5b 100644 --- a/gnu/usr.sbin/sendmail/sendmail/tls.c +++ b/gnu/usr.sbin/sendmail/sendmail/tls.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 2000-2006 Sendmail, Inc. and its suppliers. + * Copyright (c) 2000-2006, 2008, 2009, 2011 Sendmail, Inc. and its suppliers. * All rights reserved. * * By using this file, you agree to the terms and conditions set @@ -10,7 +10,7 @@ #include <sendmail.h> -SM_RCSID("@(#)$Sendmail: tls.c,v 8.107 2006/10/12 21:35:11 ca Exp $") +SM_RCSID("@(#)$Sendmail: tls.c,v 8.118 2011/03/07 23:20:47 ca Exp $") #if STARTTLS # include <openssl/err.h> @@ -486,6 +486,7 @@ tls_safe_f(var, sff, srv) ** Parameters: ** ctx -- pointer to context ** req -- requirements for initialization (see sendmail.h) +** options -- options ** srv -- server side? ** certfile -- filename of certificate ** keyfile -- filename of private key @@ -514,9 +515,10 @@ static char server_session_id_context[] = "sendmail8"; #endif bool -inittls(ctx, req, srv, certfile, keyfile, cacertpath, cacertfile, dhparam) +inittls(ctx, req, options, srv, certfile, keyfile, cacertpath, cacertfile, dhparam) SSL_CTX **ctx; unsigned long req; + long options; bool srv; char *certfile, *keyfile, *cacertpath, *cacertfile, *dhparam; { @@ -525,7 +527,7 @@ inittls(ctx, req, srv, certfile, keyfile, cacertpath, cacertfile, dhparam) # endif /* !NO_DH */ int r; bool ok; - long sff, status, options; + long sff, status; char *who; # if _FFR_TLS_1 char *cf2, *kf2; @@ -643,7 +645,10 @@ inittls(ctx, req, srv, certfile, keyfile, cacertpath, cacertfile, dhparam) } } if (dhparam == NULL) + { dhparam = srv ? "1" : "5"; + req |= (srv ? TLS_I_DH1024 : TLS_I_DH512); + } else if (*dhparam == '/') { TLS_OK_F(dhparam, "DHParameters", @@ -913,7 +918,6 @@ inittls(ctx, req, srv, certfile, keyfile, cacertpath, cacertfile, dhparam) /* SSL_CTX_set_quiet_shutdown(*ctx, 1); violation of standard? */ - options = SSL_OP_ALL; /* bug compatibility? */ #if SM_SSL_OP_TLS_BLOCK_PADDING_BUG /* @@ -1164,7 +1168,7 @@ tls_get_info(ssl, srv, host, mac, certreq) MACROS_T *mac; bool certreq; { - SSL_CIPHER *c; + const SSL_CIPHER *c; int b, r; long verifyok; char *s, *who; @@ -1196,23 +1200,64 @@ tls_get_info(ssl, srv, host, mac, certreq) if (cert != NULL) { unsigned int n; + X509_NAME *subj, *issuer; unsigned char md[EVP_MAX_MD_SIZE]; char buf[MAXNAME]; - X509_NAME_oneline(X509_get_subject_name(cert), - buf, sizeof(buf)); + subj = X509_get_subject_name(cert); + issuer = X509_get_issuer_name(cert); + X509_NAME_oneline(subj, buf, sizeof(buf)); macdefine(mac, A_TEMP, macid("{cert_subject}"), xtextify(buf, "<>\")")); - X509_NAME_oneline(X509_get_issuer_name(cert), - buf, sizeof(buf)); + X509_NAME_oneline(issuer, buf, sizeof(buf)); macdefine(mac, A_TEMP, macid("{cert_issuer}"), xtextify(buf, "<>\")")); - X509_NAME_get_text_by_NID(X509_get_subject_name(cert), - NID_commonName, buf, sizeof(buf)); + +# define LL_BADCERT 8 + +#define CHECK_X509_NAME(which) \ + do { \ + if (r == -1) \ + { \ + sm_strlcpy(buf, "BadCertificateUnknown", sizeof(buf)); \ + if (LogLevel > LL_BADCERT) \ + sm_syslog(LOG_INFO, NOQID, \ + "STARTTLS=%s, relay=%.100s, field=%s, status=failed to extract CN", \ + who, \ + host == NULL ? "local" : host, \ + which); \ + } \ + else if ((size_t)r >= sizeof(buf) - 1) \ + { \ + sm_strlcpy(buf, "BadCertificateTooLong", sizeof(buf)); \ + if (LogLevel > 7) \ + sm_syslog(LOG_INFO, NOQID, \ + "STARTTLS=%s, relay=%.100s, field=%s, status=CN too long", \ + who, \ + host == NULL ? "local" : host, \ + which); \ + } \ + else if ((size_t)r > strlen(buf)) \ + { \ + sm_strlcpy(buf, "BadCertificateContainsNUL", \ + sizeof(buf)); \ + if (LogLevel > 7) \ + sm_syslog(LOG_INFO, NOQID, \ + "STARTTLS=%s, relay=%.100s, field=%s, status=CN contains NUL", \ + who, \ + host == NULL ? "local" : host, \ + which); \ + } \ + } while (0) + + r = X509_NAME_get_text_by_NID(subj, NID_commonName, buf, + sizeof buf); + CHECK_X509_NAME("cn_subject"); macdefine(mac, A_TEMP, macid("{cn_subject}"), xtextify(buf, "<>\")")); - X509_NAME_get_text_by_NID(X509_get_issuer_name(cert), - NID_commonName, buf, sizeof(buf)); + r = X509_NAME_get_text_by_NID(issuer, NID_commonName, buf, + sizeof buf); + CHECK_X509_NAME("cn_issuer"); macdefine(mac, A_TEMP, macid("{cn_issuer}"), xtextify(buf, "<>\")")); n = 0; @@ -1596,14 +1641,19 @@ tls_verify_cb(ctx, unused) { int ok; + /* + ** man SSL_CTX_set_cert_verify_callback(): + ** callback should return 1 to indicate verification success + ** and 0 to indicate verification failure. + */ + ok = X509_verify_cert(ctx); - if (ok == 0) + if (ok <= 0) { if (LogLevel > 13) return tls_verify_log(ok, ctx, "TLS"); - return 1; /* override it */ } - return ok; + return 1; } /* ** TLSLOGERR -- log the errors from the TLS error stack diff --git a/gnu/usr.sbin/sendmail/sendmail/udb.c b/gnu/usr.sbin/sendmail/sendmail/udb.c index 10f833d9c14..21e562cacac 100644 --- a/gnu/usr.sbin/sendmail/sendmail/udb.c +++ b/gnu/usr.sbin/sendmail/sendmail/udb.c @@ -15,9 +15,9 @@ #include "map.h" #if USERDB -SM_RCSID("@(#)$Sendmail: udb.c,v 8.164 2006/12/19 19:49:51 ca Exp $ (with USERDB)") +SM_RCSID("@(#)$Sendmail: udb.c,v 8.165 2010/01/10 06:22:00 ca Exp $ (with USERDB)") #else /* USERDB */ -SM_RCSID("@(#)$Sendmail: udb.c,v 8.164 2006/12/19 19:49:51 ca Exp $ (without USERDB)") +SM_RCSID("@(#)$Sendmail: udb.c,v 8.165 2010/01/10 06:22:00 ca Exp $ (without USERDB)") #endif /* USERDB */ #if USERDB @@ -1219,7 +1219,7 @@ _udbx_close() # endif /* DB_VERSION_MAJOR < 2 */ } if (tTd(28, 1)) - sm_dprintf("_udbx_init: db->close(%s)\n", + sm_dprintf("_udbx_close: db->close(%s)\n", up->udb_dbname); # endif /* NEWDB */ } diff --git a/gnu/usr.sbin/sendmail/sendmail/usersmtp.c b/gnu/usr.sbin/sendmail/sendmail/usersmtp.c index 14a78b253f6..b7ce2971c17 100644 --- a/gnu/usr.sbin/sendmail/sendmail/usersmtp.c +++ b/gnu/usr.sbin/sendmail/sendmail/usersmtp.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1998-2006, 2008 Sendmail, Inc. and its suppliers. + * Copyright (c) 1998-2006, 2008-2010 Sendmail, Inc. and its suppliers. * All rights reserved. * Copyright (c) 1983, 1995-1997 Eric P. Allman. All rights reserved. * Copyright (c) 1988, 1993 @@ -13,7 +13,7 @@ #include <sendmail.h> -SM_RCSID("@(#)$Sendmail: usersmtp.c,v 8.472 2008/01/31 18:48:29 ca Exp $") +SM_RCSID("@(#)$Sendmail: usersmtp.c,v 8.485 2010/07/23 21:09:38 ca Exp $") #include <sysexits.h> @@ -33,7 +33,6 @@ extern void sm_sasl_free __P((void *)); ** This protocol is described in RFC821. */ -#define REPLYCLASS(r) (((r) / 10) % 10) /* second digit of reply code */ #define SMTPCLOSING 421 /* "Service Shutting Down" */ #define ENHSCN(e, d) ((e) == NULL ? (d) : (e)) @@ -136,8 +135,7 @@ smtpinit(m, mci, e, onlyhelo) SmtpPhase = mci->mci_phase = "client greeting"; sm_setproctitle(true, e, "%s %s: %s", qid_printname(e), CurHostName, mci->mci_phase); - r = reply(m, mci, e, TimeOuts.to_initial, esmtp_check, NULL, - XS_DEFAULT); + r = reply(m, mci, e, TimeOuts.to_initial, esmtp_check, NULL, XS_GREET); if (r < 0) goto tempfail1; if (REPLYTYPE(r) == 4) @@ -183,7 +181,7 @@ tryhelo: r = reply(m, mci, e, bitnset(M_LMTP, m->m_flags) ? TimeOuts.to_lhlo : TimeOuts.to_helo, - helo_options, NULL, XS_DEFAULT); + helo_options, NULL, XS_EHLO); if (r < 0) goto tempfail1; else if (REPLYTYPE(r) == 5) @@ -336,7 +334,15 @@ str_union(s1, s2, rpool) l1 = strlen(s1); l2 = strlen(s2); rl = l1 + l2; - res = (char *) sm_rpool_malloc(rpool, rl + 2); + if (rl <= 0) + { + sm_syslog(LOG_WARNING, NOQID, + "str_union: stringlen1=%d, stringlen2=%d, sum=%d, status=overflow", + l1, l2, rl); + res = NULL; + } + else + res = (char *) sm_rpool_malloc(rpool, rl + 2); if (res == NULL) { if (l1 > l2) @@ -409,9 +415,7 @@ helo_options(line, firstline, m, mci, e) if (firstline) { -#if SASL - mci->mci_saslcap = NULL; -#endif /* SASL */ + mci_clr_extensions(mci); #if _FFR_IGNORE_EXT_ON_HELO logged = false; #endif /* _FFR_IGNORE_EXT_ON_HELO */ @@ -472,7 +476,8 @@ helo_options(line, firstline, m, mci, e) #if SASL else if (sm_strcasecmp(line, "auth") == 0) { - if (p != NULL && *p != '\0') + if (p != NULL && *p != '\0' && + !bitset(MCIF_AUTH2, mci->mci_flags)) { if (mci->mci_saslcap != NULL) { @@ -484,7 +489,7 @@ helo_options(line, firstline, m, mci, e) mci->mci_saslcap = str_union(mci->mci_saslcap, p, mci->mci_rpool); - mci->mci_flags |= MCIF_AUTH; + mci->mci_flags |= MCIF_AUTH2; } else { @@ -501,6 +506,9 @@ helo_options(line, firstline, m, mci, e) } } } + if (tTd(95, 5)) + sm_syslog(LOG_DEBUG, NOQID, "AUTH flags=%lx, mechs=%s", + mci->mci_flags, mci->mci_saslcap); } #endif /* SASL */ } @@ -1568,7 +1576,9 @@ attemptauth(m, mci, e, sai) sasl_interact_t *client_interact = NULL; char *mechusing; sasl_security_properties_t ssp; - char in64[MAXOUTLEN]; + + /* MUST NOT be a multiple of 4: bug in some sasl_encode64() versions */ + char in64[MAXOUTLEN + 1]; #if NETINET || (NETINET6 && SASL >= 20000) extern SOCKADDR CurHostAddr; #endif /* NETINET || (NETINET6 && SASL >= 20000) */ @@ -1604,13 +1614,11 @@ attemptauth(m, mci, e, sai) (void) memset(&ssp, '\0', sizeof(ssp)); /* XXX should these be options settable via .cf ? */ - { - ssp.max_ssf = MaxSLBits; - ssp.maxbufsize = MAXOUTLEN; + ssp.max_ssf = MaxSLBits; + ssp.maxbufsize = MAXOUTLEN; # if 0 - ssp.security_flags = SASL_SEC_NOPLAINTEXT; + ssp.security_flags = SASL_SEC_NOPLAINTEXT; # endif /* 0 */ - } saslresult = sasl_setprop(mci->mci_conn, SASL_SEC_PROPS, &ssp); if (saslresult != SASL_OK) return EX_TEMPFAIL; @@ -1770,7 +1778,8 @@ attemptauth(m, mci, e, sai) } else { - saslresult = sasl_encode64(out, outlen, in64, MAXOUTLEN, NULL); + saslresult = sasl_encode64(out, outlen, in64, sizeof(in64), + NULL); if (saslresult != SASL_OK) /* internal error */ { if (LogLevel > 8) @@ -1837,7 +1846,7 @@ attemptauth(m, mci, e, sai) if (outlen > 0) { saslresult = sasl_encode64(out, outlen, in64, - MAXOUTLEN, NULL); + sizeof(in64), NULL); if (saslresult != SASL_OK) { /* give an error reply to the other side! */ @@ -2172,7 +2181,7 @@ smtpmailfrom(m, mci, e) SmtpPhase = mci->mci_phase = "client MAIL"; sm_setproctitle(true, e, "%s %s: %s", qid_printname(e), CurHostName, mci->mci_phase); - r = reply(m, mci, e, TimeOuts.to_mail, NULL, &enhsc, XS_DEFAULT); + r = reply(m, mci, e, TimeOuts.to_mail, NULL, &enhsc, XS_MAIL); if (r < 0) { /* communications failure */ @@ -2424,7 +2433,7 @@ smtprcptstat(to, m, mci, e) } enhsc = NULL; - r = reply(m, mci, e, TimeOuts.to_rcpt, NULL, &enhsc, XS_DEFAULT); + r = reply(m, mci, e, TimeOuts.to_rcpt, NULL, &enhsc, XS_RCPT); save_errno = errno; to->q_rstatus = sm_rpool_strdup_x(e->e_rpool, SmtpReplyBuffer); to->q_status = ENHSCN_RPOOL(enhsc, smtptodsn(r), e->e_rpool); @@ -2585,7 +2594,7 @@ smtpdata(m, mci, e, ctladdr, xstart) mci->mci_state = MCIS_DATA; sm_setproctitle(true, e, "%s %s: %s", qid_printname(e), CurHostName, mci->mci_phase); - r = reply(m, mci, e, TimeOuts.to_datainit, NULL, &enhsc, XS_DEFAULT); + r = reply(m, mci, e, TimeOuts.to_datainit, NULL, &enhsc, XS_DATA); if (r < 0 || REPLYTYPE(r) == 4) { if (r >= 0) @@ -2719,7 +2728,7 @@ smtpdata(m, mci, e, ctladdr, xstart) CurHostName, mci->mci_phase); if (bitnset(M_LMTP, m->m_flags)) return EX_OK; - r = reply(m, mci, e, TimeOuts.to_datafinal, NULL, &enhsc, XS_DEFAULT); + r = reply(m, mci, e, TimeOuts.to_datafinal, NULL, &enhsc, XS_EOM); if (r < 0) return EX_TEMPFAIL; if (mci->mci_state == MCIS_DATA) @@ -2804,7 +2813,7 @@ smtpgetstat(m, mci, e) enhsc = NULL; /* check for the results of the transaction */ - r = reply(m, mci, e, TimeOuts.to_datafinal, NULL, &enhsc, XS_DEFAULT); + r = reply(m, mci, e, TimeOuts.to_datafinal, NULL, &enhsc, XS_DATA2); if (r < 0) return EX_TEMPFAIL; xstat = EX_NOTSTICKY; @@ -2890,8 +2899,7 @@ smtpquit(m, mci, e) SmtpPhase = "client QUIT"; mci->mci_state = MCIS_QUITING; smtpmessage("QUIT", m, mci); - (void) reply(m, mci, e, TimeOuts.to_quit, NULL, NULL, - XS_DEFAULT); + (void) reply(m, mci, e, TimeOuts.to_quit, NULL, NULL, XS_QUIT); SuprErrs = oldSuprErrs; if (mci->mci_state == MCIS_CLOSED) goto end; @@ -3230,14 +3238,17 @@ reply(m, mci, e, timeout, pfunc, enhstat, rtype) if (pfunc != NULL) (*pfunc)(bufp, firstline, m, mci, e); - firstline = false; - /* decode the reply code */ r = atoi(bufp); /* extra semantics: 0xx codes are "informational" */ if (r < 100) + { + firstline = false; continue; + } + + firstline = false; /* if no continuation lines, return this line */ if (bufp[3] != '-') diff --git a/gnu/usr.sbin/sendmail/sendmail/util.c b/gnu/usr.sbin/sendmail/sendmail/util.c index f8fd91df25f..e0161cccefe 100644 --- a/gnu/usr.sbin/sendmail/sendmail/util.c +++ b/gnu/usr.sbin/sendmail/sendmail/util.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1998-2007 Sendmail, Inc. and its suppliers. + * Copyright (c) 1998-2007, 2009 Sendmail, Inc. and its suppliers. * All rights reserved. * Copyright (c) 1983, 1995-1997 Eric P. Allman. All rights reserved. * Copyright (c) 1988, 1993 @@ -13,7 +13,7 @@ #include <sendmail.h> -SM_RCSID("@(#)$Sendmail: util.c,v 8.414 2007/11/02 17:30:38 ca Exp $") +SM_RCSID("@(#)$Sendmail: util.c,v 8.416 2009/12/18 17:05:26 ca Exp $") #include <sm/sendmail.h> #include <sysexits.h> @@ -868,7 +868,7 @@ xputs(fp, s) c &= 0177; } printchar: - if (isprint(c)) + if (isascii(c) && isprint(c)) { (void) sm_io_putc(fp, SM_TIME_DEFAULT, c); continue; @@ -895,7 +895,7 @@ xputs(fp, s) TermEscape.te_rv_on); shiftout = true; } - if (isprint(c)) + if (isascii(c) && isprint(c)) { (void) sm_io_putc(fp, SM_TIME_DEFAULT, '\\'); (void) sm_io_putc(fp, SM_TIME_DEFAULT, c); diff --git a/gnu/usr.sbin/sendmail/sendmail/version.c b/gnu/usr.sbin/sendmail/sendmail/version.c index 5ca8475cfc9..7b9e3fbc308 100644 --- a/gnu/usr.sbin/sendmail/sendmail/version.c +++ b/gnu/usr.sbin/sendmail/sendmail/version.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1998-2008 Sendmail, Inc. and its suppliers. + * Copyright (c) 1998-2011 Sendmail, Inc. and its suppliers. * All rights reserved. * Copyright (c) 1983 Eric P. Allman. All rights reserved. * Copyright (c) 1988, 1993 @@ -13,6 +13,6 @@ #include <sm/gen.h> -SM_RCSID("@(#)$Sendmail: version.c,v 8.208 2008/04/17 17:04:30 ca Exp $") +SM_RCSID("@(#)$Sendmail: version.c,v 8.227 2011/04/26 23:02:35 ca Exp $") -char Version[] = "8.14.3"; +char Version[] = "8.14.5"; diff --git a/gnu/usr.sbin/sendmail/vacation/vacation.c b/gnu/usr.sbin/sendmail/vacation/vacation.c index 9a603e92342..c17cc831c1f 100644 --- a/gnu/usr.sbin/sendmail/vacation/vacation.c +++ b/gnu/usr.sbin/sendmail/vacation/vacation.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1999-2002 Sendmail, Inc. and its suppliers. + * Copyright (c) 1999-2002, 2009 Sendmail, Inc. and its suppliers. * All rights reserved. * Copyright (c) 1983, 1987, 1993 * The Regents of the University of California. All rights reserved. @@ -14,13 +14,13 @@ #include <sm/gen.h> SM_IDSTR(copyright, -"@(#) Copyright (c) 1999-2001 Sendmail, Inc. and its suppliers.\n\ +"@(#) Copyright (c) 1999-2002, 2009 Sendmail, Inc. and its suppliers.\n\ All rights reserved.\n\ Copyright (c) 1983, 1987, 1993\n\ The Regents of the University of California. All rights reserved.\n\ Copyright (c) 1983 Eric P. Allman. All rights reserved.\n") -SM_IDSTR(id, "@(#)$Sendmail: vacation.c,v 8.144 2007/05/11 18:50:36 ca Exp $") +SM_IDSTR(id, "@(#)$Sendmail: vacation.c,v 8.146 2009/08/07 21:28:39 ca Exp $") #include <ctype.h> @@ -153,7 +153,7 @@ main(argc, argv) char *dbfilename = NULL; char *msgfilename = NULL; char *cfpath = NULL; - char *name; + char *name = NULL; char *returnaddr = NULL; SMDB_USER_INFO user_info; static char rnamebuf[MAXNAME]; @@ -299,7 +299,7 @@ main(argc, argv) "vacation: no such user uid %u.\n", getuid()); EXITM(EX_NOUSER); } - name = pw->pw_name; + name = strdup(pw->pw_name); user_info.smdbu_id = pw->pw_uid; user_info.smdbu_group_id = pw->pw_gid; (void) sm_strlcpy(user_info.smdbu_name, pw->pw_name, @@ -314,7 +314,7 @@ main(argc, argv) } else if (runasuser) { - name = *argv; + name = strdup(*argv); if (dbfilename == NULL || msgfilename == NULL) { msglog(LOG_NOTICE, @@ -358,7 +358,7 @@ main(argc, argv) sm_strexit(err)); EXITM(err); } - name = user.mbdb_name; + name = strdup(user.mbdb_name); if (chdir(user.mbdb_homedir) != 0) { msglog(LOG_NOTICE, @@ -371,6 +371,12 @@ main(argc, argv) (void) sm_strlcpy(user_info.smdbu_name, user.mbdb_name, SMDB_MAX_USER_NAME_LEN); } + if (name == NULL) + { + msglog(LOG_ERR, + "vacation: can't allocate memory for username.\n"); + EXITM(EX_OSERR); + } if (dbfilename == NULL) dbfilename = VDB; @@ -1032,6 +1038,14 @@ sendmessage(myname, msgfn, sender) (void *) &(pvect[1]), SM_IO_WRONLY, NULL)) != NULL) { +#if _FFR_VAC_WAIT4SM +# ifdef WAITUNION + union wait st; +# else /* WAITUNION */ + auto int st; +# endif /* WAITUNION */ +#endif /* _FFR_VAC_WAIT4SM */ + (void) sm_io_fprintf(sfp, SM_TIME_DEFAULT, "To: %s\n", From); (void) sm_io_fprintf(sfp, SM_TIME_DEFAULT, "Auto-Submitted: auto-replied\n"); @@ -1039,6 +1053,9 @@ sendmessage(myname, msgfn, sender) (void) sm_io_fputs(sfp, SM_TIME_DEFAULT, buf); (void) sm_io_close(mfp, SM_TIME_DEFAULT); (void) sm_io_close(sfp, SM_TIME_DEFAULT); +#if _FFR_VAC_WAIT4SM + (void) wait(&st); +#endif /* _FFR_VAC_WAIT4SM */ } else { |