now that mail.local(8) relies on lockspool(1) for mailbox locking, have the

mailbox created by smtpd for mbox before privileges are dropped then we can call mail.local(8) with the recipient privileges. ok millert@
author: gilles <gilles@openbsd.org> 2020-02-03 15:41:22 +0000
committer: gilles <gilles@openbsd.org> 2020-02-03 15:41:22 +0000
commit: 68213f7bd16c56552340e7361fd6095419a65b6b (patch)
tree: 10dd60f0d3b6a8cc33fd7df1ca46e0fadf4f8976 /usr.sbin/smtpd
parent: Instead of passing titles through vis() which doubles backslashes, just (diff)
download: wireguard-openbsd-68213f7bd16c56552340e7361fd6095419a65b6b.tar.xz
wireguard-openbsd-68213f7bd16c56552340e7361fd6095419a65b6b.zip
4 files changed, 41 insertions, 8 deletions
diff --git a/usr.sbin/smtpd/mda_mbox.c b/usr.sbin/smtpd/mda_mbox.c
index e664bb3e933..b0bf1caf05c 100644
--- a/usr.sbin/smtpd/mda_mbox.c
+++ b/usr.sbin/smtpd/mda_mbox.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: mda_mbox.c,v 1.1 2020/01/31 22:01:20 gilles Exp $	*/
+/*	$OpenBSD: mda_mbox.c,v 1.2 2020/02/03 15:41:22 gilles Exp $	*/
 
 /*
  * Copyright (c) 2018 Gilles Chehade <gilles@poolp.org>
@@ -17,6 +17,7 @@
  */
 
 #include <sys/types.h>
+#include <sys/stat.h>
 #include <sys/queue.h>
 #include <sys/tree.h>
 #include <sys/socket.h>
@@ -24,11 +25,13 @@
 #include <err.h>
 #include <errno.h>
 #include <event.h>
+#include <fcntl.h>
 #include <imsg.h>
 #include <paths.h>
 #include <stdio.h>
 #include <stdlib.h>
 #include <string.h>
+#include <sysexits.h>
 #include <unistd.h>
 #include <limits.h>
 
@@ -55,10 +58,35 @@ mda_mbox(struct deliver *deliver)
 		ret = snprintf(sender, sizeof sender, "%s@%s",
 			       deliver->sender.user, deliver->sender.domain);
 	if (ret < 0 || (size_t)ret >= sizeof sender)
-		errx(1, "sender address too long");
+		errx(EX_TEMPFAIL, "sender address too long");
 
 	execle(PATH_MAILLOCAL, PATH_MAILLOCAL, "-f",
 	       sender, deliver->userinfo.username, (char *)NULL, envp);
 	perror("execl");
-	_exit(1);
+	_exit(EX_TEMPFAIL);
+}
+
+void
+mda_mbox_init(struct deliver *deliver)
+{
+	int	fd;
+	int	ret;
+	char	buffer[LINE_MAX];
+
+	ret = snprintf(buffer, sizeof buffer, "%s/%s",
+	    _PATH_MAILDIR, deliver->userinfo.username);
+	if (ret < 0 || (size_t)ret >= sizeof buffer)
+		errx(EX_TEMPFAIL, "mailbox pathname too long");
+
+	if ((fd = open(buffer, O_CREAT|O_EXCL, 0)) == -1) {
+		if (errno == EEXIST)
+			return;
+		err(EX_TEMPFAIL, "open");
+	}
+
+	if (fchown(fd, deliver->userinfo.uid, deliver->userinfo.gid) == -1)
+		err(EX_TEMPFAIL, "fchown");
+
+	if (fchmod(fd, S_IRUSR|S_IWUSR) == -1)
+		err(EX_TEMPFAIL, "fchown");
 }
diff --git a/usr.sbin/smtpd/parse.y b/usr.sbin/smtpd/parse.y
index 44fcf824fa8..e3a02430be3 100644
--- a/usr.sbin/smtpd/parse.y
+++ b/usr.sbin/smtpd/parse.y
@@ -1,4 +1,4 @@
-/*	$OpenBSD: parse.y,v 1.275 2020/02/02 22:13:48 gilles Exp $	*/
+/*	$OpenBSD: parse.y,v 1.276 2020/02/03 15:41:22 gilles Exp $	*/
 
 /*
  * Copyright (c) 2008 Gilles Chehade <gilles@poolp.org>
@@ -663,7 +663,6 @@ dispatcher_local_option dispatcher_local_options
 dispatcher_local:
 MBOX {
 	dispatcher->u.local.is_mbox = 1;
-	dispatcher->u.local.user = xstrdup("root");
 	asprintf(&dispatcher->u.local.command, "/usr/libexec/mail.local -f %%{mbox.from} -- %%{user.username}");
 } dispatcher_local_options
 | MAILDIR {
diff --git a/usr.sbin/smtpd/smtpd.c b/usr.sbin/smtpd/smtpd.c
index 5341b6c6649..ada126cbe02 100644
--- a/usr.sbin/smtpd/smtpd.c
+++ b/usr.sbin/smtpd/smtpd.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: smtpd.c,v 1.330 2020/02/01 12:54:38 gilles Exp $	*/
+/*	$OpenBSD: smtpd.c,v 1.331 2020/02/03 15:41:22 gilles Exp $	*/
 
 /*
  * Copyright (c) 2008 Gilles Chehade <gilles@poolp.org>
@@ -1084,7 +1084,7 @@ smtpd(void) {
 	purge_task();
 
 	if (pledge("stdio rpath wpath cpath fattr tmppath "
-	    "getpw sendfd proc exec id inet unix", NULL) == -1)
+	    "getpw sendfd proc exec id inet chown unix", NULL) == -1)
 		err(1, "pledge");
 
 	event_dispatch();
@@ -1510,6 +1510,11 @@ forkmda(struct mproc *p, uint64_t id, struct deliver *deliver)
 		m_close(p);
 		return;
 	}
+
+	/* mbox helper, create mailbox before privdrop if it doesn't exist */
+	if (dsp->u.local.is_mbox)
+		mda_mbox_init(deliver);
+
 	if (chdir(pw_dir) == -1 && chdir("/") == -1)
 		err(1, "chdir");
 	if (setgroups(1, &pw_gid) ||
diff --git a/usr.sbin/smtpd/smtpd.h b/usr.sbin/smtpd/smtpd.h
index 619cf2c71f5..c7952ff3129 100644
--- a/usr.sbin/smtpd/smtpd.h
+++ b/usr.sbin/smtpd/smtpd.h
@@ -1,4 +1,4 @@
-/*	$OpenBSD: smtpd.h,v 1.652 2020/01/31 22:01:20 gilles Exp $	*/
+/*	$OpenBSD: smtpd.h,v 1.653 2020/02/03 15:41:22 gilles Exp $	*/
 
 /*
  * Copyright (c) 2008 Gilles Chehade <gilles@poolp.org>
@@ -1419,6 +1419,7 @@ void mda_imsg(struct mproc *, struct imsg *);
 
 
 /* mda_mbox.c */
+void mda_mbox_init(struct deliver *);
 void mda_mbox(struct deliver *);
author	gilles <gilles@openbsd.org>	2020-02-03 15:41:22 +0000
committer	gilles <gilles@openbsd.org>	2020-02-03 15:41:22 +0000
commit	68213f7bd16c56552340e7361fd6095419a65b6b (patch)
tree	10dd60f0d3b6a8cc33fd7df1ca46e0fadf4f8976 /usr.sbin/smtpd
parent	Instead of passing titles through vis() which doubles backslashes, just (diff)
download	wireguard-openbsd-68213f7bd16c56552340e7361fd6095419a65b6b.tar.xz wireguard-openbsd-68213f7bd16c56552340e7361fd6095419a65b6b.zip