| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| | |
|
| |
|
|
|
|
|
| |
An out of bounds read in smtpd allows an attacker to inject arbitrary
commands into the envelope file which are then executed as root.
Separately, missing privilege revocation in smtpctl allows arbitrary
commands to be run with the _smtpq group.
|
| |
|
|
|
|
| |
now that static tables handle their updates internally.
ok gilles@
|
| |
|
|
| |
ok millert@
|
| |
|
|
|
|
|
|
|
| |
of functions creating, looking up or destroying tables.
this is a first step in cleaning up parse.y so it doesn't have side effects
outside of parse_config(), bringing nothing but making code cleaner.
ok millert@
|
| |
|
|
|
|
| |
really help us with anything, propagate the change in codebase
ok millert@
|
| |
|
|
| |
ok gilles@
|
| |
|
|
| |
Ok millert@ gilles@
|
| |
|
|
|
|
|
|
|
| |
The only major difference was the "log_trace" concept that is only
used by smtpd - move it from log.c into util.c and make it a local
concept. This also needed to rename the global "verbose" variable to
"tracing" in a few places.
OK krw@ gilles@ eric@
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Just NULL is not good practise as NULL is theoretically allowed to
be an integer rather than a pointer.
Use (char *)NULL consistently instead of scattering a few (char *)0
and (void *)NULL into the mix.
Prompted by and probably ok deraadt@ millert@ kettenis@
Definitely ok mestre@ ratchov@
|
| |
|
|
|
|
|
|
|
|
| |
work because it requires dbopen() to be the call that creates the db, while
we want mkstemp() to create an empty db ourselves.
it has never worked, no one could ever create a recno db with our makemap &
no one actually noticed so drop it.
ok millert@, sunil@, jung@
|
| |
|
|
|
|
|
|
|
|
|
| |
Avoid multiple getopt(3) evaluations without optreset set and
unspecified behavior of optind = 0 as per POSIX. Instead, iterate
over argv the first time for classification. Fixes -portable without
any divergence from -current, and all newaliases opts are handled
in one place.
Looks good to me millert@
Ok gilles@ jung@ eric@
|
| |
|
|
|
|
|
|
|
|
| |
move to destination when done. this causes dbopen() to be called with an
empty file which happens to... not work with other db libraries.
adding O_TRUNC is noop for us, fixes the issue for other libraries and
lets us reduce delta between us and portable.
ok sunil@, ok eric@
|
| |
|
|
|
|
| |
no binary change
ok millert
|
| |
|
|
|
|
| |
The DB file being written is a temp file, so O_EXLOCK is unnecesary.
ok sunil@ gilles@
|
| |
|
|
| |
Suggested by guenther@ Ok gilles@
|
| |
|
|
| |
ok sunil@ gilles@
|
| |
|
|
| |
Ok gilles@, jung@
|
| |
|
|
| |
Ok millert@ gilles@
|
| |
|
|
| |
ok millert@, ok jung@
|
| |
|
|
|
| |
how broken other systems are.
ok guenther gilles
|
| |
|
|
|
|
| |
the permissions are even more restrictive than they should.
misc bug reported by qualys
|
| |
|
|
|
|
| |
each .c file, and out of the .h files. To avoid overinclude.
ok gilles, in principle. If this has been done right, -portable should
become easier to maintain.
|
| |
|
|
|
|
|
|
|
| |
possible. Annotate <sys/param.h> lines with their current reasons. Switch
to PATH_MAX, NGROUPS_MAX, HOST_NAME_MAX+1, LOGIN_NAME_MAX, etc. Change
MIN() and MAX() to local definitions of MINIMUM() and MAXIMUM() where
sensible to avoid pulling in the pollution. These are the files confirmed
through binary verification.
ok guenther, millert, doug (helped with the verification protocol)
|
| | |
|
| |
|
|
|
|
|
| |
dictionnary (currently not set). While there, add a helper for forking
external backends, and remove unused table functions.
ok gilles@
|
| |
|
|
| |
bzero -> memset
|
| |
|
|
| |
ok gilles@
|
| | |
|
| |
|
|
| |
ok gilles@
|
| |
|
|
| |
ok gilles
|
| |
|
|
|
|
| |
some log message updates.
ok gilles@
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* first bricks of ldap and sqlite support (not finished but both working)
* new table API to replace map API, all lookups are done through tables
* improved handling of temporary errors throughout the daemon
* improved scheduler and mta logic: connection reuse, optimizes batches
* improved queue: more tolerant to admin errors, new layout, less disk-IO
* improved memory usage under high load
* SSL certs/keys isolated to lookup process to avoid facing network
* VIRTUAL support improved, fully virtual setups possible now
* runtime tracing of processes through smtpctl trace
* ssl_privsep.c sync-ed with relayd
* ssl.c no longer contains smtpd specific interfaces
* smtpd-specific ssl bits moved to ssl_smtpd.c
* update mail address in copyright
FLUSH YOUR QUEUE. FLUSH YOUR QUEUE. FLUSH YOUR QUEUE. FLUSH YOUR QUEUE.
smtpd.conf(5) simplified, it will require adaptations
ok eric@
|
| |
|
|
| |
ok gilles@
|
| |
|
|
|
|
| |
filename and imply it otherwise so that the following works:
makemap hash /etc/mail/aliases < aliases
|
| |
|
|
|
|
|
|
| |
smtpd already does it, but this allows spotting a cycle at makemap time, so
user isn't surprised at runtime.
while at it, be more tolerant when user specifies /etc/mail/aliases instead
of /etc/mail/aliases.db
|
| |
|
|
|
|
|
|
| |
that assume sendmail do not break ... add support for reading map source
from stdin, for specifying the DBTYPE of a map, and teach OUR makemap to
emulate sendmail interface.
ok eric@
|
| |
|
|
| |
ok eric@ gilles@
|
| |
|
|
|
|
|
| |
data left on return, since the RB compare functions uses memcmp(). While
there, remove all calls to bzero() before alias_parse().
ok gilles@
|
| |
|
|
| |
ok gilles@
|
| |
|
|
| |
ok eric@
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
- replace all calls to lowercase() with calls to xlowercase()
- in the format string expansion, lowercase() all formats
we will have to reassess all calls to xlowercase() even though it has never
triggered as far as I know, we can probably gracefully fail some of them.
right now we're just keeping former behaviour.
this commit fixes issue reported by Hugo Osvaldo Barrera where a %u format
could lead to a delivery failure (ie: GILLES@openbsd.org should be expanded
to gilles, not GILLES ... only for local deliveries).
ok chl@ on the idea, ok eric@ on the diff
|
| |
|
|
| |
with/ok gilles@
|
| |
|
|
|
| |
spotted by Christopher Zimmermann
ok gilles@
|
| |
|
|
| |
discussed with and ok gilles@
|
| |
|
|
| |
no functionnal change
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
- kill struct alias, struct expandnode is used instead
- introduce map_parse_alias() and map_parse_virtual()
- aliases and virtual code no longer assume db(3) but use the map API which
lets them become backend agnostic AND value-checked. this actually makes
the code simpler by removing all values parsing from aliases.c
- rename K_SECRETS -> K_SECRET, K_ALIASES -> K_ALIAS for consistency the
enum has singular names.
- aliases, virtual and forward now work with an expandtree and deal with
multiple levels of resolving by merging expandtree's
more coming soon ;)
|
| |
|
|
|
| |
beginning of the key (ie: "gilles: bleh" should not be stored as
key[gilles] val[ bleh])
|
deraadt
millert
eric
mortimer
gilles
sunil
reyk
krw
jung
guenther
tobias
chl
jasper