system/freebsd-src
system/freebsd-src
1
0
Fork 0
mirror of https://github.com/freebsd/freebsd-src synced 2024-10-15 21:05:08 +00:00
Code Issues Packages Projects Releases Wiki Activity

This commit was generated by cvs2svn to compensate for changes in r27876,

Browse source 
which included commits to RCS files with non-trunk default branches.
This commit is contained in:
Peter Wemm 1997-08-04 05:00:07 +00:00
parent 545b4bd240 e54babdf0c
commit 561f1ee45f
Notes: svn2git 2020-12-20 02:59:44 +00:00 
svn path=/head/; revision=27877
23 changed files with 727 additions and 259 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
usr.sbin/sendmail/FAQ
View file

@ -1,11 +1,11 @@
The FAQ is no longer maintained with the sendmail release. It is
posted regularly to comp.mail.sendmail, comp.mail.misc, comp.mail.smail,
comp.answers, and news.answers, and can be obtained via anonymous FTP
from ftp://rtfm.mit.edu/pub/usenet/news.answers/mail/sendmail-faq.
from ftp://rtfm.mit.edu/pub/usenet/news.answers/mail/sendmail-faq/.
If you do not have access to anonymous FTP, you can retrieve it by
sending email to mail-server@rtfm.mit.edu with the command "send
usenet/news.answers/mail/sendmail-faq" in the message.
An HTML version is also available at http://www.sendmail.org/faq.
An HTML version is also available at http://www.sendmail.org/faq/.
--Eric Allman 14 June 1997
--Eric Allman 19 June 1997

38
usr.sbin/sendmail/READ_ME
View file

@ -1,5 +1,5 @@
/*-
* @(#)READ_ME 8.30 (Berkeley) 5/8/97
* @(#)READ_ME 8.32 (Berkeley) 7/6/97
*/
SENDMAIL RELEASE 8
@ -164,10 +164,10 @@ RFC1035.
IF YOU WANT TO RUN THE NEW BERKELEY DB SOFTWARE: **** DO NOT ****
use the version that was on the Net2 tape -- it has a number of
nefarious bugs that were bad enough when I got them; you shouldn't have
to go through the same thing. Instead, get a new version via public
FTP from ftp.sleepycat.com, file db/packages/db.1.85.tar.gz. This
software is highly recommended; it gets rid of several stupid limits, it's
much faster, and the interface is nicer to animals and plants. You will
to go through the same thing. Instead, get a new version via the web at
http://www.sleepycat.com/packages/db.1.85.tar.gz. This software is
highly recommended; it gets rid of several stupid limits, it's much
faster, and the interface is nicer to animals and plants. You will
also probably find that you have to add -I/where/you/put/db/include
to the sendmail makefile to get db.h to work properly.
@ -253,6 +253,34 @@ Makefiles, so you could drop it in as your default make.
For more details, see src/READ_ME.
+-----------------------+
| DIRECTORY PERMISSIONS |
+-----------------------+
Sendmail often gets blamed for many problems that are actually the
result of other problems, such as overly permissive modes on directories.
For this reason, sendmail checks the modes on system directories and
files to determine if they have been trusted. For sendmail to run
without complaining, you MUST execute the following command:
chmod go-w / /etc /usr /var /var/spool /var/spool/mqueue
You will probably have to tweak this for your environment (for example,
some systems put the spool directory into /usr/spool instead of
/var/spool). As a general rule, after you have compiled sendmail,
run the command
sendmail -v -bi
to initialize the alias database. If it gives messages such as
WARNING: writable directory /etc
WARNING: writable directory /usr/spool/mqueue
then the directories listed have inappropriate write permissions and
should be secured to avoid various possible security attacks.
+---------------------+
| DIRECTORY STRUCTURE |
+---------------------+

155
usr.sbin/sendmail/RELEASE_NOTES
View file

@ -1,11 +1,163 @@
SENDMAIL RELEASE NOTES
@(#)RELEASE_NOTES 8.8.6.11 (Berkeley) 6/14/97
@(#)RELEASE_NOTES 8.8.7.7 (Berkeley) 8/3/97
This listing shows the version of the sendmail binary, the version
of the sendmail configuration files, the date of release, and a
summary of the changes in that release.
8.8.7/8.8.7 97/08/03
If using Berkeley DB on systems without O_EXLOCK (open a file with
an exclusive lock already set -- i.e., almost all systems
except 4.4-BSD derived systems), the initial attempt at
rebuilding aliases file if the database didn't already
exist would fail. Patch from Raymund Will of LST Software
GmbH.
Bogus incoming SMTP commands would reset the SMTP conversation.
Problem noted by Fredrik Jönsson of the Royal Institute
of Technology, Stockholm.
Since TCP Wrappers includes setenv(), unsetenv(), and putenv(),
some environments could give "multiple definitions" for these
routines during compilation. If using TCP Wrappers, assume
that these routines are included as though they were in the
C library. Patch from Robert La Ferla.
When a NEWDB database map was rebuilt at the same time it was being
used by a queue run, the maps could be left locked for the
duration of the queue run, causing other processes to hang.
Problem noted by Kendall Libby of Shore.NET.
In some cases, NoRecipientAction=add-bcc was being ignored, so the
mail was passed on without any recipient header. This could
cause problems downstream. Problem noted by Xander Jansen
of SURFnet ExpertiseCentrum.
Give error when GDBM is used with sendmail. GDBM's locking and
linking of the .dir and .pag files interferes with sendmail's
locking and security checks. Problems noted by Fyodor
Yarochkin of the Kyrgyz Republic FreeNet.
Don't fsync qf files if SuperSafe option is not set.
Avoid extra calls to gethostbyname for addresses for which a
gethostbyaddr found no value. Also, ignore any returns
from gethostbyaddr that look like a dotted quad.
If PTR lookup fails when looking up an SMTP peer, don't tag it as
"may be forged", since at the network level we pretty much
have to assume that the information is good.
In some cases, errors during an SMTP session could leave files
open or locked.
Better handling of missing file descriptors (0, 1, 2) on startup.
Better handling of non-setuid binaries -- avoids certain obnoxious
errors during testing.
Errors in file locking of NEWDB maps had the incorrect file name
printed in the error message.
If the AllowBogusHELO option were set and an EHLO with a bad or
missing parameter were issued, the EHLO behaved like a HELO.
Load limiting never kicked in for incoming SMTP transactions if the
DeliverMode=background and any recipient was an alias or
had a .forward file. From Nik Conwell of Boston University.
On some non-Posix systems, the decision of whether chown(2) permits
file giveaway was undefined. From Tetsu Ushijima of the
Tokyo Institute of Technology.
Fix race condition that could cause the body of a message to be
lost (so only the header was delivered). This only occurs
on systems that do not use flock(2), and only when a queue
runner runs during a critical section in another message
delivery. Based on a patch from Steve Schweinhart of
Results Computing.
If a qf file was found in a mail queue directory that had a problem
(wrong ownership, bad format, etc.) and the file name was
exactly MAXQFNAME bytes long, then instead of being tried
once, it would be tried on every queue run. Problem noted
by Bryan Costales of Mercury Mail.
If the system supports an st_gen field in the status structure,
include it when reporting that a file has changed after open.
This adds a new compile flag, HAS_ST_GEN (0/1 option).
This out to be checked as well as reported, since it is
theoretically possible for an attacker to remove a file after
it is opened and replace it with another file that has the
same i-number, but some filesystems (notably AFS) return
garbage in this field, and hence always look like the file
has changed. As a practical matter this is not a security
problem, since the files can be neither hard nor soft links,
and on no filesystem (that I am aware of) is it possible to
have two files on the same filesystem with the same i-number
simultaneously.
Delete the root Makefile from the distribution -- it is only for
use internally, and does not work at customer sites.
Fix botch that caused the second MAIL FROM: command in a single
transaction to clear the entire transaction. Problem
noted by John Kennedy of Cal State University, Chico.
Work properly on machines that have _PATH_VARTMP defined without
a trailing slash. (And a pox on vendors that decide to
ignore the established conventions!) Problem noted by
Gregory Neil Shapiro of WPI.
Internal changes to make it easier to add another protocol family
(intended for IPv6). Patches are from John Kennedy of
CSU Chico.
In certain cases, 7->8 bit MIME decoding of Base64 text could leave
an extra space at the beginning of some lines. Problem
noted by Charles Karney of Princeton University; fix based
on a patch from Christophe Wolfhugel.
Portability:
Allow _PATH_VENDOR_CF to be set in Makefile for consistency
with the _Sendmail_ book, 2nd edition. Note that
the book is actually wrong: _PATH_SENDMAILCF should
be used instead.
AIX 3.x: Include <sys/select.h>. Patch from Gene Rackow
of Argonne National Laboratory.
OpenBSD from from Paul DuBois of the University of Wisconsin.
RISC/os 4.0 from Paul DuBois of the University of Wisconsin.
SunOS: Include <memory.h> to fix warning from util.c. From
James Aldridge of EUnet Ltd.
Solaris: Change STDIR (location of status file) to /etc/mail
in Makefiles.
Linux, Dynix, UNICOS: Remove -DNDBM and -lgdbm from
Makefiles. Use NEWDB on Linux instead.
NCR MP-RAS 3.x with STREAMware TCP/IP: SIOCGIFNUM ioctl
exists but behaves differently than other OSes.
Add SIOCGIFNUM_IS_BROKEN compile flag to get
around the problem. Problem noted by Tom Moore of
NCR Corp.
HP-UX 9.x: fix compile warnings for old select API. Problem
noted by Tom Smith of Digital Equipment Corp.
UnixWare 2.x: compile warnings on offsetof macro. Problem
noted by Tom Good of the Community Access Information
Resource Network
SCO 4.2: compile problems caused by a change in the type of
the "length" parameters passed to accept, getpeername,
getsockname, and getsockopt. Adds new compile flags
SOCKADDR_SIZE_T and SOCKOPT_SIZE_T. Problem reported
by Tom Good of St. Vincent's North Richmond Community
Mental Health Center Residential Services.
AIX 4: Use size_t for SOCKADDR_SIZE_T and SOCKOPT_SIZE_T.
Suggested by Brett Hogden of Rochester Gas & Electric
Corp.
Linux: avoid compile problem for versions of <setjmp.h> that
#define both setjmp and longjmp. Problem pointed out
by J.R. Oldroyd of TerraNet.
CONFIG: SCO UnixWare 2.1: Support for OSTYPE(sco-uw-2.1)
from Christopher Durham of SCO.
CONFIG: NEXTSTEP: define confCW_FILE to
/etc/sendmail/sendmail.cw to match the usual
configuration. Patch from Dennis Glatting of
PlainTalk.
CONFIG: MAILER(fax) called a program that hasn't existed for a long
time. Convert to use the HylaFAX 4.0 conventions. Suggested
by Harry Styron.
CONFIG: Improve sample anti-spam rulesets in cf/cf/knecht.mc. These
are the rulesets in use on sendmail.org.
MAKEMAP: give error on GDBM files.
MAIL.LOCAL: Make error messages a bit more explicit, for example,
telling more details on what actually changed when "file
changed after open".
CONTRIB: etrn.pl: Ignore comments in Fw files. Support multiple Fw
files.
CONTRIB: passwd-to-alias.pl: Handle 8 bit characters and '-'.
NEW FILES:
src/Makefiles/Makefile.OpenBSD
src/Makefiles/Makefile.RISCos.4_0
test/t_exclopen.c
cf/ostype/sco-uw-2.1.m4
DELETED FILES:
Makefile
8.8.6/8.8.6 97/06/14
*************************************************************
* The extensive assistance of Gregory Neil Shapiro of WPI *
@ -303,7 +455,6 @@ summary of the changes in that release.
cf/ostype/gnuhurd.m4
cf/ostype/irix6.m4
contrib/passwd-to-alias.pl
test/t_exclopen.c
src/Makefiles/Makefile.IRIX64.6.1
src/Makefiles/Makefile.IRIX64.6.x
RENAMED FILES:

135
usr.sbin/sendmail/cf/README
View file

@ -4,7 +4,7 @@
Eric Allman <eric@CS.Berkeley.EDU>
@(#)README 8.120 (Berkeley) 6/14/97
@(#)README 8.122 (Berkeley) 7/6/97
This document describes the sendmail configuration files being used
@ -443,8 +443,8 @@ usenet Usenet (network news) delivery. If this is specified,
and may be considered a security problem.
fax Facsimile transmission. This is experimental and based
on Sam Leffler's FlexFAX software. For more information,
see below.
on Sam Leffler's HylaFAX software. For more information,
see http://www.vix.com/hylafax/.
pop Post Office Protocol.
@ -1297,133 +1297,6 @@ In general, file giveaways are a mistake -- if you can turn them
off I recommend you do so.
+------------------+
| FlexFAX SOFTWARE |
+------------------+
Sam Leffler's FlexFAX software is still in beta test -- but he expects a
public version out "later this week" [as of 3/1/93]. The following
blurb is direct from Sam:
$Header: /usr/people/sam/fax/RCS/HOWTO,v 1.14 93/05/24 11:42:16 sam Exp $
How To Obtain This Software (in case all you get is this file)
--------------------------------------------------------------
The source code is available for public ftp on
sgi.com sgi/fax/v2.1.src.tar.Z
(192.48.153.1)
You can also obtain inst'able images for Silicon Graphics machines from
sgi.com sgi/fax/v2.1.inst.tar
(192.48.153.1)
For example,
% ftp -n sgi.com
....
ftp> user anonymous
... <type in password>
ftp> cd sgi/fax
ftp> binary
ftp> get v2.1.src.tar.Z
In general, the latest version of the 2.1 release of the software is
always available as "v2.1.src.tar.Z" or "v2.1.inst.tar" in the ftp
directory. This file is a link to the appropriate released version (so
don't waste your time retrieving the linked file as well!) Any files of
the form v2.1.*.patch are shell scripts that can be used to patch older
versions of the source code. For example, the file v2.1.0.patch would
contain patches to update v2.1.0.tar.Z. (Note to beta testers: this is
different than the naming conventions used during beta testing.) Patch
files only work to go between consecutive versions, so if you are
multiple versions behind the latest release, you will need to apply
each patch file between your current version and the latest.
Obtaining the Software by Electronic Mail
-----------------------------------------
Do not send me requests for the software; they will be ignored (without
response). If you cannot use FTP at all, there is a service called
"ftpmail" available from gatekeeper.dec.com: you can send e-mail to
this machine and it will use FTP to retrieve files for you and send you
the files back again via e-mail. To find out more about the ftpmail
service, send a message to "ftpmail@gatekeeper.dec.com" whose body
consists of the single line "help".
Obtaining the Software Within Silicon Graphics
----------------------------------------------
Internal to Silicon Graphics there are inst'able images on the host
flake.asd in the directory /usr/dist. Thus you can do something like:
% inst -f flake.asd.sgi.com:/usr/dist/flexfax
to install the latest version of the software on your machine.
What to do Once You've Retrieved Stuff
--------------------------------------
The external distributions come in a compressed or uncompressed tar
file. To extract the source distribution:
% zcat v2.1.src.tar.Z | tar xf -
(uncompress and extract individual files in current directory). To
unpack and install the client portion of the inst'able distribution:
% mkdir dist
% cd dist; tar xf ../v2.1.inst.tar; cd ..
% inst -f dist/flexfax
...
inst> go
(Note, the dist subdirectory is because some versions of inst fail if
the files are in the current directory.) Server binaries are also
included in the inst'able images as flexfax.server.*. They are not
installed by default, so to get them also you need to do:
% inst -f flexfax
...
inst> install flexfax.server.*
inst> go
The SGI binaries were built for Version 4.0.5H of the IRIX operating
system. They should work w/o problem on earlier versions of the
system, but I have not fully tested this. Also, note that to install a
server on an SGI machine, you need to have installed the Display
PostScript execution environment product (dps_eoe). Otherwise, the fax
server will not be able to convert PostScript to facsimile for
transmission.
If you are working from the source distribution, look at the file
README in the top of the source tree. If you are working from the inst
images, the subsystem flexfax.man.readme contains the README file and
other useful pieces of information--the installed files are placed in
the directory /usr/local/doc/flexfax). Basically you will need to run
the faxaddmodem script to setup and configure your fax modem. Consult
the README file and the manual page for faxaddmodem for information.
FlexFAX Mail List
-----------------
A mailing list for users of this software is located on sgi.com.
If you want to join this mailing list or have a list-related request
such as getting your name removed from it, send a request to
majordomo@whizzer.wpd.sgi.com
For example, to subscribe, send the line "subscribe flexfax" in
the body of your message. The line "help" will return a list of
the commands understood by the mailing list management software.
Submissions (including bug reports) should be directed to:
flexfax@sgi.com
When corresponding about this software please always specify what
version you have, what system you're running on, and, if the problem is
specific to your modem, identify the modem and firmware revision.
+--------------------------------+
| TWEAKING CONFIGURATION OPTIONS |
+--------------------------------+
@ -1905,7 +1778,7 @@ MAILERS
1 [e]smtp, relay SMTP channel
2 uucp-* UNIX-to-UNIX Copy Program
3 netnews Network News delivery
4 fax Sam Leffler's FlexFAX software
4 fax Sam Leffler's HylaFAX software
5 mail11 DECnet mailer

6
usr.sbin/sendmail/cf/m4/proto.m4
View file

@ -34,7 +34,7 @@ divert(-1)
#
divert(0)
VERSIONID(`@(#)proto.m4 8.149 (Berkeley) 4/30/97')
VERSIONID(`@(#)proto.m4 8.151 (Berkeley) 7/31/97')
MAILER(local)dnl
@ -871,7 +871,9 @@ S93
# handle generics database
define(`X', ifdef(`GENERICS_TABLE', `', `#'))dnl
X`'R$+ < @ $=G . > $: < $1@$2 > $1 < @ $2 . > @ mark
ifdef(`_GENERICS_ENTIRE_DOMAIN_',
`X`'R$+ < @ $* $=G . > $: < $1@$2$3 > $1 < @ $2$3 . > @ mark',
`X`'R$+ < @ $=G . > $: < $1@$2 > $1 < @ $2 . > @ mark')
X`'R$+ < @ *LOCAL* > $: < $1@$j > $1 < @ *LOCAL* > @ mark
X`'R< $+ > $+ < $* > @ $: < $(generics $1 $: $) > $2 < $3 >
X`'R< > $+ < @ $+ > $: < $(generics $1 $: $) > $1 < @ $2 >

4
usr.sbin/sendmail/cf/m4/version.m4
View file

@ -32,8 +32,8 @@ divert(-1)
# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
# SUCH DAMAGE.
#
VERSIONID(`@(#)version.m4 8.8.6.1 (Berkeley) 6/14/97')
VERSIONID(`@(#)version.m4 8.8.7.1 (Berkeley) 8/1/97')
#
divert(0)
# Configuration version number
DZ8.8.6`'ifdef(`confCF_VERSION', `/confCF_VERSION')
DZ8.8.7`'ifdef(`confCF_VERSION', `/confCF_VERSION')

10
usr.sbin/sendmail/cf/mailer/fax.m4
View file

@ -4,7 +4,9 @@ PUSHDIVERT(-1)
# Copyright (c) 1988, 1993
# The Regents of the University of California. All rights reserved.
#
# This assumes you already have Sam Leffler's FAX software.
# This assumes you already have Sam Leffler's HylaFAX software.
#
# Tested with HylaFAX 4.0pl1
#
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions
@ -36,9 +38,9 @@ PUSHDIVERT(-1)
#
ifdef(`FAX_MAILER_ARGS',,
`define(`FAX_MAILER_ARGS', mailfax $u $h $f)')
`define(`FAX_MAILER_ARGS', faxmail -d $u@$h $f)')
ifdef(`FAX_MAILER_PATH',,
`define(`FAX_MAILER_PATH', /usr/local/lib/fax/mailfax)')
`define(`FAX_MAILER_PATH', /usr/local/bin/faxmail)')
ifdef(`FAX_MAILER_MAX',,
`define(`FAX_MAILER_MAX', 100000)')
POPDIVERT
@ -46,7 +48,7 @@ POPDIVERT
### FAX Mailer specification ###
####################################
VERSIONID(`@(#)fax.m4 8.5 (Berkeley) 5/10/96')
VERSIONID(`@(#)fax.m4 8.6 (Berkeley) 7/6/97')
Mfax, P=FAX_MAILER_PATH, F=DFMhu, S=14, R=24, M=FAX_MAILER_MAX, T=X-Phone/X-FAX/X-Unix,
A=FAX_MAILER_ARGS

3
usr.sbin/sendmail/cf/ostype/nextstep.m4
View file

@ -34,8 +34,9 @@ divert(-1)
#
divert(0)
VERSIONID(`@(#)nextstep.m4 8.7 (Berkeley) 9/25/96')
VERSIONID(`@(#)nextstep.m4 8.8 (Berkeley) 6/18/97')
define(`ALIAS_FILE', /etc/sendmail/aliases)dnl
define(`confCW_FILE', /etc/sendmail/sendmail.cw)dnl
ifdef(`HELP_FILE',, `define(`HELP_FILE', /usr/lib/sendmail.hf)')dnl
ifdef(`STATUS_FILE',, `define(`STATUS_FILE', /etc/sendmail/sendmail.st)')dnl
ifdef(`UUCP_MAILER_PATH',, `define(`UUCP_MAILER_PATH', /usr/bin/uux)')dnl

16
usr.sbin/sendmail/cf/ostype/sco-uw-2.1.m4 Normal file
View file

@ -0,0 +1,16 @@
#
# SCO UnixWare 2.1.2 ostype file
#
# Contributed by Christopher Durham <chrisdu@SCO.COM> of SCO.
#
divert(0)
VERSIONID(`@(#)sco-uw-2.1.m4 8.1 (Berkeley) 7/6/97')
define(`ALIAS_FILE', /usr/lib/mail/aliases)dnl
ifdef(`HELP_FILE',,`define(`HELP_FILE', /usr/ucblib/sendmail.hf)')dnl
ifdef(`STATUS_FILE',,`define(`STATUS_FILE', /usr/ucblib/sendmail.st)')dnl
define(`LOCAL_MAILER_PATH', `/usr/bin/rmail')dnl
define(`LOCAL_MAILER_FLAGS', `fhCEn9')dnl
define(`LOCAL_SHELL_FLAGS', `ehuP')dnl
define(`UUCP_MAILER_ARGS', `uux - -r -a$g -gmedium $h!rmail ($u)')dnl
define(`LOCAL_MAILER_ARGS',`rmail $u')dnl

12
usr.sbin/sendmail/contrib/etrn.pl
View file

@ -70,6 +70,7 @@ $debug = $opt_d;
$server = shift(@ARGV);
@hosts = @ARGV;
die $usage unless $server;
@cwfiles = ();
if (!@hosts) {
push(@hosts,$hostname);
@ -82,6 +83,12 @@ if (!@hosts) {
chop($cwfile);
$optional = /^Fw-o/;
$cwfile =~ s,^Fw[^/]*,,; # extract the file name
if (-r $cwfile) {
push (@cwfiles, $cwfile);
} else {
die "$cwfile is not readable" unless $optional;
}
}
if (/^Cw(.*)$/){ # look for a line starting with "Cw"
@cws = split (' ', $1);
@ -93,17 +100,18 @@ if (!@hosts) {
}
close(CF);
if ($cwfile){
for $cwfile (@cwfiles) {
$0 = "$av0 - reading $cwfile";
if (open(CW, "<$cwfile")){
while (<CW>){
next if /^\#/;
$thishost = $_;
chop($thishost);
push(@hosts, $thishost) unless $thishost =~ $hostname;
}
close(CW);
} else {
die "open $cwfile: $!" unless $optional;
die "open $cwfile: $!";
}
}
}

4
usr.sbin/sendmail/contrib/passwd-to-alias.pl
View file

@ -18,7 +18,9 @@ while (@a = getpwent) {
}
$fullname =~ s/\.*[ _]+\.*/./g;
if ($fullname =~ /^[a-zA-Z]+(\.[a-zA-Z]+)+$/) {
$fullname =~ tr [ĺäöĹÄÖé] [aaoAAOe]; # <hakan@af.lu.se> 1997-06-15
if ($fullname =~ /^[a-zA-Z][a-zA-Z-]+(\.[a-zA-Z][a-zA-Z-]+)+$/) {
# if ($fullname =~ /^[a-zA-Z]+(\.[a-zA-Z]+)+$/) { # Kari E. Hurtta
print "$fullname: $name\n";
} else {
print "# $fullname: $name\n";

34
usr.sbin/sendmail/doc/op/op.me
View file

@ -30,7 +30,7 @@
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
.\" SUCH DAMAGE.
.\"
.\" @(#)op.me 8.104 (Berkeley) 3/10/97
.\" @(#)op.me 8.105 (Berkeley) 7/3/97
.\"
.\" eqn op.me | pic | troff -me
.eh 'SMM:08-%''Sendmail Installation and Operation Guide'
@ -67,7 +67,7 @@
Eric Allman
eric@Sendmail.ORG
.sp
Version 8.104
Version 8.105
.sp
For Sendmail Version 8.8
.)l
@ -675,7 +675,7 @@ routines preset the mode reasonably,
so this step can be skipped.
The actual path of this file
is defined in the
.b A
.b AliasFile
option of the
.i sendmail.cf
file.
@ -1179,6 +1179,32 @@ and the other system routines that would be necessary
to make this work seamlessly.
.sh 2 "The Alias Database"
.pp
After recipient addresses are read from the SMTP connection
or command line
they are parsed by ruleset 0,
which must resolve to a
{\c
.i mailer ,
.i host ,
.i user }
triple.
If the flags selected by the
.i mailer
includes the
.b A
(aliasable) flag,
the
.i user
part of the triple is looked up as the key
(i.e., the left hand side)
into the alias database
If there is a match, the address is deleted from the send queue
and all addresses on the right hand side of the alias
are added in place of the alias that was found.
This is a recursive operation,
so aliases found in the right hand side of the alias
are similarly expanded.
.pp
The alias database exists in two forms.
One is a text form,
maintained in the file
@ -8159,7 +8185,7 @@ replace it with a blank sheet for double-sided output.
.\".sz 10
.\"Eric Allman
.\".sp
.\"Version 8.104
.\"Version 8.105
.\".ce 0
.bp 3
.ce

4
usr.sbin/sendmail/makemap/makemap.8
View file

@ -29,7 +29,7 @@
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
.\" SUCH DAMAGE.
.\"
.\" @(#)makemap.8 8.3 (Berkeley) 7/24/94
.\" @(#)makemap.8 8.4 (Berkeley) 7/23/97
.\"
.Dd November 16, 1992
.Dt MAKEMAP 8
@ -89,7 +89,7 @@ the second is the value.
The value may contain
``%\fIn\fP''
strings to indicated parameter substitution.
Literal parentheses should be doubled
Literal percents should be doubled
(``%%'').
Blank lines and lines beginning with ``#'' are ignored.
.Ss Flags

29
usr.sbin/sendmail/src/READ_ME
View file

@ -30,7 +30,7 @@
# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
# SUCH DAMAGE.
#
# @(#)READ_ME 8.142 (Berkeley) 6/3/97
# @(#)READ_ME 8.148 (Berkeley) 8/1/97
#
This directory contains the source files for sendmail.
@ -149,7 +149,7 @@ The options are:
NEWDB The new Berkeley DB package. Some systems (e.g., BSD/OS and
Digital UNIX 4.0) have this package pre-installed. If your
system does not have NEWDB installed, get the latest version
from FTP://ftp.sleepycat.com/db/packages/db.1.85.tar.gz.
from http://www.sleepycat.com/packages/db.1.85.tar.gz.
DO NOT use the version from the Net2 distribution. If you are
still running BSD/386 1.x, you will also need to define
OLD_NEWDB.
@ -295,6 +295,8 @@ HASULIMIT Define this if you have the ulimit(2) syscall (System V
HASWAITPID Define this if you have the waitpid(2) syscall.
HASGETDTABLESIZE
Define this if you have the getdtablesize(2) syscall.
HAS_ST_GEN Define this to 1 if your system has the st_gen field in
the stat structure (see stat(2)).
USESTRERROR Define this if you have the libc strerror function (which
should be declared in <errno.h>), and it should be used
instead of sys_errlist.
@ -339,6 +341,12 @@ SLEEP_T The type returned by the system sleep() function.
ARBPTR_T The type of an arbitrary pointer -- defaults to "void *".
If you are an very old compiler you may need to define
this to be "char *".
SOCKADDR_LEN_T The type used for the third parameter to accept(2),
getsockname(2), and getpeername(2), representing the
length of a struct sockaddr. Defaults to int.
SOCKOPT_LEN_T The type used for the fifth parameter to getsockopt(2)
and setsockopt(2), representing the length of the option
buffer. Defaults to int.
LA_TYPE The type of load average your kernel supports. These
can be one of:
LA_ZERO (1) -- it always returns the load average as
@ -457,6 +465,14 @@ SAFENFSPATHCONF Set this to 1 if and only if you have verified that a
assumption! The test/t_pathconf.c program will try this
for you -- you have to run it in a directory that is
mounted from a server that allows file giveaway.
SIOCGIFCONF_IS_BROKEN
Set this if your system has an SIOCGIFCONF ioctl defined,
but it doesn't behave the same way as "most" systems (BSD,
Solaris, SunOS, HP-UX, etc.)
SIOCGIFNUM_IS_BROKEN
Set this if your system has an SIOCGIFNUM ioctl defined,
but it doesn't behave the same way as "most" systems
(Solaris, HP-UX).
@ -633,6 +649,12 @@ GCC 2.7.x problems
problems. I recommend against using -O on that architecture. This
has been seen on FreeBSD 2.0.5 RELEASE.
GDBM GDBM does not work with sendmail 8.8 because the additional
security checks and file locking cause problems. Unfortunately,
gdbm does not provide a compile flag in its version of ndbm.h so
the code can adapt. We expect this to be fixed in 8.9, but
probably at the cost of a new command line compile flag.
Configuration file location
Up to 8.6, sendmail tried to find the sendmail.cf file in the same
place as the vendors had put it, even when this was obviously
@ -960,6 +982,7 @@ A/UX
then re-compile sendmail with "-lgdbm", "-DNDBM", and using the
ndbm.h header file that comes with the gnu-package. This makes
things behave properly.
[NOTE: see comment above about GDBM]
I suppose porting the New Berkeley db package is another route,
however, I made a quick attempt at it, and found it difficult
@ -1416,4 +1439,4 @@ version.c The version number and information about this
Eric Allman
(Version 8.142, last update 6/3/97 11:34:09)
(Version 8.148, last update 8/1/97 16:41:54)

3
usr.sbin/sendmail/src/TRACEFLAGS
View file

@ -55,6 +55,9 @@
44 safefile.c safefile, safedirpath, filechanged
45 envelope.c setsender
46 envelope.c openxscript
47 main.c drop_privileges
48 parseaddr.c rscheck
48 conf.c validate_connection
49 conf.c checkcompat
50 envelope.c dropenvelope
51 queue.c unlockqueue

4
usr.sbin/sendmail/src/envelope.c
View file

@ -33,7 +33,7 @@
*/
#ifndef lint
static char sccsid[] = "@(#)envelope.c 8.104 (Berkeley) 6/3/97";
static char sccsid[] = "@(#)envelope.c 8.105 (Berkeley) 6/24/97";
#endif /* not lint */
#include "sendmail.h"
@ -178,7 +178,7 @@ dropenvelope(e, fulldrop)
{
failure_return = TRUE;
if (q->q_owner == NULL && !emptyaddr(&e->e_from))
(void) sendtolist(e->e_from.q_paddr, NULL,
(void) sendtolist(e->e_from.q_paddr, NULLADDR,
&e->e_errorqueue, 0, e);
}
else if (bitset(QPINGONSUCCESS, q->q_flags) &&

32
usr.sbin/sendmail/src/err.c
View file

@ -33,7 +33,7 @@
*/
#ifndef lint
static char sccsid[] = "@(#)err.c 8.62 (Berkeley) 6/5/97";
static char sccsid[] = "@(#)err.c 8.64 (Berkeley) 7/25/97";
#endif /* not lint */
# include "sendmail.h"
@ -112,7 +112,7 @@ syserr(fmt, va_alist)
puterrmsg(MsgBuf);
/* save this message for mailq printing */
if (!panic)
if (!panic && CurEnv != NULL)
{
if (CurEnv->e_message != NULL)
free(CurEnv->e_message);
@ -140,9 +140,10 @@ syserr(fmt, va_alist)
}
if (LogLevel > 0)
sm_syslog(panic ? LOG_ALERT : LOG_CRIT, CurEnv->e_id,
"SYSERR(%s): %.900s",
uname, &MsgBuf[4]);
sm_syslog(panic ? LOG_ALERT : LOG_CRIT,
CurEnv == NULL ? NOQID : CurEnv->e_id,
"SYSERR(%s): %.900s",
uname, &MsgBuf[4]);
switch (olderrno)
{
case EBADF:
@ -178,7 +179,7 @@ syserr(fmt, va_alist)
exit(EX_OSERR);
}
errno = 0;
if (QuickAbort || (OnlyOneError && !HoldErrs))
if (QuickAbort)
longjmp(TopFrame, 2);
}
/*
@ -254,7 +255,7 @@ usrerr(fmt, va_alist)
"%.900s",
&MsgBuf[4]);
if (QuickAbort || (OnlyOneError && !HoldErrs))
if (QuickAbort)
longjmp(TopFrame, 1);
}
/*
@ -397,7 +398,8 @@ putoutmsg(msg, holdmsg, heldmsg)
msg[0] = '4';
/* output to transcript if serious */
if (!heldmsg && CurEnv->e_xfp != NULL && strchr("45", msg[0]) != NULL)
if (!heldmsg && CurEnv != NULL && CurEnv->e_xfp != NULL &&
strchr("45", msg[0]) != NULL)
fprintf(CurEnv->e_xfp, "%s\n", msg);
if (LogLevel >= 15 && (OpMode == MD_SMTP || OpMode == MD_DAEMON))
@ -421,6 +423,9 @@ putoutmsg(msg, holdmsg, heldmsg)
(void) fflush(stdout);
if (OutChannel == NULL)
return;
/* if DisConnected, OutChannel now points to the transcript */
if (!DisConnected &&
(OpMode == MD_SMTP || OpMode == MD_DAEMON || OpMode == MD_ARPAFTP))
@ -441,7 +446,8 @@ putoutmsg(msg, holdmsg, heldmsg)
** rude servers don't read result.
*/
if (feof(InChannel) || ferror(InChannel) || strncmp(msg, "221", 3) == 0)
if (InChannel == NULL || feof(InChannel) || ferror(InChannel) ||
strncmp(msg, "221", 3) == 0)
return;
/* can't call syserr, 'cause we are using MsgBuf */
@ -474,8 +480,16 @@ puterrmsg(msg)
/* output the message as usual */
putoutmsg(msg, HoldErrs, FALSE);
/* be careful about multiple error messages */
if (OnlyOneError)
HoldErrs = TRUE;
/* signal the error */
Errors++;
if (CurEnv == NULL)
return;
if (msgcode == '6')
{
/* notify the postmaster */

330
usr.sbin/sendmail/src/map.c
View file

@ -33,7 +33,7 @@
*/
#ifndef lint
static char sccsid[] = "@(#)map.c 8.168 (Berkeley) 6/14/97";
static char sccsid[] = "@(#)map.c 8.181 (Berkeley) 7/9/97";
#endif /* not lint */
#include "sendmail.h"
@ -113,14 +113,6 @@ extern bool extract_canonname __P((char *, char *, char[], int));
# define LOCK_ON_OPEN 0 /* no such luck -- bend over backwards */
#endif
#ifndef O_LEAVELOCKED
# if O_SHLOCK
# define O_LEAVELOCKED O_SHLOCK
# else
# define O_LEAVELOCKED 0x1000
# endif
#endif
#ifndef O_ACCMODE
# define O_ACCMODE (O_RDONLY|O_WRONLY|O_RDWR)
#endif
@ -733,7 +725,7 @@ extract_canonname(name, line, cbuf, cbuflen)
#ifdef NDBM
/*
** DBM_MAP_OPEN -- DBM-style map open
** NDBM_MAP_OPEN -- DBM-style map open
*/
bool
@ -743,7 +735,8 @@ ndbm_map_open(map, mode)
{
register DBM *dbm;
struct stat st;
int fd;
int dfd;
int pfd;
int sff;
int ret;
int smode = S_IREAD;
@ -760,10 +753,10 @@ ndbm_map_open(map, mode)
/* do initial file and directory checks */
snprintf(dirfile, sizeof dirfile, "%s.dir", map->map_file);
snprintf(pagfile, sizeof pagfile, "%s.pag", map->map_file);
sff = SFF_ROOTOK|SFF_REGONLY|SFF_CREAT;
sff = SFF_ROOTOK|SFF_REGONLY;
if (mode == O_RDWR)
{
sff |= SFF_NOLINK;
sff |= SFF_NOLINK|SFF_CREAT;
smode = S_IWRITE;
}
else
@ -786,13 +779,21 @@ ndbm_map_open(map, mode)
return FALSE;
}
if (std.st_mode == ST_MODE_NOFILE)
mode |= O_EXCL;
mode |= O_CREAT|O_EXCL;
/* heuristic: if files are linked, this is actually gdbm */
if (std.st_dev == stp.st_dev && std.st_ino == stp.st_ino)
{
syserr("dbm map \"%s\": cannot support GDBM",
map->map_mname);
return FALSE;
}
#if LOCK_ON_OPEN
if (mode == O_RDONLY)
mode |= O_SHLOCK;
else
mode |= O_CREAT|O_TRUNC|O_EXLOCK;
mode |= O_TRUNC|O_EXLOCK;
#else
if ((mode & O_ACCMODE) == O_RDWR)
{
@ -804,7 +805,7 @@ ndbm_map_open(map, mode)
** but there isn't anything we can do about it.
*/
mode |= O_CREAT|O_TRUNC;
mode |= O_TRUNC;
# else
/*
** This ugly code opens the map without truncating it,
@ -815,29 +816,57 @@ ndbm_map_open(map, mode)
int dirfd;
int pagfd;
dirfd = safeopen(dirfile, mode|O_CREAT, DBMMODE,
dirfd = safeopen(dirfile, mode, DBMMODE,
SFF_NOLINK|SFF_CREAT|SFF_OPENASROOT);
pagfd = safeopen(pagfile, mode|O_CREAT, DBMMODE,
pagfd = safeopen(pagfile, mode, DBMMODE,
SFF_NOLINK|SFF_CREAT|SFF_OPENASROOT);
if (dirfd < 0 || pagfd < 0)
{
int save_errno = errno;
if (dirfd >= 0)
(void) close(dirfd);
if (pagfd >= 0)
(void) close(pagfd);
errno = save_errno;
syserr("ndbm_map_open: cannot create database %s",
map->map_file);
close(dirfd);
close(pagfd);
return FALSE;
}
if (ftruncate(dirfd, (off_t) 0) < 0)
syserr("ndbm_map_open: cannot truncate %s.dir",
if (ftruncate(dirfd, (off_t) 0) < 0 ||
ftruncate(pagfd, (off_t) 0) < 0)
{
int save_errno = errno;
(void) close(dirfd);
(void) close(pagfd);
errno = save_errno;
syserr("ndbm_map_open: cannot truncate %s.{dir,pag}",
map->map_file);
if (ftruncate(pagfd, (off_t) 0) < 0)
syserr("ndbm_map_open: cannot truncate %s.pag",
return FALSE;
}
/* if new file, get "before" bits for later filechanged check */
if (std.st_mode == ST_MODE_NOFILE &&
(fstat(dirfd, &std) < 0 || fstat(pagfd, &stp) < 0))
{
int save_errno = errno;
(void) close(dirfd);
(void) close(pagfd);
errno = save_errno;
syserr("ndbm_map_open(%s.{dir,pag}): cannot fstat pre-opened file",
map->map_file);
return FALSE;
}
/* have to save the lock for the duration (bletch) */
map->map_lockfd = dirfd;
close(pagfd);
/* twiddle bits for dbm_open */
mode &= ~(O_CREAT|O_EXCL);
# endif
}
#endif
@ -846,37 +875,46 @@ ndbm_map_open(map, mode)
dbm = dbm_open(map->map_file, mode, DBMMODE);
if (dbm == NULL)
{
int save_errno = errno;
if (bitset(MF_ALIAS, map->map_mflags) &&
aliaswait(map, ".pag", FALSE))
return TRUE;
if (!bitset(MF_OPTIONAL, map->map_mflags))
syserr("Cannot open DBM database %s", map->map_file);
#if !LOCK_ON_OPEN && !NOFTRUNCATE
if (map->map_lockfd >= 0)
close(map->map_lockfd);
#endif
errno = save_errno;
if (!bitset(MF_OPTIONAL, map->map_mflags))
syserr("Cannot open DBM database %s", map->map_file);
return FALSE;
}
if (filechanged(dirfile, dbm_dirfno(dbm), &std, sff) ||
filechanged(pagfile, dbm_pagfno(dbm), &stp, sff))
dfd = dbm_dirfno(dbm);
pfd = dbm_pagfno(dbm);
if (filechanged(dirfile, dfd, &std, sff) ||
filechanged(pagfile, pfd, &stp, sff))
{
syserr("ndbm_map_open(%s): file changed after open",
map->map_file);
int save_errno = errno;
dbm_close(dbm);
#if !LOCK_ON_OPEN && !NOFTRUNCATE
if (map->map_lockfd >= 0)
close(map->map_lockfd);
#endif
errno = save_errno;
syserr("ndbm_map_open(%s): file changed after open",
map->map_file);
return FALSE;
}
map->map_db1 = (void *) dbm;
fd = dbm_dirfno((DBM *) map->map_db1);
map->map_db1 = (ARBPTR_T) dbm;
if (mode == O_RDONLY)
{
#if LOCK_ON_OPEN
if (fd >= 0)
(void) lockfile(fd, map->map_file, ".pag", LOCK_UN);
if (dfd >= 0)
(void) lockfile(dfd, map->map_file, ".dir", LOCK_UN);
if (pfd >= 0)
(void) lockfile(pfd, map->map_file, ".pag", LOCK_UN);
#endif
if (bitset(MF_ALIAS, map->map_mflags) &&
!aliaswait(map, ".pag", TRUE))
@ -886,14 +924,14 @@ ndbm_map_open(map, mode)
{
map->map_mflags |= MF_LOCKED;
}
if (fstat(dbm_dirfno((DBM *) map->map_db1), &st) >= 0)
if (fstat(dfd, &st) >= 0)
map->map_mtime = st.st_mtime;
return TRUE;
}
/*
** DBM_MAP_LOOKUP -- look up a datum in a DBM-type map
** NDBM_MAP_LOOKUP -- look up a datum in a DBM-type map
*/
char *
@ -951,7 +989,7 @@ ndbm_map_lookup(map, name, av, statp)
/*
** DBM_MAP_STORE -- store a datum in the database
** NDBM_MAP_STORE -- store a datum in the database
*/
void
@ -994,7 +1032,7 @@ ndbm_map_store(map, lhs, rhs)
if (stat > 0)
{
if (!bitset(MF_APPEND, map->map_mflags))
usrerr("050 Warning: duplicate alias name %s", lhs);
message("050 Warning: duplicate alias name %s", lhs);
else
{
static char *buf = NULL;
@ -1157,7 +1195,6 @@ db_map_open(map, mode, mapclassname, dbtype, openinfo)
int fd;
int sff;
int saveerrno;
bool leavelocked = bitset(O_LEAVELOCKED, mode);
struct stat st;
char buf[MAXNAME + 1];
@ -1170,10 +1207,10 @@ db_map_open(map, mode, mapclassname, dbtype, openinfo)
mode &= O_ACCMODE;
omode = mode;
sff = SFF_ROOTOK|SFF_REGONLY|SFF_CREAT;
sff = SFF_ROOTOK|SFF_REGONLY;
if (mode == O_RDWR)
{
sff |= SFF_NOLINK;
sff |= SFF_NOLINK|SFF_CREAT;
smode = S_IWRITE;
}
else
@ -1187,28 +1224,26 @@ db_map_open(map, mode, mapclassname, dbtype, openinfo)
{
/* cannot open this map */
if (tTd(38, 2))
printf("\tunsafe map file: %d\n", i);
printf("\tunsafe map file: %s\n", errstring(i));
errno = i;
if (!bitset(MF_OPTIONAL, map->map_mflags))
syserr("%s map \"%s\": unsafe map file %s",
mapclassname, map->map_mname, map->map_file);
return FALSE;
}
if (st.st_mode == ST_MODE_NOFILE)
omode |= O_EXCL;
omode |= O_CREAT|O_EXCL;
map->map_lockfd = -1;
#if LOCK_ON_OPEN
if (mode == O_RDWR)
omode |= O_CREAT|O_TRUNC|O_EXLOCK;
omode |= O_TRUNC|O_EXLOCK;
# if !OLD_NEWDB
else
omode |= O_SHLOCK;
# endif
#else
if (mode == O_RDWR)
omode |= O_CREAT;
/*
** Pre-lock the file to avoid race conditions. In particular,
** since dbopen returns NULL if the file is zero length, we
@ -1216,26 +1251,51 @@ db_map_open(map, mode, mapclassname, dbtype, openinfo)
*/
fd = open(buf, omode, DBMMODE);
if (fd < 0)
{
if (!bitset(MF_OPTIONAL, map->map_mflags))
syserr("db_map_open: cannot pre-open database %s", buf);
close(fd);
return FALSE;
}
if (!lockfile(fd, map->map_file, ".db",
mode == O_RDONLY ? LOCK_SH : LOCK_EX))
/* make sure no baddies slipped in just before the open... */
if (filechanged(buf, fd, &st, sff))
{
int save_errno = errno;
(void) close(fd);
errno = save_errno;
syserr("db_map_open(%s): file changed after pre-open", buf);
return FALSE;
}
/* if new file, get the "before" bits for later filechanged check */
if (st.st_mode == ST_MODE_NOFILE && fstat(fd, &st) < 0)
{
int save_errno = errno;
(void) close(fd);
errno = save_errno;
syserr("db_map_open(%s): cannot fstat pre-opened file",
buf);
return FALSE;
}
/* actually lock the pre-opened file */
if (!lockfile(fd, buf, NULL, mode == O_RDONLY ? LOCK_SH : LOCK_EX))
syserr("db_map_open: cannot lock %s", buf);
/* set up mode bits for dbopen */
if (mode == O_RDWR)
omode |= O_TRUNC;
omode &= ~(O_EXCL|O_CREAT);
#endif
db = dbopen(buf, omode, DBMMODE, dbtype, openinfo);
saveerrno = errno;
#if !LOCK_ON_OPEN
if (leavelocked || mode == O_RDWR)
if (mode == O_RDWR)
map->map_lockfd = fd;
else
(void) close(fd);
@ -1246,25 +1306,28 @@ db_map_open(map, mode, mapclassname, dbtype, openinfo)
if (mode == O_RDONLY && bitset(MF_ALIAS, map->map_mflags) &&
aliaswait(map, ".db", FALSE))
return TRUE;
errno = saveerrno;
if (!bitset(MF_OPTIONAL, map->map_mflags))
syserr("Cannot open %s database %s",
mapclassname, map->map_file);
#if !LOCK_ON_OPEN
if (map->map_lockfd >= 0)
(void) close(map->map_lockfd);
#endif
errno = saveerrno;
if (!bitset(MF_OPTIONAL, map->map_mflags))
syserr("Cannot open %s database %s",
mapclassname, map->map_file);
return FALSE;
}
if (filechanged(buf, db->fd(db), &st, sff))
{
syserr("db_map_open(%s): file changed after open", buf);
int save_errno = errno;
db->close(db);
#if !LOCK_ON_OPEN
if (map->map_lockfd >= 0)
close(map->map_lockfd);
#endif
errno = save_errno;
syserr("db_map_open(%s): file changed after open", buf);
return FALSE;
}
@ -1273,9 +1336,9 @@ db_map_open(map, mode, mapclassname, dbtype, openinfo)
#if !OLD_NEWDB
fd = db->fd(db);
# if LOCK_ON_OPEN
if (fd >= 0 && mode == O_RDONLY && !leavelocked)
if (fd >= 0 && mode == O_RDONLY)
{
(void) lockfile(fd, map->map_file, ".db", LOCK_UN);
(void) lockfile(fd, buf, NULL, LOCK_UN);
}
# endif
#endif
@ -1291,7 +1354,7 @@ db_map_open(map, mode, mapclassname, dbtype, openinfo)
map->map_mtime = st.st_mtime;
#endif
map->map_db2 = (void *) db;
map->map_db2 = (ARBPTR_T) db;
if (mode == O_RDONLY && bitset(MF_ALIAS, map->map_mflags) &&
!aliaswait(map, ".db", TRUE))
return FALSE;
@ -1312,16 +1375,26 @@ db_map_lookup(map, name, av, statp)
{
DBT key, val;
register DB *db = (DB *) map->map_db2;
int i;
int st;
int saveerrno;
int fd;
struct stat stbuf;
char keybuf[MAXNAME + 1];
char buf[MAXNAME + 1];
if (tTd(38, 20))
printf("db_map_lookup(%s, %s)\n",
map->map_mname, name);
i = strlen(map->map_file);
if (i > MAXNAME)
i = MAXNAME;
strncpy(buf, map->map_file, i);
buf[i] = '\0';
if (i > 3 && strcmp(&buf[i - 3], ".db") == 0)
buf[i - 3] = '\0';
key.size = strlen(name);
if (key.size > sizeof keybuf - 1)
key.size = sizeof keybuf - 1;
@ -1331,9 +1404,10 @@ db_map_lookup(map, name, av, statp)
if (!bitset(MF_NOFOLDCASE, map->map_mflags))
makelower(keybuf);
#if !OLD_NEWDB
lockdb:
fd = db->fd(db);
if (fd >= 0 && !bitset(MF_LOCKED, map->map_mflags))
(void) lockfile(fd, map->map_file, ".db", LOCK_SH);
(void) lockfile(fd, buf, ".db", LOCK_SH);
if (fd < 0 || fstat(fd, &stbuf) < 0 || stbuf.st_mtime > map->map_mtime)
{
/* Reopen the database to sync the cache */
@ -1342,14 +1416,13 @@ db_map_lookup(map, name, av, statp)
map->map_class->map_close(map);
map->map_mflags &= ~(MF_OPEN|MF_WRITABLE);
omode |= O_LEAVELOCKED;
if (map->map_class->map_open(map, omode))
{
map->map_mflags |= MF_OPEN;
if ((omode && O_ACCMODE) == O_RDWR)
map->map_mflags |= MF_WRITABLE;
db = (DB *) map->map_db2;
fd = db->fd(db);
goto lockdb;
}
else
{
@ -1385,7 +1458,7 @@ db_map_lookup(map, name, av, statp)
saveerrno = errno;
#if !OLD_NEWDB
if (fd >= 0 && !bitset(MF_LOCKED, map->map_mflags))
(void) lockfile(fd, map->map_file, ".db", LOCK_UN);
(void) lockfile(fd, buf, ".db", LOCK_UN);
#endif
if (st != 0)
{
@ -1446,7 +1519,7 @@ db_map_store(map, lhs, rhs)
if (stat > 0)
{
if (!bitset(MF_APPEND, map->map_mflags))
usrerr("050 Warning: duplicate alias name %s", lhs);
message("050 Warning: duplicate alias name %s", lhs);
else
{
static char *buf = NULL;
@ -1500,13 +1573,19 @@ db_map_close(map)
db_map_store(map, "@", "@");
}
if (db->close(db) != 0)
syserr("readaliases: db close failure");
#if OLD_NEWDB
(void) db->sync(db);
#else
(void) db->sync(db, 0);
#endif
#if !LOCK_ON_OPEN
if (map->map_lockfd >= 0)
(void) close(map->map_lockfd);
#endif
if (db->close(db) != 0)
syserr("readaliases: db close failure");
}
#endif
@ -2735,6 +2814,123 @@ ldap_map_parseargs(map,args)
#endif /* LDAP Modules */
/*
** syslog map
*/
#if _FFR_SYSLOG_MAP
#define map_prio map_lockfd /* overload field */
/*
** SYSLOG_MAP_PARSEARGS -- check for priority level to syslog messages.
*/
bool
syslog_map_parseargs(map, args)
MAP *map;
char *args;
{
char *p = args;
char *priority = NULL;
for (;;)
{
while (isascii(*p) && isspace(*p))
p++;
if (*p != '-')
break;
if (*++p == 'L')
priority = ++p;
while (*p != '\0' && !(isascii(*p) && isspace(*p)))
p++;
if (*p != '\0')
*p++ = '\0';
}
if (priority == NULL)
map->map_prio = LOG_INFO;
else
{
if (strncasecmp("LOG_", priority, 4) == 0)
priority += 4;
#ifdef LOG_EMERG
if (strcasecmp("EMERG", priority) == 0)
map->map_prio = LOG_EMERG;
else
#endif
#ifdef LOG_ALERT
if (strcasecmp("ALERT", priority) == 0)
map->map_prio = LOG_ALERT;
else
#endif
#ifdef LOG_CRIT
if (strcasecmp("CRIT", priority) == 0)
map->map_prio = LOG_CRIT;
else
#endif
#ifdef LOG_ERR
if (strcasecmp("ERR", priority) == 0)
map->map_prio = LOG_ERR;
else
#endif
#ifdef LOG_WARNING
if (strcasecmp("WARNING", priority) == 0)
map->map_prio = LOG_WARNING;
else
#endif
#ifdef LOG_NOTICE
if (strcasecmp("NOTICE", priority) == 0)
map->map_prio = LOG_NOTICE;
else
#endif
#ifdef LOG_INFO
if (strcasecmp("INFO", priority) == 0)
map->map_prio = LOG_INFO;
else
#endif
#ifdef LOG_DEBUG
if (strcasecmp("DEBUG", priority) == 0)
map->map_prio = LOG_DEBUG;
else
#endif
{
syserr("syslog_map_parseargs: Unknown priority %s\n",
priority);
return FALSE;
}
}
return TRUE;
}
/*
** SYSLOG_MAP_LOOKUP -- rewrite and syslog message. Always return empty string
*/
char *
syslog_map_lookup(map, string, args, statp)
MAP *map;
char *string;
char **args;
int *statp;
{
char *ptr = map_rewrite(map, string, strlen(string), args);
if (ptr != NULL)
{
if (tTd(38, 20))
printf("syslog_map_lookup(%s (priority %d): %s\n",
map->map_mname, map->map_prio, ptr);
sm_syslog(map->map_prio, CurEnv->e_id, "%s", ptr);
}
*statp = EX_OK;
return "";
}
#endif /* _FFR_SYSLOG_MAP */
/*
** HESIOD Modules
*/

10
usr.sbin/sendmail/src/mci.c
View file

@ -33,7 +33,7 @@
*/
#ifndef lint
static char sccsid[] = "@(#)mci.c 8.62 (Berkeley) 5/29/97";
static char sccsid[] = "@(#)mci.c 8.66 (Berkeley) 8/2/97";
#endif /* not lint */
#include "sendmail.h"
@ -330,10 +330,10 @@ mci_get(host, m)
{
/* get peer host address for logging reasons only */
/* (this should really be in the mci struct) */
int socksize = sizeof CurHostAddr;
SOCKADDR_LEN_T socklen = sizeof CurHostAddr;
(void) getpeername(fileno(mci->mci_in),
(struct sockaddr *) &CurHostAddr, &socksize);
(struct sockaddr *) &CurHostAddr, &socklen);
}
# endif
}
@ -571,7 +571,7 @@ mci_lock_host_statfile(mci)
goto cleanup;
}
mci->mci_statfile = safefopen(fname, O_RDWR|O_CREAT, FileMode,
mci->mci_statfile = safefopen(fname, O_RDWR, FileMode,
SFF_NOLOCK|SFF_NOLINK|SFF_OPENASROOT|SFF_REGONLY|SFF_CREAT);
if (mci->mci_statfile == NULL)
@ -694,7 +694,7 @@ mci_load_persistent(mci)
}
fp = safefopen(fname, O_RDONLY, FileMode,
SFF_NOLOCK|SFF_NOLINK|SFF_OPENASROOT|SFF_REGONLY);
SFF_NOLINK|SFF_OPENASROOT|SFF_REGONLY);
if (fp == NULL)
{
/* I can't think of any reason this should ever happen */

24
usr.sbin/sendmail/src/queue.c
View file

@ -36,9 +36,9 @@
#ifndef lint
#if QUEUE
static char sccsid[] = "@(#)queue.c 8.169 (Berkeley) 6/14/97 (with queueing)";
static char sccsid[] = "@(#)queue.c 8.174 (Berkeley) 7/23/97 (with queueing)";
#else
static char sccsid[] = "@(#)queue.c 8.169 (Berkeley) 6/14/97 (without queueing)";
static char sccsid[] = "@(#)queue.c 8.174 (Berkeley) 7/23/97 (without queueing)";
#endif
#endif /* not lint */
@ -431,7 +431,9 @@ queueup(e, announce)
fprintf(tfp, ".\n");
if (fflush(tfp) < 0 || fsync(fileno(tfp)) < 0 || ferror(tfp))
if (fflush(tfp) < 0 ||
(SuperSafe && fsync(fileno(tfp)) < 0) ||
ferror(tfp))
{
if (newid)
syserr("!552 Error writing control file %s", tf);
@ -553,7 +555,6 @@ runqueue(forkflag, verbose)
extern ENVELOPE BlankEnvelope;
extern void clrdaemon __P((void));
extern void runqueueevent __P((void));
extern void drop_privileges __P((void));
DoQueueRun = FALSE;
@ -670,7 +671,7 @@ runqueue(forkflag, verbose)
/* drop privileges */
if (geteuid() == (uid_t) 0)
drop_privileges();
(void) drop_privileges(FALSE);
/*
** Create ourselves an envelope
@ -684,7 +685,7 @@ runqueue(forkflag, verbose)
if (forkflag)
{
disconnect(1, e);
OnlyOneError = QuickAbort = FALSE;
QuickAbort = FALSE;
}
/*
@ -1463,6 +1464,7 @@ dowork(id, forkflag, requeueflag, e)
{
if (tTd(40, 4))
printf("readqf(%s) failed\n", e->e_id);
e->e_id = NULL;
if (forkflag)
exit(EX_OK);
else
@ -2325,13 +2327,17 @@ loseqfile(e, why)
char *why;
{
char *p;
char buf[MAXQFNAME];
char buf[MAXQFNAME + 1];
if (e == NULL || e->e_id == NULL)
return;
if (strlen(e->e_id) > (SIZE_T) sizeof buf - 4)
p = queuename(e, 'q');
if (strlen(p) > MAXQFNAME)
{
syserr("loseqfile: queuename (%s) too long", p);
return;
strcpy(buf, queuename(e, 'q'));
}
strcpy(buf, p);
p = queuename(e, 'Q');
if (rename(buf, p) < 0)
syserr("cannot rename(%s, %s), uid=%d", buf, p, geteuid());

32
usr.sbin/sendmail/src/safefile.c
View file

@ -33,7 +33,7 @@
*/
#ifndef lint
static char sccsid[] = "@(#)safefile.c 8.12 (Berkeley) 6/14/97";
static char sccsid[] = "@(#)safefile.c 8.18 (Berkeley) 8/1/97";
#endif /* not lint */
# include "sendmail.h"
@ -108,6 +108,10 @@ safefile(fn, uid, gid, uname, flags, mode, st)
strcpy(fbuf, fn);
fn = fbuf;
/* ignore SFF_SAFEDIRPATH if we are debugging */
if (RealUid != 0 && RunAsUid == RealUid)
flags &= ~SFF_SAFEDIRPATH;
/* first check to see if the file exists at all */
#ifdef HASLSTAT
if ((bitset(SFF_NOSLINK, flags) ? lstat(fn, st)
@ -464,6 +468,7 @@ safeopen(fn, omode, cmode, sff)
if (bitset(O_CREAT, omode))
sff |= SFF_CREAT;
omode &= ~O_CREAT;
smode = 0;
switch (omode & O_ACCMODE)
{
@ -494,8 +499,8 @@ safeopen(fn, omode, cmode, sff)
errno = rval;
return -1;
}
if (stb.st_mode == ST_MODE_NOFILE)
omode |= O_EXCL;
if (stb.st_mode == ST_MODE_NOFILE && bitset(SFF_CREAT, sff))
omode |= O_EXCL|O_CREAT;
fd = dfopen(fn, omode, cmode, sff);
if (fd < 0)
@ -561,10 +566,24 @@ safefopen(fn, omode, cmode, sff)
}
fd = safeopen(fn, omode, cmode, sff);
if (fd < 0)
{
if (tTd(44, 10))
printf("safefopen: safeopen failed: %s\n",
errstring(errno));
return NULL;
}
fp = fdopen(fd, fmode);
if (fp != NULL)
return fp;
if (tTd(44, 10))
{
printf("safefopen: fdopen(%s, %s) failed: omode=%x, sff=%x, err=%s\n",
fn, fmode, omode, sff, errstring(errno));
#ifndef NOT_SENDMAIL
dumpfd(fd, TRUE, FALSE);
#endif
}
(void) close(fd);
return NULL;
}
@ -607,6 +626,9 @@ filechanged(fn, fd, stb, sff)
if (sta.st_nlink != stb->st_nlink ||
sta.st_dev != stb->st_dev ||
sta.st_ino != stb->st_ino ||
#if HAS_ST_GEN && 0 /* AFS returns garbage in st_gen */
sta.st_gen != stb->st_gen ||
#endif
sta.st_uid != stb->st_uid ||
sta.st_gid != stb->st_gid)
{
@ -619,6 +641,10 @@ filechanged(fn, fd, stb, sff)
(long) stb->st_dev, (long) sta.st_dev);
printf(" ino = %ld/%ld\n",
(long) stb->st_ino, (long) sta.st_ino);
#if HAS_ST_GEN
printf(" gen = %ld/%ld\n",
(long) stb->st_gen, (long) sta.st_gen);
#endif
printf(" uid = %ld/%ld\n",
(long) stb->st_uid, (long) sta.st_uid);
printf(" gid = %ld/%ld\n",

4
usr.sbin/sendmail/src/version.c
View file

@ -33,7 +33,7 @@
*/
#ifndef lint
static char sccsid[] = "@(#)version.c 8.8.6.1 (Berkeley) 6/14/97";
static char sccsid[] = "@(#)version.c 8.8.7.3 (Berkeley) 8/3/97";
#endif /* not lint */
char Version[] = "8.8.6";
char Version[] = "8.8.7";

91
usr.sbin/sendmail/test/t_exclopen.c Normal file
View file

@ -0,0 +1,91 @@
/*
** This program tests your system to see if you have the lovely
** security-defeating semantics that an open with O_CREAT|O_EXCL
** set will successfully open a file named by a symbolic link that
** points to a non-existent file. Sadly, Posix is mute on what
** should happen in this situation.
**
** Results to date:
** AIX 3.2 OK
** BSD family OK
** BSD/OS 2.1 OK
** FreeBSD 2.1 OK
** DEC OSF/1 3.0 OK
** HP-UX 9.04 FAIL
** HP-UX 9.05 FAIL
** HP-UX 9.07 OK
** HP-UX 10.01 OK
** HP-UX 10.10 OK
** HP-UX 10.20 OK
** Irix 5.3 OK
** Irix 6.2 OK
** Linux OK
** NeXT 2.1 OK
** Solaris 2.x OK
** SunOS 4.x OK
** Ultrix 4.3 OK
*/
#include <stdio.h>
#include <errno.h>
#include <sys/types.h>
#include <sys/stat.h>
#include <fcntl.h>
char Attacker[128];
char Attackee[128];
main(argc, argv)
int argc;
char **argv;
{
struct stat st;
sprintf(Attacker, "/tmp/attacker.%d.%ld", getpid(), time(NULL));
sprintf(Attackee, "/tmp/attackee.%d.%ld", getpid(), time(NULL));
if (symlink(Attackee, Attacker) < 0)
{
printf("Could not create %s->%s symlink: %d\n",
Attacker, Attackee, errno);
bail(1);
}
(void) unlink(Attackee);
if (stat(Attackee, &st) >= 0)
{
printf("%s already exists -- remove and try again.\n",
Attackee);
bail(1);
}
if (open(Attacker, O_WRONLY|O_CREAT|O_EXCL, 0644) < 0)
{
int saveerr = errno;
if (stat(Attackee, &st) >= 0)
{
printf("Weird. Open failed but %s was created anyhow (errno = %d)\n",
Attackee, saveerr);
bail(1);
}
printf("Good show! Exclusive open works properly with symbolic links (errno = %d).\n",
saveerr);
bail(0);
}
if (stat(Attackee, &st) < 0)
{
printf("Weird. Open succeeded but %s was not created\n",
Attackee);
bail(2);
}
printf("Bad news: you can do an exclusive open through a symbolic link\n");
printf("\tBe sure you #define BOGUS_O_EXCL in conf.h\n");
bail(1);
}
bail(stat)
int stat;
{
(void) unlink(Attacker);
(void) unlink(Attackee);
exit(stat);
}