#
version= $(shell sh get-version.sh)
+debversion= $(shell sh get-version.sh | sed -Ee 's/^v//;s/[.]([[:digit:]]+)[.](g[[:xdigit:]]+)$$/+\1+\2/')
CC?= gcc
CFLAGS?= -O -pipe
LDADD?= -lssl -lcrypto -lresolv
-CFLAGS+= -Wall -DDMA_VERSION='"${version}"'
+CFLAGS+= -Wall -DDMA_VERSION='"${version}"' -DLIBEXEC_PATH='"${LIBEXEC}"'
INSTALL?= install -p
CHGRP?= chgrp
PREFIX?= /usr/local
SBIN?= ${PREFIX}/sbin
+LIBEXEC?= ${PREFIX}/lib
CONFDIR?= /etc
MAN?= ${PREFIX}/share/man
VAR?= /var
OBJS+= dma.o dns.o local.o mail.o net.o spool.o util.o
OBJS+= dfcompat.o
-all: dma
+all: dma dma-mbox-create
clean:
- -rm -f .depend dma *.[do]
+ -rm -f .depend dma dma-mbox-create *.[do]
-rm -f aliases_parse.[ch] aliases_scan.c
install: all
${INSTALL} -d ${DESTDIR}${SBIN} ${DESTDIR}${CONFDIR}
- ${INSTALL} -d ${DESTDIR}${MAN}/man8
+ ${INSTALL} -d ${DESTDIR}${MAN}/man8 ${DESTDIR}${LIBEXEC}
${INSTALL} -m 2755 -o root -g mail dma ${DESTDIR}${SBIN}
+ ${INSTALL} -m 4754 -o root -g mail dma-mbox-create ${DESTDIR}${LIBEXEC}
${INSTALL} -m 0644 dma.8 ${DESTDIR}${MAN}/man8/
${INSTALL} -d -m 2775 -o root -g mail ${DESTDIR}${DMASPOOL}
${INSTALL} -d -m 2775 -o root -g mail ${DESTDIR}${VARMAIL}
${CC} ${LDFLAGS} ${LDADD} -o $@ ${OBJS}
+dch:
+ dch --release-heuristic changelog -v ${debversion}
+
+
ppa:
@if [ -z '${DEB_DIST}' ]; then echo "please set DEB_DIST to build"; exit 1; fi
- ver=$$(sh get-version.sh | sed -Ee 's/^v//;s/[.]([[:digit:]]+)[.](g[[:xdigit:]]+)$$/+\1-\2/'); \
- dch -v "$$ver~${DEB_DIST}" -D ${DEB_DIST} "${DEB_DIST} build"
+ dch -v "${debversion}~${DEB_DIST}" -D ${DEB_DIST} "${DEB_DIST} build"
debuild -S -sa
ver=$$(dpkg-parsechangelog -n1 | awk '$$1 == "Version:" { print $$2 }'); \
dput ppa:corecode/dma ../$${ver}_source.changes
--- /dev/null
+/*
+ * Copyright (c) 2010 Simon Schubert <2@0x2c.org>
+ * Copyright (c) 2008 The DragonFly Project. All rights reserved.
+ *
+ * This code is derived from software contributed to The DragonFly Project
+ * by Simon 'corecode' Schubert <corecode@fs.ei.tum.de>.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ * 3. Neither the name of The DragonFly Project nor the names of its
+ * contributors may be used to endorse or promote products derived
+ * from this software without specific, prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
+ * INCIDENTAL, SPECIAL, EXEMPLARY OR CONSEQUENTIAL DAMAGES (INCLUDING,
+ * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
+ * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+ * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
+ * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+/*
+ * This binary is setuid root. Use extreme caution when touching
+ * user-supplied information. Keep the root window as small as possible.
+ */
+
+#include <sys/param.h>
+#include <sys/stat.h>
+
+#include <fcntl.h>
+#include <grp.h>
+#include <paths.h>
+#include <pwd.h>
+#include <stdio.h>
+#include <unistd.h>
+
+#include "dma.h"
+
+/*
+ * Create a mbox in /var/mail for a given user, or make sure
+ * the permissions are correct for dma.
+ */
+
+int
+main(int argc, char **argv)
+{
+ const char *user;
+ struct passwd *pw;
+ struct group *gr;
+ uid_t user_uid;
+ gid_t mail_gid;
+ int error;
+ char fn[PATH_MAX+1];
+ int f;
+
+ /*
+ * We take exactly one argument: the username.
+ */
+ if (argc != 2)
+ return (1);
+ user = argv[1];
+
+ /* the username may not contain a pathname separator */
+ if (strchr(user, '/'))
+ return (1);
+
+ /* verify the user exists */
+ pw = getpwnam(user);
+ if (!pw)
+ return (1);
+
+ user_uid = pw->pw_uid;
+
+ gr = getgrnam(DMA_GROUP);
+ if (!gr)
+ return (1);
+
+ mail_gid = gr->gr_gid;
+
+ if (setgid(mail_gid) != 0)
+ return (1);
+ if (getegid() != mail_gid)
+ return (1);
+
+ error = snprintf(fn, sizeof(fn), "%s/%s", _PATH_MAILDIR, user);
+ if (error < 0 || (size_t)error >= sizeof(fn))
+ return (1);
+
+ f = open(fn, O_RDONLY|O_CREAT, 0600);
+ if (f < 0)
+ return (1);
+
+ if (fchown(f, user_uid, mail_gid))
+ return (1);
+
+ if (fchmod(f, 0660))
+ return (1);
+
+ /* file should be present with the right owner and permissions */
+
+ return (0);
+}
#define CONF_PATH "/etc/dma/dma.conf" /* Default path to dma.conf */
#endif
+#ifndef LIBEXEC_PATH
+#error Please define LIBEXEC_PATH
+#endif
+
+#define DMA_ROOT_USER "mail"
+#define DMA_GROUP "mail"
+
+
struct stritem {
SLIST_ENTRY(stritem) next;
char *str;
+/*
+ * Copyright (c) 2008 The DragonFly Project. All rights reserved.
+ *
+ * This code is derived from software contributed to The DragonFly Project
+ * by Simon 'corecode' Schubert <corecode@fs.ei.tum.de>.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ * 3. Neither the name of The DragonFly Project nor the names of its
+ * contributors may be used to endorse or promote products derived
+ * from this software without specific, prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
+ * INCIDENTAL, SPECIAL, EXEMPLARY OR CONSEQUENTIAL DAMAGES (INCLUDING,
+ * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
+ * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+ * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
+ * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include <sys/types.h>
+#include <sys/wait.h>
+
#include <err.h>
#include <errno.h>
#include <fcntl.h>
+#include <limits.h>
#include <paths.h>
#include <stdint.h>
#include <stdio.h>
#include "dma.h"
+static int
+create_mbox(const char *name)
+{
+ struct sigaction sa, osa;
+ pid_t child, waitchild;
+ int status;
+ int i;
+ long maxfd;
+ int e;
+ int r = -1;
+
+ /*
+ * We need to enable SIGCHLD temporarily so that waitpid works.
+ */
+ bzero(&sa, sizeof(sa));
+ sa.sa_handler = SIG_DFL;
+ sigaction(SIGCHLD, &sa, &osa);
+
+ do_timeout(100, 0);
+
+ child = fork();
+ switch (child) {
+ case 0:
+ /* child */
+ maxfd = sysconf(_SC_OPEN_MAX);
+ if (maxfd == -1)
+ maxfd = 1024; /* what can we do... */
+
+ for (i = 3; i <= maxfd; ++i)
+ close(i);
+
+ execl(LIBEXEC_PATH "/dma-mbox-create", "dma-mbox-create", name, NULL);
+ syslog(LOG_ERR, "cannot execute "LIBEXEC_PATH"/dma-mbox-create: %m");
+ exit(1);
+
+ default:
+ /* parent */
+ waitchild = waitpid(child, &status, 0);
+
+ e = errno;
+
+ do_timeout(0, 0);
+
+ if (waitchild == -1 && e == EINTR) {
+ syslog(LOG_ERR, "hung child while creating mbox `%s': %m", name);
+ break;
+ }
+
+ if (waitchild == -1) {
+ syslog(LOG_ERR, "child disappeared while creating mbox `%s': %m", name);
+ break;
+ }
+
+ if (!WIFEXITED(status) || WEXITSTATUS(status) != 0) {
+ syslog(LOG_ERR, "error creating mbox `%s'", name);
+ break;
+ }
+
+ /* success */
+ r = 0;
+ break;
+
+ case -1:
+ /* error */
+ syslog(LOG_ERR, "error creating mbox");
+ break;
+ }
+
+ sigaction(SIGCHLD, &osa, NULL);
+
+ return (r);
+}
+
int
deliver_local(struct qitem *it)
{
const char *sender;
const char *newline = "\n";
size_t linelen;
+ int tries = 0;
int mbox;
int error;
int hadnl = 0;
return (1);
}
+retry:
/* wait for a maximum of 100s to get the lock to the file */
do_timeout(100, 0);
- /* mailx removes users mailspool file if empty, so open with O_CREAT */
- mbox = open_locked(fn, O_WRONLY|O_APPEND|O_CREAT, 0660);
+ /* don't use O_CREAT here, because we might be running as the wrong user. */
+ mbox = open_locked(fn, O_WRONLY|O_APPEND);
if (mbox < 0) {
int e = errno;
do_timeout(0, 0);
- if (e == EINTR)
+
+ switch (e) {
+ case EACCES:
+ case ENOENT:
+ /*
+ * The file does not exist or we can't access it.
+ * Call dma-mbox-create to create it and fix permissions.
+ */
+ if (tries > 0 || create_mbox(it->addr) != 0) {
+ syslog(LOG_ERR, "local delivery deferred: can not create `%s'", fn);
+ return (1);
+ }
+ ++tries;
+ goto retry;
+
+ case EINTR:
syslog(LOG_NOTICE, "local delivery deferred: can not lock `%s'", fn);
- else
+ break;
+
+ default:
syslog(LOG_NOTICE, "local delivery deferred: can not open `%s': %m", fn);
+ break;
+ }
return (1);
}
do_timeout(0, 0);