previously occupied by the original message body.
Problem report by BenoƮt Panizzon.
+
+20211115
+
+ Bugfix (introduced: 20210708): duplicate bounce_notice_recipient
+ entries in postconf output. The fix to send SMTP session
+ transcripts to bounce_notice_recipient was incomplete.
+ Reported by Vincent Lefevre. File: smtpd/smtpd.c.
+
+20211216
+
+ Bugfix (introduced: Postfix 3.0): the proxymap daemon did
+ not automatically authorize proxied maps inside pipemap
+ (example: pipemap:{proxy:maptype:mapname, ...}) or inside
+ unionmap. Problem reported by Mirko Vogt. Files:
+ proxymap/proxymap.c.
+
+20211220
+
+ Bugfix (introduced: Postfix 2.5): off-by-one error while
+ writing a string terminator. This code had passed all memory
+ corruption tests, presumably because it wrote over an
+ alignment padding byte, or over an adjacent character byte
+ that was never read. Reported by Robert Siemer. Files:
+ *qmgr/qmgr_feedback.c.
+
+20211223
+
+ Cleanup: added missing _maps parameter names to the
+ proxy_read_maps default value, based on output from the
+ mantools/missing-proxy-read-maps script. File:
+ global/mail_params.h.
#include <htable.h>
#include <stringops.h>
#include <dict.h>
+#include <dict_pipe.h>
+#include <dict_union.h>
/* Global library. */
#define STR(x) vstring_str(x)
#define VSTREQ(x,y) (strcmp(STR(x),y) == 0)
+/* get_nested_dict_name - return nested dictionary name pointer, or null */
+
+static char *get_nested_dict_name(char *type_name)
+{
+ const struct {
+ const char *type_col;
+ ssize_t type_col_len;
+ } *prefix, prefixes[] = {
+ DICT_TYPE_UNION ":", (sizeof(DICT_TYPE_UNION ":") - 1),
+ DICT_TYPE_PIPE ":", (sizeof(DICT_TYPE_PIPE ":") - 1),
+ };
+
+#define COUNT_OF(x) (sizeof(x)/sizeof((x)[0]))
+
+ for (prefix = prefixes; prefix < prefixes + COUNT_OF(prefixes); prefix++) {
+ if (strncmp(type_name, prefix->type_col, prefix->type_col_len) == 0)
+ return (type_name + prefix->type_col_len);
+ }
+ return (0);
+}
+
/* proxy_map_find - look up or open table */
static DICT *proxy_map_find(const char *map_type_name, int request_flags,
return (dict_open(map, open_flags, dict_flags));
}
-/* post_jail_init - initialization after privilege drop */
+/* authorize_proxied_maps - recursively authorize maps */
-static void post_jail_init(char *service_name, char **unused_argv)
+static void authorize_proxied_maps(char *bp)
{
const char *sep = CHARS_COMMA_SP;
const char *parens = CHARS_BRACE;
- char *saved_filter;
- char *bp;
char *type_name;
- /*
- * Are we proxy writer?
- */
- if (strcmp(service_name, MAIL_SERVICE_PROXYWRITE) == 0)
- proxy_writer = 1;
- else if (strcmp(service_name, MAIL_SERVICE_PROXYMAP) != 0)
- msg_fatal("service name must be one of %s or %s",
- MAIL_SERVICE_PROXYMAP, MAIL_SERVICE_PROXYMAP);
-
- /*
- * Pre-allocate buffers.
- */
- request = vstring_alloc(10);
- request_map = vstring_alloc(10);
- request_key = vstring_alloc(10);
- request_value = vstring_alloc(10);
- map_type_name_flags = vstring_alloc(10);
-
- /*
- * Prepare the pre-approved list of proxied tables.
- */
- saved_filter = bp = mystrdup(proxy_writer ? var_proxy_write_maps :
- var_proxy_read_maps);
- proxy_auth_maps = htable_create(13);
while ((type_name = mystrtokq(&bp, sep, parens)) != 0) {
+ char *nested_info;
+
/* Maybe { maptype:mapname attr=value... } */
if (*type_name == parens[0]) {
char *err;
if ((type_name = mystrtokq(&type_name, sep, parens)) == 0)
continue;
}
+ /* Recurse into nested map (pipemap, unionmap). */
+ if ((nested_info = get_nested_dict_name(type_name)) != 0) {
+ char *err;
+
+ if (*nested_info != parens[0])
+ continue;
+ /* Warn about blatant syntax error. */
+ if ((err = extpar(&nested_info, parens, EXTPAR_FLAG_NONE)) != 0) {
+ msg_warn("bad %s parameter value: %s",
+ PROXY_MAP_PARAM_NAME(proxy_writer), err);
+ myfree(err);
+ continue;
+ }
+ authorize_proxied_maps(nested_info);
+ continue;
+ }
if (strncmp(type_name, PROXY_COLON, PROXY_COLON_LEN))
continue;
do {
PROXY_MAP_PARAM_NAME(proxy_writer));
}
}
+}
+
+/* post_jail_init - initialization after privilege drop */
+
+static void post_jail_init(char *service_name, char **unused_argv)
+{
+ char *saved_filter;
+
+ /*
+ * Are we proxy writer?
+ */
+ if (strcmp(service_name, MAIL_SERVICE_PROXYWRITE) == 0)
+ proxy_writer = 1;
+ else if (strcmp(service_name, MAIL_SERVICE_PROXYMAP) != 0)
+ msg_fatal("service name must be one of %s or %s",
+ MAIL_SERVICE_PROXYMAP, MAIL_SERVICE_PROXYMAP);
+
+ /*
+ * Pre-allocate buffers.
+ */
+ request = vstring_alloc(10);
+ request_map = vstring_alloc(10);
+ request_key = vstring_alloc(10);
+ request_value = vstring_alloc(10);
+ map_type_name_flags = vstring_alloc(10);
+
+ /*
+ * Prepare the pre-approved list of proxied tables.
+ */
+ saved_filter = mystrdup(proxy_writer ? var_proxy_write_maps :
+ var_proxy_read_maps);
+ proxy_auth_maps = htable_create(13);
+ authorize_proxied_maps(saved_filter);
myfree(saved_filter);
/*
VAR_EOD_CHECKS, DEF_EOD_CHECKS, &var_eod_checks, 0, 0,
VAR_MAPS_RBL_DOMAINS, DEF_MAPS_RBL_DOMAINS, &var_maps_rbl_domains, 0, 0,
VAR_RBL_REPLY_MAPS, DEF_RBL_REPLY_MAPS, &var_rbl_reply_maps, 0, 0,
- VAR_BOUNCE_RCPT, DEF_ERROR_RCPT, &var_bounce_rcpt, 1, 0,
+ VAR_BOUNCE_RCPT, DEF_BOUNCE_RCPT, &var_bounce_rcpt, 1, 0,
VAR_ERROR_RCPT, DEF_ERROR_RCPT, &var_error_rcpt, 1, 0,
VAR_REST_CLASSES, DEF_REST_CLASSES, &var_rest_classes, 0, 0,
VAR_CANONICAL_MAPS, DEF_CANONICAL_MAPS, &var_canonical_maps, 0, 0,
projects / thirdparty / postfix.git / commitdiff
