From: Wietse Venema Date: Thu, 4 Jan 2007 05:00:00 +0000 (-0500) Subject: postfix-2.4-20070104 X-Git-Tag: v2.4.0-RC1~25 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=5c2eb772dd4d6f97ebd121a526105f7e9d09a644;p=thirdparty%2Fpostfix.git postfix-2.4-20070104 --- diff --git a/postfix/.indent.pro b/postfix/.indent.pro index d9653076e..2970847d7 100644 --- a/postfix/.indent.pro +++ b/postfix/.indent.pro @@ -107,6 +107,8 @@ -TINTV -TINT_TABLE -TJMP_BUF_WRAPPER +-TLDAP +-TLDAPMessage -TLDAP_CONN -TLMTP_ATTR -TLMTP_RESP diff --git a/postfix/HISTORY b/postfix/HISTORY index 977239ad2..b4785a095 100644 --- a/postfix/HISTORY +++ b/postfix/HISTORY @@ -13049,17 +13049,38 @@ Apologies for any names omitted. 20061227 - Bugfix: the MX hostname syntax check was accidentally skipped - with reject_unknown_helo_hostname/sender_domain/recipient_domain. - File: smtpd/smtpd_check.c. + Bugfix (introduced with Postfix 2.3): the MX hostname syntax + check was skipped with reject_unknown_helo_hostname and + reject_unknown_sender/recipient_domain, so that Postfix + would still accept mail from domains with a zero-length MX + hostname. File: smtpd/smtpd_check.c. 20061229 Cleanup: use separate TLS_LEGACY_README to document the old TLS user interface. This will simplify TLS_README dramatically. + Cleanup: untangled spaghetti code. File: util/inet_listen.c. + +20070104 + + Bugfix (introduced Postfix 2.3): when creating an alias map + on a NIS-enabled system, don't case-fold the YP_MASTER_NAME + and YP_LAST_MODIFIED lookup keys. This requires that an + application can turn on/off case folding on the fly. Files: + postalias/postalias.c, global/dict_mumble.c, util/dict_mumble.c, + proxymap/proxymap.c. + + Cleanup: after the above revision of the proxymap protocol, + the proxymap server can now share the same map with clients + that have only minor differences in dictionary open/access + options. + Wish list: + Update BACKSCATTER_README to use PCRE because that's what I + am using now. + Update MILTER_README with Martinec info. Make postcat header/body aware so people can grep headers. diff --git a/postfix/examples/smtpd-policy/greylist.pl b/postfix/examples/smtpd-policy/greylist.pl index e1e0012fd..dbaa5cbe0 100755 --- a/postfix/examples/smtpd-policy/greylist.pl +++ b/postfix/examples/smtpd-policy/greylist.pl @@ -76,6 +76,13 @@ use Sys::Syslog qw(:DEFAULT setlogsock); $database_name="/var/mta/greylist.db"; $greylist_delay=60; +# +# Auto-whitelist threshold. Specify 0 to disable, or the number of +# successful "come backs" after which a client is no longer subject +# to greylisting. +# +$auto_whitelist_threshold = 10; + # # Syslogging options for verbose mode and for fatal errors. # NOTE: comment out the $syslog_socktype line if syslogging does not @@ -92,11 +99,19 @@ $syslog_priority="info"; # table. Request attributes are available via the %attr hash. # sub smtpd_access_policy { - my($key, $time_stamp, $now); + my($key, $time_stamp, $now, $count); # Open the database on the fly. open_database() unless $database_obj; + # Search the auto-whitelist. + if ($auto_whitelist_threshold > 0) { + $count = read_database($attr{"client_address"}); + if ($count > $auto_whitelist_threshold) { + return "dunno"; + } + } + # Lookup the time stamp for this client/sender/recipient. $key = lc $attr{"client_address"}."/".$attr{"sender"}."/".$attr{"recipient"}; @@ -121,6 +136,10 @@ sub smtpd_access_policy { # syslog $syslog_priority, "request age %d", $now - $time_stamp if $verbose; if ($now - $time_stamp > $greylist_delay) { + # Update the auto-whitelist. + if ($auto_whitelist_threshold > 0) { + update_database($attr{"client_address"}, $count + 1); + } return "dunno"; } else { return "defer_if_permit Service is unavailable"; diff --git a/postfix/html/postalias.1.html b/postfix/html/postalias.1.html index 045b5eb3d..0d5daca65 100644 --- a/postfix/html/postalias.1.html +++ b/postfix/html/postalias.1.html @@ -60,111 +60,116 @@ POSTALIAS(1) POSTALIAS(1) -f Do not fold the lookup key to lower case while cre- ating or querying a table. - -i Incremental mode. Read entries from standard input + With Postfix version 2.3 and later, this option has + no effect for regular expression tables. There, + case folding is controlled by appending a flag to a + pattern. + + -i Incremental mode. Read entries from standard input and do not truncate an existing database. By - default, postalias(1) creates a new database from + default, postalias(1) creates a new database from the entries in file_name. - -N Include the terminating null character that termi- - nates lookup keys and values. By default, postal- - ias(1) does whatever is the default for the host + -N Include the terminating null character that termi- + nates lookup keys and values. By default, postal- + ias(1) does whatever is the default for the host operating system. - -n Don't include the terminating null character that - terminates lookup keys and values. By default, - postalias(1) does whatever is the default for the + -n Don't include the terminating null character that + terminates lookup keys and values. By default, + postalias(1) does whatever is the default for the host operating system. - -o Do not release root privileges when processing a + -o Do not release root privileges when processing a non-root input file. By default, postalias(1) drops - root privileges and runs as the source file owner + root privileges and runs as the source file owner instead. -p Do not inherit the file access permissions from the input file when creating a new file. Instead, cre- - ate a new file with default access permissions + ate a new file with default access permissions (mode 0644). - -q key Search the specified maps for key and write the - first value found to the standard output stream. + -q key Search the specified maps for key and write the + first value found to the standard output stream. The exit status is zero when the requested informa- tion was found. If a key value of - is specified, the program reads - key values from the standard input stream and - writes one line of key: value output for each key - that was found. The exit status is zero when at + key values from the standard input stream and + writes one line of key: value output for each key + that was found. The exit status is zero when at least one of the requested keys was found. -r When updating a table, do not complain about attempts to update existing entries, and make those updates anyway. - -s Retrieve all database elements, and write one line + -s Retrieve all database elements, and write one line of key: value output for each element. The elements - are printed in database order, which is not neces- - sarily the same as the original input order. This - feature is available in Postfix version 2.2 and + are printed in database order, which is not neces- + sarily the same as the original input order. This + feature is available in Postfix version 2.2 and later, and is not available for all database types. -v Enable verbose logging for debugging purposes. Mul- - tiple -v options make the software increasingly + tiple -v options make the software increasingly verbose. -w When updating a table, do not complain about - attempts to update existing entries, and ignore + attempts to update existing entries, and ignore those attempts. Arguments: file_type - The database type. To find out what types are sup- + The database type. To find out what types are sup- ported, use the "postconf -m" command. - The postalias(1) command can query any supported - file type, but it can create only the following + The postalias(1) command can query any supported + file type, but it can create only the following file types: - btree The output is a btree file, named - file_name.db. This is available on systems + btree The output is a btree file, named + file_name.db. This is available on systems with support for db databases. - cdb The output is one file named file_name.cdb. - This is available on systems with support + cdb The output is one file named file_name.cdb. + This is available on systems with support for cdb databases. - dbm The output consists of two files, named - file_name.pag and file_name.dir. This is - available on systems with support for dbm + dbm The output consists of two files, named + file_name.pag and file_name.dir. This is + available on systems with support for dbm databases. - hash The output is a hashed file, named - file_name.db. This is available on systems + hash The output is a hashed file, named + file_name.db. This is available on systems with support for db databases. - sdbm The output consists of two files, named - file_name.pag and file_name.dir. This is - available on systems with support for sdbm + sdbm The output consists of two files, named + file_name.pag and file_name.dir. This is + available on systems with support for sdbm databases. - When no file_type is specified, the software uses - the database type specified via the default_data- + When no file_type is specified, the software uses + the database type specified via the default_data- base_type configuration parameter. The default - value for this parameter depends on the host envi- + value for this parameter depends on the host envi- ronment. file_name - The name of the alias database source file when + The name of the alias database source file when creating a database. DIAGNOSTICS - Problems are logged to the standard error stream and to - syslogd(8). No output means that no problems were - detected. Duplicate entries are skipped and are flagged + Problems are logged to the standard error stream and to + syslogd(8). No output means that no problems were + detected. Duplicate entries are skipped and are flagged with a warning. - postalias(1) terminates with zero exit status in case of - success (including successful "postalias -q" lookup) and + postalias(1) terminates with zero exit status in case of + success (including successful "postalias -q" lookup) and terminates with non-zero exit status in case of failure. ENVIRONMENT @@ -175,26 +180,26 @@ POSTALIAS(1) POSTALIAS(1) Enable verbose logging for debugging purposes. CONFIGURATION PARAMETERS - The following main.cf parameters are especially relevant + The following main.cf parameters are especially relevant to this program. - The text below provides only a parameter summary. See + The text below provides only a parameter summary. See postconf(5) for more details including examples. alias_database (see 'postconf -d' output) - The alias databases for local(8) delivery that are + The alias databases for local(8) delivery that are updated with "newaliases" or with "sendmail -bi". config_directory (see 'postconf -d' output) - The default location of the Postfix main.cf and + The default location of the Postfix main.cf and master.cf configuration files. berkeley_db_create_buffer_size (16777216) - The per-table I/O buffer size for programs that + The per-table I/O buffer size for programs that create Berkeley DB hash or btree tables. berkeley_db_read_buffer_size (131072) - The per-table I/O buffer size for programs that + The per-table I/O buffer size for programs that read Berkeley DB hash or btree tables. default_database_type (see 'postconf -d' output) @@ -205,8 +210,8 @@ POSTALIAS(1) POSTALIAS(1) The syslog facility of Postfix logging. syslog_name (postfix) - The mail system name that is prepended to the - process name in syslog records, so that "smtpd" + The mail system name that is prepended to the + process name in syslog records, so that "smtpd" becomes, for example, "postfix/smtpd". STANDARDS @@ -225,7 +230,7 @@ POSTALIAS(1) POSTALIAS(1) DATABASE_README, Postfix lookup table overview LICENSE - The Secure Mailer license must be distributed with this + The Secure Mailer license must be distributed with this software. AUTHOR(S) diff --git a/postfix/html/postmap.1.html b/postfix/html/postmap.1.html index 99a4ec3e4..0eafaf3d2 100644 --- a/postfix/html/postmap.1.html +++ b/postfix/html/postmap.1.html @@ -78,109 +78,114 @@ POSTMAP(1) POSTMAP(1) -f Do not fold the lookup key to lower case while cre- ating or querying a table. - -i Incremental mode. Read entries from standard input + With Postfix version 2.3 and later, this option has + no effect for regular expression tables. There, + case folding is controlled by appending a flag to a + pattern. + + -i Incremental mode. Read entries from standard input and do not truncate an existing database. By default, postmap(1) creates a new database from the entries in file_name. - -N Include the terminating null character that termi- - nates lookup keys and values. By default, - postmap(1) does whatever is the default for the + -N Include the terminating null character that termi- + nates lookup keys and values. By default, + postmap(1) does whatever is the default for the host operating system. - -n Don't include the terminating null character that - terminates lookup keys and values. By default, - postmap(1) does whatever is the default for the + -n Don't include the terminating null character that + terminates lookup keys and values. By default, + postmap(1) does whatever is the default for the host operating system. - -o Do not release root privileges when processing a - non-root input file. By default, postmap(1) drops - root privileges and runs as the source file owner + -o Do not release root privileges when processing a + non-root input file. By default, postmap(1) drops + root privileges and runs as the source file owner instead. -p Do not inherit the file access permissions from the input file when creating a new file. Instead, cre- - ate a new file with default access permissions + ate a new file with default access permissions (mode 0644). - -q key Search the specified maps for key and write the - first value found to the standard output stream. + -q key Search the specified maps for key and write the + first value found to the standard output stream. The exit status is zero when the requested informa- tion was found. If a key value of - is specified, the program reads - key values from the standard input stream and - writes one line of key value output for each key - that was found. The exit status is zero when at + key values from the standard input stream and + writes one line of key value output for each key + that was found. The exit status is zero when at least one of the requested keys was found. -r When updating a table, do not complain about attempts to update existing entries, and make those updates anyway. - -s Retrieve all database elements, and write one line - of key value output for each element. The elements - are printed in database order, which is not neces- - sarily the same as the original input order. This - feature is available in Postfix version 2.2 and + -s Retrieve all database elements, and write one line + of key value output for each element. The elements + are printed in database order, which is not neces- + sarily the same as the original input order. This + feature is available in Postfix version 2.2 and later, and is not available for all database types. -v Enable verbose logging for debugging purposes. Mul- - tiple -v options make the software increasingly + tiple -v options make the software increasingly verbose. -w When updating a table, do not complain about - attempts to update existing entries, and ignore + attempts to update existing entries, and ignore those attempts. Arguments: file_type - The database type. To find out what types are sup- + The database type. To find out what types are sup- ported, use the "postconf -m" command. The postmap(1) command can query any supported file - type, but it can create only the following file + type, but it can create only the following file types: - btree The output file is a btree file, named - file_name.db. This is available on systems + btree The output file is a btree file, named + file_name.db. This is available on systems with support for db databases. cdb The output consists of one file, named file_name.cdb. This is available on systems with support for cdb databases. - dbm The output consists of two files, named - file_name.pag and file_name.dir. This is - available on systems with support for dbm + dbm The output consists of two files, named + file_name.pag and file_name.dir. This is + available on systems with support for dbm databases. - hash The output file is a hashed file, named - file_name.db. This is available on systems + hash The output file is a hashed file, named + file_name.db. This is available on systems with support for db databases. - sdbm The output consists of two files, named - file_name.pag and file_name.dir. This is - available on systems with support for sdbm + sdbm The output consists of two files, named + file_name.pag and file_name.dir. This is + available on systems with support for sdbm databases. - When no file_type is specified, the software uses - the database type specified via the default_data- + When no file_type is specified, the software uses + the database type specified via the default_data- base_type configuration parameter. file_name - The name of the lookup table source file when + The name of the lookup table source file when rebuilding a database. DIAGNOSTICS - Problems are logged to the standard error stream and to - syslogd(8). No output means that no problems were - detected. Duplicate entries are skipped and are flagged + Problems are logged to the standard error stream and to + syslogd(8). No output means that no problems were + detected. Duplicate entries are skipped and are flagged with a warning. - postmap(1) terminates with zero exit status in case of - success (including successful "postmap -q" lookup) and + postmap(1) terminates with zero exit status in case of + success (including successful "postmap -q" lookup) and terminates with non-zero exit status in case of failure. ENVIRONMENT @@ -191,21 +196,21 @@ POSTMAP(1) POSTMAP(1) Enable verbose logging for debugging purposes. CONFIGURATION PARAMETERS - The following main.cf parameters are especially relevant + The following main.cf parameters are especially relevant to this program. The text below provides only a parameter - summary. See postconf(5) for more details including exam- + summary. See postconf(5) for more details including exam- ples. berkeley_db_create_buffer_size (16777216) - The per-table I/O buffer size for programs that + The per-table I/O buffer size for programs that create Berkeley DB hash or btree tables. berkeley_db_read_buffer_size (131072) - The per-table I/O buffer size for programs that + The per-table I/O buffer size for programs that read Berkeley DB hash or btree tables. config_directory (see 'postconf -d' output) - The default location of the Postfix main.cf and + The default location of the Postfix main.cf and master.cf configuration files. default_database_type (see 'postconf -d' output) @@ -216,8 +221,8 @@ POSTMAP(1) POSTMAP(1) The syslog facility of Postfix logging. syslog_name (postfix) - The mail system name that is prepended to the - process name in syslog records, so that "smtpd" + The mail system name that is prepended to the + process name in syslog records, so that "smtpd" becomes, for example, "postfix/smtpd". SEE ALSO @@ -230,7 +235,7 @@ POSTMAP(1) POSTMAP(1) DATABASE_README, Postfix lookup table overview LICENSE - The Secure Mailer license must be distributed with this + The Secure Mailer license must be distributed with this software. AUTHOR(S) diff --git a/postfix/man/man1/postalias.1 b/postfix/man/man1/postalias.1 index 358b97e56..390a74e2c 100644 --- a/postfix/man/man1/postalias.1 +++ b/postfix/man/man1/postalias.1 @@ -54,6 +54,10 @@ when at least one of the requested keys was found. .IP \fB-f\fR Do not fold the lookup key to lower case while creating or querying a table. + +With Postfix version 2.3 and later, this option has no +effect for regular expression tables. There, case folding +is controlled by appending a flag to a pattern. .IP \fB-i\fR Incremental mode. Read entries from standard input and do not truncate an existing database. By default, \fBpostalias\fR(1) creates diff --git a/postfix/man/man1/postmap.1 b/postfix/man/man1/postmap.1 index bedee7d6d..c5ef94de9 100644 --- a/postfix/man/man1/postmap.1 +++ b/postfix/man/man1/postmap.1 @@ -78,6 +78,10 @@ when at least one of the requested keys was found. .IP \fB-f\fR Do not fold the lookup key to lower case while creating or querying a table. + +With Postfix version 2.3 and later, this option has no +effect for regular expression tables. There, case folding +is controlled by appending a flag to a pattern. .IP \fB-i\fR Incremental mode. Read entries from standard input and do not truncate an existing database. By default, \fBpostmap\fR(1) creates diff --git a/postfix/src/global/dict_ldap.c b/postfix/src/global/dict_ldap.c index bd2c4fda7..b373301e2 100644 --- a/postfix/src/global/dict_ldap.c +++ b/postfix/src/global/dict_ldap.c @@ -955,7 +955,9 @@ static const char *dict_ldap_lookup(DICT *dict, const char *name) /* * Optionally fold the key. */ - if (dict->fold_buf) { + if (dict->flags & DICT_FLAG_FOLD_FIX) { + if (dict->fold_buf == 0) + dict->fold_buf = vstring_alloc(10); vstring_strcpy(dict->fold_buf, name); name = lowercase(vstring_str(dict->fold_buf)); } diff --git a/postfix/src/global/dict_mysql.c b/postfix/src/global/dict_mysql.c index 44f49bc16..92db68d13 100644 --- a/postfix/src/global/dict_mysql.c +++ b/postfix/src/global/dict_mysql.c @@ -308,7 +308,9 @@ static const char *dict_mysql_lookup(DICT *dict, const char *name) /* * Optionally fold the key. */ - if (dict->fold_buf) { + if (dict->flags & DICT_FLAG_FOLD_FIX) { + if (dict->fold_buf == 0) + dict->fold_buf = vstring_alloc(10); vstring_strcpy(dict->fold_buf, name); name = lowercase(vstring_str(dict->fold_buf)); } diff --git a/postfix/src/global/dict_pgsql.c b/postfix/src/global/dict_pgsql.c index 42ff90b3c..bedc568e3 100644 --- a/postfix/src/global/dict_pgsql.c +++ b/postfix/src/global/dict_pgsql.c @@ -351,7 +351,9 @@ static const char *dict_pgsql_lookup(DICT *dict, const char *name) /* * Optionally fold the key. */ - if (dict->fold_buf) { + if (dict->flags & DICT_FLAG_FOLD_FIX) { + if (dict->fold_buf == 0) + dict->fold_buf = vstring_alloc(10); vstring_strcpy(dict->fold_buf, name); name = lowercase(vstring_str(dict->fold_buf)); } diff --git a/postfix/src/global/dict_proxy.c b/postfix/src/global/dict_proxy.c index b8da5abce..c36675c4c 100644 --- a/postfix/src/global/dict_proxy.c +++ b/postfix/src/global/dict_proxy.c @@ -250,7 +250,8 @@ DICT *dict_proxy_open(const char *map, int open_flags, int dict_flags) msg_fatal("%s service is not configured for table \"%s\"", MAIL_SERVICE_PROXYMAP, dict_proxy->dict.name); case PROXY_STAT_OK: - dict_proxy->dict.flags = dict_proxy->in_flags | server_flags; + dict_proxy->dict.flags = dict_proxy->in_flags + | (server_flags & DICT_FLAG_IMPL_MASK); return (DICT_DEBUG (&dict_proxy->dict)); default: msg_warn("%s open failed for table \"%s\": unexpected status %d", diff --git a/postfix/src/global/mail_version.h b/postfix/src/global/mail_version.h index 5248081ce..36f3128c6 100644 --- a/postfix/src/global/mail_version.h +++ b/postfix/src/global/mail_version.h @@ -20,7 +20,7 @@ * Patches change both the patchlevel and the release date. Snapshots have no * patchlevel; they change the release date only. */ -#define MAIL_RELEASE_DATE "20061229" +#define MAIL_RELEASE_DATE "20070104" #define MAIL_VERSION_NUMBER "2.4" #ifdef SNAPSHOT diff --git a/postfix/src/postalias/postalias.c b/postfix/src/postalias/postalias.c index b31a719e8..e50cebdd0 100644 --- a/postfix/src/postalias/postalias.c +++ b/postfix/src/postalias/postalias.c @@ -48,6 +48,10 @@ /* .IP \fB-f\fR /* Do not fold the lookup key to lower case while creating or querying /* a table. +/* +/* With Postfix version 2.3 and later, this option has no +/* effect for regular expression tables. There, case folding +/* is controlled by appending a flag to a pattern. /* .IP \fB-i\fR /* Incremental mode. Read entries from standard input and do not /* truncate an existing database. By default, \fBpostalias\fR(1) creates @@ -392,6 +396,7 @@ static void postalias(char *map_type, char *path_name, int postalias_flags, mkmap->dict->flags |= DICT_FLAG_TRY0NULL; vstring_sprintf(value_buffer, "%010ld", (long) time((time_t *) 0)); #if (defined(HAS_NIS) || defined(HAS_NISPLUS)) + mkmap->dict->flags &= ~DICT_FLAG_FOLD_FIX; mkmap_append(mkmap, "YP_LAST_MODIFIED", STR(value_buffer)); mkmap_append(mkmap, "YP_MASTER_NAME", var_myhostname); #endif diff --git a/postfix/src/postmap/postmap.c b/postfix/src/postmap/postmap.c index c02e394a3..e8ba14695 100644 --- a/postfix/src/postmap/postmap.c +++ b/postfix/src/postmap/postmap.c @@ -68,6 +68,10 @@ /* .IP \fB-f\fR /* Do not fold the lookup key to lower case while creating or querying /* a table. +/* +/* With Postfix version 2.3 and later, this option has no +/* effect for regular expression tables. There, case folding +/* is controlled by appending a flag to a pattern. /* .IP \fB-i\fR /* Incremental mode. Read entries from standard input and do not /* truncate an existing database. By default, \fBpostmap\fR(1) creates diff --git a/postfix/src/proxymap/proxymap.c b/postfix/src/proxymap/proxymap.c index b34251b7c..076d8089f 100644 --- a/postfix/src/proxymap/proxymap.c +++ b/postfix/src/proxymap/proxymap.c @@ -237,9 +237,12 @@ static DICT *proxy_map_find(const char *map_type_name, int request_flags, /* * Open one instance of a map for each combination of name+flags. + * + * Assume that a map instance can be shared among clients with different + * paranoia flag settings and with different map lookup flag settings. */ - vstring_sprintf(map_type_name_flags, "%s:%s", - map_type_name, dict_flags_str(request_flags)); + vstring_sprintf(map_type_name_flags, "%s:%s", map_type_name, + dict_flags_str(request_flags & DICT_FLAG_NP_INST_MASK)); if ((dict = dict_handle(STR(map_type_name_flags))) == 0) dict = dict_open(map_type_name, READ_OPEN_FLAGS, request_flags); if (dict == 0) @@ -270,7 +273,9 @@ static void proxymap_lookup_service(VSTREAM *client_stream) } else if ((dict = proxy_map_find(STR(request_map), request_flags, &reply_status)) == 0) { reply_value = ""; - } else if ((reply_value = dict_get(dict, STR(request_key))) != 0) { + } else if (dict->flags = ((dict->flags & ~DICT_FLAG_RQST_MASK) + | (request_flags & DICT_FLAG_RQST_MASK)), + (reply_value = dict_get(dict, STR(request_key))) != 0) { reply_status = PROXY_STAT_OK; } else if (dict_errno == 0) { reply_status = PROXY_STAT_NOKEY; diff --git a/postfix/src/util/dict.h b/postfix/src/util/dict.h index eadc7733f..63ea133f6 100644 --- a/postfix/src/util/dict.h +++ b/postfix/src/util/dict.h @@ -46,6 +46,7 @@ extern DICT *dict_alloc(const char *, const char *, ssize_t); extern void dict_free(DICT *); extern DICT *dict_debug(DICT *); + #define DICT_DEBUG(d) ((d)->flags & DICT_FLAG_DEBUG ? dict_debug(d) : (d)) #define DICT_FLAG_NONE (0) @@ -69,8 +70,34 @@ extern DICT *dict_debug(DICT *); /* IMPORTANT: Update the dict_mask[] table when the above changes */ + /* + * The subsets of flags that control how a map is used. These are relevant + * mainly for proxymap support. Note: some categories overlap. + * + * DICT_FLAG_PARANOID - flags that forbid the use of insecure map types for + * security-sensitive operations. These flags are specified by the caller, + * and are checked by the map implementation itself upon open, lookup etc. + * requests. + * + * DICT_FLAG_IMPL_MASK - flags that specify properties of the lookup table + * implementation. These flags are set by the map implementation itself. + * + * DICT_FLAG_INST_MASK - flags that control how a specific table instance is + * opened or used. The caller specifies these flags, and the caller may not + * change them between open, lookup, etc. requests (although the map itself + * may make changes to some of these flags). + * + * DICT_FLAG_NP_INST_MASK - ditto, but without the paranoia flags. + * + * DICT_FLAG_RQST_MASK - flags that the caller specifies, and that the caller + * may change between open, lookup etc. requests. + */ #define DICT_FLAG_PARANOID \ (DICT_FLAG_NO_REGSUB | DICT_FLAG_NO_PROXY | DICT_FLAG_NO_UNAUTH) +#define DICT_FLAG_IMPL_MASK (DICT_FLAG_FIXED | DICT_FLAG_PATTERN) +#define DICT_FLAG_RQST_MASK DICT_FLAG_FOLD_ANY +#define DICT_FLAG_NP_INST_MASK ~(DICT_FLAG_IMPL_MASK | DICT_FLAG_RQST_MASK) +#define DICT_FLAG_INST_MASK (DICT_FLAG_NP_INST_MASK | DICT_FLAG_PARANOID) extern int dict_unknown_allowed; extern int dict_errno; diff --git a/postfix/src/util/dict_cdb.c b/postfix/src/util/dict_cdb.c index 1aa67a3fd..c44e3d643 100644 --- a/postfix/src/util/dict_cdb.c +++ b/postfix/src/util/dict_cdb.c @@ -110,7 +110,9 @@ static const char *dict_cdbq_lookup(DICT *dict, const char *name) /* * Optionally fold the key. */ - if (dict->fold_buf) { + if (dict->flags & DICT_FLAG_FOLD_FIX) { + if (dict->fold_buf == 0) + dict->fold_buf = vstring_alloc(10); vstring_strcpy(dict->fold_buf, name); name = lowercase(vstring_str(dict->fold_buf)); } @@ -234,11 +236,12 @@ static void dict_cdbm_update(DICT *dict, const char *name, const char *value) /* * Optionally fold the key. */ - if (dict->fold_buf) { + if (dict->flags & DICT_FLAG_FOLD_FIX) { + if (dict->fold_buf == 0) + dict->fold_buf = vstring_alloc(10); vstring_strcpy(dict->fold_buf, name); name = lowercase(vstring_str(dict->fold_buf)); } - ksize = strlen(name); vsize = strlen(value); diff --git a/postfix/src/util/dict_db.c b/postfix/src/util/dict_db.c index a00a328b1..d58e3f459 100644 --- a/postfix/src/util/dict_db.c +++ b/postfix/src/util/dict_db.c @@ -194,7 +194,9 @@ static const char *dict_db_lookup(DICT *dict, const char *name) /* * Optionally fold the key. */ - if (dict->fold_buf) { + if (dict->flags & DICT_FLAG_FOLD_FIX) { + if (dict->fold_buf == 0) + dict->fold_buf = vstring_alloc(10); vstring_strcpy(dict->fold_buf, name); name = lowercase(vstring_str(dict->fold_buf)); } @@ -265,7 +267,9 @@ static void dict_db_update(DICT *dict, const char *name, const char *value) /* * Optionally fold the key. */ - if (dict->fold_buf) { + if (dict->flags & DICT_FLAG_FOLD_FIX) { + if (dict->fold_buf == 0) + dict->fold_buf = vstring_alloc(10); vstring_strcpy(dict->fold_buf, name); name = lowercase(vstring_str(dict->fold_buf)); } @@ -349,7 +353,9 @@ static int dict_db_delete(DICT *dict, const char *name) /* * Optionally fold the key. */ - if (dict->fold_buf) { + if (dict->flags & DICT_FLAG_FOLD_FIX) { + if (dict->fold_buf == 0) + dict->fold_buf = vstring_alloc(10); vstring_strcpy(dict->fold_buf, name); name = lowercase(vstring_str(dict->fold_buf)); } diff --git a/postfix/src/util/dict_dbm.c b/postfix/src/util/dict_dbm.c index d91497e9c..e034aecf6 100644 --- a/postfix/src/util/dict_dbm.c +++ b/postfix/src/util/dict_dbm.c @@ -93,7 +93,9 @@ static const char *dict_dbm_lookup(DICT *dict, const char *name) /* * Optionally fold the key. */ - if (dict->fold_buf) { + if (dict->flags & DICT_FLAG_FOLD_FIX) { + if (dict->fold_buf == 0) + dict->fold_buf = vstring_alloc(10); vstring_strcpy(dict->fold_buf, name); name = lowercase(vstring_str(dict->fold_buf)); } @@ -161,7 +163,9 @@ static void dict_dbm_update(DICT *dict, const char *name, const char *value) /* * Optionally fold the key. */ - if (dict->fold_buf) { + if (dict->flags & DICT_FLAG_FOLD_FIX) { + if (dict->fold_buf == 0) + dict->fold_buf = vstring_alloc(10); vstring_strcpy(dict->fold_buf, name); name = lowercase(vstring_str(dict->fold_buf)); } @@ -239,7 +243,9 @@ static int dict_dbm_delete(DICT *dict, const char *name) /* * Optionally fold the key. */ - if (dict->fold_buf) { + if (dict->flags & DICT_FLAG_FOLD_FIX) { + if (dict->fold_buf == 0) + dict->fold_buf = vstring_alloc(10); vstring_strcpy(dict->fold_buf, name); name = lowercase(vstring_str(dict->fold_buf)); } diff --git a/postfix/src/util/dict_env.c b/postfix/src/util/dict_env.c index eb5b6a582..b1a2a01df 100644 --- a/postfix/src/util/dict_env.c +++ b/postfix/src/util/dict_env.c @@ -54,7 +54,9 @@ static void dict_env_update(DICT *dict, const char *name, const char *value) /* * Optionally fold the key. */ - if (dict->fold_buf) { + if (dict->flags & DICT_FLAG_FOLD_FIX) { + if (dict->fold_buf == 0) + dict->fold_buf = vstring_alloc(10); vstring_strcpy(dict->fold_buf, name); name = lowercase(vstring_str(dict->fold_buf)); } @@ -71,7 +73,9 @@ static const char *dict_env_lookup(DICT *dict, const char *name) /* * Optionally fold the key. */ - if (dict->fold_buf) { + if (dict->flags & DICT_FLAG_FOLD_FIX) { + if (dict->fold_buf == 0) + dict->fold_buf = vstring_alloc(10); vstring_strcpy(dict->fold_buf, name); name = lowercase(vstring_str(dict->fold_buf)); } diff --git a/postfix/src/util/dict_ni.c b/postfix/src/util/dict_ni.c index c0cbd12fb..e9bbd0f6e 100644 --- a/postfix/src/util/dict_ni.c +++ b/postfix/src/util/dict_ni.c @@ -153,7 +153,9 @@ static const char *dict_ni_lookup(DICT *dict, const char *key) /* * Optionally fold the key. */ - if (dict->fold_buf) { + if (dict->flags & DICT_FLAG_FOLD_FIX) { + if (dict->fold_buf == 0) + dict->fold_buf = vstring_alloc(10); vstring_strcpy(dict->fold_buf, key); key = lowercase(vstring_str(dict->fold_buf)); } diff --git a/postfix/src/util/dict_nis.c b/postfix/src/util/dict_nis.c index 9a59fc7f6..552f550b1 100644 --- a/postfix/src/util/dict_nis.c +++ b/postfix/src/util/dict_nis.c @@ -157,7 +157,9 @@ static const char *dict_nis_lookup(DICT *dict, const char *key) /* * Optionally fold the key. */ - if (dict->fold_buf) { + if (dict->flags & DICT_FLAG_FOLD_FIX) { + if (dict->fold_buf == 0) + dict->fold_buf = vstring_alloc(10); vstring_strcpy(dict->fold_buf, key); key = lowercase(vstring_str(dict->fold_buf)); } diff --git a/postfix/src/util/dict_nisplus.c b/postfix/src/util/dict_nisplus.c index 87163ac2c..52ca213f4 100644 --- a/postfix/src/util/dict_nisplus.c +++ b/postfix/src/util/dict_nisplus.c @@ -139,7 +139,9 @@ static const char *dict_nisplus_lookup(DICT *dict, const char *key) /* * Optionally fold the key. */ - if (dict->fold_buf) { + if (dict->flags & DICT_FLAG_FOLD_FIX) { + if (dict->fold_buf == 0) + dict->fold_buf = vstring_alloc(10); vstring_strcpy(dict->fold_buf, key); key = lowercase(vstring_str(dict->fold_buf)); } diff --git a/postfix/src/util/dict_pcre.c b/postfix/src/util/dict_pcre.c index dd9f0c547..1ccb67706 100644 --- a/postfix/src/util/dict_pcre.c +++ b/postfix/src/util/dict_pcre.c @@ -264,7 +264,9 @@ static const char *dict_pcre_lookup(DICT *dict, const char *lookup_string) /* * Optionally fold the key. */ - if (dict->fold_buf) { + if (dict->flags & DICT_FLAG_FOLD_MUL) { + if (dict->fold_buf == 0) + dict->fold_buf = vstring_alloc(10); vstring_strcpy(dict->fold_buf, lookup_string); lookup_string = lowercase(vstring_str(dict->fold_buf)); } diff --git a/postfix/src/util/dict_regexp.c b/postfix/src/util/dict_regexp.c index b0f1d9768..c1a27479a 100644 --- a/postfix/src/util/dict_regexp.c +++ b/postfix/src/util/dict_regexp.c @@ -224,7 +224,9 @@ static const char *dict_regexp_lookup(DICT *dict, const char *lookup_string) /* * Optionally fold the key. */ - if (dict->fold_buf) { + if (dict->flags & DICT_FLAG_FOLD_MUL) { + if (dict->fold_buf == 0) + dict->fold_buf = vstring_alloc(10); vstring_strcpy(dict->fold_buf, lookup_string); lookup_string = lowercase(vstring_str(dict->fold_buf)); } diff --git a/postfix/src/util/dict_sdbm.c b/postfix/src/util/dict_sdbm.c index 31481cdc4..85e6092f9 100644 --- a/postfix/src/util/dict_sdbm.c +++ b/postfix/src/util/dict_sdbm.c @@ -87,7 +87,9 @@ static const char *dict_sdbm_lookup(DICT *dict, const char *name) /* * Optionally fold the key. */ - if (dict->fold_buf) { + if (dict->flags & DICT_FLAG_FOLD_FIX) { + if (dict->fold_buf == 0) + dict->fold_buf = vstring_alloc(10); vstring_strcpy(dict->fold_buf, name); name = lowercase(vstring_str(dict->fold_buf)); } @@ -155,11 +157,12 @@ static void dict_sdbm_update(DICT *dict, const char *name, const char *value) /* * Optionally fold the key. */ - if (dict->fold_buf) { + if (dict->flags & DICT_FLAG_FOLD_FIX) { + if (dict->fold_buf == 0) + dict->fold_buf = vstring_alloc(10); vstring_strcpy(dict->fold_buf, name); name = lowercase(vstring_str(dict->fold_buf)); } - dbm_key.dptr = (void *) name; dbm_value.dptr = (void *) value; dbm_key.dsize = strlen(name); @@ -233,7 +236,9 @@ static int dict_sdbm_delete(DICT *dict, const char *name) /* * Optionally fold the key. */ - if (dict->fold_buf) { + if (dict->flags & DICT_FLAG_FOLD_FIX) { + if (dict->fold_buf == 0) + dict->fold_buf = vstring_alloc(10); vstring_strcpy(dict->fold_buf, name); name = lowercase(vstring_str(dict->fold_buf)); } diff --git a/postfix/src/util/dict_tcp.c b/postfix/src/util/dict_tcp.c index 1365e84f7..94f93e23d 100644 --- a/postfix/src/util/dict_tcp.c +++ b/postfix/src/util/dict_tcp.c @@ -167,7 +167,9 @@ static const char *dict_tcp_lookup(DICT *dict, const char *key) /* * Optionally fold the key. */ - if (dict->fold_buf) { + if (dict->flags & DICT_FLAG_FOLD_MUL) { + if (dict->fold_buf == 0) + dict->fold_buf = vstring_alloc(10); vstring_strcpy(dict->fold_buf, key); key = lowercase(vstring_str(dict->fold_buf)); } diff --git a/postfix/src/util/dict_unix.c b/postfix/src/util/dict_unix.c index ed50c1915..8ba6188f8 100644 --- a/postfix/src/util/dict_unix.c +++ b/postfix/src/util/dict_unix.c @@ -74,7 +74,9 @@ static const char *dict_unix_getpwnam(DICT *dict, const char *key) /* * Optionally fold the key. */ - if (dict->fold_buf) { + if (dict->flags & DICT_FLAG_FOLD_FIX) { + if (dict->fold_buf == 0) + dict->fold_buf = vstring_alloc(10); vstring_strcpy(dict->fold_buf, key); key = lowercase(vstring_str(dict->fold_buf)); } @@ -114,7 +116,9 @@ static const char *dict_unix_getgrnam(DICT *dict, const char *key) /* * Optionally fold the key. */ - if (dict->fold_buf) { + if (dict->flags & DICT_FLAG_FOLD_FIX) { + if (dict->fold_buf == 0) + dict->fold_buf = vstring_alloc(10); vstring_strcpy(dict->fold_buf, key); key = lowercase(vstring_str(dict->fold_buf)); } diff --git a/postfix/src/util/inet_listen.c b/postfix/src/util/inet_listen.c index 257cf644b..0a68c1253 100644 --- a/postfix/src/util/inet_listen.c +++ b/postfix/src/util/inet_listen.c @@ -88,7 +88,6 @@ int inet_listen(const char *addr, int backlog, int block_mode) MAI_HOSTADDR_STR hostaddr; MAI_SERVPORT_STR portnum; INET_PROTO_INFO *proto_info; - int found; /* * Translate address information to internal form. @@ -104,53 +103,54 @@ int inet_listen(const char *addr, int backlog, int block_mode) /* No early returns or res0 leaks. */ proto_info = inet_proto_info(); - for (found = 0, res = res0; res != 0; res = res->ai_next) { + for (res = res0; /* see below */ ; res = res->ai_next) { /* - * Safety net. + * No usable address found. */ - if (strchr((char *) proto_info->sa_family_list, res->ai_family) == 0) { - msg_info("skipping address family %d for %s", - res->ai_family, addr); - continue; - } - found++; + if (res == 0) + msg_fatal("%s: host found but no usable address", addr); /* - * Show what address we're trying. + * Safety net. */ - if (msg_verbose) { - SOCKADDR_TO_HOSTADDR(res->ai_addr, res->ai_addrlen, - &hostaddr, &portnum, 0); - msg_info("trying... [%s]:%s", hostaddr.buf, portnum.buf); - } + if (strchr((char *) proto_info->sa_family_list, res->ai_family) != 0) + break; - /* - * Create a listener socket. - */ - if ((sock = socket(res->ai_family, res->ai_socktype, 0)) < 0) - msg_fatal("socket: %m"); + msg_info("skipping address family %d for %s", res->ai_family, addr); + } + + /* + * Show what address we're trying. + */ + if (msg_verbose) { + SOCKADDR_TO_HOSTADDR(res->ai_addr, res->ai_addrlen, + &hostaddr, &portnum, 0); + msg_info("trying... [%s]:%s", hostaddr.buf, portnum.buf); + } + + /* + * Create a listener socket. + */ + if ((sock = socket(res->ai_family, res->ai_socktype, 0)) < 0) + msg_fatal("socket: %m"); #ifdef HAS_IPV6 # if defined(IPV6_V6ONLY) && !defined(BROKEN_AI_PASSIVE_NULL_HOST) - if (res->ai_family == AF_INET6 - && setsockopt(sock, IPPROTO_IPV6, IPV6_V6ONLY, - (char *) &on, sizeof(on)) < 0) - msg_fatal("setsockopt(IPV6_V6ONLY): %m"); + if (res->ai_family == AF_INET6 + && setsockopt(sock, IPPROTO_IPV6, IPV6_V6ONLY, + (char *) &on, sizeof(on)) < 0) + msg_fatal("setsockopt(IPV6_V6ONLY): %m"); # endif #endif - if (setsockopt(sock, SOL_SOCKET, SO_REUSEADDR, - (char *) &on, sizeof(on)) < 0) - msg_fatal("setsockopt(SO_REUSEADDR): %m"); - if (bind(sock, res->ai_addr, res->ai_addrlen) < 0) { - SOCKADDR_TO_HOSTADDR(res->ai_addr, res->ai_addrlen, - &hostaddr, &portnum, 0); - msg_fatal("bind %s port %s: %m", hostaddr.buf, portnum.buf); - } - break; + if (setsockopt(sock, SOL_SOCKET, SO_REUSEADDR, + (char *) &on, sizeof(on)) < 0) + msg_fatal("setsockopt(SO_REUSEADDR): %m"); + if (bind(sock, res->ai_addr, res->ai_addrlen) < 0) { + SOCKADDR_TO_HOSTADDR(res->ai_addr, res->ai_addrlen, + &hostaddr, &portnum, 0); + msg_fatal("bind %s port %s: %m", hostaddr.buf, portnum.buf); } freeaddrinfo(res0); - if (found == 0) - msg_fatal("%s: host not found", addr); non_blocking(sock, block_mode); if (listen(sock, backlog) < 0) msg_fatal("listen: %m");