On Mon, Dec 28, 2015 at 06:11:31PM +0100, Tim van der Molen wrote:
> Joerg Jung (2015-12-28 07:47 +0100):
> >
> > > Am 24.12.2015 um 04:46 schrieb Tim van der Molen <[email protected]>:
> > >
> > > Simon McFarlane (2015-12-24 00:49 +0100):
> > >> I'm running an installation of today's snapshot (23-Dec-2015), and can't
> > >> seem to get smtpd to launch when it is set to query a sqlite database.
> > >> This
> > >> is the complete output to /var/log/maillog from launch to crash:
> > >>
> > >> info: OpenSMTPD master starting
> > >> warn: lost child: lookup terminated; signal 6
> > >> info: control process exiting
> > >> info: scheduler handler exiting
> > >> info: queue handler exiting
> > >> warn: ca -> control: pipe closed
> > >> warn: pony -> lka: pipe closed
> > >> warn: parent terminating
> > >>
> > >> and in dmesg, I see this:
> > >>
> > >> smtpd(29857): syscall 2 "proc"
> > >
> > > This diff adds the missing pledges. But there's another problem: smtpd
> > > looks in /usr/libexec/smtpd instead of /usr/local/libexec/smtpd:
> >
> > CVS head/GIT master tries both paths.
>
> This is CVS head.
>
> table_create() tries both paths, but fork_proc_backend() only tries
> /usr/libexec/smtpd.
Yes, I think you are right. This should be fixed in -current, as I
committed a diff which moves everything to /usr/local/libexec/smtpd.
I also committed the pledge change from your diff below.
Thanks for reporting!
> > > Dec 24 04:31:04 sigma smtpd[11617]: execl:
> > > /usr/libexec/smtpd/table-sqlite: No such file or directory
> > >
> > > Index: lka.c
> > > ===================================================================
> > > RCS file: /cvs/src/usr.sbin/smtpd/lka.c,v
> > > retrieving revision 1.189
> > > diff -p -u -r1.189 lka.c
> > > --- lka.c 14 Dec 2015 10:22:12 -0000 1.189
> > > +++ lka.c 24 Dec 2015 03:28:11 -0000
> > > @@ -449,7 +449,7 @@ lka(void)
> > > /* Ignore them until we get our config */
> > > mproc_disable(p_pony);
> > >
> > > - if (pledge("stdio rpath inet dns getpw recvfd", NULL) == -1)
> > > + if (pledge("stdio rpath inet dns getpw recvfd proc exec", NULL) ==
> > > -1)
> > > err(1, "pledge");
> > >
> > > if (event_dispatch() < 0)
> > > Index: smtpd.c
> > > ===================================================================
> > > RCS file: /cvs/src/usr.sbin/smtpd/smtpd.c,v
> > > retrieving revision 1.268
> > > diff -p -u -r1.268 smtpd.c
> > > --- smtpd.c 20 Dec 2015 14:06:24 -0000 1.268
> > > +++ smtpd.c 24 Dec 2015 03:28:11 -0000
> > > @@ -841,7 +841,8 @@ fork_proc_backend(const char *key, const
> > > procname = name;
> > >
> > > execl(path, procname, arg, NULL);
> > > - err(1, "execl: %s", path);
> > > + log_warn("execl: %s", path);
> > > + exit(1);
> > > }
> > >
> > > /* parent process */
> > >
> > >> It looks like smtpd pledges proc during initialization (smtpd.c:704).
> > >> Running a ktrace/kdump on smtpd -d shows only one call to pledge(), with
> > >> proc and exec included. Also,
> > >>
> > >> # smtpd -d &
> > >> [1] 4597
> > >> # info: OpenSMTPD master starting
> > >> warn: lost child: lookup terminated; signal 6
> > >> info: queue handler exiting
> > >> info: control process exiting
> > >> info: scheduler handler exiting
> > >> warn: pony -> lka: pipe closed
> > >> warn: parent terminating
> > >>
> > >> [1] + Done (1) smtpd -d
> > >> # dmesg | tail -n 1
> > >> smtpd(31636): syscall 2 "proc"
> > >>
> > >> The master process (pid 4597 in this instance) is not the process which
> > >> tries to step outside its pledge boundary (pid 31636 is the offender
> > >> here).
> > >>
> > >> Maybe a worker process needs to have proc added to its pledge in some
> > >> cases?
> > >>
> > >> For reference, my config files look like this:
> > >>
> > >> #### smtpd.conf
> > >>
> > >> # Tables
> > >> table aliases file:/etc/mail/aliases
> > >> table passwd sqlite:/etc/mail/sqlite.conf
> > >> table users sqlite:/etc/mail/sqlite.conf
> > >> table domains sqlite:/etc/mail/sqlite.conf
> > >>
> > >> # Ports
> > >> listen on lo0
> > >> listen on lo0 port 10028 tag DKIM
> > >> listen on egress port smtp tls
> > >> listen on egress smtps auth <passwd>
> > >>
> > >> # Incoming
> > >> accept from local for local alias <aliases> \
> > >> deliver to lmtp "/var/dovecot/lmtp" rcpt-to
> > >>
> > >> accept from any for domain <domains> virtual <users> \
> > >> deliver to lmtp "/var/dovecot/lmtp" rcpt-to
> > >>
> > >> # Outgoing
> > >> accept tagged DKIM for any relay
> > >> accept for any relay via smtp://127.0.0.1:10027
> > >>
> > >> #### sqlite.conf
> > >>
> > >> dbpath /etc/mail/users.db
> > >>
> > >> query_credentials SELECT username||'@'||domain, password FROM users
> > >> WHERE (username||'@'||domain)=?;
> > >>
> > >> query_domain SELECT domain FROM users WHERE domain=? LIMIT 1;
> > >>
> > >> query_alias SELECT 'vmail' FROM users WHERE ? LIKE
> > >> (username||'@'||domain);
> > >>
> > >> ####
> > >>
> > >> Thanks,
> > >> Simon
> > >>
> > >> --
> > >> You received this mail because you are subscribed to [email protected]
> > >> To unsubscribe, send a mail to: [email protected]
> > >
> > > --
> > > You received this mail because you are subscribed to [email protected]
> > > To unsubscribe, send a mail to: [email protected]
> > >
--
You received this mail because you are subscribed to [email protected]
To unsubscribe, send a mail to: [email protected]
