Re: add table_procexec in smtpd

2021-06-12 Thread Gilles CHEHADE
Re-sending, I forgot to cc: aisha & tech: > On 12 Jun 2021, at 22:47, Gilles CHEHADE wrote: > >> >> On 12 Jun 2021, at 15:15, Eric Faurot wrote: >> >> On Wed, Jun 09, 2021 at 05:41:36PM -0400, Aisha Tammy wrote: >>> Hi, >>> Here is

Re: add table_procexec in smtpd

2021-06-12 Thread Gilles CHEHADE
> On 12 Jun 2021, at 18:57, Aisha Tammy wrote: > > On 6/12/21 9:15 AM, Eric Faurot wrote: >> On Wed, Jun 09, 2021 at 05:41:36PM -0400, Aisha Tammy wrote: >>> Hi, >>> Here is the updated diff, which removes table_proc and adds >>> table_procexec as the default backend when no backend name

Re: add table_procexec in smtpd

2021-06-09 Thread Gilles CHEHADE
> On 9 Jun 2021, at 17:13, Aisha Tammy wrote: > > > > On 6/9/21 10:34 AM, Gilles CHEHADE wrote: >> >>> On 9 Jun 2021, at 15:47, Aisha Tammy wrote: >>> >>> On 6/9/21 5:19 AM, Gilles CHEHADE wrote: >>>> Hi, >>>>

Re: add table_procexec in smtpd

2021-06-09 Thread Gilles CHEHADE
> On 9 Jun 2021, at 15:47, Aisha Tammy wrote: > > On 6/9/21 5:19 AM, Gilles CHEHADE wrote: >> Hi, >> >> I wrote table_procexec (despite the copyright which I copy-pasted and forgot >> to replace author) so just providing a bit of insight: > Ah, I did

Re: add table_procexec in smtpd

2021-06-09 Thread Gilles CHEHADE
Hi, I wrote table_procexec (despite the copyright which I copy-pasted and forgot to replace author) so just providing a bit of insight: table_procexec was written as a proof of concept for a new table protocol inspired by the filter protocol to make it easier to write privsep table backends

Re: smtpd: use libtls

2021-02-05 Thread Gilles CHEHADE
Been running it for a few days, no regressions so far > On 5 Feb 2021, at 09:35, Eric Faurot wrote: > > No much report so far. > Anybody had a chance to test this? > Here is the same diff again with manpage update this time. > > Eric. > > Index: ca.c >

[diff] src/usr.sbin/smtpd: plug a memory leak in regex lookups

2020-12-23 Thread Gilles CHEHADE
Hello, The following diff plugs a memory leak in regex lookups. Cheers, diff --git a/usr.sbin/smtpd/table.c b/usr.sbin/smtpd/table.c index 4691..d1578403 100644 --- a/usr.sbin/smtpd/table.c +++ b/usr.sbin/smtpd/table.c @@ -470,6 +470,7 @@ table_regex_match(const char *string, const char

Re: [diff] src/usr.sbin/smtpd: add a forward-file option

2020-12-20 Thread Gilles CHEHADE
> On 20 Dec 2020, at 18:15, Chris Bennett > wrote: > > On Sun, Dec 20, 2020 at 09:51:35AM +0100, Gilles CHEHADE wrote: >> >> >>> On 20 Dec 2020, at 07:13, Sebastien Marie wrote: >>> >>> On Sat, Dec 19, 2020 at 10:36:32PM +, gil.

Re: [diff] usr.sbin/smtpd: fix event handling upon exit

2020-12-20 Thread Gilles CHEHADE
Ping ? > On 14 Dec 2020, at 11:34, Gilles Chehade wrote: > > Hello, > > Upon termination, the parent process will call parent_shutdown() which will > in turn call mproc_clear() to properly terminate IPC with child processes. > > In mproc_clear(), event_del() is calle

Re: [diff] src/usr.sbin/smtpd: add a forward-file option

2020-12-20 Thread Gilles CHEHADE
> On 20 Dec 2020, at 10:14, Sebastien Marie wrote: > > On Sat, Dec 19, 2020 at 11:19:10PM -0700, Theo de Raadt wrote: >> There are thousands of people with smtpd configurations, and sysmerge >> is not going to handle this. >> >> We cannot expect them all to change their files. This is

Re: [diff] src/usr.sbin/smtpd: add a forward-file option

2020-12-20 Thread Gilles CHEHADE
> On 20 Dec 2020, at 10:03, Gilles CHEHADE wrote: > > >> On 20 Dec 2020, at 07:19, Theo de Raadt wrote: >> >> There are thousands of people with smtpd configurations, and sysmerge >> is not going to handle this. >> >> We cannot expect the

Re: [diff] src/usr.sbin/smtpd: add a forward-file option

2020-12-20 Thread Gilles CHEHADE
> On 20 Dec 2020, at 03:21, Theo de Raadt wrote: > > Todd C. Miller wrote: > >> I like this direction but I worry about breaking existing configs. >> How are we going to alert existing users that they need to update >> their configs if the behavior silently changes? > > I think the

Re: [diff] src/usr.sbin/smtpd: add a forward-file option

2020-12-20 Thread Gilles CHEHADE
> On 20 Dec 2020, at 07:19, Theo de Raadt wrote: > > There are thousands of people with smtpd configurations, and sysmerge > is not going to handle this. > > We cannot expect them all to change their files. This is madness. > > Gilles, I think you should be adding an option that blocks it

Re: [diff] src/usr.sbin/smtpd: add a forward-file option

2020-12-20 Thread Gilles CHEHADE
> On 20 Dec 2020, at 07:13, Sebastien Marie wrote: > > On Sat, Dec 19, 2020 at 10:36:32PM +, gil...@poolp.org wrote: >> Hello, >> >> Whenever a rule with a local action (mbox, maildir, lmtp or mda) is matched, >> smtpd will >> attempt to search for a ~/.forward file in the recipient

Re: [diff] src/usr.sbin/smtpd: add a forward-file option

2020-12-20 Thread Gilles CHEHADE
> On 20 Dec 2020, at 02:09, Todd C. Miller wrote: > > I like this direction but I worry about breaking existing configs. > How are we going to alert existing users that they need to update > their configs if the behavior silently changes? > > - todd I agree and this diff was more to suggest

[diff] usr.sbin/smtpd: fix event handling upon exit

2020-12-14 Thread GILLES CHEHADE
Hello, Upon termination, the parent process will call parent_shutdown() which will in turn call mproc_clear() to properly terminate IPC with child processes. In mproc_clear(), event_del() is called but a check is lacking to ensure event_add() was called prior to this. On OpenBSD, this doesn’t

smtpd stricter forkmda()

2020-05-04 Thread Gilles Chehade
er called from forkmda()"); log_debug("debug: smtpd: forking mda for session %016"PRIx64 ": %s as %s", id, deliver->userinfo.username, -- Gilles Chehade @poolpOrg https://www.poolp.orgpatreon: https://www.patreon.com/gilles

smtpd: remove implicit listen on socket

2019-11-25 Thread Gilles Chehade
@ table aliases file:/etc/mail/aliases +listen on socket + # To accept external mail, replace with: listen on all # listen on lo0 -- Gilles Chehade @poolpOrg https://www.poolp.orgpatreon: https://www.patreon.com/gilles

Re: smtpd remove implicit ruleset behavior

2019-11-24 Thread Gilles Chehade
On Mon, Nov 25, 2019 at 08:30:21AM +0100, Gilles Chehade wrote: > On Mon, Nov 25, 2019 at 01:09:20AM +0100, Joerg Jung wrote: > > On Sun, Nov 24, 2019 at 10:54:14AM +0100, Gilles Chehade wrote: > > > > > > Ten years ago, it seemed a very neat idea that OpenSMTPD wou

Re: smtpd remove implicit ruleset behavior

2019-11-24 Thread Gilles Chehade
On Mon, Nov 25, 2019 at 01:09:20AM +0100, Joerg Jung wrote: > On Sun, Nov 24, 2019 at 10:54:14AM +0100, Gilles Chehade wrote: > > > > Ten years ago, it seemed a very neat idea that OpenSMTPD would have some > > implicit defaults to avoid people creating open relays.

smtpd remove implicit ruleset behavior

2019-11-24 Thread Gilles Chehade
e explicit notation to default config, then put a startup warning in the next release so configurations are not broken but people spot that this is no longer encouraged and we can then later kill it. -- Gilles Chehade @poolpOrg https://www.poolp

Re: smtpd handling of \r in DATA part

2019-10-04 Thread Gilles Chehade
> diff -u -p -r1.389 smtp_session.c > --- smtp_session.c20 Feb 2019 11:56:27 - 1.389 > +++ smtp_session.c24 Apr 2019 09:33:35 - > @@ -1078,7 +1078,7 @@ smtp_io(struct io *io, int evt, void *ar > > case IO_DATAIN: > nextline: > - line = io_getline(s->io, ); > + line = io_getline_rn(s->io, ); > if ((line == NULL && io_datalen(s->io) >= SMTP_LINE_MAX) || > (line && len >= SMTP_LINE_MAX)) { > s->flags |= SF_BADINPUT; > @@ -2727,7 +2727,7 @@ filter_session_io(struct io *io, int evt > switch (evt) { > case IO_DATAIN: > nextline: > - line = io_getline(tx->filter, ); > + line = io_getline_rn(tx->filter, ); > /* No complete line received */ > if (line == NULL) > return; -- Gilles Chehade @poolpOrg https://www.poolp.orgpatreon: https://www.patreon.com/gilles

Re: smtpd handling of \r in DATA part

2019-10-04 Thread Gilles Chehade
io_set_write(io); - return; - } - /* Message body */ eom = 0; if (s->state == STATE_BODY) { @@ -2792,7 +2783,7 @@ filter_session_io(struct io *io, int evt, void *arg) switch (evt) { case IO_DATAIN: nextline: -

Re: smtpd handling of \r in DATA part

2019-10-04 Thread Gilles Chehade
xing iobuf is not a two liner and it affects virtually all of the daemon and at this point we're looking for stability in the code, so unless eric@ or you can come up with a diff that's trivial and that will not affect any code paths beyond smtp client and filter getlines(), I'll prefer a degraded

smtpd handling of \r in DATA part

2019-09-19 Thread Gilles Chehade
- do we leave '\r' in the body ? b- do we turn '\r' into '\n' c- do we keep strict behavior ? d- do we keep strict behavior + provide a knob for '\r' to work ? -- Gilles Chehade @poolpOrg https://www.poolp.orgpatreon: https://www.patreon.com/gilles

Re: PATCH: smtpd: don't strcmp() NULL in mta_relay_cmp()

2019-09-14 Thread Gilles Chehade
o I added a > similar check there. > > I'd like you to double-check whether the fix is indeed correct. > Yes, your understanding of the problem is correct and your diff also, so I committed it a minute ago, thanks ! I'm curious about what configuration allowed you to hit this though,

Re: smtpd filters: banner hostname

2019-08-28 Thread Gilles Chehade
/cvs/src/usr.sbin/smtpd/smtpd.h,v > retrieving revision 1.632 > diff -u -p -r1.632 smtpd.h > --- smtpd.h 23 Aug 2019 07:09:52 - 1.632 > +++ smtpd.h 28 Aug 2019 08:32:33 - > @@ -310,6 +310,7 @@ enum imsg_type { > > IMSG_REPORT_SMTP_LINK_CONNECT, > IMSG_REPORT_SMTP_LINK_DISCONNECT, > + IMSG_REPORT_SMTP_LINK_GREETING, > IMSG_REPORT_SMTP_LINK_IDENTIFY, > IMSG_REPORT_SMTP_LINK_TLS, > IMSG_REPORT_SMTP_LINK_AUTH, > @@ -1332,6 +1333,8 @@ void lka_report_register_hook(const char > void lka_report_smtp_link_connect(const char *, struct timeval *, uint64_t, > const char *, int, > const struct sockaddr_storage *, const struct sockaddr_storage *); > void lka_report_smtp_link_disconnect(const char *, struct timeval *, > uint64_t); > +void lka_report_smtp_link_greeting(const char *, uint64_t, struct timeval *, > const char *, > +const char *); > void lka_report_smtp_link_identify(const char *, struct timeval *, uint64_t, > const char *, const char *); > void lka_report_smtp_link_tls(const char *, struct timeval *, uint64_t, > const char *); > void lka_report_smtp_link_auth(const char *, struct timeval *, uint64_t, > const char *, const char *); > @@ -1501,6 +1504,8 @@ int queue_message_walk(struct envelope * > void report_smtp_link_connect(const char *, uint64_t, const char *, int, > const struct sockaddr_storage *, const struct sockaddr_storage *); > void report_smtp_link_disconnect(const char *, uint64_t); > +void report_smtp_link_greeting(const char *, uint64_t, const char *, > +const char *); > void report_smtp_link_identify(const char *, uint64_t, const char *, const > char *); > void report_smtp_link_tls(const char *, uint64_t, const char *); > void report_smtp_link_auth(const char *, uint64_t, const char *, const char > *); > -- Gilles Chehade @poolpOrg https://www.poolp.orgpatreon: https://www.patreon.com/gilles

Re: Make filter line handling more developer friendly

2019-08-28 Thread Gilles Chehade
processor->ready) > + fatalx("Non-register message before register|" > + "ready: %s", line); > + else if (strncmp(line, "filter-result|", 14) == 0 || > +

Re: smtpd filters: prettify proc-exec

2019-08-23 Thread Gilles Chehade
On Fri, Aug 23, 2019 at 07:33:29PM +0200, Martijn van Duren wrote: > On 8/23/19 7:06 PM, Gilles Chehade wrote: > > On Fri, Aug 23, 2019 at 09:03:51AM +0200, Martijn van Duren wrote: > >> Hello, > >> > > > > Hello, > > > > > >> When r

Re: smtpd filters: prettify proc-exec

2019-08-23 Thread Gilles Chehade
ct_set(conf->sc_filters_dict, $2, filter_config); > +} proc_params { > + dict_set(conf->sc_processors_dict, filter_config->proc, processor); > + processor = NULL; > + filter_config = NULL; > +} > +| > FILTER STRING PHASE { > if (dict_get(conf->sc_filters_dict, $2)) { > yyerror("filter already exists with that name: %s", $2); > -- Gilles Chehade @poolpOrg https://www.poolp.orgpatreon: https://www.patreon.com/gilles

fix inet6 displaying in smtpd

2019-08-11 Thread Gilles Chehade
uct sockaddr_in6 *)sa; - (void)strlcpy(buf, "IPv6:", sizeof(buf)); - p = buf + 5; + p = buf; in6_addr = >sin6_addr; - (void)bsnprintf(p, NI_MAXHOST, "%s", in6addr_t

Re: smtpd: default to standard ports in relay-host

2019-07-24 Thread Gilles Chehade
On Tue, Jul 23, 2019 at 12:15:26PM +0200, Klemens Nanni wrote: > On Tue, Jul 23, 2019 at 11:00:04AM +0200, Gilles Chehade wrote: > > there is no schema today that should default to 587, unless > > submission:// is introduced as an alias to smtp+tls AND port 587. > Alright; thi

Re: Diff to stop using reserved words for smtpd.conf(5) examples

2019-07-24 Thread Gilles Chehade
On Tue, Jul 23, 2019 at 08:51:38PM +0200, Ingo Schwarze wrote: > Hi Gilles, > > Gilles Chehade wrote on Tue, Jul 23, 2019 at 08:27:06AM +0200: > > On Mon, Jul 22, 2019 at 05:05:01PM -0400, Kurt Mosiejczuk wrote: > > >> This is a diff for that changes the example

Re: smtpd: Allow labels containing "@"

2019-07-24 Thread Gilles Chehade
On Wed, Jul 24, 2019 at 12:18:05AM +0200, Klemens Nanni wrote: > On Tue, Jul 23, 2019 at 09:06:33AM +0200, Gilles Chehade wrote: > > On Tue, Jul 23, 2019 at 08:51:54AM +0200, Sebastien Marie wrote: > > > it seems to me this url is wrong. the '@' in username should be

Re: smtpd: Allow labels containing "@"

2019-07-24 Thread Gilles Chehade
On Tue, Jul 23, 2019 at 10:20:10PM +0200, Sebastian Benoit wrote: > Gilles Chehade(gil...@poolp.org) on 2019.07.23 09:06:33 +0200: > > On Tue, Jul 23, 2019 at 08:51:54AM +0200, Sebastien Marie wrote: > > > On Mon, Jul 22, 2019 at 11:26:28PM +0200, Klemens Nanni wrote: >

Re: smtpd: default to standard ports in relay-host

2019-07-23 Thread Gilles Chehade
On Tue, Jul 23, 2019 at 10:54:57AM +0200, Klemens Nanni wrote: > On Tue, Jul 23, 2019 at 08:18:18AM +0200, Gilles Chehade wrote: > > it should definitely default to 25 in my opinion, disregarding if people > > use "relay host" for submission or not. > Fine with me; I

Re: smtpd: Allow labels containing "@"

2019-07-23 Thread Gilles Chehade
text_to_relayhost(struct relayhost *rela > > relay->port = 0; > > > > /* first, we extract the label if any */ > > - if ((q = strchr(p, '@')) != NULL) { > > + if ((q = strrchr(p, '@')) != NULL) { > > *q = 0; > > if (strlcpy(relay->authlabel, p, sizeof (relay->authlabel)) > > >= sizeof (relay->authlabel)) > > > > -- > Sebastien Marie > -- Gilles Chehade @poolpOrg https://www.poolp.orgpatreon: https://www.patreon.com/gilles

Re: Diff to stop using reserved words for smtpd.conf(5) examples

2019-07-23 Thread Gilles Chehade
-952,14 +952,14 @@ table other-relays file:/etc/mail/other- > listen on lo0 > listen on egress > > -action "mbox" mbox alias > -action "relay" relay > +action local-mbox mbox alias > +action inet-mail relay > > -match for local action "mbox" > -match for any action "relay" > +match for local action local-mbox > +match for any action inet-mail > match !from src mail\-from "@example.com" for any \e >reject > -match from any for domain example.com action "mbox" > +match from any for domain example.com action local-mbox > .Ed > .Sh SEE ALSO > .Xr mailer.conf 5 , > -- Gilles Chehade @poolpOrg https://www.poolp.orgpatreon: https://www.patreon.com/gilles

Re: smtpd: default to standard ports in relay-host

2019-07-23 Thread Gilles Chehade
0, > 587 }, > + { "smtp+notls://", RELAY_TLS_NO,0, > 25 }, > + { "lmtp://",RELAY_TLS_NO, RELAY_LMTP, > 0 }, > + { "smtps://", RELAY_TLS_

Re: smtpd: Use IPPORT_HILASTAUTO not 0xffff

2019-07-23 Thread Gilles Chehade
gt; p = beg + len; > if (*p == ':') { > - relay->port = strtonum(p+1, 1, 0x, ); > + relay->port = strtonum(p+1, 1, IPPORT_HILASTAUTO, ); > if (errstr) > return 0; > } > -- Gilles Chehade

Re: smtpd: Allow labels containing "@"

2019-07-22 Thread Gilles Chehade
7 +352,7 @@ text_to_relayhost(struct relayhost *rela > relay->port = 0; > > /* first, we extract the label if any */ > - if ((q = strchr(p, '@')) != NULL) { > + if ((q = strrchr(p, '@')) != NULL) { >

Re: smtpd replace mkstemp+fdopen with tmpfile

2019-07-02 Thread Gilles Chehade
if ((fd = mkstemp(sfn)) == -1 || > - (ofp = fdopen(fd, "w+")) == NULL) { > - int saved_errno = errno; > - if (fd != -1) { > - unlink(sfn); &g

Re: smtpd fix proc filter chaining with proceed

2019-07-01 Thread Gilles Chehade
phase, param); > if (nparam) > free(nparam); > } > > static void > -filter_protocol_next(uint64_t token, uint64_t reqid, enum filter_phase > phase, const char *param) > +filter_protocol_next(uint64_t token, uint64_t req

Re: tls_load_file.3

2019-06-17 Thread Gilles Chehade
will be read. I don't see what was wrong here :-/ > .Pp > .Fn tls_config_set_cert_mem > sets the public certificate directly from memory. > .Pp > .Fn tls_config_set_crl_file > -sets the filename used to load a file containing the > +sets the file used to load a file contain

Re: [patch] use acme-client to sign certificated with ecdsa keys

2019-06-14 Thread Gilles Chehade
HALLENGEDIR KEYTYPE > +%token DOMAIN ALTERNATIVE NAMES CERT FULL CHAIN KEY SIGN WITH > CHALLENGEDIR > %token YES NO > %token INCLUDE > %token ERROR > @@ -108,6 +108,7 @@ typedef struct { > %token STRING > %token

Re: [patch] use acme-client to sign certificated with ecdsa keys

2019-06-14 Thread Gilles Chehade
ACCOUNT > -%token DOMAIN ALTERNATIVE NAMES CERT FULL CHAIN KEY SIGN WITH > CHALLENGEDIR KEYTYPE > +%token DOMAIN ALTERNATIVE NAMES CERT FULL CHAIN KEY SIGN WITH > CHALLENGEDIR > %token YES NO > %token INCLUDE > %token ERROR > @@ -260,13 +260,15 @@ do

Re: [patch] use acme-client to sign certificated with ecdsa keys

2019-06-12 Thread Gilles Chehade
ION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. > > - */ > > - > > -#include > > -#include > > -#include > > - > > -#include > > -#include > > -#include > > - > > -#include "rsa.h" > > - > > -/* > > - * Default number of bits when creating a new key. > > - */ > > -#defineKBITS 4096 > > - > > -/* > > - * Create an RSA key with the default KBITS number of bits. > > - */ > > -EVP_PKEY * > > -rsa_key_create(FILE *f, const char *fname) > > -{ > > - EVP_PKEY_CTX*ctx = NULL; > > - EVP_PKEY*pkey = NULL; > > - > > - /* First, create the context and the key. */ > > - > > - if ((ctx = EVP_PKEY_CTX_new_id(EVP_PKEY_RSA, NULL)) == NULL) { > > - warnx("EVP_PKEY_CTX_new_id"); > > - goto err; > > - } else if (EVP_PKEY_keygen_init(ctx) <= 0) { > > - warnx("EVP_PKEY_keygen_init"); > > - goto err; > > - } else if (EVP_PKEY_CTX_set_rsa_keygen_bits(ctx, KBITS) <= 0) { > > - warnx("EVP_PKEY_set_rsa_keygen_bits"); > > - goto err; > > - } else if (EVP_PKEY_keygen(ctx, ) <= 0) { > > - warnx("EVP_PKEY_keygen"); > > - goto err; > > - } > > - > > - /* Serialise the key to the disc. */ > > - > > - if (PEM_write_PrivateKey(f, pkey, NULL, NULL, 0, NULL, NULL)) > > - goto out; > > - > > - warnx("%s: PEM_write_PrivateKey", fname); > > -err: > > - EVP_PKEY_free(pkey); > > - pkey = NULL; > > -out: > > - EVP_PKEY_CTX_free(ctx); > > - return pkey; > > -} > > - > > - > > -EVP_PKEY * > > -rsa_key_load(FILE *f, const char *fname) > > -{ > > - EVP_PKEY*pkey; > > - > > - pkey = PEM_read_PrivateKey(f, NULL, NULL, NULL); > > - if (pkey == NULL) { > > - warnx("%s: PEM_read_PrivateKey", fname); > > - return NULL; > > - } else if (EVP_PKEY_type(pkey->type) == EVP_PKEY_RSA) > > - return pkey; > > - > > - warnx("%s: unsupported key type", fname); > > - EVP_PKEY_free(pkey); > > - return NULL; > > -} > > Index: rsa.h > > === > > RCS file: rsa.h > > diff -N rsa.h > > --- rsa.h 31 Aug 2016 22:01:42 - 1.1 > > +++ /dev/null 1 Jan 1970 00:00:00 - > > @@ -1,23 +0,0 @@ > > -/* $Id: rsa.h,v 1.1 2016/08/31 22:01:42 florian Exp $ */ > > -/* > > - * Copyright (c) 2016 Kristaps Dzonsons > > - * > > - * Permission to use, copy, modify, and distribute this software for any > > - * purpose with or without fee is hereby granted, provided that the above > > - * copyright notice and this permission notice appear in all copies. > > - * > > - * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHORS DISCLAIM ALL WARRANTIES > > - * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF > > - * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR > > - * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES > > - * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN > > - * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF > > - * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. > > - */ > > -#ifndef RSA_H > > -#define RSA_H > > - > > -EVP_PKEY *rsa_key_create(FILE *, const char *); > > -EVP_PKEY *rsa_key_load(FILE *, const char *); > > - > > -#endif /* ! RSA_H */ > > > > > -- > I'm not entirely sure you are real. > -- Gilles Chehade @poolpOrg https://www.poolp.org tip me: https://paypal.me/poolpOrg

Re: [patch] use acme-client to sign certificated with ecdsa keys

2019-06-11 Thread Gilles Chehade
/* Serialise the key to the disc. */ > - > - if (PEM_write_PrivateKey(f, pkey, NULL, NULL, 0, NULL, NULL)) > - goto out; > - > - warnx("%s: PEM_write_PrivateKey", fname); > -err: > - EVP_PKEY_free(pkey); > - pkey = NULL; > -out: > - EVP_PKEY_CTX_free(ctx); > - return pkey; > -} > - > - > -EVP_PKEY * > -rsa_key_load(FILE *f, const char *fname) > -{ > - EVP_PKEY*pkey; > - > - pkey = PEM_read_PrivateKey(f, NULL, NULL, NULL); > - if (pkey == NULL) { > - warnx("%s: PEM_read_PrivateKey", fname); > - return NULL; > - } else if (EVP_PKEY_type(pkey->type) == EVP_PKEY_RSA) > - return pkey; > - > - warnx("%s: unsupported key type", fname); > - EVP_PKEY_free(pkey); > - return NULL; > -} > Index: rsa.h > === > RCS file: rsa.h > diff -N rsa.h > --- rsa.h 31 Aug 2016 22:01:42 - 1.1 > +++ /dev/null 1 Jan 1970 00:00:00 - > @@ -1,23 +0,0 @@ > -/* $Id: rsa.h,v 1.1 2016/08/31 22:01:42 florian Exp $ */ > -/* > - * Copyright (c) 2016 Kristaps Dzonsons > - * > - * Permission to use, copy, modify, and distribute this software for any > - * purpose with or without fee is hereby granted, provided that the above > - * copyright notice and this permission notice appear in all copies. > - * > - * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHORS DISCLAIM ALL WARRANTIES > - * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF > - * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR > - * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES > - * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN > - * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF > - * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. > - */ > -#ifndef RSA_H > -#define RSA_H > - > -EVP_PKEY *rsa_key_create(FILE *, const char *); > -EVP_PKEY *rsa_key_load(FILE *, const char *); > - > -#endif /* ! RSA_H */ -- Gilles Chehade @poolpOrg https://www.poolp.org tip me: https://paypal.me/poolpOrg

Re: [patch] use acme-client to sign certificated with ecdsa keys

2019-06-05 Thread Gilles Chehade
On Wed, Jun 05, 2019 at 08:39:51AM +0200, Renaud Allard wrote: > > > On 6/5/19 8:20 AM, Gilles Chehade wrote: > > On Tue, Jun 04, 2019 at 03:54:11PM +0200, Renaud Allard wrote: > > > > > > > > > On 6/3/19 11:53 AM, Renaud Allard wrote: > > > &

Re: [patch] use acme-client to sign certificated with ecdsa keys

2019-06-05 Thread Gilles Chehade
ITS 4096 > - > -/* > - * Create an RSA key with the default KBITS number of bits. > - */ > -EVP_PKEY * > -rsa_key_create(FILE *f, const char *fname) > -{ > - EVP_PKEY_CTX*ctx = NULL; > - EVP_PKEY*pkey = NULL; > - > - /* First, create the context and the key. */ > - > - if ((ctx = EVP_PKEY_CTX_new_id(EVP_PKEY_RSA, NULL)) == NULL) { > - warnx("EVP_PKEY_CTX_new_id"); > - goto err; > - } else if (EVP_PKEY_keygen_init(ctx) <= 0) { > - warnx("EVP_PKEY_keygen_init"); > - goto err; > - } else if (EVP_PKEY_CTX_set_rsa_keygen_bits(ctx, KBITS) <= 0) { > - warnx("EVP_PKEY_set_rsa_keygen_bits"); > - goto err; > - } else if (EVP_PKEY_keygen(ctx, ) <= 0) { > - warnx("EVP_PKEY_keygen"); > - goto err; > - } > - > - /* Serialise the key to the disc. */ > - > - if (PEM_write_PrivateKey(f, pkey, NULL, NULL, 0, NULL, NULL)) > - goto out; > - > - warnx("%s: PEM_write_PrivateKey", fname); > -err: > - EVP_PKEY_free(pkey); > - pkey = NULL; > -out: > - EVP_PKEY_CTX_free(ctx); > - return pkey; > -} > - > - > -EVP_PKEY * > -rsa_key_load(FILE *f, const char *fname) > -{ > - EVP_PKEY*pkey; > - > - pkey = PEM_read_PrivateKey(f, NULL, NULL, NULL); > - if (pkey == NULL) { > - warnx("%s: PEM_read_PrivateKey", fname); > - return NULL; > - } else if (EVP_PKEY_type(pkey->type) == EVP_PKEY_RSA) > - return pkey; > - > - warnx("%s: unsupported key type", fname); > - EVP_PKEY_free(pkey); > - return NULL; > -} > Index: rsa.h > === > RCS file: /cvs/src/usr.sbin/acme-client/rsa.h,v > retrieving revision 1.1 > diff -u -p -r1.1 rsa.h > --- rsa.h 31 Aug 2016 22:01:42 - 1.1 > +++ rsa.h 4 Jun 2019 13:50:28 - > @@ -18,6 +18,6 @@ > #define RSA_H > > EVP_PKEY *rsa_key_create(FILE *, const char *); > -EVP_PKEY *rsa_key_load(FILE *, const char *); > +EVP_PKEY *key_load(FILE *, const char *); > > #endif /* ! RSA_H */ -- Gilles Chehade @poolpOrg https://www.poolp.org tip me: https://paypal.me/poolpOrg

Re: mention opensmtpd mail archive on a web page

2019-05-16 Thread Gilles Chehade
; + (https://www.mail-archive.com/misc@opensmtpd.org/;>Archive). > The >list is not moderated, however registration is required. > >To register, simply send a mail to > > Sergey > -- Gilles Chehade @poolpOrg

Re: smtpd - Filter-dataline response is the parameter

2019-04-08 Thread Gilles Chehade
return 1; > + } > + > + if ((ep = strchr(response, '|'))) { > + parameter = ep + 1; > + *ep = 0; > } > > if (strcmp(response, "proceed") != 0 && > -- Gilles Chehade @poolpOrg https://www.poolp.org tip me: https://paypal.me/poolpOrg

Re: mail(1): use "sendmail" as argv[0] for sendmail

2019-03-04 Thread Gilles Chehade
ail(expand(cp), mtf); > > /* Setup sendmail arguments. */ > -*ap++ = "send-mail"; > +*ap++ = "sendmail"; > *ap++ = "-i"; > *ap++ = "-t"; > cp = hp->h_from ? hp->h_from : value(&qu

Re: grep: convert fgetln to getline

2019-01-31 Thread Gilles Chehade
so that's my reason for this line of thinking slash > pipe-dreaming ;) > quite amazing to watch tedu talk to another tedu :-| -- Gilles Chehade @poolpOrg https://www.poolp.org tip me: https://paypal.me/poolpOrg

Re: strlcpy() or strscpy()?

2019-01-27 Thread Gilles Chehade
rc, sizeof dest) == -E2BIG) { // overflow } and that strscpy() is essentially strlcpy() in NIH disguise: ssize_t strscpy(char *dest, const char *src, size_t count) { ssize_t ret; if ((ret = strlcpy(dest, src, count)) >= count) return -E2BIG; retu

Re: makemap.8 patch

2018-11-21 Thread Gilles Chehade
On Tue, Nov 20, 2018 at 04:12:13PM -0600, Edgar Pettijohn wrote: > > > > > why db ? > > Do you need makemap for file backend? > oh gosh am I dumb. your diff is ok, ignore me, will commit later today. -- Gilles Chehade

Re: makemap.8 patch

2018-11-20 Thread Gilles Chehade
should stick to the file backend which is the best one for the general case. The db backend is an extension of the file backend and unless you have a very specific use case, it brings no benefit whatsoever. It ISN'T faster than the file backend and unless you have

Re: [PATCH] parse ! on hostname.if for autoinstall

2018-11-09 Thread Gilles Chehade
dge) > + # Skip bridge in the installer. > ?? return > ?????????? ;; > ?? *)?? _cmds[${#_cmds[*]}]="ifconfig $_if ${_c[@]}" > > > Cheers > -- Gilles Chehade @poolpOrg https://www.poolp.org tip me: https://paypal.me/poolpOrg

Re: smtpd(8) match mail-from entire domain

2018-10-31 Thread Gilles Chehade
o > .Op Ic \&! > .Cm rcpt\-to > @@ -538,6 +543,11 @@ Specify that transactions's MAIL FROM sh > .Xc > Specify that transaction's RCPT TO should match the string or list table > .Ar recipient . > +The > +.Ar recipient > +may contain complete email addresses or apply to an entire domain if prefixed > +with > +.Sq @ . > .It Xo > .Op Ic \&! > .Cm tag Ar tag > -- Gilles Chehade https://www.poolp.org @poolpOrg

Re: Fix descriptions of smtps vs smtp+tls in smtpd.conf.5

2018-10-25 Thread Gilles Chehade
On Thu, Oct 25, 2018 at 07:24:33AM +0100, Raf Czlonka wrote: > On Thu, Oct 25, 2018 at 07:11:47AM BST, Gilles Chehade wrote: > > > > smtpd will _always_ display a 'starttls' log line when the TLS channel > > starts, > > disregarding if TLS was started at con

Re: Fix descriptions of smtps vs smtp+tls in smtpd.conf.5

2018-10-25 Thread Gilles Chehade
attempted to connect in plaintext then upgrade a session on a host that didn't speak plaintext and expected sessions to speak TLS from the start. -- Gilles Chehade https://www.poolp.org @poolpOrg

Re: spf walk: lookup aaaa records with "a" mechanism

2018-10-15 Thread Gilles Chehade
ch_a); > + lookup_record(T_, *(ap) + 2, dispatch_); > continue; > } > if (strncasecmp("exists:", *ap, 7) == 0) { -- Gilles Chehade https://www.poolp.org @poolpOrg

Re: smtpd: flags cleanup in mta

2018-09-05 Thread Gilles Chehade
0 > }, > + { "lmtp://", RELAY_TLS_NO,RELAY_LMTP > }, > + { "smtps://", RELAY_TLS_SMTPS, 0 > } > }; > const char *errstr = NULL; > char *p, *q; > @@ -344,6 +345,7 @@ text_to_relayhost(struct relayhost *rela > else > p = buffer + strlen(schemas[i].name); > > + relay->tls = schemas[i].tls; > relay->flags = schemas[i].flags; > > /* need to specify an explicit port for LMTP */ > @@ -395,7 +397,8 @@ text_to_relayhost(struct relayhost *rela > return 0; > if (relay->authlabel[0]) { > /* disallow auth on non-tls scheme. */ > - if (!(relay->flags & (RELAY_STARTTLS | RELAY_SMTPS))) > + if (relay->tls != RELAY_TLS_STARTTLS && > + relay->tls != RELAY_TLS_SMTPS) > return 0; > relay->flags |= RELAY_AUTH; > } > -- Gilles Chehade https://www.poolp.org @poolpOrg

Re: smtpd: malloc+strlcpy -> strndup

2018-09-05 Thread Gilles Chehade
On Mon, Sep 03, 2018 at 11:43:02PM +0800, Michael Mikonos wrote: > On Mon, Sep 03, 2018 at 02:24:49PM +0800, Michael Mikonos wrote: > > On Sat, Sep 01, 2018 at 11:31:49PM +0200, Gilles Chehade wrote: > > > On Sat, Sep 01, 2018 at 09:20:59PM +0800, Michael Mikonos wr

Re: Update to table(5) man page

2018-09-05 Thread Gilles Chehade
Alias > > table. > > > > Thanks, > > Matt > > > > [...] > > > i think your diff reads better than what's there now. gilles, eric? > agreed -- Gilles Chehade https://www.poolp.org @poolpOrg

Re: Corrected patch for smtpd.conf(5) man page

2018-09-03 Thread Gilles Chehade
gt; +.It Cm wrapper Ar name > > +Use the wrapper specified in > > +.Cm mda wrapper. > > that looks correct (i think). but with one adjustment - there should be > a space between "wrapper" and the full stop. > > gilles? eric? > yes this reads

Re: smtpd: malloc+strlcpy -> strndup

2018-09-01 Thread Gilles Chehade
trlen(s) - strlen(val); > + sym = strndup(s, len); > + if (sym == NULL) > + errx(1, "%s: strndup", __func__); > > ret = symset(sym, val + 1, 1); > free(sym); > -- Gilles Chehade https://www.poolp.org @poolpOrg

Re: smtpd: smtp_client_state() error message

2018-09-01 Thread Gilles Chehade
tate: unknown state"); > + fatalx("%s: bad state %d", __func__, proto->state); > } > #undef smtp_client_state > } > -- Gilles Chehade https://www.poolp.org @poolpOrg

Re: smtpd: improve syntax for relay host

2018-08-30 Thread Gilles Chehade
> + /* no schema, default to smtp:// */ > + i = 0; > p = buffer; > } > else > @@ -397,10 +393,13 @@ text_to_relayhost(struct relayhost *rela > return 0; > if ((relay->flags & RELAY_LMTP) && (relay->port == 0)) > return 0; > - if (relay->authlabel[0] == '\0' && relay->flags & RELAY_AUTH) > - return 0; > - if (relay->authlabel[0] != '\0' && !(relay->flags & RELAY_AUTH)) > - return 0; > + if (relay->authlabel[0]) { > + /* disallow auth on non-tls scheme. */ > + if (!(relay->flags & (RELAY_STARTTLS | RELAY_SMTPS))) > + return 0; > + relay->flags |= RELAY_AUTH; > + } > + > return 1; > } > -- Gilles Chehade https://www.poolp.org @poolpOrg

Re: smtpd: improve message parser

2018-08-06 Thread Gilles Chehade
message_printf(tx, "%s:%s\n", res.hdr, res.value); > + break; > + > + case RFC5322_HEADER_CONT: > > - ret = rfc2822_parser_feed(>rfc2822_parser, line); > - if (ret == -1) > - tx-

Re: smtpd/parse.y : fix line count

2018-06-03 Thread Gilles Chehade
980,16 @@ pushfile(const char *name, int secret) > free(nfile); > return (NULL); > } > - nfile->lineno = 1; > + nfile->lineno = TAILQ_EMPTY() ? 1 : 0; > + nfile->ungetsize = 16; > + nfile->ungetbuf = malloc(nfile->ungetsize); > + if (nfile->ungetbuf == NULL) { > + log_warn("warn: malloc"); > + fclose(nfile->stream); > + free(nfile->name); > + free(nfile); > + return (NULL); > + } > TAILQ_INSERT_TAIL(, nfile, entry); > return (nfile); > } > @@ -1973,6 +2005,7 @@ popfile(void) > TAILQ_REMOVE(, file, entry); > fclose(file->stream); > free(file->name); > + free(file->ungetbuf); > free(file); > file = prev; > return (file ? 0 : EOF); > -- Gilles Chehade https://www.poolp.org @poolpOrg

Re: smtpd: make relay to smarthost to verify TLS by default

2018-05-31 Thread Gilles Chehade
1.183 > +++ smtpd.conf.5 31 May 2018 19:56:04 - > @@ -205,6 +205,9 @@ to advertise during the HELO phase. > .It Cm host Ar relay-url > Do not perform MX lookups but relay messages to the relay host described by > .Ar relay-url . > +If the url uses tls, the certificate w

Re: smtpd: make relay to smarthost to verify TLS by default

2018-05-31 Thread Gilles Chehade
NODSN }, > + { "no-verify", NOVERIFY }, > { "on", ON }, > { "pki",PKI }, > { "port", PORT }, > Index: mta.c > ==========

Re: corrections in smtpd.conf(5)

2018-05-31 Thread Gilles Chehade
tials. > +This option is usable only with > +.Cm host > +option. > +The credential table format is described in > +.Xr table 5 . > .It Cm mail\-from Ar mailaddr > Use > .Ar mailaddr > -- Gilles Chehade https://www.poolp.org @poolpOrg

Re: smtpd.conf new grammar

2018-05-25 Thread Gilles Chehade
On Thu, May 24, 2018 at 04:38:17PM -0400, Rupert Gallagher wrote: > On Thu, May 24, 2018 at 14:18, Gilles Chehade <gil...@poolp.org> wrote: > > > In effect, instead of having: > > accept from any for local deliver to mbox > > > > You will have: > >

smtpd.conf new grammar

2018-05-24 Thread Gilles Chehade
safer, removed a lot of very unpleasant side-effects most people didn't even realize existed ... until they hit that one case for which we had no way to work around. Anyways, looking forward for you to test and report how it works for you :-) -- Gilles Chehade h

Re: smtpd: remove filter leftovers

2017-08-29 Thread Gilles Chehade
tree_xset(_ssl_init, s->id, s); > + return; > + } > + > + smtp_send_banner(s); > } > > static void > @@ -2416,48 +2318,6 @@ smtp_queue_rollback(struct smtp_session > m_create(p_queue, IMSG_SMTP_MESSAGE_ROLLBACK, 0, 0, -1); > m_add_msgid(p_queue, s->tx->msgid); > m_close(p_queue); > -} > - > -static void > -smtp_filter_connect(struct smtp_session *s, struct sockaddr *sa) > -{ > - tree_xset(_filter, s->id, s); > - smtp_filter_response(s->id, QUERY_CONNECT, FILTER_OK, 0, NULL); > -} > - > -static void > -smtp_filter_eom(struct smtp_session *s) > -{ > - tree_xset(_filter, s->id, s); > - smtp_filter_response(s->id, QUERY_EOM, FILTER_OK, 0, NULL); > -} > - > -static void > -smtp_filter_helo(struct smtp_session *s) > -{ > - tree_xset(_filter, s->id, s); > - smtp_filter_response(s->id, QUERY_HELO, FILTER_OK, 0, NULL); > -} > - > -static void > -smtp_filter_mail(struct smtp_session *s) > -{ > - tree_xset(_filter, s->id, s); > - smtp_filter_response(s->id, QUERY_MAIL, FILTER_OK, 0, NULL); > -} > - > -static void > -smtp_filter_rcpt(struct smtp_session *s) > -{ > - tree_xset(_filter, s->id, s); > - smtp_filter_response(s->id, QUERY_RCPT, FILTER_OK, 0, NULL); > -} > - > -static void > -smtp_filter_data(struct smtp_session *s) > -{ > - tree_xset(_filter, s->id, s); > - smtp_filter_response(s->id, QUERY_DATA, FILTER_OK, 0, NULL); > } > > static void > -- Gilles Chehade https://www.poolp.org @poolpOrg

Re: smtpd: tweak static table parser

2017-08-28 Thread Gilles Chehade
, valp); > + } > > - if ((valp == keyp || valp == NULL) && t->t_type == T_LIST) > - table_add(t, keyp, NULL); > - else if ((valp != keyp && valp != NULL) && t->t_type == T_HASH) > - table_add(t, keyp, valp); > - else > - goto end; > + if (ferror(fp)) { > + log_warn("%s: getline", t->t_config); > + goto end; > } > + > /* Accept empty alias files; treat them as hashes */ > if (t->t_type == T_NONE && t->t_backend->services & K_ALIAS) > t->t_type = T_HASH; > -- Gilles Chehade https://www.poolp.org @poolpOrg

Re: smtpd: simplify table parser

2017-08-13 Thread Gilles Chehade
_type = (valp == keyp || valp == NULL) ? T_LIST : > T_HASH; > - > - if (!(t->t_type & type)) > - goto end; > > if ((valp == keyp || valp == NULL) && t->t_type == T_LIST) > table_add(t, keyp, NULL); > -- Gilles Chehade https://www.poolp.org @poolpOrg

Re: [patch] remove smtpd filter code

2017-08-04 Thread Gilles Chehade
On Fri, Aug 04, 2017 at 02:56:21PM +0200, Gilles Chehade wrote: > On Fri, Aug 04, 2017 at 01:13:06PM +0200, Eric Faurot wrote: > > Hi, > > > > Experimental support for filters has been removed some time ago from > > the config parser. Now we want to get rid of t

Re: [patch] remove smtpd filter code

2017-08-04 Thread Gilles Chehade
set(_filter, s->id, s); > - filter_mailaddr(s->id, QUERY_MAIL, >tx->evp.sender); > + smtp_filter_response(s->id, QUERY_MAIL, FILTER_OK, 0, NULL); > } > > static void > smtp_filter_rcpt(struct smtp_session *s) > { > tree_xset(_filter, s->id, s); > - filter_mailaddr(s->id, QUERY_RCPT, >tx->evp.rcpt); > + smtp_filter_response(s->id, QUERY_RCPT, FILTER_OK, 0, NULL); > } > > static void > smtp_filter_data(struct smtp_session *s) > { > tree_xset(_filter, s->id, s); > - filter_line(s->id, QUERY_DATA, NULL); > + smtp_filter_response(s->id, QUERY_DATA, FILTER_OK, 0, NULL); > } > > static void > @@ -2624,11 +2517,6 @@ smtp_filter_dataline(struct smtp_session > if (ret == 0) { > s->tx->msgflags |= MF_ERROR_MALFORMED; > return; > - } > - > - if (io_queued(s->tx->oev) > DATA_HIWAT && !io_paused(s->io, IO_IN)) { > - log_debug("debug: smtp: %p: filter congestion: pausing > session", s); > - io_pause(s->io, IO_IN); > } > } > > Index: smtpd.h > === > RCS file: /cvs/src/usr.sbin/smtpd/smtpd.h,v > retrieving revision 1.533 > diff -u -p -r1.533 smtpd.h > --- smtpd.h 27 Jul 2017 18:48:30 - 1.533 > +++ smtpd.h 4 Aug 2017 09:53:16 - > @@ -1200,18 +1200,6 @@ int expand_to_text(struct expand *, char > RB_PROTOTYPE(expandtree, expandnode, nodes, expand_cmp); > > > -/* filter.c */ > -void filter_postfork(void); > -void filter_configure(void); > -void filter_connect(uint64_t, const struct sockaddr *, > -const struct sockaddr *, const char *, const char *); > -void filter_mailaddr(uint64_t, int, const struct mailaddr *); > -void filter_line(uint64_t, int, const char *); > -void filter_eom(uint64_t, int, size_t); > -void filter_event(uint64_t, int); > -void filter_build_fd_chain(uint64_t, int); > - > - > /* forward.c */ > int forwards_get(int, struct expand *); > > Index: smtpd/Makefile > === > RCS file: /cvs/src/usr.sbin/smtpd/smtpd/Makefile,v > retrieving revision 1.87 > diff -u -p -r1.87 Makefile > --- smtpd/Makefile26 May 2017 21:30:00 - 1.87 > +++ smtpd/Makefile3 Aug 2017 09:55:57 - > @@ -17,7 +17,6 @@ SRCS+= dns.c > SRCS+= envelope.c > SRCS+= esc.c > SRCS+= expand.c > -SRCS+= filter.c > SRCS+= forward.c > SRCS+= iobuf.c > SRCS+= ioev.c > -- Gilles Chehade https://www.poolp.org @poolpOrg

Re: smtpd session hang

2017-06-19 Thread Gilles Chehade
accommodate (with an fd reserve). > The lower limits are on outgoing connections. > > New diff with reordered code. I'll see if I can get Adam to run one more > round of testing.. > Committed thanks :) -- Gilles Chehade https://www.poolp.org @poolpOrg

Re: smtpd session hang

2017-06-16 Thread Gilles Chehade
= 0) > smtp_data_io_done(s); > - } else if (io_paused(s->io, IO_IN)) { > + > + if (io_paused(s->io, IO_IN)) { > log_debug("debug: smtp: %p: filter congestion over: > resuming session", s); > io_resume(s->io, IO_IN); > } > > -- Gilles Chehade https://www.poolp.org @poolpOrg

Re: [PATCH] Do not mention newaliases(8) in /etc/mail/aliases

2017-05-31 Thread Gilles Chehade
On Wed, May 31, 2017 at 09:53:38AM -0500, Jimmy Hess wrote: > On Wed, May 31, 2017 at 6:34 AM, Gilles Chehade <gil...@poolp.org> wrote: > > > It is not that simple because newaliases works when you have one aliases > > database (e.g. /etc/mail/aliases). This is the c

Re: [PATCH] Do not mention newaliases(8) in /etc/mail/aliases

2017-05-31 Thread Gilles Chehade
eful if "newaliases" did whatever is necessary for the > table type you have in use so you don't need to think about it and the > documentation can be simple..) > It is not that simple because newaliases works when you have one aliases database (e.g. /etc/mail/aliases). This is the case on the default setup but smtpd supports per-rule aliases mappings and for example the MX that I run for poolp.org and opensmtpd.org has two different sets of aliases, one for each domain, and now newaliases can't work anymore. We can hack it so it works in some cases but it will never be able to do the work correctly for non-default configurations and we will still have to provide and document the smtpctl command. -- Gilles Chehade https://www.poolp.org @poolpOrg

Re: [patch] typo smtpd/dns.c

2017-05-31 Thread Gilles Chehade
> m_create(s->p, IMSG_MTA_DNS_HOST_END, 0, 0, -1); > m_add_id(s->p, s->reqid); > m_add_int(s->p, DNS_EINVAL); -- Gilles Chehade https://www.poolp.org @poolpOrg

Re: Convert explicit_bzero+free to freezero on smtpd(8)

2017-05-12 Thread Gilles Chehade
> +++ smtp_session.c11 May 2017 10:16:54 - > @@ -962,8 +962,7 @@ smtp_session_imsg(struct mproc *p, struc > io_set_read(s->io); > io_start_tls(s->io, ssl); > > - explicit_bzero(resp_ca_cert->cert, resp_ca_cert->cert_len); > - free(resp_ca_cert->cert); > + freezero(resp_ca_cert->cert, resp_ca_cert->cert_len); > free(resp_ca_cert); > return; > -- Gilles Chehade https://www.poolp.org @poolpOrg

Re: regarding OpenSSL License change

2017-03-24 Thread Gilles Chehade
the situation. Sadly, "clear" is something the OpenSSL folks are unfamiliar with... -- Gilles Chehade https://www.poolp.org @poolpOrg

Re: wpa key vs wep key

2017-03-21 Thread Gilles Chehade
); > > } else { > > ic->ic_flags &= ~IEEE80211_F_PSK; > > memset(ic->ic_psk, 0, sizeof(ic->ic_psk)); > > @@ -496,6 +528,8 @@ ieee80211_ioctl(struct ifnet *ifp, u_lon > > break; > > kr = (struct ieee80211_keyrun *)data; > > error = ieee80211_keyrun(ic, kr->i_macaddr); > > + if (error == 0 && (ic->ic_flags & IEEE80211_F_WEPON)) > > + ieee80211_disable_wep(ic); > > break; > > case SIOCS80211POWER: > > if ((error = suser(curproc, 0)) != 0) > > > > -- > Antoine > -- Gilles Chehade https://www.poolp.org @poolpOrg

Re: vmd 4/5: replace openpty(4) with a local function

2017-02-27 Thread Gilles Chehade
vsw) > { > diff --git usr.sbin/vmd/vmd.h usr.sbin/vmd/vmd.h > index e371112..26d345c 100644 > --- usr.sbin/vmd/vmd.h > +++ usr.sbin/vmd/vmd.h > @@ -185,6 +185,7 @@ struct vmd { > struct switchlist *vmd_switches; > > int vmd_fd; > + int vmd_ptmfd; > }; > > /* vmd.c */ > @@ -197,6 +198,8 @@ void vm_stop(struct vmd_vm *, int); > void vm_remove(struct vmd_vm *); > int vm_register(struct privsep *, struct vmop_create_params *, > struct vmd_vm **, uint32_t); > +int vm_opentty(struct vmd_vm *); > +void vm_closetty(struct vmd_vm *); > void switch_remove(struct vmd_switch *); > struct vmd_switch *switch_getbyname(const char *); > char *get_string(uint8_t *, size_t); > -- Gilles Chehade https://www.poolp.org @poolpOrg

Re: vmd 3/5: add size checks for control imsg

2017-02-27 Thread Gilles Chehade
case IMSG_VMDOP_LOAD: > case IMSG_VMDOP_RELOAD: > case IMSG_CTL_RESET: > @@ -384,6 +404,8 @@ control_dispatch_imsg(int fd, short event, void *arg) > return; > > fail: > + if (ret == 0) > + ret = EINVAL; > imsg_compose_event(>iev, IMSG_CTL_FAIL, > 0, 0, -1, , sizeof(ret)); > imsg_flush(>iev.ibuf); > -- Gilles Chehade https://www.poolp.org @poolpOrg

Re: asr: support for RES_USE_DNSSEC

2017-02-27 Thread Gilles Chehade
name); > - if (as->as_ctx->ac_options & RES_USE_EDNS0) > - _asr_pack_edns0(, MAXPACKETSZ); > + if (as->as_ctx->ac_options & (RES_USE_EDNS0 | RES_USE_DNSSEC)) > + _asr_pack_edns0(, MAXPACKETSZ, > + as->as_ctx->ac_options & RES_USE_DNSSEC); > if (p.err) { > DPRINT("error packing query"); > errno = EINVAL; > Index: net/resolver.3 > === > RCS file: /d/cvs/src/lib/libc/net/resolver.3,v > retrieving revision 1.36 > diff -u -p -r1.36 resolver.3 > --- net/resolver.318 Feb 2017 19:23:05 - 1.36 > +++ net/resolver.327 Feb 2017 07:25:11 - > @@ -199,9 +199,6 @@ uses 4096 bytes as input buffer size. > Request that the resolver uses > Domain Name System Security Extensions (DNSSEC), > as defined in RFCs 4033, 4034, and 4035. > -On > -.Ox > -this option does nothing. > .El > .Pp > The > > > -- > jca | PGP : 0x1524E7EE / 5135 92C1 AD36 5293 2BDF DDCC 0DFA 74AE 1524 E7EE > -- Gilles Chehade https://www.poolp.org @poolpOrg

Re: asr: slightly better error reporting for getnameinfo()

2017-02-20 Thread Gilles Chehade
faddrs() != 0) > + if (getifaddrs() == -1) > return (-1); > > as->as.ai.flags |= ASYNC_NO_INET | ASYNC_NO_INET6; > -- Gilles Chehade https://www.poolp.org @poolpOrg

Re: opensmtpd faq commands

2017-01-30 Thread Gilles Chehade
wd file will contain an entry like > @@ -199,9 +197,9 @@ maildir folder are mapped to the single > In this example, Dovecot is used as an IMAP server. > > > -# export > PKG_PATH=http://your.local.mirror/pub/OpenBSD/%c/packages/%a > -# pkg_add dovecot

Re: userspace doesn't need to set sa_len, sun_len, etc

2017-01-21 Thread Gilles Chehade
> and the kernel that spreads the inconsistency inside userland. > > Kernel and userland best practices are already quite different, including > this in that list is the lesser evil. > I would love to remove this from smtpd to reduce diff with portable, so i'm generally ok with the idea -- Gilles Chehade https://www.poolp.org @poolpOrg

Re: smtpd: hide struct io

2016-11-28 Thread Gilles Chehade
;io)) { > s->flags |= SF_BADINPUT; > smtp_reply(s, "500 %s %s: Pipelining not supported", > esc_code(ESC_STATUS_PERMFAIL, ESC_INVALID_COMMAND), > @@ -1321,7 +1313,7 @@ smtp_io(struct io *io, int evt, void *ar

Re: smtpd: more internal cleanups

2016-11-22 Thread Gilles Chehade
} > > smtp_message_end(s); > > @@ -1198,7 +1182,6 @@ smtp_filter_fd(uint64_t id, int fd) > > smtp_reply(s, "421 %s: Temporary Error", > > esc_code(ESC_STATUS_TEMPFAIL, > > ESC_OTHER_MAIL_SYSTEM_STATUS)); > >

Re: smtpd: simplify internal io api

2016-11-21 Thread Gilles Chehade
ge body */ > if (s->state == STATE_BODY && strcmp(line, ".")) { > @@ -1338,7 +1336,6 @@ smtp_io(struct io *io, int evt, void *ar > > rfc2822_parser_flush(>tx->rfc2822_parser); > > -

Re: smtpd: internal cleanups, part 3

2016-11-17 Thread Gilles Chehade
util.c31 Aug 2016 10:18:08 - 1.128 > +++ util.c17 Nov 2016 14:01:28 - > @@ -133,6 +133,33 @@ iobuf_xfqueue(struct iobuf *io, const ch > fatalx("exiting"); > } > } > + > +int > +io_xprintf(struct io *io, const char *fmt, ...) > +{ > + va_list ap; > + int len; > + > + va_start(ap, fmt); > + len = io_vprintf(io, fmt, ap); > + va_end(ap); > + if (len == -1) > + fatal("io_xprintf(%p, %s, ...)", io, fmt); > + > + return len; > +} > + > +int > +io_xprint(struct io *io, const char *str) > +{ > + int len; > + > + len = io_print(io, str); > + if (len == -1) > + fatal("io_xprint(%p, %s, ...)", io, str); > + > + return len; > +} > #endif > > char * > -- Gilles Chehade https://www.poolp.org @poolpOrg

Re: smtpd: internal cleanups, part 2

2016-11-16 Thread Gilles Chehade
quired, cascade */ > - > - case IO_TLSVERIFIED: > - x = SSL_get_peer_certificate(s->io.ssl); > - if (x) { > - log_info("%016"PRIx64" smtp " > - "event=client-cert-check address=%s host=%s > result=\"%s\"", > - s->id, ss_to_text(>ss), s->hostname, > - (s->flags & SF_VERIFIED) ? "success" : "failure"); > - X509_free(x); > - } > - > - if (s->listener->flags & F_SMTPS) { > - stat_increment("smtp.smtps", 1); > - io_set_write(>io); > - smtp_send_banner(s); > - } > - else { > - stat_increment("smtp.tls", 1); > - smtp_enter_state(s, STATE_HELO); > - } > - break; > > case IO_DATAIN: > nextline: > -- Gilles Chehade https://www.poolp.org @poolpOrg

  1   2   3   >