Just released a new filter-rspamd with your diff, thanks
> On 14 Jun 2023, at 19:23, Omar Polo wrote:
>
> Hello,
>
> the `link-auth' event hash the user first and the result of the
> operation after; this breaks when a username has a '|' character in
> it. Since this is triggered by the `aut
Hello,
As discussed, this looks correct to me
> On 22 Sep 2021, at 15:46, Eric Faurot wrote:
>
> Hi.
>
> A user reported that decoded SRS addresses are not correctly evaluated
> against the ruleset. That's because the ruleset always matches against
> the expanded address ("dest") and not the
> On 29 Aug 2021, at 16:14, Peter J. Philipp wrote:
>
> On Sun, Aug 29, 2021 at 07:16:20AM -0600, Theo de Raadt wrote:
>> Is there a strong reason why this has to be in that specific library?
>
> Not really. I did see gnutls has dane functions and openssl has them too.
> I can stick to just
Re-sending, I forgot to cc: aisha & tech:
> On 12 Jun 2021, at 22:47, Gilles CHEHADE wrote:
>
>>
>> On 12 Jun 2021, at 15:15, Eric Faurot wrote:
>>
>> On Wed, Jun 09, 2021 at 05:41:36PM -0400, Aisha Tammy wrote:
>>> Hi,
>>> Here is
> On 12 Jun 2021, at 18:57, Aisha Tammy wrote:
>
> On 6/12/21 9:15 AM, Eric Faurot wrote:
>> On Wed, Jun 09, 2021 at 05:41:36PM -0400, Aisha Tammy wrote:
>>> Hi,
>>> Here is the updated diff, which removes table_proc and adds
>>> table_procexec as the default backend when no backend name ma
> On 9 Jun 2021, at 17:13, Aisha Tammy wrote:
>
>
>
> On 6/9/21 10:34 AM, Gilles CHEHADE wrote:
>>
>>> On 9 Jun 2021, at 15:47, Aisha Tammy wrote:
>>>
>>> On 6/9/21 5:19 AM, Gilles CHEHADE wrote:
>>>> Hi,
>>>>
&g
> On 9 Jun 2021, at 15:47, Aisha Tammy wrote:
>
> On 6/9/21 5:19 AM, Gilles CHEHADE wrote:
>> Hi,
>>
>> I wrote table_procexec (despite the copyright which I copy-pasted and forgot
>> to replace author) so just providing a bit of insight:
> Ah, I did not
Hi,
I wrote table_procexec (despite the copyright which I copy-pasted and forgot to
replace author) so just providing a bit of insight:
table_procexec was written as a proof of concept for a new table protocol
inspired by the filter protocol to make it easier to write privsep table
backends us
Been running it for a few days, no regressions so far
> On 5 Feb 2021, at 09:35, Eric Faurot wrote:
>
> No much report so far.
> Anybody had a chance to test this?
> Here is the same diff again with manpage update this time.
>
> Eric.
>
> Index: ca.c
> =
Hello,
The following diff plugs a memory leak in regex lookups.
Cheers,
diff --git a/usr.sbin/smtpd/table.c b/usr.sbin/smtpd/table.c
index 4691..d1578403 100644
--- a/usr.sbin/smtpd/table.c
+++ b/usr.sbin/smtpd/table.c
@@ -470,6 +470,7 @@ table_regex_match(const char *string, const char *pa
> On 20 Dec 2020, at 18:15, Chris Bennett
> wrote:
>
> On Sun, Dec 20, 2020 at 09:51:35AM +0100, Gilles CHEHADE wrote:
>>
>>
>>> On 20 Dec 2020, at 07:13, Sebastien Marie wrote:
>>>
>>> On Sat, Dec 19, 2020 at 10:36:32PM +, gil...
Ping ?
> On 14 Dec 2020, at 11:34, Gilles Chehade wrote:
>
> Hello,
>
> Upon termination, the parent process will call parent_shutdown() which will
> in turn call mproc_clear() to properly terminate IPC with child processes.
>
> In mproc_clear(), event_del() is calle
> On 20 Dec 2020, at 10:14, Sebastien Marie wrote:
>
> On Sat, Dec 19, 2020 at 11:19:10PM -0700, Theo de Raadt wrote:
>> There are thousands of people with smtpd configurations, and sysmerge
>> is not going to handle this.
>>
>> We cannot expect them all to change their files. This is madnes
> On 20 Dec 2020, at 10:03, Gilles CHEHADE wrote:
>
>
>> On 20 Dec 2020, at 07:19, Theo de Raadt wrote:
>>
>> There are thousands of people with smtpd configurations, and sysmerge
>> is not going to handle this.
>>
>> We cannot expect the
> On 20 Dec 2020, at 03:21, Theo de Raadt wrote:
>
> Todd C. Miller wrote:
>
>> I like this direction but I worry about breaking existing configs.
>> How are we going to alert existing users that they need to update
>> their configs if the behavior silently changes?
>
> I think the configura
> On 20 Dec 2020, at 07:19, Theo de Raadt wrote:
>
> There are thousands of people with smtpd configurations, and sysmerge
> is not going to handle this.
>
> We cannot expect them all to change their files. This is madness.
>
> Gilles, I think you should be adding an option that blocks it op
> On 20 Dec 2020, at 07:13, Sebastien Marie wrote:
>
> On Sat, Dec 19, 2020 at 10:36:32PM +, gil...@poolp.org wrote:
>> Hello,
>>
>> Whenever a rule with a local action (mbox, maildir, lmtp or mda) is matched,
>> smtpd will
>> attempt to search for a ~/.forward file in the recipient dire
> On 20 Dec 2020, at 02:09, Todd C. Miller wrote:
>
> I like this direction but I worry about breaking existing configs.
> How are we going to alert existing users that they need to update
> their configs if the behavior silently changes?
>
> - todd
I agree and this diff was more to suggest a
Hello,
Upon termination, the parent process will call parent_shutdown() which will in
turn call mproc_clear() to properly terminate IPC with child processes.
In mproc_clear(), event_del() is called but a check is lacking to ensure
event_add() was called prior to this.
On OpenBSD, this doesn’t
er called from forkmda()");
log_debug("debug: smtpd: forking mda for session %016"PRIx64
": %s as %s", id, deliver->userinfo.username,
--
Gilles Chehade @poolpOrg
https://www.poolp.orgpatreon: https://www.patreon.com/gilles
@
table aliases file:/etc/mail/aliases
+listen on socket
+
# To accept external mail, replace with: listen on all
#
listen on lo0
--
Gilles Chehade @poolpOrg
https://www.poolp.orgpatreon: https://www.patreon.com/gilles
On Mon, Nov 25, 2019 at 08:30:21AM +0100, Gilles Chehade wrote:
> On Mon, Nov 25, 2019 at 01:09:20AM +0100, Joerg Jung wrote:
> > On Sun, Nov 24, 2019 at 10:54:14AM +0100, Gilles Chehade wrote:
> > >
> > > Ten years ago, it seemed a very neat idea that OpenSMTPD wou
On Mon, Nov 25, 2019 at 01:09:20AM +0100, Joerg Jung wrote:
> On Sun, Nov 24, 2019 at 10:54:14AM +0100, Gilles Chehade wrote:
> >
> > Ten years ago, it seemed a very neat idea that OpenSMTPD would have some
> > implicit defaults to avoid people creating open relays.
>
ng the explicit notation to default config,
then put a startup warning in the next release so configurations are not
broken but people spot that this is no longer encouraged and we can then
later kill it.
--
Gilles Chehade @poolpOrg
https://www.
> RCS file: /cvs/src/usr.sbin/smtpd/smtp_session.c,v
> retrieving revision 1.389
> diff -u -p -r1.389 smtp_session.c
> --- smtp_session.c20 Feb 2019 11:56:27 - 1.389
> +++ smtp_session.c24 Apr 2019 09:33:35 -
> @@ -1078,7 +1078,7 @@ smtp_io(struct io *io, int evt, void *ar
>
> case IO_DATAIN:
> nextline:
> - line = io_getline(s->io, &len);
> + line = io_getline_rn(s->io, &len);
> if ((line == NULL && io_datalen(s->io) >= SMTP_LINE_MAX) ||
> (line && len >= SMTP_LINE_MAX)) {
> s->flags |= SF_BADINPUT;
> @@ -2727,7 +2727,7 @@ filter_session_io(struct io *io, int evt
> switch (evt) {
> case IO_DATAIN:
> nextline:
> - line = io_getline(tx->filter, &len);
> + line = io_getline_rn(tx->filter, &len);
> /* No complete line received */
> if (line == NULL)
> return;
--
Gilles Chehade @poolpOrg
https://www.poolp.orgpatreon: https://www.patreon.com/gilles
ly(s, "500 %s is only allowed before ",
- esc_code(ESC_STATUS_PERMFAIL, ESC_OTHER_STATUS));
- smtp_enter_state(s, STATE_QUIT);
- io_set_write(io);
- return;
- }
-
/*
> this we need to make it fit within the specifications:
>
> [...]
>
> This means stop opportunistic scanning for '\r' in iobuf!
>
Sure but fixing iobuf is not a two liner and it affects virtually all of
the daemon and at this point we're looking for stability
nter is an example of one).
So:
a- do we leave '\r' in the body ?
b- do we turn '\r' into '\n'
c- do we keep strict behavior ?
d- do we keep strict behavior + provide a knob for '\r' to work ?
--
Gilles Chehade @poolpOrg
https://www.poolp.orgpatreon: https://www.patreon.com/gilles
o I added a
> similar check there.
>
> I'd like you to double-check whether the fix is indeed correct.
>
Yes, your understanding of the problem is correct and your diff also, so
I committed it a minute ago, thanks !
I'm curious about what configuration allowed you to hit th
mtpname, SMTPD_NAME);
> s->banner_sent = 1;
> + snprintf(textstring, sizeof(textstring), "ESMTP %s", SMTPD_NAME);
> + report_smtp_link_greeting("smtp-in", s->id, s->smtpname, textstring);
> }
>
> void
> Index: smtpd.h
&g
quot;, line, 9) == 0) {
> + processor_register(name, line);
> + continue;
> + }
> +
> + processor = dict_xget(&processors, name);
> + if
On Fri, Aug 23, 2019 at 07:33:29PM +0200, Martijn van Duren wrote:
> On 8/23/19 7:06 PM, Gilles Chehade wrote:
> > On Fri, Aug 23, 2019 at 09:03:51AM +0200, Martijn van Duren wrote:
> >> Hello,
> >>
> >
> > Hello,
> >
> >
> >> When r
;proc = $5;
> + dict_set(conf->sc_filters_dict, $2, filter_config);
> +} proc_params {
> + dict_set(conf->sc_processors_dict, filter_config->proc, processor);
> + processor = NULL;
> + filter_config = NULL;
> +}
> +|
> FILTER STRING PHASE {
> if (dict_get(conf->sc_filters_dict, $2)) {
> yyerror("filter already exists with that name: %s", $2);
>
--
Gilles Chehade @poolpOrg
https://www.poolp.orgpatreon: https://www.patreon.com/gilles
0
@@ -169,10 +169,9 @@ sa_to_text(const struct sockaddr *sa)
const struct in6_addr *in6_addr;
in6 = (const struct sockaddr_in6 *)sa;
- (void)strlcpy(buf, "IPv6:", sizeof(buf));
- p = buf + 5;
+ p = buf;
in6_a
On Tue, Jul 23, 2019 at 12:15:26PM +0200, Klemens Nanni wrote:
> On Tue, Jul 23, 2019 at 11:00:04AM +0200, Gilles Chehade wrote:
> > there is no schema today that should default to 587, unless
> > submission:// is introduced as an alias to smtp+tls AND port 587.
> Alright; thi
On Tue, Jul 23, 2019 at 08:51:38PM +0200, Ingo Schwarze wrote:
> Hi Gilles,
>
> Gilles Chehade wrote on Tue, Jul 23, 2019 at 08:27:06AM +0200:
> > On Mon, Jul 22, 2019 at 05:05:01PM -0400, Kurt Mosiejczuk wrote:
>
> >> This is a diff for that changes the example
On Wed, Jul 24, 2019 at 12:18:05AM +0200, Klemens Nanni wrote:
> On Tue, Jul 23, 2019 at 09:06:33AM +0200, Gilles Chehade wrote:
> > On Tue, Jul 23, 2019 at 08:51:54AM +0200, Sebastien Marie wrote:
> > > it seems to me this url is wrong. the '@' in username
On Tue, Jul 23, 2019 at 10:20:10PM +0200, Sebastian Benoit wrote:
> Gilles Chehade(gil...@poolp.org) on 2019.07.23 09:06:33 +0200:
> > On Tue, Jul 23, 2019 at 08:51:54AM +0200, Sebastien Marie wrote:
> > > On Mon, Jul 22, 2019 at 11:26:28PM +0200, Klemens Nanni wrote:
>
On Tue, Jul 23, 2019 at 10:54:57AM +0200, Klemens Nanni wrote:
> On Tue, Jul 23, 2019 at 08:18:18AM +0200, Gilles Chehade wrote:
> > it should definitely default to 25 in my opinion, disregarding if people
> > use "relay host" for submission or not.
> Fine with me; I
> > @@ -352,7 +352,7 @@ text_to_relayhost(struct relayhost *rela
> > relay->port = 0;
> >
> > /* first, we extract the label if any */
> > - if ((q = strchr(p, '@')) != NULL) {
> > + if ((q = strrchr(p, '@')) != NULL) {
> > *q = 0;
> > if (strlcpy(relay->authlabel, p, sizeof (relay->authlabel))
> > >= sizeof (relay->authlabel))
> >
>
> --
> Sebastien Marie
>
--
Gilles Chehade @poolpOrg
https://www.poolp.orgpatreon: https://www.patreon.com/gilles
t; @@ -952,14 +952,14 @@ table other-relays file:/etc/mail/other-
> listen on lo0
> listen on egress
>
> -action "mbox" mbox alias
> -action "relay" relay
> +action local-mbox mbox alias
> +action inet-mail relay
>
> -match for local action "mbox"
> -match for any action "relay"
> +match for local action local-mbox
> +match for any action inet-mail
> match !from src mail\-from "@example.com" for any \e
>reject
> -match from any for domain example.com action "mbox"
> +match from any for domain example.com action local-mbox
> .Ed
> .Sh SEE ALSO
> .Xr mailer.conf 5 ,
>
--
Gilles Chehade @poolpOrg
https://www.poolp.orgpatreon: https://www.patreon.com/gilles
{ "smtp+tls://",RELAY_TLS_STARTTLS, 0,
> 587 },
> + { "smtp+notls://", RELAY_TLS_NO,0,
> 25 },
> + { "lmtp://",RELAY_TLS_NO,RELAY_LMTP,
> 0 }
*/
> p = beg + len;
> if (*p == ':') {
> - relay->port = strtonum(p+1, 1, 0x, &errstr);
> + relay->port = strtonum(p+1, 1, IPPORT_HILASTAUTO, &errstr);
> if (errstr)
> return 0;
> }
&
; @@ -352,7 +352,7 @@ text_to_relayhost(struct relayhost *rela
> relay->port = 0;
>
> /* first, we extract the label if any */
> - if ((q = strchr(p, '@')) != NULL) {
> + if ((q = strrchr(p, '@'))
;
>
> - if ((fd = mkstemp(sfn)) == -1 ||
> - (ofp = fdopen(fd, "w+")) == NULL) {
> - int saved_errno = errno;
> - if (fd != -1) {
> - unlink(
t; filter_protocol_internal(fs, &token, reqid, phase, param);
> if (nparam)
> free(nparam);
> }
>
> static void
> -filter_protocol_next(uint64_t token, uint64_t reqid, enum filter_phase
> phase, const char *param)
> +filter_protocol_next(uint64_t token,
will be read.
I don't see what was wrong here :-/
> .Pp
> .Fn tls_config_set_cert_mem
> sets the public certificate directly from memory.
> .Pp
> .Fn tls_config_set_crl_file
> -sets the filename used to load a file containing the
> +sets the file used to load a file co
EY SIGN WITH
> CHALLENGEDIR KEYTYPE
> +%token DOMAIN ALTERNATIVE NAMES CERT FULL CHAIN KEY SIGN WITH
> CHALLENGEDIR
> %token YES NO
> %token INCLUDE
> %token ERROR
> @@ -108,6 +108,7 @@ typedef struct {
> %token
API ACCOUNT
> -%token DOMAIN ALTERNATIVE NAMES CERT FULL CHAIN KEY SIGN WITH
> CHALLENGEDIR KEYTYPE
> +%token DOMAIN ALTERNATIVE NAMES CERT FULL CHAIN KEY SIGN WITH
> CHALLENGEDIR
> %token YES NO
> %token INCLUDE
> %token ERROR
> @@ -260,13 +260,15
ING OUT OF
> > - * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
> > - */
> > -
> > -#include
> > -#include
> > -#include
> > -
> > -#include
> > -#include
> > -#include
> > -
> > -#include "rsa.h"
> > -
> > -/*
> > - * Default number of bits when creating a new key.
> > - */
> > -#defineKBITS 4096
> > -
> > -/*
> > - * Create an RSA key with the default KBITS number of bits.
> > - */
> > -EVP_PKEY *
> > -rsa_key_create(FILE *f, const char *fname)
> > -{
> > - EVP_PKEY_CTX*ctx = NULL;
> > - EVP_PKEY*pkey = NULL;
> > -
> > - /* First, create the context and the key. */
> > -
> > - if ((ctx = EVP_PKEY_CTX_new_id(EVP_PKEY_RSA, NULL)) == NULL) {
> > - warnx("EVP_PKEY_CTX_new_id");
> > - goto err;
> > - } else if (EVP_PKEY_keygen_init(ctx) <= 0) {
> > - warnx("EVP_PKEY_keygen_init");
> > - goto err;
> > - } else if (EVP_PKEY_CTX_set_rsa_keygen_bits(ctx, KBITS) <= 0) {
> > - warnx("EVP_PKEY_set_rsa_keygen_bits");
> > - goto err;
> > - } else if (EVP_PKEY_keygen(ctx, &pkey) <= 0) {
> > - warnx("EVP_PKEY_keygen");
> > - goto err;
> > - }
> > -
> > - /* Serialise the key to the disc. */
> > -
> > - if (PEM_write_PrivateKey(f, pkey, NULL, NULL, 0, NULL, NULL))
> > - goto out;
> > -
> > - warnx("%s: PEM_write_PrivateKey", fname);
> > -err:
> > - EVP_PKEY_free(pkey);
> > - pkey = NULL;
> > -out:
> > - EVP_PKEY_CTX_free(ctx);
> > - return pkey;
> > -}
> > -
> > -
> > -EVP_PKEY *
> > -rsa_key_load(FILE *f, const char *fname)
> > -{
> > - EVP_PKEY*pkey;
> > -
> > - pkey = PEM_read_PrivateKey(f, NULL, NULL, NULL);
> > - if (pkey == NULL) {
> > - warnx("%s: PEM_read_PrivateKey", fname);
> > - return NULL;
> > - } else if (EVP_PKEY_type(pkey->type) == EVP_PKEY_RSA)
> > - return pkey;
> > -
> > - warnx("%s: unsupported key type", fname);
> > - EVP_PKEY_free(pkey);
> > - return NULL;
> > -}
> > Index: rsa.h
> > ===
> > RCS file: rsa.h
> > diff -N rsa.h
> > --- rsa.h 31 Aug 2016 22:01:42 - 1.1
> > +++ /dev/null 1 Jan 1970 00:00:00 -
> > @@ -1,23 +0,0 @@
> > -/* $Id: rsa.h,v 1.1 2016/08/31 22:01:42 florian Exp $ */
> > -/*
> > - * Copyright (c) 2016 Kristaps Dzonsons
> > - *
> > - * Permission to use, copy, modify, and distribute this software for any
> > - * purpose with or without fee is hereby granted, provided that the above
> > - * copyright notice and this permission notice appear in all copies.
> > - *
> > - * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHORS DISCLAIM ALL WARRANTIES
> > - * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
> > - * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR
> > - * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
> > - * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
> > - * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
> > - * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
> > - */
> > -#ifndef RSA_H
> > -#define RSA_H
> > -
> > -EVP_PKEY *rsa_key_create(FILE *, const char *);
> > -EVP_PKEY *rsa_key_load(FILE *, const char *);
> > -
> > -#endif /* ! RSA_H */
>
>
>
>
> --
> I'm not entirely sure you are real.
>
--
Gilles Chehade @poolpOrg
https://www.poolp.org tip me: https://paypal.me/poolpOrg
goto err;
> - }
> -
> - /* Serialise the key to the disc. */
> -
> - if (PEM_write_PrivateKey(f, pkey, NULL, NULL, 0, NULL, NULL))
> - goto out;
> -
> - warnx("%s: PEM_write_PrivateKey", fname);
> -err:
> - EVP_PKEY_free(pkey);
> - pkey = NULL;
> -out:
> - EVP_PKEY_CTX_free(ctx);
> - return pkey;
> -}
> -
> -
> -EVP_PKEY *
> -rsa_key_load(FILE *f, const char *fname)
> -{
> - EVP_PKEY*pkey;
> -
> - pkey = PEM_read_PrivateKey(f, NULL, NULL, NULL);
> - if (pkey == NULL) {
> - warnx("%s: PEM_read_PrivateKey", fname);
> - return NULL;
> - } else if (EVP_PKEY_type(pkey->type) == EVP_PKEY_RSA)
> - return pkey;
> -
> - warnx("%s: unsupported key type", fname);
> - EVP_PKEY_free(pkey);
> - return NULL;
> -}
> Index: rsa.h
> ===
> RCS file: rsa.h
> diff -N rsa.h
> --- rsa.h 31 Aug 2016 22:01:42 - 1.1
> +++ /dev/null 1 Jan 1970 00:00:00 -
> @@ -1,23 +0,0 @@
> -/* $Id: rsa.h,v 1.1 2016/08/31 22:01:42 florian Exp $ */
> -/*
> - * Copyright (c) 2016 Kristaps Dzonsons
> - *
> - * Permission to use, copy, modify, and distribute this software for any
> - * purpose with or without fee is hereby granted, provided that the above
> - * copyright notice and this permission notice appear in all copies.
> - *
> - * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHORS DISCLAIM ALL WARRANTIES
> - * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
> - * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR
> - * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
> - * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
> - * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
> - * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
> - */
> -#ifndef RSA_H
> -#define RSA_H
> -
> -EVP_PKEY *rsa_key_create(FILE *, const char *);
> -EVP_PKEY *rsa_key_load(FILE *, const char *);
> -
> -#endif /* ! RSA_H */
--
Gilles Chehade @poolpOrg
https://www.poolp.org tip me: https://paypal.me/poolpOrg
On Wed, Jun 05, 2019 at 08:39:51AM +0200, Renaud Allard wrote:
>
>
> On 6/5/19 8:20 AM, Gilles Chehade wrote:
> > On Tue, Jun 04, 2019 at 03:54:11PM +0200, Renaud Allard wrote:
> > >
> > >
> > > On 6/3/19 11:53 AM, Renaud Allard wrote:
> > > &
eating a new key.
> - */
> -#define KBITS 4096
> -
> -/*
> - * Create an RSA key with the default KBITS number of bits.
> - */
> -EVP_PKEY *
> -rsa_key_create(FILE *f, const char *fname)
> -{
> - EVP_PKEY_CTX*ctx = NULL;
> - EVP_PKEY*pkey = NULL;
> -
> - /* First, create the context and the key. */
> -
> - if ((ctx = EVP_PKEY_CTX_new_id(EVP_PKEY_RSA, NULL)) == NULL) {
> - warnx("EVP_PKEY_CTX_new_id");
> - goto err;
> - } else if (EVP_PKEY_keygen_init(ctx) <= 0) {
> - warnx("EVP_PKEY_keygen_init");
> - goto err;
> - } else if (EVP_PKEY_CTX_set_rsa_keygen_bits(ctx, KBITS) <= 0) {
> - warnx("EVP_PKEY_set_rsa_keygen_bits");
> - goto err;
> - } else if (EVP_PKEY_keygen(ctx, &pkey) <= 0) {
> - warnx("EVP_PKEY_keygen");
> - goto err;
> - }
> -
> - /* Serialise the key to the disc. */
> -
> - if (PEM_write_PrivateKey(f, pkey, NULL, NULL, 0, NULL, NULL))
> - goto out;
> -
> - warnx("%s: PEM_write_PrivateKey", fname);
> -err:
> - EVP_PKEY_free(pkey);
> - pkey = NULL;
> -out:
> - EVP_PKEY_CTX_free(ctx);
> - return pkey;
> -}
> -
> -
> -EVP_PKEY *
> -rsa_key_load(FILE *f, const char *fname)
> -{
> - EVP_PKEY*pkey;
> -
> - pkey = PEM_read_PrivateKey(f, NULL, NULL, NULL);
> - if (pkey == NULL) {
> - warnx("%s: PEM_read_PrivateKey", fname);
> - return NULL;
> - } else if (EVP_PKEY_type(pkey->type) == EVP_PKEY_RSA)
> - return pkey;
> -
> - warnx("%s: unsupported key type", fname);
> - EVP_PKEY_free(pkey);
> - return NULL;
> -}
> Index: rsa.h
> ===
> RCS file: /cvs/src/usr.sbin/acme-client/rsa.h,v
> retrieving revision 1.1
> diff -u -p -r1.1 rsa.h
> --- rsa.h 31 Aug 2016 22:01:42 - 1.1
> +++ rsa.h 4 Jun 2019 13:50:28 -
> @@ -18,6 +18,6 @@
> #define RSA_H
>
> EVP_PKEY *rsa_key_create(FILE *, const char *);
> -EVP_PKEY *rsa_key_load(FILE *, const char *);
> +EVP_PKEY *key_load(FILE *, const char *);
>
> #endif /* ! RSA_H */
--
Gilles Chehade @poolpOrg
https://www.poolp.org tip me: https://paypal.me/poolpOrg
g list
> + (https://www.mail-archive.com/misc@opensmtpd.org/";>Archive).
> The
>list is not moderated, however registration is required.
>
>To register, simply send a mail to
>
> Sergey
>
--
Gilles Chehade
response);
> return 1;
> + }
> +
> + if ((ep = strchr(response, '|'))) {
> + parameter = ep + 1;
> + *ep = 0;
> }
>
> if (strcmp(response, "proceed") != 0 &&
>
--
Gilles Chehade @poolpOrg
https://www.poolp.org tip me: https://paypal.me/poolpOrg
savemail(expand(cp), mtf);
>
> /* Setup sendmail arguments. */
> -*ap++ = "send-mail";
> +*ap++ = "sendmail";
> *ap++ = "-i";
> *ap++ = "-t";
> cp = hp->h_from ? hp->h_from : valu
ap from that other
> OS I mentioned, so that's my reason for this line of thinking slash
> pipe-dreaming ;)
>
quite amazing to watch tedu talk to another tedu :-|
--
Gilles Chehade @poolpOrg
https://www.poolp.org tip me: https://paypal.me/poolpOrg
dest) == -E2BIG) {
// overflow
}
and that strscpy() is essentially strlcpy() in NIH disguise:
ssize_t
strscpy(char *dest, const char *src, size_t count)
{
ssize_t ret;
if ((ret = strlcpy(dest, src, count)) >= count)
return -E2BIG;
On Tue, Nov 20, 2018 at 04:12:13PM -0600, Edgar Pettijohn wrote:
>
> >
> > why db ?
>
> Do you need makemap for file backend?
>
oh gosh am I dumb.
your diff is ok, ignore me, will commit later today.
--
Gilles Chehade
should stick to the file backend which is the best one for
the general case.
The db backend is an extension of the file backend and unless you have a
very specific use case, it brings no benefit whatsoever. It ISN'T faster
than the file backend and unless you
??? ;;
> + bridge)
> + # Skip bridge in the installer.
> ?????????? return
> ?? ;;
> ?? *)?? _cmds[${#_cmds[*]}]="ifconfig $_if ${_c[@]}"
>
>
> Cheers
>
--
Gilles Chehade @poolpOrg
https://www.poolp.org tip me: https://paypal.me/poolpOrg
e domain if prefixed
> +with
> +.Sq @ .
> .It Xo
> .Op Ic \&!
> .Cm rcpt\-to
> @@ -538,6 +543,11 @@ Specify that transactions's MAIL FROM sh
> .Xc
> Specify that transaction's RCPT TO should match the string or list table
> .Ar recipient .
> +The
> +.Ar recipient
> +may contain complete email addresses or apply to an entire domain if prefixed
> +with
> +.Sq @ .
> .It Xo
> .Op Ic \&!
> .Cm tag Ar tag
>
--
Gilles Chehade
https://www.poolp.org @poolpOrg
On Thu, Oct 25, 2018 at 07:24:33AM +0100, Raf Czlonka wrote:
> On Thu, Oct 25, 2018 at 07:11:47AM BST, Gilles Chehade wrote:
> >
> > smtpd will _always_ display a 'starttls' log line when the TLS channel
> > starts,
> > disregarding if TLS was started
y issue here is that you attempted to connect in plaintext then upgrade
a session on a host that didn't speak plaintext and expected sessions to speak
TLS from the start.
--
Gilles Chehade
https://www.poolp.org @poolpOrg
ch_a);
> + lookup_record(T_, *(ap) + 2, dispatch_);
> continue;
> }
> if (strncasecmp("exists:", *ap, 7) == 0) {
--
Gilles Chehade
https://www.poolp.org @poolpOrg
{ "smtp+notls://", RELAY_TLS_NO,0
> },
> + { "lmtp://",RELAY_TLS_NO,RELAY_LMTP
> },
> + { "smtps://", RELAY_TLS_SMTPS, 0
> }
> };
> const char *errstr = NULL;
> char *p, *q;
> @@ -344,6 +345,7 @@ text_to_relayhost(struct relayhost *rela
> else
> p = buffer + strlen(schemas[i].name);
>
> + relay->tls = schemas[i].tls;
> relay->flags = schemas[i].flags;
>
> /* need to specify an explicit port for LMTP */
> @@ -395,7 +397,8 @@ text_to_relayhost(struct relayhost *rela
> return 0;
> if (relay->authlabel[0]) {
> /* disallow auth on non-tls scheme. */
> - if (!(relay->flags & (RELAY_STARTTLS | RELAY_SMTPS)))
> + if (relay->tls != RELAY_TLS_STARTTLS &&
> + relay->tls != RELAY_TLS_SMTPS)
> return 0;
> relay->flags |= RELAY_AUTH;
> }
>
--
Gilles Chehade
https://www.poolp.org @poolpOrg
On Mon, Sep 03, 2018 at 11:43:02PM +0800, Michael Mikonos wrote:
> On Mon, Sep 03, 2018 at 02:24:49PM +0800, Michael Mikonos wrote:
> > On Sat, Sep 01, 2018 at 11:31:49PM +0200, Gilles Chehade wrote:
> > > On Sat, Sep 01, 2018 at 09:20:59PM +0800, Michael Mikonos wr
Alias
> > table.
> >
> > Thanks,
> > Matt
> >
>
> [...]
>
>
> i think your diff reads better than what's there now. gilles, eric?
>
agreed
--
Gilles Chehade
https://www.poolp.org @poolpOrg
gt; +.It Cm wrapper Ar name
> > +Use the wrapper specified in
> > +.Cm mda wrapper.
>
> that looks correct (i think). but with one adjustment - there should be
> a space between "wrapper" and the full stop.
>
> gilles? eric?
>
yes this reads
m, s, len);
> + len = strlen(s) - strlen(val);
> + sym = strndup(s, len);
> + if (sym == NULL)
> + errx(1, "%s: strndup", __func__);
>
> ret = symset(sym, val + 1, 1);
> free(sym);
>
--
Gilles Chehade
https://www.poolp.org @poolpOrg
ent_state: unknown state");
> + fatalx("%s: bad state %d", __func__, proto->state);
> }
> #undef smtp_client_state
> }
>
--
Gilles Chehade
https://www.poolp.org @poolpOrg
i = 2;
> + /* no schema, default to smtp:// */
> + i = 0;
> p = buffer;
> }
> else
> @@ -397,10 +393,13 @@ text_to_relayhost(struct relayhost *rela
> return 0;
> if ((relay->flags & RELAY_LMTP) && (relay->port == 0))
> return 0;
> - if (relay->authlabel[0] == '\0' && relay->flags & RELAY_AUTH)
> - return 0;
> - if (relay->authlabel[0] != '\0' && !(relay->flags & RELAY_AUTH))
> - return 0;
> + if (relay->authlabel[0]) {
> + /* disallow auth on non-tls scheme. */
> + if (!(relay->flags & (RELAY_STARTTLS | RELAY_SMTPS)))
> + return 0;
> + relay->flags |= RELAY_AUTH;
> + }
> +
> return 1;
> }
>
--
Gilles Chehade
https://www.poolp.org @poolpOrg
sage-Id", res.hdr))
> + tx->has_message_id = 1;
> +
> + smtp_message_printf(tx, "%s:%s\n", res.hdr, res.value);
> + break;
> +
> + case RFC5322_HEADER_CONT:
>
> - ret = rfc2822_parser_feed(&tx->rfc2822_parser, line);
> - if (ret == -1)
> - tx->error = TX_ERROR_RESOURCES;
> + if (!strcasecmp("Bcc", res.hdr) ||
> + !strcasecmp("To", res.hdr) ||
> + !strcasecmp("Cc", res.hdr) ||
> + !strcasecmp("From", res.hdr))
> + continue;
>
> - if (ret == 0)
> - tx->error = TX_ERROR_MALFORMED;
> + smtp_message_printf(tx, "%s\n", res.value);
> + break;
> +
> + case RFC5322_HEADER_END:
> + if (!strcasecmp("To", res.hdr) ||
> + !strcasecmp("Cc", res.hdr) ||
> + !strcasecmp("From", res.hdr))
> + header_domain_append_callback(tx, res.hdr,
> + res.value);
> + break;
> +
> + case RFC5322_END_OF_HEADERS:
> + if (tx->session->listener->local ||
> + tx->session->listener->port == 587) {
>
> - return 0;
> + if (!tx->has_date) {
> + log_debug("debug: %p: adding Date", tx);
> + smtp_message_printf(tx, "Date: %s\n",
> + time_to_text(tx->time));
> + }
> +
> + if (!tx->has_message_id) {
> + log_debug("debug: %p: adding
> Message-ID", tx);
> + smtp_message_printf(tx,
> + "Message-ID: <%016"PRIx64"@%s>\n",
> + generate_uid(),
> + tx->session->listener->hostname);
> + }
> + }
> + break;
> +
> + case RFC5322_BODY_START:
> + case RFC5322_BODY:
> + smtp_message_printf(tx, "%s\n", res.value);
> + break;
> +
> + case RFC5322_END_OF_MESSAGE:
> + return 1;
> +
> + default:
> + fatalx("%s", __func__);
> + }
> + }
> }
>
> static void
> Index: smtpd.h
> ===
> RCS file: /cvs/src/usr.sbin/smtpd/smtpd.h,v
> retrieving revision 1.556
> diff -u -p -r1.556 smtpd.h
> --- smtpd.h 25 Jul 2018 16:00:48 - 1.556
> +++ smtpd.h 26 Jul 2018 14:40:57 -
> @@ -30,8 +30,6 @@
> #include "smtpd-api.h"
> #include "ioev.h"
>
> -#include "rfc2822.h"
> -
> #define CHECK_IMSG_DATA_SIZE(imsg, expected_sz) do { \
> if ((imsg)->hdr.len - IMSG_HEADER_SIZE != (expected_sz))\
> fatalx("smtpd: imsg %d: data size expected %zd got %zd",\
> Index: smtpd/Makefile
> ===
> RCS file: /cvs/src/usr.sbin/smtpd/smtpd/Makefile,v
> retrieving revision 1.92
> diff -u -p -r1.92 Makefile
> --- smtpd/Makefile25 Jul 2018 16:00:48 - 1.92
> +++ smtpd/Makefile26 Jul 2018 14:40:57 -
> @@ -36,6 +36,7 @@ SRCS+= pony.c
> SRCS+= queue.c
> SRCS+= queue_backend.c
> SRCS+= resolver.c
> +SRCS+= rfc5322.c
> SRCS+= ruleset.c
> SRCS+= runq.c
> SRCS+= scheduler.c
> @@ -52,9 +53,6 @@ SRCS+= to.c
> SRCS+= tree.c
> SRCS+= util.c
> SRCS+= waitq.c
> -
> -# RFC parsers
> -SRCS+= rfc2822.c
>
> # backends
> SRCS+= compress_gzip.c
>
--
Gilles Chehade
https://www.poolp.org @poolpOrg
t; + lungetc(START_EXPAND);
> goto top;
> }
>
> @@ -1957,7 +1980,16 @@ pushfile(const char *name, int secret)
> free(nfile);
> return (NULL);
> }
> - nfile->lineno = 1;
> + nfile->lineno = TAILQ_EMPTY(&files) ? 1 : 0;
> + nfile->ungetsize = 16;
> + nfile->ungetbuf = malloc(nfile->ungetsize);
> + if (nfile->ungetbuf == NULL) {
> + log_warn("warn: malloc");
> + fclose(nfile->stream);
> + free(nfile->name);
> + free(nfile);
> + return (NULL);
> + }
> TAILQ_INSERT_TAIL(&files, nfile, entry);
> return (nfile);
> }
> @@ -1973,6 +2005,7 @@ popfile(void)
> TAILQ_REMOVE(&files, file, entry);
> fclose(file->stream);
> free(file->name);
> + free(file->ungetbuf);
> free(file);
> file = prev;
> return (file ? 0 : EOF);
>
--
Gilles Chehade
https://www.poolp.org @poolpOrg
6:35 - 1.183
> +++ smtpd.conf.5 31 May 2018 19:56:04 -
> @@ -205,6 +205,9 @@ to advertise during the HELO phase.
> .It Cm host Ar relay-url
> Do not perform MX lookups but relay messages to the relay host described by
> .Ar relay-url .
> +If the url uses tls, th
t;no-dsn", NODSN },
> + { "no-verify", NOVERIFY },
> { "on", ON },
> { "pki",PKI },
> { "port", PORT },
> Index: mta.c
> ==
tials.
> +This option is usable only with
> +.Cm host
> +option.
> +The credential table format is described in
> +.Xr table 5 .
> .It Cm mail\-from Ar mailaddr
> Use
> .Ar mailaddr
>
--
Gilles Chehade
https://www.poolp.org @poolpOrg
On Thu, May 24, 2018 at 04:38:17PM -0400, Rupert Gallagher wrote:
> On Thu, May 24, 2018 at 14:18, Gilles Chehade wrote:
>
> > In effect, instead of having:
> > accept from any for local deliver to mbox
> >
> > You will have:
> > action "my_action&
s well much safer, removed a lot of
very unpleasant side-effects most people didn't even realize existed ...
until they hit that one case for which we had no way to work around.
Anyways,
looking forward for you to test and report how it works for you :-)
-
.fallback = 1;
> + }
> + m_compose(p_lka, IMSG_SMTP_TLS_INIT, 0, 0, -1,
> + &req_ca_cert, sizeof(req_ca_cert));
> + tree_xset(&wait_ssl_init, s->id, s);
> + return;
> + }
> +
> + smtp_send_banner(s);
> }
>
> static void
> @@ -2416,48 +2318,6 @@ smtp_queue_rollback(struct smtp_session
> m_create(p_queue, IMSG_SMTP_MESSAGE_ROLLBACK, 0, 0, -1);
> m_add_msgid(p_queue, s->tx->msgid);
> m_close(p_queue);
> -}
> -
> -static void
> -smtp_filter_connect(struct smtp_session *s, struct sockaddr *sa)
> -{
> - tree_xset(&wait_filter, s->id, s);
> - smtp_filter_response(s->id, QUERY_CONNECT, FILTER_OK, 0, NULL);
> -}
> -
> -static void
> -smtp_filter_eom(struct smtp_session *s)
> -{
> - tree_xset(&wait_filter, s->id, s);
> - smtp_filter_response(s->id, QUERY_EOM, FILTER_OK, 0, NULL);
> -}
> -
> -static void
> -smtp_filter_helo(struct smtp_session *s)
> -{
> - tree_xset(&wait_filter, s->id, s);
> - smtp_filter_response(s->id, QUERY_HELO, FILTER_OK, 0, NULL);
> -}
> -
> -static void
> -smtp_filter_mail(struct smtp_session *s)
> -{
> - tree_xset(&wait_filter, s->id, s);
> - smtp_filter_response(s->id, QUERY_MAIL, FILTER_OK, 0, NULL);
> -}
> -
> -static void
> -smtp_filter_rcpt(struct smtp_session *s)
> -{
> - tree_xset(&wait_filter, s->id, s);
> - smtp_filter_response(s->id, QUERY_RCPT, FILTER_OK, 0, NULL);
> -}
> -
> -static void
> -smtp_filter_data(struct smtp_session *s)
> -{
> - tree_xset(&wait_filter, s->id, s);
> - smtp_filter_response(s->id, QUERY_DATA, FILTER_OK, 0, NULL);
> }
>
> static void
>
--
Gilles Chehade
https://www.poolp.org @poolpOrg
t; - t->t_type = (valp == keyp || valp == NULL) ? T_LIST :
> - T_HASH;
> + table_add(t, keyp, valp);
> + }
>
> - if ((valp == keyp || valp == NULL) &&
ype == 0)
> t->t_type = (valp == keyp || valp == NULL) ? T_LIST :
> T_HASH;
> -
> - if (!(t->t_type & type))
> - goto end;
>
> if ((valp == keyp || valp == NULL) && t->t_type == T_LIST)
> table_add(t, keyp, NULL);
>
--
Gilles Chehade
https://www.poolp.org @poolpOrg
On Fri, Aug 04, 2017 at 02:56:21PM +0200, Gilles Chehade wrote:
> On Fri, Aug 04, 2017 at 01:13:06PM +0200, Eric Faurot wrote:
> > Hi,
> >
> > Experimental support for filters has been removed some time ago from
> > the config parser. Now we want to get rid of the r
);
> }
>
> static void
> smtp_filter_mail(struct smtp_session *s)
> {
> tree_xset(&wait_filter, s->id, s);
> - filter_mailaddr(s->id, QUERY_MAIL, &s->tx->evp.sender);
> + smtp_filter_response(s->id, QUERY_MAIL, FILTER_OK, 0, NULL);
> }
>
> static void
> smtp_filter_rcpt(struct smtp_session *s)
> {
> tree_xset(&wait_filter, s->id, s);
> - filter_mailaddr(s->id, QUERY_RCPT, &s->tx->evp.rcpt);
> + smtp_filter_response(s->id, QUERY_RCPT, FILTER_OK, 0, NULL);
> }
>
> static void
> smtp_filter_data(struct smtp_session *s)
> {
> tree_xset(&wait_filter, s->id, s);
> - filter_line(s->id, QUERY_DATA, NULL);
> + smtp_filter_response(s->id, QUERY_DATA, FILTER_OK, 0, NULL);
> }
>
> static void
> @@ -2624,11 +2517,6 @@ smtp_filter_dataline(struct smtp_session
> if (ret == 0) {
> s->tx->msgflags |= MF_ERROR_MALFORMED;
> return;
> - }
> -
> - if (io_queued(s->tx->oev) > DATA_HIWAT && !io_paused(s->io, IO_IN)) {
> - log_debug("debug: smtp: %p: filter congestion: pausing
> session", s);
> - io_pause(s->io, IO_IN);
> }
> }
>
> Index: smtpd.h
> ===
> RCS file: /cvs/src/usr.sbin/smtpd/smtpd.h,v
> retrieving revision 1.533
> diff -u -p -r1.533 smtpd.h
> --- smtpd.h 27 Jul 2017 18:48:30 - 1.533
> +++ smtpd.h 4 Aug 2017 09:53:16 -
> @@ -1200,18 +1200,6 @@ int expand_to_text(struct expand *, char
> RB_PROTOTYPE(expandtree, expandnode, nodes, expand_cmp);
>
>
> -/* filter.c */
> -void filter_postfork(void);
> -void filter_configure(void);
> -void filter_connect(uint64_t, const struct sockaddr *,
> -const struct sockaddr *, const char *, const char *);
> -void filter_mailaddr(uint64_t, int, const struct mailaddr *);
> -void filter_line(uint64_t, int, const char *);
> -void filter_eom(uint64_t, int, size_t);
> -void filter_event(uint64_t, int);
> -void filter_build_fd_chain(uint64_t, int);
> -
> -
> /* forward.c */
> int forwards_get(int, struct expand *);
>
> Index: smtpd/Makefile
> ===
> RCS file: /cvs/src/usr.sbin/smtpd/smtpd/Makefile,v
> retrieving revision 1.87
> diff -u -p -r1.87 Makefile
> --- smtpd/Makefile26 May 2017 21:30:00 - 1.87
> +++ smtpd/Makefile3 Aug 2017 09:55:57 -
> @@ -17,7 +17,6 @@ SRCS+= dns.c
> SRCS+= envelope.c
> SRCS+= esc.c
> SRCS+= expand.c
> -SRCS+= filter.c
> SRCS+= forward.c
> SRCS+= iobuf.c
> SRCS+= ioev.c
>
--
Gilles Chehade
https://www.poolp.org @poolpOrg
ns as the dtable can accommodate (with an fd reserve).
> The lower limits are on outgoing connections.
>
> New diff with reordered code. I'll see if I can get Adam to run one more
> round of testing..
>
Committed thanks :)
--
Gilles Chehade
https://www.poolp.org @poolpOrg
>oev) == 0)
> smtp_data_io_done(s);
> - } else if (io_paused(s->io, IO_IN)) {
> +
> + if (io_paused(s->io, IO_IN)) {
> log_debug("debug: smtp: %p: filter congestion over:
> resuming session", s);
> io_resume(s->io, IO_IN);
> }
>
>
--
Gilles Chehade
https://www.poolp.org @poolpOrg
On Wed, May 31, 2017 at 09:53:38AM -0500, Jimmy Hess wrote:
> On Wed, May 31, 2017 at 6:34 AM, Gilles Chehade wrote:
>
> > It is not that simple because newaliases works when you have one aliases
> > database (e.g. /etc/mail/aliases). This is the case on the default setup
>
ases" did whatever is necessary for the
> table type you have in use so you don't need to think about it and the
> documentation can be simple..)
>
It is not that simple because newaliases works when you have one aliases
database (e.g. /etc/mail/aliases). This is the case on the default setup
but smtpd supports per-rule aliases mappings and for example the MX that
I run for poolp.org and opensmtpd.org has two different sets of aliases,
one for each domain, and now newaliases can't work anymore.
We can hack it so it works in some cases but it will never be able to do
the work correctly for non-default configurations and we will still have
to provide and document the smtpctl command.
--
Gilles Chehade
https://www.poolp.org @poolpOrg
> m_create(s->p, IMSG_MTA_DNS_HOST_END, 0, 0, -1);
> m_add_id(s->p, s->reqid);
> m_add_int(s->p, DNS_EINVAL);
--
Gilles Chehade
https://www.poolp.org @poolpOrg
17:43:32 - 1.302
> +++ smtp_session.c11 May 2017 10:16:54 -
> @@ -962,8 +962,7 @@ smtp_session_imsg(struct mproc *p, struc
> io_set_read(s->io);
> io_start_tls(s->io, ssl);
>
> - explicit_bzero(resp_ca_cert->cert, resp_ca_cert->cert_len);
> - free(resp_ca_cert->cert);
> + freezero(resp_ca_cert->cert, resp_ca_cert->cert_len);
> free(resp_ca_cert);
> return;
>
--
Gilles Chehade
https://www.poolp.org @poolpOrg
n of the situation.
Sadly, "clear" is something the OpenSSL folks are unfamiliar with...
--
Gilles Chehade
https://www.poolp.org @poolpOrg
0211_disable_wep(ic);
> > } else {
> > ic->ic_flags &= ~IEEE80211_F_PSK;
> > memset(ic->ic_psk, 0, sizeof(ic->ic_psk));
> > @@ -496,6 +528,8 @@ ieee80211_ioctl(struct ifnet *ifp, u_lon
> > break;
> > kr = (struct ieee80211_keyrun *)data;
> > error = ieee80211_keyrun(ic, kr->i_macaddr);
> > + if (error == 0 && (ic->ic_flags & IEEE80211_F_WEPON))
> > + ieee80211_disable_wep(ic);
> > break;
> > case SIOCS80211POWER:
> > if ((error = suser(curproc, 0)) != 0)
> >
>
> --
> Antoine
>
--
Gilles Chehade
https://www.poolp.org @poolpOrg
;vm_ttyname = NULL;
> +}
> +
> void
> switch_remove(struct vmd_switch *vsw)
> {
> diff --git usr.sbin/vmd/vmd.h usr.sbin/vmd/vmd.h
> index e371112..26d345c 100644
> --- usr.sbin/vmd/vmd.h
> +++ usr.sbin/vmd/vmd.h
> @@ -185,6 +185,7 @@ struct vmd {
> struct switchlist *vmd_switches;
>
> int vmd_fd;
> + int vmd_ptmfd;
> };
>
> /* vmd.c */
> @@ -197,6 +198,8 @@ void vm_stop(struct vmd_vm *, int);
> void vm_remove(struct vmd_vm *);
> int vm_register(struct privsep *, struct vmop_create_params *,
> struct vmd_vm **, uint32_t);
> +int vm_opentty(struct vmd_vm *);
> +void vm_closetty(struct vmd_vm *);
> void switch_remove(struct vmd_switch *);
> struct vmd_switch *switch_getbyname(const char *);
> char *get_string(uint8_t *, size_t);
>
--
Gilles Chehade
https://www.poolp.org @poolpOrg
turn;
> + }
> + break;
> case IMSG_VMDOP_LOAD:
> case IMSG_VMDOP_RELOAD:
> case IMSG_CTL_RESET:
> @@ -384,6 +404,8 @@ control_dispatch_imsg(int fd, short event, void *arg)
> return;
>
> fail:
> + if (ret == 0)
> + ret = EINVAL;
> imsg_compose_event(&c->iev, IMSG_CTL_FAIL,
> 0, 0, -1, &ret, sizeof(ret));
> imsg_flush(&c->iev.ibuf);
>
--
Gilles Chehade
https://www.poolp.org @poolpOrg
> _asr_pack_query(&p, type, class, dname);
> - if (as->as_ctx->ac_options & RES_USE_EDNS0)
> - _asr_pack_edns0(&p, MAXPACKETSZ);
> + if (as->as_ctx->ac_options & (RES_USE_EDNS0 | RES_USE_DNSSEC))
> + _asr_pack_edns0(&p, MAXPACKETSZ,
> + as->as_ctx->ac_options & RES_USE_DNSSEC);
> if (p.err) {
> DPRINT("error packing query");
> errno = EINVAL;
> Index: net/resolver.3
> ===
> RCS file: /d/cvs/src/lib/libc/net/resolver.3,v
> retrieving revision 1.36
> diff -u -p -r1.36 resolver.3
> --- net/resolver.318 Feb 2017 19:23:05 - 1.36
> +++ net/resolver.327 Feb 2017 07:25:11 -
> @@ -199,9 +199,6 @@ uses 4096 bytes as input buffer size.
> Request that the resolver uses
> Domain Name System Security Extensions (DNSSEC),
> as defined in RFCs 4033, 4034, and 4035.
> -On
> -.Ox
> -this option does nothing.
> .El
> .Pp
> The
>
>
> --
> jca | PGP : 0x1524E7EE / 5135 92C1 AD36 5293 2BDF DDCC 0DFA 74AE 1524 E7EE
>
--
Gilles Chehade
https://www.poolp.org @poolpOrg
etifaddrs(&ifa0) != 0)
> + if (getifaddrs(&ifa0) == -1)
> return (-1);
>
> as->as.ai.flags |= ASYNC_NO_INET | ASYNC_NO_INET6;
>
--
Gilles Chehade
https://www.poolp.org @poolpOrg
/passwd file will contain an entry like
> @@ -199,9 +197,9 @@ maildir folder are mapped to the single
> In this example, Dovecot is used as an IMAP server.
>
>
> -# export
> PKG_PATH=http://your.local.mirror/pub/OpenBSD/%c/package
y between userland
> and the kernel that spreads the inconsistency inside userland.
>
> Kernel and userland best practices are already quite different, including
> this in that list is the lesser evil.
>
I would love to remove this from smtpd to reduce diff with portable,
so i'm generally ok with the idea
--
Gilles Chehade
https://www.poolp.org @poolpOrg
mp;& io_datalen(&s->io) >= LINE_MAX) ||
> + line = io_getline(s->io, &len);
> + if ((line == NULL && io_datalen(s->io) >= LINE_MAX) ||
> (line && len >= LINE_MAX)) {
> s->flags |
; smtp_reply(s, "421 %s: Temporary Error",
> > esc_code(ESC_STATUS_TEMPFAIL,
> > ESC_OTHER_MAIL_SYSTEM_STATUS));
> > smtp_enter_state(s, STATE_QUIT);
> > - io_reload(&s->io);
> > return;
> > }
> >
> > @@ -1257,7 +1240,6 @@ smtp_filter_fd(uint64_t id, int fd)
> > " on a line by itself");
> >
> > tree_xset(&wait_filter_data, s->id, s);
> > - io_reload(&s->io);
> > }
> >
> > static void
> > @@ -1341,8 +1323,6 @@ smtp_io(struct io *io, int evt, void *ar
> > s->tx->dataeom = 1;
> > if (io_queued(&s->tx->oev) == 0)
> > smtp_data_io_done(s);
> > - else
> > - io_reload(&s->tx->oev);
> > return;
> > }
> >
> > @@ -1547,7 +1527,6 @@ smtp_data_io_done(struct smtp_session *s
> > smtp_reply(s, "421 Internal server error");
> > smtp_tx_free(s->tx);
> > smtp_enter_state(s, STATE_HELO);
> > - io_reload(&s->io);
> > }
> > else {
> > smtp_filter_eom(s);
> > @@ -2137,7 +2116,6 @@ static void
> > smtp_send_banner(struct smtp_session *s)
> > {
> > smtp_reply(s, "220 %s ESMTP %s", s->smtpname, SMTPD_NAME);
> > - io_reload(&s->io);
> > }
> >
> > void
> > @@ -2466,7 +2444,6 @@ smtp_auth_failure_resume(int fd, short e
> >
> > smtp_reply(s, "535 Authentication failed");
> > smtp_enter_state(s, STATE_HELO);
> > - io_reload(&s->io);
> > }
> >
> > static void
> > @@ -2662,7 +2639,6 @@ smtp_filter_dataline(struct smtp_session
> > log_debug("debug: smtp: %p: filter congestion over: pausing
> > session", s);
> > io_pause(&s->io, IO_PAUSE_IN);
> > }
> > - io_reload(&s->tx->oev);
> > }
> >
> > #define CASE(x) case x : return #x
>
--
Gilles Chehade
https://www.poolp.org @poolpOrg
1 - 100 of 218 matches
Mail list logo
