X-Git-Url: https://git.donarmstrong.com/?a=blobdiff_plain;f=spamass-milter.cpp;h=36988923e4b806d932193703a3a4670ef7487a63;hb=1a13de003b1a90d0058ed32d639617a232c769d5;hp=06e54f216cd37b548a9fa6e9f40014541b302fa9;hpb=b710828435b1f296a81fb7f239b64ce7a1b3e9b8;p=deb_pkgs%2Fspamass-milter.git diff --git a/spamass-milter.cpp b/spamass-milter.cpp index 06e54f2..3698892 100644 --- a/spamass-milter.cpp +++ b/spamass-milter.cpp @@ -1,6 +1,6 @@ // // -// $Id: spamass-milter.cpp,v 1.86 2005/02/05 07:03:22 dnelson Exp $ +// $Id: spamass-milter.cpp,v 1.94 2011/02/14 21:50:53 dnelson Exp $ // // SpamAss-Milter // - a rather trivial SpamAssassin Sendmail Milter plugin @@ -127,7 +127,7 @@ int daemon(int nochdir, int noclose); // }}} -static const char Id[] = "$Id: spamass-milter.cpp,v 1.86 2005/02/05 07:03:22 dnelson Exp $"; +static const char Id[] = "$Id: spamass-milter.cpp,v 1.94 2011/02/14 21:50:53 dnelson Exp $"; struct smfiDesc smfilter = { @@ -170,10 +170,7 @@ char *spambucket; bool flag_full_email = false; /* pass full email address to spamc */ bool flag_expand = false; /* alias/virtusertable expansion */ bool ignore_authenticated_senders = false; - -#if defined(__FreeBSD__) /* popen bug - see PR bin/50770 */ -static pthread_mutex_t popen_mutex = PTHREAD_MUTEX_INITIALIZER; -#endif +bool warnedmacro = false; /* have we logged that we couldn't fetch a macro? */ // {{{ main() @@ -297,7 +294,7 @@ main(int argc, char* argv[]) " username. Uses 'defaultdomain' if there was none" << endl; cout << " -f: fork into background" << endl; cout << " -i: skip (ignore) checks from these IPs or netblocks" << endl; - cout << " example: -i 192.168.12.5,10.0.0.0/8,172.16/255.255.0.0" << endl; + cout << " example: -i 192.168.12.5,10.0.0.0/8,172.16.0.0/255.255.0.0" << endl; cout << " -I: skip (ignore) checks if sender is authenticated" << endl; cout << " -m: don't modify body, Content-type: or Subject:" << endl; cout << " -M: don't modify the message at all" << endl; @@ -366,7 +363,7 @@ main(int argc, char* argv[]) // }}} /* Update a header if SA changes it, or add it if it is new. */ -void update_or_insert(SpamAssassin* assassin, SMFICTX* ctx, string oldstring, t_setter setter, char *header ) +void update_or_insert(SpamAssassin* assassin, SMFICTX* ctx, string oldstring, t_setter setter, const char *header ) { string::size_type eoh1 = assassin->d().find("\n\n"); string::size_type eoh2 = assassin->d().find("\n\r\n"); @@ -389,15 +386,16 @@ void update_or_insert(SpamAssassin* assassin, SMFICTX* ctx, string oldstring, t_ { /* change if old one was present, append if non-null */ char* cstr = const_cast(newstring.c_str()); + char* hstr = const_cast(header); if (oldsize > 0) { debug(D_UORI, "u_or_i: changing"); - smfi_chgheader(ctx, header, 1, newstring.size() > 0 ? + smfi_chgheader(ctx, hstr, 1, newstring.size() > 0 ? cstr : NULL ); } else if (newstring.size() > 0) { debug(D_UORI, "u_or_i: inserting"); - smfi_addheader(ctx, header, cstr); + smfi_addheader(ctx, hstr, cstr); } } else { @@ -466,59 +464,26 @@ assassinate(SMFICTX* ctx, SpamAssassin* assassin) send another copy. The milter API will not let you send the message AND return a failure code to the sender, so this is the only way to do it. */ -#if defined(__FreeBSD__) - int rv; -#endif - -#if defined(HAVE_ASPRINTF) - char *buf; -#else - char buf[1024]; -#endif - char *fmt="%s \"%s\""; + char *popen_argv[3]; FILE *p; + pid_t pid; -#if defined(HAVE_ASPRINTF) - asprintf(&buf, fmt, SENDMAIL, spambucket); -#else -#if defined(HAVE_SNPRINTF) - snprintf(buf, sizeof(buf)-1, fmt, SENDMAIL, spambucket); -#else - /* XXX possible buffer overflow here */ - sprintf(buf, fmt, SENDMAIL, spambucket); -#endif -#endif - - debug(D_COPY, "calling %s", buf); -#if defined(__FreeBSD__) /* popen bug - see PR bin/50770 */ - rv = pthread_mutex_lock(&popen_mutex); - if (rv) - { - debug(D_ALWAYS, "Could not lock popen mutex: %s", strerror(rv)); - abort(); - } -#endif - p = popen(buf, "w"); + popen_argv[0] = SENDMAIL; + popen_argv[1] = spambucket; + popen_argv[2] = NULL; + + debug(D_COPY, "calling %s %s", SENDMAIL, spambucket); + p = popenv(popen_argv, "w",&pid); if (!p) { - debug(D_COPY, "popen failed(%s). Will not send a copy to spambucket", strerror(errno)); + debug(D_COPY, "popenv failed(%s). Will not send a copy to spambucket", strerror(errno)); } else { // Send message provided by SpamAssassin fwrite(assassin->d().c_str(), assassin->d().size(), 1, p); - pclose(p); p = NULL; + fclose(p); p = NULL; + waitpid(pid,0,0); } -#if defined(__FreeBSD__) - rv = pthread_mutex_unlock(&popen_mutex); - if (rv) - { - debug(D_ALWAYS, "Could not unlock popen mutex: %s", strerror(rv)); - abort(); - } -#endif -#if defined(HAVE_ASPRINTF) - free(buf); -#endif } return SMFIS_REJECT; } @@ -684,9 +649,16 @@ retrieve_field(const string& header, const string& field) if (header[field_end-1] == '\r') field_end--; - // Maybe remove the whitespace picked up when a header wraps - this - // might actually be a requirement - return header.substr( field_start, field_end - field_start ); + string data = header.substr( field_start, field_end - field_start ); + + /* Replace all CRLF pairs with LF */ + idx = 0; + while ( (idx = data.find("\r\n", idx)) != string::npos ) + { + data.replace(idx,2,"\n"); + } + + return data; } @@ -705,6 +677,7 @@ sfsistat mlfi_connect(SMFICTX * ctx, char *hostname, _SOCK_ADDR * hostaddr) { struct context *sctx; + int rv; debug(D_FUNC, "mlfi_connect: enter"); @@ -723,7 +696,13 @@ mlfi_connect(SMFICTX * ctx, char *hostname, _SOCK_ADDR * hostaddr) sctx->helo = NULL; /* store a pointer to it with setpriv */ - smfi_setpriv(ctx, sctx); + rv = smfi_setpriv(ctx, sctx); + if (rv != MI_SUCCESS) + { + debug(D_ALWAYS, "smfi_setpriv failed!"); + return SMFIS_TEMPFAIL; + } + /* debug(D_ALWAYS, "ZZZ set private context to %p", sctx); */ if (ip_in_networklist(sctx->connect_ip, &ignorenets)) { @@ -767,6 +746,13 @@ mlfi_envfrom(SMFICTX* ctx, char** envfrom) struct context *sctx = (struct context *)smfi_getpriv(ctx); char *queueid; + if (sctx == NULL) + { + debug(D_ALWAYS, "smfi_getpriv failed!"); + return SMFIS_TEMPFAIL; + } + /* debug(D_ALWAYS, "ZZZ got private context %p", sctx); */ + if (ignore_authenticated_senders) { char *auth_authen; @@ -803,7 +789,10 @@ mlfi_envfrom(SMFICTX* ctx, char** envfrom) queueid=smfi_getsymval(ctx,"i"); if (!queueid) - queueid="unk"; + { + queueid="unknown"; + warnmacro("i", "ENVFROM"); + } assassin->queueid = queueid; debug(D_MISC, "queueid=%s", queueid); @@ -828,9 +817,6 @@ mlfi_envrcpt(SMFICTX* ctx, char** envrcpt) struct context *sctx = (struct context*)smfi_getpriv(ctx); SpamAssassin* assassin = sctx->assassin; FILE *p; -#if defined(__FreeBSD__) - int rv; -#endif debug(D_FUNC, "mlfi_envrcpt: enter"); @@ -839,30 +825,20 @@ mlfi_envrcpt(SMFICTX* ctx, char** envrcpt) /* open a pipe to sendmail so we can do address expansion */ char buf[1024]; - char *fmt="%s -bv \"%s\" 2>&1"; - -#if defined(HAVE_SNPRINTF) - snprintf(buf, sizeof(buf)-1, fmt, SENDMAIL, envrcpt[0]); -#else - /* XXX possible buffer overflow here */ - sprintf(buf, fmt, SENDMAIL, envrcpt[0]); -#endif - - debug(D_RCPT, "calling %s", buf); + char *popen_argv[4]; + pid_t pid; + + popen_argv[0] = SENDMAIL; + popen_argv[1] = "-bv"; + popen_argv[2] = envrcpt[0]; + popen_argv[3] = NULL; -#if defined(__FreeBSD__) /* popen bug - see PR bin/50770 */ - rv = pthread_mutex_lock(&popen_mutex); - if (rv) - { - debug(D_ALWAYS, "Could not lock popen mutex: %s", strerror(rv)); - abort(); - } -#endif + debug(D_RCPT, "calling %s -bv %s", SENDMAIL, envrcpt[0]); - p = popen(buf, "r"); + p = popenv(popen_argv, "r", &pid); if (!p) { - debug(D_RCPT, "popen failed(%s). Will not expand aliases", strerror(errno)); + debug(D_RCPT, "popenv failed(%s). Will not expand aliases", strerror(errno)); assassin->expandedrcpt.push_back(envrcpt[0]); } else { @@ -887,16 +863,10 @@ mlfi_envrcpt(SMFICTX* ctx, char** envrcpt) assassin->expandedrcpt.push_back(p+7); } } - pclose(p); p = NULL; + fclose(p); p = NULL; + waitpid(pid,0,0); + } -#if defined(__FreeBSD__) - rv = pthread_mutex_unlock(&popen_mutex); - if (rv) - { - debug(D_ALWAYS, "Could not unlock popen mutex: %s", strerror(rv)); - abort(); - } -#endif } else { assassin->expandedrcpt.push_back(envrcpt[0]); @@ -920,13 +890,44 @@ mlfi_envrcpt(SMFICTX* ctx, char** envrcpt) (envelope-from $g)$. */ - const char *macro_b, *macro_s, *macro_j, *macro__; + const char *macro_b, *macro_i, *macro_j, *macro_r, + *macro_s, *macro_v, *macro_Z, *macro__; + char date[32]; - /* Failure to fetch {b} is not fatal. Without this date SA can't do - future/past validation on the Date: header, but sendmail doesn't - default to allow milters to see it. - */ + /* RFC 822 date. */ macro_b = smfi_getsymval(ctx, "b"); + if (!macro_b) + { + time_t tval; + time(&tval); + strftime(date, sizeof(date), "%a, %d %b %Y %H:%M:%S %z", localtime(&tval)); + macro_b = date; + warnmacro("b", "ENVRCPT"); + } + + /* queue ID */ + macro_i = smfi_getsymval(ctx, "i"); + if (!macro_i) + { + macro_i = "unknown"; + warnmacro("i", "ENVRCPT"); + } + + /* FQDN of this site */ + macro_j = smfi_getsymval(ctx, "j"); + if (!macro_j) + { + macro_j = "localhost"; + warnmacro("j", "ENVRCPT"); + } + + /* Protocol used to receive the message */ + macro_r = smfi_getsymval(ctx, "r"); + if (!macro_r) + { + macro_r = "SMTP"; + warnmacro("r", "ENVRCPT"); + } /* Sendmail currently cannot pass us the {s} macro, but I do not know why. Leave this in for the day sendmail is @@ -939,23 +940,38 @@ mlfi_envrcpt(SMFICTX* ctx, char** envrcpt) if (!macro_s) macro_s = "nohelo"; - /* FQDN of this site */ - macro_j = smfi_getsymval(ctx, "j"); - if (!macro_j) - macro_j = "localhost"; + /* Sendmail binary version */ + macro_v = smfi_getsymval(ctx, "v"); + if (!macro_v) + { + macro_v = "8.13.0"; + warnmacro("v", "ENVRCPT"); + } - /* Sending site's address */ + /* Sendmail .cf version */ + macro_Z = smfi_getsymval(ctx, "Z"); + if (!macro_Z) + { + macro_Z = "8.13.0"; + warnmacro("Z", "ENVRCPT"); + } + + /* Validated sending site's address */ macro__ = smfi_getsymval(ctx, "_"); if (!macro__) + { macro__ = "unknown"; + warnmacro("_", "ENVRCPT"); + } assassin->output((string)"X-Envelope-From: "+assassin->from()+"\r\n"); assassin->output((string)"X-Envelope-To: "+envrcpt[0]+"\r\n"); - if (!macro_b) - assassin->output((string)"Received: from "+macro_s+" ("+macro__+") by "+macro_j+";\r\n"); - else - assassin->output((string)"Received: from "+macro_s+" ("+macro__+") by "+macro_j+"; "+macro_b+"\r\n"); + assassin->output((string) + "Received: from "+macro_s+" ("+macro__+")\r\n\t"+ + "by "+macro_j+" ("+macro_v+"/"+macro_Z+") with "+macro_r+" id "+macro_i+"\r\n\t"+ + macro_b+"\r\n\t"+ + "(envelope-from "+assassin->from()+")\r\n"); } else assassin->output((string)"X-Envelope-To: "+envrcpt[0]+"\r\n"); @@ -1204,11 +1220,8 @@ mlfi_close(SMFICTX* ctx) sctx = (struct context*)smfi_getpriv(ctx); if (sctx == NULL) - { - /* the context should have been set in mlfi_connect */ - debug(D_ALWAYS, "NULL context in mlfi_close! Should not happen!"); return SMFIS_ACCEPT; - } + if (sctx->helo) free(sctx->helo); free(sctx); @@ -1987,7 +2000,7 @@ cmp_nocase_partial(const string& s, const string& s2) string::const_iterator p=s.begin(); string::const_iterator p2=s2.begin(); - while ( p != s.end() && p2 != s2.end() ) { + while ( p != s.end() && p2 <= s2.end() ) { if (toupper(*p) != toupper(*p2)) { debug(D_STR, "c_nc_p: <%s><%s> : miss", s.c_str(), s2.c_str()); @@ -2101,5 +2114,84 @@ char *strlwr(char *str) return str; } +/* Log a message about missing milter macros, but only the first time */ +void warnmacro(char *macro, char *scope) +{ + if (warnedmacro) + return; + debug(D_ALWAYS, "Could not retrieve sendmail macro \"%s\"!. Please add it to confMILTER_MACROS_%s for better spamassassin results", + macro, scope); + warnedmacro = true; +} + +/* + untrusted-argument-safe popen function - only supports "r" and "w" modes + for simplicity, and always reads stdout and stderr in "r" mode. Call + fclose to close the FILE. +*/ +FILE *popenv(char *const argv[], const char *type, pid_t *pid) +{ + FILE *iop; + int pdes[2]; + int save_errno; + + if ((*type != 'r' && *type != 'w') || type[1]) + { + errno = EINVAL; + return (NULL); + } + if (pipe(pdes) < 0) + return (NULL); + + *pid = fork(); + switch (*pid) { + + case -1: /* Error. */ + save_errno = errno; + (void)close(pdes[0]); + (void)close(pdes[1]); + errno = save_errno; + return (NULL); + /* NOTREACHED */ + case 0: /* Child. */ + if (*type == 'r') { + /* + * The dup2() to STDIN_FILENO is repeated to avoid + * writing to pdes[1], which might corrupt the + * parent's copy. This isn't good enough in + * general, since the exit() is no return, so + * the compiler is free to corrupt all the local + * variables. + */ + (void)close(pdes[0]); + (void)dup2(pdes[1], STDOUT_FILENO); + (void)dup2(pdes[1], STDERR_FILENO); + if (pdes[1] != STDOUT_FILENO && pdes[1] != STDERR_FILENO) { + (void)close(pdes[1]); + } + } else { + if (pdes[0] != STDIN_FILENO) { + (void)dup2(pdes[0], STDIN_FILENO); + (void)close(pdes[0]); + } + (void)close(pdes[1]); + } + execv(argv[0], argv); + exit(127); + /* NOTREACHED */ + } + + /* Parent; assume fdopen can't fail. */ + if (*type == 'r') { + iop = fdopen(pdes[0], type); + (void)close(pdes[1]); + } else { + iop = fdopen(pdes[1], type); + (void)close(pdes[0]); + } + + return (iop); +} + // }}} // vim6:ai:noexpandtab