mir/postfix
2
0
Fork 0
mirror of https://github.com/vdukhovni/postfix synced 2025-08-30 05:38:06 +00:00
Code Issues Releases Wiki Activity

snapshot-20011217

Browse Source
This commit is contained in:
Wietse Venema 2001-12-17 00:00:00 -05:00 committed by Viktor Dukhovni
parent 468ab80791
commit c0b942fbaa
29 changed files with 215 additions and 94 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
postfix/HISTORY
View File

@ -5795,8 +5795,22 @@ Apologies for any names omitted.
when the next line starts with whitespace; a comment that
is preceded by whitespace does not break multi-line input.
20011217
Compatibility: Sendmail now has a -L option to set the
syslogging label. Postfix sendmail uses syslog_name instead,
and ignores the -L option.
Security: subtle hardening of the Postfix chroot jail,
Postfix queue file permissions and access methods, in case
someone compromises the postfix account. Michael Tokarev
claims he got the insights from Solar Designer. Files:
master/master_wakeup.c, util/fifo_trigger.c, postfix-script.
Open problems:
Low: warn about undomained hostnames instead of aborting.
Low: after reorganizing configuration parameters, add flags
to all parameters whose value can be read from file.

14
postfix/RELEASE_NOTES
View File

@ -1,16 +1,18 @@
Incompatible changes with snapshot-20011216
Incompatible changes with snapshot-20011217
===========================================
Postfix configuration file comments no longer span multiple lines
when the next line starts with whitespace. This may cause unexpected
behavior with existing, improperly formatted, configuration files.
Postfix configuration file comments no longer continue on the next
line when that next line starts with whitespace. This change avoids
surprises, but it may cause unexpected behavior with existing,
poorly formatted, configuration files. Caveat user.
Major changes with snapshot-20011216
Major changes with snapshot-20011217
====================================
Postfix configuration files now support whitespace before comments.
This allows you to comment out just one line in the middle of a
block of multi-line input.
block of multi-line input. A comment that starts at the beginning
of a line always terminates previous data.
Incompatible changes with snapshot-20011210
===========================================

1
postfix/conf/postfix-script-nosgid
View File

@ -184,7 +184,6 @@ check)
$WARN creating missing Postfix pid directory
mkdir pid || exit 1
chmod 755 pid
chown $mail_owner pid
}
for dir in incoming active bounce defer deferred flush saved corrupt; do
test -d $dir || {

1
postfix/conf/postfix-script-sgid
View File

@ -185,7 +185,6 @@ check)
$WARN creating missing Postfix pid directory
mkdir pid || exit 1
chmod 755 pid
chown $mail_owner pid
}
for dir in incoming active bounce defer deferred flush saved corrupt; do
test -d $dir || {

142
postfix/html/sendmail.1.html
View File

@ -79,64 +79,68 @@ SENDMAIL(1) SENDMAIL(1)
<b>-I</b> Initialize alias database. See the <b>newaliases</b> com-
mand above.
<b>-L</b> <i>label</i> (ignored)
The logging label. Use the <b>syslog</b><i>_</i><b>name</b> configura-
tion parameter instead.
<b>-N</b> <i>dsn</i> (ignored)
Delivery status notification control. Currently,
Delivery status notification control. Currently,
Postfix does not implement <b>DSN</b>.
<b>-R</b> <i>return_limit</i> (ignored)
Limit the size of bounced mail. Use the
<b>bounce</b><i>_</i><b>size</b><i>_</i><b>limit</b> configuration parameter instead.
Limit the size of bounced mail. Use the
<b>bounce</b><i>_</i><b>size</b><i>_</i><b>limit</b> configuration parameter instead.
<b>-X</b> <i>log_file</i> (ignored)
Log mailer traffic. Use the <b>debug</b><i>_</i><b>peer</b><i>_</i><b>list</b> and
<b>debug</b><i>_</i><b>peer</b><i>_</i><b>level</b> configuration parameters instead.
Log mailer traffic. Use the <b>debug</b><i>_</i><b>peer</b><i>_</i><b>list</b> and
<b>debug</b><i>_</i><b>peer</b><i>_</i><b>level</b> configuration parameters instead.
<b>-U</b> (ignored)
Initial user submission.
<b>-V</b> Variable Envelope Return Path. Given an envelope
sender address of the form <i>owner-listname</i>@<i>origin</i>,
each recipient <i>user</i>@<i>domain</i> receives mail with a
<b>-V</b> Variable Envelope Return Path. Given an envelope
sender address of the form <i>owner-listname</i>@<i>origin</i>,
each recipient <i>user</i>@<i>domain</i> receives mail with a
personalized envelope sender address.
By default, the personalized envelope sender
address is <i>owner-listname</i><b>+</b><i>user</i><b>=</b><i>domain</i>@<i>origin</i>. The
default <b>+</b> and <b>=</b> characters are configurable with
the <b>default</b><i>_</i><b>verp</b><i>_</i><b>delimiters</b> configuration parame-
ter.
<b>-V</b><i>xy</i> As <b>-V</b>, but uses <i>x</i> and <i>y</i> as the VERP delimiter char-
acters, instead of the characters specified with
By default, the personalized envelope sender
address is <i>owner-listname</i><b>+</b><i>user</i><b>=</b><i>domain</i>@<i>origin</i>. The
default <b>+</b> and <b>=</b> characters are configurable with
the <b>default</b><i>_</i><b>verp</b><i>_</i><b>delimiters</b> configuration parame-
ter.
<b>-bd</b> Go into daemon mode. This mode of operation is
<b>-V</b><i>xy</i> As <b>-V</b>, but uses <i>x</i> and <i>y</i> as the VERP delimiter char-
acters, instead of the characters specified with
the <b>default</b><i>_</i><b>verp</b><i>_</i><b>delimiters</b> configuration parame-
ter.
<b>-bd</b> Go into daemon mode. This mode of operation is
implemented by executing the <b>postfix</b> <b>start</b> command.
<b>-bi</b> Initialize alias database. See the <b>newaliases</b> com-
<b>-bi</b> Initialize alias database. See the <b>newaliases</b> com-
mand above.
<b>-bm</b> Read mail from standard input and arrange for
<b>-bm</b> Read mail from standard input and arrange for
delivery. This is the default mode of operation.
<b>-bp</b> List the mail queue. See the <b>mailq</b> command above.
<b>-bs</b> Stand-alone SMTP server mode. Read SMTP commands
from standard input, and write responses to stan-
<b>-bs</b> Stand-alone SMTP server mode. Read SMTP commands
from standard input, and write responses to stan-
dard output. This mode of operation is implemented
by running the <a href="smtpd.8.html"><b>smtpd</b>(8)</a> daemon.
<b>-f</b> <i>sender</i>
Set the envelope sender address. This is the
address where delivery problems are sent to, unless
the message contains an <b>Errors-To:</b> message header.
the message contains an <b>Errors-To:</b> message header.
<b>-h</b> <i>hop_count</i> (ignored)
Hop count limit. Use the <b>hopcount</b><i>_</i><b>limit</b> configura-
Hop count limit. Use the <b>hopcount</b><i>_</i><b>limit</b> configura-
tion parameter instead.
<b>-i</b> When reading a message from standard input, don't
treat a line with only a <b>.</b> character as the end of
<b>-i</b> When reading a message from standard input, don't
treat a line with only a <b>.</b> character as the end of
input.
<b>-m</b> (ignored)
@ -146,67 +150,67 @@ SENDMAIL(1) SENDMAIL(1)
Backwards compatibility.
<b>-oA</b><i>alias_database</i>
Non-default alias database. Specify <i>pathname</i> or
Non-default alias database. Specify <i>pathname</i> or
<i>type</i>:<i>pathname</i>. See <a href="postalias.1.html"><b>postalias</b>(1)</a> for details.
<b>-o7</b> (ignored)
<b>-o8</b> (ignored)
The message body type. Currently, Postfix imple-
The message body type. Currently, Postfix imple-
ments <b>just-send-eight</b>.
<b>-oi</b> When reading a message from standard input, don't
treat a line with only a <b>.</b> character as the end of
<b>-oi</b> When reading a message from standard input, don't
treat a line with only a <b>.</b> character as the end of
input.
<b>-om</b> (ignored)
The sender is never eliminated from alias etc.
The sender is never eliminated from alias etc.
expansions.
<b>-o</b> <i>x</i> <i>value</i> (ignored)
Set option <i>x</i> to <i>value</i>. Use the equivalent configu-
Set option <i>x</i> to <i>value</i>. Use the equivalent configu-
ration parameter in <b>main.cf</b> instead.
<b>-r</b> <i>sender</i>
Set the envelope sender address. This is the
address where delivery problems are sent to, unless
the message contains an <b>Errors-To:</b> message header.
the message contains an <b>Errors-To:</b> message header.
<b>-q</b> Attempt to deliver all queued mail. This is imple-
<b>-q</b> Attempt to deliver all queued mail. This is imple-
mented by kicking the <a href="qmgr.8.html"><b>qmgr</b>(8)</a> daemon.
<b>-q</b><i>interval</i> (ignored)
The interval between queue runs. Use the
The interval between queue runs. Use the
<b>queue</b><i>_</i><b>run</b><i>_</i><b>delay</b> configuration parameter instead.
<b>-qR</b><i>site</i>
Schedule immediate delivery of all mail that is
Schedule immediate delivery of all mail that is
queued for the named <i>site</i>. This option accepts only
<i>site</i> names that are eligible for the "fast flush"
service, and is implemented by connecting to the
<i>site</i> names that are eligible for the "fast flush"
service, and is implemented by connecting to the
local SMTP server at <b>$myhostname</b>. See <a href="flushd.8.html"><b>flush</b>(8)</a> for
more information about the "fast flush" service.
<b>-qS</b><i>site</i>
This command is not implemented. Use the slower
This command is not implemented. Use the slower
<b>sendmail</b> <b>-q</b> command instead.
<b>-t</b> Extract recipients from message headers. This
requires that no recipients be specified on the
<b>-t</b> Extract recipients from message headers. This
requires that no recipients be specified on the
command line.
<b>-v</b> Enable verbose logging for debugging purposes. Mul-
tiple <b>-v</b> options make the software increasingly
tiple <b>-v</b> options make the software increasingly
verbose.
<b>SECURITY</b>
By design, this program is not set-user (or group) id.
However, it must handle data from untrusted users or
untrusted machines. Thus, the usual precautions need to
By design, this program is not set-user (or group) id.
However, it must handle data from untrusted users or
untrusted machines. Thus, the usual precautions need to
be taken against malicious inputs.
<b>DIAGNOSTICS</b>
Problems are logged to <b>syslogd</b>(8) and to the standard
Problems are logged to <b>syslogd</b>(8) and to the standard
error stream.
<b>ENVIRONMENT</b>
@ -218,7 +222,7 @@ SENDMAIL(1) SENDMAIL(1)
<b>MAIL</b><i>_</i><b>DEBUG</b>
Enable debugging with an external command, as spec-
ified with the <b>debugger</b><i>_</i><b>command</b> configuration
ified with the <b>debugger</b><i>_</i><b>command</b> configuration
parameter.
<b>FILES</b>
@ -226,13 +230,13 @@ SENDMAIL(1) SENDMAIL(1)
/etc/postfix, configuration files
<b>CONFIGURATION</b> <b>PARAMETERS</b>
See the Postfix <b>main.cf</b> file for syntax details and for
default values. Use the <b>postfix</b> <b>reload</b> command after a
See the Postfix <b>main.cf</b> file for syntax details and for
default values. Use the <b>postfix</b> <b>reload</b> command after a
configuration change.
<b>alias</b><i>_</i><b>database</b>
Default alias database(s) for <b>newaliases</b>. The
default value for this parameter is system-spe-
Default alias database(s) for <b>newaliases</b>. The
default value for this parameter is system-spe-
cific.
<b>bounce</b><i>_</i><b>size</b><i>_</i><b>limit</b>
@ -248,64 +252,64 @@ SENDMAIL(1) SENDMAIL(1)
initialized.
<b>debug</b><i>_</i><b>peer</b><i>_</i><b>level</b>
Increment in verbose logging level when a remote
Increment in verbose logging level when a remote
host matches a pattern in the <b>debug</b><i>_</i><b>peer</b><i>_</i><b>list</b>
parameter.
<b>debug</b><i>_</i><b>peer</b><i>_</i><b>list</b>
List of domain or network patterns. When a remote
host matches a pattern, increase the verbose log-
ging level by the amount specified in the
List of domain or network patterns. When a remote
host matches a pattern, increase the verbose log-
ging level by the amount specified in the
<b>debug</b><i>_</i><b>peer</b><i>_</i><b>level</b> parameter.
<b>default</b><i>_</i><b>verp</b><i>_</i><b>delimiters</b>
The VERP delimiter characters that are used when
the <b>-V</b> command line option is specified without
The VERP delimiter characters that are used when
the <b>-V</b> command line option is specified without
delimiter characters.
<b>fast</b><i>_</i><b>flush</b><i>_</i><b>domains</b>
List of domains that will receive "fast flush" ser-
vice (default: all domains that this system is
willing to relay mail to). This greatly improves
the performance of the SMTP <b>ETRN</b> request, and of
the <b>sendmail</b> <b>-qR</b> command. For domains not in the
vice (default: all domains that this system is
willing to relay mail to). This greatly improves
the performance of the SMTP <b>ETRN</b> request, and of
the <b>sendmail</b> <b>-qR</b> command. For domains not in the
list, Postfix simply attempts to deliver all queued
mail.
<b>fork</b><i>_</i><b>attempts</b>
Number of attempts to <b>fork</b>() a process before giv-
Number of attempts to <b>fork</b>() a process before giv-
ing up.
<b>fork</b><i>_</i><b>delay</b>
Delay in seconds between successive <b>fork</b>()
Delay in seconds between successive <b>fork</b>()
attempts.
<b>hopcount</b><i>_</i><b>limit</b>
Limit the number of <b>Received:</b> message headers.
<b>mail</b><i>_</i><b>owner</b>
The owner of the mail queue and of most Postfix
The owner of the mail queue and of most Postfix
processes.
<b>command</b><i>_</i><b>directory</b>
Directory with Postfix support commands (default:
Directory with Postfix support commands (default:
<b>$program</b><i>_</i><b>directory</b>).
<b>daemon</b><i>_</i><b>directory</b>
Directory with Postfix daemon programs (default:
Directory with Postfix daemon programs (default:
<b>$program</b><i>_</i><b>directory</b>).
<b>queue</b><i>_</i><b>directory</b>
Top-level directory of the Postfix queue. This is
Top-level directory of the Postfix queue. This is
also the root directory of Postfix daemons that run
chrooted.
<b>queue</b><i>_</i><b>run</b><i>_</i><b>delay</b>
The time between successive scans of the deferred
The time between successive scans of the deferred
queue.
<b>verp</b><i>_</i><b>delimiter</b><i>_</i><b>filter</b>
The characters that Postfix accepts as VERP delim-
The characters that Postfix accepts as VERP delim-
iter characters.
<b>SEE</b> <b>ALSO</b>
@ -321,7 +325,7 @@ SENDMAIL(1) SENDMAIL(1)
syslogd(8) system logging
<b>LICENSE</b>
The Secure Mailer license must be distributed with this
The Secure Mailer license must be distributed with this
software.
<b>AUTHOR(S)</b>

3
postfix/man/man1/sendmail.1
View File

@ -71,6 +71,9 @@ Gateway (relay) submission, as opposed to initial user submission.
.IP \fB-I\fR
Initialize alias database. See the \fBnewaliases\fR
command above.
.IP "\fB-L \fIlabel\fR (ignored)"
The logging label. Use the \fBsyslog_name\fR configuration
parameter instead.
.IP "\fB-N \fIdsn\fR (ignored)"
Delivery status notification control. Currently, Postfix does
not implement \fBDSN\fR.

0
postfix/proto/Makefile
View File

2
postfix/src/global/mail_version.h
View File

@ -15,7 +15,7 @@
* Version of this program.
*/
#define VAR_MAIL_VERSION "mail_version"
#define DEF_MAIL_VERSION "Snapshot-20011216"
#define DEF_MAIL_VERSION "Snapshot-20011217"
extern char *var_mail_version;
/* LICENSE

3
postfix/src/master/Makefile.in
View File

@ -203,11 +203,14 @@ master_wakeup.o: ../../include/sys_defs.h
master_wakeup.o: ../../include/msg.h
master_wakeup.o: ../../include/trigger.h
master_wakeup.o: ../../include/events.h
master_wakeup.o: ../../include/set_eugid.h
master_wakeup.o: ../../include/set_ugid.h
master_wakeup.o: ../../include/mail_proto.h
master_wakeup.o: ../../include/vstream.h
master_wakeup.o: ../../include/vbuf.h
master_wakeup.o: ../../include/iostuff.h
master_wakeup.o: ../../include/attr.h
master_wakeup.o: ../../include/mail_params.h
master_wakeup.o: mail_server.h
master_wakeup.o: master.h
multi_server.o: multi_server.c

24
postfix/src/master/master_wakeup.c
View File

@ -58,10 +58,13 @@
#include <msg.h>
#include <trigger.h>
#include <events.h>
#include <set_eugid.h>
#include <set_ugid.h>
/* Global library. */
#include <mail_proto.h> /* triggers */
#include <mail_params.h>
/* Application-specific. */
@ -101,8 +104,29 @@ static void master_wakeup_timer_event(int unused_event, char *context)
case MASTER_SERV_TYPE_UNIX:
status = LOCAL_TRIGGER(serv->name, &wakeup, sizeof(wakeup), BRIEFLY);
break;
/*
* If someone compromises the postfix account then this must not
* overwrite files outside the chroot jail. Countermeasures:
*
* - Limit the damage by accessing the FIFO as postfix not root.
*
* - Have fifo_trigger() call safe_open() so we won't follow
* arbitrary hard/symlinks to files in/outside the chroot jail.
*
* - All non-chroot postfix-related files must be root owned (or
* postfix check complains).
*
* - The postfix user and group ID must not be shared with other
* applications (says the INSTALL documentation).
*
* Result of a discussion with Michael Tokarev who claims het got
* his insights from Solar Designer.
*/
case MASTER_SERV_TYPE_FIFO:
set_eugid(var_owner_uid, var_owner_gid);
status = fifo_trigger(serv->name, &wakeup, sizeof(wakeup), BRIEFLY);
set_ugid(getuid(), getgid());
break;
default:
msg_panic("%s: unknown service type: %d", myname, serv->type);

30
postfix/src/postalias/Makefile.in
View File

@ -21,10 +21,36 @@ $(PROG): $(OBJS) $(LIBS)
Makefile: Makefile.in
(set -e; echo "# DO NOT EDIT"; $(OPTS) $(SHELL) ../../makedefs && cat $?) >$@
test: $(TESTPROG)
update: ../../bin/$(PROG)
test: test1 test2
test1: $(PROG) map.in map-abc1.ref map-ghi1.ref map-ABC1.ref
./$(PROG) map.in
for key in abc ghi; \
do \
./$(PROG) -q $${key} map.in | diff map-$${key}1.ref -; \
done
./$(PROG) -f map.in
for key in ABC; \
do \
./$(PROG) -fq $${key} map.in | diff map-$${key}1.ref -; \
done
rm -f map.in.db
test2: $(PROG) map.in map-abc2.ref map-ghi2.ref map-ABC2.ref
./$(PROG) map.in
for key in abc ghi; \
do \
echo $${key} | ./$(PROG) -q - map.in | diff map-$${key}2.ref -; \
done
./$(PROG) -f map.in
for key in ABC; \
do \
echo $${key} | ./$(PROG) -fq - map.in | diff map-$${key}2.ref -; \
done
rm -f map.in.db
../../bin/$(PROG): $(PROG)
cp $(PROG) ../../bin

1
postfix/src/postalias/map-ABC1.ref Normal file
View File

@ -0,0 +1 @@
DEF

1
postfix/src/postalias/map-ABC2.ref Normal file
View File

@ -0,0 +1 @@
ABC: DEF

1
postfix/src/postalias/map-abc1.ref Normal file
View File

@ -0,0 +1 @@
DEF

1
postfix/src/postalias/map-abc2.ref Normal file
View File

@ -0,0 +1 @@
abc: DEF

1
postfix/src/postalias/map-ghi1.ref Normal file
View File

@ -0,0 +1 @@
jkl

1
postfix/src/postalias/map-ghi2.ref Normal file
View File

@ -0,0 +1 @@
ghi: jkl

2
postfix/src/postalias/map.in Normal file
View File

@ -0,0 +1,2 @@
ABC: DEF
ghi: jkl

32
postfix/src/postmap/Makefile.in
View File

@ -21,13 +21,39 @@ $(PROG): $(OBJS) $(LIBS)
Makefile: Makefile.in
(set -e; echo "# DO NOT EDIT"; $(OPTS) $(SHELL) ../../makedefs && cat $?) >$@
test: $(TESTPROG)
update: ../../bin/$(PROG)
../../bin/$(PROG): $(PROG)
cp $(PROG) ../../bin
test: test1 test2
test1: $(PROG) map.in map-abc1.ref map-ghi1.ref map-ABC1.ref
./$(PROG) map.in
for key in abc ghi; \
do \
./$(PROG) -q $${key} map.in | diff map-$${key}1.ref -; \
done
./$(PROG) -f map.in
for key in ABC; \
do \
./$(PROG) -fq $${key} map.in | diff map-$${key}1.ref -; \
done
rm -f map.in.db
test2: $(PROG) map.in map-abc2.ref map-ghi2.ref map-ABC2.ref
./$(PROG) map.in
for key in abc ghi; \
do \
echo $${key} | ./$(PROG) -q - map.in | diff map-$${key}2.ref -; \
done
./$(PROG) -f map.in
for key in ABC; \
do \
echo $${key} | ./$(PROG) -fq - map.in | diff map-$${key}2.ref -; \
done
rm -f map.in.db
printfck: $(OBJS) $(PROG)
rm -rf printfck
mkdir printfck
@ -39,7 +65,7 @@ lint:
lint $(DEFS) $(SRCS) $(LINTFIX)
clean:
rm -f *.o *core $(PROG) $(TESTPROG) junk
rm -f *.o *core $(PROG) $(TESTPROG) junk map.in.db
rm -rf printfck
tidy: clean

1
postfix/src/postmap/map-ABC1.ref Normal file
View File

@ -0,0 +1 @@
DEF

1
postfix/src/postmap/map-ABC2.ref Normal file
View File

@ -0,0 +1 @@
ABC DEF

1
postfix/src/postmap/map-abc1.ref Normal file
View File

@ -0,0 +1 @@
DEF

1
postfix/src/postmap/map-abc2.ref Normal file
View File

@ -0,0 +1 @@
abc DEF

1
postfix/src/postmap/map-ghi1.ref Normal file
View File

@ -0,0 +1 @@
jkl

1
postfix/src/postmap/map-ghi2.ref Normal file
View File

@ -0,0 +1 @@
ghi jkl

2
postfix/src/postmap/map.in Normal file
View File

@ -0,0 +1,2 @@
ABC DEF
ghi jkl

13
postfix/src/sendmail/sendmail.c
View File

@ -65,6 +65,9 @@
/* .IP \fB-I\fR
/* Initialize alias database. See the \fBnewaliases\fR
/* command above.
/* .IP "\fB-L \fIlabel\fR (ignored)"
/* The logging label. Use the \fBsyslog_name\fR configuration
/* parameter instead.
/* .IP "\fB-N \fIdsn\fR (ignored)"
/* Delivery status notification control. Currently, Postfix does
/* not implement \fBDSN\fR.
@ -860,7 +863,7 @@ int main(int argc, char **argv)
optind++;
continue;
}
if ((c = GETOPT(argc, argv, "B:C:F:GIN:R:UV:X:b:ce:f:h:imno:p:r:q:tvx")) <= 0)
if ((c = GETOPT(argc, argv, "B:C:F:GIL:N:R:UV:X:b:ce:f:h:imno:p:r:q:tvx")) <= 0)
break;
switch (c) {
default:
@ -869,20 +872,12 @@ int main(int argc, char **argv)
break;
case 'n':
fatal_error(EX_USAGE, "-%c option not supported", c);
case 'B': /* body type */
break;
case 'F': /* full name */
full_name = optarg;
break;
case 'G': /* gateway submission */
break;
case 'I': /* newaliases */
mode = SM_MODE_NEWALIAS;
break;
case 'N': /* DSN */
break;
case 'R': /* DSN */
break;
case 'V': /* VERP */
if (verp_delims_verify(optarg) != 0)
fatal_error(EX_USAGE, "-V requires two characters from %s",

4
postfix/src/util/Makefile.in
View File

@ -690,6 +690,10 @@ fifo_trigger.o: fifo_trigger.c
fifo_trigger.o: sys_defs.h
fifo_trigger.o: msg.h
fifo_trigger.o: iostuff.h
fifo_trigger.o: safe_open.h
fifo_trigger.o: vstream.h
fifo_trigger.o: vbuf.h
fifo_trigger.o: vstring.h
fifo_trigger.o: trigger.h
file_limit.o: file_limit.c
file_limit.o: sys_defs.h

10
postfix/src/util/fifo_trigger.c
View File

@ -49,6 +49,7 @@
#include <msg.h>
#include <iostuff.h>
#include <safe_open.h>
#include <trigger.h>
/* fifo_trigger - wakeup fifo server */
@ -56,18 +57,23 @@
int fifo_trigger(const char *service, const char *buf, int len, int timeout)
{
char *myname = "fifo_trigger";
VSTREAM *fp;
int fd;
/*
* Write the request to the service fifo. According to POSIX, the open
* shall always return immediately, and shall return an error when no
* process is reading from the FIFO.
*
* Use safe_open() so that we don't follow arbitrary symlinks.
*/
if ((fd = open(service, O_WRONLY | O_NONBLOCK, 0)) < 0) {
if ((fp = safe_open(service, O_WRONLY | O_NONBLOCK, 0,
(struct stat *) 0, -1, -1, (VSTRING *) 0)) == 0) {
if (msg_verbose)
msg_info("%s: open %s: %m", myname, service);
return (-1);
}
fd = vstream_fileno(fp);
/*
* Write the request...
@ -80,7 +86,7 @@ int fifo_trigger(const char *service, const char *buf, int len, int timeout)
/*
* Disconnect.
*/
if (close(fd))
if (vstream_fclose(fp))
if (msg_verbose)
msg_warn("%s: close %s: %m", myname, service);
return (0);