Attachment #170689 for bug #209770




# $FreeBSD$

PORTNAME=	opensmtpd
PORTVERSION=	201605221711
DISTVERSIONSUFFIX=	p1
PORTEPOCH=	1
CATEGORIES=	mail


LIB_DEPENDS=	libevent.so:devel/libevent2

OPTIONS_DEFINE=		CA_BUNDLE LIBASR MAILERCONF PAM SSL_PORT TABLE_DB

OPTIONS_DEFAULT=	CA_BUNDLE PAM TABLE_DB

CA_BUNDLE_DESC=		Install CA bundle for SSL
LIBASR_DESC=		Use stable version of libasr
MAILERCONF_DESC=	Activate OpenSMTPD in mailer.conf(5)
SSL_PORT_DESC=		SSL/TLS support via OpenSSL/LibreSSL from port
TABLE_DB_DESC=		Build table-db plugin (aliases)

USES=		cpe libtool
USE_OPENSSL=	yes
GNU_CONFIGURE=	yes
CONFIGURE_ARGS=	--with-table-db \
		--sysconfdir=${PREFIX}/etc/mail/ \
		--with-libasr=${LOCALBASE} \
		--with-libevent=${LOCALBASE} \
		--with-libssl=${OPENSSLBASE} \
		--with-group-queue=${GROUPS}

CPE_VENDOR=	openbsd

USE_RC_SUBR=	smtpd
SUB_FILES=	pkg-install pkg-deinstall pkg-message

CPE_VENDOR=	openbsd

CONFLICTS_INSTALL=	postfix-[0-9]* sendmail-[0-9]* opensmtpd-[0-9]*

USERS=		_smtpd _smtpq
GROUPS=		_smtpd _smtpq

OPTIONS_SUB=	yes

CA_BUNDLE_CONFIGURE_WITH=	path-CAfile=${LOCALBASE}/share/certs/ca-root-nss.crt
CA_BUNDLE_RUN_DEPENDS=		${LOCALBASE}/share/certs/ca-root-nss.crt:security/ca_root_nss

LIBASR_LIB_DEPENDS=	libasr.so:dns/libasr
LIBASR_LIB_DEPENDS_OFF=	libasr.so:dns/libasr-devel
LIBASR_LIB_DEPENDS=	libasr.so:dns/libasr

CA_BUNDLE_CONFIGURE_WITH=	path-CAfile=${LOCALBASE}/share/certs/ca-root-nss.crt
CA_BUNDLE_RUN_DEPENDS=	${LOCALBASE}/share/certs/ca-root-nss.crt:security/ca_root_nss

PAM_CONFIGURE_WITH=	auth-pam=smtpd
SSL_PORT_VARS=		with_openssl_port=yes
TABLE_DB_CONFIGURE_WITH=	table-db

.include <bsd.port.options.mk>

.if ${OPSYS} == FreeBSD && ${OSVERSION} <= 1000015
WITH_OPENSSL_PORT=	yes
.endif

.include <bsd.port.pre.mk>
WITH_OPENSSL_PORT=	yes
.endif

CONFIGURE_ARGS+=	--with-libasr=${LOCALBASE} \
			--with-libevent=${LOCALBASE} \
			--with-libssl=${OPENSSLBASE} \
			--sysconfdir=${PREFIX}/etc/mail/

post-patch:
	${REINPLACE_CMD} -e '/chmod 2555/d' ${WRKSRC}/mk/smtpctl/Makefile.in

.if ${PORT_OPTIONS:MTABLE_DB}
post-install:
	@${LN} -sf ${PREFIX}/sbin/smtpctl ${STAGEDIR}${PREFIX}/libexec/opensmtpd/makemap
.endif

.include <bsd.port.post.mk>

Lines 1-2 Link Here

(-)distinfo (-2 / +2 lines)
1	SHA256 (opensmtpd-201602131907p1.tar.gz) = 0fd10cff59719523e41fe489ff5c1490c2898a2ce47b98e4bf39f07ba3562252	1	SHA256 (opensmtpd-201605221711p1.tar.gz) = e7f63a4d5c26386cffe61f35d6e4a959a1f6f38b3fbe0351c746326cf2329418
2	SIZE (opensmtpd-201602131907p1.tar.gz) = 686726	2	SIZE (opensmtpd-201605221711p1.tar.gz) = 691693

Lines 1-9 Link Here

(-)files/patch-mk_smtpd_Makefile.in (-3 / +4 lines)
1	--- mk/smtpd/Makefile.in.orig 2016-02-07 00:04:24 UTC	1	--- mk/smtpd/Makefile.in.orig 2016-02-02 20:40:51 UTC
2	+++ mk/smtpd/Makefile.in	2	+++ mk/smtpd/Makefile.in
3	@@ -1339,12 +1339,7 @@ install-exec-hook: $(CONFIGFILES) $(MANP	3	@@ -1365,13 +1365,7 @@ install-exec-hook: $(CONFIGFILES) $(MANP
		4	$(MKDIR_P) $(DESTDIR)$(bindir)
4	$(MKDIR_P) $(DESTDIR)$(mandir)/$(mansubdir)5	5	$(MKDIR_P) $(DESTDIR)$(mandir)/$(mansubdir)5
5	$(MKDIR_P) $(DESTDIR)$(mandir)/$(mansubdir)8	6	$(MKDIR_P) $(DESTDIR)$(mandir)/$(mansubdir)8
6		7	-
7	- @if [ ! -f $(DESTDIR)$(sysconfdir)/smtpd.conf ]; then \	8	- @if [ ! -f $(DESTDIR)$(sysconfdir)/smtpd.conf ]; then \
8	- $(INSTALL) -m 644 smtpd.conf.out $(DESTDIR)$(sysconfdir)/smtpd.conf; \	9	- $(INSTALL) -m 644 smtpd.conf.out $(DESTDIR)$(sysconfdir)/smtpd.conf; \
9	- else \	10	- else \




diff --git a/smtpd/smtp_session.c b/smtpd/smtp_session.c
index 3a0ca2a..404ee50 100644
--- smtpd/smtp_session.c
+++ smtpd/smtp_session.c
@@ -84,6 +84,7 @@ enum session_flags {
 	SF_BADINPUT		= 0x0080,
 	SF_FILTERCONN		= 0x0100,
 	SF_FILTERDATA		= 0x0200,
+	SF_USERTOOLONG		= 0x0400,
 };
 
 enum message_flags {
@@ -990,6 +991,15 @@ smtp_session_imsg(struct mproc *p, struct imsg *imsg)
 
 		s = tree_xpop(&wait_parent_auth, reqid);
 		strnvis(user, s->username, sizeof user, VIS_WHITE | VIS_SAFE);
+
+		if (s->flags & SF_USERTOOLONG) {
+			log_info("smtp-in: sesson %016"PRIx64
+				": auth failed because username too long",
+				s->id);
+			s->flags &= (~SF_USERTOOLONG);
+			success = LKA_PERMFAIL;
+		}
+
 		if (success == LKA_OK) {
 			log_info("smtp-in: session %016"PRIx64
 			    ": authentication successful for user %s ",
@@ -1929,7 +1939,7 @@ smtp_rfc4954_auth_plain(struct smtp_session *s, char *arg)
 		user++; /* skip NUL */
 		if (strlcpy(s->username, user, sizeof(s->username))
 		    >= sizeof(s->username))
-			goto abort;
+			s->flags |= SF_USERTOOLONG;
 
 		pass = memchr(user, '\0', len - (user - buf));
 		if (pass == NULL || pass >= buf + len - 2)
@@ -1969,9 +1979,12 @@ smtp_rfc4954_auth_login(struct smtp_session *s, char *arg)
 
 	case STATE_AUTH_USERNAME:
 		memset(s->username, 0, sizeof(s->username));
-		if (base64_decode(arg, (unsigned char *)s->username,
-				  sizeof(s->username) - 1) == -1)
+		if (base64_decode(arg, (unsigned char *)buf,
+				  sizeof(buf) - 1) == -1)
 			goto abort;
+		if (strlcpy(s->username, buf, sizeof(s->username))
+		    >= sizeof(s->username))
+			s->flags |= SF_USERTOOLONG;
 
 		smtp_enter_state(s, STATE_AUTH_PASSWORD);
 		smtp_reply(s, "334 UGFzc3dvcmQ6");




@sample etc/mail/smtpd.conf.sample
libexec/opensmtpd/encrypt
libexec/opensmtpd/mail.local
%%TABLE_DB%%libexec/opensmtpd/makemap
@(,,2555) sbin/smtpctl
sbin/smtpd
man/man5/aliases.5.gz
man/man5/forward.5.gz
man/man5/smtpd.conf.5.gz
man/man5/table.5.gz
%%TABLE_DB%%man/man8/makemap.8.gz
%%TABLE_DB%%man/man8/newaliases.8.gz
man/man8/sendmail.8.gz
man/man8/smtpctl.8.gz
man/man8/smtpd.8.gz

Return to bug 209770

Lines 2-8 Link Here

(-)Makefile (-24 / +27 lines)
2	# $FreeBSD$	2	# $FreeBSD$
3		3
4	PORTNAME= opensmtpd	4	PORTNAME= opensmtpd
5	PORTVERSION= 201602131907	5	PORTVERSION= 201605221711
6	DISTVERSIONSUFFIX= p1	6	DISTVERSIONSUFFIX= p1
7	PORTEPOCH= 1	7	PORTEPOCH= 1
8	CATEGORIES= mail	8	CATEGORIES= mail
Lines 18-75 Link Here
18		18
19	LIB_DEPENDS= libevent.so:devel/libevent2	19	LIB_DEPENDS= libevent.so:devel/libevent2
20		20
21	OPTIONS_DEFINE= CA_BUNDLE LIBASR MAILERCONF PAM SSL_PORT	21	OPTIONS_DEFINE= CA_BUNDLE LIBASR MAILERCONF PAM SSL_PORT TABLE_DB
22		22
23	OPTIONS_DEFAULT= CA_BUNDLE PAM	23	OPTIONS_DEFAULT= CA_BUNDLE PAM TABLE_DB
24		24
25	CA_BUNDLE_DESC= Install CA bundle for SSL	25	CA_BUNDLE_DESC= Install CA bundle for SSL
26	LIBASR_DESC= Use stable version of libasr	26	LIBASR_DESC= Use stable version of libasr
27	MAILERCONF_DESC= Activate OpenSMTPD in mailer.conf(5)	27	MAILERCONF_DESC= Activate OpenSMTPD in mailer.conf(5)
28	SSL_PORT_DESC= SSL/TLS support via OpenSSL/LibreSSL from port	28	SSL_PORT_DESC= SSL/TLS support via OpenSSL/LibreSSL from port
		29	TABLE_DB_DESC= Build table-db plugin (aliases)
29		30
30	USES= cpe libtool	31	USES= cpe libtool
31	USE_OPENSSL= yes	32	USE_OPENSSL= yes
32	GNU_CONFIGURE= yes	33	GNU_CONFIGURE= yes
33	CONFIGURE_ARGS= --with-table-db \
34	--sysconfdir=${PREFIX}/etc/mail/ \
35	--with-libasr=${LOCALBASE} \
36	--with-libevent=${LOCALBASE} \
37	--with-libssl=${OPENSSLBASE} \
38	--with-group-queue=${GROUPS}
39		34
		35	CPE_VENDOR= openbsd
		36
40	USE_RC_SUBR= smtpd	37	USE_RC_SUBR= smtpd
41	SUB_FILES= pkg-install pkg-deinstall	38	SUB_FILES= pkg-install pkg-deinstall pkg-message
42		39
43	CPE_VENDOR= openbsd
44
45	CONFLICTS_INSTALL= postfix-[0-9]* sendmail-[0-9]* opensmtpd-[0-9]*	40	CONFLICTS_INSTALL= postfix-[0-9]* sendmail-[0-9]* opensmtpd-[0-9]*
46		41
47	USERS= _smtpd _smtpq	42	USERS= _smtpd _smtpq
48	GROUPS= _smtpd	43	GROUPS= _smtpd _smtpq
49		44
50	PLIST_SUB+= SMTPQ_GROUP=${GROUPS}	45	OPTIONS_SUB= yes
51		46
52	OPTIONS_SUB= yes	47	CA_BUNDLE_CONFIGURE_WITH= path-CAfile=${LOCALBASE}/share/certs/ca-root-nss.crt
		48	CA_BUNDLE_RUN_DEPENDS= ${LOCALBASE}/share/certs/ca-root-nss.crt:security/ca_root_nss
53		49
		50	LIBASR_LIB_DEPENDS= libasr.so:dns/libasr
54	LIBASR_LIB_DEPENDS_OFF= libasr.so:dns/libasr-devel	51	LIBASR_LIB_DEPENDS_OFF= libasr.so:dns/libasr-devel
55	LIBASR_LIB_DEPENDS= libasr.so:dns/libasr
56		52
57	CA_BUNDLE_CONFIGURE_WITH= path-CAfile=${LOCALBASE}/share/certs/ca-root-nss.crt
58	CA_BUNDLE_RUN_DEPENDS= ${LOCALBASE}/share/certs/ca-root-nss.crt:security/ca_root_nss
59
60	PAM_CONFIGURE_WITH= auth-pam=smtpd	53	PAM_CONFIGURE_WITH= auth-pam=smtpd
		54	SSL_PORT_VARS= with_openssl_port=yes
		55	TABLE_DB_CONFIGURE_WITH= table-db
61		56
62	.include <bsd.port.options.mk>	57	.include <bsd.port.options.mk>
63		58
64	.if ${OPSYS} == FreeBSD && ${OSVERSION} < 1000000 && ! ${PORT_OPTIONS:MSSL_PORT}	59	.if ${OPSYS} == FreeBSD && ${OSVERSION} <= 1000015
65	WITH_OPENSSL_PORT= yes	60	WITH_OPENSSL_PORT= yes
66	.endif	61	.endif
67		62
68	.if ${PORT_OPTIONS:MSSL_PORT}	63	.include <bsd.port.pre.mk>
69	WITH_OPENSSL_PORT= yes
70	.endif
71		64
		65	CONFIGURE_ARGS+= --with-libasr=${LOCALBASE} \
		66	--with-libevent=${LOCALBASE} \
		67	--with-libssl=${OPENSSLBASE} \
		68	--sysconfdir=${PREFIX}/etc/mail/
		69
		70	post-patch:
		71	${REINPLACE_CMD} -e '/chmod 2555/d' ${WRKSRC}/mk/smtpctl/Makefile.in
		72
		73	.if ${PORT_OPTIONS:MTABLE_DB}
72	post-install:	74	post-install:
73	@${LN} -sf ${PREFIX}/sbin/smtpctl ${STAGEDIR}${PREFIX}/libexec/opensmtpd/makemap	75	@${LN} -sf ${PREFIX}/sbin/smtpctl ${STAGEDIR}${PREFIX}/libexec/opensmtpd/makemap
		76	.endif
74		77
75	.include <bsd.port.mk>	78	.include <bsd.port.post.mk>

Lines 1-52 Link Here

(-)files/patch-usernamelen (-52 lines)
1	diff --git a/smtpd/smtp_session.c b/smtpd/smtp_session.c
2	index 3a0ca2a..404ee50 100644
3	--- smtpd/smtp_session.c
4	+++ smtpd/smtp_session.c
5	@@ -84,6 +84,7 @@ enum session_flags {
6	SF_BADINPUT = 0x0080,
7	SF_FILTERCONN = 0x0100,
8	SF_FILTERDATA = 0x0200,
9	+ SF_USERTOOLONG = 0x0400,
10	};
11
12	enum message_flags {
13	@@ -990,6 +991,15 @@ smtp_session_imsg(struct mproc p, struct imsg imsg)
14
15	s = tree_xpop(&wait_parent_auth, reqid);
16	strnvis(user, s->username, sizeof user, VIS_WHITE \| VIS_SAFE);
17	+
18	+ if (s->flags & SF_USERTOOLONG) {
19	+ log_info("smtp-in: sesson %016"PRIx64
20	+ ": auth failed because username too long",
21	+ s->id);
22	+ s->flags &= (~SF_USERTOOLONG);
23	+ success = LKA_PERMFAIL;
24	+ }
25	+
26	if (success == LKA_OK) {
27	log_info("smtp-in: session %016"PRIx64
28	": authentication successful for user %s ",
29	@@ -1929,7 +1939,7 @@ smtp_rfc4954_auth_plain(struct smtp_session s, char arg)
30	user++; /* skip NUL */
31	if (strlcpy(s->username, user, sizeof(s->username))
32	>= sizeof(s->username))
33	- goto abort;
34	+ s->flags \|= SF_USERTOOLONG;
35
36	pass = memchr(user, '\0', len - (user - buf));
37	if (pass == NULL \|\| pass >= buf + len - 2)
38	@@ -1969,9 +1979,12 @@ smtp_rfc4954_auth_login(struct smtp_session s, char arg)
39
40	case STATE_AUTH_USERNAME:
41	memset(s->username, 0, sizeof(s->username));
42	- if (base64_decode(arg, (unsigned char *)s->username,
43	- sizeof(s->username) - 1) == -1)
44	+ if (base64_decode(arg, (unsigned char *)buf,
45	+ sizeof(buf) - 1) == -1)
46	goto abort;
47	+ if (strlcpy(s->username, buf, sizeof(s->username))
48	+ >= sizeof(s->username))
49	+ s->flags \|= SF_USERTOOLONG;
50
51	smtp_enter_state(s, STATE_AUTH_PASSWORD);
52	smtp_reply(s, "334 UGFzc3dvcmQ6");

Lines 1-15 Link Here

(-)pkg-plist (-4 / +4 lines)
1	@sample etc/mail/smtpd.conf.sample	1	@sample etc/mail/smtpd.conf.sample
2	libexec/opensmtpd/encrypt	2	libexec/opensmtpd/encrypt
3	libexec/opensmtpd/mail.local	3	libexec/opensmtpd/mail.local
4	libexec/opensmtpd/makemap	4	%%TABLE_DB%%libexec/opensmtpd/makemap
5	@(,%%SMTPQ_GROUP%%,2555) sbin/smtpctl	5	@(,,2555) sbin/smtpctl
6	sbin/smtpd	6	sbin/smtpd
7	man/man5/aliases.5.gz	7	man/man5/aliases.5.gz
8	man/man5/forward.5.gz	8	man/man5/forward.5.gz
9	man/man5/smtpd.conf.5.gz	9	man/man5/smtpd.conf.5.gz
10	man/man5/table.5.gz	10	man/man5/table.5.gz
11	man/man8/makemap.8.gz	11	%%TABLE_DB%%man/man8/makemap.8.gz
12	man/man8/newaliases.8.gz	12	%%TABLE_DB%%man/man8/newaliases.8.gz
13	man/man8/sendmail.8.gz	13	man/man8/sendmail.8.gz
14	man/man8/smtpctl.8.gz	14	man/man8/smtpctl.8.gz
15	man/man8/smtpd.8.gz	15	man/man8/smtpd.8.gz