fixes to restrict users who don't have a "regular" login shell (i.e.,

not listed in /etc/shells) from forwarding to a program or file; they can
write their .forward file from another machine and then get in.

SCCS-vsn: usr.sbin/sendmail/src/READ_ME 8.40
SCCS-vsn: usr.sbin/sendmail/src/recipient.c 8.31
SCCS-vsn: usr.sbin/sendmail/src/deliver.c 8.58

diff --git a/usr/src/usr.sbin/sendmail/src/READ_ME b/usr/src/usr.sbin/sendmail/src/READ_ME
index 781107a..22a9022 100644 (file)
--- a/usr/src/usr.sbin/sendmail/src/READ_ME
+++ b/usr/src/usr.sbin/sendmail/src/READ_ME
@@ -4,7 +4,7 @@
 #
 # %sccs.include.redist.sh%
 #
 #
 # %sccs.include.redist.sh%
 #

-#      @(#)READ_ME     8.39 (Berkeley) %G%
+#      @(#)READ_ME     8.40 (Berkeley) %G%

 #
 
 This directory contains the source files for sendmail.
 #
 
 This directory contains the source files for sendmail.


@@ -174,6 +174,22 @@ HASLSTAT   Define this if you have symbolic links (and thus the
                most other options, this one is on by default, so you
                need to #undef it in conf.h if you don't have symbolic
                links (these days everyone does).
                most other options, this one is on by default, so you
                need to #undef it in conf.h if you don't have symbolic
                links (these days everyone does).

+NEEDGETOPT     Define this if you need a reimplementation of getopt(3).
+               On some systems, getopt does very odd things if called
+               to scan the arguments twice.  This flag will ask sendmail
+               to compile in a local version of getopt that works
+               properly.
+NEEDSTRTOL     Define this if your standard C library does not define
+               strtol(3).  This will compile in a local version.
+NEEDVPRINTF    Define this if your standard C library does not define
+               vprintf(3).  Note that the resulting fake implementation
+               is not very elegant and may not even work on some
+               architectures.
+NEEDGETUSERSHELL
+               Define this if you do not have getusershell(3) in your
+               standard C library.  Currently it does not compile in
+               a new version -- instead, it just deletes the call;
+               a future version will supply a replacement implementation.

 GIDSET_T       The type of entries in a gidset passed as the second
                argument to getgroups(2).  Historically this has been an
                int, so this is the default, but some systems (such as
 GIDSET_T       The type of entries in a gidset passed as the second
                argument to getgroups(2).  Historically this has been an
                int, so this is the default, but some systems (such as


@@ -660,4 +676,4 @@ version.c   The version number and information about this
 
 Eric Allman
 
 
 Eric Allman
 

-(Version 8.39, last update %G% 05:24:20)
+(Version 8.40, last update %G% 06:29:20)

diff --git a/usr/src/usr.sbin/sendmail/src/deliver.c b/usr/src/usr.sbin/sendmail/src/deliver.c
index 8be841b..7762fdf 100644 (file)
--- a/usr/src/usr.sbin/sendmail/src/deliver.c
+++ b/usr/src/usr.sbin/sendmail/src/deliver.c
@@ -7,7 +7,7 @@
  */
 
 #ifndef lint
  */
 
 #ifndef lint

-static char sccsid[] = "@(#)deliver.c  8.57 (Berkeley) %G%";
+static char sccsid[] = "@(#)deliver.c  8.58 (Berkeley) %G%";

 #endif /* not lint */
 
 #include "sendmail.h"
 #endif /* not lint */
 
 #include "sendmail.h"


@@ -769,7 +769,18 @@ deliver(e, firstto)
                /* XXX perhaps this should be to->q_mailer != LocalMailer ?? */
                /* XXX perhaps it should be a mailer flag? */
                if (to->q_mailer == ProgMailer || to->q_mailer == FileMailer)
                /* XXX perhaps this should be to->q_mailer != LocalMailer ?? */
                /* XXX perhaps it should be a mailer flag? */
                if (to->q_mailer == ProgMailer || to->q_mailer == FileMailer)

+               {

                        ctladdr = getctladdr(to);
                        ctladdr = getctladdr(to);

+                       if (ctladdr != NULL &&
+                           bitset(QBOGUSSHELL, ctladdr->q_flags))
+                       {
+                               /* user has no valid shell on this machine */
+                               usrerr("550 User %s doesn't have a valid shell on %s",
+                                       ctladdr->q_ruser, MyHostName);
+                               giveresponse(EX_UNAVAILABLE, m, NULL, ctladdr, e);
+                               continue;
+                       }
+               }

 
                user = to->q_user;
                e->e_to = to->q_paddr;
 
                user = to->q_user;
                e->e_to = to->q_paddr;

diff --git a/usr/src/usr.sbin/sendmail/src/recipient.c b/usr/src/usr.sbin/sendmail/src/recipient.c
index 91dc13e..ba08f9d 100644 (file)
--- a/usr/src/usr.sbin/sendmail/src/recipient.c
+++ b/usr/src/usr.sbin/sendmail/src/recipient.c
@@ -7,7 +7,7 @@
  */
 
 #ifndef lint
  */
 
 #ifndef lint

-static char sccsid[] = "@(#)recipient.c        8.30 (Berkeley) %G%";
+static char sccsid[] = "@(#)recipient.c        8.31 (Berkeley) %G%";

 #endif /* not lint */
 
 # include "sendmail.h"
 #endif /* not lint */
 
 # include "sendmail.h"


@@ -474,6 +474,20 @@ recipient(a, sendq, e)
                        buildfname(pw->pw_gecos, pw->pw_name, nbuf);
                        if (nbuf[0] != '\0')
                                a->q_fullname = newstr(nbuf);
                        buildfname(pw->pw_gecos, pw->pw_name, nbuf);
                        if (nbuf[0] != '\0')
                                a->q_fullname = newstr(nbuf);

+#ifndef NEEDGETUSERSHELL
+                       if (pw->pw_shell != NULL && pw->pw_shell[0] != '\0')
+                       {
+                               extern char *getusershell();
+
+                               setusershell();
+                               while ((p = getusershell()) != NULL)
+                                       if (strcmp(p, pw->pw_shell) == 0)
+                                               break;
+                               endusershell();
+                               if (p == NULL)
+                                       a->q_flags |= QBOGUSSHELL;
+                       }
+#endif

                        if (!quoted)
                                forward(a, sendq, e);
                }
                        if (!quoted)
                                forward(a, sendq, e);
                }