Re: security(8) check maildir as well as mailbox permissions
On 2013-12-18 Wed 20:48 PM |, J??r??mie Courr??ges-Anglas wrote:
skin...@britvault.co.uk (Craig R. Skinner) writes:
On 2013-12-18 Wed 15:54 PM |, Stuart Henderson wrote:
Check the security of /var/mail/dirs similar to /var/mail/boxes:
Indeed, but security(8) really reflects things in the base OS,
smtpd.conf(8)
deliver to maildir path
Mail is added to a maildir. Its location, path, may
contain format specifiers that are expanded before use
Therefore: ... deliver to maildir /var/mail/%{user.username}
Therefore? How so? What's the logic, here?
THEREFORE software in base can deliver to maildir in /var/mail
Indeed, but security(8) really reflects things in the base OS,
OK?
--
Craig Skinner | http://twitter.com/Craig_Skinner | http://linkd.in/yGqkv7
mg(1) dired-unmark-backward
Make 'dired-unmark-backward' behave the same as emacs.
Any objections?
-lum
Index: dired.c
===
RCS file: /cvs/src/usr.bin/mg/dired.c,v
retrieving revision 1.63
diff -u -p -u -p -r1.63 dired.c
--- dired.c 3 Jun 2013 05:10:59 - 1.63
+++ dired.c 19 Dec 2013 09:12:31 -
@@ -305,11 +305,11 @@ d_undelbak(int f, int n)
if (n 0)
return (d_undel(f, -n));
while (n--) {
- if (llength(curwp-w_dotp) 0)
- lputc(curwp-w_dotp, 0, ' ');
if (lback(curwp-w_dotp) != curbp-b_headp)
curwp-w_dotp = lback(curwp-w_dotp);
- }
+ if (llength(curwp-w_dotp) 0)
+ lputc(curwp-w_dotp, 0, ' ');
+ }
curwp-w_rflag |= WFEDIT | WFMOVE;
return (d_warpdot(curwp-w_dotp, curwp-w_doto));
}
Re: security(8) check maildir as well as mailbox permissions
* Craig R. Skinner skin...@britvault.co.uk [2013-12-19 10:18]:
On 2013-12-18 Wed 20:48 PM |, J??r??mie Courr??ges-Anglas wrote:
skin...@britvault.co.uk (Craig R. Skinner) writes:
On 2013-12-18 Wed 15:54 PM |, Stuart Henderson wrote:
Check the security of /var/mail/dirs similar to /var/mail/boxes:
Indeed, but security(8) really reflects things in the base OS,
smtpd.conf(8)
deliver to maildir path
Mail is added to a maildir. Its location, path, may
contain format specifiers that are expanded before use
Therefore: ... deliver to maildir /var/mail/%{user.username}
Therefore? How so? What's the logic, here?
THEREFORE software in base can deliver to maildir in /var/mail
THEREFORE software in base can also deliver mail to
/omgohmymail/pr0n/$uid - does that mean we check it in security?
The question is rather wether Maildirs in /var/mail are a common
enough setup to warrant a check in security.
--
Henning Brauer, h...@bsws.de, henn...@openbsd.org
BS Web Services GmbH, http://bsws.de, Full-Service ISP
Secure Hosting, Mail and DNS Services. Dedicated Servers, Root to Fully Managed
Henning Brauer Consulting, http://henningbrauer.com/
drm ioctl woes
Annying implementation details between ioctls in OpenBSD and Linux.
On OpenBSD we don't copyout the ioctl arguments back to userland if
the ioctl fails, whereas Linux does. And of course the Intel
engineers designed an ioctl (DRM_IOCTL_I915_GEM_WAIT) that relies on
this :(. If interrupted (so the ioctl fails with EINTR) it is
supposed to return the time remaining, such that userland can restart
without running the risk of waiting until the death of the universe.
Not entirely unreasonable, but nevertheless rather annoying.
Easiest way around this is to do the copyin/copyout ourselves in the
implementation of this ioctl. Unfortunately that means a kernel ABI
break as we have to change the definition of the ioctl. And our
i915_drm.h diverges a bit more from the Linux one.
ok?
Index: i915_drm.h
===
RCS file: /cvs/src/sys/dev/pci/drm/i915_drm.h,v
retrieving revision 1.19
diff -u -p -r1.19 i915_drm.h
--- i915_drm.h 15 Jun 2013 11:27:59 - 1.19
+++ i915_drm.h 19 Dec 2013 11:31:23 -
@@ -235,7 +235,7 @@ typedef struct drm_i915_sarea {
#define DRM_IOCTL_I915_OVERLAY_ATTRS DRM_IOWR(DRM_COMMAND_BASE +
DRM_I915_OVERLAY_ATTRS, struct drm_intel_overlay_attrs)
#define DRM_IOCTL_I915_SET_SPRITE_COLORKEY DRM_IOWR(DRM_COMMAND_BASE +
DRM_I915_SET_SPRITE_COLORKEY, struct drm_intel_sprite_colorkey)
#define DRM_IOCTL_I915_GET_SPRITE_COLORKEY DRM_IOWR(DRM_COMMAND_BASE +
DRM_I915_GET_SPRITE_COLORKEY, struct drm_intel_sprite_colorkey)
-#define DRM_IOCTL_I915_GEM_WAITDRM_IOWR(DRM_COMMAND_BASE +
DRM_I915_GEM_WAIT, struct drm_i915_gem_wait)
+#define DRM_IOCTL_I915_GEM_WAITDRM_IO( DRM_COMMAND_BASE +
DRM_I915_GEM_WAIT /*, struct drm_i915_gem_wait */)
#define DRM_IOCTL_I915_GEM_CONTEXT_CREATE DRM_IOWR (DRM_COMMAND_BASE +
DRM_I915_GEM_CONTEXT_CREATE, struct drm_i915_gem_context_create)
#define DRM_IOCTL_I915_GEM_CONTEXT_DESTROY DRM_IOW (DRM_COMMAND_BASE +
DRM_I915_GEM_CONTEXT_DESTROY, struct drm_i915_gem_context_destroy)
#define DRM_IOCTL_I915_REG_READDRM_IOWR
(DRM_COMMAND_BASE + DRM_I915_REG_READ, struct drm_i915_reg_read)
Index: i915/i915_gem.c
===
RCS file: /cvs/src/sys/dev/pci/drm/i915/i915_gem.c,v
retrieving revision 1.60
diff -u -p -r1.60 i915_gem.c
--- i915/i915_gem.c 15 Dec 2013 11:42:10 - 1.60
+++ i915/i915_gem.c 19 Dec 2013 11:31:23 -
@@ -2501,13 +2509,17 @@ i915_gem_object_flush_active(struct drm_
int
i915_gem_wait_ioctl(struct drm_device *dev, void *data, struct drm_file *file)
{
- struct drm_i915_gem_wait *args = data;
+ struct drm_i915_gem_wait stkbuf;
+ struct drm_i915_gem_wait *args = stkbuf;
struct drm_i915_gem_object *obj;
struct intel_ring_buffer *ring = NULL;
struct timespec timeout_stack, *timeout = NULL;
u32 seqno = 0;
int ret = 0;
+ if (copyin(*(caddr_t *)data, stkbuf, sizeof(stkbuf)))
+ return -EFAULT;
+
if (args-timeout_ns = 0) {
timeout_stack = ns_to_timespec(args-timeout_ns);
timeout = timeout_stack;
@@ -2552,6 +2564,8 @@ i915_gem_wait_ioctl(struct drm_device *d
WARN_ON(!timespec_valid(timeout));
args-timeout_ns = timespec_to_ns(timeout);
}
+ if (copyout(stkbuf, *(caddr_t *)data, sizeof(stkbuf)))
+ return -EFAULT;
return ret;
out:
Re: security(8) check maildir as well as mailbox permissions
Am 12/19/13 10:55, schrieb Henning Brauer:
* Craig R. Skinner skin...@britvault.co.uk [2013-12-19 10:18]:
On 2013-12-18 Wed 20:48 PM |, J??r??mie Courr??ges-Anglas wrote:
skin...@britvault.co.uk (Craig R. Skinner) writes:
On 2013-12-18 Wed 15:54 PM |, Stuart Henderson wrote:
Check the security of /var/mail/dirs similar to /var/mail/boxes:
Indeed, but security(8) really reflects things in the base OS,
smtpd.conf(8)
deliver to maildir path
Mail is added to a maildir. Its location, path, may
contain format specifiers that are expanded before use
Therefore: ... deliver to maildir /var/mail/%{user.username}
Therefore? How so? What's the logic, here?
THEREFORE software in base can deliver to maildir in /var/mail
THEREFORE software in base can also deliver mail to
/omgohmymail/pr0n/$uid - does that mean we check it in security?
The question is rather wether Maildirs in /var/mail are a common
enough setup to warrant a check in security.
By default it's supposed to be in $HOME/Maildir:
smtpd.conf(5)
deliver to maildir path
[snip what's quoted above]
If path is not provided, then ~/Maildir is assumed.
Bye, Marcus
Re: security(8) check maildir as well as mailbox permissions
Marcus MERIGHI mcmer-open...@tor.at writes: [...] By default it's supposed to be in $HOME/Maildir: smtpd.conf(5) deliver to maildir path [snip what's quoted above] If path is not provided, then ~/Maildir is assumed. Bye, Marcus We are aware of this. Now read again the previous mails and ask yourself why this part of the documentation has been stripped twice by the same guy. -- jca | PGP: 0x06A11494 / 61DB D9A0 00A4 67CF 2A90 8961 6191 8FBF 06A1 1494
Re: Alter daemon scheduling priority with renice for rc.d
On 2013-12-19, Craig R. Skinner skin...@britvault.co.uk wrote: $ sudoedit /etc/rc.d/fucktimer Get this misogynistic crap off our lists.
Re: drm ioctl woes
On Thu, Dec 19, 2013 at 4:56 AM, Mark Kettenis mark.kette...@xs4all.nl wrote: Annying implementation details between ioctls in OpenBSD and Linux. On OpenBSD we don't copyout the ioctl arguments back to userland if the ioctl fails, whereas Linux does. And of course the Intel engineers designed an ioctl (DRM_IOCTL_I915_GEM_WAIT) that relies on this :(. If interrupted (so the ioctl fails with EINTR) it is supposed to return the time remaining, such that userland can restart without running the risk of waiting until the death of the universe. Not entirely unreasonable, but nevertheless rather annoying. I guess they took a different lesson from the mess that resulted from Linux's select() actually updating the supplied timeout. And they also ignored how pthread_cond_timedwait() uses an absolute timeout to solve this. sigh Philip Guenther
tftp-proxy(8) with nat-to
tftp-proxy(8) doesn't work if there is a nat gateway in the path from
the client to the server.
I considered changing the location of the tftp server in our network
but that's not possibly because of reasons. (6) of RFC 1925
applies...
With this tftp-proxy(8) grows another knob (-a) like ftp-proxy.
I'm cautiously optimistic that this doesn't change current behaviour
at all but would appriciate tests from tftp-proxy(8) users.
Comments / OKs?
diff --git tftp-proxy.8 tftp-proxy.8
index f0dc9a4..286ca37 100644
--- tftp-proxy.8
+++ tftp-proxy.8
@@ -34,6 +34,7 @@
.Sh SYNOPSIS
.Nm tftp-proxy
.Op Fl 46dv
+.Op Fl a Ar address
.Op Fl l Ar address
.Op Fl p Ar port
.Op Fl w Ar transwait
@@ -51,7 +52,7 @@ a rule with divert-reply set.
.Pp
The proxy inserts
.Xr pf 4
-pass rules using the
+pass or rdr rules using the
.Ar anchor
facility to allow payload packets between the client and the server.
Once the rules are inserted,
@@ -76,6 +77,13 @@ to use IPv4 addresses only.
Forces
.Nm
to use IPv6 addresses only.
+.It Fl a Ar address
+The proxy will use this as the source address for the initial request from
+the client to the server for nat traversal.
+This has to be the IP to which an accompanying nat-to
+.Xr pf 4
+rule translates outgoing packets.
+Instead of pass rules rdr rules will be generated.
.It Fl d
Do not daemonize.
If this option is specified,
diff --git tftp-proxy.c tftp-proxy.c
index bcbecd7..4b7588d1 100644
--- tftp-proxy.c
+++ tftp-proxy.c
@@ -141,7 +141,7 @@ __dead void
usage(void)
{
extern char *__progname;
- fprintf(stderr, usage: %s [-46dv] [-l address] [-p port]
+ fprintf(stderr, usage: %s [-46dv] [-a address] [-l address] [-p port]
[-w transwait]\n, __progname);
exit(1);
}
@@ -179,6 +179,13 @@ struct proxy_child {
struct proxy_child *child = NULL;
TAILQ_HEAD(, proxy_listener) proxy_listeners;
+struct src_addr {
+ TAILQ_ENTRY(src_addr) entry;
+ struct sockaddr addr;
+ socklen_t addrlen;
+};
+TAILQ_HEAD(, src_addr) src_addrs;
+
int
main(int argc, char *argv[])
{
@@ -187,15 +194,19 @@ main(int argc, char *argv[])
int c;
const char *errstr;
+ struct addrinfo hints, *res, *res0;
struct passwd *pw;
+ struct src_addr *saddr;
char *addr = localhost;
char *port = 6969;
int family = AF_UNSPEC;
- int pair[2];
+ int pair[2], error;
- while ((c = getopt(argc, argv, 46dvl:p:w:)) != -1) {
+ TAILQ_INIT(src_addrs);
+
+ while ((c = getopt(argc, argv, 46a:dvl:p:w:)) != -1) {
switch (c) {
case '4':
family = AF_INET;
@@ -203,6 +214,26 @@ main(int argc, char *argv[])
case '6':
family = AF_INET6;
break;
+ case 'a':
+ memset(hints, 0, sizeof(hints));
+ hints.ai_family = AF_UNSPEC;
+ hints.ai_socktype = SOCK_DGRAM;
+ hints.ai_flags = AI_PASSIVE;
+ error = getaddrinfo(optarg, 0, hints, res0);
+ if (error)
+ errx(1, %s:%s: %s, optarg, 0,
+ gai_strerror(error));
+ for (res = res0; res != NULL; res = res-ai_next) {
+ if ((saddr = calloc(1, sizeof(struct src_addr)))
+ == NULL)
+ errx(1, calloc);
+ memcpy((saddr-addr), res-ai_addr,
+ sizeof(struct sockaddr));
+ saddr-addrlen = res-ai_addrlen;
+ TAILQ_INSERT_TAIL(src_addrs, saddr, entry);
+ }
+ freeaddrinfo(res0);
+ break;
case 'd':
verbose = debug = 1;
break;
@@ -360,7 +391,8 @@ privproc_pop(int fd, short events, void *arg)
struct addr_pair req;
struct privproc *p = arg;
struct fd_reply *rep;
- int add = 0;
+ struct src_addr *saddr;
+ int add = 0, found = 0;
switch (evbuffer_read(p-buf, fd, sizeof(req))) {
case 0:
@@ -407,9 +439,24 @@ privproc_pop(int fd, short events, void *arg)
on, sizeof(on)) == -1)
lerr(1, privproc setsockopt(REUSEPORT));
- if (bind(rep-fd, (struct sockaddr *)req.src,
- req.src.ss_len) == -1)
- lerr(1, privproc bind);
+ if (TAILQ_EMPTY(src_addrs)) {
+ if (bind(rep-fd, (struct sockaddr *)req.src,
+ req.src.ss_len) == -1)
+ lerr(1, privproc bind);
+ } else {
+ TAILQ_FOREACH(saddr,
Re: diff for passing -b to spamd-setup when running spamd in blacklist only mode
On 12/14/13 13:15, Maurice Janssen wrote:
On Fri, Dec 13, 2013 at 11:53:06PM +0100, Alexander Hall wrote:
On 12/13/13 22:32, Maurice Janssen wrote:
Hi,
After some discussion on misc@ (see
http://comments.gmane.org/gmane.os.openbsd.misc/209233 ) I came up
with the patch below. Right now, spamd-setup is started with -D in
/etc/rc. However, when running spamd in blacklist only mode, I think
it's better to start spamd-setup also with -b. Otherwise, the
spamd table in pf is not filled with the data from the blacklists
and spamd is effectively not operational until it is run with -b either
manually or from cron.
Maurice
Diff is whitespace mangled. Care to resend it?
Oops, this one should be better.
Committed as-is (two days ago). Thanks!
/Alexander
Maurice
Index: rc
===
RCS file: /cvs/src/etc/rc,v
retrieving revision 1.407
diff -u -p -u -r1.407 rc
--- rc 9 Aug 2013 16:24:54 - 1.407
+++ rc 14 Dec 2013 12:13:27 -
@@ -499,10 +499,6 @@ start_daemon rbootd mopd popa3d spamd sp
start_daemon ipropd_master ipropd_slave sndiod
echo '.'
-if [ X${spamd_flags} != XNO ]; then
- /usr/libexec/spamd-setup -D
-fi
-
# If rc.firstime exists, run it just once, and make sure it is deleted
if [ -f /etc/rc.firsttime ]; then
mv /etc/rc.firsttime /etc/rc.firsttime.run
Index: rc.d/spamd
===
RCS file: /cvs/src/etc/rc.d/spamd,v
retrieving revision 1.3
diff -u -p -u -r1.3 spamd
--- rc.d/spamd 13 Sep 2013 14:50:56 - 1.3
+++ rc.d/spamd 14 Dec 2013 12:13:27 -
@@ -15,4 +15,12 @@ rc_pre() {
return 0
}
+rc_start() {
+ ${rcexec} ${daemon} ${daemon_flags} ${_bg}
+ spamd_setup_flags=-D
+ [ X${spamd_black} != XNO ] \
+ spamd_setup_flags=-b ${spamd_setup_flags}
+ rc_do rc_wait start /usr/libexec/spamd-setup ${spamd_setup_flags}
+}
+
rc_cmd $1
ftp(1) SSL/TLS server certificate validation
All the code is under #ifndef SMALL, except for the getopt(3) goo; I saw
no size increase in the on-disk file, and build-checked that the
ramdisks still fit on i386.
Validation error messages straight from OpenSSL.
ok?
Index: fetch.c
===
RCS file: /cvs/src/usr.bin/ftp/fetch.c,v
retrieving revision 1.111
diff -u -p -r1.111 fetch.c
--- fetch.c 13 Nov 2013 20:41:10 - 1.111
+++ fetch.c 19 Dec 2013 23:25:41 -
@@ -606,8 +606,27 @@ again:
SSL_load_error_strings();
SSLeay_add_ssl_algorithms();
ssl_ctx = SSL_CTX_new(SSLv23_client_method());
+ if (ssl_ctx == NULL) {
+ ERR_print_errors_fp(ttyout);
+ goto cleanup_url_get;
+ }
+ if (ssl_verify) {
+ if (ssl_ca_file == NULL ssl_ca_path == NULL)
+ ssl_ca_file = _PATH_SSL_CAFILE;
+ if (SSL_CTX_load_verify_locations(ssl_ctx,
+ ssl_ca_file, ssl_ca_path) != 1) {
+ ERR_print_errors_fp(ttyout);
+ goto cleanup_url_get;
+ }
+ SSL_CTX_set_verify(ssl_ctx, SSL_VERIFY_PEER, NULL);
+ if (ssl_verify_depth != -1)
+ SSL_CTX_set_verify_depth(ssl_ctx,
+ ssl_verify_depth);
+ }
+ if (ssl_ciphers != NULL)
+ SSL_CTX_set_cipher_list(ssl_ctx, ssl_ciphers);
ssl = SSL_new(ssl_ctx);
- if (ssl == NULL || ssl_ctx == NULL) {
+ if (ssl == NULL) {
ERR_print_errors_fp(ttyout);
goto cleanup_url_get;
}
Index: ftp.1
===
RCS file: /cvs/src/usr.bin/ftp/ftp.1,v
retrieving revision 1.88
diff -u -p -r1.88 ftp.1
--- ftp.1 28 Apr 2013 18:03:40 - 1.88
+++ ftp.1 19 Dec 2013 23:41:16 -
@@ -59,6 +59,7 @@
.Op Fl C
.Op Fl c Ar cookie
.Op Fl o Ar output
+.Op Fl S Ar ssl_options
.Op Fl s Ar srcaddr
.Sm off
.No http[s]:// Oo Ar user : password No @
@@ -216,6 +217,43 @@ if the server does not support passive c
.It Fl r Ar seconds
Retry to connect if failed, pausing for number of
.Ar seconds .
+.It Fl S Ar ssl_options
+SSL/TLS options to use with HTTPS transfers.
+The following settings are available:
+.Bl -tag -width Ds
+.It Cm cafile Ns = Ns Ar /path/to/cert.pem
+PEM encoded file containing CA certificates used for certificate
+validation.
+.It Cm capath Ns = Ns Ar /path/to/certs/
+Directory containing PEM encoded CA certificates used for certificate
+validation.
+Such a directory can be prepared using the c_rehash OpenSSL utility.
+.It Cm ciphers Ns = Ns Ar cipher_list
+Specify the list of ciphers that will be used by
+.Nm .
+See the
+.Xr openssl 1
+.Cm ciphers
+subcommand.
+.It Cm depth Ns = Ns Ar max_depth
+Maximum depth of the certificate chain allowed when performing
+validation.
+.It Cm do
+Perform server certificate validation.
+.It Cm dont
+Don't perform server certificate validation.
+.El
+.Pp
+By default, server certificate validation is performed, and if it fails
+.Nm
+will abort.
+If no
+.Cm cafile
+or
+.Cm capath
+setting is provided,
+.Pa /etc/ssl/cert.pem
+will be used.
.It Fl s Ar srcaddr
Use
.Ar srcaddr
Index: ftp_var.h
===
RCS file: /cvs/src/usr.bin/ftp/ftp_var.h,v
retrieving revision 1.32
diff -u -p -r1.32 ftp_var.h
--- ftp_var.h 30 Apr 2012 13:41:26 - 1.32
+++ ftp_var.h 17 Dec 2013 10:59:48 -
@@ -229,3 +229,14 @@ char macbuf[4096];
FILE *ttyout;/* stdout or stderr, depending on interactive */
extern struct cmd cmdtab[];
+
+#ifndef SMALL
+extern char*ssl_ciphers;
+extern char*ssl_ca_file;
+extern char*ssl_ca_path;
+extern int ssl_verify;
+extern int ssl_verify_depth;
+# ifndef _PATH_SSL_CAFILE
+# define _PATH_SSL_CAFILE /etc/ssl/cert.pem
+# endif
+#endif /* !SMALL */
Index: main.c
===
RCS file: /cvs/src/usr.bin/ftp/main.c,v
retrieving revision 1.85
diff -u -p -r1.85 main.c
--- main.c 26 Aug 2012 02:16:02 - 1.85
+++ main.c 19 Dec 2013 23:49:50 -
@@ -67,6 +67,7 @@
#include ctype.h
#include err.h
+#include limits.h
#include netdb.h
#include pwd.h
#include stdio.h
@@ -78,6 +79,29 @@
#include ftp_var.h
#include cmds.h
+#ifndef SMALL
+char * const ssl_verify_opts[] = {
+#define SSL_CAFILE 0
+ cafile,
+#define SSL_CAPATH 1
+ capath,
+#define SSL_CIPHERS2
+ ciphers,
+#define SSL_DONTVERIFY 3
+ dont,
+#define SSL_DOVERIFY 4
+ do,
+#define SSL_VERIFYDEPTH5
+ depth,
+
Re: Weird loop in ftp client
Maxime Villard m...@m00nbsd.net writes:
Is there something wrong with this patch?
Nope, there is something wrong with ftp(1) and how it recovers from the
error. I'll commit this tomorrow unless someone disagrees.
Le 29/11/2013 20:44, Maxime Villard a écrit :
What about that?
Index: ftp.c
===
RCS file: /cvs/src/usr.bin/ftp/ftp.c,v
retrieving revision 1.83
diff -u -r1.83 ftp.c
--- ftp.c13 Nov 2013 20:41:14 - 1.83
+++ ftp.c29 Nov 2013 21:17:49 -
@@ -1089,9 +1089,10 @@
may_send_noop_char();
d = 0;
do {
-wr = write(fileno(fout), buf + d, rd);
-if (wr == -1 errno == EPIPE)
+if ((wr = write(fileno(fout), buf + d, rd)) ==
-1) {
+d = -1;
break;
+}
d += wr;
rd -= wr;
} while (d c);
p is set to -1 to display the proper error message
of course here I meant 'd'
--
jca | PGP: 0x06A11494 / 61DB D9A0 00A4 67CF 2A90 8961 6191 8FBF 06A1 1494
Re: tftp-proxy(8) with nat-to
im glad you wrote a diff rather than simply complain that nat and tftp doesnt
work. the moving parts generally look good to me apart from the struct src_addr
and getopt chunks.
please use sockaddr_storage instead of sockaddr in the src_addr struct.
could you split the resolution of the argument to -a out into a separate
function and call it after the getopt loop, and pass the value of the family
variable to it too?
you might want to use sockaddr_storage in unprivproc_pop too.
cheers,
dlg
On 20 Dec 2013, at 5:03 am, Florian Obser flor...@openbsd.org wrote:
tftp-proxy(8) doesn't work if there is a nat gateway in the path from
the client to the server.
I considered changing the location of the tftp server in our network
but that's not possibly because of reasons. (6) of RFC 1925
applies...
With this tftp-proxy(8) grows another knob (-a) like ftp-proxy.
I'm cautiously optimistic that this doesn't change current behaviour
at all but would appriciate tests from tftp-proxy(8) users.
Comments / OKs?
diff --git tftp-proxy.8 tftp-proxy.8
index f0dc9a4..286ca37 100644
--- tftp-proxy.8
+++ tftp-proxy.8
@@ -34,6 +34,7 @@
.Sh SYNOPSIS
.Nm tftp-proxy
.Op Fl 46dv
+.Op Fl a Ar address
.Op Fl l Ar address
.Op Fl p Ar port
.Op Fl w Ar transwait
@@ -51,7 +52,7 @@ a rule with divert-reply set.
.Pp
The proxy inserts
.Xr pf 4
-pass rules using the
+pass or rdr rules using the
.Ar anchor
facility to allow payload packets between the client and the server.
Once the rules are inserted,
@@ -76,6 +77,13 @@ to use IPv4 addresses only.
Forces
.Nm
to use IPv6 addresses only.
+.It Fl a Ar address
+The proxy will use this as the source address for the initial request from
+the client to the server for nat traversal.
+This has to be the IP to which an accompanying nat-to
+.Xr pf 4
+rule translates outgoing packets.
+Instead of pass rules rdr rules will be generated.
.It Fl d
Do not daemonize.
If this option is specified,
diff --git tftp-proxy.c tftp-proxy.c
index bcbecd7..4b7588d1 100644
--- tftp-proxy.c
+++ tftp-proxy.c
@@ -141,7 +141,7 @@ __dead void
usage(void)
{
extern char *__progname;
- fprintf(stderr, usage: %s [-46dv] [-l address] [-p port]
+ fprintf(stderr, usage: %s [-46dv] [-a address] [-l address] [-p port]
[-w transwait]\n, __progname);
exit(1);
}
@@ -179,6 +179,13 @@ struct proxy_child {
struct proxy_child *child = NULL;
TAILQ_HEAD(, proxy_listener) proxy_listeners;
+struct src_addr {
+ TAILQ_ENTRY(src_addr) entry;
+ struct sockaddr addr;
+ socklen_t addrlen;
+};
+TAILQ_HEAD(, src_addr) src_addrs;
+
int
main(int argc, char *argv[])
{
@@ -187,15 +194,19 @@ main(int argc, char *argv[])
int c;
const char *errstr;
+ struct addrinfo hints, *res, *res0;
struct passwd *pw;
+ struct src_addr *saddr;
char *addr = localhost;
char *port = 6969;
int family = AF_UNSPEC;
- int pair[2];
+ int pair[2], error;
- while ((c = getopt(argc, argv, 46dvl:p:w:)) != -1) {
+ TAILQ_INIT(src_addrs);
+
+ while ((c = getopt(argc, argv, 46a:dvl:p:w:)) != -1) {
switch (c) {
case '4':
family = AF_INET;
@@ -203,6 +214,26 @@ main(int argc, char *argv[])
case '6':
family = AF_INET6;
break;
+ case 'a':
+ memset(hints, 0, sizeof(hints));
+ hints.ai_family = AF_UNSPEC;
+ hints.ai_socktype = SOCK_DGRAM;
+ hints.ai_flags = AI_PASSIVE;
+ error = getaddrinfo(optarg, 0, hints, res0);
+ if (error)
+ errx(1, %s:%s: %s, optarg, 0,
+ gai_strerror(error));
+ for (res = res0; res != NULL; res = res-ai_next) {
+ if ((saddr = calloc(1, sizeof(struct src_addr)))
+ == NULL)
+ errx(1, calloc);
+ memcpy((saddr-addr), res-ai_addr,
+ sizeof(struct sockaddr));
+ saddr-addrlen = res-ai_addrlen;
+ TAILQ_INSERT_TAIL(src_addrs, saddr, entry);
+ }
+ freeaddrinfo(res0);
+ break;
case 'd':
verbose = debug = 1;
break;
@@ -360,7 +391,8 @@ privproc_pop(int fd, short events, void *arg)
struct addr_pair req;
struct privproc *p = arg;
struct fd_reply *rep;
- int add = 0;
+ struct src_addr *saddr;
+ int add = 0, found = 0;
switch (evbuffer_read(p-buf, fd, sizeof(req))) {
case 0:
@@ -407,9 +439,24 @@ privproc_pop(int fd, short events, void
Re: abstract the is multi-threaded? test in kernel
On Sun, Dec 15, 2013 at 6:02 PM, Ted Unangst t...@tedunangst.com wrote: I am concerned then that this function will lie. Or at least, the precise specification for it escapes me. This will return false for a process that was threaded, but isn't anymore, which seems ok, but fuzzy in the case where only a spawned thread and not the main thread is left. The case where the only remaining thread is not the main thread is something that may need to be handled either as threaded or not threaded. I'm a little worried that an abstraction like this will lead to mistakes if the definition isn't clear. Huh. Okay. It was meant as a quick easy abstraction, but I don't feel strongly enough to stuff it down anyone's throat. Withdrawn. Philip
Re: security(8) check maildir as well as mailbox permissions
On 20 Dec 2013, at 2:56 am, Alexander Hall alexan...@beard.se wrote:
Henning Brauer lists-openbsdt...@bsws.de wrote:
* Craig R. Skinner skin...@britvault.co.uk [2013-12-19 10:18]:
On 2013-12-18 Wed 20:48 PM |, J??r??mie Courr??ges-Anglas wrote:
skin...@britvault.co.uk (Craig R. Skinner) writes:
On 2013-12-18 Wed 15:54 PM |, Stuart Henderson wrote:
Check the security of /var/mail/dirs similar to
/var/mail/boxes:
Indeed, but security(8) really reflects things in the base OS,
smtpd.conf(8)
deliver to maildir path
Mail is added to a maildir. Its location, path, may
contain format specifiers that are expanded before use
Therefore: ... deliver to maildir /var/mail/%{user.username}
Therefore? How so? What's the logic, here?
THEREFORE software in base can deliver to maildir in /var/mail
THEREFORE software in base can also deliver mail to
/omgohmymail/pr0n/$uid - does that mean we check it in security?
The question is rather wether Maildirs in /var/mail are a common
enough setup to warrant a check in security.
I totally agree with Henning here.
That said, I ended up putting my Maildirs in /var/maildir because of this, so
I for one wouldn't object.
i also put maildirs in /var/maildir...
/Alexander
