26448b1eab
Resolves: rhbz#2228229 Resolves: CVE-2023-51765
247 lines
6.8 KiB
Diff
247 lines
6.8 KiB
Diff
diff --git a/cf/cf/submit.mc b/cf/cf/submit.mc
|
|
index 6e2b360..45df0e6 100644
|
|
--- a/cf/cf/submit.mc
|
|
+++ b/cf/cf/submit.mc
|
|
@@ -22,6 +22,8 @@ define(`__OSTYPE__',`')dnl dirty hack to keep proto.m4 from complaining
|
|
define(`_USE_DECNET_SYNTAX_', `1')dnl support DECnet
|
|
define(`confTIME_ZONE', `USE_TZ')dnl
|
|
define(`confDONT_INIT_GROUPS', `True')dnl
|
|
+dnl # If you're operating in a DSCP/RFC-4594 environment with QoS
|
|
+dnl define(`confINET_QOS', `AF11')dnl
|
|
define(`confPID_FILE', `/run/sm-client.pid')dnl
|
|
dnl define(`confDIRECT_SUBMISSION_MODIFIERS',`C')dnl
|
|
FEATURE(`use_ct_file')dnl
|
|
diff --git a/cf/m4/proto.m4 b/cf/m4/proto.m4
|
|
index 58708e3..fb0264a 100644
|
|
--- a/cf/m4/proto.m4
|
|
+++ b/cf/m4/proto.m4
|
|
@@ -266,6 +266,9 @@ _OPTION(SevenBitInput, `confSEVEN_BIT_INPUT', `False')
|
|
# 8-bit data handling
|
|
_OPTION(EightBitMode, `confEIGHT_BIT_HANDLING', `pass8')
|
|
|
|
+# DSCP marking of traffic (IP_TOS)
|
|
+_OPTION(InetQoS, `confINET_QOS', `none')
|
|
+
|
|
# wait for alias file rebuild (default units: minutes)
|
|
_OPTION(AliasWait, `confALIAS_WAIT', `5m')
|
|
|
|
diff --git a/sendmail/conf.c b/sendmail/conf.c
|
|
index 762e0d2..75c5e12 100644
|
|
--- a/sendmail/conf.c
|
|
+++ b/sendmail/conf.c
|
|
@@ -6728,6 +6728,10 @@ char *FFRCompileOptions[] =
|
|
/* Check to make sure key fields were read from qf */
|
|
"_FFR_QF_PARANOIA",
|
|
#endif
|
|
+#if _FFR_QOS && defined(SOL_IP) && defined(IP_TOS)
|
|
+ /* QoS */
|
|
+ "_FFR_QOS",
|
|
+#endif /* _FFR_QOS && defined(SOL_IP) && defined(IP_TOS) */
|
|
#if _FFR_QUEUE_GROUP_SORTORDER
|
|
/* Allow QueueSortOrder per queue group. */
|
|
/* XXX: Still need to actually use qgrp->qg_sortorder */
|
|
diff --git a/sendmail/daemon.c b/sendmail/daemon.c
|
|
index d37c508..5fa284a 100644
|
|
--- a/sendmail/daemon.c
|
|
+++ b/sendmail/daemon.c
|
|
@@ -124,6 +124,10 @@ static int NDaemons = 0; /* actual number of daemons */
|
|
|
|
static time_t NextDiskSpaceCheck = 0;
|
|
|
|
+#if _FFR_QOS && defined(SOL_IP) && defined(IP_TOS)
|
|
+int InetQoS = 0; /* none by default */
|
|
+#endif /* _FFR_QOS && defined(SOL_IP) && defined(IP_TOS) */
|
|
+
|
|
/*
|
|
** GETREQUESTS -- open mail IPC port and get requests.
|
|
**
|
|
@@ -1166,6 +1170,16 @@ opendaemonsocket(d, firsttime)
|
|
(void) setsockopt(d->d_socket, SOL_SOCKET,
|
|
SO_KEEPALIVE, (char *)&on, sizeof(on));
|
|
|
|
+#if _FFR_QOS && defined(SOL_IP) && defined(IP_TOS)
|
|
+ if (InetQoS != 0x00
|
|
+ && (d->d_addr.sa.sa_family == AF_INET
|
|
+ || (d->d_addr.sin6.sin6_family == AF_INET6 && IN6_IS_ADDR_V4MAPPED(d->d_addr.sin6.sin6_addr.s6_addr32)))) {
|
|
+ if (setsockopt(d->d_socket, SOL_IP,
|
|
+ IP_TOS, (char *)&InetQoS, sizeof(InetQoS)) < 0)
|
|
+ syserr("opendaemonsock: daemon %s: setsockopt(IP_TOS)", d->d_name);
|
|
+ }
|
|
+#endif /* _FFR_QOS && defined(SOL_IP) && defined(IP_TOS) */
|
|
+
|
|
#ifdef SO_RCVBUF
|
|
if (d->d_tcprcvbufsize > 0)
|
|
{
|
|
@@ -2730,6 +2744,16 @@ gothostent:
|
|
return EX_TEMPFAIL;
|
|
}
|
|
|
|
+#if _FFR_QOS && defined(SOL_IP) && defined(IP_TOS)
|
|
+ if (InetQoS != 0x00
|
|
+ && (family == AF_INET
|
|
+ || (family == AF_INET6 && IN6_IS_ADDR_V4MAPPED(addr.sin6.sin6_addr.s6_addr32))))
|
|
+ {
|
|
+ if (setsockopt(s, SOL_IP, IP_TOS,
|
|
+ (char *)&InetQoS, sizeof(InetQoS)) < 0)
|
|
+ syserr("makeconnection: setsockopt(IP_TOS)");
|
|
+ }
|
|
+#endif /* _FFR_QOS && defined(SOL_IP) && defined(IP_TOS) */
|
|
#ifdef SO_SNDBUF
|
|
if (ClientSettings[family].d_tcpsndbufsize > 0)
|
|
{
|
|
diff --git a/sendmail/readcf.c b/sendmail/readcf.c
|
|
index 24b0a6f..9406160 100644
|
|
--- a/sendmail/readcf.c
|
|
+++ b/sendmail/readcf.c
|
|
@@ -24,6 +24,7 @@ SM_RCSID("@(#)$Id: readcf.c,v 8.692 2013-11-22 20:51:56 ca Exp $")
|
|
|
|
#if NETINET || NETINET6
|
|
# include <arpa/inet.h>
|
|
+# include <netinet/ip.h>
|
|
#endif
|
|
|
|
|
|
@@ -3135,8 +3136,8 @@ static struct optioninfo
|
|
# define O_RCPTTHROTDELAY 0xe6
|
|
{ "BadRcptThrottleDelay", O_RCPTTHROTDELAY, OI_SAFE },
|
|
#endif
|
|
-#if 0 && _FFR_QOS && defined(SOL_IP) && defined(IP_TOS)
|
|
-# define O_INETQOS 0xe7 /* reserved for FFR_QOS */
|
|
+#if _FFR_QOS && defined(SOL_IP) && defined(IP_TOS)
|
|
+# define O_INETQOS 0xe7
|
|
{ "InetQoS", O_INETQOS, OI_NONE },
|
|
#endif
|
|
#if STARTTLS && _FFR_FIPSMODE
|
|
@@ -3211,6 +3212,77 @@ static struct optioninfo
|
|
{ NULL, '\0', OI_NONE }
|
|
};
|
|
|
|
+#ifdef O_INETQOS
|
|
+static struct qosmap
|
|
+{
|
|
+ char *name; /* name of the setting */
|
|
+ int value; /* corresponding setsockopt() value */
|
|
+} QoSMap[] = {
|
|
+#ifdef IPTOS_CLASS_CS0
|
|
+ { "CS0", IPTOS_CLASS_CS0 },
|
|
+#endif
|
|
+#ifdef IPTOS_CLASS_CS1
|
|
+ { "CS1", IPTOS_CLASS_CS1 },
|
|
+#endif
|
|
+#ifdef IPTOS_DSCP_AF11
|
|
+ { "AF11", IPTOS_DSCP_AF11 },
|
|
+#endif
|
|
+#ifdef IPTOS_DSCP_AF12
|
|
+ { "AF12", IPTOS_DSCP_AF12 },
|
|
+#endif
|
|
+#ifdef IPTOS_DSCP_AF13
|
|
+ { "AF13", IPTOS_DSCP_AF13 },
|
|
+#endif
|
|
+#ifdef IPTOS_CLASS_CS2
|
|
+ { "CS2", IPTOS_CLASS_CS2 },
|
|
+#endif
|
|
+#ifdef IPTOS_DSCP_AF21
|
|
+ { "AF21", IPTOS_DSCP_AF21 },
|
|
+#endif
|
|
+#ifdef IPTOS_DSCP_AF22
|
|
+ { "AF22", IPTOS_DSCP_AF22 },
|
|
+#endif
|
|
+#ifdef IPTOS_DSCP_AF23
|
|
+ { "AF23", IPTOS_DSCP_AF23 },
|
|
+#endif
|
|
+#ifdef IPTOS_CLASS_CS3
|
|
+ { "CS3", IPTOS_CLASS_CS3 },
|
|
+#endif
|
|
+#ifdef IPTOS_DSCP_AF31
|
|
+ { "AF31", IPTOS_DSCP_AF31 },
|
|
+#endif
|
|
+#ifdef IPTOS_DSCP_AF32
|
|
+ { "AF32", IPTOS_DSCP_AF32 },
|
|
+#endif
|
|
+#ifdef IPTOS_DSCP_AF33
|
|
+ { "AF33", IPTOS_DSCP_AF33 },
|
|
+#endif
|
|
+#ifdef IPTOS_CLASS_CS4
|
|
+ { "CS4", IPTOS_CLASS_CS4 },
|
|
+#endif
|
|
+#ifdef IPTOS_DSCP_AF41
|
|
+ { "AF41", IPTOS_DSCP_AF41 },
|
|
+#endif
|
|
+#ifdef IPTOS_DSCP_AF42
|
|
+ { "AF42", IPTOS_DSCP_AF42 },
|
|
+#endif
|
|
+#ifdef IPTOS_DSCP_AF43
|
|
+ { "AF43", IPTOS_DSCP_AF43 },
|
|
+#endif
|
|
+#ifdef IPTOS_CLASS_CS5
|
|
+ { "CS5", IPTOS_CLASS_CS5 },
|
|
+#endif
|
|
+#ifdef IPTOS_CLASS_CS6
|
|
+ { "CS6", IPTOS_CLASS_CS6 },
|
|
+#endif
|
|
+#ifdef IPTOS_CLASS_CS7
|
|
+ { "CS7", IPTOS_CLASS_CS7 },
|
|
+#endif
|
|
+ { "none", 0x00 },
|
|
+ { NULL, 0 }
|
|
+};
|
|
+#endif
|
|
+
|
|
# define CANONIFY(val)
|
|
|
|
# define SET_OPT_DEFAULT(opt, val) opt = val
|
|
@@ -4946,6 +5018,33 @@ setoption(opt, val, safe, sticky, e)
|
|
break;
|
|
#endif
|
|
|
|
+#ifdef O_INETQOS
|
|
+ case O_INETQOS:
|
|
+ {
|
|
+ struct qosmap *qmp;
|
|
+ InetQoS = -1;
|
|
+
|
|
+ for (qmp = QoSMap; qmp->name != NULL; ++qmp) {
|
|
+ if (!strcmp(val, qmp->name)) {
|
|
+ InetQoS = qmp->value;
|
|
+ break;
|
|
+ }
|
|
+ }
|
|
+
|
|
+ /*
|
|
+ ** we could allow writing it as a hex value, but
|
|
+ ** we don't at this time.
|
|
+ **/
|
|
+ if (qmp->name == NULL) {
|
|
+ (void) sm_io_fprintf(smioout, SM_TIME_DEFAULT,
|
|
+ "Warning: Option: %s unknown parameter '%s'\n",
|
|
+ OPTNAME, val);
|
|
+ break;
|
|
+ }
|
|
+ break;
|
|
+ }
|
|
+#endif
|
|
+
|
|
default:
|
|
if (tTd(37, 1))
|
|
{
|
|
diff --git a/sendmail/sendmail.h b/sendmail/sendmail.h
|
|
index 0f6d01d..5910a8b 100644
|
|
--- a/sendmail/sendmail.h
|
|
+++ b/sendmail/sendmail.h
|
|
@@ -2725,6 +2725,15 @@ EXTERN SOCKADDR ConnectOnlyTo; /* override connection address (for testing) */
|
|
EXTERN SOCKADDR RealHostAddr; /* address of host we are talking to */
|
|
extern const SM_EXC_TYPE_T EtypeQuickAbort; /* type of a QuickAbort exception */
|
|
|
|
+#if _FFR_QOS
|
|
+# if !defined(SOL_IP) && defined(IPPROTO_IP)
|
|
+# define SOL_IP IPPROTO_IP
|
|
+# endif
|
|
+# if defined(SOL_IP) && defined(IP_TOS)
|
|
+extern int InetQoS; /* QoS mapping */
|
|
+# endif
|
|
+#endif
|
|
+
|
|
#if _FFR_BLANKENV_MACV
|
|
EXTERN int Hacks; /* bit field of run-time enabled "hacks" */
|
|
# define H_LOOKUP_MACRO_IN_BLANKENV 0x0001
|