--- old/usr/src/cmd/sendmail/src/deliver.c Sat Feb 6 15:36:44 2016 +++ new/usr/src/cmd/sendmail/src/deliver.c Sat Feb 6 15:36:44 2016 @@ -1,5 +1,5 @@ /* - * Copyright (c) 1998-2008 Sendmail, Inc. and its suppliers. + * Copyright (c) 1998-2010, 2012 Proofpoint, Inc. and its suppliers. * All rights reserved. * Copyright (c) 1983, 1995-1997 Eric P. Allman. All rights reserved. * Copyright (c) 1988, 1993 @@ -14,7 +14,7 @@ #include #include -SM_RCSID("@(#)$Id: deliver.c,v 8.1020 2009/12/18 17:08:01 ca Exp $") +SM_RCSID("@(#)$Id: deliver.c,v 8.1030 2013-11-22 20:51:55 ca Exp $") #if HASSETUSERCONTEXT # include @@ -37,6 +37,7 @@ static int coloncmp __P((const char *, const char *)); #if STARTTLS +# include static int starttls __P((MAILER *, MCI *, ENVELOPE *)); static int endtlsclt __P((MCI *)); #endif /* STARTTLS */ @@ -1850,7 +1851,7 @@ ** If we are running SMTP, we just need to clean up. */ - /* XXX this seems a bit wierd */ + /* XXX this seems a bit weird */ if (ctladdr == NULL && m != ProgMailer && m != FileMailer && bitset(QGOODUID, e->e_from.q_flags)) ctladdr = &e->e_from; @@ -2144,6 +2145,7 @@ mci->mci_lastuse = curtime(); mci->mci_deliveries = 0; mci->mci_exitstat = i; + mci_clr_extensions(mci); # if NAMED_BIND mci->mci_herrno = h_errno; # endif /* NAMED_BIND */ @@ -2415,6 +2417,12 @@ else pwd = sm_getpwnam(contextaddr->q_user); sucflags = LOGIN_SETRESOURCES|LOGIN_SETPRIORITY; +#ifdef LOGIN_SETCPUMASK + sucflags |= LOGIN_SETCPUMASK; +#endif /* LOGIN_SETCPUMASK */ +#ifdef LOGIN_SETLOGINCLASS + sucflags |= LOGIN_SETLOGINCLASS; +#endif /* LOGIN_SETLOGINCLASS */ #ifdef LOGIN_SETMAC sucflags |= LOGIN_SETMAC; #endif /* LOGIN_SETMAC */ @@ -3104,7 +3112,7 @@ mci->mci_state != MCIS_CLOSED) { SET_HELO(mci->mci_flags); - mci->mci_flags &= ~MCIF_EXTENS; + mci_clr_extensions(mci); goto reconnect; } } @@ -3157,7 +3165,7 @@ &mci->mci_out, mci->mci_conn, tmo) == 0) { - mci->mci_flags &= ~MCIF_EXTENS; + mci_clr_extensions(mci); mci->mci_flags |= MCIF_AUTHACT| MCIF_ONLY_EHLO; goto reconnect; @@ -4270,7 +4278,7 @@ /* pri: changes with each delivery attempt */ (void) sm_snprintf(bp, SPACELEFT(buf, bp), ", pri=%ld", - e->e_msgpriority); + PRT_NONNEGL(e->e_msgpriority)); bp += strlen(bp); /* relay: max 66 bytes for IPv4 addresses */ @@ -6111,12 +6119,13 @@ return EX_TEMPFAIL; # if USE_OPENSSL_ENGINE - if (!SSL_set_engine(NULL)) + if (!SSLEngineInitialized && !SSL_set_engine(NULL)) { sm_syslog(LOG_ERR, NOQID, "STARTTLS=client, SSL_set_engine=failed"); return EX_TEMPFAIL; } + SSLEngineInitialized = true; # endif /* USE_OPENSSL_ENGINE */ smtpmessage("STARTTLS", m, mci); @@ -6150,7 +6159,7 @@ sm_syslog(LOG_ERR, NOQID, "STARTTLS=client, error: SSL_new failed"); if (LogLevel > 9) - tlslogerr("client"); + tlslogerr(LOG_WARNING, "client"); } return EX_SOFTWARE; } @@ -6169,7 +6178,7 @@ "STARTTLS=client, error: SSL_set_xfd failed=%d", result); if (LogLevel > 9) - tlslogerr("client"); + tlslogerr(LOG_WARNING, "client"); } return EX_SOFTWARE; } @@ -6189,11 +6198,17 @@ if (LogLevel > 5) { + unsigned long l; + const char *sr; + + l = ERR_peek_error(); + sr = ERR_reason_error_string(l); sm_syslog(LOG_WARNING, NOQID, - "STARTTLS=client, error: connect failed=%d, SSL_error=%d, errno=%d, retry=%d", - result, ssl_err, errno, i); - if (LogLevel > 8) - tlslogerr("client"); + "STARTTLS=client, error: connect failed=%d, reason=%s, SSL_error=%d, errno=%d, retry=%d", + result, sr == NULL ? "unknown" : sr, ssl_err, + errno, i); + if (LogLevel > 9) + tlslogerr(LOG_WARNING, "client"); } SSL_free(clt_ssl);