[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

getpeername() bug in OSX manifesting in exim+cyrus lmtp delivery over unix socket; fixed in FreeBSD

Subject: getpeername() bug in OSX manifesting in exim+cyrus lmtp delivery over unix socket; fixed in FreeBSD
From: OpenMacNews <email@hidden>
Date: Tue, 18 Oct 2005 13:47:30 -0700
Delivered-to: email@hidden
Delivered-to: email@hidden
Domainkey-signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:reply-to:user-agent:mime-version:to:subject:x-enigmail-version:content-type:content-transfer-encoding; b=utVkk7dlLkQPCEYiMmEiPXj1odYBRvJ/MfuS+UZuKThXPAi+c8v0FosnbEfEd9ipOedS5gMn6uL048P+S4uXwbRp4Ybvdf8FRM8Q2YmnfpKGAB71vk+EZB4k/MESA03f4rZExrykYdi7t3tAKe6gcbrahjhkHv+tmNKhrt1PptQ=
User-agent: Mozilla/5.0 (Macintosh; U; PPC Mac OS X Mach-O; en-US; rv:1.8b5) Gecko/20051006 Thunderbird/1.4.1 Mnenhy/0.7.2.0

-----BEGIN PGP SIGNED MESSAGE-----
Hash: RIPEMD160

hi all,

i'm not at all certain which is the right forum for this, so given that i'm working on
unix-ports of exim/cyrus to OSX, i thought i'd start here ...


in delivering to my cyrus-imap (CVS) store using an lmtp socket transport from exim
4.54 on OSX 10.4.2 i found the following problem.

i've defined an exim transport for delivery to a cyrus imap store over LMTP unixsocket:


cyrus_lmtp_unixsock:
    debug_print             = "EXIM-DEBUG [T:cyrus_lmtp_unixsock] for $local_part@$domain"
    driver                  = lmtp
    socket                  = /var/MailServer/Process/lmtp.socket
    envelope_to_add
    user                    = MY_USER


cyrus.conf is configured with:

    lmtpunix     cmd="lmtpd -a  -C /var/MailServer/Conf/imapd.conf"
listen="/var/MailServer/Process/lmtp.socket" prefork=2


on delivery attempt, my EXIM log shows a failed attempt, indicating that the LMTP connection is
closed:

	2005-10-17 20:35:14 -0700 IOJDYN-0000FT-OY == email@hidden@testdomain.com
<email@hidden> R=cyrus_localuser T=cyrus_lmtp_unixsock defer (-1): LMTP connection
closed after initial connection

and syslog shows:

	Oct 17 20:35:14 devbox CYRUS/lmtpunix[564]: refused connection from 0.0.0.0

after a bit of thrashing around, i find that if i add to /etc/hosts.allow

	lmtpunix : 0.0.0.0

delivery completes successfully!

now, cyrus IS config'd/built "--with-libwrap", so i can use tcpwrappers to secure my OTHER cyrus
services (imap, imaps, sieve, etc) which are running on TCPSockets ...

initial suggestions on exim-users were that:

    the code looks like it won't call tcpwrappers for Unix domain sockets.

    BUT, if the kernel 'lies' to it and returns the wrong kind of socket address from
getpeername() then Cyrus will do the wrong thing.


follow-up on info-cyrus resulted in a workaround with changes to cyrus-code:

              cref: https://bugzilla.andrew.cmu.edu/show_bug.cgi?id=2729


making changes in IMAP src to two files:

          cyrus-imap-src/master/service-thread.c
          cyrus-imap-src/master/service.c

of:
===================================================
@106
     struct sockaddr_storage sin;
     socklen_t len = sizeof(sin);

+    /* XXX: old FreeBSD didn't fill sockaddr correctly against AF_UNIX */
+    sin.ss_family = AF_UNIX;
+
     /* is this a connection from the local host? */
     if (getpeername(fd, (struct sockaddr *) &sin, &len) == 0) {
 	if (((struct sockaddr *)&sin)->sa_family == AF_UNIX) {
===================================================

removes the requirement for the /etc/hosts.allow entry.


feedback from the exim-list on THIS workaround suggests that, then, the problem is an OSX issue:

> > That Cyrus patch indicates an OS bug, so I had a look at the FreeBSD
> > revision history and found the following. This change is not present
> > in the Darwin source, so it's a bug in Mac OS X.
> >
> > --------------------------------
> > 2003/01/22 13:13:13 ume
> >
> >   /home/ncvs/src/sys/kern/uipc_usrreq.c,v
> >     1.103 +2 -0
> >
> > getpeername() returns with no error but didn't fill struct sockaddr
> > correctly against PF_LOCAL.  It seems that the test always fails then
> > sockaddr was not filled.  So, I added else clause for workaround.
> > I doubt if it is right fix.  However, it is better than nothing.  I
> > found that NetBSD has same potential problem.  But, fortunately,
> > NetBSD has equivalent else clause.
> >
> > MFC after:      1 week
> > --------------------------------

comments/suggestions/more info needed?

thx!

cheers,

richard
- - --

/"\
\ /  ASCII Ribbon Campaign
 X   against HTML email, vCards
/ \  & micro$oft attachments

[GPG] OpenMacNews at gmail dot com
fingerprint: 780A 5C81 D446 C616 B113  AA3A 9BF4 3736 88A5 678E

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (Darwin)

iEYEAREDAAYFAkNVX2EACgkQm/Q3NoilZ46UrwCfSlKmjkPaKNEt7yZ3+IkN1HUs
x+UAnAjHpR60pdEoaDs/pGxlq0bPs2lT
=pdRG
-----END PGP SIGNATURE-----

 _______________________________________________
Do not post admin requests to the list. They will be ignored.
Unix-porting mailing list      (email@hidden)
Help/Unsubscribe/Update your Subscription:
http://lists.apple.com/mailman/options/unix-porting/email@hidden

This email sent to email@hidden

Follow-Ups:
- Re: getpeername() bug in OSX manifesting in exim+cyrus lmtp delivery over unix socket; fixed in FreeBSD
  - From: Eric Albert <email@hidden>

Prev by Date: Re: Activity Monitor - "recent hangs" and "not responding"
Next by Date: Re: getpeername() bug in OSX manifesting in exim+cyrus lmtp delivery over unix socket; fixed in FreeBSD
Previous by thread: socket connect() timeout after server restarts
Next by thread: Re: getpeername() bug in OSX manifesting in exim+cyrus lmtp delivery over unix socket; fixed in FreeBSD
Index(es):
- Date
- Thread

Home