Imported Upstream version 8.9.3upstream/8.9.3

7 files changed, 462 insertions, 221 deletions

diff --git a/makemap/Build b/makemap/Build
new file mode 120000
index 0000000..6308dba
--- /dev/null
+++ b/makemap/Build
@@ -0,0 +1 @@
+../BuildTools/bin/Build
\ No newline at end of file
diff --git a/makemap/Makefile b/makemap/Makefile
deleted file mode 100644
index e64e093..0000000
--- a/makemap/Makefile
+++ /dev/null
@@ -1,13 +0,0 @@
-#	@(#)Makefile	8.4 (Berkeley) 6/10/97
-
-PROG=	makemap
-MAN8=	makemap.0
-CFLAGS+=-I${.CURDIR}/../src -DNEWDB -DNOT_SENDMAIL
-
-SRCS=	makemap.c safefile.c
-
-safefile.c: ${.CURDIR}/../src/safefile.c
-	ln -s ${.CURDIR}/../src/safefile.c
-
-.include "../../Makefile.inc"
-.include <bsd.prog.mk>
diff --git a/makemap/Makefile.dist b/makemap/Makefile.dist
deleted file mode 100644
index ad1ca5d..0000000
--- a/makemap/Makefile.dist
+++ /dev/null
@@ -1,90 +0,0 @@
-#
-#  This Makefile is designed to work on the old "make" program.  It does
-#  not use the obj subdirectory.  It also does not install documentation
-#  automatically -- think of it as a quick start for sites that have the
-#  old make program (I recommend that you get and port the new make if you
-#  are going to be doing any signficant work on sendmail).
-#
-#	@(#)Makefile.dist	8.7 (Berkeley) 6/10/97
-#
-
-# use O=-O (usual) or O=-g (debugging)
-O=	-O
-
-# location of sendmail source directory
-SRCDIR=	../src
-
-# define the database mechanisms available for map & alias lookups:
-#	-DNDBM -- use new DBM
-#	-DNEWDB -- use new Berkeley DB
-# The really old (V7) DBM library is no longer supported.
-#
-DBMDEF=	-DNDBM -DNEWDB
-
-# environment definitions (e.g., -D_AIX3)
-ENVDEF= -DNOT_SENDMAIL
-
-# see also conf.h for additional compilation flags
-
-# include directories
-INCDIRS=-I${SRCDIR} -I/usr/sww/include
-
-# loader options
-LDOPTS=
-
-# library directories
-LIBDIRS=-L/usr/sww/lib
-
-# libraries required on your system
-LIBS=	-ldb -ldbm
-
-# location of makemap binary (usually /usr/sbin or /usr/etc)
-BINDIR=	${DESTDIR}/usr/sbin
-
-# additional .o files needed
-OBJADD=
-
-###################  end of user configuration flags  ######################
-
-CFLAGS=	-I. $O ${INCDIRS} ${DBMDEF} ${ENVDEF}
-
-OBJS=	makemap.o safefile.o ${OBJADD}
-
-LINKS=	${DESTDIR}/usr/ucb/newaliases ${DESTDIR}/usr/ucb/mailq
-BINOWN=	bin
-BINGRP=	bin
-BINMODE=555
-
-ALL=	makemap makemap.0
-
-all: ${ALL}
-
-makemap: ${BEFORE} ${OBJS}
-	${CC} -o makemap ${LDOPTS} ${OBJS} ${LIBDIRS} ${LIBS}
-
-safefile.c: ${SRCDIR}/safefile.c
-	ln -s ${SRCDIR}/safefile.c safefile.c
-
-#NROFF= nroff -h
-NROFF=  groff -Tascii
-MANDOC= -mandoc
-
-makemap.0: makemap.8
-	${NROFF} ${MANDOC} makemap.8 > makemap.0
-
-INSTALL=install
-
-install: install-makemap install-docs
-
-install-makemap: makemap
-	${INSTALL} -o ${BINOWN} -g ${BINGRP} -m ${BINMODE} makemap ${BINDIR}
-
-# doesn't actually install them -- you may want to install pre-nroff versions
-install-docs: makemap.0
-
-clean:
-	rm -f ${OBJS} makemap makemap.0
-
-# dependencies
-#   gross overkill, and yet still not quite enough....
-${OBJS}: ${SRCDIR}/conf.h
diff --git a/makemap/Makefile.m4 b/makemap/Makefile.m4
new file mode 100644
index 0000000..983ffdf
--- /dev/null
+++ b/makemap/Makefile.m4
@@ -0,0 +1,110 @@
+#
+#  This Makefile is designed to work on the old "make" program.
+#
+#	@(#)Makefile.m4	8.21	(Berkeley)	7/12/1998
+#
+
+# C compiler
+CC=	confCC
+
+# Shell
+SHELL=	confSHELL
+
+# use O=-O (usual) or O=-g (debugging)
+O=	ifdef(`confOPTIMIZE', `confOPTIMIZE', `-O')
+
+# location of sendmail source directory
+SRCDIR=	ifdef(`confSRCDIR', `confSRCDIR', `../../src')
+
+# define the database mechanisms available for map & alias lookups:
+#	-DNDBM -- use new DBM
+#	-DNEWDB -- use new Berkeley DB
+# The really old (V7) DBM library is no longer supported.
+#
+MAPDEF=	ifdef(`confMAPDEF', `confMAPDEF')
+
+# environment definitions (e.g., -D_AIX3)
+ENVDEF= -DNOT_SENDMAIL ifdef(`confENVDEF', `confENVDEF')
+
+# see also conf.h for additional compilation flags
+
+# include directories
+INCDIRS=-I${SRCDIR} confINCDIRS
+
+# loader options
+LDOPTS=	ifdef(`confLDOPTS', `confLDOPTS')
+
+# library directories
+LIBDIRS=confLIBDIRS
+
+# libraries required on your system
+LIBS=	ifdef(`confLIBS', `confLIBS')
+
+# location of makemap binary (usually /usr/sbin or /usr/etc)
+SBINDIR=${DESTDIR}ifdef(`confSBINDIR', `confSBINDIR', `/usr/sbin')
+
+# additional .o files needed
+OBJADD=	ifdef(`confOBJADD', `confOBJADD')
+
+undivert(1)
+
+###################  end of user configuration flags  ######################
+
+BUILDBIN=confBUILDBIN
+COPTS=	-I. ${INCDIRS} ${MAPDEF} ${ENVDEF}
+CFLAGS=	$O ${COPTS}
+
+BEFORE=	confBEFORE safefile.c snprintf.c
+OBJS=	makemap.o safefile.o snprintf.o ${OBJADD}
+
+NROFF=	ifdef(`confNROFF', `confNROFF', `groff -Tascii')
+MANDOC=	ifdef(`confMANDOC', `confMANDOC', `-mandoc')
+
+INSTALL=ifdef(`confINSTALL', `confINSTALL', `install')
+BINOWN=	ifdef(`confUBINOWN', `confUBINOWN', `bin')
+BINGRP=	ifdef(`confUBINGRP', `confUBINGRP', `bin')
+BINMODE=ifdef(`confUBINMODE', `confUBINMODE', `555')
+
+MANOWN=	ifdef(`confMANOWN', `confMANOWN', `bin')
+MANGRP=	ifdef(`confMANGRP', `confMANGRP', `bin')
+MANMODE=ifdef(`confMANMODE', `confMANMODE', `444')
+
+MANROOT=${DESTDIR}ifdef(`confMANROOT', `confMANROOT', `/usr/share/man/cat')
+MAN8=	${MANROOT}ifdef(`confMAN8', `confMAN8', `8')
+MAN8EXT=ifdef(`confMAN8EXT', `confMAN8EXT', `8')
+MAN8SRC=ifdef(`confMAN8SRC', `confMAN8SRC', `0')
+
+ALL=	makemap makemap.${MAN8SRC}
+
+all: ${ALL}
+
+makemap: ${BEFORE} ${OBJS}
+	${CC} -o makemap ${LDOPTS} ${OBJS} ${LIBDIRS} ${LIBS}
+
+safefile.c: ${SRCDIR}/safefile.c
+	-ln -s ${SRCDIR}/safefile.c safefile.c
+
+snprintf.c: ${SRCDIR}/snprintf.c
+	-ln -s ${SRCDIR}/snprintf.c snprintf.c
+
+undivert(3)
+
+makemap.${MAN8SRC}: makemap.8
+	${NROFF} ${MANDOC} makemap.8 > makemap.${MAN8SRC}
+
+install: install-makemap install-docs
+
+install-makemap: makemap
+	${INSTALL} -c -o ${BINOWN} -g ${BINGRP} -m ${BINMODE} makemap ${SBINDIR}
+
+install-docs: makemap.${MAN8SRC}
+ifdef(`confNO_MAN_INSTALL', `dnl',
+`	${INSTALL} -c -o ${MANOWN} -g ${MANGRP} -m ${MANMODE} makemap.${MAN8SRC} ${MAN8}/makemap.${MAN8EXT}')
+
+clean:
+	rm -f ${OBJS} makemap makemap.${MAN8SRC}
+
+################  Dependency scripts
+include(confBUILDTOOLSDIR/M4/depend/ifdef(`confDEPEND_TYPE', `confDEPEND_TYPE', 
+`generic').m4)dnl
+################  End of dependency scripts
diff --git a/makemap/makemap.0 b/makemap/makemap.0
index 73a3862..eb6cd77 100644
--- a/makemap/makemap.0
+++ b/makemap/makemap.0
@@ -4,7 +4,7 @@ NNAAMMEE
      mmaakkeemmaapp - create database maps for sendmail
 
 SSYYNNOOPPSSIISS
-     mmaakkeemmaapp [--NN] [--dd] [--ff] [--oo] [--rr] [--vv] _m_a_p_t_y_p_e _m_a_p_n_a_m_e
+     mmaakkeemmaapp [--NN] [--dd] [--ff] [--oo] [--rr] [--ss] [--vv] _m_a_p_t_y_p_e _m_a_p_n_a_m_e
 
 DDEESSCCRRIIPPTTIIOONN
      mmaakkeemmaapp creates the database maps used by the keyed map lookups in
@@ -16,10 +16,11 @@ DDEESSCCRRIIPPTTIIOONN
 
      dbm         DBM format maps.  This requires the ndbm(3) library.
 
-     btree       B-Tree format maps.  This requires the new Berkeley db(3) li-
+     btree       B-Tree format maps.  This requires the new Berkeley DB li-
                  brary.
 
-     hash        Hash format maps.  This also requires the db(3) library.
+     hash        Hash format maps.  This also requires the Berkeley DB li-
+                 brary.
 
      In all cases, mmaakkeemmaapp reads lines from the standard input consisting of
      two words separated by white space.  The first is the database key, the
@@ -47,6 +48,10 @@ DDEESSCCRRIIPPTTIIOONN
      --rr          Allow replacement of existing keys.  Normally mmaakkeemmaapp com-
                  plains if you repeat a key, and does not do the insert.
 
+     --ss          Ignore safety checks on maps being created.  This includes
+                 checking for hard or symbolic links in world writable direc-
+                 tories.
+
      --vv          Verbosely print what it is doing.
 
 SSEEEE AALLSSOO
diff --git a/makemap/makemap.8 b/makemap/makemap.8
index 3c1f6fa..81f53a8 100644
--- a/makemap/makemap.8
+++ b/makemap/makemap.8
@@ -1,35 +1,13 @@
+.\" Copyright (c) 1998 Sendmail, Inc.  All rights reserved.
 .\" Copyright (c) 1988, 1991, 1993
 .\"	The Regents of the University of California.  All rights reserved.
 .\"
-.\" Redistribution and use in source and binary forms, with or without
-.\" modification, are permitted provided that the following conditions
-.\" are met:
-.\" 1. Redistributions of source code must retain the above copyright
-.\"    notice, this list of conditions and the following disclaimer.
-.\" 2. Redistributions in binary form must reproduce the above copyright
-.\"    notice, this list of conditions and the following disclaimer in the
-.\"    documentation and/or other materials provided with the distribution.
-.\" 3. All advertising materials mentioning features or use of this software
-.\"    must display the following acknowledgement:
-.\"	This product includes software developed by the University of
-.\"	California, Berkeley and its contributors.
-.\" 4. Neither the name of the University nor the names of its contributors
-.\"    may be used to endorse or promote products derived from this software
-.\"    without specific prior written permission.
+.\" By using this file, you agree to the terms and conditions set
+.\" forth in the LICENSE file which can be found at the top level of
+.\" the sendmail distribution.
 .\"
-.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
-.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
-.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-.\" SUCH DAMAGE.
 .\"
-.\"     @(#)makemap.8	8.4 (Berkeley) 7/23/97
+.\"     @(#)makemap.8	8.12 (Berkeley) 11/13/1998
 .\"
 .Dd November 16, 1992
 .Dt MAKEMAP 8
@@ -40,10 +18,13 @@
 .Sh SYNOPSIS
 .Nm
 .Op Fl N
+.if \nP .Op Fl c Ar cachesize
 .Op Fl d
 .Op Fl f
+.if \nP .Op Fl l
 .Op Fl o
 .Op Fl r
+.Op Fl s
 .Op Fl v
 .Ar maptype
 .Ar mapname
@@ -70,13 +51,11 @@ This requires the
 library.
 .It Li btree
 B-Tree format maps.
-This requires the new Berkeley
-.Xr db 3
+This requires the new Berkeley DB
 library.
 .It Li hash
 Hash format maps.
-This also requires the
-.Xr db 3
+This also requires the Berkeley DB
 library.
 .El
 .Pp
@@ -99,6 +78,11 @@ Include the null byte that terminates strings
 in the map.
 This must match the \-N flag in the sendmail.cf
 ``K'' line.
+.if \nP \
+\{\
+.It Fl c
+Use the specified hash and B-Tree cache size.
+.\}
 .It Fl d
 Allow duplicate keys in the map.
 This is only allowed on B-Tree format maps.
@@ -113,6 +97,11 @@ This is intended to mesh with the
 \fBK\fP
 line in sendmail.cf.
 The value is never case folded.
+.if \nP \
+\{\
+.It Fl l
+List supported map types.
+.\}
 .It Fl o
 Append to an old file.
 This allows you to augment an existing file.
@@ -122,6 +111,10 @@ Normally
 .Nm
 complains if you repeat a key,
 and does not do the insert.
+.It Fl s
+Ignore safety checks on maps being created.
+This includes checking for hard or symbolic
+links in world writable directories.
 .It Fl v
 Verbosely print what it is doing.
 .El
diff --git a/makemap/makemap.c b/makemap/makemap.c
index 9d088c6..aaaba32 100644
--- a/makemap/makemap.c
+++ b/makemap/makemap.c
@@ -1,39 +1,17 @@
 /*
- * Copyright (c) 1992 Eric P. Allman.
+ * Copyright (c) 1998 Sendmail, Inc.  All rights reserved.
+ * Copyright (c) 1992 Eric P. Allman.  All rights reserved.
  * Copyright (c) 1992, 1993
  *	The Regents of the University of California.  All rights reserved.
  *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *	This product includes software developed by the University of
- *	California, Berkeley and its contributors.
- * 4. Neither the name of the University nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
+ * By using this file, you agree to the terms and conditions set
+ * forth in the LICENSE file which can be found at the top level of
+ * the sendmail distribution.
  *
- * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
  */
 
 #ifndef lint
-static char sccsid[] = "@(#)makemap.c	8.38 (Berkeley) 9/23/97";
+static char sccsid[] = "@(#)makemap.c	8.71 (Berkeley) 11/29/1998";
 #endif /* not lint */
 
 #include <sys/types.h>
@@ -42,13 +20,17 @@ static char sccsid[] = "@(#)makemap.c	8.38 (Berkeley) 9/23/97";
 # include <sys/file.h>
 #endif
 #include "sendmail.h"
+#include "pathnames.h"
 
 #ifdef NDBM
-#include <ndbm.h>
+# include <ndbm.h>
 #endif
 
 #ifdef NEWDB
-#include <db.h>
+# include <db.h>
+# ifndef DB_VERSION_MAJOR
+#  define DB_VERSION_MAJOR 1
+# endif
 #endif
 
 enum type { T_DBM, T_BTREE, T_HASH, T_ERR, T_UNKNOWN };
@@ -75,36 +57,44 @@ uid_t	RunAsUid;
 uid_t	RunAsGid;
 char	*RunAsUserName;
 int	Verbose = 2;
-bool	DontInitGroups = TRUE;
-bool	UnsafeGroupWrites = FALSE;
+bool	DontInitGroups = FALSE;
+long	DontBlameSendmail = DBS_SAFE;
 u_char	tTdvect[100];
+uid_t	TrustedUid = 0;
 
 #define BUFSIZE		1024
 
+int
 main(argc, argv)
 	int argc;
 	char **argv;
 {
 	char *progname;
+	char *cfile;
 	bool inclnull = FALSE;
 	bool notrunc = FALSE;
 	bool allowreplace = FALSE;
 	bool allowdups = FALSE;
 	bool verbose = FALSE;
 	bool foldcase = TRUE;
-	bool ignoresafeties = FALSE;
 	int exitstat;
 	int opt;
-	char *typename;
-	char *mapname;
-	char *ext;
+	char *typename = NULL;
+	char *mapname = NULL;
+	char *ext = NULL;
 	int lineno;
 	int st;
 	int mode;
-	int putflags;
+	int putflags = 0;
+#ifdef NEWDB
 	long dbcachesize = 1024 * 1024;
+#endif
 	enum type type;
+#if !O_EXLOCK
 	int fd;
+#endif
+	int sff = SFF_ROOTOK|SFF_REGONLY;
+	struct passwd *pw;
 	union
 	{
 #ifdef NDBM
@@ -117,22 +107,33 @@ main(argc, argv)
 	} dbp;
 	union dbent key, val;
 #ifdef NEWDB
+# if DB_VERSION_MAJOR < 2
 	BTREEINFO bti;
 	HASHINFO hinfo;
+# else
+	DB_INFO dbinfo;
+# endif
 #endif
 	char ibuf[BUFSIZE];
 	char fbuf[MAXNAME];
 	char dbuf[MAXNAME];
+#ifdef NDBM
 	char pbuf[MAXNAME];
+#endif
+#if _FFR_TRUSTED_USER
+	FILE *cfp;
+	char buf[MAXLINE];
+#endif
 	static char rnamebuf[MAXNAME];	/* holds RealUserName */
-	struct passwd *pw;
-	int sff = SFF_ROOTOK|SFF_REGONLY|SFF_NOLINK|SFF_NOWLINK;
-	struct stat std, stp;
+	struct stat std;
+#ifdef NDBM
+	struct stat stp;
+#endif
 	extern char *optarg;
 	extern int optind;
-	extern bool lockfile();
 
 	progname = argv[0];
+	cfile = _PATH_SENDMAILCF;
 
 	RunAsUid = RealUid = getuid();
 	RunAsGid = RealGid = getgid();
@@ -144,25 +145,31 @@ main(argc, argv)
 		sprintf(rnamebuf, "%s", pw->pw_name);
 	}
 	else
-		sprintf(rnamebuf, "Unknown UID %d", RealUid);
+		sprintf(rnamebuf, "Unknown UID %d", (int) RealUid);
 	RunAsUserName = RealUserName = rnamebuf;
 
 #if _FFR_NEW_MAKEMAP_FLAGS
-#define OPTIONS		"Nc:dforsv"
+#define OPTIONS		"C:Nc:dflorsv"
 #else
-#define OPTIONS		"Ndforv"
+#define OPTIONS		"C:Ndforsv"
 #endif
 	while ((opt = getopt(argc, argv, OPTIONS)) != EOF)
 	{
 		switch (opt)
 		{
+		  case 'C':
+			cfile = optarg;
+			break;
+
 		  case 'N':
 			inclnull = TRUE;
 			break;
 
 #if _FFR_NEW_MAKEMAP_FLAGS
 		  case 'c':
+# ifdef NEWDB
 			dbcachesize = atol(optarg);
+# endif
 			break;
 #endif
 
@@ -174,6 +181,19 @@ main(argc, argv)
 			foldcase = FALSE;
 			break;
 
+#if _FFR_NEW_MAKEMAP_FLAGS
+		  case 'l':
+# ifdef NDBM
+			printf("dbm\n");
+# endif
+# ifdef NEWDB
+			printf("hash\n");
+			printf("btree\n");
+# endif
+			exit(EX_OK);
+			break;
+#endif
+
 		  case 'o':
 			notrunc = TRUE;
 			break;
@@ -182,11 +202,9 @@ main(argc, argv)
 			allowreplace = TRUE;
 			break;
 
-#if _FFR_NEW_MAKEMAP_FLAGS
 		  case 's':
-			ignoresafeties = TRUE;
+			DontBlameSendmail |= DBS_MAPINUNSAFEDIRPATH|DBS_WRITEMAPTOHARDLINK|DBS_WRITEMAPTOSYMLINK|DBS_LINKEDMAPINWRITABLEDIR;
 			break;
-#endif
 
 		  case 'v':
 			verbose = TRUE;
@@ -198,6 +216,13 @@ main(argc, argv)
 		}
 	}
 
+	if (!bitset(DBS_WRITEMAPTOSYMLINK, DontBlameSendmail))
+		sff |= SFF_NOSLINK;
+        if (!bitset(DBS_WRITEMAPTOHARDLINK, DontBlameSendmail))
+		sff |= SFF_NOHLINK;
+	if (!bitset(DBS_LINKEDMAPINWRITABLEDIR, DontBlameSendmail))
+		sff |= SFF_NOWLINK;
+
 	argc -= optind;
 	argv += optind;
 	if (argc != 2)
@@ -226,15 +251,74 @@ main(argc, argv)
 			type = T_UNKNOWN;
 	}
 
+#if _FFR_TRUSTED_USER
+	if ((cfp = fopen(cfile, "r")) == NULL)
+	{
+		fprintf(stderr, "mailstats: ");
+		perror(cfile);
+		exit(EX_NOINPUT);
+	}
+	while (fgets(buf, sizeof(buf), cfp) != NULL)
+	{
+		register char *b;
+
+		if ((b = strchr(buf, '\n')) != NULL)
+			*b = '\0';
+
+		b = buf;
+		switch (*b++)
+		{
+		  case 'O':		/* option */
+			if (strncasecmp(b, " TrustedUser", 12) == 0 &&
+			    !(isascii(b[12]) && isalnum(b[12])))
+			{
+				b = strchr(b, '=');
+				if (b == NULL)
+					continue;
+				while (isascii(*++b) && isspace(*b))
+					continue;
+				if (isascii(*b) && isdigit(*b))
+					TrustedUid = atoi(b);
+				else
+				{
+					register struct passwd *pw;
+					
+					TrustedUid = 0;
+					pw = getpwnam(b);
+					if (pw == NULL)
+						fprintf(stderr,
+							"TrustedUser: unknown user %s\n", b);
+					else
+						TrustedUid = pw->pw_uid;
+				}
+				
+# ifdef UID_MAX
+				if (TrustedUid > UID_MAX)
+				{
+					syserr("TrustedUser: uid value (%ld) > UID_MAX (%ld)",
+					       TrustedUid, UID_MAX);
+					TrustedUid = 0;
+				}
+# endif
+				break;
+			}
+
+
+		  default:
+			continue;
+		}
+	}
+	(void) fclose(cfp);
+#endif
 	switch (type)
 	{
 	  case T_ERR:
 #if _FFR_NEW_MAKEMAP_FLAGS
 		fprintf(stderr,
-			"Usage: %s [-N] [-c cachesize] [-d] [-f] [-o] [-r] [-s] [-v] type mapname\n",
+			"Usage: %s [-N] [-c cachesize] [-d] [-f] [-l] [-o] [-r] [-s] [-v] type mapname\n",
 			progname);
 #else
-		fprintf(stderr, "Usage: %s [-N] [-d] [-f] [-o] [-r] [-v] type mapname\n", progname);
+		fprintf(stderr, "Usage: %s [-N] [-d] [-f] [-o] [-r] [-s] [-v] type mapname\n", progname);
 #endif
 		exit(EX_USAGE);
 
@@ -256,21 +340,47 @@ main(argc, argv)
 
 #ifdef NEWDB
 	  case T_BTREE:
+# if DB_VERSION_MAJOR < 2
 		bzero(&bti, sizeof bti);
+# else
+		bzero(&dbinfo, sizeof dbinfo);
+# endif
 		if (allowdups)
+		{
+# if DB_VERSION_MAJOR < 2
 			bti.flags |= R_DUP;
+# else
+			dbinfo.flags |= DB_DUP;
+# endif
+		}
 		if (allowdups || allowreplace)
 			putflags = 0;
 		else
+		{
+# if DB_VERSION_MAJOR < 2
 			putflags = R_NOOVERWRITE;
+# else
+			putflags = DB_NOOVERWRITE;
+# endif
+		}
 		break;
 
 	  case T_HASH:
+# if DB_VERSION_MAJOR < 2
 		bzero(&hinfo, sizeof hinfo);
+# else
+		bzero(&dbinfo, sizeof dbinfo);
+# endif
 		if (allowreplace)
 			putflags = 0;
 		else
+		{
+# if DB_VERSION_MAJOR < 2
 			putflags = R_NOOVERWRITE;
+# else
+			putflags = DB_NOOVERWRITE;
+# endif
+		}
 		break;
 #endif
 #ifdef NDBM
@@ -326,8 +436,7 @@ main(argc, argv)
 			exit(EX_USAGE);
 		}
 		strcpy(dbuf, mapname);
-		if (!ignoresafeties &&
-		    (st = safefile(dbuf, RealUid, RealGid, RealUserName,
+		if ((st = safefile(dbuf, RealUid, RealGid, RealUserName,
 				   sff, S_IWUSR, &std)) != 0)
 		{
 			fprintf(stderr,
@@ -347,7 +456,7 @@ main(argc, argv)
 		}
 		sprintf(dbuf, "%s.dir", mapname);
 		if ((st = safefile(dbuf, RealUid, RealGid, RealUserName,
-			   sff, S_IWUSR, &std)) != 0 && !ignoresafeties)
+			   sff, S_IWUSR, &std)) != 0)
 		{
 			fprintf(stderr,
 				"%s: could not create: %s\n",
@@ -356,7 +465,7 @@ main(argc, argv)
 		}
 		sprintf(pbuf, "%s.pag", mapname);
 		if ((st = safefile(pbuf, RealUid, RealGid, RealUserName,
-			   sff, S_IWUSR, &stp)) != 0 && !ignoresafeties)
+			   sff, S_IWUSR, &stp)) != 0)
 		{
 			fprintf(stderr,
 				"%s: could not create: %s\n",
@@ -384,10 +493,7 @@ main(argc, argv)
 	mode |= O_EXLOCK;
 #else
 	/* pre-lock the database */
-	if (ignoresafeties)
-		fd = dfopen(dbuf, mode & ~O_TRUNC, 0644, sff);
-	else
-		fd = safeopen(dbuf, mode & ~O_TRUNC, 0644, sff);
+	fd = safeopen(dbuf, mode & ~O_TRUNC, 0644, sff);
 	if (fd < 0)
 	{
 		fprintf(stderr, "%s: cannot create type %s map %s\n",
@@ -408,9 +514,9 @@ main(argc, argv)
 			dbm_close(dbp.dbm);
 			exit(EX_CONFIG);
 		}
-		if (!ignoresafeties && dbp.dbm != NULL &&
-		    (filechanged(dbuf, dbm_dirfno(dbp.dbm), &std, sff) ||
-		     filechanged(pbuf, dbm_pagfno(dbp.dbm), &stp, sff)))
+		if (dbp.dbm != NULL &&
+		    (filechanged(dbuf, dbm_dirfno(dbp.dbm), &std) ||
+		     filechanged(pbuf, dbm_pagfno(dbp.dbm), &stp)))
 		{
 			fprintf(stderr,
 				"dbm map %s: file changed after open\n",
@@ -418,56 +524,144 @@ main(argc, argv)
 			dbm_close(dbp.dbm);
 			exit(EX_CANTCREAT);
 		}
+#if _FFR_TRUSTED_USER
+		if (geteuid() == 0 && TrustedUid != 0)
+		{
+			if (fchown(dbm_dirfno(dbp.dbm), TrustedUid, -1) < 0 ||
+			    fchown(dbm_pagfno(dbp.dbm), TrustedUid, -1) < 0)
+			{
+				fprintf(stderr,
+					"WARNING: ownership change on %s failed: %s",
+					mapname, errstring(errno));
+			}
+		}
+#endif
+
 		break;
 #endif
 
 #ifdef NEWDB
 	  case T_HASH:
 		/* tweak some parameters for performance */
+# if DB_VERSION_MAJOR < 2
 		hinfo.nelem = 4096;
 		hinfo.cachesize = dbcachesize;
+# else
+		dbinfo.h_nelem = 4096;
+		dbinfo.db_cachesize = dbcachesize;
+# endif
 		
+# if DB_VERSION_MAJOR < 2
 		dbp.db = dbopen(mapname, mode, 0644, DB_HASH, &hinfo);
+# else
+		{
+			int flags = 0;
+			
+			if (bitset(O_CREAT, mode))
+				flags |= DB_CREATE;
+			if (bitset(O_TRUNC, mode))
+				flags |= DB_TRUNCATE;
+			
+			dbp.db = NULL;
+			errno = db_open(mapname, DB_HASH, flags, 0644,
+					NULL, &dbinfo, &dbp.db);
+		}
+# endif
 		if (dbp.db != NULL)
 		{
-			if (!ignoresafeties &&
-			    filechanged(dbuf, dbp.db->fd(dbp.db), &std, sff))
+			int fd;
+			
+# if DB_VERSION_MAJOR < 2
+			fd = dbp.db->fd(dbp.db);
+# else
+			fd = -1;
+			errno = dbp.db->fd(dbp.db, &fd);
+# endif
+			if (filechanged(dbuf, fd, &std))
 			{
 				fprintf(stderr,
 					"db map %s: file changed after open\n",
 					mapname);
+# if DB_VERSION_MAJOR < 2
 				dbp.db->close(dbp.db);
+# else
+				errno = dbp.db->close(dbp.db, 0);
+# endif
 				exit(EX_CANTCREAT);
 			}
-# if OLD_NEWDB
-			(void) (*dbp.db->sync)(dbp.db);
-# else
 			(void) (*dbp.db->sync)(dbp.db, 0);
-# endif
+#if _FFR_TRUSTED_USER
+			if (geteuid() == 0 && TrustedUid != 0)
+			{
+				if (fchown(fd, TrustedUid, -1) < 0)
+				{
+					fprintf(stderr,
+						"WARNING: ownership change on %s failed: %s",
+						mapname, errstring(errno));
+				}
+			}
+#endif
 		}
 		break;
 
 	  case T_BTREE:
 		/* tweak some parameters for performance */
+# if DB_VERSION_MAJOR < 2
 		bti.cachesize = dbcachesize;
+# else
+		dbinfo.db_cachesize = dbcachesize;
+# endif
 
+# if DB_VERSION_MAJOR < 2
 		dbp.db = dbopen(mapname, mode, 0644, DB_BTREE, &bti);
+# else
+		{
+			int flags = 0;
+			
+			if (bitset(O_CREAT, mode))
+				flags |= DB_CREATE;
+			if (bitset(O_TRUNC, mode))
+				flags |= DB_TRUNCATE;
+			
+			dbp.db = NULL;
+			errno = db_open(mapname, DB_BTREE, flags, 0644,
+					NULL, &dbinfo, &dbp.db);
+		}
+# endif
 		if (dbp.db != NULL)
 		{
-			if (!ignoresafeties &&
-			    filechanged(dbuf, dbp.db->fd(dbp.db), &std, sff))
+			int fd;
+			
+# if DB_VERSION_MAJOR < 2
+			fd = dbp.db->fd(dbp.db);
+# else
+			fd = -1;
+			errno = dbp.db->fd(dbp.db, &fd);
+# endif
+			if (filechanged(dbuf, fd, &std))
 			{
 				fprintf(stderr,
 					"db map %s: file changed after open\n",
 					mapname);
+# if DB_VERSION_MAJOR < 2
 				dbp.db->close(dbp.db);
+# else
+				errno = dbp.db->close(dbp.db, 0);
+# endif
 				exit(EX_CANTCREAT);
 			}
-# if OLD_NEWDB
-			(void) (*dbp.db->sync)(dbp.db);
-# else
 			(void) (*dbp.db->sync)(dbp.db, 0);
-# endif
+#if _FFR_TRUSTED_USER
+			if (geteuid() == 0 && TrustedUid != 0)
+			{
+				if (fchown(fd, TrustedUid, -1) < 0)
+				{
+					fprintf(stderr,
+						"WARNING: ownership change on %s failed: %s",
+						mapname, errstring(errno));
+				}
+			}
+#endif
 		}
 		break;
 #endif
@@ -506,23 +700,31 @@ main(argc, argv)
 			*p = '\0';
 		else if (!feof(stdin))
 		{
-			fprintf(stderr, "%s: %s: line %d: line too long (%d bytes max)\n",
-				progname, mapname, lineno, sizeof ibuf);
+			fprintf(stderr, "%s: %s: line %d: line too long (%ld bytes max)\n",
+				progname, mapname, lineno, (long) sizeof ibuf);
 			continue;
 		}
 			
 		if (ibuf[0] == '\0' || ibuf[0] == '#')
 			continue;
-		if (isspace(ibuf[0]))
+		if (isascii(ibuf[0]) && isspace(ibuf[0]))
 		{
 			fprintf(stderr, "%s: %s: line %d: syntax error (leading space)\n",
 				progname, mapname, lineno);
 			continue;
 		}
+#ifdef NEWDB
+		if (type == T_HASH || type == T_BTREE)
+		{
+			bzero(&key.db, sizeof key.db);
+			bzero(&val.db, sizeof val.db);
+		}
+#endif
+
 		key.xx.data = ibuf;
-		for (p = ibuf; *p != '\0' && !isspace(*p); p++)
+		for (p = ibuf; *p != '\0' && !(isascii(*p) && isspace(*p)); p++)
 		{
-			if (foldcase && isupper(*p))
+			if (foldcase && isascii(*p) && isupper(*p))
 				*p = tolower(*p);
 		}
 		key.xx.size = p - key.xx.data;
@@ -530,7 +732,7 @@ main(argc, argv)
 			key.xx.size++;
 		if (*p != '\0')
 			*p++ = '\0';
-		while (isspace(*p))
+		while (isascii(*p) && isspace(*p))
 			p++;
 		if (*p == '\0')
 		{
@@ -563,9 +765,30 @@ main(argc, argv)
 #ifdef NEWDB
 		  case T_BTREE:
 		  case T_HASH:
+# if DB_VERSION_MAJOR < 2
 			st = (*dbp.db->put)(dbp.db, &key.db, &val.db, putflags);
+# else
+			errno = (*dbp.db->put)(dbp.db, NULL, &key.db,
+					       &val.db, putflags);
+			switch (errno)
+			{
+			  case DB_KEYEXIST:
+				st = 1;
+				break;
+
+			  case 0:
+				st = 0;
+				break;
+
+			  default:
+				st = -1;
+				break;
+			}
+# endif
 			break;
 #endif
+		  default:
+			break;
 		}
 
 		if (st < 0)
@@ -598,7 +821,11 @@ main(argc, argv)
 #ifdef NEWDB
 	  case T_HASH:
 	  case T_BTREE:
+# if DB_VERSION_MAJOR < 2
 		if ((*dbp.db->close)(dbp.db) < 0)
+# else
+		if ((errno = (*dbp.db->close)(dbp.db, 0)) != 0)
+# endif
 		{
 			fprintf(stderr, "%s: %s: error on close\n",
 				progname, mapname);
@@ -606,6 +833,8 @@ main(argc, argv)
 			exitstat = EX_IOERR;
 		}
 #endif
+	  default:
+		break;
 	}
 
 #if !O_EXLOCK
@@ -680,7 +909,7 @@ lockfile(fd, filename, ext, type)
 	return FALSE;
 }
 
-/*VARARGS2*/
+/*VARARGS1*/
 void
 #ifdef __STDC__
 message(const char *msg, ...)
@@ -694,7 +923,9 @@ message(msg, va_alist)
 	VA_LOCAL_DECL
 
 	m = msg;
-	if (isdigit(m[0]) && isdigit(m[1]) && isdigit(m[2]) && m[3] == ' ')
+	if (isascii(m[0]) && isdigit(m[0]) &&
+	    isascii(m[1]) && isdigit(m[1]) &&
+	    isascii(m[2]) && isdigit(m[2]) && m[3] == ' ')
 		m += 4;
 	VA_START(msg);
 	vfprintf(stderr, m, ap);
@@ -702,7 +933,7 @@ message(msg, va_alist)
 	fprintf(stderr, "\n");
 }
 
-/*VARARGS2*/
+/*VARARGS1*/
 void
 #ifdef __STDC__
 syserr(const char *msg, ...)
@@ -716,7 +947,9 @@ syserr(msg, va_alist)
 	VA_LOCAL_DECL
 
 	m = msg;
-	if (isdigit(m[0]) && isdigit(m[1]) && isdigit(m[2]) && m[3] == ' ')
+	if (isascii(m[0]) && isdigit(m[0]) &&
+	    isascii(m[1]) && isdigit(m[1]) &&
+	    isascii(m[2]) && isdigit(m[2]) && m[3] == ' ')
 		m += 4;
 	VA_START(msg);
 	vfprintf(stderr, m, ap);
@@ -728,10 +961,12 @@ const char *
 errstring(err)
 	int err;
 {
+#if !HASSTRERROR
 	static char errstr[64];
-#if !HASSTRERROR && !defined(ERRLIST_PREDEFINED)
+# if !defined(ERRLIST_PREDEFINED)
 	extern char *sys_errlist[];
 	extern int sys_nerr;
+# endif
 #endif
 
 	/* handle pseudo-errors internal to sendmail */
@@ -771,7 +1006,7 @@ errstring(err)
 #if HASSTRERROR
 	return strerror(err);
 #else
-	if (err < 0 || err > sys_nerr)
+	if (err < 0 || err >= sys_nerr)
 	{
 		sprintf(errstr, "Error %d", err);
 		return errstr;