VSTRING *vstring_import(char *str)
{
VSTRING *vp;
ssize_t len;
vp = (VSTRING *) mymalloc(sizeof(*vp));
len = strlen(str);
vp->vbuf.data = (unsigned char *) str;
vp->vbuf.len = len + 1;
VSTRING_AT_OFFSET(vp, len);
vp->maxlen = 0;
return (vp);
}
VSTRING *vstring_truncate(VSTRING *vp, ssize_t len)
{
ssize_t move;
if (len < 0) {
len = (-len);
if ((move = VSTRING_LEN(vp) - len) > 0)
memmove(vstring_str(vp), vstring_str(vp) + move, len);
}
if (len < VSTRING_LEN(vp))
VSTRING_AT_OFFSET(vp, len);
return (vp);
}
VSTRING *vstring_prepend(VSTRING *vp, const char *buf, ssize_t len)
{
ssize_t new_len;
/*
* Sanity check.
*/
if (len < 0)
msg_panic("vstring_prepend: bad length %ld", (long) len);
/*
* Move the existing content and copy the new content.
*/
new_len = VSTRING_LEN(vp) + len;
VSTRING_SPACE(vp, len);
memmove(vstring_str(vp) + len, vstring_str(vp), VSTRING_LEN(vp));
memcpy(vstring_str(vp), buf, len);
VSTRING_AT_OFFSET(vp, new_len);
VSTRING_TERMINATE(vp);
return (vp);
}
VSTRING *vstring_sprintf_prepend(VSTRING *vp, const char *format,...)
{
va_list ap;
ssize_t old_len = VSTRING_LEN(vp);
ssize_t result_len;
/* Construct: old|new|free */
va_start(ap, format);
vp = vstring_vsprintf_append(vp, format, ap);
va_end(ap);
result_len = VSTRING_LEN(vp);
/* Construct: old|new|old|free */
VSTRING_SPACE(vp, old_len);
vstring_memcat(vp, vstring_str(vp), old_len);
/* Construct: new|old|free */
memmove(vstring_str(vp), vstring_str(vp) + old_len, result_len);
VSTRING_AT_OFFSET(vp, result_len);
VSTRING_TERMINATE(vp);
return (vp);
}
VSTRING *vstring_insert(VSTRING *vp, ssize_t start, const char *buf, ssize_t len)
{
ssize_t new_len;
/*
* Sanity check.
*/
if (start < 0 || start >= VSTRING_LEN(vp))
msg_panic("vstring_insert: bad start %ld", (long) start);
if (len < 0)
msg_panic("vstring_insert: bad length %ld", (long) len);
/*
* Move the existing content and copy the new content.
*/
new_len = VSTRING_LEN(vp) + len;
VSTRING_SPACE(vp, len);
memmove(vstring_str(vp) + start + len, vstring_str(vp) + start,
VSTRING_LEN(vp) - start);
memcpy(vstring_str(vp) + start, buf, len);
VSTRING_AT_OFFSET(vp, new_len);
VSTRING_TERMINATE(vp);
return (vp);
}
static int xsasl_cyrus_client_first(XSASL_CLIENT *xp,
const char *mechanism_list,
const char *username,
const char *password,
const char **mechanism,
VSTRING *init_resp)
{
const char *myname = "xsasl_cyrus_client_first";
XSASL_CYRUS_CLIENT *client = (XSASL_CYRUS_CLIENT *) xp;
unsigned enc_length;
unsigned enc_length_out;
CLIENTOUT_TYPE clientout;
unsigned clientoutlen;
int sasl_status;
#define NO_SASL_SECRET 0
#define NO_SASL_INTERACTION 0
/*
* Save the username and password for the call-backs.
*/
if (client->username)
myfree(client->username);
client->username = mystrdup(username);
if (client->password)
myfree(client->password);
client->password = mystrdup(password);
/*
* Start the client side authentication protocol.
*/
sasl_status = SASL_CLIENT_START((sasl_conn_t *) client->sasl_conn,
mechanism_list,
NO_SASL_SECRET, NO_SASL_INTERACTION,
&clientout, &clientoutlen, mechanism);
if (sasl_status != SASL_OK && sasl_status != SASL_CONTINUE) {
vstring_strcpy(init_resp, xsasl_cyrus_strerror(sasl_status));
return (XSASL_AUTH_FAIL);
}
/*
* Generate the AUTH command and the optional initial client response.
* sasl_encode64() produces four bytes for each complete or incomplete
* triple of input bytes. Allocate an extra byte for string termination.
*/
#define ENCODE64_LENGTH(n) ((((n) + 2) / 3) * 4)
if (clientoutlen > 0) {
if (msg_verbose) {
escape(client->decoded, clientout, clientoutlen);
msg_info("%s: uncoded initial reply: %s",
myname, STR(client->decoded));
}
enc_length = ENCODE64_LENGTH(clientoutlen) + 1;
VSTRING_RESET(init_resp); /* Fix 200512 */
VSTRING_SPACE(init_resp, enc_length);
if ((sasl_status = sasl_encode64(clientout, clientoutlen,
STR(init_resp),
vstring_avail(init_resp),
&enc_length_out)) != SASL_OK)
msg_panic("%s: sasl_encode64 botch: %s",
myname, xsasl_cyrus_strerror(sasl_status));
VSTRING_AT_OFFSET(init_resp, enc_length_out); /* XXX */
#if SASL_VERSION_MAJOR < 2
/* SASL version 1 doesn't free memory that it allocates. */
free(clientout);
#endif
} else {
vstring_strcpy(init_resp, "");
}
return (XSASL_AUTH_OK);
}
char *casefoldx(int flags, VSTRING *dest, const char *src, ssize_t len)
{
size_t old_len;
#ifdef NO_EAI
/*
* ASCII mode only.
*/
if (len < 0)
len = strlen(src);
if ((flags & CASEF_FLAG_APPEND) == 0)
VSTRING_RESET(dest);
old_len = VSTRING_LEN(dest);
vstring_strncat(dest, src, len);
lowercase(STR(dest) + old_len);
return (STR(dest));
#else
/*
* Unicode mode.
*/
const char myname[] = "casefold";
static VSTRING *fold_buf = 0;
static UCaseMap *csm = 0;
UErrorCode error;
ssize_t space_needed;
int n;
/*
* Handle special cases.
*/
if (len < 0)
len = strlen(src);
if (dest == 0)
dest = (fold_buf != 0 ? fold_buf : (fold_buf = vstring_alloc(100)));
if ((flags & CASEF_FLAG_APPEND) == 0)
VSTRING_RESET(dest);
old_len = VSTRING_LEN(dest);
/*
* All-ASCII input, or ASCII mode only.
*/
if ((flags & CASEF_FLAG_UTF8) == 0 || allascii(src)) {
vstring_strncat(dest, src, len);
lowercase(STR(dest) + old_len);
return (STR(dest));
}
/*
* ICU 4.8 ucasemap_utf8FoldCase() does not complain about UTF-8 syntax
* errors. XXX Based on source-code review we conclude that non-UTF-8
* bytes are copied verbatim, and experiments confirm this. Given that
* this behavior is intentional, we assume that it will stay that way.
*/
#if 0
if (valid_utf8_string(src, len) == 0) {
if (err)
*err = "malformed UTF-8 or invalid codepoint";
return (0);
}
#endif
/*
* One-time initialization. With ICU 4.8 this works while chrooted.
*/
if (csm == 0) {
error = U_ZERO_ERROR;
csm = ucasemap_open("en_US", U_FOLD_CASE_DEFAULT, &error);
if (U_SUCCESS(error) == 0)
msg_fatal("ucasemap_open error: %s", u_errorName(error));
}
/*
* Fold the input, adjusting the buffer size if needed. Safety: don't
* loop forever.
*
* Note: the requested amount of space for casemapped output (as reported
* with space_needed below) does not include storage for the null
* terminator. The terminator is written only when the output buffer is
* large enough. This is why we overallocate space when the output does
* not fit. But if the output fits exactly, then the ouput will be
* unterminated, and we have to terminate the output ourselves.
*/
for (n = 0; n < 3; n++) {
error = U_ZERO_ERROR;
space_needed = ucasemap_utf8FoldCase(csm, STR(dest) + old_len,
vstring_avail(dest), src, len, &error);
if (U_SUCCESS(error)) {
VSTRING_AT_OFFSET(dest, old_len + space_needed);
if (vstring_avail(dest) == 0) /* exact fit, no terminator */
VSTRING_TERMINATE(dest); /* add terminator */
break;
} else if (error == U_BUFFER_OVERFLOW_ERROR) {
VSTRING_SPACE(dest, space_needed + 1); /* for terminator */
} else {
msg_fatal("%s: conversion error for \"%s\": %s",
myname, src, u_errorName(error));
}
}
return (STR(dest));
#endif /* NO_EAI */
}
static void tlsmgr_service(VSTREAM *client_stream, char *unused_service,
char **argv)
{
static VSTRING *request = 0;
static VSTRING *cache_type = 0;
static VSTRING *cache_id = 0;
static VSTRING *buffer = 0;
int len;
static char wakeup[] = { /* master wakeup request */
TRIGGER_REQ_WAKEUP,
0,
};
TLSMGR_SCACHE *ent;
int status = TLS_MGR_STAT_FAIL;
/*
* Sanity check. This service takes no command-line arguments.
*/
if (argv[0])
msg_fatal("unexpected command-line argument: %s", argv[0]);
/*
* Initialize. We're select threaded, so we can use static buffers.
*/
if (request == 0) {
request = vstring_alloc(10);
cache_type = vstring_alloc(10);
cache_id = vstring_alloc(10);
buffer = vstring_alloc(10);
}
/*
* This routine runs whenever a client connects to the socket dedicated
* to the tlsmgr service (including wake up events sent by the master).
* All connection-management stuff is handled by the common code in
* multi_server.c.
*/
if (tlsmgr_request_receive(client_stream, request) == 0) {
/*
* Load session from cache.
*/
if (STREQ(STR(request), TLS_MGR_REQ_LOOKUP)) {
if (attr_scan(client_stream, ATTR_FLAG_STRICT,
ATTR_TYPE_STR, TLS_MGR_ATTR_CACHE_TYPE, cache_type,
ATTR_TYPE_STR, TLS_MGR_ATTR_CACHE_ID, cache_id,
ATTR_TYPE_END) == 2) {
for (ent = cache_table; ent->cache_label; ++ent)
if (strcmp(ent->cache_label, STR(cache_type)) == 0)
break;
if (ent->cache_label == 0) {
msg_warn("bogus cache type \"%s\" in \"%s\" request",
STR(cache_type), TLS_MGR_REQ_LOOKUP);
VSTRING_RESET(buffer);
} else if (ent->cache_info == 0) {
/*
* Cache type valid, but not enabled
*/
VSTRING_RESET(buffer);
} else {
status = tls_scache_lookup(ent->cache_info,
STR(cache_id), buffer) ?
TLS_MGR_STAT_OK : TLS_MGR_STAT_ERR;
}
}
attr_print(client_stream, ATTR_FLAG_NONE,
ATTR_TYPE_INT, MAIL_ATTR_STATUS, status,
ATTR_TYPE_DATA, TLS_MGR_ATTR_SESSION,
LEN(buffer), STR(buffer),
ATTR_TYPE_END);
}
/*
* Save session to cache.
*/
else if (STREQ(STR(request), TLS_MGR_REQ_UPDATE)) {
if (attr_scan(client_stream, ATTR_FLAG_STRICT,
ATTR_TYPE_STR, TLS_MGR_ATTR_CACHE_TYPE, cache_type,
ATTR_TYPE_STR, TLS_MGR_ATTR_CACHE_ID, cache_id,
ATTR_TYPE_DATA, TLS_MGR_ATTR_SESSION, buffer,
ATTR_TYPE_END) == 3) {
for (ent = cache_table; ent->cache_label; ++ent)
if (strcmp(ent->cache_label, STR(cache_type)) == 0)
break;
if (ent->cache_label == 0) {
msg_warn("bogus cache type \"%s\" in \"%s\" request",
STR(cache_type), TLS_MGR_REQ_UPDATE);
} else if (ent->cache_info != 0) {
status =
tls_scache_update(ent->cache_info, STR(cache_id),
STR(buffer), LEN(buffer)) ?
TLS_MGR_STAT_OK : TLS_MGR_STAT_ERR;
}
}
attr_print(client_stream, ATTR_FLAG_NONE,
ATTR_TYPE_INT, MAIL_ATTR_STATUS, status,
ATTR_TYPE_END);
}
/*
* Delete session from cache.
*/
else if (STREQ(STR(request), TLS_MGR_REQ_DELETE)) {
if (attr_scan(client_stream, ATTR_FLAG_STRICT,
ATTR_TYPE_STR, TLS_MGR_ATTR_CACHE_TYPE, cache_type,
ATTR_TYPE_STR, TLS_MGR_ATTR_CACHE_ID, cache_id,
ATTR_TYPE_END) == 2) {
for (ent = cache_table; ent->cache_label; ++ent)
if (strcmp(ent->cache_label, STR(cache_type)) == 0)
break;
if (ent->cache_label == 0) {
msg_warn("bogus cache type \"%s\" in \"%s\" request",
STR(cache_type), TLS_MGR_REQ_DELETE);
} else if (ent->cache_info != 0) {
status = tls_scache_delete(ent->cache_info,
STR(cache_id)) ?
TLS_MGR_STAT_OK : TLS_MGR_STAT_ERR;
}
}
attr_print(client_stream, ATTR_FLAG_NONE,
ATTR_TYPE_INT, MAIL_ATTR_STATUS, status,
ATTR_TYPE_END);
}
/*
* RFC 5077 TLS session ticket keys
*/
else if (STREQ(STR(request), TLS_MGR_REQ_TKTKEY)) {
if (attr_scan(client_stream, ATTR_FLAG_STRICT,
ATTR_TYPE_DATA, TLS_MGR_ATTR_KEYNAME, buffer,
ATTR_TYPE_END) == 1) {
if (LEN(buffer) != 0 && LEN(buffer) != TLS_TICKET_NAMELEN) {
msg_warn("invalid session ticket key name length: %ld",
(long) LEN(buffer));
VSTRING_RESET(buffer);
} else if (*smtpd_cache.cache_timeout <= 0) {
status = TLS_MGR_STAT_ERR;
VSTRING_RESET(buffer);
} else {
status = tlsmgr_key(buffer, *smtpd_cache.cache_timeout);
}
}
attr_print(client_stream, ATTR_FLAG_NONE,
ATTR_TYPE_INT, MAIL_ATTR_STATUS, status,
ATTR_TYPE_DATA, TLS_MGR_ATTR_KEYBUF,
LEN(buffer), STR(buffer),
ATTR_TYPE_END);
}
/*
* Entropy request.
*/
else if (STREQ(STR(request), TLS_MGR_REQ_SEED)) {
if (attr_scan(client_stream, ATTR_FLAG_STRICT,
ATTR_TYPE_INT, TLS_MGR_ATTR_SIZE, &len,
ATTR_TYPE_END) == 1) {
VSTRING_RESET(buffer);
if (len <= 0 || len > 255) {
msg_warn("bogus seed length \"%d\" in \"%s\" request",
len, TLS_MGR_REQ_SEED);
} else {
VSTRING_SPACE(buffer, len);
RAND_bytes((unsigned char *) STR(buffer), len);
VSTRING_AT_OFFSET(buffer, len); /* XXX not part of the
* official interface */
status = TLS_MGR_STAT_OK;
}
}
attr_print(client_stream, ATTR_FLAG_NONE,
ATTR_TYPE_INT, MAIL_ATTR_STATUS, status,
ATTR_TYPE_DATA, TLS_MGR_ATTR_SEED,
LEN(buffer), STR(buffer),
ATTR_TYPE_END);
}
/*
* Caching policy request.
*/
else if (STREQ(STR(request), TLS_MGR_REQ_POLICY)) {
int cachable = 0;
int timeout = 0;
if (attr_scan(client_stream, ATTR_FLAG_STRICT,
ATTR_TYPE_STR, TLS_MGR_ATTR_CACHE_TYPE, cache_type,
ATTR_TYPE_END) == 1) {
for (ent = cache_table; ent->cache_label; ++ent)
if (strcmp(ent->cache_label, STR(cache_type)) == 0)
break;
if (ent->cache_label == 0) {
msg_warn("bogus cache type \"%s\" in \"%s\" request",
STR(cache_type), TLS_MGR_REQ_POLICY);
} else {
cachable = (ent->cache_info != 0) ? 1 : 0;
timeout = *ent->cache_timeout;
status = TLS_MGR_STAT_OK;
}
}
attr_print(client_stream, ATTR_FLAG_NONE,
ATTR_TYPE_INT, MAIL_ATTR_STATUS, status,
ATTR_TYPE_INT, TLS_MGR_ATTR_CACHABLE, cachable,
ATTR_TYPE_INT, TLS_MGR_ATTR_SESSTOUT, timeout,
ATTR_TYPE_END);
}
/*
* Master trigger. Normally, these triggers arrive only after some
* other process requested the tlsmgr's service. The purpose is to
* restart the tlsmgr after it aborted due to a fatal run-time error,
* so that it can continue its housekeeping even while nothing is
* using TLS.
*
* XXX Which begs the question, if TLS isn't used often, do we need a
* tlsmgr background process? It could terminate when the session
* caches are empty.
*/
else if (STREQ(STR(request), wakeup)) {
if (msg_verbose)
msg_info("received master trigger");
multi_server_disconnect(client_stream);
return; /* NOT: vstream_fflush */
}
}
/*
* Protocol error.
*/
else {
attr_print(client_stream, ATTR_FLAG_NONE,
ATTR_TYPE_INT, MAIL_ATTR_STATUS, TLS_MGR_STAT_FAIL,
ATTR_TYPE_END);
}
vstream_fflush(client_stream);
}
