void
io_set_fd(struct io *io, int fd)
{
io->sock = fd;
if (fd != -1)
io_reload(io);
}
void
io_resume(struct io *io, int dir)
{
io_debug("io_resume(%p, %x)\n", io, dir);
io->flags &= ~(dir & (IO_PAUSE_IN | IO_PAUSE_OUT));
io_reload(io);
}
void
io_pause(struct io *io, int dir)
{
io_debug("io_pause(%p, %x)\n", io, dir);
io->flags |= dir & (IO_PAUSE_IN | IO_PAUSE_OUT);
io_reload(io);
}
void
io_release(struct io *io)
{
if (!(io->flags & IO_HELD))
errx(1, "io_release: io is not held");
io->flags &= ~IO_HELD;
if (!(io->flags & IO_RESET))
io_reload(io);
}
int
io_writev(struct io *io, const struct iovec *iov, int iovcount)
{
int r;
r = iobuf_queuev(&io->iobuf, iov, iovcount);
io_reload(io);
return r;
}
int
io_write(struct io *io, const void *buf, size_t len)
{
int r;
r = iobuf_queue(&io->iobuf, buf, len);
io_reload(io);
return r;
}
static void
mta_on_timeout(struct runq *runq, void *arg)
{
struct mta_session *s = arg;
log_debug("mta: timeout for session hangon");
s->flags &= ~MTA_HANGON;
s->hangon++;
mta_enter_state(s, MTA_READY);
io_reload(&s->io);
}
void
io_set_write(struct io *io)
{
int mode;
io_debug("io_set_write(%p)\n", io);
mode = io->flags & IO_RW;
if (!(mode == 0 || mode == IO_READ))
errx(1, "io_set_write(): full-duplex or writing");
io->flags &= ~IO_RW;
io->flags |= IO_WRITE;
io_reload(io);
}
void
io_init(struct io *io, int sock, void *arg,
void(*cb)(struct io*, int), struct iobuf *iobuf)
{
_io_init();
memset(io, 0, sizeof *io);
io->sock = sock;
io->timeout = -1;
io->arg = arg;
io->iobuf = iobuf;
io->cb = cb;
if (sock != -1)
io_reload(io);
}
void
filter_api_writeln(uint64_t id, const char *line)
{
struct filter_session *s;
log_trace(TRACE_FILTERS, "filter-api:%s %016"PRIx64" filter_api_writeln(%s)", filter_name, id, line);
s = tree_xget(&sessions, id);
if (s->pipe.oev.sock == -1) {
log_warnx("warn: filter:%s: cannot write at this point", filter_name);
fatalx("exiting");
}
s->pipe.odatalen += strlen(line) + 1;
iobuf_fqueue(&s->pipe.obuf, "%s\n", line);
io_reload(&s->pipe.oev);
}
void
mta_session_imsg(struct mproc *p, struct imsg *imsg)
{
struct ca_vrfy_resp_msg *resp_ca_vrfy;
struct ca_cert_resp_msg *resp_ca_cert;
struct mta_session *s;
struct mta_host *h;
struct msg m;
uint64_t reqid;
const char *name;
void *ssl;
int dnserror, status;
switch (imsg->hdr.type) {
case IMSG_QUEUE_MESSAGE_FD:
m_msg(&m, imsg);
m_get_id(&m, &reqid);
m_end(&m);
s = mta_tree_pop(&wait_fd, reqid);
if (s == NULL) {
if (imsg->fd != -1)
close(imsg->fd);
return;
}
if (imsg->fd == -1) {
log_debug("debug: mta: failed to obtain msg fd");
mta_flush_task(s, IMSG_DELIVERY_TEMPFAIL,
"Could not get message fd", 0, 0);
mta_enter_state(s, MTA_READY);
io_reload(&s->io);
return;
}
s->datafp = fdopen(imsg->fd, "r");
if (s->datafp == NULL)
fatal("mta: fdopen");
if (mta_check_loop(s->datafp)) {
log_debug("debug: mta: loop detected");
fclose(s->datafp);
s->datafp = NULL;
mta_flush_task(s, IMSG_DELIVERY_LOOP,
"Loop detected", 0, 0);
mta_enter_state(s, MTA_READY);
} else {
mta_enter_state(s, MTA_MAIL);
}
io_reload(&s->io);
return;
case IMSG_DNS_PTR:
m_msg(&m, imsg);
m_get_id(&m, &reqid);
m_get_int(&m, &dnserror);
if (dnserror)
name = NULL;
else
m_get_string(&m, &name);
m_end(&m);
s = mta_tree_pop(&wait_ptr, reqid);
if (s == NULL)
return;
h = s->route->dst;
h->lastptrquery = time(NULL);
if (name)
h->ptrname = xstrdup(name, "mta: ptr");
waitq_run(&h->ptrname, h->ptrname);
return;
case IMSG_LKA_SSL_INIT:
resp_ca_cert = imsg->data;
s = mta_tree_pop(&wait_ssl_init, resp_ca_cert->reqid);
if (s == NULL)
return;
if (resp_ca_cert->status == CA_FAIL) {
if (s->relay->pki_name) {
log_info("smtp-out: Disconnecting session %016"PRIx64
": CA failure", s->id);
mta_free(s);
return;
}
else {
ssl = ssl_mta_init(NULL, 0, NULL, 0);
if (ssl == NULL)
fatal("mta: ssl_mta_init");
io_start_tls(&s->io, ssl);
return;
}
}
resp_ca_cert = xmemdup(imsg->data, sizeof *resp_ca_cert, "mta:ca_cert");
resp_ca_cert->cert = xstrdup((char *)imsg->data +
sizeof *resp_ca_cert, "mta:ca_cert");
resp_ca_cert->key = xstrdup((char *)imsg->data +
sizeof *resp_ca_cert + resp_ca_cert->cert_len,
"mta:ca_key");
ssl = ssl_mta_init(resp_ca_cert->cert, resp_ca_cert->cert_len,
resp_ca_cert->key, resp_ca_cert->key_len);
if (ssl == NULL)
fatal("mta: ssl_mta_init");
io_start_tls(&s->io, ssl);
memset(resp_ca_cert->cert, 0, resp_ca_cert->cert_len);
memset(resp_ca_cert->key, 0, resp_ca_cert->key_len);
free(resp_ca_cert->cert);
free(resp_ca_cert->key);
free(resp_ca_cert);
return;
case IMSG_LKA_SSL_VERIFY:
resp_ca_vrfy = imsg->data;
s = mta_tree_pop(&wait_ssl_verify, resp_ca_vrfy->reqid);
if (s == NULL)
return;
if (resp_ca_vrfy->status == CA_OK)
s->flags |= MTA_VERIFIED;
else if (s->relay->flags & F_TLS_VERIFY) {
errno = 0;
mta_error(s, "SSL certificate check failed");
mta_free(s);
return;
}
mta_io(&s->io, IO_TLSVERIFIED);
io_resume(&s->io, IO_PAUSE_IN);
io_reload(&s->io);
return;
case IMSG_LKA_HELO:
m_msg(&m, imsg);
m_get_id(&m, &reqid);
m_get_int(&m, &status);
if (status == LKA_OK)
m_get_string(&m, &name);
m_end(&m);
s = mta_tree_pop(&wait_helo, reqid);
if (s == NULL)
return;
if (status == LKA_OK) {
s->helo = xstrdup(name, "mta_session_imsg");
mta_connect(s);
} else {
mta_source_error(s->relay, s->route,
"Failed to retrieve helo string");
mta_free(s);
}
return;
default:
errx(1, "mta_session_imsg: unexpected %s imsg",
imsg_to_str(imsg->hdr.type));
}
}
void
session_pickup(struct session *s, struct submit_status *ss)
{
void *ssl;
s->s_flags &= ~F_WAITIMSG;
if ((ss != NULL && ss->code == 421) ||
(s->s_dstatus & DS_TEMPFAILURE)) {
stat_increment("smtp.tempfail", 1);
session_respond(s, "421 Service temporarily unavailable");
session_enter_state(s, S_QUIT);
io_reload(&s->s_io);
return;
}
switch (s->s_state) {
case S_CONNECTED:
session_enter_state(s, S_INIT);
s->s_msg.session_id = s->s_id;
s->s_msg.ss = s->s_ss;
session_imsg(s, PROC_MFA, IMSG_MFA_CONNECT, 0, 0, -1,
&s->s_msg, sizeof(s->s_msg));
break;
case S_INIT:
if (ss->code != 250) {
session_destroy(s, "rejected by filter");
return;
}
if (s->s_l->flags & F_SMTPS) {
ssl = ssl_smtp_init(s->s_l->ssl_ctx);
io_set_read(&s->s_io);
io_start_tls(&s->s_io, ssl);
return;
}
session_respond(s, SMTPD_BANNER, env->sc_hostname);
session_enter_state(s, S_GREETED);
break;
case S_AUTH_FINALIZE:
if (s->s_flags & F_AUTHENTICATED)
session_respond(s, "235 Authentication succeeded");
else
session_respond(s, "535 Authentication failed");
session_enter_state(s, S_HELO);
break;
case S_RSET:
session_respond(s, "250 2.0.0 Reset state");
session_enter_state(s, S_HELO);
break;
case S_HELO:
if (ss->code != 250) {
session_enter_state(s, S_GREETED);
session_respond(s, "%d Helo rejected", ss->code);
break;
}
session_respond(s, "250%c%s Hello %s [%s], pleased to meet you",
(s->s_flags & F_EHLO) ? '-' : ' ',
env->sc_hostname, s->s_msg.helo, ss_to_text(&s->s_ss));
if (s->s_flags & F_EHLO) {
/* unconditionnal extensions go first */
session_respond(s, "250-8BITMIME");
session_respond(s, "250-ENHANCEDSTATUSCODES");
/* XXX - we also want to support reading SIZE from MAIL parameters */
session_respond(s, "250-SIZE %zu", env->sc_maxsize);
if (ADVERTISE_TLS(s))
session_respond(s, "250-STARTTLS");
if (ADVERTISE_AUTH(s))
session_respond(s, "250-AUTH PLAIN LOGIN");
session_respond(s, "250 HELP");
}
break;
case S_MAIL_MFA:
if (ss->code != 250) {
session_enter_state(s, S_HELO);
session_respond(s, "%d Sender rejected", ss->code);
break;
}
session_enter_state(s, S_MAIL_QUEUE);
s->s_msg.sender = ss->u.maddr;
session_imsg(s, PROC_QUEUE, IMSG_QUEUE_CREATE_MESSAGE, 0, 0, -1,
&s->s_msg, sizeof(s->s_msg));
break;
case S_MAIL_QUEUE:
session_enter_state(s, S_MAIL);
session_respond(s, "%d 2.1.0 Sender ok", ss->code);
break;
case S_RCPT_MFA:
/* recipient was not accepted */
if (ss->code != 250) {
/* We do not have a valid recipient, downgrade state */
if (s->rcptcount == 0)
session_enter_state(s, S_MAIL);
else
session_enter_state(s, S_RCPT);
session_respond(s, "%d 5.0.0 Recipient rejected: %s@%s", ss->code,
s->s_msg.rcpt.user,
s->s_msg.rcpt.domain);
break;
}
session_enter_state(s, S_RCPT);
s->rcptcount++;
s->s_msg.dest = ss->u.maddr;
session_respond(s, "%d 2.0.0 Recipient ok", ss->code);
break;
case S_DATA_QUEUE:
session_enter_state(s, S_DATACONTENT);
session_respond(s, "354 Enter mail, end with \".\" on a line by"
" itself");
fprintf(s->datafp, "Received: from %s (%s [%s])\n",
s->s_msg.helo, s->s_hostname, ss_to_text(&s->s_ss));
fprintf(s->datafp, "\tby %s (OpenSMTPD) with %sSMTP id %08x",
env->sc_hostname, s->s_flags & F_EHLO ? "E" : "",
evpid_to_msgid(s->s_msg.id));
if (s->s_flags & F_SECURE) {
fprintf(s->datafp, "\n\t(version=%s cipher=%s bits=%d)",
SSL_get_cipher_version(s->s_io.ssl),
SSL_get_cipher_name(s->s_io.ssl),
SSL_get_cipher_bits(s->s_io.ssl, NULL));
}
if (s->rcptcount == 1)
fprintf(s->datafp, "\n\tfor <%s@%s>; ",
s->s_msg.rcpt.user,
s->s_msg.rcpt.domain);
else
fprintf(s->datafp, ";\n\t");
fprintf(s->datafp, "%s\n", time_to_text(time(NULL)));
break;
case S_DATACONTENT:
if (ss->code != 250)
s->s_dstatus |= DS_PERMFAILURE;
session_read_data(s, ss->u.dataline);
break;
case S_DONE:
session_respond(s, "250 2.0.0 %08x Message accepted for delivery",
evpid_to_msgid(s->s_msg.id));
log_info("%08x: from=<%s%s%s>, size=%ld, nrcpts=%zu, proto=%s, "
"relay=%s [%s]",
evpid_to_msgid(s->s_msg.id),
s->s_msg.sender.user,
s->s_msg.sender.user[0] == '\0' ? "" : "@",
s->s_msg.sender.domain,
s->s_datalen,
s->rcptcount,
s->s_flags & F_EHLO ? "ESMTP" : "SMTP",
s->s_hostname,
ss_to_text(&s->s_ss));
session_enter_state(s, S_HELO);
s->s_msg.id = 0;
bzero(&s->s_nresp, sizeof(s->s_nresp));
break;
default:
fatal("session_pickup: unknown state");
}
io_reload(&s->s_io);
}
