int main(int argc,const char *const *argv,const char *const *envp)
{
struct passwd *pw;
const char *account;
char strnum[FMT_ULONG];
account = *++argv;
if (!account || !*++argv)
usage();
pw = getpwnam(account);
if (!pw)
strerr_die3x(111,FATAL,"unknown account ",account);
if (!pathexec_env("HOME",pw->pw_dir)) nomem();
if (!pathexec_env("SHELL",pw->pw_shell)) nomem();
if (!pathexec_env("USER",pw->pw_name)) nomem();
strnum[fmt_ulong(strnum,pw->pw_gid)] = 0;
if (!pathexec_env("GID",strnum)) nomem();
strnum[fmt_ulong(strnum,pw->pw_uid)] = 0;
if (!pathexec_env("UID",strnum)) nomem();
if (chdir(pw->pw_dir) != 0)
strerr_die3sys(111,FATAL,"unable to chdir to ", pw->pw_dir);
if (prot_gid(pw->pw_gid) == -1)
strerr_die2sys(111,FATAL,"unable to setgid");
if (prot_gids(pw->pw_name, pw->pw_gid) == -1)
strerr_die2sys(111,FATAL,"unable to initgroups");
if (prot_uid(pw->pw_uid) == -1)
strerr_die2sys(111,FATAL,"unable to setuid");
pathexec_run(*argv,argv,envp);
strerr_die3sys(111,FATAL,"unable to run ",*argv);
}
main()
{
char *x;
int udp53;
x = env_get("IP");
if (!x)
strerr_die2x(111,fatal,"$IP not set");
if (!ip4_scan(x,ip))
strerr_die3x(111,fatal,"unable to parse IP address ",x);
udp53 = socket_udp();
if (udp53 == -1)
strerr_die2sys(111,fatal,"unable to create UDP socket: ");
if (socket_bind4_reuse(udp53,ip,53) == -1)
strerr_die2sys(111,fatal,"unable to bind UDP socket: ");
droproot(fatal);
initialize();
ndelay_off(udp53);
socket_tryreservein(udp53,65536);
for (;;) {
len = socket_recv4(udp53,buf,sizeof buf,ip,&port);
if (len < 0) continue;
if (!doit()) continue;
if (response_len > 512) response_tc();
socket_send4(udp53,response,response_len,ip,port);
/* may block for buffer space; if it fails, too bad */
}
}
void main(int argc,char **argv)
{
char *def;
int dash;
optind = getconfopt(argc,argv,options,0,0);
if (argv[optind] == 0)
die_usage();
if (!stralloc_copys(&basedir,argv[optind++])) die_nomem();
sender = get_sender();
if (!sender)
strerr_die2x(100,FATAL,MSG(ERR_NOSENDER));
def = env_get("DEFAULT");
if (argv[optind] != 0) {
dispatch(argv[optind],def);
strerr_die3x(100,FATAL,"Not a directory: ",path.s);
}
else if (!def || !*def)
strerr_die2x(100,FATAL,MSG(ERR_NODEFAULT));
else {
if (def[str_chr(def,'/')] != 0)
strerr_die2x(100,FATAL,"Recipient address may not contain '/'");
dispatch(def,0);
dash = str_len(def);
for (;;) {
while (--dash > 0)
if (def[dash] == '-')
break;
if (dash <= 0)
break;
def[dash] = 0;
dispatch(def,def+dash+1);
def[dash] = '-';
}
strerr_die3x(100,FATAL,"Could not match recipient name to any list: ",def);
}
}
void main(int argc,char **argv)
{
char *def;
int opt;
int dash;
while ((opt = getopt(argc,argv,"vV")) != opteof)
switch (opt) {
case 'v':
case 'V':
strerr_die2x(0, "ezmlm-dispatch version: ",auto_version);
default:
die_usage();
}
if (argv[optind] == 0)
die_usage();
wrap_chdir(argv[optind]);
if (!stralloc_copys(&basedir,argv[optind++])) die_nomem();
sender = env_get("SENDER");
if (!sender)
strerr_die2x(100,FATAL,ERR_NOSENDER);
def = env_get("DEFAULT");
if (argv[optind] != 0) {
wrap_chdir(argv[optind]);
dispatch(argv[optind],def);
}
else if (!def || !*def)
strerr_die2x(100,FATAL,ERR_NODEFAULT);
else {
if (def[str_chr(def,'/')] != 0)
strerr_die2x(100,FATAL,"Recipient address may not contain '/'");
if (chdir(def) == 0)
dispatch(def,0);
dash = str_len(def);
for (;;) {
while (--dash > 0)
if (def[dash] == '-')
break;
if (dash <= 0)
break;
def[dash] = 0;
if (chdir(def) == 0)
dispatch(def,def+dash+1);
def[dash] = '-';
}
strerr_die3x(100,FATAL,"Could not match recipient name to any list: ",def);
}
}
int main(int argc,char **argv)
{
user = argv[1];
if (!user) usage();
loguser = argv[2];
if (!loguser) usage();
dir = argv[3];
if (!dir) usage();
/* if (dir[0] != '/') usage(); */
tinydns = argv[4];
if (!tinydns) usage();
/* if (tinydns[0] != '/') usage(); */
myip = argv[5];
if (!myip) usage();
pw = getpwnam(loguser);
if (!pw)
strerr_die3x(111,FATAL,"unknown account ",loguser);
init(dir,FATAL);
makelog(loguser,pw->pw_uid,pw->pw_gid);
makedir("env");
perm(02755);
start("env/ROOT"); outs(tinydns); outs("/root\n"); finish();
perm(0644);
start("env/IP"); outs(myip); outs("\n"); finish();
perm(0644);
start("run");
outs("#!/bin/sh\nexec 2>&1\nexec envdir ./env sh -c '\n exec envuidgid "); outs(user);
outs(" softlimit -d300000 tcpserver -vDRHl0 -x tcp.cdb -- \"$IP\" 53 ");
outs(auto_home); outs("/bin/axfrdns\n'\n");
finish();
perm(0755);
start("Makefile");
outs("tcp.cdb: tcp\n");
outs("\ttcprules tcp.cdb tcp.tmp < tcp\n");
finish();
perm(0644);
start("tcp");
outs("# sample line: 1.2.3.4:allow,AXFR=\"heaven.af.mil/3.2.1.in-addr.arpa\"\n");
outs(":deny\n");
finish();
perm(0644);
return 0;
}
int main(int argc,char **argv)
{
user = argv[1];
if (!user) usage();
loguser = argv[2];
if (!loguser) usage();
dir = argv[3];
if (!dir) usage();
if (dir[0] != '/') usage();
myip = argv[4];
if (!myip) usage();
pw = getpwnam(loguser);
if (!pw)
strerr_die3x(111,FATAL,"unknown account ",loguser);
init(dir,FATAL);
makelog(loguser,pw->pw_uid,pw->pw_gid);
makedir("env");
perm(02755);
start("env/ROOT"); outs(dir); outs("/root\n"); finish();
perm(0644);
start("env/IP"); outs(myip); outs("\n"); finish();
perm(0644);
start("run");
outs("#!/bin/sh\nexec 2>&1\nexec chpst -U "); outs(user);
outs(" -e ./env -d250000 ");
outs(auto_home); outs("/bin/pickdns\n");
finish();
perm(0755);
makedir("root");
perm(02755);
start("root/data");
finish();
perm(0644);
start("root/Makefile");
outs("data.cdb: data\n");
outs("\t"); outs(auto_home); outs("/bin/pickdns-data\n");
finish();
perm(0644);
_exit(0);
}
int main (int argc, char **argv)
{
user = argv[1];
if (!user) usage();
loguser = argv[2];
if (!loguser) usage();
dir = argv[3];
if (!dir) usage();
if (dir[0] != '/') usage();
ip = argv[4];
if (!ip) ip = "0";
pw = getpwnam(loguser);
if (!pw) strerr_die3x(TEMP, FATAL, "unknown account ", loguser);
if (!readme(&me)) strerr_die1(TEMP, FATAL, &readme_err);
init(dir, FATAL);
makelogdir(loguser, pw->pw_uid, -1);
makedir("env");
perm(02755);
start("env/DATALIMIT");
outs("250000\n");
finish();
perm(0644);
tcpserver_env(ip, PORT, me.s);
makemakefile();
maketcp(1);
makeaddclient();
start("run");
outs("#!/bin/sh\n");
tcpserver_run(user, PORT);
outs(" ");
outs(auto_qmail);
outs("/bin/qmail-qmqpd\n");
outs("'\n");
finish();
perm(0755);
_exit(0);
return 0;
}
int main (int argc, char **argv)
{
checkpassword = argv[1];
if (!checkpassword) usage();
loguser = argv[2];
if (!loguser) usage();
dir = argv[3];
if (!dir) usage();
if (dir[0] != '/') usage();
ip = argv[4];
if (!ip) ip = "0";
pw = getpwnam(loguser);
if (!pw) strerr_die3x(TEMP, FATAL, "unknown account ", loguser);
init(dir, FATAL);
makelogdir(loguser, pw->pw_uid, -1);
makedir("env");
perm(02755);
start("env/DATALIMIT"); outs("250000\n"); finish();
perm(0644);
tcpserver_env(ip, PORT, "0");
start("env/POPUPHOST"); finish();
perm(0644);
start("env/MAILDIRNAME"); finish();
perm(0644);
makemakefile();
maketcp(1);
makeaddclient();
start("run");
outs("#!/bin/sh\n");
tcpserver_run((char *) 0, PORT);
outs(" "); outs(auto_qmail); outs("/bin/qmail-popup \"${POPUPHOST-`sed 1q "); outs(auto_qmail); outs("/control/me`}\" \\\n");
outs(" "); outs(checkpassword); outs(" \\\n");
outs(" "); outs(auto_qmail); outs("/bin/qmail-pop3d \"${MAILDIRNAME-Maildir}\"\n");
outs("'\n");
finish();
perm(0755);
_exit(0);
return 0;
}
int main(int argc,const char *const *argv,const char *const *envp)
{
account = *++argv;
if (!account || !*++argv)
strerr_die1x(100,"setuidgid: usage: setuidgid account child");
pw = getpwnam(account);
if (!pw)
strerr_die3x(111,FATAL,"unknown account ",account);
if (prot_gid(pw->pw_gid) == -1)
strerr_die2sys(111,FATAL,"unable to setgid: ");
if (prot_uid(pw->pw_uid) == -1)
strerr_die2sys(111,FATAL,"unable to setuid: ");
pathexec_run(*argv,argv,envp);
strerr_die4sys(111,FATAL,"unable to run ",*argv,": ");
}
int main(int argc,char **argv)
{
dns_random_init(seed);
if (*argv) ++argv;
while (*argv) {
if (!ip4_scan(*argv,ip))
strerr_die3x(111,FATAL,"unable to parse IP address ",*argv);
if (dns_name4(&out,ip) == -1)
strerr_die4sys(111,FATAL,"unable to find host name for ",*argv,": ");
buffer_put(buffer_1,out.s,out.len);
buffer_puts(buffer_1,"\n");
++argv;
}
buffer_flush(buffer_1);
_exit(0);
}
int main(int argc,char **argv)
{
user = argv[1];
if (!user) usage();
loguser = argv[2];
if (!loguser) usage();
dir = argv[3];
if (!dir) usage();
if (dir[0] != '/') usage();
myip = argv[4];
if (!myip) usage();
pw = getpwnam(loguser);
if (!pw)
strerr_die3x(111,FATAL,"unknown account ",loguser);
init(dir,FATAL);
makelog(loguser,pw->pw_uid,pw->pw_gid);
makedir("env");
perm(02755);
start("env/ROOT"); outs(dir); outs("/root\n"); finish();
perm(0644);
start("env/IP"); outs(myip); outs("\n"); finish();
perm(0644);
start("run");
outs("#!/bin/sh\nexec 2>&1\nexec envuidgid "); outs(user);
outs(" envdir ./env softlimit -d250000 ");
outs(auto_home); outs("/bin/walldns\n");
finish();
perm(0755);
makedir("root");
perm(02755);
_exit(0);
}
int main(int argc, char **argv)
{
user = argv[1];
if (!user) usage();
loguser = argv[2];
if (!loguser) usage();
dir = argv[3];
if (!dir) usage();
if (dir[0] != '/') usage();
myip = argv[4];
if (!myip) usage();
pw = getpwnam(loguser);
if (!pw)
strerr_die3x(111,FATAL,"unknown account ",loguser);
init(dir,FATAL);
makelog(loguser,pw->pw_uid,pw->pw_gid);
if (mkdir("root",0700) == -1)
strerr_die2sys(111,FATAL,"unable to create directory 'root': ");
start("run");
outs("#!/bin/sh\nexec 2>&1\n");
outs("IP="); outs(myip); outs("; export IP\n");
outs("ROOT="); outs(dir); outs("/root; export ROOT\n");
outs("exec envuidgid "); outs(user);
outs(" \\\nsoftlimit -d250000");
outs(" \\\ntcpserver -RPHv $IP ident");
outs(" "); outs(auto_home); outs("/bin/didentd-static");
outs("\n");
finish();
perm(0755);
return 0;
}
static void forward(const char *rcpt)
{
char buf[4096];
const char *dtline;
const char *err;
int r;
if (qmail_open(&qq,0) == -1)
strerr_die2sys(111,FATAL,ERR_QMAIL_QUEUE);
if ((dtline = env_get("DTLINE")) != 0)
qmail_puts(&qq,dtline);
while ((r = read(0,buf,sizeof buf)) > 0)
qmail_put(&qq,buf,r);
if (r == -1)
strerr_die3sys(111,FATAL,ERR_READ,": ");
qmail_from(&qq,sender);
qmail_to(&qq,rcpt);
if (*(err = qmail_close(&qq)) != '\0')
strerr_die3x(111,FATAL,ERR_TMP_QMAIL_QUEUE,err + 1);
strnum[fmt_ulong(strnum,qmail_qp(&qq))] = 0;
substdio_puts(subfderr,"qp ");
substdio_puts(subfderr,strnum);
substdio_putsflush(subfderr,"\n");
++did_forward;
}
void temp_read() { strerr_die3x(111,"Unable to read message: ",error_str(errno),". (#4.3.0)"); }
void doit(int t) {
int j;
SSL *ssl;
int wstat;
int sslctl[2];
char *s;
unsigned long tmp_long;
char ssl_cmd;
stralloc ssl_env = { 0 };
int bytesleft;
char envbuf[8192];
int childpid;
if (pipe(pi) == -1) strerr_die2sys(111,DROP,"unable to create pipe: ");
if (pipe(po) == -1) strerr_die2sys(111,DROP,"unable to create pipe: ");
if (socketpair(AF_UNIX, SOCK_STREAM, 0, sslctl) == -1) strerr_die2sys(111,DROP,"unable to create socketpair: ");
if ((j = ip_fmt(&remoteipsa,&remoteaddr)))
strerr_die3x(111,DROP,"unable to print remote ip",gai_strerror(j));
if (flagremotehost) {
if (dns_name(&remotehostsa,&remoteaddr) == 0)
if (remotehostsa.len) {
if (flagparanoid) {
struct addrinfo *reverse, hints = {0};
verifyhost = remoteipsa.s;
hints.ai_family = remoteaddr.sa4.sin_family;
if (remoteaddr.sa6.sin6_family == AF_INET6) {
hints.ai_flags = AI_V4MAPPED | AI_ALL;
}
if (getaddrinfo(remotehostsa.s, NULL, &hints, &reverse) == 0) {
hints.ai_next = reverse;
while (hints.ai_next) {
if (hints.ai_next->ai_family == AF_INET
&& remoteaddr.sa4.sin_family == AF_INET
&& byte_equal(&remoteaddr.sa4.sin_addr, 4, &((struct sockaddr_in*) hints.ai_next->ai_addr)->sin_addr)
|| hints.ai_next->ai_family == AF_INET6
&& remoteaddr.sa6.sin6_family == AF_INET6
&& byte_equal(remoteaddr.sa6.sin6_addr.s6_addr, 16,
&((struct sockaddr_in6*) hints.ai_next->ai_addr)->sin6_addr.s6_addr)) {
flagparanoid = 0;
break;
}
hints.ai_next = hints.ai_next->ai_next;
}
freeaddrinfo(reverse);
}
}
if (!flagparanoid) {
remotehost = remotehostsa.s;
verifyhost = remotehostsa.s;
}
}
}
switch(childpid=fork()) {
case -1:
strerr_die2sys(111,DROP,"unable to fork: ");
case 0:
/* Child */
close(sslctl[0]);
break;
default:
/* Parent */
close(pi[0]); close(po[1]); close(sslctl[1]);
if ((s=env_get("SSL_CHROOT")))
if (chroot(s) == -1) {
kill(childpid, SIGTERM);
strerr_die2x(111,DROP,"unable to chroot");
}
if ((s=env_get("SSL_GID"))) {
scan_ulong(s,&tmp_long);
gid = tmp_long;
}
if (gid) if (prot_gid(gid) == -1) {
kill(childpid, SIGTERM);
strerr_die2sys(111,FATAL,"unable to set gid: ");
}
if ((s=env_get("SSL_UID"))) {
scan_ulong(s,&tmp_long);
uid = tmp_long;
}
if (uid)
if (prot_uid(uid) == -1) {
kill(childpid, SIGTERM);
strerr_die2sys(111,FATAL,"unable to set uid: ");
}
/* Read the TLS command socket. This will block until/unless
* TLS is requested.
*/
if (read(sslctl[0],&ssl_cmd,1) == 1) {
ssl = ssl_new(ctx,t);
if (!ssl) {
kill(childpid, SIGTERM);
strerr_die2x(111,DROP,"unable to create SSL instance");
}
if (ndelay_on(t) == -1) {
kill(childpid, SIGTERM);
strerr_die2sys(111,DROP,"unable to set socket options: ");
}
if (ssl_timeoutaccept(ssl,ssltimeout) == -1) {
kill(childpid, SIGTERM);
strerr_die3x(111,DROP,"unable to accept SSL: ",ssl_error_str(ssl_errno));
}
}
if (verbosity >= 2) {
strnum[fmt_ulong(strnum,getpid())] = 0;
strerr_warn3("sslserver: ssl ",strnum," accept ",0);
}
if (flagclientcert) {
switch(ssl_verify(ssl,verifyhost)) {
case -1:
kill(childpid, SIGTERM);
strerr_die2x(111,DROP,"unable to verify client certificate");
case -2:
kill(childpid, SIGTERM);
strerr_die2x(111,DROP,"no client certificate");
case -3:
kill(childpid, SIGTERM);
strerr_die3x(111,DROP,"certificate name does not match client fqdn: ",verifyhost);
default: break;
}
}
if (ssl_cmd == 'Y') {
ssl_server_env(ssl, &ssl_env);
if(!stralloc_0(&ssl_env)) drop_nomem(); /* Add another NUL */
env("SSLCTL",ssl_env.s);
for(bytesleft = ssl_env.len; bytesleft>0; bytesleft-=j)
if ( (j=write(sslctl[0], ssl_env.s, bytesleft)) < 0) {
kill(childpid, SIGTERM);
strerr_die2sys(111, FATAL, "unable to write SSL environment: ");
}
}
if (ssl_cmd == 'Y' || ssl_cmd == 'y') {
if (ssl_io(ssl,pi[1],po[0],progtimeout) != 0) {
kill(childpid, SIGTERM);
strerr_die3x(111,DROP,"unable to speak SSL: ",ssl_error_str(ssl_errno));
}
if (wait_nohang(&wstat) > 0)
_exit(wait_exitcode(wstat));
ssl_close(ssl);
}
kill(childpid, SIGTERM);
_exit(0);
}
/* Child-only below this point */
if (verbosity >= 2) {
strnum[fmt_ulong(strnum,getpid())] = 0;
strerr_warn4("sslserver: pid ",strnum," from ",remoteipsa.s,0);
}
if (socket_local(t,&localaddr,&localport) == -1)
strerr_die2sys(111,DROP,"unable to get local address: ");
if ((j = ip_fmt(&localipsa,&localaddr)))
strerr_die3x(111,DROP,"unable to print local address: ",gai_strerror(j));
remoteportstr[fmt_ulong(remoteportstr,remoteport)] = 0;
if (!localhost)
if (dns_name(&localhostsa,&localaddr) == 0)
if (localhostsa.len) {
if (!stralloc_0(&localhostsa)) drop_nomem();
localhost = localhostsa.s;
}
/* If remoteipsa.s contain ':' colon character will assume it is IPv6 */
if (byte_chr(remoteipsa.s, remoteipsa.len, ':') < remoteipsa.len)
env("PROTO","SSL6");
else
env("PROTO","SSL");
env("SSLLOCALIP",localipsa.s);
env("SSLLOCALPORT",localportstr);
env("SSLLOCALHOST",localhost);
if (flagtcpenv) {
env("TCPLOCALIP",localipsa.s);
env("TCPLOCALPORT",localportstr);
env("TCPLOCALHOST",localhost);
}
env("SSLREMOTEIP",remoteipsa.s);
env("SSLREMOTEPORT",remoteportstr);
env("SSLREMOTEHOST",remotehost);
if (flagtcpenv) {
env("TCPREMOTEIP",remoteipsa.s);
env("TCPREMOTEPORT",remoteportstr);
env("TCPREMOTEHOST",remotehost);
}
if (flagremoteinfo) {
if (remoteinfo(&tcpremoteinfo,&remoteaddr,&localaddr,timeout) == -1)
flagremoteinfo = 0;
if (!stralloc_0(&tcpremoteinfo)) drop_nomem();
}
env("SSLREMOTEINFO",flagremoteinfo ? tcpremoteinfo.s : 0);
if (flagtcpenv)
env("TCPREMOTEINFO",flagremoteinfo ? tcpremoteinfo.s : 0);
if (fnrules) {
int fdrules;
fdrules = open_read(fnrules);
if (fdrules == -1) {
if (errno != error_noent) drop_rules();
if (!flagallownorules) drop_rules();
}
else {
if (rules(found,fdrules,&remoteaddr,remotehost,flagremoteinfo ? tcpremoteinfo.s : 0) == -1)
drop_rules();
close(fdrules);
}
}
if (verbosity >= 2) {
strnum[fmt_ulong(strnum,getpid())] = 0;
if (!stralloc_copys(&tmp,"sslserver: ")) drop_nomem();
safecats(flagdeny ? "deny" : "ok");
cats(" "); safecats(strnum);
cats(" "); if (localhost) safecats(localhost);
cats(":"); safecats(localipsa.s);
cats(":"); safecats(localportstr);
cats(" "); if (remotehost) safecats(remotehost);
cats(":"); safecats(remoteipsa.s);
cats(":"); if (flagremoteinfo) safecats(tcpremoteinfo.s);
cats(":"); safecats(remoteportstr);
cats("\n");
buffer_putflush(buffer_2,tmp.s,tmp.len);
}
if (flagdeny) _exit(100);
if (gid) if (prot_gid(gid) == -1)
strerr_die2sys(111,FATAL,"unable to set gid: ");
if (uid) if (prot_uid(uid) == -1)
strerr_die2sys(111,FATAL,"unable to set uid: ");
close(pi[1]); close(po[0]); close(sslctl[0]);
sig_uncatch(sig_child);
sig_unblock(sig_child);
sig_uncatch(sig_term);
sig_uncatch(sig_pipe);
if (fcntl(sslctl[1],F_SETFD,0) == -1)
strerr_die2sys(111,FATAL,"unable to clear close-on-exec flag");
strnum[fmt_ulong(strnum,sslctl[1])]=0;
env("SSLCTLFD",strnum);
if (fcntl(pi[0],F_SETFD,0) == -1)
strerr_die2sys(111,FATAL,"unable to clear close-on-exec flag");
strnum[fmt_ulong(strnum,pi[0])]=0;
env("SSLREADFD",strnum);
if (fcntl(po[1],F_SETFD,0) == -1)
strerr_die2sys(111,FATAL,"unable to clear close-on-exec flag");
strnum[fmt_ulong(strnum,po[1])]=0;
env("SSLWRITEFD",strnum);
if (flagsslwait) {
if (fd_copy(0,t) == -1)
strerr_die2sys(111,DROP,"unable to set up descriptor 0: ");
if (fd_copy(1,t) == -1)
strerr_die2sys(111,DROP,"unable to set up descriptor 1: ");
} else {
if (fd_move(0,pi[0]) == -1)
strerr_die2sys(111,DROP,"unable to set up descriptor 0: ");
if (fd_move(1,po[1]) == -1)
strerr_die2sys(111,DROP,"unable to set up descriptor 1: ");
}
if (flagkillopts)
socket_ipoptionskill(t);
if (!flagdelay)
socket_tcpnodelay(t);
if (*banner) {
buffer_init(&b,buffer_unixwrite,1,bspace,sizeof bspace);
if (buffer_putsflush(&b,banner) == -1)
strerr_die2sys(111,DROP,"unable to print banner: ");
}
if (!flagsslwait) {
ssl_cmd = flagsslenv ? 'Y' : 'y';
if (write(sslctl[1], &ssl_cmd, 1) < 1)
strerr_die2sys(111,DROP,"unable to start SSL: ");
if (flagsslenv) {
while ((j=read(sslctl[1],envbuf,8192)) > 0) {
stralloc_catb(&ssl_env,envbuf,j);
if (ssl_env.len >= 2 && ssl_env.s[ssl_env.len-2]==0 && ssl_env.s[ssl_env.len-1]==0)
break;
}
if (j < 0)
strerr_die2sys(111,DROP,"unable to read SSL environment: ");
pathexec_multienv(&ssl_env);
}
}
pathexec(prog);
strerr_die4sys(111,DROP,"unable to run ",*prog,": ");
}
main(int argc,char **argv)
{
int fakev4=0;
unsigned long u;
int opt;
char *x;
int j;
int s;
int cloop;
dns_random_init(seed);
close(6);
close(7);
sig_ignore(sig_pipe);
while ((opt = getopt(argc,argv,"46dDvqQhHrRi:p:t:T:l:I:")) != opteof)
switch(opt) {
case '4': noipv6 = 1; break;
case '6': forcev6 = 1; break;
case 'd': flagdelay = 1; break;
case 'D': flagdelay = 0; break;
case 'v': verbosity = 2; break;
case 'q': verbosity = 0; break;
case 'Q': verbosity = 1; break;
case 'l': forcelocal = optarg; break;
case 'H': flagremotehost = 0; break;
case 'h': flagremotehost = 1; break;
case 'R': flagremoteinfo = 0; break;
case 'r': flagremoteinfo = 1; break;
case 't': scan_ulong(optarg,&itimeout); break;
case 'T': j = scan_ulong(optarg,&ctimeout[0]);
if (optarg[j] == '+') ++j;
scan_ulong(optarg + j,&ctimeout[1]);
break;
case 'i': if (!scan_ip6(optarg,iplocal)) usage(); break;
case 'I': netif=socket_getifidx(optarg); break;
case 'p': scan_ulong(optarg,&u); portlocal = u; break;
default: usage();
}
argv += optind;
if (!verbosity)
buffer_2->fd = -1;
hostname = *argv;
if (!hostname) usage();
if (!hostname[0] || str_equal(hostname,"0"))
hostname = (noipv6?"127.0.0.1":"::1");
x = *++argv;
if (!x) usage();
if (!x[scan_ulong(x,&u)])
portremote = u;
else {
struct servent *se;
se = getservbyname(x,"tcp");
if (!se)
strerr_die3x(111,FATAL,"unable to figure out port number for ",x);
portremote = ntohs(se->s_port);
/* i continue to be amazed at the stupidity of the s_port interface */
}
if (!*++argv) usage();
if (!stralloc_copys(&tmp,hostname)) nomem();
if (dns_ip6_qualify(&addresses,&fqdn,&tmp) == -1)
strerr_die4sys(111,FATAL,"temporarily unable to figure out IP address for ",hostname,": ");
if (addresses.len < 16)
strerr_die3x(111,FATAL,"no IP address for ",hostname);
if (addresses.len == 16) {
ctimeout[0] += ctimeout[1];
ctimeout[1] = 0;
}
for (cloop = 0;cloop < 2;++cloop) {
if (!stralloc_copys(&moreaddresses,"")) nomem();
for (j = 0;j + 16 <= addresses.len;j += 4) {
s = socket_tcp6();
if (s == -1)
strerr_die2sys(111,FATAL,"unable to create socket: ");
if (socket_bind6(s,iplocal,portlocal,netif) == -1)
strerr_die2sys(111,FATAL,"unable to bind socket: ");
if (timeoutconn6(s,addresses.s + j,portremote,ctimeout[cloop],netif) == 0)
goto CONNECTED;
close(s);
if (!cloop && ctimeout[1] && (errno == error_timeout)) {
if (!stralloc_catb(&moreaddresses,addresses.s + j,16)) nomem();
}
else {
strnum[fmt_ulong(strnum,portremote)] = 0;
if (ip6_isv4mapped(addresses.s+j))
ipstr[ip4_fmt(ipstr,addresses.s + j + 12)] = 0;
else
ipstr[ip6_fmt(ipstr,addresses.s + j)] = 0;
strerr_warn5(CONNECT,ipstr," port ",strnum,": ",&strerr_sys);
}
}
if (!stralloc_copy(&addresses,&moreaddresses)) nomem();
}
_exit(111);
CONNECTED:
if (!flagdelay)
socket_tcpnodelay(s); /* if it fails, bummer */
if (socket_local6(s,iplocal,&portlocal,&netif) == -1)
strerr_die2sys(111,FATAL,"unable to get local address: ");
if (!forcev6 && (ip6_isv4mapped(iplocal) || byte_equal(iplocal,16,V6any)))
fakev4=1;
if (!pathexec_env("PROTO",fakev4?"TCP":"TCP6")) nomem();
strnum[fmt_ulong(strnum,portlocal)] = 0;
if (!pathexec_env("TCPLOCALPORT",strnum)) nomem();
if (fakev4)
ipstr[ip4_fmt(ipstr,iplocal+12)] = 0;
else
ipstr[ip6_fmt(ipstr,iplocal)] = 0;
if (!pathexec_env("TCPLOCALIP",ipstr)) nomem();
x = forcelocal;
if (!x)
if (dns_name6(&tmp,iplocal) == 0) {
if (!stralloc_0(&tmp)) nomem();
x = tmp.s;
}
if (!pathexec_env("TCPLOCALHOST",x)) nomem();
if (socket_remote6(s,ipremote,&portremote,&netif) == -1)
strerr_die2sys(111,FATAL,"unable to get remote address: ");
strnum[fmt_ulong(strnum,portremote)] = 0;
if (!pathexec_env("TCPREMOTEPORT",strnum)) nomem();
if (fakev4)
ipstr[ip4_fmt(ipstr,ipremote+12)] = 0;
else
ipstr[ip6_fmt(ipstr,ipremote)] = 0;
if (!pathexec_env("TCPREMOTEIP",ipstr)) nomem();
if (verbosity >= 2)
strerr_warn4("tcpclient: connected to ",ipstr," port ",strnum,0);
x = 0;
if (flagremotehost)
if (dns_name6(&tmp,ipremote) == 0) {
if (!stralloc_0(&tmp)) nomem();
x = tmp.s;
}
if (!pathexec_env("TCPREMOTEHOST",x)) nomem();
x = 0;
if (flagremoteinfo)
if (remoteinfo6(&tmp,ipremote,portremote,iplocal,portlocal,itimeout,netif) == 0) {
if (!stralloc_0(&tmp)) nomem();
x = tmp.s;
}
if (!pathexec_env("TCPREMOTEINFO",x)) nomem();
if (fd_move(6,s) == -1)
strerr_die2sys(111,FATAL,"unable to set up descriptor 6: ");
if (fd_copy(7,6) == -1)
strerr_die2sys(111,FATAL,"unable to set up descriptor 7: ");
sig_uncatch(sig_pipe);
pathexec(argv);
strerr_die4sys(111,FATAL,"unable to run ",*argv,": ");
}
void die_cdbformat()
{
strerr_die3x(111,FATAL,"unable to read data.cdb: ","format error");
}
int main()
{
char *x;
unsigned int i, j, k;
unsigned long cachesize;
static stralloc sa = {0};
x = env_get("INTERFACE");
if (x) scan_ulong(x,&interface);
x = env_get("IP");
if (!x)
strerr_die2x(111,FATAL,"$IP not set");
if (!ip6_scan(x,myipincoming))
strerr_die3x(111,FATAL,"unable to parse IP address ",x);
#if 0
/* if if IP is a mapped-IPv4 address, disable IPv6 functionality */
/* this is actually a bad idea */
if (ip6_isv4mapped(myipincoming))
noipv6 = 1;
#endif
udp53 = socket_udp6();
if (udp53 == -1)
strerr_die2sys(111,FATAL,"unable to create UDP socket: ");
if (socket_bind6_reuse(udp53,myipincoming,53,interface) == -1)
strerr_die2sys(111,FATAL,"unable to bind UDP socket: ");
tcp53 = socket_tcp6();
if (tcp53 == -1)
strerr_die2sys(111,FATAL,"unable to create TCP socket: ");
if (socket_bind6_reuse(tcp53,myipincoming,53,interface) == -1)
strerr_die2sys(111,FATAL,"unable to bind TCP socket: ");
droproot(FATAL);
socket_tryreservein(udp53,131072);
byte_zero(seed,sizeof seed);
read(0,seed,sizeof seed);
dns_random_init(seed);
close(0);
x = env_get("IPSEND");
if (!x)
strerr_die2x(111,FATAL,"$IPSEND not set");
if (!ip6_scan(x,myipoutgoing))
strerr_die3x(111,FATAL,"unable to parse IP address ",x);
x = env_get("CACHESIZE");
if (!x)
strerr_die2x(111,FATAL,"$CACHESIZE not set");
scan_ulong(x,&cachesize);
if (!cache_init(cachesize))
strerr_die3x(111,FATAL,"not enough memory for cache of size ",x);
if (openreadclose("ignoreip",&sa,64) < 0)
strerr_die2x(111,FATAL,"trouble reading ignoreip");
for(j = k = i = 0; i < sa.len; i++)
if (sa.s[i] == '\n') {
sa.s[i] = '\0';
if (!stralloc_readyplus(&ignoreip,16))
strerr_die2x(111,FATAL,"out of memory parsing ignoreip");
if (!ip6_scan(sa.s+k,ignoreip.s+j))
strerr_die3x(111,FATAL,"unable to parse address in ignoreip ",ignoreip.s+k);
j += 16;
k = i + 1;
}
ignoreip.len = j;
if (env_get("HIDETTL"))
response_hidettl();
if (env_get("FORWARDONLY"))
query_forwardonly();
if (!roots_init())
strerr_die2sys(111,FATAL,"unable to read servers: ");
if (socket_listen(tcp53,20) == -1)
strerr_die2sys(111,FATAL,"unable to listen on TCP socket: ");
log_startup();
doit();
}
void doit(int flagw)
{
unsigned int i;
int fd;
int match;
int fdhash;
const char *err;
fd = open_read(fn.s);
if (fd == -1) die_read();
substdio_fdbuf(&ssin,read,fd,inbuf,sizeof(inbuf));
if (getln(&ssin,&addr,&match,'\0') == -1) die_read();
if (!match) { close(fd); return; }
if (!issub(workdir,0,addr.s)) { close(fd); /*XXX*/unlink(fn.s); return; }
cookie(hash,"",0,"",addr.s,"");
if (!stralloc_copys(&fnhash,workdir)) die_nomem();
if (!stralloc_cats(&fnhash,"/bounce/h/")) die_nomem();
if (!stralloc_catb(&fnhash,hash,1)) die_nomem();
if (!stralloc_cats(&fnhash,"/h")) die_nomem();
if (!stralloc_catb(&fnhash,hash+1,COOKIE-1)) die_nomem();
if (!stralloc_0(&fnhash)) die_nomem();
if (qmail_open(&qq, (stralloc *) 0) == -1)
strerr_die2sys(111,FATAL,ERR_QMAIL_QUEUE);
hdr_add2("Mailing-List: ",mailinglist.s,mailinglist.len);
if (listid.len > 0)
hdr_add2("\nList-ID: ",listid.s,listid.len);
hdr_datemsgid(now());
if (flagcd) {
if (!stralloc_0(&line)) die_nomem();
}
hdr_from("-help");
if (!quote2("ed,addr.s)) die_nomem();
hdr_add2("To: ",quoted.s,quoted.len);
/* to accomodate transfer-encoding */
hdr_mime(flagcd ? CTYPE_MULTIPART : CTYPE_TEXT);
hdr_listsubject1(flagw ? "probe from " : "warning from ");
if (flagcd) { /* first part for QP/base64 multipart msg */
hdr_boundary(0);
hdr_ctype(CTYPE_TEXT);
hdr_transferenc();
} else
qmail_puts(&qq,"\n");
copy(&qq,"text/top",flagcd);
copy(&qq,flagw ? "text/bounce-probe" : "text/bounce-warn",flagcd);
if (!flagw) {
if (flagdig)
copy(&qq,"text/dig-bounce-num",flagcd);
else
copy(&qq,"text/bounce-num",flagcd);
if (!flagcd) {
fdhash = open_read(fnhash.s);
if (fdhash == -1) {
if (errno != error_noent)
strerr_die4sys(111,FATAL,ERR_OPEN,fnhash.s,": ");
} else {
substdio_fdbuf(&sstext,read,fdhash,textbuf,sizeof(textbuf));
for(;;) {
if (getln(&sstext,&line,&match,'\n') == -1)
strerr_die4sys(111,FATAL,ERR_READ,fnhash.s,": ");
if (!match) break;
code_qput(line.s,line.len);
}
}
close(fdhash);
} else {
if (!stralloc_copys(&line,"")) die_nomem(); /* slurp adds! */
if (slurp(fnhash.s,&line,256) < 0)
strerr_die4sys(111,FATAL,ERR_OPEN,fnhash.s,": ");
code_qput(line.s,line.len);
}
}
copy(&qq,"text/bounce-bottom",flagcd);
if (flagcd) {
if (flagcd == 'B') {
encodeB("",0,&line,2);
qmail_put(&qq,line.s,line.len); /* flush */
}
hdr_boundary(0);
hdr_ctype(CTYPE_MESSAGE);
qmail_puts(&qq,"\n");
}
if (qmail_copy(&qq,&ssin,copylines) < 0) die_read();
close(fd);
if (flagcd) /* end multipart/mixed */
hdr_boundary(1);
strnum[fmt_ulong(strnum,when)] = 0;
cookie(hash,key.s,key.len,strnum,addr.s,flagw ? "P" : "W");
if (!stralloc_copy(&line,&outlocal)) die_nomem();
if (!stralloc_cats(&line,flagw ? "-return-probe-" : "-return-warn-"))
die_nomem();
if (!stralloc_cats(&line,strnum)) die_nomem();
if (!stralloc_cats(&line,".")) die_nomem();
if (!stralloc_catb(&line,hash,COOKIE)) die_nomem();
if (!stralloc_cats(&line,"-")) die_nomem();
i = str_chr(addr.s,'@');
if (!stralloc_catb(&line,addr.s,i)) die_nomem();
if (addr.s[i]) {
if (!stralloc_cats(&line,"=")) die_nomem();
if (!stralloc_cats(&line,addr.s + i + 1)) die_nomem();
}
if (!stralloc_cats(&line,"@")) die_nomem();
if (!stralloc_cat(&line,&outhost)) die_nomem();
if (!stralloc_0(&line)) die_nomem();
qmail_from(&qq,line.s);
qmail_to(&qq,addr.s);
if (*(err = qmail_close(&qq)) != '\0')
strerr_die3x(111,FATAL,ERR_TMP_QMAIL_QUEUE, err + 1);
strnum[fmt_ulong(strnum,qmail_qp(&qq))] = 0;
strerr_warn2("ezmlm-warn: info: qp ",strnum,0);
if (!flagw) {
if (unlink(fnhash.s) == -1)
if (errno != error_noent)
strerr_die4sys(111,FATAL,ERR_DELETE,fnhash.s,": ");
}
if (unlink(fn.s) == -1)
strerr_die4sys(111,FATAL,ERR_DELETE,fn.s,": ");
}
int main(int argc,char **argv)
{
char strnum[FMT_ULONG];
char *action;
char *dtline;
char *nhost;
const char *err;
unsigned int i;
int match;
int opt;
sig_pipeignore();
opt = getconfopt(argc,argv,options,1,0);
if (!(split = argv[opt]))
split = "split";
if (flagdo) {
sender = get_sender();
if (!sender) die_sender();
if (!*sender)
strerr_die2x(100,FATAL,MSG(ERR_BOUNCE));
if (!sender[str_chr(sender,'@')])
strerr_die2x(100,FATAL,MSG(ERR_ANONYMOUS));
if (str_equal(sender,"#@[]"))
strerr_die2x(100,FATAL,MSG(ERR_BOUNCE));
action = env_get("DEFAULT");
if (!action) strerr_die2x(100,FATAL,MSG(ERR_NODEFAULT));
if (!stralloc_copys(&target,sender)) die_nomem();
if (action[0]) {
i = str_chr(action,'-');
if (action[i]) {
action[i] = '\0';
if (!stralloc_copys(&target,action + i + 1)) die_nomem();
i = byte_rchr(target.s,target.len,'=');
if (i < target.len)
target.s[i] = '@';
}
}
if (!stralloc_0(&target)) die_nomem();
if (case_diffs(action,ACTION_SUBSCRIBE) &&
case_diffs(action,ALT_SUBSCRIBE) &&
case_diffs(action,ACTION_UNSUBSCRIBE) &&
case_diffs(action,ALT_UNSUBSCRIBE))
_exit(0); /* not for us */
if (findname()) {
/* new sender */
if (!stralloc_copy(&from,&outlocal)) die_nomem();
if (!stralloc_cats(&from,"-return-@")) die_nomem();
if (!stralloc_cat(&from,&outhost)) die_nomem();
if (!stralloc_0(&from)) die_nomem();
nhost = name.s + str_rchr(name.s,'@'); /* name must have '@'*/
*(nhost++) = '\0';
if (!stralloc_copys(&to,name.s)) die_nomem(); /* local */
if (!stralloc_append(&to,'-')) die_nomem(); /* - */
if (!stralloc_cats(&to,action)) die_nomem(); /* subscribe */
if (!stralloc_append(&to,'-')) die_nomem(); /* - */
if (target.s[i = str_rchr(target.s,'@')])
target.s[i] = '=';
if (!stralloc_cats(&to,target.s)) die_nomem(); /* target */
if (!stralloc_append(&to,'@')) die_nomem(); /* - */
if (!stralloc_cats(&to,nhost)) die_nomem(); /* host */
if (!stralloc_0(&to)) die_nomem();
dtline = env_get("DTLINE");
if (!dtline) strerr_die2x(100,FATAL,MSG(ERR_NODTLINE));
if (qmail_open(&qq) == -1)
strerr_die2sys(111,FATAL,MSG(ERR_QMAIL_QUEUE));
qmail_puts(&qq,dtline); /* delivered-to */
if (qmail_copy(&qq,subfdin,0) != 0)
strerr_die2sys(111,FATAL,MSG(ERR_READ_INPUT));
qmail_from(&qq,from.s);
qmail_to(&qq,to.s);
if (*(err = qmail_close(&qq)) != '\0')
strerr_die4x(111,FATAL,MSG(ERR_TMP_QMAIL_QUEUE),": ",err + 1);
strnum[fmt_ulong(strnum,qmail_qp(&qq))] = 0;
strerr_die3x(99,INFO,"qp ",strnum);
}
_exit(0);
} else {
for (;;) {
if (getln(subfdin,&line,&match,'\n') == -1)
strerr_die2sys(111,FATAL,MSG(ERR_READ_INPUT));
if (!match) break;
if (line.len == 1) continue; /* ignore blank lines */
if (line.s[0] == '#') continue; /* ignore comments */
if (!stralloc_copy(&target,&line)) die_nomem();
target.s[target.len - 1] = '\0';
(void) findname();
if (!stralloc_cats(&name,": ")) die_nomem();
if (!stralloc_cats(&name,target.s)) die_nomem();
if (!stralloc_append(&name,'\n')) die_nomem();
if (substdio_put(subfdout,name.s,name.len) == -1)
strerr_die2sys(111,FATAL,MSG(ERR_WRITE_STDOUT));
}
if (substdio_flush(subfdout) == -1)
strerr_die2sys(111,FATAL,MSG(ERR_FLUSH_STDOUT));
_exit(0);
}
(void)argc;
}
void main(int argc,char **argv)
{
char *dir;
int fdlock;
char *sender;
int match;
int flaginheader;
int flagmodpost;
int flagremote;
const char *pmod;
const char *err;
int opt;
unsigned int i;
char szchar[2] = "-";
int child;
(void) umask(022);
sig_pipeignore();
if (!stralloc_copys(&sendopt,"-")) die_nomem();
while ((opt = getopt(argc,argv,"bBcCmMpPrRsSvVyY")) != opteof)
switch(opt) {
case 'b': flagbody = 1; break;
case 'B': flagbody = 0; break;
case 'm': flagmime = 1; break;
case 'M': flagmime = 0; break;
case 'p': flagpublic = 1; break; /* anyone can post (still moderated)*/
case 'P': flagpublic = 0; break; /* only moderators can post */
case 's': flagself = 1; break; /* modpost and DIR/mod diff fxns */
case 'S': flagself = 0; break; /* same fxn */
case 'y': flagconfirm = 1; break; /* force post confirmation */
case 'Y': flagconfirm = 0; break; /* disable post confirmation */
case 'c': /* ezmlm-send flags */
case 'C':
case 'r':
case 'R':
szchar[0] = (char) opt & 0xff;
if (!stralloc_append(&sendopt,szchar)) die_nomem();
break;
case 'v':
case 'V': strerr_die2x(0,"ezmlm-store version: ",auto_version);
default:
die_usage();
}
sender = env_get("SENDER");
if (sender) {
if (!*sender || str_equal(sender,"#@[]"))
strerr_die2x(100,FATAL,ERR_BOUNCE);
}
startup(dir = argv[optind]);
load_config(dir);
if (flagconfirm == -1)
flagconfirm = getconf_line(&confirmpost,"confirmpost",0,dir);
else
getconf_line(&confirmpost,"confirmpost",0,dir);
flagmodpost = getconf_line(&moderators,"modpost",0,dir);
flagremote = getconf_line(&line,"remote",0,dir);
if (!flagmodpost && !flagconfirm) { /* not msg-mod. Pipe to ezmlm-send */
if ((child = wrap_fork()) == 0)
wrap_execbin("/ezmlm-send", &sendopt, dir);
/* parent */
wrap_exitcode(child);
}
if (!moderators.len || !(moderators.s[0] == '/')) {
if (!stralloc_copys(&moderators,dir)) die_nomem();
if (!stralloc_cats(&moderators,"/mod")) die_nomem();
}
if (!stralloc_0(&moderators)) die_nomem();
if (sender) {
pmod = issub(moderators.s,0,sender);
closesub();
/* sender = moderator? */
} else
pmod = 0;
if (!pmod && !flagpublic)
strerr_die2x(100,FATAL,ERR_NO_POST);
fdlock = lockfile("mod/lock");
if (!stralloc_copys(&mydtline, flagconfirm
? "Delivered-To: confirm to "
: "Delivered-To: moderator for ")) die_nomem();
if (!stralloc_catb(&mydtline,outlocal.s,outlocal.len)) die_nomem();
if (!stralloc_append(&mydtline,"@")) die_nomem();
if (!stralloc_catb(&mydtline,outhost.s,outhost.len)) die_nomem();
if (!stralloc_cats(&mydtline,"\n")) die_nomem();
if (!stralloc_copys(&returnpath,"Return-Path: <")) die_nomem();
if (sender) {
if (!stralloc_cats(&returnpath,sender)) die_nomem();
for (i = 14; i < returnpath.len;++i)
if (returnpath.s[i] == '\n' || !returnpath.s[i] )
returnpath.s[i] = '_';
/* NUL and '\n' are bad, but we don't quote since this is */
/* only for ezmlm-moderate, NOT for SMTP */
}
if (!stralloc_cats(&returnpath,">\n")) die_nomem();
pid = getpid(); /* unique file name */
for (i = 0;;++i) /* got lock - nobody else can add files */
{
when = now(); /* when is also used later for date! */
if (!stralloc_copys(&fnmsg, flagconfirm?"mod/unconfirmed/":"mod/pending/")) die_nomem();
if (!stralloc_copyb(&fnbase,strnum,fmt_ulong(strnum,when))) die_nomem();
if (!stralloc_append(&fnbase,".")) die_nomem();
if (!stralloc_catb(&fnbase,strnum,fmt_ulong(strnum,pid))) die_nomem();
if (!stralloc_cat(&fnmsg,&fnbase)) die_nomem();
if (!stralloc_0(&fnmsg)) die_nomem();
if (stat(fnmsg.s,&st) == -1) if (errno == error_noent) break;
/* really should never get to this point */
if (i == 2)
strerr_die2x(111,FATAL,ERR_UNIQUE);
sleep(2);
}
if (!stralloc_copys(&action,"-")) die_nomem();
if (!stralloc_cats(&action,flagconfirm?ACTION_DISCARD:ACTION_REJECT)) die_nomem();
if (!stralloc_cat(&action,&fnbase)) die_nomem();
if (!stralloc_0(&action)) die_nomem();
makeacthash(&action);
if (!quote("ed,&outlocal)) die_nomem();
if (!stralloc_copy(&reject,"ed)) die_nomem();
if (!stralloc_cat(&reject,&action)) die_nomem();
if (!stralloc_0(&reject)) die_nomem();
if (!stralloc_copys(&action,"-")) die_nomem();
if (!stralloc_cats(&action,flagconfirm?ACTION_CONFIRM:ACTION_ACCEPT)) die_nomem();
if (!stralloc_cat(&action,&fnbase)) die_nomem();
if (!stralloc_0(&action)) die_nomem();
makeacthash(&action);
if (!stralloc_copy(&accept,"ed)) die_nomem();
if (!stralloc_cat(&accept,&action)) die_nomem();
if (!stralloc_0(&accept)) die_nomem();
set_cptarget(accept.s); /* for copy () */
set_cpconfirm(reject.s,quoted.len);
fdmsg = open_trunc(fnmsg.s);
if (fdmsg == -1)
strerr_die6sys(111,FATAL,ERR_WRITE,dir,"/",fnmsg.s,": ");
substdio_fdbuf(&ssmsg,write,fdmsg,msgbuf,sizeof(msgbuf));
if (qmail_open(&qq, (stralloc *) 0) == -1) /* Open mailer */
strerr_die2sys(111,FATAL,ERR_QMAIL_QUEUE);
hdr_add2("Mailing-List: ",mailinglist.s,mailinglist.len);
if (listid.len > 0)
hdr_add2("List-ID: ",listid.s,listid.len);
hdr_datemsgid(when);
if (flagconfirm)
hdr_from("-owner");
else
hdr_add2s("From: ",reject.s);
hdr_add2s("Reply-To: ",accept.s);
if (!flagconfirm && !pmod && flagremote) { /* if remote admin add -allow- address */
qmail_puts(&qq,"Cc: "); /* for ezmlm-gate users */
strnum[fmt_ulong(strnum,(unsigned long) when)] = 0;
cookie(hash,key.s,key.len-FLD_ALLOW,strnum,sender,"t");
if (!stralloc_copy(&line,&outlocal)) die_nomem();
if (!stralloc_cats(&line,"-allow-tc.")) die_nomem();
if (!stralloc_cats(&line,strnum)) die_nomem();
if (!stralloc_append(&line,".")) die_nomem();
if (!stralloc_catb(&line,hash,COOKIE)) die_nomem();
if (!stralloc_append(&line,"-")) die_nomem();
i = str_rchr(sender,'@');
if (!stralloc_catb(&line,sender,i)) die_nomem();
if (sender[i]) {
if (!stralloc_append(&line,"=")) die_nomem();
if (!stralloc_cats(&line,sender + i + 1)) die_nomem();
}
qmail_put(&qq,line.s,line.len);
qmail_puts(&qq,"@");
qmail_put(&qq,outhost.s,outhost.len);
qmail_puts(&qq,"\n");
}
qmail_puts(&qq,"To: <");
if (flagconfirm) {
if (sender)
qmail_puts(&qq, sender);
} else {
if (!quote("ed,&outlocal))
die_nomem();
qmail_put(&qq,quoted.s,quoted.len);
qmail_puts(&qq,"-moderators@");
qmail_put(&qq,outhost.s,outhost.len);
}
qmail_puts(&qq,">\n");
/* FIXME: Drop the custom subject hack and use hdr_listsubject1 */
if (!stralloc_copys(&subject,"Subject: ")) die_nomem();
if (flagconfirm) {
if (confirmpost.len) {
if (!stralloc_cat(&subject,&confirmpost)) die_nomem();
if (!stralloc_cats(&subject," ")) die_nomem();
} else {
if (!stralloc_cats(&subject,TXT_CONFIRM_POST)) die_nomem();
}
} else {
if (!stralloc_cats(&subject,TXT_MODERATE)) die_nomem();
}
if (!quote("ed,&outlocal)) die_nomem();
if (!stralloc_cat(&subject,"ed)) die_nomem();
if (!stralloc_append(&subject,"@")) die_nomem();
if (!stralloc_cat(&subject,&outhost)) die_nomem();
if (flagmime) {
hdr_mime(CTYPE_MULTIPART);
qmail_put(&qq,subject.s,subject.len);
hdr_boundary(0);
hdr_ctype(CTYPE_TEXT);
hdr_transferenc();
} else {
qmail_put(&qq,subject.s,subject.len);
qmail_puts(&qq,"\n\n");
}
copy(&qq,flagconfirm?"text/post-confirm":"text/mod-request",flagcd);
if (flagcd == 'B') {
encodeB("",0,&line,2);
qmail_put(&qq,line.s,line.len);
}
if (substdio_put(&ssmsg,returnpath.s,returnpath.len) == -1) die_msg();
if (substdio_put(&ssmsg,mydtline.s,mydtline.len) == -1) die_msg();
substdio_fdbuf(&ssin,read,0,inbuf,sizeof(inbuf));
if (flagmime) {
hdr_boundary(0);
hdr_ctype(CTYPE_MESSAGE);
qmail_puts(&qq, "\n");
}
qmail_put(&qq,returnpath.s,returnpath.len);
qmail_put(&qq,mydtline.s,mydtline.len);
flaginheader = 1;
for (;;) {
if (getln(&ssin,&line,&match,'\n') == -1)
strerr_die2sys(111,FATAL,ERR_READ_INPUT);
if (!match) break;
if (line.len == 1) flaginheader = 0;
if (flaginheader) {
if ((line.len == mydtline.len) &&
!byte_diff(line.s,line.len,mydtline.s)) {
close(fdmsg); /* be nice - clean up */
unlink(fnmsg.s);
strerr_die2x(100,FATAL,ERR_LOOPING);
}
if (case_startb(line.s,line.len,"mailing-list:")) {
close(fdmsg); /* be nice - clean up */
unlink(fnmsg.s);
strerr_die2x(100,FATAL,ERR_MAILING_LIST);
}
}
if (flagbody || flaginheader) /* skip body if !flagbody */
qmail_put(&qq,line.s,line.len);
if (substdio_put(&ssmsg,line.s,line.len) == -1) die_msg();
}
if (flagmime)
hdr_boundary(1);
/* close archive before qmail. Loss of qmail will result in re-run, and */
/* worst case this results in a duplicate msg sitting orphaned until it's */
/* cleaned out. */
if (substdio_flush(&ssmsg) == -1) die_msg();
if (fsync(fdmsg) == -1) die_msg();
if (fchmod(fdmsg,MODE_MOD_MSG | 0700) == -1) die_msg();
if (close(fdmsg) == -1) die_msg(); /* NFS stupidity */
close(fdlock);
if (flagconfirm) {
qmail_from(&qq,reject.s); /* envelope sender */
} else {
if (!stralloc_copy(&line,&outlocal)) die_nomem();
if (!stralloc_cats(&line,"-return-@")) die_nomem();
if (!stralloc_cat(&line,&outhost)) die_nomem();
if (!stralloc_0(&line)) die_nomem();
qmail_from(&qq,line.s); /* envelope sender */
}
if (flagconfirm) /* to sender */
qmail_to(&qq,sender);
else if (pmod) /* to moderator only */
qmail_to(&qq,pmod);
else {
if (flagself) { /* to all moderators */
if (!stralloc_copys(&moderators,dir)) die_nomem();
if (!stralloc_cats(&moderators,"/mod")) die_nomem();
if (!stralloc_0(&moderators)) die_nomem();
}
putsubs(moderators.s,0,0,52,subto,1);
}
if (*(err = qmail_close(&qq)) == '\0') {
strnum[fmt_ulong(strnum,qmail_qp(&qq))] = 0;
strerr_die2x(0,"ezmlm-store: info: qp ",strnum);
} else
strerr_die3x(111,FATAL,ERR_TMP_QMAIL_QUEUE,err+1);
}
int main(int argc,char * const *argv) {
const char *hostname;
int opt;
struct servent *se;
char *x;
unsigned long u;
int s;
int t;
io_opt = ssl_io_opt_default;
io_opt.timeout = 3600;
while ((opt = getopt(argc,argv,"46dDvqQhHrR1UXx:t:T:u:g:l:b:B:c:Z:pPoO3IiEeSsaAw:nNyYuUjJ")) != opteof)
switch(opt) {
case 'b': scan_ulong(optarg,&backlog); break;
case 'c': scan_ulong(optarg,&limit); break;
case 'X': flagallownorules = 1; break;
case 'x': fnrules = optarg; break;
case 'B': banner = optarg; break;
case 'd': flagdelay = 1; break;
case 'D': flagdelay = 0; break;
case 'v': verbosity = 2; break;
case 'q': verbosity = 0; break;
case 'Q': verbosity = 1; break;
case 'P': flagparanoid = 0; break;
case 'p': flagparanoid = 1; break;
case 'O': flagkillopts = 1; break;
case 'o': flagkillopts = 0; break;
case 'H': flagremotehost = 0; break;
case 'h': flagremotehost = 1; break;
case 'R': flagremoteinfo = 0; break;
case 'r': flagremoteinfo = 1; break;
case 't': scan_ulong(optarg,&timeout); break;
case 'T': scan_ulong(optarg,&ssltimeout); break;
case 'w': scan_uint(optarg,&io_opt.timeout); break;
case 'U': x = env_get("UID"); if (x) scan_ulong(x,&uid);
x = env_get("GID"); if (x) scan_ulong(x,&gid); break;
case 'u': scan_ulong(optarg,&uid); break;
case 'g': scan_ulong(optarg,&gid); break;
case 'Z': netif=socket_getifidx(optarg); break;
case '1': flag1 = 1; break;
case '4': noipv6 = 1; break;
case '6': forcev6 = 1; break;
case 'l': localhost = optarg; break;
case '3': flag3 = 1; break;
case 'I': flagclientcert = 0; break;
case 'i': flagclientcert = 1; break;
case 'S': flagsslenv = 0; break;
case 's': flagsslenv = 1; break;
case 'E': flagtcpenv = 0; break;
case 'e': flagtcpenv = 1; break;
case 'n': case 'y': flagsslwait = 1; break;
case 'N': case 'Y': flagsslwait = 0; break;
case 'j': io_opt.just_shutdown = 1; break;
case 'J': io_opt.just_shutdown = 0; break;
default: usage();
}
argc -= optind;
argv += optind;
if (!verbosity)
buffer_2->fd = -1;
hostname = *argv++;
if (!hostname) usage();
if (str_equal(hostname,"")) hostname = "0";
x = *argv++;
if (!x) usage();
prog = argv;
if (!*argv) usage();
if (!x[scan_ulong(x,&u)])
localport = u;
else {
se = getservbyname(x,"tcp");
if (!se)
strerr_die3x(111,FATAL,"unable to figure out port number for ",x);
uint16_unpack_big((char*)&se->s_port,&localport);
}
if (x = env_get("VERIFYDEPTH")) {
scan_ulong(x,&u);
verifydepth = u;
}
if (x = env_get("CAFILE")) cafile = x;
if (cafile && str_equal(cafile,"")) cafile = 0;
if (x = env_get("CCAFILE")) ccafile = x;
if (ccafile && str_equal(ccafile,"")) ccafile = 0;
if (!flagclientcert) ccafile = 0;
if (x = env_get("CADIR")) cadir = x;
if (cadir && str_equal(cadir,"")) cadir= 0;
if (x = env_get("CERTFILE")) certfile = x;
if (certfile && str_equal(certfile,"")) certfile = 0;
if (x = env_get("KEYFILE")) keyfile = x;
if (keyfile && str_equal(keyfile,"")) keyfile = 0;
if (x = env_get("DHFILE")) dhfile = x;
if (dhfile && str_equal(dhfile,"")) dhfile = 0;
if (x = env_get("CIPHERS")) ciphers = x;
if (ciphers && str_equal(ciphers,"")) ciphers = 0;
sig_block(sig_child);
sig_catch(sig_child,sigchld);
sig_catch(sig_term,sigterm);
sig_ignore(sig_pipe);
if (str_equal(hostname,"0")) {
byte_zero(localip,sizeof localip);
} else {
if (!stralloc_copys(&tmp,hostname))
strerr_die2x(111,FATAL,"out of memory");
if (dns_ip6_qualify(&addresses,&fqdn,&tmp) == -1)
strerr_die4sys(111,FATAL,"temporarily unable to figure out IP address for ",hostname,": ");
if (addresses.len < 16)
strerr_die3x(111,FATAL,"no IP address for ",hostname);
byte_copy(localip,16,addresses.s);
if (ip6_isv4mapped(localip))
noipv6=1;
}
s = socket_tcp6();
if (s == -1)
strerr_die2sys(111,FATAL,"unable to create socket: ");
if (socket_bind6_reuse(s,localip,localport,netif) == -1)
strerr_die2sys(111,FATAL,"unable to bind: ");
if (socket_local6(s,localip,&localport,&netif) == -1)
strerr_die2sys(111,FATAL,"unable to get local address: ");
if (socket_listen(s,backlog) == -1)
strerr_die2sys(111,FATAL,"unable to listen: ");
ndelay_off(s);
localportstr[fmt_ulong(localportstr,localport)] = 0;
if (flag1) {
buffer_init(&b,buffer_unixwrite,1,bspace,sizeof bspace);
buffer_puts(&b,localportstr);
buffer_puts(&b,"\n");
buffer_flush(&b);
}
if (flag3) read_passwd();
ctx = ssl_server();
ssl_errstr();
if (!ctx) strerr_die2x(111,FATAL,"unable to create SSL context");
switch (ssl_certkey(ctx,certfile,keyfile,passwd_cb)) {
case -1: strerr_die2x(111,FATAL,"unable to load certificate");
case -2: strerr_die2x(111,FATAL,"unable to load key");
case -3: strerr_die2x(111,FATAL,"key does not match certificate");
default: break;
}
if (!ssl_ca(ctx,cafile,cadir,verifydepth))
strerr_die2x(111,FATAL,"unable to load CA list");
if (!ssl_cca(ctx,ccafile))
strerr_die2x(111,FATAL,"unable to load client CA list");
if (!ssl_params(ctx,dhfile,rsalen))
strerr_die2x(111,FATAL,"unable to set cipher parameters");
if (!ssl_ciphers(ctx,ciphers))
strerr_die2x(111,FATAL,"unable to set cipher list");
if (verbosity >= 2) {
strnum[fmt_ulong(strnum,getpid())] = 0;
strnum2[fmt_ulong(strnum2,rsalen)] = 0;
strerr_warn4("sslserver: cafile ",strnum," ",cafile,0);
strerr_warn4("sslserver: ccafile ",strnum," ",ccafile,0);
strerr_warn4("sslserver: cadir ",strnum," ",cadir,0);
strerr_warn4("sslserver: cert ",strnum," ",certfile,0);
strerr_warn4("sslserver: key ",strnum," ",keyfile,0);
strerr_warn6("sslserver: param ",strnum," ",dhfile," ",strnum2,0);
}
close(0); open_read("/dev/null");
close(1); open_append("/dev/null");
printstatus();
for (;;) {
while (numchildren >= limit) sig_pause();
sig_unblock(sig_child);
t = socket_accept6(s,remoteip,&remoteport,&netif);
sig_block(sig_child);
if (t == -1) continue;
++numchildren; printstatus();
switch(fork()) {
case 0:
close(s);
doit(t);
strerr_die4sys(111,DROP,"unable to run ",*argv,": ");
case -1:
strerr_warn2(DROP,"unable to fork: ",&strerr_sys);
--numchildren; printstatus();
}
close(t);
}
}
void temp_fork() { strerr_die3x(111,"Unable to fork: ",error_str(errno),". (#4.3.0)"); }
void doit(int t) {
int fakev4=0;
int j;
SSL *ssl;
int wstat;
uint32 scope_id;
int sslctl[2];
char *s;
unsigned long tmp_long;
char sslctl_cmd;
stralloc ssl_env = { 0 };
buffer ssl_env_buf;
if (pipe(pi) == -1) strerr_die2sys(111,DROP,"unable to create pipe: ");
if (pipe(po) == -1) strerr_die2sys(111,DROP,"unable to create pipe: ");
if (socketpair(AF_UNIX, SOCK_STREAM, 0, sslctl) == -1) strerr_die2sys(111,DROP,"unable to create socketpair: ");
switch(fork()) {
case -1:
strerr_die2sys(111,DROP,"unable to fork: ");
case 0:
/* Child */
break;
default:
/* Parent */
close(pi[0]); close(po[1]); close(sslctl[1]);
if ((s=env_get("SSL_CHROOT")))
if (chroot(s) == -1)
strerr_die2x(111,DROPSSL,"unable to chroot");
if ((s=env_get("SSL_GID"))) {
scan_ulong(s,&tmp_long);
gid = tmp_long;
}
if (gid) if (prot_gid(gid) == -1) strerr_die2sys(111,DROPSSL,"unable to set gid: ");
if ((s=env_get("SSL_UID"))) {
scan_ulong(s,&tmp_long);
uid = tmp_long;
}
if (uid) if (prot_uid(uid) == -1)
strerr_die2sys(111,DROPSSL,"unable to set uid: ");
/* This will exit on a fatal error or if the client quits
* without activating SSL
*/
sslctl_cmd = ucspitls_master_wait_for_activation(sslctl[0]);
/* If we got here, SSL must have been activated */
ssl = ssl_new(ctx,t);
if (!ssl) strerr_die2x(111,DROP,"unable to create SSL instance");
if (ndelay_on(t) == -1)
strerr_die2sys(111,DROP,"unable to set socket options: ");
if (ssl_timeoutaccept(ssl,ssltimeout) == -1)
strerr_die3x(111,DROP,"unable to accept SSL: ",ssl_error_str(ssl_errno));
if (verbosity >= 2) {
strnum[fmt_ulong(strnum,getpid())] = 0;
strerr_warn3("sslserver: ssl ",strnum," accept ",0);
}
if (flagclientcert) {
switch(ssl_verify(ssl,verifyhost)) {
case -1:
strerr_die2x(111,DROP,"unable to verify client certificate");
case -2:
strerr_die2x(111,DROP,"no client certificate");
case -3:
strerr_die2x(111,DROP,"client name does not match certificate");
default: break;
}
}
if (sslctl_cmd == 'Y') {
ssl_server_env(ssl, &ssl_env);
stralloc_0(&ssl_env); /* Add another NUL */
buffer_init(&ssl_env_buf,buffer_unixwrite,sslctl[0],NULL,0);
if (buffer_putflush(&ssl_env_buf, ssl_env.s, ssl_env.len) == -1) {
strerr_die2sys(111, FATAL, "unable to write SSL environment: ");
}
} else if (sslctl_cmd != 'y') {
strerr_die2x(111,DROP,"Protocol error on SSL control descriptor: invalid command character read");
}
if (close(sslctl[0]) != 0) {
strerr_die2sys(111, DROP, "Error closing SSL control socket: ");
}
if (ssl_io(ssl,pi[1],po[0],io_opt) != 0)
strerr_die3x(111,DROP,"unable to speak SSL: ",ssl_error_str(ssl_errno));
if (wait_nohang(&wstat) > 0)
_exit(wait_exitcode(wstat));
ssl_close(ssl);
_exit(0);
}
/* Child-only below this point */
if (close(sslctl[0]) != 0) {
strerr_die2sys(111, DROP, "Error closing SSL control socket: ");
}
if (!forcev6 && ip6_isv4mapped(remoteip))
fakev4=1;
if (fakev4)
remoteipstr[ip4_fmt(remoteipstr,remoteip+12)] = 0;
else
remoteipstr[ip6_fmt(remoteipstr,remoteip)] = 0;
if (verbosity >= 2) {
strnum[fmt_ulong(strnum,getpid())] = 0;
strerr_warn4("sslserver: pid ",strnum," from ",remoteipstr,0);
}
if (socket_local6(t,localip,&localport,&scope_id) == -1)
strerr_die2sys(111,DROP,"unable to get local address: ");
if (fakev4)
localipstr[ip4_fmt(localipstr,localip+12)] = 0;
else
localipstr[ip6_fmt(localipstr,localip)] = 0;
remoteportstr[fmt_ulong(remoteportstr,remoteport)] = 0;
if (!localhost)
if (dns_name6(&localhostsa,localip) == 0)
if (localhostsa.len) {
if (!stralloc_0(&localhostsa)) drop_nomem();
localhost = localhostsa.s;
}
env("PROTO",fakev4?"SSL":"SSL6");
env("SSLLOCALIP",localipstr);
env("SSL6LOCALIP",localipstr);
env("SSLLOCALPORT",localportstr);
env("SSL6LOCALPORT",localportstr);
env("SSLLOCALHOST",localhost);
env("SSL6LOCALHOST",localhost);
if (!fakev4 && scope_id)
env("SSL6INTERFACE",socket_getifname(scope_id));
if (flagtcpenv) {
env("TCPLOCALIP",localipstr);
env("TCP6LOCALIP",localipstr);
env("TCPLOCALPORT",localportstr);
env("TCP6LOCALPORT",localportstr);
env("TCPLOCALHOST",localhost);
env("TCP6LOCALHOST",localhost);
if (!fakev4 && scope_id)
env("TCP6INTERFACE",socket_getifname(scope_id));
}
if (flagremotehost)
if (dns_name6(&remotehostsa,remoteip) == 0)
if (remotehostsa.len) {
if (flagparanoid) {
verifyhost = remoteipstr;
if (dns_ip6(&tmp,&remotehostsa) == 0)
for (j = 0;j + 16 <= tmp.len;j += 16)
if (byte_equal(remoteip,16,tmp.s + j)) {
flagparanoid = 0;
break;
}
}
if (!flagparanoid) {
if (!stralloc_0(&remotehostsa)) drop_nomem();
remotehost = remotehostsa.s;
verifyhost = remotehostsa.s;
}
}
env("SSLREMOTEIP",remoteipstr);
env("SSL6REMOTEIP",remoteipstr);
remoteipstr[ip6_fmt(remoteipstr,remoteip)]=0;
env("SSLREMOTEPORT",remoteportstr);
env("SSL6REMOTEPORT",remoteportstr);
env("SSLREMOTEHOST",remotehost);
env("SSL6REMOTEHOST",remotehost);
if (flagtcpenv) {
env("TCPREMOTEIP",remoteipstr);
env("TCP6REMOTEIP",remoteipstr);
env("TCPREMOTEPORT",remoteportstr);
env("TCP6REMOTEPORT",remoteportstr);
env("TCPREMOTEHOST",remotehost);
env("TCP6REMOTEHOST",remotehost);
}
if (flagremoteinfo) {
if (remoteinfo6(&tcpremoteinfo,remoteip,remoteport,localip,localport,timeout,netif) == -1)
flagremoteinfo = 0;
if (!stralloc_0(&tcpremoteinfo)) drop_nomem();
}
env("SSLREMOTEINFO",flagremoteinfo ? tcpremoteinfo.s : 0);
env("SSL6REMOTEINFO",flagremoteinfo ? tcpremoteinfo.s : 0);
if (flagtcpenv) {
env("TCPREMOTEINFO",flagremoteinfo ? tcpremoteinfo.s : 0);
env("TCP6REMOTEINFO",flagremoteinfo ? tcpremoteinfo.s : 0);
}
if (fnrules) {
int fdrules;
fdrules = open_read(fnrules);
if (fdrules == -1) {
if (errno != error_noent) drop_rules();
if (!flagallownorules) drop_rules();
}
else {
int fakev4=0;
char* temp;
if (!forcev6 && ip6_isv4mapped(remoteip))
fakev4=1;
if (fakev4)
temp=remoteipstr+7;
else
temp=remoteipstr;
if (rules(found,fdrules,temp,remotehost,flagremoteinfo ? tcpremoteinfo.s : 0) == -1) drop_rules();
close(fdrules);
}
}
if (verbosity >= 2) {
strnum[fmt_ulong(strnum,getpid())] = 0;
if (!stralloc_copys(&tmp,"sslserver: ")) drop_nomem();
safecats(flagdeny ? "deny" : "ok");
cats(" "); safecats(strnum);
cats(" "); if (localhost) safecats(localhost);
cats(":"); safecats(localipstr);
cats(":"); safecats(localportstr);
cats(" "); if (remotehost) safecats(remotehost);
cats(":"); safecats(remoteipstr);
cats(":"); if (flagremoteinfo) safecats(tcpremoteinfo.s);
cats(":"); safecats(remoteportstr);
cats("\n");
buffer_putflush(buffer_2,tmp.s,tmp.len);
}
if (flagdeny) _exit(100);
if (gid) if (prot_gid(gid) == -1)
strerr_die2sys(111,FATAL,"unable to set gid: ");
if (uid) if (prot_uid(uid) == -1)
strerr_die2sys(111,FATAL,"unable to set uid: ");
close(pi[1]); close(po[0]);
sig_uncatch(sig_child);
sig_unblock(sig_child);
sig_uncatch(sig_term);
sig_uncatch(sig_pipe);
if (fcntl(sslctl[1],F_SETFD,0) == -1)
strerr_die2sys(111,FATAL,"unable to clear close-on-exec flag");
strnum[fmt_ulong(strnum,sslctl[1])]=0;
setenv("SSLCTLFD",strnum,1);
if (fcntl(pi[0],F_SETFD,0) == -1)
strerr_die2sys(111,FATAL,"unable to clear close-on-exec flag");
strnum[fmt_ulong(strnum,pi[0])]=0;
setenv("SSLREADFD",strnum,1);
if (fcntl(po[1],F_SETFD,0) == -1)
strerr_die2sys(111,FATAL,"unable to clear close-on-exec flag");
strnum[fmt_ulong(strnum,po[1])]=0;
setenv("SSLWRITEFD",strnum,1);
if (flagsslwait) {
if (fd_copy(0,t) == -1)
strerr_die2sys(111,DROP,"unable to set up descriptor 0: ");
if (fd_copy(1,t) == -1)
strerr_die2sys(111,DROP,"unable to set up descriptor 1: ");
} else {
if (fd_move(0,pi[0]) == -1)
strerr_die2sys(111,DROP,"unable to set up descriptor 0: ");
if (fd_move(1,po[1]) == -1)
strerr_die2sys(111,DROP,"unable to set up descriptor 1: ");
}
if (flagkillopts)
socket_ipoptionskill(t);
if (!flagdelay)
socket_tcpnodelay(t);
if (*banner) {
buffer_init(&b,buffer_unixwrite,1,bspace,sizeof bspace);
if (buffer_putsflush(&b,banner) == -1)
strerr_die2sys(111,DROP,"unable to print banner: ");
}
if (!flagsslwait) {
strnum[fmt_ulong(strnum,flagsslenv)] = 0;
strerr_warn2("flagsslenv: ", strnum, 0);
ucspitls(flagsslenv,0,1);
}
pathexec(prog);
strerr_die4sys(111,DROP,"unable to run ",*prog,": ");
}
void main(int argc,char **argv)
{
char *dir;
char *action;
char *dtline;
char *nhost;
const char *err;
unsigned int i;
int match;
int opt;
sig_pipeignore();
while ((opt = getopt(argc,argv,"dDvV")) != opteof) {
switch (opt) {
case 'd': flagdo = 1; break;
case 'D': flagdo = 0; break;
case 'v':
case 'V':
strerr_die2x(0, "ezmlm-split version: ",auto_version);
default:
die_usage();
}
}
startup(dir = argv[optind++]);
load_config(dir);
if (!(split = argv[optind]))
split = "split";
if (flagdo) {
sender = env_get("SENDER");
if (!sender) strerr_die2x(100,FATAL,ERR_NOSENDER);
if (!*sender)
strerr_die2x(100,FATAL,ERR_BOUNCE);
if (!sender[str_chr(sender,'@')])
strerr_die2x(100,FATAL,ERR_ANONYMOUS);
if (str_equal(sender,"#@[]"))
strerr_die2x(100,FATAL,ERR_BOUNCE);
action = env_get("DEFAULT");
if (!action) strerr_die2x(100,FATAL,ERR_NODEFAULT);
if (!stralloc_copys(&target,sender)) die_nomem();
if (action[0]) {
i = str_chr(action,'-');
if (action[i]) {
action[i] = '\0';
if (!stralloc_copys(&target,action + i + 1)) die_nomem();
i = byte_rchr(target.s,target.len,'=');
if (i < target.len)
target.s[i] = '@';
}
}
if (!stralloc_0(&target)) die_nomem();
if (case_diffs(action,ACTION_SUBSCRIBE) &&
case_diffs(action,ALT_SUBSCRIBE) &&
case_diffs(action,ACTION_UNSUBSCRIBE) &&
case_diffs(action,ALT_UNSUBSCRIBE))
_exit(0); /* not for us */
if (findname()) {
/* new sender */
if (!stralloc_copy(&from,&outlocal)) die_nomem();
if (!stralloc_cats(&from,"-return-@")) die_nomem();
if (!stralloc_cat(&from,&outhost)) die_nomem();
if (!stralloc_0(&from)) die_nomem();
nhost = name.s + str_rchr(name.s,'@'); /* name must have '@'*/
*(nhost++) = '\0';
if (!stralloc_copys(&to,name.s)) die_nomem(); /* local */
if (!stralloc_append(&to,"-")) die_nomem(); /* - */
if (!stralloc_cats(&to,action)) die_nomem(); /* subscribe */
if (!stralloc_append(&to,"-")) die_nomem(); /* - */
if (target.s[i = str_rchr(target.s,'@')])
target.s[i] = '=';
if (!stralloc_cats(&to,target.s)) die_nomem(); /* target */
if (!stralloc_append(&to,"@")) die_nomem(); /* - */
if (!stralloc_cats(&to,nhost)) die_nomem(); /* host */
if (!stralloc_0(&to)) die_nomem();
dtline = env_get("DTLINE");
if (!dtline) strerr_die2x(100,FATAL,ERR_NODTLINE);
if (qmail_open(&qq,(stralloc *) 0) == -1)
strerr_die2sys(111,FATAL,ERR_QMAIL_QUEUE);
qmail_puts(&qq,dtline); /* delivered-to */
if (qmail_copy(&qq,subfdin,0) != 0)
strerr_die2sys(111,FATAL,ERR_READ_INPUT);
qmail_from(&qq,from.s);
qmail_to(&qq,to.s);
if (*(err = qmail_close(&qq)) != '\0')
strerr_die3x(111,FATAL,ERR_TMP_QMAIL_QUEUE,err + 1);
strnum[fmt_ulong(strnum,qmail_qp(&qq))] = 0;
strerr_die3x(99,INFO,"qp ",strnum);
}
_exit(0);
} else {
for (;;) {
if (getln(subfdin,&line,&match,'\n') == -1)
strerr_die2sys(111,FATAL,ERR_READ_INPUT);
if (!match) break;
if (line.len == 1) continue; /* ignore blank lines */
if (line.s[0] == '#') continue; /* ignore comments */
if (!stralloc_copy(&target,&line)) die_nomem();
target.s[target.len - 1] = '\0';
(void) findname();
if (!stralloc_cats(&name,": ")) die_nomem();
if (!stralloc_cats(&name,target.s)) die_nomem();
if (!stralloc_append(&name,"\n")) die_nomem();
if (substdio_put(subfdout,name.s,name.len) == -1)
strerr_die2sys(111,ERR_WRITE,"output: ");
}
if (substdio_flush(subfdout) == -1)
strerr_die2sys(111,ERR_FLUSH,"output: ");
_exit(0);
}
(void)argc;
}
int main(int argc,char **argv)
{
char *action;
const char *err;
unsigned int i;
int act = AC_NONE; /* desired action */
unsigned int actlen = 0;/* str_len of above */
(void) umask(022);
sig_pipeignore();
when = now();
getconfopt(argc,argv,options,1,&dir);
initsub(0);
sender = get_sender();
if (!sender) die_sender();
action = env_get("DEFAULT");
if (!action) strerr_die2x(100,FATAL,MSG(ERR_NODEFAULT));
if (!*sender)
strerr_die2x(100,FATAL,MSG(ERR_BOUNCE));
if (!sender[str_chr(sender,'@')])
strerr_die2x(100,FATAL,MSG(ERR_ANONYMOUS));
if (str_equal(sender,"#@[]"))
strerr_die2x(100,FATAL,MSG(ERR_BOUNCE));
action = set_workdir(action);
stralloc_copys(&target,sender);
if (action[0]) {
i = str_chr(action,'-');
if (action[i]) {
action[i] = 0;
stralloc_copys(&target,action + i + 1);
i = byte_rchr(target.s,target.len,'=');
if (i < target.len)
target.s[i] = '@';
}
}
stralloc_0(&target);
set_cptarget(target.s); /* for copy() */
make_verptarget();
act = get_act_ismod(action,&actlen);
stralloc_copy(&from,&outlocal);
stralloc_cats(&from,"-return-@");
stralloc_cat(&from,&outhost);
stralloc_0(&from);
if (qmail_open(&qq) == -1)
strerr_die2sys(111,FATAL,MSG(ERR_QMAIL_QUEUE));
msg_headers(act);
if (act == AC_SUBSCRIBE)
do_subscribe(action);
else if (act == AC_SC)
do_sc(action);
else if (str_start(action,ACTION_RC))
do_rc_tc(action,ACTION_RC);
else if(str_start(action,ACTION_TC))
do_rc_tc(action,ACTION_TC);
else if (act == AC_UNSUBSCRIBE)
do_unsubscribe(action);
else if (str_start(action,ACTION_UC))
do_uc(action);
else if (str_start(action,ACTION_VC))
do_vc_wc(action,ACTION_VC);
else if (str_start(action,ACTION_WC))
do_vc_wc(action,ACTION_WC);
else if (act == AC_LIST || act == AC_LISTN)
do_list(act);
else if (act == AC_LOG)
do_log(action,actlen);
else if (act == AC_EDIT)
do_edit(action);
else if (str_start(action,ACTION_ED))
do_ed(action);
else if (act == AC_GET)
do_get(action);
else if (case_starts(action,ACTION_QUERY) ||
case_starts(action,ALT_QUERY))
do_query();
else if (case_starts(action,ACTION_INFO) ||
case_starts(action,ALT_INFO))
do_info();
else if (case_starts(action,ACTION_FAQ) ||
case_starts(action,ALT_FAQ))
do_faq();
else if (ismod && (act == AC_HELP))
do_mod_help();
else
do_help();
err = qmail_close(&qq);
closesub();
if (*err != '\0')
strerr_die4x(111,FATAL,MSG(ERR_TMP_QMAIL_QUEUE),": ",err + 1);
strnum[fmt_ulong(strnum,qmail_qp(&qq))] = 0;
strerr_die3x(0,INFO,"qp ",strnum);
}
void main(int argc,char **argv)
{
char *sender;
char *def;
char *local;
char *action;
int flaginheader;
int flagcomment;
int flaggoodfield;
int flagdone;
int fd, fdlock;
int match;
const char *err;
char encin = '\0';
unsigned int start,confnum;
unsigned int pos,i;
int child;
int opt;
char *cp,*cpnext,*cpfirst,*cplast,*cpafter;
(void) umask(022);
sig_pipeignore();
when = now();
if (!stralloc_copys(&sendopt,"-")) die_nomem();
opt = getconfopt(argc,argv,options,1,&dir);
sender = get_sender();
if (!sender) strerr_die2x(100,FATAL,MSG(ERR_NOSENDER));
local = env_get("LOCAL");
if (!local) strerr_die2x(100,FATAL,MSG(ERR_NOLOCAL));
def = env_get("DEFAULT");
if (!def) strerr_die2x(100,FATAL,MSG(ERR_NODEFAULT));
if (!*sender)
strerr_die2x(100,FATAL,MSG(ERR_BOUNCE));
if (!sender[str_chr(sender,'@')])
strerr_die2x(100,FATAL,MSG(ERR_ANONYMOUS));
if (str_equal(sender,"#@[]"))
strerr_die2x(100,FATAL,MSG(ERR_BOUNCE));
/* local should be >= def, but who knows ... */
cp = local + str_len(local) - str_len(def) - 2;
if (cp < local) die_badformat();
action = local + byte_rchr(local,cp - local,'-');
if (action == cp) die_badformat();
action++;
if (!action[0]) die_badformat();
if (!str_start(action,ACTION_ACCEPT) && !str_start(action,ACTION_REJECT))
die_badformat();
start = str_chr(action,'-');
if (!action[start]) die_badformat();
confnum = 1 + start + str_chr(action + start + 1,'.');
if (!action[confnum]) die_badformat();
confnum += 1 + str_chr(action + confnum + 1,'.');
if (!action[confnum]) die_badformat();
if (!stralloc_copyb(&fnbase,action+start+1,confnum-start-1)) die_nomem();
if (!stralloc_0(&fnbase)) die_nomem();
cookie(hash,key.s,key.len,fnbase.s,"","a");
if (byte_diff(hash,COOKIE,action+confnum+1))
die_badformat();
fdlock = lockfile("mod/lock");
switch(checkfile(fnbase.s)) {
case 0:
strerr_die2x(100,FATAL,MSG(ERR_MOD_TIMEOUT));
case -1: /* only error if new request != action taken */
if (str_start(action,ACTION_ACCEPT))
strerr_die2x(0,INFO,MSG(ERR_MOD_ACCEPTED));
else
strerr_die2x(100,FATAL,MSG(ERR_MOD_ACCEPTED));
case -2:
if (str_start(action,ACTION_REJECT))
strerr_die2x(0,INFO,MSG(ERR_MOD_REJECTED));
else
strerr_die2x(100,FATAL,MSG(ERR_MOD_REJECTED));
default:
break;
}
/* Here, we have an existing filename in fnbase with the complete path */
/* from the current dir in fnmsg. */
if (str_start(action,ACTION_REJECT)) {
if (qmail_open(&qq, (stralloc *) 0) == -1)
strerr_die2sys(111,FATAL,MSG(ERR_QMAIL_QUEUE));
/* Build recipient from msg return-path */
fd = open_read(fnmsg.s);
if (fd == -1) {
if (errno != error_noent)
strerr_die2sys(111,FATAL,MSG1(ERR_OPEN,fnmsg.s));
else
strerr_die2x(100,FATAL,MSG(ERR_MOD_TIMEOUT));
}
substdio_fdbuf(&sstext,read,fd,textbuf,sizeof(textbuf));
if (getln(&sstext,&line,&match,'\n') == -1 || !match)
strerr_die2sys(111,FATAL,MSG(ERR_READ_INPUT));
maketo(); /* extract SENDER from return-path */
/* Build message */
hdr_add2s("Mailing-List: ",MSG(TXT_MAILING_LIST));
if (listid.len > 0)
hdr_add2("List-ID: ",listid.s,listid.len);
hdr_datemsgid(when);
hdr_from("-owner");
if (replyto)
hdr_add2s("Reply-To: ",replyto);
hdr_add2s("To: ",to.s);
hdr_subject(MSG(SUB_RETURNED_POST));
if (flagmime) {
hdr_mime(CTYPE_MULTIPART);
hdr_boundary(0);
hdr_ctype(CTYPE_TEXT);
hdr_transferenc();
}
copy(&qq,"text/top",flagcd);
copy(&qq,"text/mod-reject",flagcd);
flagcomment = 0;
flaginheader = 1;
if (!stralloc_copys(&text,"")) die_nomem();
if (!stralloc_ready(&text,1024)) die_nomem();
for (;;) { /* copy moderator's rejection comment */
if (getln(subfdin,&line,&match,'\n') == -1)
strerr_die2sys(111,FATAL,MSG(ERR_READ_INPUT));
if (!match) break;
if (flaginheader) {
if (case_startb(line.s,line.len,"Content-Transfer-Encoding:")) {
pos = 26;
while (line.s[pos] == ' ' || line.s[pos] == '\t') ++pos;
if (case_startb(line.s+pos,line.len-pos,"base64"))
encin = 'B';
else if (case_startb(line.s+pos,line.len-pos,"quoted-printable"))
encin = 'Q';
}
if (line.len == 1)
flaginheader = 0;
} else
if (!stralloc_cat(&text,&line)) die_nomem();
} /* got body */
if (encin) {
if (encin == 'B')
decodeB(text.s,text.len,&line);
else
decodeQ(text.s,text.len,&line);
if (!stralloc_copy(&text,&line)) die_nomem();
}
cp = text.s;
cpafter = text.s + text.len;
if (!stralloc_copys(&line,"\n>>>>> -------------------- >>>>>\n"))
die_nomem();
flaggoodfield = 0;
flagdone = 0;
while ((cpnext = cp + byte_chr(cp,cpafter-cp,'\n')) != cpafter) {
i = byte_chr(cp,cpnext-cp,'%');
if (i <= 5 && cpnext-cp-i >= 3) {
/* max 5 "quote characters" and space for %%% */
if (cp[i+1] == '%' && cp[i+2] == '%') {
if (!flaggoodfield) { /* Start tag */
if (!stralloc_copyb("ed,cp,i)) die_nomem(); /* quote chars*/
flaggoodfield = 1;
cp = cpnext + 1;
cpfirst = cp;
continue;
} else { /* end tag */
if (flagdone) /* 0 no comment lines, 1 comment line */
flagdone = 2; /* 2 at least 1 comment line & end tag */
break;
}
}
}
if (flaggoodfield) {
cplast = cpnext - 1;
if (*cplast == '\r') /* CRLF -> '\n' for base64 encoding */
*cplast = '\n';
else
++cplast;
/* NUL is now ok, so the test for it was removed */
flagdone = 1;
i = cplast - cp + 1;
if (quoted.len && quoted.len <= i &&
!str_diffn(cp,quoted.s,quoted.len)) { /* quote chars */
if (!stralloc_catb(&line,cp+quoted.len,i-quoted.len)) die_nomem();
} else
if (!stralloc_catb(&line,cp,i)) die_nomem(); /* no quote chars */
}
cp = cpnext + 1;
}
if (flagdone == 2) {
if (!stralloc_cats(&line,"<<<<< -------------------- <<<<<\n")) die_nomem();
code_qput(line.s,line.len);
}
if (flagcd == 'B') {
encodeB("",0,&line,2);
qmail_put(&qq,line.s,line.len);
}
if (flagmime) {
hdr_boundary(0);
hdr_ctype(CTYPE_MESSAGE);
}
qmail_puts(&qq,"\n");
if (seek_begin(fd) == -1)
strerr_die2sys(111,FATAL,MSG1(ERR_SEEK,fnmsg.s));
substdio_fdbuf(&sstext,read,fd,textbuf,sizeof(textbuf));
if (qmail_copy(&qq,&sstext,-1) != 0)
strerr_die2sys(111,FATAL,MSG1(ERR_READ,fnmsg.s));
close(fd);
if (flagmime)
hdr_boundary(1);
if (!stralloc_copy(&line,&outlocal)) die_nomem();
if (!stralloc_cats(&line,"-return-@")) die_nomem();
if (!stralloc_cat(&line,&outhost)) die_nomem();
if (!stralloc_0(&line)) die_nomem();
qmail_from(&qq,line.s);
if (to.len)
qmail_to(&qq,to.s);
if (!stralloc_copys(&fnnew,"mod/rejected/")) die_nomem();
if (!stralloc_cats(&fnnew,fnbase.s)) die_nomem();
if (!stralloc_0(&fnnew)) die_nomem();
/* this is strictly to track what happended to a message to give informative */
/* messages to the 2nd-nth moderator that acts on the same message. Since */
/* this isn't vital we ignore errors. Also, it is no big ideal if unlinking */
/* the old file fails. In the worst case it gets acted on again. If we issue */
/* a temp error the reject will be redone, which is slightly worse. */
if (*(err = qmail_close(&qq)) == '\0') {
fd = open_trunc(fnnew.s);
if (fd != -1)
close(fd);
unlink(fnmsg.s);
strnum[fmt_ulong(strnum,qmail_qp(&qq))] = 0;
strerr_die2x(0,"ezmlm-moderate: info: qp ",strnum);
} else
strerr_die4x(111,FATAL,MSG(ERR_TMP_QMAIL_QUEUE),": ",err + 1);
} else if (str_start(action,ACTION_ACCEPT)) {
fd = open_read(fnmsg.s);
if (fd == -1) {
if (errno !=error_noent)
strerr_die2sys(111,FATAL,MSG1(ERR_OPEN,fnmsg.s));
else /* shouldn't happen since we've got lock */
strerr_die3x(100,FATAL,fnmsg.s,MSG(ERR_MOD_TIMEOUT));
}
substdio_fdbuf(&sstext,read,fd,textbuf,sizeof(textbuf));
/* read "Return-Path:" line */
if (getln(&sstext,&line,&match,'\n') == -1 || !match)
strerr_die2sys(111,FATAL,MSG(ERR_READ_INPUT));
maketo(); /* extract SENDER to "to" */
env_put2("SENDER",to.s); /* set SENDER */
if (seek_begin(fd) == -1) /* rewind, since we read an entire buffer */
strerr_die2sys(111,FATAL,MSG1(ERR_SEEK,fnmsg.s));
if ((child = wrap_fork()) == 0) {
close(0);
dup(fd); /* make fnmsg.s stdin */
if (argc > opt + 1)
wrap_execvp((const char **)argv + opt);
else if (argc > opt)
wrap_execsh(argv[opt]);
else
wrap_execbin("/ezmlm-send", &sendopt, dir);
}
/* parent */
close(fd);
wrap_exitcode(child);
if (!stralloc_copys(&fnnew,"mod/accepted/")) die_nomem();
if (!stralloc_cats(&fnnew,fnbase.s)) die_nomem();
if (!stralloc_0(&fnnew)) die_nomem();
/* ignore errors */
fd = open_trunc(fnnew.s);
if (fd != -1)
close(fd);
unlink(fnmsg.s);
_exit(0);
}
}
int main(int argc, char **argv) {
int opt;
char *user =0;
char *host;
unsigned long port;
int pid;
int s;
int conn;
int delim;
progname =*argv;
phccmax =0;
#ifdef SSLSVD
while ((opt =getopt(argc, (const char **)argv,
"c:C:i:x:u:l:Eb:hpt:vVU:/:Z:K:")) != opteof) {
#else
while ((opt =getopt(argc, (const char **)argv,
"c:C:i:x:u:l:Eb:hpt:vV")) != opteof) {
#endif
switch(opt) {
case 'c': scan_ulong(optarg, &cmax); if (cmax < 1) usage(); break;
case 'C':
delim =scan_ulong(optarg, &phccmax);
if (phccmax < 1) usage();
if (optarg[delim] == ':') {
if (ipsvd_fmt_msg(&msg, optarg +delim +1) == -1) die_nomem();
if (! stralloc_0(&msg)) die_nomem();
phccmsg =msg.s;
}
break;
case 'i': if (instructs) usage(); instructs =optarg; break;
case 'x': if (instructs) usage(); instructs =optarg; iscdb =1; break;
case 'u': user =(char*)optarg; break;
case 'l':
if (! stralloc_copys(&local_hostname, optarg)) die_nomem();
if (! stralloc_0(&local_hostname)) die_nomem();
break;
case 'E': ucspi =0; break;
case 'b': scan_ulong(optarg, &backlog); break;
case 'h': lookuphost =1; break;
case 'p': lookuphost =1; paranoid =1; break;
case 't': scan_ulong(optarg, &timeout); break;
case 'v': ++verbose; break;
#ifdef SSLSVD
case 'U': ssluser =(char*)optarg; break;
case '/': root =(char*)optarg; break;
case 'Z': cert =(char*)optarg; break;
case 'K': key =(char*)optarg; break;
#endif
case 'V': strerr_warn1(VERSION, 0);
case '?': usage();
}
}
argv +=optind;
if (! argv || ! *argv) usage();
host =*argv++;
if (! argv || ! *argv) usage();
local_port =*argv++;
if (! argv || ! *argv) usage();
prog =(const char **)argv;
if (phccmax > cmax) phccmax =cmax;
if (user)
if (! uidgids_get(&ugid, user)) {
if (errno)
strerr_die4sys(111, FATAL, "unable to get user/group: ", user, ": ");
strerr_die3x(100, FATAL, "unknown user/group: ", user);
}
#ifdef SSLSVD
svuser =user;
client =0;
if ((getuid() == 0) && (! ssluser))
strerr_die2x(100, FATAL, "-U ssluser must be set when running as root");
if (ssluser)
if (! uidgids_get(&sslugid, ssluser)) {
if (errno)
strerr_die4sys(111, FATAL, "unable to get user/group: ", ssluser, ": ");
strerr_die3x(100, FATAL, "unknown user/group: ", ssluser);
}
if (! cert) cert ="./cert.pem";
if (! key) key =cert;
if (matrixSslOpen() < 0) fatal("unable to initialize ssl");
if (matrixSslReadKeys(&keys, cert, key, 0, ca) < 0) {
if (client) fatal("unable to read cert, key, or ca file");
fatal("unable to read cert or key file");
}
if (matrixSslNewSession(&ssl, keys, 0, SSL_FLAGS_SERVER) < 0)
strerr_die2x(111, FATAL, "unable to create ssl session");
#endif
dns_random_init(seed);
sig_block(sig_child);
sig_catch(sig_child, sig_child_handler);
sig_catch(sig_term, sig_term_handler);
sig_ignore(sig_pipe);
if (phccmax) if (ipsvd_phcc_init(cmax) == -1) die_nomem();
if (str_equal(host, "")) host ="0.0.0.0";
if (str_equal(host, "0")) host ="0.0.0.0";
if (! ipsvd_scan_port(local_port, "tcp", &port))
strerr_die3x(100, FATAL, "unknown port number or name: ", local_port);
if (! stralloc_copys(&sa, host)) die_nomem();
if ((dns_ip4(&ips, &sa) == -1) || (ips.len < 4))
if (dns_ip4_qualify(&ips, &fqdn, &sa) == -1)
fatal2("unable to look up ip address", host);
if (ips.len < 4)
strerr_die3x(100, FATAL, "unable to look up ip address: ", host);
ips.len =4;
if (! stralloc_0(&ips)) die_nomem();
local_ip[ipsvd_fmt_ip(local_ip, ips.s)] =0;
if (! lookuphost) {
if (! stralloc_copys(&remote_hostname, "")) die_nomem();
if (! stralloc_0(&remote_hostname)) die_nomem();
}
if ((s =socket_tcp()) == -1) fatal("unable to create socket");
if (socket_bind4_reuse(s, ips.s, port) == -1)
fatal("unable to bind socket");
if (listen(s, backlog) == -1) fatal("unable to listen");
ndelay_off(s);
#ifdef SSLSVD
#else
if (user) {
/* drop permissions */
if (setgroups(ugid.gids, ugid.gid) == -1) fatal("unable to set groups");
if (setgid(*ugid.gid) == -1) fatal("unable to set gid");
if (prot_uid(ugid.uid) == -1) fatal("unable to set uid");
}
#endif
close(0);
if (verbose) {
out(INFO); out("listening on "); outfix(local_ip); out(":");
outfix(local_port);
#ifdef SSLSVD
#else
if (user) {
bufnum[fmt_ulong(bufnum, (unsigned long)ugid.uid)] =0;
out(", uid "); out(bufnum);
bufnum[fmt_ulong(bufnum, (unsigned long)ugid.gid)] =0;
out(", gid "); out(bufnum);
}
#endif
flush(", starting.\n");
}
for (;;) {
while (cnum >= cmax) sig_pause();
socka_size =sizeof(socka);
sig_unblock(sig_child);
conn =accept(s, (struct sockaddr *)&socka, &socka_size);
sig_block(sig_child);
if (conn == -1) {
if (errno != error_intr) warn("unable to accept connection");
continue;
}
cnum++;
if (verbose) connection_status();
if (phccmax) phcc =ipsvd_phcc_add((char*)&socka.sin_addr);
if ((pid =fork()) == -1) {
warn2("drop connection", "unable to fork");
close(conn);
continue;
}
if (pid == 0) {
/* child */
close(s);
#ifdef SSLSVD
if (*progname) *progname ='\\';
#endif
connection_accept(conn);
}
if (phccmax) ipsvd_phcc_setpid(pid);
close(conn);
}
_exit(0);
}
uint32 get_connection_info6(char *lip, uint16 lport, char *rip, uint16 rport)
{
int match = 1;
int fd = 0;
uint32 uid = 0xffffffff; // that's our default for "not found"
uint32 kernlport, kernrport;
char kernlip[4];
char kernrip[4];
char bspace[1024];
buffer b;
stralloc line = {0};
int i;
fd = open_read(NETINFOFILE6);
if (fd == -1)
/* If opening failed quit */
strerr_die3sys(111, FATAL, NETINFOFILE6, ": ");
buffer_init(&b, read, fd, bspace, sizeof bspace);
while (match)
{
if (getln(&b, &line, &match, '\n') == -1)
strerr_die2sys(111, FATAL, "unable to read line: ");
/* example line:
sl local_address remote_address st tx_queue rx_queue tr tm->when retrnsmt uid timeout inode
0: 000BFE3FFF1F180C0000000005020000:004F 00000000000000000000000000000000:0000 0A 00000000:00000000 00:00000000 00000000 1000 0 10078742
1: 00000000000000000000000000000000:04D2 00000000000000000000000000000000:0000 0A 00000000:00000000 00:00000000 00000000 0 0 9215187
5 7 40 45 78 129
*/
if((line.s[4] == ':')
&& (line.len > 130))
{
if((line.s[38] != ':')
|| (line.s[43] != ' ')
|| (line.s[76] != ':')
|| (line.s[81] != ' '))
strerr_die3x(111, FATAL, "can't parse file ", NETINFOFILE6);
scan_xlong(&line.s[39], &kernlport);
scan_xlong(&line.s[77], &kernrport);
for(i = 0; i < 16; i++)
{
/* check this on big endian machines */
kernlip[15-i] = (unsigned char) ((fromhex(line.s[(i*2)+6]) << 4) | fromhex(line.s[(i*2)+7]));
kernrip[15-i] = (unsigned char) ((fromhex(line.s[(i*2)+44]) << 4) | fromhex(line.s[(i*2)+45]));
}
if((kernrport == rport)
&& (kernlport == lport)
&& byte_equal(kernrip, 16, rip)
&& byte_equal(kernlip, 16, lip))
{
scan_ulong(&line.s[124], &uid);
break;
}
}
}
close(fd);
return uid;
}
