const char *str_long_name_mask_opt(VSTRING *buf, const char *context, const LONG_NAME_MASK * table, long mask, int flags) { const char *myname = "name_mask"; int len; static VSTRING *my_buf = 0; int delim = (flags & NAME_MASK_COMMA ? ',' : (flags & NAME_MASK_PIPE ? '|' : ' ')); const LONG_NAME_MASK *np; if ((flags & STR_NAME_MASK_REQUIRED) == 0) msg_panic("%s: missing NAME_MASK_NUMBER/FATAL/RETURN/WARN/IGNORE flag", myname); if (buf == 0) { if (my_buf == 0) my_buf = vstring_alloc(1); buf = my_buf; } VSTRING_RESET(buf); for (np = table; mask != 0; np++) { if (np->name == 0) { if (flags & NAME_MASK_NUMBER) { vstring_sprintf_append(buf, "0x%lx%c", mask, delim); } else if (flags & NAME_MASK_FATAL) { msg_fatal("%s: unknown %s bit in mask: 0x%lx", myname, context, mask); } else if (flags & NAME_MASK_RETURN) { msg_warn("%s: unknown %s bit in mask: 0x%lx", myname, context, mask); return (0); } else if (flags & NAME_MASK_WARN) { msg_warn("%s: unknown %s bit in mask: 0x%lx", myname, context, mask); } break; } if (mask & np->mask) { mask &= ~np->mask; vstring_sprintf_append(buf, "%s%c", np->name, delim); } } if ((len = VSTRING_LEN(buf)) > 0) vstring_truncate(buf, len - 1); VSTRING_TERMINATE(buf); return (STR(buf)); }
VSTRING *format_tv(VSTRING *buf, int sec, int usec, int sig_dig, int max_dig) { static int pow10[] = {1, 10, 100, 1000, 10000, 100000, 1000000}; int n; int rem; int wid; int ures; /* * Sanity check. */ if (max_dig < 0 || max_dig > 6) msg_panic("format_tv: bad maximum decimal count %d", max_dig); if (sec < 0 || usec < 0 || usec > MILLION) msg_panic("format_tv: bad time %ds %dus", sec, usec); if (sig_dig < 1 || sig_dig > 6) msg_panic("format_tv: bad significant decimal count %d", sig_dig); ures = MILLION / pow10[max_dig]; wid = pow10[sig_dig]; /* * Adjust the resolution to suppress irrelevant digits. */ if (ures < MILLION) { if (sec > 0) { for (n = 1; sec >= n && n <= wid / 10; n *= 10) /* void */ ; ures = (MILLION / wid) * n; } else { while (usec >= wid * ures) ures *= 10; } } /* * Round up the number if necessary. Leave thrash below the resolution. */ if (ures > 1) { usec += ures / 2; if (usec >= MILLION) { sec += 1; usec -= MILLION; } } /* * Format the number. Truncate trailing null and thrash below resolution. */ vstring_sprintf_append(buf, "%d", sec); if (usec >= ures) { VSTRING_ADDCH(buf, '.'); for (rem = usec, n = MILLION / 10; rem >= ures && n > 0; n /= 10) { VSTRING_ADDCH(buf, "0123456789"[rem / n]); rem %= n; } } VSTRING_TERMINATE(buf); return (buf); }
const char *cleanup_strflags(unsigned flags) { static VSTRING *result; unsigned i; if (flags == 0) return ("none"); if (result == 0) result = vstring_alloc(20); else VSTRING_RESET(result); for (i = 0; i < sizeof(cleanup_flag_map) / sizeof(cleanup_flag_map[0]); i++) { if (cleanup_flag_map[i].flag & flags) { vstring_sprintf_append(result, "%s ", cleanup_flag_map[i].text); flags &= ~cleanup_flag_map[i].flag; } } if (flags != 0 || VSTRING_LEN(result) == 0) msg_panic("cleanup_strflags: unrecognized flag value(s) 0x%x", flags); vstring_truncate(result, VSTRING_LEN(result) - 1); VSTRING_TERMINATE(result); return (vstring_str(result)); }
static void smtp_key_append_str(VSTRING *buffer, const char *str, const char *delim_na) { if (str == 0 || str[0] == 0) { smtp_key_append_na(buffer, delim_na); } else if (str[strcspn(str, delim_na)] != 0) { base64_encode_opt(buffer, str, strlen(str), BASE64_FLAG_APPEND); VSTRING_ADDCH(buffer, delim_na[0]); } else { vstring_sprintf_append(buffer, "%s%c", str, delim_na[0]); } }
VSTRING *hex_quote(VSTRING *hex, const char *raw) { const char *cp; int ch; VSTRING_RESET(hex); for (cp = raw; (ch = *(unsigned const char *) cp) != 0; cp++) { if (ch != '%' && !ISSPACE(ch) && ISPRINT(ch)) { VSTRING_ADDCH(hex, ch); } else { vstring_sprintf_append(hex, "%%%02X", ch); } } VSTRING_TERMINATE(hex); return (hex); }
VSTRING *xtext_quote_append(VSTRING *quoted, const char *unquoted, const char *special) { const char *cp; int ch; for (cp = unquoted; (ch = *(unsigned const char *) cp) != 0; cp++) { if (ch != '+' && ch > 32 && ch < 127 && (*special == 0 || strchr(special, ch) == 0)) { VSTRING_ADDCH(quoted, ch); } else { vstring_sprintf_append(quoted, "+%02X", ch); } } VSTRING_TERMINATE(quoted); return (quoted); }
static int smtpd_proxy_xforward_send(SMTPD_STATE *state, VSTRING *buf, const char *name, int value_available, const char *value) { size_t new_len; int ret; #define CONSTR_LEN(s) (sizeof(s) - 1) #define PAYLOAD_LIMIT (512 - CONSTR_LEN("250 " XFORWARD_CMD "\r\n")) if (!value_available) value = XFORWARD_UNAVAILABLE; /* * Encode the attribute value. */ if (state->expand_buf == 0) state->expand_buf = vstring_alloc(100); xtext_quote(state->expand_buf, value, ""); /* * How much space does this attribute need? SPACE name = value. */ new_len = strlen(name) + strlen(STR(state->expand_buf)) + 2; if (new_len > PAYLOAD_LIMIT) msg_warn("%s command payload %s=%.10s... exceeds SMTP protocol limit", XFORWARD_CMD, name, value); /* * Flush the buffer if we need to, and store the attribute. */ if (VSTRING_LEN(buf) > 0 && VSTRING_LEN(buf) + new_len > PAYLOAD_LIMIT) if ((ret = smtpd_proxy_xforward_flush(state, buf)) < 0) return (ret); vstring_sprintf_append(buf, " %s=%s", name, STR(state->expand_buf)); return (0); }
char *format_line_number(VSTRING *result, ssize_t first, ssize_t last) { static VSTRING *buf; /* * Your buffer or mine? */ if (result == 0) { if (buf == 0) buf = vstring_alloc(10); result = buf; } /* * Print a range only when the numbers differ. */ vstring_sprintf(result, "%ld", (long) first); if (first != last) vstring_sprintf_append(result, "-%ld", (long) last); return (vstring_str(result)); }
const char *mynetworks(void) { static VSTRING *result; if (result == 0) { char *myname = "mynetworks"; INET_ADDR_LIST *my_addr_list; INET_ADDR_LIST *my_mask_list; unsigned long addr; unsigned long mask; struct in_addr net; int shift; int junk; int i; int mask_style; mask_style = name_mask("mynetworks mask style", mask_styles, var_mynetworks_style); /* * XXX Workaround: name_mask() needs a flags argument so that we can * require exactly one value, or we need to provide an API that is * dedicated for single-valued flags. */ for (i = 0, junk = mask_style; junk != 0; junk >>= 1) i += (junk & 1); if (i != 1) msg_fatal("bad %s value: %s; specify exactly one value", VAR_MYNETWORKS_STYLE, var_mynetworks_style); result = vstring_alloc(20); my_addr_list = own_inet_addr_list(); my_mask_list = own_inet_mask_list(); for (i = 0; i < my_addr_list->used; i++) { addr = ntohl(my_addr_list->addrs[i].s_addr); mask = ntohl(my_mask_list->addrs[i].s_addr); switch (mask_style) { /* * Natural mask. This is dangerous if you're customer of an * ISP who gave you a small portion of their network. */ case MASK_STYLE_CLASS: if (IN_CLASSA(addr)) { mask = IN_CLASSA_NET; shift = IN_CLASSA_NSHIFT; } else if (IN_CLASSB(addr)) { mask = IN_CLASSB_NET; shift = IN_CLASSB_NSHIFT; } else if (IN_CLASSC(addr)) { mask = IN_CLASSC_NET; shift = IN_CLASSC_NSHIFT; } else if (IN_CLASSD(addr)) { mask = IN_CLASSD_NET; shift = IN_CLASSD_NSHIFT; } else { msg_fatal("%s: bad address class: %s", myname, inet_ntoa(my_addr_list->addrs[i])); } break; /* * Subnet mask. This is safe, but breaks backwards * compatibility when used as default setting. */ case MASK_STYLE_SUBNET: for (junk = mask, shift = BITS_PER_ADDR; junk != 0; shift--, (junk <<= 1)) /* void */ ; break; /* * Host only. Do not relay authorize other hosts. */ case MASK_STYLE_HOST: mask = ~0; shift = 0; break; default: msg_panic("unknown mynetworks mask style: %s", var_mynetworks_style); } net.s_addr = htonl(addr & mask); vstring_sprintf_append(result, "%s/%d ", inet_ntoa(net), BITS_PER_ADDR - shift); } if (msg_verbose) msg_info("%s: %s", myname, vstring_str(result)); }
static void qmgr_message_resolve(QMGR_MESSAGE *message) { static ARGV *defer_xport_argv; RECIPIENT_LIST list = message->rcpt_list; RECIPIENT *recipient; QMGR_TRANSPORT *transport = 0; QMGR_QUEUE *queue = 0; RESOLVE_REPLY reply; VSTRING *queue_name; char *at; char **cpp; char *nexthop; ssize_t len; int status; DSN dsn; MSG_STATS stats; DSN *saved_dsn; #define STREQ(x,y) (strcmp(x,y) == 0) #define STR vstring_str #define LEN VSTRING_LEN resolve_clnt_init(&reply); queue_name = vstring_alloc(1); for (recipient = list.info; recipient < list.info + list.len; recipient++) { /* * Redirect overrides all else. But only once (per entire message). * For consistency with the remainder of Postfix, rewrite the address * to canonical form before resolving it. */ if (message->redirect_addr) { if (recipient > list.info) { recipient->u.queue = 0; continue; } message->rcpt_offset = 0; message->rcpt_unread = 0; rewrite_clnt_internal(REWRITE_CANON, message->redirect_addr, reply.recipient); RECIPIENT_UPDATE(recipient->address, STR(reply.recipient)); if (qmgr_resolve_one(message, recipient, recipient->address, &reply) < 0) continue; if (!STREQ(recipient->address, STR(reply.recipient))) RECIPIENT_UPDATE(recipient->address, STR(reply.recipient)); } /* * Content filtering overrides the address resolver. * * XXX Bypass content_filter inspection for user-generated probes * (sendmail -bv). MTA-generated probes never have the "please filter * me" bits turned on, but we handle them here anyway for the sake of * future proofing. */ #define FILTER_WITHOUT_NEXTHOP(filter, next) \ (((next) = split_at((filter), ':')) == 0 || *(next) == 0) #define RCPT_WITHOUT_DOMAIN(rcpt, next) \ ((next = strrchr(rcpt, '@')) == 0 || *++(next) == 0) else if (message->filter_xport && (message->tflags & DEL_REQ_TRACE_ONLY_MASK) == 0) { reply.flags = 0; vstring_strcpy(reply.transport, message->filter_xport); if (FILTER_WITHOUT_NEXTHOP(STR(reply.transport), nexthop) && *(nexthop = var_def_filter_nexthop) == 0 && RCPT_WITHOUT_DOMAIN(recipient->address, nexthop)) nexthop = var_myhostname; vstring_strcpy(reply.nexthop, nexthop); vstring_strcpy(reply.recipient, recipient->address); } /* * Resolve the destination to (transport, nexthop, address). The * result address may differ from the one specified by the sender. */ else { if (qmgr_resolve_one(message, recipient, recipient->address, &reply) < 0) continue; if (!STREQ(recipient->address, STR(reply.recipient))) RECIPIENT_UPDATE(recipient->address, STR(reply.recipient)); } /* * Bounce null recipients. This should never happen, but is most * likely the result of a fault in a different program, so aborting * the queue manager process does not help. */ if (recipient->address[0] == 0) { QMGR_REDIRECT(&reply, MAIL_SERVICE_ERROR, "5.1.3 null recipient address"); } /* * Discard mail to the local double bounce address here, so this * system can run without a local delivery agent. They'd still have * to configure something for mail directed to the local postmaster, * though, but that is an RFC requirement anyway. * * XXX This lookup should be done in the resolver, and the mail should * be directed to a general-purpose null delivery agent. */ if (reply.flags & RESOLVE_CLASS_LOCAL) { at = strrchr(STR(reply.recipient), '@'); len = (at ? (at - STR(reply.recipient)) : strlen(STR(reply.recipient))); if (strncasecmp(STR(reply.recipient), var_double_bounce_sender, len) == 0 && !var_double_bounce_sender[len]) { status = sent(message->tflags, message->queue_id, QMGR_MSG_STATS(&stats, message), recipient, "none", DSN_SIMPLE(&dsn, "2.0.0", "undeliverable postmaster notification discarded")); if (status == 0) { deliver_completed(message->fp, recipient->offset); #if 0 /* It's the default verification probe sender address. */ msg_warn("%s: undeliverable postmaster notification discarded", message->queue_id); #endif } else message->flags |= status; continue; } } /* * Optionally defer deliveries over specific transports, unless the * restriction is lifted temporarily. */ if (*var_defer_xports && (message->qflags & QMGR_FLUSH_DFXP) == 0) { if (defer_xport_argv == 0) defer_xport_argv = argv_split(var_defer_xports, CHARS_COMMA_SP); for (cpp = defer_xport_argv->argv; *cpp; cpp++) if (strcmp(*cpp, STR(reply.transport)) == 0) break; if (*cpp) { QMGR_REDIRECT(&reply, MAIL_SERVICE_RETRY, "4.3.2 deferred transport"); } } /* * Look up or instantiate the proper transport. */ if (transport == 0 || !STREQ(transport->name, STR(reply.transport))) { if ((transport = qmgr_transport_find(STR(reply.transport))) == 0) transport = qmgr_transport_create(STR(reply.transport)); queue = 0; } /* * This message is being flushed. If need-be unthrottle the * transport. */ if ((message->qflags & QMGR_FLUSH_EACH) != 0 && QMGR_TRANSPORT_THROTTLED(transport)) qmgr_transport_unthrottle(transport); /* * This transport is dead. Defer delivery to this recipient. */ if (QMGR_TRANSPORT_THROTTLED(transport)) { saved_dsn = transport->dsn; if ((transport = qmgr_error_transport(MAIL_SERVICE_RETRY)) != 0) { nexthop = qmgr_error_nexthop(saved_dsn); vstring_strcpy(reply.nexthop, nexthop); myfree(nexthop); queue = 0; } else { qmgr_defer_recipient(message, recipient, saved_dsn); continue; } } /* * The nexthop destination provides the default name for the * per-destination queue. When the delivery agent accepts only one * recipient per delivery, give each recipient its own queue, so that * deliveries to different recipients of the same message can happen * in parallel, and so that we can enforce per-recipient concurrency * limits and prevent one recipient from tying up all the delivery * agent resources. We use recipient@nexthop as queue name rather * than the actual recipient domain name, so that one recipient in * multiple equivalent domains cannot evade the per-recipient * concurrency limit. Split the address on the recipient delimiter if * one is defined, so that extended addresses don't get extra * delivery slots. * * Fold the result to lower case so that we don't have multiple queues * for the same name. * * Important! All recipients in a queue must have the same nexthop * value. It is OK to have multiple queues with the same nexthop * value, but only when those queues are named after recipients. * * The single-recipient code below was written for local(8) like * delivery agents, and assumes that all domains that deliver to the * same (transport + nexthop) are aliases for $nexthop. Delivery * concurrency is changed from per-domain into per-recipient, by * changing the queue name from nexthop into localpart@nexthop. * * XXX This assumption is incorrect when different destinations share * the same (transport + nexthop). In reality, such transports are * rarely configured to use single-recipient deliveries. The fix is * to decouple the per-destination recipient limit from the * per-destination concurrency. */ vstring_strcpy(queue_name, STR(reply.nexthop)); if (strcmp(transport->name, MAIL_SERVICE_ERROR) != 0 && strcmp(transport->name, MAIL_SERVICE_RETRY) != 0 && transport->recipient_limit == 1) { /* Copy the recipient localpart. */ at = strrchr(STR(reply.recipient), '@'); len = (at ? (at - STR(reply.recipient)) : strlen(STR(reply.recipient))); vstring_strncpy(queue_name, STR(reply.recipient), len); /* Remove the address extension from the recipient localpart. */ if (*var_rcpt_delim && split_addr(STR(queue_name), var_rcpt_delim)) vstring_truncate(queue_name, strlen(STR(queue_name))); /* Assume the recipient domain is equivalent to nexthop. */ vstring_sprintf_append(queue_name, "@%s", STR(reply.nexthop)); } lowercase(STR(queue_name)); /* * This transport is alive. Find or instantiate a queue for this * recipient. */ if (queue == 0 || !STREQ(queue->name, STR(queue_name))) { if ((queue = qmgr_queue_find(transport, STR(queue_name))) == 0) queue = qmgr_queue_create(transport, STR(queue_name), STR(reply.nexthop)); } /* * This message is being flushed. If need-be unthrottle the queue. */ if ((message->qflags & QMGR_FLUSH_EACH) != 0 && QMGR_QUEUE_THROTTLED(queue)) qmgr_queue_unthrottle(queue); /* * This queue is dead. Defer delivery to this recipient. */ if (QMGR_QUEUE_THROTTLED(queue)) { saved_dsn = queue->dsn; if ((queue = qmgr_error_queue(MAIL_SERVICE_RETRY, saved_dsn)) == 0) { qmgr_defer_recipient(message, recipient, saved_dsn); continue; } } /* * This queue is alive. Bind this recipient to this queue instance. */ recipient->u.queue = queue; } resolve_clnt_free(&reply); vstring_free(queue_name); }
/* * This is the actual startup routine for the connection. We expect that the * buffers are flushed and the "220 Ready to start TLS" was received by us, * so that we can immediately start the TLS handshake process. */ TLS_SESS_STATE *tls_client_start(const TLS_CLIENT_START_PROPS *props) { int sts; int protomask; const char *cipher_list; SSL_SESSION *session; const SSL_CIPHER *cipher; X509 *peercert; TLS_SESS_STATE *TLScontext; TLS_APPL_STATE *app_ctx = props->ctx; VSTRING *myserverid; int log_mask = app_ctx->log_mask; /* * When certificate verification is required, log trust chain validation * errors even when disabled by default for opportunistic sessions. */ if (props->tls_level >= TLS_LEV_VERIFY) log_mask |= TLS_LOG_UNTRUSTED; if (log_mask & TLS_LOG_VERBOSE) msg_info("setting up TLS connection to %s", props->namaddr); /* * First make sure we have valid protocol and cipher parameters * * The cipherlist will be applied to the global SSL context, where it can be * repeatedly reset if necessary, but the protocol restrictions will be * is applied to the SSL connection, because protocol restrictions in the * global context cannot be cleared. */ /* * OpenSSL will ignore cached sessions that use the wrong protocol. So we * do not need to filter out cached sessions with the "wrong" protocol, * rather OpenSSL will simply negotiate a new session. * * Still, we salt the session lookup key with the protocol list, so that * sessions found in the cache are always acceptable. */ protomask = tls_protocol_mask(props->protocols); if (protomask == TLS_PROTOCOL_INVALID) { /* tls_protocol_mask() logs no warning. */ msg_warn("%s: Invalid TLS protocol list \"%s\": aborting TLS session", props->namaddr, props->protocols); return (0); } myserverid = vstring_alloc(100); vstring_sprintf_append(myserverid, "%s&p=%d", props->serverid, protomask); /* * Per session cipher selection for sessions with mandatory encryption * * By the time a TLS client is negotiating ciphers it has already offered to * re-use a session, it is too late to renege on the offer. So we must * not attempt to re-use sessions whose ciphers are too weak. We salt the * session lookup key with the cipher list, so that sessions found in the * cache are always acceptable. */ cipher_list = tls_set_ciphers(app_ctx, "TLS", props->cipher_grade, props->cipher_exclusions); if (cipher_list == 0) { msg_warn("%s: %s: aborting TLS session", props->namaddr, vstring_str(app_ctx->why)); vstring_free(myserverid); return (0); } if (log_mask & TLS_LOG_VERBOSE) msg_info("%s: TLS cipher list \"%s\"", props->namaddr, cipher_list); vstring_sprintf_append(myserverid, "&c=%s", cipher_list); /* * Finally, salt the session key with the OpenSSL library version, * (run-time, rather than compile-time, just in case that matters). */ vstring_sprintf_append(myserverid, "&l=%ld", (long) SSLeay()); /* * Allocate a new TLScontext for the new connection and get an SSL * structure. Add the location of TLScontext to the SSL to later retrieve * the information inside the tls_verify_certificate_callback(). * * If session caching was enabled when TLS was initialized, the cache type * is stored in the client SSL context. */ TLScontext = tls_alloc_sess_context(log_mask, props->namaddr); TLScontext->cache_type = app_ctx->cache_type; TLScontext->serverid = vstring_export(myserverid); TLScontext->stream = props->stream; if ((TLScontext->con = SSL_new(app_ctx->ssl_ctx)) == NULL) { msg_warn("Could not allocate 'TLScontext->con' with SSL_new()"); tls_print_errors(); tls_free_context(TLScontext); return (0); } if (!SSL_set_ex_data(TLScontext->con, TLScontext_index, TLScontext)) { msg_warn("Could not set application data for 'TLScontext->con'"); tls_print_errors(); tls_free_context(TLScontext); return (0); } /* * Apply session protocol restrictions. */ if (protomask != 0) SSL_set_options(TLScontext->con, ((protomask & TLS_PROTOCOL_TLSv1) ? SSL_OP_NO_TLSv1 : 0L) | ((protomask & TLS_PROTOCOL_TLSv1_1) ? SSL_OP_NO_TLSv1_1 : 0L) | ((protomask & TLS_PROTOCOL_TLSv1_2) ? SSL_OP_NO_TLSv1_2 : 0L) | ((protomask & TLS_PROTOCOL_SSLv3) ? SSL_OP_NO_SSLv3 : 0L) | ((protomask & TLS_PROTOCOL_SSLv2) ? SSL_OP_NO_SSLv2 : 0L)); /* * XXX To avoid memory leaks we must always call SSL_SESSION_free() after * calling SSL_set_session(), regardless of whether or not the session * will be reused. */ if (TLScontext->cache_type) { session = load_clnt_session(TLScontext); if (session) { SSL_set_session(TLScontext->con, session); SSL_SESSION_free(session); /* 200411 */ #if (OPENSSL_VERSION_NUMBER < 0x00906011L) || (OPENSSL_VERSION_NUMBER == 0x00907000L) /* * Ugly Hack: OpenSSL before 0.9.6a does not store the verify * result in sessions for the client side. We modify the session * directly which is version specific, but this bug is version * specific, too. * * READ: 0-09-06-01-1 = 0-9-6-a-beta1: all versions before beta1 * have this bug, it has been fixed during development of 0.9.6a. * The development version of 0.9.7 can have this bug, too. It * has been fixed on 2000/11/29. */ SSL_set_verify_result(TLScontext->con, session->verify_result); #endif } } /* * Before really starting anything, try to seed the PRNG a little bit * more. */ tls_int_seed(); (void) tls_ext_seed(var_tls_daemon_rand_bytes); /* * Initialize the SSL connection to connect state. This should not be * necessary anymore since 0.9.3, but the call is still in the library * and maintaining compatibility never hurts. */ SSL_set_connect_state(TLScontext->con); /* * Connect the SSL connection with the network socket. */ if (SSL_set_fd(TLScontext->con, vstream_fileno(props->stream)) != 1) { msg_info("SSL_set_fd error to %s", props->namaddr); tls_print_errors(); uncache_session(app_ctx->ssl_ctx, TLScontext); tls_free_context(TLScontext); return (0); } /* * Turn on non-blocking I/O so that we can enforce timeouts on network * I/O. */ non_blocking(vstream_fileno(props->stream), NON_BLOCKING); /* * If the debug level selected is high enough, all of the data is dumped: * TLS_LOG_TLSPKTS will dump the SSL negotiation, TLS_LOG_ALLPKTS will * dump everything. * * We do have an SSL_set_fd() and now suddenly a BIO_ routine is called? * Well there is a BIO below the SSL routines that is automatically * created for us, so we can use it for debugging purposes. */ if (log_mask & TLS_LOG_TLSPKTS) BIO_set_callback(SSL_get_rbio(TLScontext->con), tls_bio_dump_cb); /* * Start TLS negotiations. This process is a black box that invokes our * call-backs for certificate verification. * * Error handling: If the SSL handhake fails, we print out an error message * and remove all TLS state concerning this session. */ sts = tls_bio_connect(vstream_fileno(props->stream), props->timeout, TLScontext); if (sts <= 0) { if (ERR_peek_error() != 0) { msg_info("SSL_connect error to %s: %d", props->namaddr, sts); tls_print_errors(); } else if (errno != 0) { msg_info("SSL_connect error to %s: %m", props->namaddr); } else { msg_info("SSL_connect error to %s: lost connection", props->namaddr); } uncache_session(app_ctx->ssl_ctx, TLScontext); tls_free_context(TLScontext); return (0); } /* Turn off packet dump if only dumping the handshake */ if ((log_mask & TLS_LOG_ALLPKTS) == 0) BIO_set_callback(SSL_get_rbio(TLScontext->con), 0); /* * The caller may want to know if this session was reused or if a new * session was negotiated. */ TLScontext->session_reused = SSL_session_reused(TLScontext->con); if ((log_mask & TLS_LOG_CACHE) && TLScontext->session_reused) msg_info("%s: Reusing old session", TLScontext->namaddr); /* * Do peername verification if requested and extract useful information * from the certificate for later use. */ if ((peercert = SSL_get_peer_certificate(TLScontext->con)) != 0) { TLScontext->peer_status |= TLS_CERT_FLAG_PRESENT; /* * Peer name or fingerprint verification as requested. * Unconditionally set peer_CN, issuer_CN and peer_fingerprint. */ verify_extract_name(TLScontext, peercert, props); verify_extract_print(TLScontext, peercert, props); if (TLScontext->log_mask & (TLS_LOG_CERTMATCH | TLS_LOG_VERBOSE | TLS_LOG_PEERCERT)) msg_info("%s: subject_CN=%s, issuer_CN=%s, " "fingerprint %s, pkey_fingerprint=%s", props->namaddr, TLScontext->peer_CN, TLScontext->issuer_CN, TLScontext->peer_fingerprint, TLScontext->peer_pkey_fprint); X509_free(peercert); } else { TLScontext->issuer_CN = mystrdup(""); TLScontext->peer_CN = mystrdup(""); TLScontext->peer_fingerprint = mystrdup(""); TLScontext->peer_pkey_fprint = mystrdup(""); } /* * Finally, collect information about protocol and cipher for logging */ TLScontext->protocol = SSL_get_version(TLScontext->con); cipher = SSL_get_current_cipher(TLScontext->con); TLScontext->cipher_name = SSL_CIPHER_get_name(cipher); TLScontext->cipher_usebits = SSL_CIPHER_get_bits(cipher, &(TLScontext->cipher_algbits)); /* * The TLS engine is active. Switch to the tls_timed_read/write() * functions and make the TLScontext available to those functions. */ tls_stream_start(props->stream, TLScontext); /* * All the key facts in a single log entry. */ if (log_mask & TLS_LOG_SUMMARY) msg_info("%s TLS connection established to %s: %s with cipher %s " "(%d/%d bits)", TLS_CERT_IS_MATCHED(TLScontext) ? "Verified" : TLS_CERT_IS_TRUSTED(TLScontext) ? "Trusted" : "Untrusted", props->namaddr, TLScontext->protocol, TLScontext->cipher_name, TLScontext->cipher_usebits, TLScontext->cipher_algbits); tls_int_seed(); return (TLScontext); }
DICT *dict_ldap_open(const char *ldapsource, int dummy, int dict_flags) { char *myname = "dict_ldap_open"; DICT_LDAP *dict_ldap; VSTRING *url_list; char *s; char *h; char *server_host; char *domainlist; char *scope; char *attr; int tmp; if (msg_verbose) msg_info("%s: Using LDAP source %s", myname, ldapsource); dict_ldap = (DICT_LDAP *) dict_alloc(DICT_TYPE_LDAP, ldapsource, sizeof(*dict_ldap)); dict_ldap->dict.lookup = dict_ldap_lookup; dict_ldap->dict.close = dict_ldap_close; dict_ldap->dict.flags = dict_flags | DICT_FLAG_FIXED; dict_ldap->ld = NULL; dict_ldap->parser = cfg_parser_alloc(ldapsource); dict_ldap->ldapsource = mystrdup(ldapsource); server_host = cfg_get_str(dict_ldap->parser, "server_host", "localhost", 1, 0); /* * get configured value of "server_port"; default to LDAP_PORT (389) */ dict_ldap->server_port = cfg_get_int(dict_ldap->parser, "server_port", LDAP_PORT, 0, 0); /* * Define LDAP Version. */ dict_ldap->version = cfg_get_int(dict_ldap->parser, "version", 2, 2, 0); switch (dict_ldap->version) { case 2: dict_ldap->version = LDAP_VERSION2; break; case 3: dict_ldap->version = LDAP_VERSION3; break; default: msg_warn("%s: %s Unknown version %d.", myname, ldapsource, dict_ldap->version); dict_ldap->version = LDAP_VERSION2; } #if defined(LDAP_API_FEATURE_X_OPENLDAP) dict_ldap->ldap_ssl = 0; #endif url_list = vstring_alloc(32); s = server_host; while ((h = mystrtok(&s, " \t\n\r,")) != NULL) { #if defined(LDAP_API_FEATURE_X_OPENLDAP) /* * Convert (host, port) pairs to LDAP URLs */ if (ldap_is_ldap_url(h)) { LDAPURLDesc *url_desc; int rc; if ((rc = ldap_url_parse(h, &url_desc)) != 0) { msg_error("%s: error parsing URL %s: %d: %s; skipping", myname, h, rc, ldap_err2string(rc)); continue; } if (strcasecmp(url_desc->lud_scheme, "ldap") != 0 && dict_ldap->version != LDAP_VERSION3) { msg_warn("%s: URL scheme %s requires protocol version 3", myname, url_desc->lud_scheme); dict_ldap->version = LDAP_VERSION3; } if (strcasecmp(url_desc->lud_scheme, "ldaps") == 0) dict_ldap->ldap_ssl = 1; ldap_free_urldesc(url_desc); vstring_sprintf_append(url_list, " %s", h); } else { if (strrchr(h, ':')) vstring_sprintf_append(url_list, " ldap://%s", h); else vstring_sprintf_append(url_list, " ldap://%s:%d", h, dict_ldap->server_port); } #else vstring_sprintf_append(url_list, " %s", h); #endif } dict_ldap->server_host = mystrdup(VSTRING_LEN(url_list) > 0 ? vstring_str(url_list) + 1 : ""); #if defined(LDAP_API_FEATURE_X_OPENLDAP) /* * With URL scheme, clear port to normalize connection cache key */ dict_ldap->server_port = LDAP_PORT; if (msg_verbose) msg_info("%s: %s server_host URL is %s", myname, ldapsource, dict_ldap->server_host); #endif myfree(server_host); vstring_free(url_list); /* * Scope handling thanks to Carsten Hoeger of SuSE. */ scope = cfg_get_str(dict_ldap->parser, "scope", "sub", 1, 0); if (strcasecmp(scope, "one") == 0) { dict_ldap->scope = LDAP_SCOPE_ONELEVEL; } else if (strcasecmp(scope, "base") == 0) { dict_ldap->scope = LDAP_SCOPE_BASE; } else if (strcasecmp(scope, "sub") == 0) { dict_ldap->scope = LDAP_SCOPE_SUBTREE; } else { msg_warn("%s: %s: Unrecognized value %s specified for scope; using sub", myname, ldapsource, scope); dict_ldap->scope = LDAP_SCOPE_SUBTREE; } myfree(scope); dict_ldap->search_base = cfg_get_str(dict_ldap->parser, "search_base", "", 0, 0); domainlist = cfg_get_str(dict_ldap->parser, "domain", "", 0, 0); if (*domainlist) { #ifdef MATCH_FLAG_NONE dict_ldap->domain = match_list_init(MATCH_FLAG_NONE, domainlist, 1, match_string); #else dict_ldap->domain = match_list_init(domainlist, 1, match_string); #endif if (dict_ldap->domain == NULL) msg_warn("%s: domain match list creation using \"%s\" failed, will continue without it", myname, domainlist); if (msg_verbose) msg_info("%s: domain list created using \"%s\"", myname, domainlist); } else { dict_ldap->domain = NULL; } myfree(domainlist); /* * get configured value of "timeout"; default to 10 seconds * * Thanks to Manuel Guesdon for spotting that this wasn't really getting * set. */ dict_ldap->timeout = cfg_get_int(dict_ldap->parser, "timeout", 10, 0, 0); dict_ldap->query_filter = cfg_get_str(dict_ldap->parser, "query_filter", "(mailacceptinggeneralid=%s)", 0, 0); dict_ldap->result_filter = cfg_get_str(dict_ldap->parser, "result_filter", "%s", 0, 0); if (strcmp(dict_ldap->result_filter, "%s") == 0) { myfree(dict_ldap->result_filter); dict_ldap->result_filter = NULL; } attr = cfg_get_str(dict_ldap->parser, "result_attribute", "maildrop", 0, 0); dict_ldap->result_attributes = argv_split(attr, " ,\t\r\n"); dict_ldap->num_attributes = dict_ldap->result_attributes->argc; myfree(attr); attr = cfg_get_str(dict_ldap->parser, "special_result_attribute", "", 0, 0); if (*attr) { argv_split_append(dict_ldap->result_attributes, attr, " ,\t\r\n"); } myfree(attr); /* * get configured value of "bind"; default to true */ dict_ldap->bind = cfg_get_bool(dict_ldap->parser, "bind", 1); /* * get configured value of "bind_dn"; default to "" */ dict_ldap->bind_dn = cfg_get_str(dict_ldap->parser, "bind_dn", "", 0, 0); /* * get configured value of "bind_pw"; default to "" */ dict_ldap->bind_pw = cfg_get_str(dict_ldap->parser, "bind_pw", "", 0, 0); /* * get configured value of "cache"; default to false */ tmp = cfg_get_bool(dict_ldap->parser, "cache", 0); if (tmp) msg_warn("%s: %s ignoring cache", myname, ldapsource); /* * get configured value of "cache_expiry"; default to 30 seconds */ tmp = cfg_get_int(dict_ldap->parser, "cache_expiry", -1, 0, 0); if (tmp >= 0) msg_warn("%s: %s ignoring cache_expiry", myname, ldapsource); /* * get configured value of "cache_size"; default to 32k */ tmp = cfg_get_int(dict_ldap->parser, "cache_size", -1, 0, 0); if (tmp >= 0) msg_warn("%s: %s ignoring cache_size", myname, ldapsource); /* * get configured value of "recursion_limit"; default to 1000 */ dict_ldap->recursion_limit = cfg_get_int(dict_ldap->parser, "recursion_limit", 1000, 1, 0); /* * get configured value of "expansion_limit"; default to 0 */ dict_ldap->expansion_limit = cfg_get_int(dict_ldap->parser, "expansion_limit", 0, 0, 0); /* * get configured value of "size_limit"; default to expansion_limit */ dict_ldap->size_limit = cfg_get_int(dict_ldap->parser, "size_limit", dict_ldap->expansion_limit, 0, 0); /* * Alias dereferencing suggested by Mike Mattice. */ dict_ldap->dereference = cfg_get_int(dict_ldap->parser, "dereference", 0, 0, 0); if (dict_ldap->dereference < 0 || dict_ldap->dereference > 3) { msg_warn("%s: %s Unrecognized value %d specified for dereference; using 0", myname, ldapsource, dict_ldap->dereference); dict_ldap->dereference = 0; } /* Referral chasing */ dict_ldap->chase_referrals = cfg_get_bool(dict_ldap->parser, "chase_referrals", 0); #ifdef LDAP_API_FEATURE_X_OPENLDAP /* * TLS options */ /* get configured value of "start_tls"; default to no */ dict_ldap->start_tls = cfg_get_bool(dict_ldap->parser, "start_tls", 0); if (dict_ldap->start_tls && dict_ldap->version < LDAP_VERSION3) { msg_warn("%s: %s start_tls requires protocol version 3", myname, ldapsource); dict_ldap->version = LDAP_VERSION3; } /* get configured value of "tls_require_cert"; default to no */ dict_ldap->tls_require_cert = cfg_get_bool(dict_ldap->parser, "tls_require_cert", 0); /* get configured value of "tls_ca_cert_file"; default "" */ dict_ldap->tls_ca_cert_file = cfg_get_str(dict_ldap->parser, "tls_ca_cert_file", "", 0, 0); /* get configured value of "tls_ca_cert_dir"; default "" */ dict_ldap->tls_ca_cert_dir = cfg_get_str(dict_ldap->parser, "tls_ca_cert_dir", "", 0, 0); /* get configured value of "tls_cert"; default "" */ dict_ldap->tls_cert = cfg_get_str(dict_ldap->parser, "tls_cert", "", 0, 0); /* get configured value of "tls_key"; default "" */ dict_ldap->tls_key = cfg_get_str(dict_ldap->parser, "tls_key", "", 0, 0); /* get configured value of "tls_random_file"; default "" */ dict_ldap->tls_random_file = cfg_get_str(dict_ldap->parser, "tls_random_file", "", 0, 0); /* get configured value of "tls_cipher_suite"; default "" */ dict_ldap->tls_cipher_suite = cfg_get_str(dict_ldap->parser, "tls_cipher_suite", "", 0, 0); #endif /* * Debug level. */ #if defined(LDAP_OPT_DEBUG_LEVEL) && defined(LBER_OPT_LOG_PRINT_FN) dict_ldap->debuglevel = cfg_get_int(dict_ldap->parser, "debuglevel", 0, 0, 0); #endif /* * Find or allocate shared LDAP connection container. */ dict_ldap_conn_find(dict_ldap); /* * Return the new dict_ldap structure. */ return (DICT_DEBUG (&dict_ldap->dict)); }
const char *make_verify_sender_addr(void) { static VSTRING *verify_sender_buf; /* the complete sender address */ static VSTRING *my_epoch_buf; /* scratch space */ char *my_at_domain; /* * The null sender is always time-independent. */ if (*var_verify_sender == 0 || strcmp(var_verify_sender, "<>") == 0) return (""); /* * Sanity check. */ if (*var_verify_sender == '@') msg_fatal("parameter %s: value \"%s\" must not start with '@'", VAR_VERIFY_SENDER, var_verify_sender); if ((my_at_domain = strchr(var_verify_sender, '@')) != 0 && my_at_domain[1] == 0) msg_fatal("parameter %s: value \"%s\" must not end with '@'", VAR_VERIFY_SENDER, var_verify_sender); /* * One-time initialization. */ if (verify_sender_buf == 0) { verify_sender_buf = vstring_alloc(10); my_epoch_buf = vstring_alloc(10); } /* * Start with the bare sender address. */ vstring_strcpy(verify_sender_buf, var_verify_sender); /* * Append the time stamp to the address localpart, encoded in some * non-decimal form for obscurity. * * XXX It would be nice to have safe_ultostr() append-only support. */ if (var_verify_sender_ttl > 0) { /* Strip the @domain portion, if applicable. */ if (my_at_domain != 0) vstring_truncate(verify_sender_buf, (ssize_t) (my_at_domain - var_verify_sender)); /* Append the time stamp to the address localpart. */ vstring_sprintf_append(verify_sender_buf, "%s", safe_ultostr(my_epoch_buf, VERIFY_SENDER_ADDR_EPOCH(), VERIFY_BASE, 0, 0)); /* Add back the @domain, if applicable. */ if (my_at_domain != 0) vstring_sprintf_append(verify_sender_buf, "%s", my_at_domain); } /* * Rewrite the address to canonical form. */ rewrite_clnt_internal(MAIL_ATTR_RWR_LOCAL, STR(verify_sender_buf), verify_sender_buf); return (STR(verify_sender_buf)); }
static void smtp_key_append_uint(VSTRING *buffer, unsigned num, const char *delim_na) { vstring_sprintf_append(buffer, "%u%c", num, delim_na[0]); }
const char *mail_date(time_t when) { static VSTRING *vp; struct tm *lt; struct tm gmt; int gmtoff; /* * As if strftime() isn't expensive enough, we're dynamically adjusting * the size for the result, so we won't be surprised by long names etc. */ if (vp == 0) vp = vstring_alloc(100); else VSTRING_RESET(vp); /* * POSIX does not require that struct tm has a tm_gmtoff field, so we * must compute the time offset from UTC by hand. * * Starting with the difference in hours/minutes between 24-hour clocks, * adjust for differences in years, in yeardays, and in (leap) seconds. * * Assume 0..23 hours in a day, 0..59 minutes in an hour. The library spec * has changed: we can no longer assume that there are 0..59 seconds in a * minute. */ gmt = *gmtime(&when); lt = localtime(&when); gmtoff = (lt->tm_hour - gmt.tm_hour) * HOUR_MIN + lt->tm_min - gmt.tm_min; if (lt->tm_year < gmt.tm_year) gmtoff -= DAY_MIN; else if (lt->tm_year > gmt.tm_year) gmtoff += DAY_MIN; else if (lt->tm_yday < gmt.tm_yday) gmtoff -= DAY_MIN; else if (lt->tm_yday > gmt.tm_yday) gmtoff += DAY_MIN; if (lt->tm_sec <= gmt.tm_sec - MIN_SEC) gmtoff -= 1; else if (lt->tm_sec >= gmt.tm_sec + MIN_SEC) gmtoff += 1; /* * First, format the date and wall-clock time. XXX The %e format (day of * month, leading zero replaced by blank) isn't in my POSIX book, but * many vendors seem to support it. */ #ifdef MISSING_STRFTIME_E #define STRFTIME_FMT "%a, %d %b %Y %H:%M:%S " #else #define STRFTIME_FMT "%a, %e %b %Y %H:%M:%S " #endif while (strftime(vstring_end(vp), vstring_avail(vp), STRFTIME_FMT, lt) == 0) VSTRING_SPACE(vp, 100); VSTRING_SKIP(vp); /* * Then, add the UTC offset. */ if (gmtoff < -DAY_MIN || gmtoff > DAY_MIN) msg_panic("UTC time offset %d is larger than one day", gmtoff); vstring_sprintf_append(vp, "%+03d%02d", (int) (gmtoff / HOUR_MIN), (int) (abs(gmtoff) % HOUR_MIN)); /* * Finally, add the time zone name. */ while (strftime(vstring_end(vp), vstring_avail(vp), " (%Z)", lt) == 0) VSTRING_SPACE(vp, vstring_avail(vp) + 100); VSTRING_SKIP(vp); return (vstring_str(vp)); }