src/operator-starttls.cc


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103

/**
 *  @file  operator-starttls.cc
 *  @brief  Implementation of the STARTTLS command - based on sslserver
 *  @author Andreas Aardal Hanssen, Erwin Hoffmann
 *  @date 2002-2005, 2023
 */

#include "depot.h"
#include "iodevice.h"
#include "iofactory.h"
#include "operators.h"
#include "recursivedescent.h"
#include "session.h"

#include <iostream>
#include <string>

#include <fcntl.h>
#include <unistd.h>

using namespace Binc;

StarttlsOperator::StarttlsOperator() {}

StarttlsOperator::~StarttlsOperator() {}

const std::string StarttlsOperator::getName() const
{
  return "STARTTLS";
}

Session::State StarttlsOperator::getState() const
{
  return Session::State(Session::NONAUTHENTICATED | Session::AUTHENTICATED
                        | Session::SELECTED);
}

Operator::ProcessResult StarttlsOperator::goStartTLS() const
{
  Session &session = Session::getInstance();

  if (getenv("UCSPITLS")) {
    std::string fdstr;
    int fd;

    fdstr = session.getEnv("SSLCTLFD");
    fd = std::stoi(fdstr);
    if (write(fd, "Y", 1) < 1) return ProcessResult::NOTHING;
    bincClient.flush();  // flush all previous received data

    fdstr = session.getEnv("SSLREADFD");
    fd = std::stoi(fdstr);
    if (fcntl(fd, F_GETFL, 0) == -1) return ProcessResult::NOTHING;
    close(0);
    if (fcntl(fd, F_DUPFD, 0) == -1) return ProcessResult::NOTHING;
    close(fd);

    fdstr = session.getEnv("SSLWRITEFD");
    fd = std::stoi(fdstr);
    if (fcntl(fd, F_GETFL, 0) == -1) return ProcessResult::NOTHING;
    close(1);
    if (fcntl(fd, F_DUPFD, 1) == -1) return ProcessResult::NOTHING;
    close(fd);
  }

  return ProcessResult::OK;
}

Operator::ProcessResult StarttlsOperator::process(Depot &depot, Request &command)
{
  Session &session = Session::getInstance();
  if (session.command.ssl) {
    session.setLastError("Already in TLS mode");
    return ProcessResult::BAD;
  }

  bincClient << "* ENABLED StartTLS - begin negotiation now" << std::endl;
  bincClient << command.getTag() << " OK STARTTLS completed" << std::endl;

  if (goStartTLS() == ProcessResult::OK)
    session.command.ssl = true;
  else
    return ProcessResult::NO;

  return ProcessResult::NOTHING;
}

Parser::ParseResult StarttlsOperator::parse(Request &c_in)
{
  Session &session = Session::getInstance();

  if (c_in.getUidMode()) return Parser::ParseResult::REJECT;

  Parser::ParseResult res;
  if ((res = expectCRLF()) != Parser::ParseResult::ACCEPT) {
    session.setLastError("Expected CRLF");
    return res;
  }

  c_in.setName("STARTTLS");

  return Parser::ParseResult::ACCEPT;
}