summaryrefslogtreecommitdiff
path: root/src/qmail-popup.c
diff options
context:
space:
mode:
authorJannis Hoffmann <jannis@fehcom.de>2024-07-03 15:48:04 +0200
committerJannis Hoffmann <jannis@fehcom.de>2024-07-03 15:48:04 +0200
commit89b7b67a13ebb7965cc7f13ad0595e2194a2d34c (patch)
tree25efd77a90ae87236e6730d8ea3846bbe0fd126f /src/qmail-popup.c
add sqmail-4.2.29asqmail-4.2
Diffstat (limited to 'src/qmail-popup.c')
-rw-r--r--src/qmail-popup.c301
1 files changed, 301 insertions, 0 deletions
diff --git a/src/qmail-popup.c b/src/qmail-popup.c
new file mode 100644
index 0000000..522e719
--- /dev/null
+++ b/src/qmail-popup.c
@@ -0,0 +1,301 @@
+#include <unistd.h>
+#include "commands.h"
+#include "fd.h"
+#include "sig.h"
+#include "stralloc.h"
+#include "buffer.h"
+#include "alloc.h"
+#include "wait.h"
+#include "str.h"
+#include "byte.h"
+#include "now.h"
+#include "fmt.h"
+#include "case.h"
+#include "exit.h"
+#include "timeout.h"
+#include "env.h"
+#include "tls_start.h"
+#include "ip.h"
+
+#define PORT_POP3S "995"
+#define FDIN 0
+#define FDOUT 1
+#define FDAUTH 3
+#define FDLOG 5
+
+void die() { _exit(1); }
+
+ssize_t saferead(int fd,char *buf,int len)
+{
+ int r;
+ r = timeoutread(1200,fd,buf,len);
+ if (r <= 0) die();
+ return r;
+}
+
+ssize_t safewrite(int fd,char *buf,int len)
+{
+ int r;
+ r = timeoutwrite(1200,fd,buf,len);
+ if (r <= 0) die();
+ return r;
+}
+
+char outbuf[128];
+buffer bo = BUFFER_INIT(safewrite,FDOUT,outbuf,sizeof(outbuf));
+
+char inbuf[128];
+buffer bi = BUFFER_INIT(saferead,FDIN,inbuf,sizeof(inbuf));
+
+void outs(char *s)
+{
+ buffer_puts(&bo,s);
+}
+void flush()
+{
+ buffer_flush(&bo);
+}
+void err(char *s)
+{
+ outs("-ERR ");
+ outs(s);
+ outs("\r\n");
+ flush();
+}
+
+/* Logging */
+
+stralloc protocol = {0};
+stralloc auth = {0};
+char *localport;
+char *remoteip;
+char *remotehost;
+
+char strnum[FMT_ULONG];
+char logbuf[512];
+buffer bl = BUFFER_INIT(safewrite,FDLOG,logbuf,sizeof(logbuf));
+
+void logs(char *s) { if (buffer_puts(&bl,s) == -1) _exit(1); }
+void logp(char *s) { logs(" P:"); logs(s); }
+void logh(char *s1, char *s2) { logs(" S:"); logs(s1); logs(":"); logs(s2); }
+void logu(char *s) { logs(" ?~ '"); logs(s); logs("'"); }
+void logn(char *s) { if (buffer_puts(&bl,s) == -1) _exit(1); if (buffer_flush(&bl) == -1) _exit(1); }
+void logpid() { strnum[fmt_ulong(strnum,getpid())] = 0; logs("qmail-popup: pid "); logs(strnum); logs(" "); }
+void log_pop(char *s1,char *s2,char *s3,char *s4,char *s5,char *s6)
+ { logpid(); logs(s1); logs(s2); logp(s3); logh(s4,s5), logu(s6), logn("\n"); }
+
+void die_usage() { err("usage: popup hostname subprogram"); die(); }
+void die_nomem() { err("out of memory"); die(); }
+void die_pipe() { err("unable to open pipe"); die(); }
+void die_write() { err("unable to write pipe"); die(); }
+void die_fork() { err("unable to fork"); die(); }
+void die_childcrashed() { err("aack, child crashed"); }
+void die_badauth() { err("authorization failed"); }
+void die_tls() { err("TLS startup failed"); die(); }
+void die_notls() {
+ err("TLS required but not negotiated");
+ log_pop("Reject::STLS::","Any","POP3",remoteip,remotehost,"unknown");
+ die();
+}
+
+void err_syntax() { err("syntax error"); }
+void err_wantuser() { err("USER first"); }
+void err_authoriz() { err("authorization first"); }
+
+void okay() { outs("+OK \r\n"); flush(); }
+void pop3_quit() { okay(); die(); }
+
+void poplog_init()
+{
+ if (!stralloc_copys(&protocol,"POP3")) die_nomem();
+ localport = env_get("TCP6LOCALPORT");
+ if (!localport) localport = env_get("TCPLOCALPORT");
+ if (!localport) localport = "unknown";
+ if (!case_diffs(localport,PORT_POP3S))
+ if (!stralloc_cats(&protocol,"S")) die_nomem();
+ remoteip = env_get("TCP6REMOTEIP");
+ if (remoteip && byte_equal(remoteip,7,V4MAPPREFIX)) remoteip = remoteip + 7;
+ if (!remoteip) remoteip = env_get("TCPREMOTEIP");
+ if (!remoteip) remoteip = "unknown";
+ remotehost = env_get("TCP6REMOTEHOST");
+ if (!remotehost) remotehost = env_get("TCPREMOTEHOST");
+ if (!remotehost) remotehost = "unknown";
+}
+
+char unique[FMT_ULONG + FMT_ULONG + 3];
+char *hostname;
+stralloc username = {0};
+int seenuser = 0;
+char **childargs;
+buffer ba;
+char authbuf[128];
+int stls = 0;
+int seenstls = 0;
+int apop = 0;
+
+void doanddie(char *user,unsigned int userlen,char *pass) /* userlen: including 0 byte */
+{
+ int child;
+ int wstat;
+ int pi[2];
+
+ if (fd_copy(2,1) == -1) die_pipe();
+ close(FDAUTH);
+ if (pipe(pi) == -1) die_pipe();
+ if (pi[0] != FDAUTH) die_pipe();
+ switch (child = fork()) {
+ case -1:
+ die_fork();
+ case 0:
+ close(pi[1]);
+ sig_pipedefault();
+ execvp(*childargs,childargs);
+ _exit(1);
+ }
+ close(pi[0]);
+ buffer_init(&ba,write,pi[1],authbuf,sizeof(authbuf));
+ if (buffer_put(&ba,user,userlen) == -1) die_write();
+ if (buffer_put(&ba,pass,str_len(pass) + 1) == -1) die_write();
+ if (buffer_puts(&ba,"<") == -1) die_write();
+ if (buffer_puts(&ba,unique) == -1) die_write();
+ if (buffer_puts(&ba,hostname) == -1) die_write();
+ if (buffer_put(&ba,">",2) == -1) die_write();
+ if (buffer_flush(&ba) == -1) die_write();
+ close(pi[1]);
+ byte_zero(pass,str_len(pass));
+ byte_zero(authbuf,sizeof(authbuf));
+ if (wait_pid(&wstat,child) == -1) die();
+ if (wait_crashed(wstat)) die_childcrashed();
+ if (!stralloc_0(&auth)) die_nomem();
+ if (!stralloc_0(&protocol)) die_nomem();
+ if (wait_exitcode(wstat)) {
+ die_badauth();
+ log_pop("Reject::AUTH::",auth.s,protocol.s,remoteip,remotehost,user);
+ }
+ else
+ log_pop("Accept::AUTH::",auth.s,protocol.s,remoteip,remotehost,user);
+ die();
+}
+
+void pop3_greet()
+{
+ char *s;
+ s = unique;
+ s += fmt_uint(s,getpid());
+ *s++ = '.';
+ s += fmt_ulong(s,(unsigned long) now());
+ *s++ = '@';
+ *s++ = 0;
+
+ if (!apop)
+ outs("+OK\r\n");
+ else {
+ outs("+OK <");
+ outs(unique);
+ outs(hostname);
+ outs(">\r\n");
+ }
+ flush();
+}
+
+void pop3_user(char *arg)
+{
+ if (stls == 2 && !seenstls) die_notls();
+ if (!*arg) { err_syntax(); return; }
+ okay();
+ seenuser = 1;
+ if (!stralloc_copys(&username,arg)) die_nomem();
+ if (!stralloc_0(&username)) die_nomem();
+}
+
+void pop3_pass(char *arg)
+{
+ if (!seenuser) { err_wantuser(); return; }
+ if (!*arg) { err_syntax(); return; }
+ if (!stralloc_copys(&auth,"User")) die_nomem();
+ doanddie(username.s,username.len,arg);
+}
+
+void pop3_apop(char *arg)
+{
+ char *space;
+
+ if (stls == 2 && !seenstls) die_notls();
+ space = arg + str_chr(arg,' ');
+ if (!*space) { err_syntax(); return; }
+ *space++ = 0;
+ if (!stralloc_copys(&auth,"Apop")) die_nomem();
+ doanddie(arg,space - arg,space);
+}
+
+void pop3_capa(char *arg)
+{
+ outs("+OK capability list follows\r\n");
+ outs("TOP\r\n");
+ outs("USER\r\n");
+ outs("UIDL\r\n");
+ if (apop)
+ outs("APOP\r\n");
+ if (stls > 0)
+ outs("STLS\r\n");
+ outs(".\r\n");
+ flush();
+}
+
+void pop3_stls(char *arg)
+{
+ if (stls == 0 || seenstls == 1)
+ return err("STLS not available");
+ outs("+OK starting TLS negotiation\r\n");
+ flush();
+
+ if (!starttls_init()) die_tls();
+ buffer_init(&bi,saferead,FDIN,inbuf,sizeof(inbuf));
+ seenstls = 1;
+
+/* reset state */
+ seenuser = 0;
+ if (!stralloc_cats(&protocol,"S")) die_nomem();
+}
+
+struct commands pop3commands[] = {
+ { "user", pop3_user, 0 }
+, { "pass", pop3_pass, 0 }
+, { "apop", pop3_apop, 0 }
+, { "quit", pop3_quit, 0 }
+, { "capa", pop3_capa, 0 }
+, { "stls", pop3_stls, 0 }
+, { "noop", okay, 0 }
+, { 0, err_authoriz, 0 }
+};
+
+int main(int argc,char **argv)
+{
+ char *pop3auth;
+ char *ucspitls;
+
+ sig_alarmcatch(die);
+ sig_pipeignore();
+
+ hostname = argv[1];
+ if (!hostname) die_usage();
+ childargs = argv + 2;
+ if (!*childargs) die_usage();
+
+ ucspitls = env_get("UCSPITLS");
+ if (ucspitls) {
+ stls = 1;
+ if (!case_diffs(ucspitls,"-")) stls = 0;
+ if (!case_diffs(ucspitls,"!")) stls = 2;
+ }
+
+ pop3auth = env_get("POP3AUTH");
+ if (pop3auth) {
+ if (case_starts(pop3auth,"apop")) apop = 2;
+ if (case_starts(pop3auth,"+apop")) apop = 1;
+ }
+ poplog_init();
+ pop3_greet();
+ commands(&bi,pop3commands);
+ die();
+}