diff options
| author | Laurent Bercot <ska-skaware@skarnet.org> | 2026-02-10 06:36:36 +0000 |
|---|---|---|
| committer | Laurent Bercot <ska-skaware@skarnet.org> | 2026-02-10 06:36:36 +0000 |
| commit | d0eda7c30bda6901b5bcc8f04ded157626042da8 (patch) | |
| tree | 06d44a489253b997fa356bb684a972425543b063 | |
| parent | 38976bbe295bb85305dc4de01c9688f835d35299 (diff) | |
| download | smtpd-starttls-proxy-d0eda7c30bda6901b5bcc8f04ded157626042da8.tar.gz | |
Separate TLS stuff in preparation for wrapping
| -rw-r--r-- | package/deps.mak | 3 | ||||
| -rw-r--r-- | src/qmail-remote/deps-exe/qmail-remote | 1 | ||||
| -rw-r--r-- | src/qmail-remote/qmail-remote.c | 66 | ||||
| -rw-r--r-- | src/qmail-remote/qmail-remote.h | 4 | ||||
| -rw-r--r-- | src/qmail-remote/tls.c | 75 |
5 files changed, 83 insertions, 66 deletions
diff --git a/package/deps.mak b/package/deps.mak index d759f38..58d11e8 100644 --- a/package/deps.mak +++ b/package/deps.mak @@ -13,6 +13,7 @@ src/qmail-remote/qmailr_tcpto.o src/qmail-remote/qmailr_tcpto.lo: src/qmail-remo src/qmail-remote/qmailr_tls.o src/qmail-remote/qmailr_tls.lo: src/qmail-remote/qmailr_tls.c src/qmail-remote/qmailr.h src/include/smtpd-starttls-proxy/config.h src/qmail-remote/qmailr_utils.o src/qmail-remote/qmailr_utils.lo: src/qmail-remote/qmailr_utils.c src/qmail-remote/qmailr.h src/qmail-remote/smtproutes.o src/qmail-remote/smtproutes.lo: src/qmail-remote/smtproutes.c src/qmail-remote/qmail-remote.h src/qmail-remote/qmailr.h src/include/smtpd-starttls-proxy/config.h +src/qmail-remote/tls.o src/qmail-remote/tls.lo: src/qmail-remote/tls.c src/qmail-remote/qmail-remote.h src/qmail-remote/qmailr.h src/smtpd-starttls-proxy/smtpd-starttls-proxy-io.o src/smtpd-starttls-proxy/smtpd-starttls-proxy-io.lo: src/smtpd-starttls-proxy/smtpd-starttls-proxy-io.c ifeq ($(strip $(STATIC_LIBS_ARE_PIC)),) @@ -21,7 +22,7 @@ else libqmailr.a.xyzzy:src/qmail-remote/qmailr_control.lo src/qmail-remote/qmailr_error.lo src/qmail-remote/qmailr_smtp.lo src/qmail-remote/qmailr_tcpto.lo src/qmail-remote/qmailr_tls.lo src/qmail-remote/qmailr_utils.lo endif qmail-remote: EXTRA_LIBS := -qmail-remote: src/qmail-remote/qmail-remote.o src/qmail-remote/dns.o src/qmail-remote/smtproutes.o libqmailr.a.xyzzy -lskadns -ls6dns -lskarnet +qmail-remote: src/qmail-remote/qmail-remote.o src/qmail-remote/dns.o src/qmail-remote/smtproutes.o src/qmail-remote/tls.o libqmailr.a.xyzzy -lskadns -ls6dns -lskarnet qmail-remote-io: EXTRA_LIBS := qmail-remote-io: src/qmail-remote/qmail-remote-io.o libqmailr.a.xyzzy -lskarnet smtpd-starttls-proxy-io: EXTRA_LIBS := ${SOCKET_LIB} ${SYSCLOCK_LIB} diff --git a/src/qmail-remote/deps-exe/qmail-remote b/src/qmail-remote/deps-exe/qmail-remote index 4484f9b..f18c6aa 100644 --- a/src/qmail-remote/deps-exe/qmail-remote +++ b/src/qmail-remote/deps-exe/qmail-remote @@ -1,5 +1,6 @@ dns.o smtproutes.o +tls.o libqmailr.a.xyzzy -lskadns -ls6dns diff --git a/src/qmail-remote/qmail-remote.c b/src/qmail-remote/qmail-remote.c index 057f6f1..9c9bc15 100644 --- a/src/qmail-remote/qmail-remote.c +++ b/src/qmail-remote/qmail-remote.c @@ -5,10 +5,8 @@ #include <stdint.h> #include <unistd.h> #include <errno.h> -#include <limits.h> #include <skalibs/types.h> -#include <skalibs/env.h> #include <skalibs/exec.h> #include <skalibs/fmtscan.h> #include <skalibs/buffer.h> @@ -25,74 +23,12 @@ # include <skalibs/prog.h> #endif -#include <s6-networking/config.h> #include <smtpd-starttls-proxy/config.h> #include "qmailr.h" #include "qmail-remote.h" #define dieusage() qmailr_perm("qmail-remote was invoked improperly") -static inline void exec_tls (int fdr, char const *fmtip, unsigned int timeoutconnect, unsigned int timeoutremote, qmailr_tls const *qtls, size_t helopos, size_t const *eaddrpos, unsigned int n, char const *storage) gccattr_noreturn ; -static inline void exec_tls (int fdr, char const *fmtip, unsigned int timeoutconnect, unsigned int timeoutremote, qmailr_tls const *qtls, size_t helopos, size_t const *eaddrpos, unsigned int n, char const *storage) -{ - int fdw = dup(fdr) ; - unsigned int m = 0 ; - char fmtr[UINT_FMT] ; - char fmtw[UINT_FMT] ; - char fmtt[UINT_FMT] ; - char fmtk[UINT_FMT] ; - char const *argv[20 + n] ; - LOLDEBUG("connected to %s, sending with TLS", fmtip) ; - - if (fdw == -1) qmailr_tempusys("duplicate file descriptor") ; - if (!env_mexec("TLS_UID", 0) || !env_mexec("TLS_GID", 0) - || !env_mexec(qtls->flagtadir ? "CADIR" : "CAFILE", storage + qtls->tapos)) dienomem() ; - if (qtls->flagclientcert) - { - if (!env_mexec("CERTFILE", storage + qtls->certpos) - || !env_mexec("KEYFILE", storage + qtls->keypos)) dienomem() ; - } - - { - int devnull = open_readb("/dev/null") ; - if (devnull >= 0) - { - if (devnull < 3) qmailr_temp("weird fd configuration") ; - fd_move(2, devnull) ; - } - } - - fmtr[uint_fmt(fmtr, (unsigned int)fdr)] = 0 ; - fmtw[uint_fmt(fmtw, (unsigned int)fdw)] = 0 ; - fmtt[uint_fmt(fmtt, timeoutremote)] = 0 ; - fmtk[uint_fmt(fmtk, timeoutconnect > UINT_MAX/1000 ? UINT_MAX : timeoutconnect * 1000)] = 0 ; - - argv[m++] = S6_NETWORKING_EXTBINPREFIX "s6-tlsc" ; - argv[m++] = "-Sjzv0" ; - argv[m++] = "-K" ; - argv[m++] = fmtk ; - argv[m++] = "-6" ; - argv[m++] = fmtr ; - argv[m++] = "-7" ; - argv[m++] = fmtw ; - argv[m++] = "--" ; - - argv[m++] = SMTPD_STARTTLS_PROXY_LIBEXECPREFIX "qmail-remote-io" ; - argv[m++] = "-t" ; - argv[m++] = fmtt ; - argv[m++] = "-6" ; - argv[m++] = fmtr ; - argv[m++] = "-7" ; - argv[m++] = fmtw ; - argv[m++] = "--" ; - argv[m++] = fmtip ; - argv[m++] = storage + helopos ; - for (unsigned int i = 0 ; i < n ; i++) argv[m++] = storage + eaddrpos[i] ; - argv[m++] = 0 ; - mexec(argv) ; - qmailr_tempusys("exec ", argv[0]) ; -} - static inline void exec_notls (int fd, char const *fmtip, unsigned int timeoutremote, size_t helopos, size_t const *eaddrpos, unsigned int n, char const *storage) gccattr_noreturn ; static inline void exec_notls (int fd, char const *fmtip, unsigned int timeoutremote, size_t helopos, size_t const *eaddrpos, unsigned int n, char const *storage) { @@ -185,7 +121,7 @@ static void attempt_smtp (int fd, char const *ip, int is6, unsigned int timeoutc qmailr_smtp_quit(&out, timeoutremote) ; qmailr_temp("Connected to ", fmtip, " but connection died") ; } - else if (r == 220) exec_tls(fd, fmtip, timeoutconnect, timeoutremote, qtls, helopos, eaddrpos, n, storage) ; + else if (r == 220) run_tls(fd, fmtip, timeoutconnect, timeoutremote, qtls, helopos, eaddrpos, n, storage) ; if (qtls->strictness) return ; } else if (qtls->strictness >= 2) return ; diff --git a/src/qmail-remote/qmail-remote.h b/src/qmail-remote/qmail-remote.h index afe4323..24be70e 100644 --- a/src/qmail-remote/qmail-remote.h +++ b/src/qmail-remote/qmail-remote.h @@ -6,6 +6,7 @@ #include <stddef.h> #include <stdint.h> +#include <skalibs/gccattributes.h> #include <skalibs/cdb.h> #include <skalibs/stralloc.h> #include <skalibs/genalloc.h> @@ -43,4 +44,7 @@ extern int smtproutes_init (smtproutes *) ; extern int smtproutes_match (smtproutes const *, char const *, stralloc *, size_t *, uint16_t *) ; extern void smtproutes_free (smtproutes *) ; + +extern void run_tls (int, char const *, unsigned int, unsigned int, qmailr_tls const *, size_t, size_t const *, unsigned int, char const *) gccattr_noreturn ; + #endif diff --git a/src/qmail-remote/tls.c b/src/qmail-remote/tls.c new file mode 100644 index 0000000..ec8af83 --- /dev/null +++ b/src/qmail-remote/tls.c @@ -0,0 +1,75 @@ +/* ISC license. */ + +#include <unistd.h> +#include <limits.h> + +#include <skalibs/types.h> +#include <skalibs/env.h> +#include <skalibs/cspawn.h> +#include <skalibs/djbunix.h> +#include <skalibs/exec.h> + +#include <s6-networking/config.h> +#include <smtpd-starttls-proxy/config.h> + +#include "qmailr.h" +#include "qmail-remote.h" + +void run_tls (int fdr, char const *fmtip, unsigned int timeoutconnect, unsigned int timeoutremote, qmailr_tls const *qtls, size_t helopos, size_t const *eaddrpos, unsigned int n, char const *storage) +{ + int fdw = dup(fdr) ; + unsigned int m = 0 ; + char fmtr[UINT_FMT] ; + char fmtw[UINT_FMT] ; + char fmtt[UINT_FMT] ; + char fmtk[UINT_FMT] ; + char const *argv[20 + n] ; + + if (fdw == -1) qmailr_tempusys("duplicate file descriptor") ; + if (!env_mexec("TLS_UID", 0) || !env_mexec("TLS_GID", 0) + || !env_mexec(qtls->flagtadir ? "CADIR" : "CAFILE", storage + qtls->tapos)) dienomem() ; + if (qtls->flagclientcert) + { + if (!env_mexec("CERTFILE", storage + qtls->certpos) + || !env_mexec("KEYFILE", storage + qtls->keypos)) dienomem() ; + } + + { + int devnull = open_readb("/dev/null") ; + if (devnull >= 0) + { + if (devnull < 3) qmailr_temp("weird fd configuration") ; + fd_move(2, devnull) ; + } + } + + fmtr[uint_fmt(fmtr, (unsigned int)fdr)] = 0 ; + fmtw[uint_fmt(fmtw, (unsigned int)fdw)] = 0 ; + fmtt[uint_fmt(fmtt, timeoutremote)] = 0 ; + fmtk[uint_fmt(fmtk, timeoutconnect > UINT_MAX/1000 ? UINT_MAX : timeoutconnect * 1000)] = 0 ; + + argv[m++] = S6_NETWORKING_EXTBINPREFIX "s6-tlsc" ; + argv[m++] = "-Sjzv0" ; + argv[m++] = "-K" ; + argv[m++] = fmtk ; + argv[m++] = "-6" ; + argv[m++] = fmtr ; + argv[m++] = "-7" ; + argv[m++] = fmtw ; + argv[m++] = "--" ; + + argv[m++] = SMTPD_STARTTLS_PROXY_LIBEXECPREFIX "qmail-remote-io" ; + argv[m++] = "-t" ; + argv[m++] = fmtt ; + argv[m++] = "-6" ; + argv[m++] = fmtr ; + argv[m++] = "-7" ; + argv[m++] = fmtw ; + argv[m++] = "--" ; + argv[m++] = fmtip ; + argv[m++] = storage + helopos ; + for (unsigned int i = 0 ; i < n ; i++) argv[m++] = storage + eaddrpos[i] ; + argv[m++] = 0 ; + mexec(argv) ; + qmailr_tempusys("exec ", argv[0]) ; +} |