mirror of
https://bitbucket.org/jsuto/piler.git
synced 2024-11-08 00:31:58 +01:00
added encrypt_messages piler.conf option to decide whether to encrypt messages or not
This commit is contained in:
SJ
parent
d7792ee9f3
commit
04a39461d3
@ -25,6 +25,9 @@ default_retention_days=2557
|
||||
; this is a 16 character long vector
|
||||
iv=****************
|
||||
|
||||
; whether to encrypt messages (1) or not (0).
|
||||
encrypt_messages=1
|
||||
|
||||
; number of worker processes, ie. the number of simultaneous smtp connections to piler.
|
||||
number_of_worker_processes=10
|
||||
|
||||
|
||||
@ -8,6 +8,7 @@
|
||||
#include <sys/time.h>
|
||||
#include <sys/types.h>
|
||||
#include <sys/stat.h>
|
||||
#include <sys/mman.h>
|
||||
#include <fcntl.h>
|
||||
#include <unistd.h>
|
||||
#include <time.h>
|
||||
@ -132,7 +133,7 @@ int inf(unsigned char *in, int len, int mode, char **buffer, FILE *dest){
|
||||
|
||||
int retrieve_file_from_archive(char *filename, int mode, char **buffer, FILE *dest, struct __config *cfg){
|
||||
int rc=0, n, olen, tlen, len, fd=-1;
|
||||
unsigned char *s=NULL, inbuf[REALLYBIGBUFSIZE];
|
||||
unsigned char *s=NULL, *addr=NULL, inbuf[REALLYBIGBUFSIZE];
|
||||
struct stat st;
|
||||
EVP_CIPHER_CTX ctx;
|
||||
|
||||
@ -154,49 +155,55 @@ int retrieve_file_from_archive(char *filename, int mode, char **buffer, FILE *de
|
||||
}
|
||||
|
||||
|
||||
EVP_CIPHER_CTX_init(&ctx);
|
||||
EVP_DecryptInit_ex(&ctx, EVP_bf_cbc(), NULL, cfg->key, cfg->iv);
|
||||
if(cfg->encrypt_messages == 1){
|
||||
EVP_CIPHER_CTX_init(&ctx);
|
||||
EVP_DecryptInit_ex(&ctx, EVP_bf_cbc(), NULL, cfg->key, cfg->iv);
|
||||
|
||||
len = st.st_size+EVP_MAX_BLOCK_LENGTH;
|
||||
len = st.st_size+EVP_MAX_BLOCK_LENGTH;
|
||||
|
||||
s = malloc(len);
|
||||
s = malloc(len);
|
||||
|
||||
if(!s){
|
||||
printf("malloc()\n");
|
||||
goto CLEANUP;
|
||||
}
|
||||
|
||||
|
||||
tlen = 0;
|
||||
|
||||
while((n = read(fd, inbuf, sizeof(inbuf)))){
|
||||
|
||||
if(!EVP_DecryptUpdate(&ctx, s+tlen, &olen, inbuf, n)){
|
||||
syslog(LOG_PRIORITY, "%s: EVP_DecryptUpdate()", filename);
|
||||
if(!s){
|
||||
printf("malloc()\n");
|
||||
goto CLEANUP;
|
||||
}
|
||||
|
||||
tlen = 0;
|
||||
|
||||
while((n = read(fd, inbuf, sizeof(inbuf)))){
|
||||
|
||||
if(!EVP_DecryptUpdate(&ctx, s+tlen, &olen, inbuf, n)){
|
||||
syslog(LOG_PRIORITY, "%s: EVP_DecryptUpdate()", filename);
|
||||
goto CLEANUP;
|
||||
}
|
||||
|
||||
tlen += olen;
|
||||
}
|
||||
|
||||
|
||||
if(EVP_DecryptFinal(&ctx, s + tlen, &olen) != 1){
|
||||
syslog(LOG_PRIORITY, "%s: EVP_DecryptFinal()", filename);
|
||||
goto CLEANUP;
|
||||
}
|
||||
|
||||
|
||||
tlen += olen;
|
||||
rc = inf(s, tlen, mode, buffer, dest);
|
||||
}
|
||||
else {
|
||||
addr = mmap(NULL, st.st_size, PROT_READ, MAP_PRIVATE, fd, 0);
|
||||
rc = inf(addr, st.st_size, mode, buffer, dest);
|
||||
munmap(addr, st.st_size);
|
||||
}
|
||||
|
||||
|
||||
if(EVP_DecryptFinal(&ctx, s + tlen, &olen) != 1){
|
||||
syslog(LOG_PRIORITY, "%s: EVP_DecryptFinal()", filename);
|
||||
goto CLEANUP;
|
||||
}
|
||||
|
||||
|
||||
tlen += olen;
|
||||
|
||||
|
||||
rc = inf(s, tlen, mode, buffer, dest);
|
||||
if(rc != Z_OK) zerr(rc);
|
||||
|
||||
|
||||
CLEANUP:
|
||||
if(fd != -1) close(fd);
|
||||
if(s) free(s);
|
||||
EVP_CIPHER_CTX_cleanup(&ctx);
|
||||
if(cfg->encrypt_messages == 1) EVP_CIPHER_CTX_cleanup(&ctx);
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
||||
@ -67,6 +67,7 @@ struct _parse_rule config_parse_rules[] =
|
||||
{ "clamd_socket", "string", (void*) string_parser, offsetof(struct __config, clamd_socket), CLAMD_SOCKET, MAXVAL-1},
|
||||
{ "debug", "integer", (void*) int_parser, offsetof(struct __config, debug), "0", sizeof(int)},
|
||||
{ "default_retention_days", "integer", (void*) int_parser, offsetof(struct __config, default_retention_days), "2557", sizeof(int)},
|
||||
{ "encrypt_messages", "integer", (void*) int_parser, offsetof(struct __config, encrypt_messages), "1", sizeof(int)},
|
||||
{ "extra_to_field", "string", (void*) string_parser, offsetof(struct __config, extra_to_field), "", MAXVAL-1},
|
||||
{ "hostid", "string", (void*) string_parser, offsetof(struct __config, hostid), HOSTID, MAXVAL-1},
|
||||
{ "iv", "string", (void*) string_parser, offsetof(struct __config, iv), "", MAXVAL-1},
|
||||
|
||||
@ -21,6 +21,8 @@ struct __config {
|
||||
int clamd_port;
|
||||
char clamd_socket[MAXVAL];
|
||||
|
||||
int encrypt_messages;
|
||||
|
||||
int tls_enable;
|
||||
char pemfile[MAXVAL];
|
||||
char cipher_list[MAXVAL];
|
||||
|
||||
@ -13,7 +13,7 @@
|
||||
|
||||
#define VERSION "0.1.23-master-branch"
|
||||
|
||||
#define BUILD 751
|
||||
#define BUILD 752
|
||||
|
||||
#define HOSTID "mailarchiver"
|
||||
|
||||
|
||||
46
src/store.c
46
src/store.c
@ -48,7 +48,7 @@ int store_file(struct session_data *sdata, char *filename, int startpos, int len
|
||||
|
||||
EVP_CIPHER_CTX ctx;
|
||||
unsigned char *outbuf=NULL;
|
||||
int outlen, tmplen;
|
||||
int outlen, writelen, tmplen;
|
||||
|
||||
struct timezone tz;
|
||||
struct timeval tv1, tv2;
|
||||
@ -91,22 +91,23 @@ int store_file(struct session_data *sdata, char *filename, int startpos, int len
|
||||
|
||||
if(rc != Z_OK) goto ENDE;
|
||||
|
||||
gettimeofday(&tv1, &tz);
|
||||
if(cfg->encrypt_messages == 1){
|
||||
gettimeofday(&tv1, &tz);
|
||||
|
||||
EVP_CIPHER_CTX_init(&ctx);
|
||||
EVP_EncryptInit_ex(&ctx, EVP_bf_cbc(), NULL, cfg->key, cfg->iv);
|
||||
EVP_CIPHER_CTX_init(&ctx);
|
||||
EVP_EncryptInit_ex(&ctx, EVP_bf_cbc(), NULL, cfg->key, cfg->iv);
|
||||
|
||||
outbuf = malloc(dstlen + EVP_MAX_BLOCK_LENGTH);
|
||||
if(outbuf == NULL) goto ENDE;
|
||||
outbuf = malloc(dstlen + EVP_MAX_BLOCK_LENGTH);
|
||||
if(outbuf == NULL) goto ENDE;
|
||||
|
||||
if(!EVP_EncryptUpdate(&ctx, outbuf, &outlen, z, dstlen)) goto ENDE;
|
||||
if(!EVP_EncryptFinal_ex(&ctx, outbuf + outlen, &tmplen)) goto ENDE;
|
||||
outlen += tmplen;
|
||||
EVP_CIPHER_CTX_cleanup(&ctx);
|
||||
|
||||
gettimeofday(&tv2, &tz);
|
||||
sdata->__encrypt += tvdiff(tv2, tv1);
|
||||
if(!EVP_EncryptUpdate(&ctx, outbuf, &outlen, z, dstlen)) goto ENDE;
|
||||
if(!EVP_EncryptFinal_ex(&ctx, outbuf + outlen, &tmplen)) goto ENDE;
|
||||
outlen += tmplen;
|
||||
EVP_CIPHER_CTX_cleanup(&ctx);
|
||||
|
||||
gettimeofday(&tv2, &tz);
|
||||
sdata->__encrypt += tvdiff(tv2, tv1);
|
||||
}
|
||||
|
||||
/* create a filename in the store based on piler_id */
|
||||
|
||||
@ -146,14 +147,21 @@ int store_file(struct session_data *sdata, char *filename, int startpos, int len
|
||||
}
|
||||
|
||||
|
||||
n = write(fd, outbuf, outlen);
|
||||
|
||||
if(n == outlen){
|
||||
ret = 1;
|
||||
if(cfg->verbosity >= _LOG_DEBUG) syslog(LOG_PRIORITY, "%s: stored '%s' %d/%d bytes", sdata->ttmpfile, filename, len, outlen);
|
||||
if(cfg->encrypt_messages == 1){
|
||||
n = write(fd, outbuf, outlen);
|
||||
writelen = outlen;
|
||||
}
|
||||
else {
|
||||
syslog(LOG_PRIORITY, "%s: cannot write %d bytes (only %d)", sdata->ttmpfile, outlen, n);
|
||||
n = write(fd, z, dstlen);
|
||||
writelen = dstlen;
|
||||
}
|
||||
|
||||
if(n == writelen){
|
||||
ret = 1;
|
||||
if(cfg->verbosity >= _LOG_DEBUG) syslog(LOG_PRIORITY, "%s: stored '%s' %d/%d bytes", sdata->ttmpfile, filename, len, writelen);
|
||||
}
|
||||
else {
|
||||
syslog(LOG_PRIORITY, "%s: cannot write %d bytes (only %d)", sdata->ttmpfile, writelen, n);
|
||||
}
|
||||
|
||||
fsync(fd);
|
||||
|
||||
Loading…
Reference in New Issue
Block a user