From 86a236311dee31d68f089305c4ca000ff142fe56 Mon Sep 17 00:00:00 2001 From: SJ Date: Thu, 18 Apr 2013 16:49:18 +0200 Subject: [PATCH] pilergetd support unencrypted connections too --- src/archive.c | 6 +-- src/config.h | 2 +- src/piler.h | 2 +- src/pilergetd.c | 2 +- src/retr.c | 76 +++++++++++++++++++++------------- webui/model/search/message.php | 7 ++-- 6 files changed, 57 insertions(+), 38 deletions(-) diff --git a/src/archive.c b/src/archive.c index b1bf9aa3..4dfcf710 100644 --- a/src/archive.c +++ b/src/archive.c @@ -209,7 +209,7 @@ CLEANUP: } -int file_from_archive_to_network(char *filename, int sd, struct __data *data, struct __config *cfg){ +int file_from_archive_to_network(char *filename, int sd, int tls_enable, struct __data *data, struct __config *cfg){ int n, olen, tlen, len, fd=-1; unsigned char *s=NULL, *addr=NULL, inbuf[REALLYBIGBUFSIZE]; struct stat st; @@ -266,12 +266,12 @@ int file_from_archive_to_network(char *filename, int sd, struct __data *data, st tlen += olen; - write1(sd, s, tlen, 1, data->ssl); + write1(sd, s, tlen, tls_enable, data->ssl); } else { addr = mmap(NULL, st.st_size, PROT_READ, MAP_PRIVATE, fd, 0); - write1(sd, addr, st.st_size, 1, data->ssl); + write1(sd, addr, st.st_size, tls_enable, data->ssl); munmap(addr, st.st_size); } diff --git a/src/config.h b/src/config.h index d8fc9928..abf998bc 100644 --- a/src/config.h +++ b/src/config.h @@ -14,7 +14,7 @@ #define VERSION "0.1.24-master-branch" -#define BUILD 792 +#define BUILD 793 #define HOSTID "mailarchiver" diff --git a/src/piler.h b/src/piler.h index deac27f0..e9e53c7f 100644 --- a/src/piler.h +++ b/src/piler.h @@ -51,7 +51,7 @@ void check_and_create_directories(struct __config *cfg, uid_t uid, gid_t gid); void update_counters(struct session_data *sdata, struct __data *data, struct __counters *counters, struct __config *cfg); int retrieve_email_from_archive(struct session_data *sdata, struct __data *data, FILE *dest, struct __config *cfg); -int file_from_archive_to_network(char *filename, int sd, struct __data *data, struct __config *cfg); +int file_from_archive_to_network(char *filename, int sd, int tls_enable, struct __data *data, struct __config *cfg); int prepare_a_mysql_statement(struct session_data *sdata, MYSQL_STMT **stmt, char *s); diff --git a/src/pilergetd.c b/src/pilergetd.c index 768e33d1..325b1fb2 100644 --- a/src/pilergetd.c +++ b/src/pilergetd.c @@ -333,7 +333,7 @@ int main(int argc, char **argv){ initialise_configuration(); - if(init_ssl() == ERR) fatal("cannot init ssl"); + if(cfg.tls_enable > 0 && init_ssl() == ERR) fatal("cannot init ssl"); set_signal_handler (SIGPIPE, SIG_IGN); diff --git a/src/retr.c b/src/retr.c index 23e4209d..f7bf3fca 100644 --- a/src/retr.c +++ b/src/retr.c @@ -64,10 +64,50 @@ int stat_message(struct session_data *sdata, struct __data *data, char **buf, in } -int handle_pilerget_request(int new_sd, struct __data *data, struct __config *cfg){ - int len, n, ssl_ok=0, auth_ok=0, n_files=0; - char *q, buf[MAXBUFSIZE], puf[MAXBUFSIZE], muf[TINYBUFSIZE], resp[MAXBUFSIZE]; +int do_ssl_handshake(struct session_data *sdata, struct __data *data, int new_sd, struct __config *cfg){ + int ssl_ok=0, rc; char ssl_error[SMALLBUFSIZE]; + + if(data->ctx){ + data->ssl = SSL_new(data->ctx); + + if(data->ssl){ + if(SSL_set_fd(data->ssl, new_sd) == 1){ + ssl_ok = 1; + } + else syslog(LOG_PRIORITY, "SSL_set_fd() failed"); + } + else syslog(LOG_PRIORITY, "SSL_new() failed"); + } + else syslog(LOG_PRIORITY, "SSL ctx is null!"); + + + if(ssl_ok == 0){ + send(new_sd, SMTP_RESP_421_ERR_TMP, strlen(SMTP_RESP_421_ERR_TMP), 0); + return ERR; + } + + + rc = SSL_accept(data->ssl); + + if(cfg->verbosity >= _LOG_DEBUG) syslog(LOG_PRIORITY, "SSL_accept() finished"); + + if(rc == 1){ + sdata->tls = 1; + return OK; + } + else { + ERR_error_string_n(ERR_get_error(), ssl_error, SMALLBUFSIZE); + syslog(LOG_PRIORITY, "SSL_accept() failed, rc=%d, errorcode: %d, error text: %s\n", rc, SSL_get_error(data->ssl, rc), ssl_error); + return ERR; + } + +} + + +int handle_pilerget_request(int new_sd, struct __data *data, struct __config *cfg){ + int len, n, auth_ok=0, n_files=0; + char *q, buf[MAXBUFSIZE], puf[MAXBUFSIZE], muf[TINYBUFSIZE], resp[MAXBUFSIZE]; struct session_data sdata; int db_conn=0; int rc; @@ -131,33 +171,11 @@ int handle_pilerget_request(int new_sd, struct __data *data, struct __config *cf gettimeofday(&tv1, &tz); - if(data->ctx){ - data->ssl = SSL_new(data->ctx); - if(data->ssl){ - if(SSL_set_fd(data->ssl, new_sd) == 1){ - ssl_ok = 1; - } else syslog(LOG_PRIORITY, "SSL_set_fd() failed"); - } else syslog(LOG_PRIORITY, "SSL_new() failed"); - } else syslog(LOG_PRIORITY, "SSL ctx is null!"); - - - if(ssl_ok == 0){ - send(new_sd, SMTP_RESP_421_ERR_TMP, strlen(SMTP_RESP_421_ERR_TMP), 0); - return 0; - } - - - rc = SSL_accept(data->ssl); - - if(cfg->verbosity >= _LOG_DEBUG) syslog(LOG_PRIORITY, "SSL_accept() finished"); - - if(rc == 1){ - sdata.tls = 1; + if(cfg->tls_enable > 0){ + if(do_ssl_handshake(&sdata, data, new_sd, cfg) == ERR) goto QUITTING; } else { - ERR_error_string_n(ERR_get_error(), ssl_error, SMALLBUFSIZE); - syslog(LOG_PRIORITY, "SSL_accept() failed, rc=%d, errorcode: %d, error text: %s\n", rc, SSL_get_error(data->ssl, rc), ssl_error); - goto QUITTING; + auth_ok = 1; } @@ -223,7 +241,7 @@ int handle_pilerget_request(int new_sd, struct __data *data, struct __config *cf if(strlen(&puf[5]) >= RND_STR_LEN){ len = stat_file(&sdata, &puf[5], &q, sizeof(muf)-2, cfg); - file_from_archive_to_network(muf, new_sd, data, cfg); + file_from_archive_to_network(muf, new_sd, sdata.tls, data, cfg); n_files++; } else { diff --git a/webui/model/search/message.php b/webui/model/search/message.php index 55740399..e0a987b8 100644 --- a/webui/model/search/message.php +++ b/webui/model/search/message.php @@ -64,9 +64,10 @@ class ModelSearchMessage extends Model { $l = fgets($sd, 4096); - fputs($sd, "AUTH " . PILERGETD_PASSWORD . "\r\n"); - - $l = fgets($sd, 4096); + if(substr(PILERGETD_HOST, 0, 6) == 'ssl://') { + fputs($sd, "AUTH " . PILERGETD_PASSWORD . "\r\n"); + $l = fgets($sd, 4096); + } Registry::set('sd', $sd); }