pilergetd support unencrypted connections too

This commit is contained in:
SJ 2013-04-18 16:49:18 +02:00
parent e118705551
commit 86a236311d
6 changed files with 57 additions and 38 deletions

View File

@ -209,7 +209,7 @@ CLEANUP:
} }
int file_from_archive_to_network(char *filename, int sd, struct __data *data, struct __config *cfg){ int file_from_archive_to_network(char *filename, int sd, int tls_enable, struct __data *data, struct __config *cfg){
int n, olen, tlen, len, fd=-1; int n, olen, tlen, len, fd=-1;
unsigned char *s=NULL, *addr=NULL, inbuf[REALLYBIGBUFSIZE]; unsigned char *s=NULL, *addr=NULL, inbuf[REALLYBIGBUFSIZE];
struct stat st; struct stat st;
@ -266,12 +266,12 @@ int file_from_archive_to_network(char *filename, int sd, struct __data *data, st
tlen += olen; tlen += olen;
write1(sd, s, tlen, 1, data->ssl); write1(sd, s, tlen, tls_enable, data->ssl);
} }
else { else {
addr = mmap(NULL, st.st_size, PROT_READ, MAP_PRIVATE, fd, 0); addr = mmap(NULL, st.st_size, PROT_READ, MAP_PRIVATE, fd, 0);
write1(sd, addr, st.st_size, 1, data->ssl); write1(sd, addr, st.st_size, tls_enable, data->ssl);
munmap(addr, st.st_size); munmap(addr, st.st_size);
} }

View File

@ -14,7 +14,7 @@
#define VERSION "0.1.24-master-branch" #define VERSION "0.1.24-master-branch"
#define BUILD 792 #define BUILD 793
#define HOSTID "mailarchiver" #define HOSTID "mailarchiver"

View File

@ -51,7 +51,7 @@ void check_and_create_directories(struct __config *cfg, uid_t uid, gid_t gid);
void update_counters(struct session_data *sdata, struct __data *data, struct __counters *counters, struct __config *cfg); void update_counters(struct session_data *sdata, struct __data *data, struct __counters *counters, struct __config *cfg);
int retrieve_email_from_archive(struct session_data *sdata, struct __data *data, FILE *dest, struct __config *cfg); int retrieve_email_from_archive(struct session_data *sdata, struct __data *data, FILE *dest, struct __config *cfg);
int file_from_archive_to_network(char *filename, int sd, struct __data *data, struct __config *cfg); int file_from_archive_to_network(char *filename, int sd, int tls_enable, struct __data *data, struct __config *cfg);
int prepare_a_mysql_statement(struct session_data *sdata, MYSQL_STMT **stmt, char *s); int prepare_a_mysql_statement(struct session_data *sdata, MYSQL_STMT **stmt, char *s);

View File

@ -333,7 +333,7 @@ int main(int argc, char **argv){
initialise_configuration(); initialise_configuration();
if(init_ssl() == ERR) fatal("cannot init ssl"); if(cfg.tls_enable > 0 && init_ssl() == ERR) fatal("cannot init ssl");
set_signal_handler (SIGPIPE, SIG_IGN); set_signal_handler (SIGPIPE, SIG_IGN);

View File

@ -64,10 +64,50 @@ int stat_message(struct session_data *sdata, struct __data *data, char **buf, in
} }
int handle_pilerget_request(int new_sd, struct __data *data, struct __config *cfg){ int do_ssl_handshake(struct session_data *sdata, struct __data *data, int new_sd, struct __config *cfg){
int len, n, ssl_ok=0, auth_ok=0, n_files=0; int ssl_ok=0, rc;
char *q, buf[MAXBUFSIZE], puf[MAXBUFSIZE], muf[TINYBUFSIZE], resp[MAXBUFSIZE];
char ssl_error[SMALLBUFSIZE]; char ssl_error[SMALLBUFSIZE];
if(data->ctx){
data->ssl = SSL_new(data->ctx);
if(data->ssl){
if(SSL_set_fd(data->ssl, new_sd) == 1){
ssl_ok = 1;
}
else syslog(LOG_PRIORITY, "SSL_set_fd() failed");
}
else syslog(LOG_PRIORITY, "SSL_new() failed");
}
else syslog(LOG_PRIORITY, "SSL ctx is null!");
if(ssl_ok == 0){
send(new_sd, SMTP_RESP_421_ERR_TMP, strlen(SMTP_RESP_421_ERR_TMP), 0);
return ERR;
}
rc = SSL_accept(data->ssl);
if(cfg->verbosity >= _LOG_DEBUG) syslog(LOG_PRIORITY, "SSL_accept() finished");
if(rc == 1){
sdata->tls = 1;
return OK;
}
else {
ERR_error_string_n(ERR_get_error(), ssl_error, SMALLBUFSIZE);
syslog(LOG_PRIORITY, "SSL_accept() failed, rc=%d, errorcode: %d, error text: %s\n", rc, SSL_get_error(data->ssl, rc), ssl_error);
return ERR;
}
}
int handle_pilerget_request(int new_sd, struct __data *data, struct __config *cfg){
int len, n, auth_ok=0, n_files=0;
char *q, buf[MAXBUFSIZE], puf[MAXBUFSIZE], muf[TINYBUFSIZE], resp[MAXBUFSIZE];
struct session_data sdata; struct session_data sdata;
int db_conn=0; int db_conn=0;
int rc; int rc;
@ -131,33 +171,11 @@ int handle_pilerget_request(int new_sd, struct __data *data, struct __config *cf
gettimeofday(&tv1, &tz); gettimeofday(&tv1, &tz);
if(data->ctx){ if(cfg->tls_enable > 0){
data->ssl = SSL_new(data->ctx); if(do_ssl_handshake(&sdata, data, new_sd, cfg) == ERR) goto QUITTING;
if(data->ssl){
if(SSL_set_fd(data->ssl, new_sd) == 1){
ssl_ok = 1;
} else syslog(LOG_PRIORITY, "SSL_set_fd() failed");
} else syslog(LOG_PRIORITY, "SSL_new() failed");
} else syslog(LOG_PRIORITY, "SSL ctx is null!");
if(ssl_ok == 0){
send(new_sd, SMTP_RESP_421_ERR_TMP, strlen(SMTP_RESP_421_ERR_TMP), 0);
return 0;
}
rc = SSL_accept(data->ssl);
if(cfg->verbosity >= _LOG_DEBUG) syslog(LOG_PRIORITY, "SSL_accept() finished");
if(rc == 1){
sdata.tls = 1;
} }
else { else {
ERR_error_string_n(ERR_get_error(), ssl_error, SMALLBUFSIZE); auth_ok = 1;
syslog(LOG_PRIORITY, "SSL_accept() failed, rc=%d, errorcode: %d, error text: %s\n", rc, SSL_get_error(data->ssl, rc), ssl_error);
goto QUITTING;
} }
@ -223,7 +241,7 @@ int handle_pilerget_request(int new_sd, struct __data *data, struct __config *cf
if(strlen(&puf[5]) >= RND_STR_LEN){ if(strlen(&puf[5]) >= RND_STR_LEN){
len = stat_file(&sdata, &puf[5], &q, sizeof(muf)-2, cfg); len = stat_file(&sdata, &puf[5], &q, sizeof(muf)-2, cfg);
file_from_archive_to_network(muf, new_sd, data, cfg); file_from_archive_to_network(muf, new_sd, sdata.tls, data, cfg);
n_files++; n_files++;
} }
else { else {

View File

@ -64,9 +64,10 @@ class ModelSearchMessage extends Model {
$l = fgets($sd, 4096); $l = fgets($sd, 4096);
fputs($sd, "AUTH " . PILERGETD_PASSWORD . "\r\n"); if(substr(PILERGETD_HOST, 0, 6) == 'ssl://') {
fputs($sd, "AUTH " . PILERGETD_PASSWORD . "\r\n");
$l = fgets($sd, 4096); $l = fgets($sd, 4096);
}
Registry::set('sd', $sd); Registry::set('sd', $sd);
} }