added tcp_wrappers support to the piler daemon

src/config.h

@@ -11,9 +11,9 @@
 
 #define PROGNAME "piler"
 
-#define VERSION "0.1.21"
+#define VERSION "0.1.22"
 
-#define BUILD 722
+#define BUILD 723
 
 #define HOSTID "mailarchiver"
 

src/defs.h

@@ -22,6 +22,9 @@
    #include <tre/tre.h>
    #include <tre/regex.h>
 #endif
+#ifdef HAVE_LIBWRAP
+   #include <tcpd.h>
+#endif
 
 #include <openssl/sha.h>
 #include <openssl/ssl.h>

src/piler.c

@@ -47,7 +47,7 @@ static void child_main(struct child *ptr);
 static pid_t child_make(struct child *ptr);
 int search_slot_by_pid(pid_t pid);
 void kill_children(int sig);
-void clean_exit();
+void p_clean_exit();
 void fatal(char *s);
 void initialise_configuration();
 
@@ -85,7 +85,7 @@ static void takesig(int sig){
         case SIGTERM:
         case SIGKILL:
                 quit = 1;
-                clean_exit();
+                p_clean_exit();
                 break;
 
         case SIGCHLD:
@@ -206,7 +206,7 @@ int child_pool_create(){
 
       if(children[i].pid == -1){
          syslog(LOG_PRIORITY, "error: failed to fork a child");
-         clean_exit();
+         p_clean_exit();
       }
    }
 
@@ -237,7 +237,7 @@ void kill_children(int sig){
 }
 
 
-void clean_exit(){
+void p_clean_exit(){
    if(sd != -1) close(sd);
 
    kill_children(SIGTERM);
@@ -262,7 +262,7 @@ void clean_exit(){
 
 void fatal(char *s){
    syslog(LOG_PRIORITY, "%s\n", s);
-   clean_exit();
+   p_clean_exit();
 }
 
 
@@ -439,7 +439,7 @@ int main(int argc, char **argv){
 
    for(;;){ sleep(1); }
 
-   clean_exit();
+   p_clean_exit();
 
    return 0;
 }

src/pilerexport.c

@@ -41,7 +41,7 @@ void usage(){
 }
 
 
-void clean_exit(char *msg, int rc){
+void p_clean_exit(char *msg, int rc){
    if(msg) printf("error: %s\n", msg);
 
    if(query) free(query);
@@ -207,7 +207,7 @@ int main(int argc, char **argv){
 
 
    if(regcomp(&regexp, "^([\\+a-z0-9_\\.@\\-]+)$", REG_ICASE | REG_EXTENDED)){
-      clean_exit("cannot compile rule!", 1);
+      p_clean_exit("cannot compile rule!", 1);
    }
 
 
@@ -380,7 +380,7 @@ int main(int argc, char **argv){
 
    rc += append_string_to_buffer(&query, " ORDER BY id ASC");
 
-   if(rc) clean_exit("malloc problem building query", 1);
+   if(rc) p_clean_exit("malloc problem building query", 1);
 
 
 
@@ -388,7 +388,7 @@ int main(int argc, char **argv){
    cfg = read_config(configfile);
 
 
-   if(read_key(&cfg)) clean_exit(ERR_READING_KEY, 1);
+   if(read_key(&cfg)) p_clean_exit(ERR_READING_KEY, 1);
 
 
    init_session_data(&sdata);
@@ -397,7 +397,7 @@ int main(int argc, char **argv){
    mysql_init(&(sdata.mysql));
    mysql_options(&(sdata.mysql), MYSQL_OPT_CONNECT_TIMEOUT, (const char*)&cfg.mysql_connect_timeout);
    if(mysql_real_connect(&(sdata.mysql), cfg.mysqlhost, cfg.mysqluser, cfg.mysqlpwd, cfg.mysqldb, cfg.mysqlport, cfg.mysqlsocket, 0) == 0){
-      clean_exit("cannot connect to mysql server", 1);
+      p_clean_exit("cannot connect to mysql server", 1);
    }
 
    mysql_real_query(&(sdata.mysql), "SET NAMES utf8", strlen("SET NAMES utf8"));

src/reindex.c

@@ -34,7 +34,7 @@ void usage(){
 }
 
 
-void clean_exit(char *msg, int rc){
+void p_clean_exit(char *msg, int rc){
    if(msg) printf("error: %s\n", msg);
 
    exit(rc);
@@ -188,7 +188,7 @@ int main(int argc, char **argv){
    mysql_init(&(sdata.mysql));
    mysql_options(&(sdata.mysql), MYSQL_OPT_CONNECT_TIMEOUT, (const char*)&cfg.mysql_connect_timeout);
    if(mysql_real_connect(&(sdata.mysql), cfg.mysqlhost, cfg.mysqluser, cfg.mysqlpwd, cfg.mysqldb, cfg.mysqlport, cfg.mysqlsocket, 0) == 0){
-      clean_exit("cannot connect to mysql server", 1);
+      p_clean_exit("cannot connect to mysql server", 1);
    }
 
    mysql_real_query(&(sdata.mysql), "SET NAMES utf8", strlen("SET NAMES utf8"));

src/session.c

@@ -38,6 +38,20 @@ int handle_smtp_session(int new_sd, struct __data *data, struct __config *cfg){
    char ssl_error[SMALLBUFSIZE];
 #endif
 
+
+#ifdef HAVE_LIBWRAP
+   struct request_info req;
+
+   request_init(&req, RQ_DAEMON, PROGNAME, RQ_FILE, new_sd, 0);
+   fromhost(&req);
+   if(!hosts_access(&req)){
+      send(new_sd, SMTP_RESP_550_ERR_YOU_ARE_BANNED_BY_LOCAL_POLICY, strlen(SMTP_RESP_550_ERR_YOU_ARE_BANNED_BY_LOCAL_POLICY), 0);
+      syslog(LOG_PRIORITY, "denied connection from %s by tcp_wrappers", eval_client(&req));
+      return 0;
+   }
+#endif
+
+
    state = SMTP_STATE_INIT;
 
    init_session_data(&sdata);

src/smtpcodes.h

@@ -52,6 +52,7 @@
 #define SMTP_RESP_550_ERR_PREF "550 Access denied."
 #define SMTP_RESP_550_INVALID_RECIPIENT "550 Unknown recipient\r\n"
 #define SMTP_RESP_550_ERR_TOO_LONG_RCPT_TO "550 too long recipient\r\n"
+#define SMTP_RESP_550_ERR_YOU_ARE_BANNED_BY_LOCAL_POLICY "550 You are banned by local policy\r\n"
 #define SMTP_RESP_552_ERR "552 Too many recipients\r\n"