2 * smtp.c -- nmh SMTP interface
4 * This code is Copyright (c) 2002, by the authors of nmh. See the
5 * COPYRIGHT file in the root directory of the nmh distribution for
6 * complete copyright information.
13 #include <h/signals.h>
16 #include <sasl/sasl.h>
17 #include <sasl/saslutil.h>
18 # if SASL_VERSION_FULL < 0x020125
19 /* Cyrus SASL 2.1.25 introduced the sasl_callback_ft prototype,
20 which has an explicit void parameter list, according to best
21 practice. So we need to cast to avoid compile warnings.
22 Provide this prototype for earlier versions. */
23 typedef int (*sasl_callback_ft)();
24 # endif /* SASL_VERSION_FULL < 0x020125 */
25 #include <sys/socket.h>
26 #include <netinet/in.h>
27 #include <arpa/inet.h>
30 #endif /* CYRUS_SASL */
33 #include <openssl/ssl.h>
34 #include <openssl/err.h>
35 #endif /* TLS_SUPPORT */
38 * This module implements an interface to SendMail very similar
39 * to the MMDF mm_(3) routines. The sm_() routines herein talk
40 * SMTP to a sendmail process, mapping SMTP reply codes into
45 * On older 4.2BSD machines without the POSIX function `sigaction',
46 * the alarm handing stuff for time-outs will NOT work due to the way
47 * syscalls get restarted. This is not really crucial, since SendMail
48 * is generally well-behaved in this area.
53 * It appears that some versions of Sendmail will return Code 451
54 * when they don't really want to indicate a failure.
55 * "Code 451 almost always means sendmail has deferred; we don't
56 * really want bomb out at this point since sendmail will rectify
57 * things later." So, if you define SENDMAILBUG, Code 451 is
58 * considered the same as Code 250. Yuck!
65 #define NBITS ((sizeof (int)) * 8)
68 * these codes must all be different!
70 #define SM_OPEN 300 /* Changed to 5 minutes to comply with a SHOULD in RFC 1123 */
73 #define SM_MAIL 301 /* changed to 5 minutes and a second (for uniqueness), see above */
74 #define SM_RCPT 302 /* see above */
75 #define SM_DATA 120 /* see above */
76 #define SM_TEXT 180 /* see above */
77 #define SM_DOT 600 /* see above */
82 #endif /* CYRUS_SASL */
84 static int sm_addrs = 0;
85 static int sm_alarmed = 0;
86 static int sm_child = NOTOK;
87 static int sm_debug = 0;
88 static int sm_nl = TRUE;
89 static int sm_verbose = 0;
91 static FILE *sm_rfp = NULL;
92 static FILE *sm_wfp = NULL;
96 * Some globals needed by SASL
99 static sasl_conn_t *conn = NULL; /* SASL connection state */
100 static int sasl_complete = 0; /* Has authentication succeded? */
101 static sasl_ssf_t sasl_ssf; /* Our security strength factor */
102 static char *sasl_pw_context[2]; /* Context to pass into sm_get_pass */
103 static int maxoutbuf; /* Maximum crypto output buffer */
104 static char *sasl_outbuffer; /* SASL output buffer for encryption */
105 static int sasl_outbuflen; /* Current length of data in outbuf */
106 static int sm_get_user(void *, int, const char **, unsigned *);
107 static int sm_get_pass(sasl_conn_t *, void *, int, sasl_secret_t **);
109 static sasl_callback_t callbacks[] = {
110 { SASL_CB_USER, (sasl_callback_ft) sm_get_user, NULL },
111 #define SM_SASL_N_CB_USER 0
112 { SASL_CB_PASS, (sasl_callback_ft) sm_get_pass, NULL },
113 #define SM_SASL_N_CB_PASS 1
114 { SASL_CB_AUTHNAME, (sasl_callback_ft) sm_get_user, NULL },
115 #define SM_SASL_N_CB_AUTHNAME 2
116 { SASL_CB_LIST_END, NULL, NULL },
119 #else /* CYRUS_SASL */
121 #endif /* CYRUS_SASL */
124 static SSL_CTX *sslctx = NULL;
125 static SSL *ssl = NULL;
126 static BIO *sbior = NULL;
127 static BIO *sbiow = NULL;
128 static BIO *io = NULL;
129 #endif /* TLS_SUPPORT */
131 #if defined(CYRUS_SASL) || defined(TLS_SUPPORT)
132 #define SASL_MAXRECVBUF 65536
133 static int sm_fgetc(FILE *);
134 static char *sasl_inbuffer; /* SASL input buffer for encryption */
135 static char *sasl_inptr; /* Pointer to current inbuf position */
136 static int sasl_inbuflen; /* Current length of data in inbuf */
138 #define sm_fgetc fgetc
141 static int tls_active = 0;
143 static char *sm_noreply = "No reply text given";
144 static char *sm_moreply = "; ";
146 struct smtp sm_reply; /* global... */
150 static int doingEHLO;
151 char *EHLOkeys[MAXEHLO + 1];
156 static int smtp_init (char *, char *, char *, int, int, int, int, int, int,
157 char *, char *, int);
158 static int sendmail_init (char *, char *, int, int, int, int, int, int,
161 static int rclient (char *, char *);
162 static int sm_ierror (char *fmt, ...);
163 static int smtalk (int time, char *fmt, ...);
164 static int sm_wrecord (char *, int);
165 static int sm_wstream (char *, int);
166 static int sm_werror (void);
167 static int smhear (void);
168 static int sm_rrecord (char *, int *);
169 static int sm_rerror (int);
170 static void alrmser (int);
171 static char *EHLOset (char *);
172 static int sm_fwrite(char *, int);
173 static int sm_fputs(char *);
174 static int sm_fputc(int);
175 static void sm_fflush(void);
176 static int sm_fgets(char *, int, FILE *);
180 * Function prototypes needed for SASL
183 static int sm_auth_sasl(char *, int, char *, char *);
184 #endif /* CYRUS_SASL */
187 sm_init (char *client, char *server, char *port, int watch, int verbose,
188 int debug, int queued, int sasl, int saslssf,
189 char *saslmech, char *user, int tls)
191 if (sm_mts == MTS_SMTP)
192 return smtp_init (client, server, port, watch, verbose,
193 debug, queued, sasl, saslssf, saslmech,
196 return sendmail_init (client, server, watch, verbose,
197 debug, queued, sasl, saslssf, saslmech,
202 smtp_init (char *client, char *server, char *port, int watch, int verbose,
203 int debug, int queued,
204 int sasl, int saslssf, char *saslmech, char *user, int tls)
206 int result, sd1, sd2;
209 #else /* CYRUS_SASL */
211 NMH_UNUSED (saslssf);
212 NMH_UNUSED (saslmech);
214 #endif /* CYRUS_SASL */
219 sm_verbose = verbose;
222 if (sm_rfp != NULL && sm_wfp != NULL)
225 if (client == NULL || *client == '\0') {
229 client = LocalName(1); /* no clientname -> LocalName */
234 * Last-ditch check just in case client still isn't set to anything
237 if (client == NULL || *client == '\0')
238 client = "localhost";
240 #if defined(CYRUS_SASL) || defined(TLS_SUPPORT)
241 sasl_inbuffer = malloc(SASL_MAXRECVBUF);
243 return sm_ierror("Unable to allocate %d bytes for read buffer",
245 #endif /* CYRUS_SASL || TLS_SUPPORT */
247 if ((sd1 = rclient (server, port)) == NOTOK)
250 if ((sd2 = dup (sd1)) == NOTOK) {
252 return sm_ierror ("unable to dup");
255 SIGNAL (SIGALRM, alrmser);
256 SIGNAL (SIGPIPE, SIG_IGN);
258 if ((sm_rfp = fdopen (sd1, "r")) == NULL
259 || (sm_wfp = fdopen (sd2, "w")) == NULL) {
262 sm_rfp = sm_wfp = NULL;
263 return sm_ierror ("unable to fdopen");
283 * Give EHLO or HELO command
287 result = smtalk (SM_HELO, "EHLO %s", client);
290 if (result >= 500 && result <= 599)
291 result = smtalk (SM_HELO, "HELO %s", client);
300 * If the user requested TLS support, then try to do the STARTTLS command
301 * as part of the initial dialog. Assuming this works, we then need to
302 * restart the EHLO dialog after TLS negotiation is complete.
308 if (! EHLOset("STARTTLS")) {
310 return sm_ierror("SMTP server does not support TLS");
313 result = smtalk(SM_HELO, "STARTTLS");
321 * Okay, the other side should be waiting for us to start TLS
322 * negotiation. Oblige them.
326 const SSL_METHOD *method;
329 SSL_load_error_strings();
331 method = TLSv1_client_method(); /* Not sure about this */
333 sslctx = SSL_CTX_new(method);
337 return sm_ierror("Unable to initialize OpenSSL context: %s",
338 ERR_error_string(ERR_get_error(), NULL));
342 ssl = SSL_new(sslctx);
346 return sm_ierror("Unable to create SSL connection: %s",
347 ERR_error_string(ERR_get_error(), NULL));
350 sbior = BIO_new_socket(fileno(sm_rfp), BIO_NOCLOSE);
351 sbiow = BIO_new_socket(fileno(sm_wfp), BIO_NOCLOSE);
353 if (sbior == NULL || sbiow == NULL) {
355 return sm_ierror("Unable to create BIO endpoints: %s",
356 ERR_error_string(ERR_get_error(), NULL));
359 SSL_set_bio(ssl, sbior, sbiow);
360 SSL_set_connect_state(ssl);
363 * Set up a BIO to handle buffering for us
366 io = BIO_new(BIO_f_buffer());
370 return sm_ierror("Unable to create a buffer BIO: %s",
371 ERR_error_string(ERR_get_error(), NULL));
374 ssl_bio = BIO_new(BIO_f_ssl());
378 return sm_ierror("Unable to create a SSL BIO: %s",
379 ERR_error_string(ERR_get_error(), NULL));
382 BIO_set_ssl(ssl_bio, ssl, BIO_CLOSE);
383 BIO_push(io, ssl_bio);
386 * Try doing the handshake now
389 if (BIO_do_handshake(io) < 1) {
391 return sm_ierror("Unable to negotiate SSL connection: %s",
392 ERR_error_string(ERR_get_error(), NULL));
396 const SSL_CIPHER *cipher = SSL_get_current_cipher(ssl);
397 printf("SSL negotiation successful: %s(%d) %s\n",
398 SSL_CIPHER_get_name(cipher),
399 SSL_CIPHER_get_bits(cipher, NULL),
400 SSL_CIPHER_get_version(cipher));
407 result = smtalk (SM_HELO, "EHLO %s", client);
415 #else /* TLS_SUPPORT */
417 #endif /* TLS_SUPPORT */
421 * If the user asked for SASL, then check to see if the SMTP server
422 * supports it. Otherwise, error out (because the SMTP server
423 * might have been spoofed; we don't want to just silently not
428 if (! (server_mechs = EHLOset("AUTH"))) {
430 return sm_ierror("SMTP server does not support SASL");
433 if (saslmech && stringdex(saslmech, server_mechs) == -1) {
435 return sm_ierror("Requested SASL mech \"%s\" is not in the "
436 "list of supported mechanisms:\n%s",
437 saslmech, server_mechs);
440 if (sm_auth_sasl(user, saslssf, saslmech ? saslmech : server_mechs,
446 #endif /* CYRUS_SASL */
449 if (watch && EHLOset ("XVRB"))
450 smtalk (SM_HELO, "VERB on");
451 if (queued && EHLOset ("XQUE"))
452 smtalk (SM_HELO, "QUED");
458 sendmail_init (char *client, char *server, int watch, int verbose,
459 int debug, int queued,
460 int sasl, int saslssf, char *saslmech, char *user)
462 unsigned int i, result, vecp;
467 #else /* CYRUS_SASL */
470 NMH_UNUSED (saslssf);
471 NMH_UNUSED (saslmech);
473 #endif /* CYRUS_SASL */
478 sm_verbose = verbose;
480 if (sm_rfp != NULL && sm_wfp != NULL)
483 if (client == NULL || *client == '\0') {
487 client = LocalName(1); /* no clientname -> LocalName */
491 * Last-ditch check just in case client still isn't set to anything
494 if (client == NULL || *client == '\0')
495 client = "localhost";
497 #if defined(CYRUS_SASL) || defined(TLS_SUPPORT)
498 sasl_inbuffer = malloc(SASL_MAXRECVBUF);
500 return sm_ierror("Unable to allocate %d bytes for read buffer",
502 #endif /* CYRUS_SASL || TLS_SUPPORT */
504 if (pipe (pdi) == NOTOK)
505 return sm_ierror ("no pipes");
506 if (pipe (pdo) == NOTOK) {
509 return sm_ierror ("no pipes");
512 for (i = 0; (sm_child = fork ()) == NOTOK && i < 5; i++)
521 return sm_ierror ("unable to fork");
524 if (pdo[0] != fileno (stdin))
525 dup2 (pdo[0], fileno (stdin));
526 if (pdi[1] != fileno (stdout))
527 dup2 (pdi[1], fileno (stdout));
528 if (pdi[1] != fileno (stderr))
529 dup2 (pdi[1], fileno (stderr));
530 for (i = fileno (stderr) + 1; i < NBITS; i++)
534 vec[vecp++] = r1bindex (sendmail, '/');
536 vec[vecp++] = watch ? "-odi" : queued ? "-odq" : "-odb";
537 vec[vecp++] = "-oem";
545 execvp (sendmail, vec);
546 fprintf (stderr, "unable to exec ");
548 _exit (-1); /* NOTREACHED */
551 SIGNAL (SIGALRM, alrmser);
552 SIGNAL (SIGPIPE, SIG_IGN);
556 if ((sm_rfp = fdopen (pdi[0], "r")) == NULL
557 || (sm_wfp = fdopen (pdo[1], "w")) == NULL) {
560 sm_rfp = sm_wfp = NULL;
561 return sm_ierror ("unable to fdopen");
577 result = smtalk (SM_HELO, "EHLO %s", client);
580 if (500 <= result && result <= 599)
581 result = smtalk (SM_HELO, "HELO %s", client);
594 * If the user asked for SASL, then check to see if the SMTP server
595 * supports it. Otherwise, error out (because the SMTP server
596 * might have been spoofed; we don't want to just silently not
601 if (! (server_mechs = EHLOset("AUTH"))) {
603 return sm_ierror("SMTP server does not support SASL");
606 if (saslmech && stringdex(saslmech, server_mechs) == -1) {
608 return sm_ierror("Requested SASL mech \"%s\" is not in the "
609 "list of supported mechanisms:\n%s",
610 saslmech, server_mechs);
613 if (sm_auth_sasl(user, saslssf, saslmech ? saslmech : server_mechs,
619 #endif /* CYRUS_SASL */
622 smtalk (SM_HELO, "VERB on");
629 rclient (char *server, char *service)
632 char response[BUFSIZ];
634 if ((sd = client (server, service, response, sizeof(response),
638 sm_ierror ("%s", response);
643 sm_winit (char *from)
645 switch (smtalk (SM_MAIL, "MAIL FROM:<%s>", from)) {
662 sm_wadr (char *mbox, char *host, char *path)
664 switch (smtalk (SM_RCPT, host && *host ? "RCPT TO:<%s%s@%s>"
666 path ? path : "", mbox, host)) {
676 #endif /* SENDMAILBUG */
701 switch (smtalk (SM_DATA, "DATA")) {
710 #endif /* SENDMAILBUG */
727 sm_wtxt (char *buffer, int len)
733 result = sm_wstream (buffer, len);
736 return (result == NOTOK ? RP_BHST : RP_OK);
743 if (sm_wstream ((char *) NULL, 0) == NOTOK)
746 switch (smtalk (SM_DOT + 3 * sm_addrs, ".")) {
754 #endif /* SENDMAILBUG */
772 if (sm_mts == MTS_SENDMAIL_SMTP) {
783 if (sm_rfp == NULL && sm_wfp == NULL)
788 smtalk (SM_QUIT, "QUIT");
792 sm_note.code = sm_reply.code;
793 sm_note.length = sm_reply.length;
794 memcpy (sm_note.text, sm_reply.text, sm_reply.length + 1);/* fall */
796 if (smtalk (SM_RSET, "RSET") == 250 && type == DONE)
798 if (sm_mts == MTS_SMTP)
799 smtalk (SM_QUIT, "QUIT");
801 kill (sm_child, SIGKILL);
806 sm_reply.code = sm_note.code;
807 sm_reply.length = sm_note.length;
808 memcpy (sm_reply.text, sm_note.text, sm_note.length + 1);
815 BIO_ssl_shutdown(io);
818 #endif /* TLS_SUPPORT */
820 if (sm_rfp != NULL) {
825 if (sm_wfp != NULL) {
831 if (sm_mts == MTS_SMTP) {
836 if (sasl_outbuffer) {
837 free(sasl_outbuffer);
842 #endif /* CYRUS_SASL */
844 status = pidwait (sm_child, OK);
848 sm_rfp = sm_wfp = NULL;
849 return (status ? RP_BHST : RP_OK);
854 * This function implements SASL authentication for SMTP. If this function
855 * completes successfully, then authentication is successful and we've
856 * (optionally) negotiated a security layer.
859 sm_auth_sasl(char *user, int saslssf, char *mechlist, char *inhost)
862 unsigned int buflen, outlen;
863 char *buf, outbuf[BUFSIZ], host[NI_MAXHOST];
864 const char *chosen_mech;
865 sasl_security_properties_t secprops;
870 * Initialize the callback contexts
874 user = getusername();
876 callbacks[SM_SASL_N_CB_USER].context = user;
877 callbacks[SM_SASL_N_CB_AUTHNAME].context = user;
880 * This is a _bit_ of a hack ... but if the hostname wasn't supplied
881 * to us on the command line, then call getpeername and do a
882 * reverse-address lookup on the IP address to get the name.
885 memset(host, 0, sizeof(host));
888 struct sockaddr_storage sin;
889 socklen_t len = sizeof(sin);
892 if (getpeername(fileno(sm_wfp), (struct sockaddr *) &sin, &len) < 0) {
893 sm_ierror("getpeername on SMTP socket failed: %s",
898 result = getnameinfo((struct sockaddr *) &sin, len, host, sizeof(host),
899 NULL, 0, NI_NAMEREQD);
901 sm_ierror("Unable to look up name of connected host: %s",
902 gai_strerror(result));
906 strncpy(host, inhost, sizeof(host) - 1);
909 sasl_pw_context[0] = host;
910 sasl_pw_context[1] = user;
912 callbacks[SM_SASL_N_CB_PASS].context = sasl_pw_context;
914 result = sasl_client_init(callbacks);
916 if (result != SASL_OK) {
917 sm_ierror("SASL library initialization failed: %s",
918 sasl_errstring(result, NULL, NULL));
922 result = sasl_client_new("smtp", host, NULL, NULL, NULL, 0, &conn);
924 if (result != SASL_OK) {
925 sm_ierror("SASL client initialization failed: %s",
926 sasl_errstring(result, NULL, NULL));
931 * Initialize the security properties. But if TLS is active, then
932 * don't negotiate encryption here.
935 memset(&secprops, 0, sizeof(secprops));
936 secprops.maxbufsize = SASL_MAXRECVBUF;
938 tls_active ? 0 : (saslssf != -1 ? (unsigned int) saslssf : UINT_MAX);
940 result = sasl_setprop(conn, SASL_SEC_PROPS, &secprops);
942 if (result != SASL_OK) {
943 sm_ierror("SASL security property initialization failed: %s",
944 sasl_errstring(result, NULL, NULL));
949 * Start the actual protocol. Feed the mech list into the library
950 * and get out a possible initial challenge
953 result = sasl_client_start(conn, mechlist, NULL, (const char **) &buf,
954 &buflen, (const char **) &chosen_mech);
956 if (result != SASL_OK && result != SASL_CONTINUE) {
957 sm_ierror("SASL client start failed: %s", sasl_errdetail(conn));
962 * If we got an initial challenge, send it as part of the AUTH
963 * command; otherwise, just send a plain AUTH command.
967 status = sasl_encode64(buf, buflen, outbuf, sizeof(outbuf), NULL);
968 if (status != SASL_OK) {
969 sm_ierror("SASL base64 encode failed: %s",
970 sasl_errstring(status, NULL, NULL));
974 status = smtalk(SM_AUTH, "AUTH %s %s", chosen_mech, outbuf);
976 status = smtalk(SM_AUTH, "AUTH %s", chosen_mech);
979 * Now we loop until we either fail, get a SASL_OK, or a 235
980 * response code. Receive the challenges and process them until
984 while (result == SASL_CONTINUE) {
987 * If we get a 235 response, that means authentication has
988 * succeeded and we need to break out of the loop (yes, even if
989 * we still get SASL_CONTINUE from sasl_client_step()).
991 * Otherwise, if we get a message that doesn't seem to be a
992 * valid response, then abort
997 else if (status < 300 || status > 399)
1001 * Special case; a zero-length response from the SMTP server
1002 * is returned as a single =. If we get that, then set buflen
1003 * to be zero. Otherwise, just decode the response.
1006 if (strcmp("=", sm_reply.text) == 0) {
1009 result = sasl_decode64(sm_reply.text, sm_reply.length,
1010 outbuf, sizeof(outbuf), &outlen);
1012 if (result != SASL_OK) {
1013 smtalk(SM_AUTH, "*");
1014 sm_ierror("SASL base64 decode failed: %s",
1015 sasl_errstring(result, NULL, NULL));
1020 result = sasl_client_step(conn, outbuf, outlen, NULL,
1021 (const char **) &buf, &buflen);
1023 if (result != SASL_OK && result != SASL_CONTINUE) {
1024 smtalk(SM_AUTH, "*");
1025 sm_ierror("SASL client negotiation failed: %s",
1026 sasl_errstring(result, NULL, NULL));
1030 status = sasl_encode64(buf, buflen, outbuf, sizeof(outbuf), NULL);
1032 if (status != SASL_OK) {
1033 smtalk(SM_AUTH, "*");
1034 sm_ierror("SASL base64 encode failed: %s",
1035 sasl_errstring(status, NULL, NULL));
1039 status = smtalk(SM_AUTH, outbuf);
1043 * Make sure that we got the correct response
1046 if (status < 200 || status > 299)
1050 * We _should_ have completed the authentication successfully.
1051 * Get a few properties from the authentication exchange.
1054 result = sasl_getprop(conn, SASL_MAXOUTBUF, (const void **) &outbufmax);
1056 if (result != SASL_OK) {
1057 sm_ierror("Cannot retrieve SASL negotiated output buffer size: %s",
1058 sasl_errstring(result, NULL, NULL));
1062 maxoutbuf = *outbufmax;
1064 result = sasl_getprop(conn, SASL_SSF, (const void **) &ssf);
1068 if (result != SASL_OK) {
1069 sm_ierror("Cannot retrieve SASL negotiated security strength "
1070 "factor: %s", sasl_errstring(result, NULL, NULL));
1075 sasl_outbuffer = malloc(maxoutbuf);
1077 if (sasl_outbuffer == NULL) {
1078 sm_ierror("Unable to allocate %d bytes for SASL output "
1079 "buffer", maxoutbuf);
1084 sasl_inptr = sasl_inbuffer;
1086 sasl_outbuffer = NULL;
1087 /* Don't NULL out sasl_inbuffer because it could be used in
1097 * Our callback functions to feed data to the SASL library
1101 sm_get_user(void *context, int id, const char **result, unsigned *len)
1103 char *user = (char *) context;
1105 if (! result || ((id != SASL_CB_USER) && (id != SASL_CB_AUTHNAME)))
1106 return SASL_BADPARAM;
1110 *len = strlen(user);
1116 sm_get_pass(sasl_conn_t *conn, void *context, int id,
1117 sasl_secret_t **psecret)
1119 char **pw_context = (char **) context;
1125 if (! psecret || id != SASL_CB_PASS)
1126 return SASL_BADPARAM;
1128 ruserpass(pw_context[0], &(pw_context[1]), &pass);
1132 *psecret = (sasl_secret_t *) malloc(sizeof(sasl_secret_t) + len);
1139 (*psecret)->len = len;
1140 strcpy((char *) (*psecret)->data, pass);
1145 #endif /* CYRUS_SASL */
1148 sm_ierror (char *fmt, ...)
1153 vsnprintf (sm_reply.text, sizeof(sm_reply.text), fmt, ap);
1156 sm_reply.length = strlen (sm_reply.text);
1157 sm_reply.code = NOTOK;
1163 smtalk (int time, char *fmt, ...)
1167 char buffer[BUFSIZ];
1170 vsnprintf (buffer, sizeof(buffer), fmt, ap);
1175 printf("(sasl-encrypted) ");
1177 printf("(tls-encrypted) ");
1178 printf ("=> %s\n", buffer);
1183 alarm ((unsigned) time);
1184 if ((result = sm_wrecord (buffer, strlen (buffer))) != NOTOK)
1193 * write the buffer to the open SMTP channel
1197 sm_wrecord (char *buffer, int len)
1200 return sm_werror ();
1202 sm_fwrite (buffer, len);
1206 return (ferror (sm_wfp) ? sm_werror () : OK);
1211 sm_wstream (char *buffer, int len)
1214 static char lc = '\0';
1217 return sm_werror ();
1219 if (buffer == NULL && len == 0) {
1223 return (ferror (sm_wfp) ? sm_werror () : OK);
1226 for (bp = buffer; len > 0; bp++, len--) {
1235 sm_fputc ('.');/* FALL THROUGH */
1240 if (ferror (sm_wfp))
1241 return sm_werror ();
1246 return (ferror (sm_wfp) ? sm_werror () : OK);
1250 * Write out to the network, but do buffering for SASL (if enabled)
1254 sm_fwrite(char *buffer, int len)
1258 unsigned int outputlen;
1260 if (sasl_complete == 0 || sasl_ssf == 0) {
1261 #endif /* CYRUS_SASL */
1266 ret = BIO_write(io, buffer, len);
1269 sm_ierror("TLS error during write: %s",
1270 ERR_error_string(ERR_get_error(), NULL));
1274 #endif /* TLS_SUPPORT */
1275 fwrite(buffer, sizeof(*buffer), len, sm_wfp);
1278 while (len >= maxoutbuf - sasl_outbuflen) {
1279 memcpy(sasl_outbuffer + sasl_outbuflen, buffer,
1280 maxoutbuf - sasl_outbuflen);
1281 len -= maxoutbuf - sasl_outbuflen;
1284 if (sasl_encode(conn, sasl_outbuffer, maxoutbuf,
1285 &output, &outputlen) != SASL_OK) {
1286 sm_ierror("Unable to SASL encode connection data: %s",
1287 sasl_errdetail(conn));
1291 fwrite(output, sizeof(*output), outputlen, sm_wfp);
1295 memcpy(sasl_outbuffer + sasl_outbuflen, buffer, len);
1296 sasl_outbuflen += len;
1299 #endif /* CYRUS_SASL */
1300 return ferror(sm_wfp) ? NOTOK : RP_OK;
1304 * Convenience functions to replace occurences of fputs() and fputc()
1308 sm_fputs(char *buffer)
1310 return sm_fwrite(buffer, strlen(buffer));
1318 return sm_fwrite(&h, 1);
1322 * Flush out any pending data on the connection
1330 unsigned int outputlen;
1333 if (sasl_complete == 1 && sasl_ssf > 0 && sasl_outbuflen > 0) {
1334 result = sasl_encode(conn, sasl_outbuffer, sasl_outbuflen,
1335 &output, &outputlen);
1336 if (result != SASL_OK) {
1337 sm_ierror("Unable to SASL encode connection data: %s",
1338 sasl_errdetail(conn));
1342 fwrite(output, sizeof(*output), outputlen, sm_wfp);
1345 #endif /* CYRUS_SASL */
1349 (void) BIO_flush(io);
1351 #endif /* TLS_SUPPORT */
1360 strlen (strcpy (sm_reply.text, sm_wfp == NULL ? "no socket opened"
1361 : sm_alarmed ? "write to socket timed out"
1362 : "error writing to socket"));
1364 return (sm_reply.code = NOTOK);
1371 int i, code, cont, bc = 0, rc, more;
1374 char **ehlo = NULL, buffer[BUFSIZ];
1377 static int at_least_once = 0;
1379 if (at_least_once) {
1382 for (ehlo = EHLOkeys; *ehlo; ehlo++) {
1396 sm_reply.length = 0;
1397 sm_reply.text[0] = 0;
1399 rc = sizeof(sm_reply.text) - 1;
1401 for (more = FALSE; sm_rrecord ((char *) (bp = (unsigned char *) buffer),
1405 printf("(sasl-decrypted) ");
1407 printf("(tls-decrypted) ");
1408 printf ("<= %s\n", buffer);
1413 && strncmp (buffer, "250", sizeof("250") - 1) == 0
1414 && (buffer[3] == '-' || doingEHLO == 2)
1416 if (doingEHLO == 2) {
1417 if ((*ehlo = malloc ((size_t) (strlen (buffer + 4) + 1)))) {
1418 strcpy (*ehlo++, buffer + 4);
1420 if (ehlo >= EHLOkeys + MAXEHLO)
1430 for (; bc > 0 && (!isascii (*bp) || !isdigit (*bp)); bp++, bc--)
1434 code = atoi ((char *) bp);
1436 for (; bc > 0 && isspace (*bp); bp++, bc--)
1438 if (bc > 0 && *bp == '-') {
1441 for (; bc > 0 && isspace (*bp); bp++, bc--)
1446 if (code != sm_reply.code || cont)
1450 sm_reply.code = code;
1453 /* can never fail to 0-terminate because of size of buffer vs fixed string */
1454 strncpy (buffer, sm_noreply, sizeof(buffer));
1455 bp = (unsigned char *) buffer;
1456 bc = strlen (sm_noreply);
1460 if ((i = min (bc, rc)) > 0) {
1464 i = strlen(sm_moreply);
1465 if (more && rc > i + 1) {
1466 memcpy (rp, sm_moreply, i); /* safe because of check in if() */
1473 if (sm_reply.code < 100) {
1475 printf ("%s\n", sm_reply.text);
1481 sm_reply.length = rp - sm_reply.text;
1482 sm_reply.text[sm_reply.length] = 0;
1483 return sm_reply.code;
1490 sm_rrecord (char *buffer, int *len)
1495 return sm_rerror(0);
1497 buffer[*len = 0] = 0;
1499 if ((retval = sm_fgets (buffer, BUFSIZ, sm_rfp)) != RP_OK)
1500 return sm_rerror (retval);
1501 *len = strlen (buffer);
1502 /* *len should be >0 except on EOF, but check for safety's sake */
1504 return sm_rerror (RP_EOF);
1505 if (buffer[*len - 1] != '\n')
1506 while ((retval = sm_fgetc (sm_rfp)) != '\n' && retval != EOF &&
1510 if ((*len > 1) && (buffer[*len - 2] == '\r'))
1519 * Our version of fgets, which calls our private fgetc function
1523 sm_fgets(char *buffer, int size, FILE *f)
1537 } while (size > 1 && c != '\n');
1545 #if defined(CYRUS_SASL) || defined(TLS_SUPPORT)
1547 * Read from the network, but do SASL or TLS encryption
1553 char tmpbuf[BUFSIZ], *retbuf;
1554 unsigned int retbufsize = 0;
1558 * If we have leftover data, return it
1561 if (sasl_inbuflen) {
1563 return (int) *sasl_inptr++;
1567 * If not, read from the network until we have some data to return
1570 while (retbufsize == 0) {
1574 cc = SSL_read(ssl, tmpbuf, sizeof(tmpbuf));
1577 result = SSL_get_error(ssl, cc);
1579 if (result != SSL_ERROR_ZERO_RETURN) {
1580 sm_ierror("TLS peer aborted connection");
1587 sm_ierror("SSL_read failed: %s",
1588 ERR_error_string(ERR_get_error(), NULL));
1592 #endif /* TLS_SUPPORT */
1594 cc = read(fileno(f), tmpbuf, sizeof(tmpbuf));
1600 sm_ierror("Unable to read from network: %s", strerror(errno));
1605 * Don't call sasl_decode unless sasl is complete and we have
1606 * encryption working
1610 if (sasl_complete == 0 || sasl_ssf == 0) {
1614 result = sasl_decode(conn, tmpbuf, cc, (const char **) &retbuf,
1617 if (result != SASL_OK) {
1618 sm_ierror("Unable to decode SASL network data: %s",
1619 sasl_errdetail(conn));
1623 #else /* ! CYRUS_SASL */
1626 #endif /* CYRUS_SASL */
1629 if (retbufsize > SASL_MAXRECVBUF) {
1630 sm_ierror("Received data (%d bytes) is larger than the buffer "
1631 "size (%d bytes)", retbufsize, SASL_MAXRECVBUF);
1635 memcpy(sasl_inbuffer, retbuf, retbufsize);
1636 sasl_inptr = sasl_inbuffer + 1;
1637 sasl_inbuflen = retbufsize - 1;
1639 return (int) sasl_inbuffer[0];
1641 #endif /* CYRUS_SASL || TLS_SUPPORT */
1646 if (sm_mts == MTS_SMTP)
1648 strlen (strcpy (sm_reply.text, sm_rfp == NULL ? "no socket opened"
1649 : sm_alarmed ? "read from socket timed out"
1650 : rc == RP_EOF ? "premature end-of-file on socket"
1651 : "error reading from socket"));
1654 strlen (strcpy (sm_reply.text, sm_rfp == NULL ? "no pipe opened"
1655 : sm_alarmed ? "read from pipe timed out"
1656 : rc == RP_EOF ? "premature end-of-file on pipe"
1657 : "error reading from pipe"));
1659 return (sm_reply.code = NOTOK);
1668 #ifndef RELIABLE_SIGNALS
1669 SIGNAL (SIGALRM, alrmser);
1674 printf ("timed out...\n");
1681 rp_string (int code)
1684 static char buffer[BUFSIZ];
1686 switch (sm_reply.code != NOTOK ? code : NOTOK) {
1706 snprintf (buffer, sizeof(buffer), "[%s] %s", text, sm_reply.text);
1726 snprintf (buffer, sizeof(buffer), "[%s] %3d %s",
1727 text, sm_reply.code, sm_reply.text);
1739 for (ehlo = EHLOkeys; *ehlo; ehlo++) {
1741 if (strncmp (ep, s, len) == 0) {
1742 for (ep += len; *ep == ' '; ep++)