#define SM_DOT 600 /* see above */
#define SM_QUIT 30
#define SM_CLOS 10
+#ifdef CYRUS_SASL
#define SM_AUTH 45
+#endif /* CYRUS_SASL */
static int sm_addrs = 0;
static int sm_alarmed = 0;
static SSL *ssl = NULL;
static BIO *sbior = NULL;
static BIO *sbiow = NULL;
+static BIO *io = NULL;
#endif /* TLS_SUPPORT */
#if defined(CYRUS_SASL) || defined(TLS_SUPPORT)
static int smhear (void);
static int sm_rrecord (char *, int *);
static int sm_rerror (int);
-static RETSIGTYPE alrmser (int);
+static void alrmser (int);
static char *EHLOset (char *);
static int sm_fwrite(char *, int);
static int sm_fputs(char *);
* Function prototypes needed for SASL
*/
-static int sm_auth_sasl(char *, char *, char *);
+static int sm_auth_sasl(char *, int, char *, char *);
#endif /* CYRUS_SASL */
int
sm_init (char *client, char *server, char *port, int watch, int verbose,
- int debug, int onex, int queued, int sasl, char *saslmech,
- char *user, int tls)
+ int debug, int queued, int sasl, int saslssf,
+ char *saslmech, char *user, int tls)
{
if (sm_mts == MTS_SMTP)
return smtp_init (client, server, port, watch, verbose,
- debug, onex, queued, sasl, saslmech, user, tls);
+ debug, queued, sasl, saslssf, saslmech,
+ user, tls);
else
return sendmail_init (client, server, watch, verbose,
- debug, onex, queued, sasl, saslmech, user);
+ debug, queued, sasl, saslssf, saslmech,
+ user);
}
static int
smtp_init (char *client, char *server, char *port, int watch, int verbose,
- int debug, int onex, int queued,
- int sasl, char *saslmech, char *user, int tls)
+ int debug, int queued,
+ int sasl, int saslssf, char *saslmech, char *user, int tls)
{
+ int result, sd1, sd2;
#ifdef CYRUS_SASL
char *server_mechs;
+#else /* CYRUS_SASL */
+ NMH_UNUSED (sasl);
+ NMH_UNUSED (saslssf);
+ NMH_UNUSED (saslmech);
+ NMH_UNUSED (user);
#endif /* CYRUS_SASL */
- int result, sd1, sd2;
if (watch)
verbose = TRUE;
if (clientname) {
client = clientname;
} else {
- client = LocalName(); /* no clientname -> LocalName */
+ client = LocalName(1); /* no clientname -> LocalName */
}
}
*/
if (tls) {
+ BIO *ssl_bio;
+
if (! EHLOset("STARTTLS")) {
sm_end(NOTOK);
return sm_ierror("SMTP server does not support TLS");
*/
if (! sslctx) {
- SSL_METHOD *method;
+ const SSL_METHOD *method;
SSL_library_init();
SSL_load_error_strings();
}
SSL_set_bio(ssl, sbior, sbiow);
+ SSL_set_connect_state(ssl);
+
+ /*
+ * Set up a BIO to handle buffering for us
+ */
+
+ io = BIO_new(BIO_f_buffer());
- if (SSL_connect(ssl) < 1) {
+ if (! io) {
+ sm_end(NOTOK);
+ return sm_ierror("Unable to create a buffer BIO: %s",
+ ERR_error_string(ERR_get_error(), NULL));
+ }
+
+ ssl_bio = BIO_new(BIO_f_ssl());
+
+ if (! ssl_bio) {
+ sm_end(NOTOK);
+ return sm_ierror("Unable to create a SSL BIO: %s",
+ ERR_error_string(ERR_get_error(), NULL));
+ }
+
+ BIO_set_ssl(ssl_bio, ssl, BIO_CLOSE);
+ BIO_push(io, ssl_bio);
+
+ /*
+ * Try doing the handshake now
+ */
+
+ if (BIO_do_handshake(io) < 1) {
sm_end(NOTOK);
return sm_ierror("Unable to negotiate SSL connection: %s",
ERR_error_string(ERR_get_error(), NULL));
}
if (sm_debug) {
- SSL_CIPHER *cipher = SSL_get_current_cipher(ssl);
+ const SSL_CIPHER *cipher = SSL_get_current_cipher(ssl);
printf("SSL negotiation successful: %s(%d) %s\n",
SSL_CIPHER_get_name(cipher),
SSL_CIPHER_get_bits(cipher, NULL),
return RP_RPLY;
}
}
+#else /* TLS_SUPPORT */
+ NMH_UNUSED (tls);
#endif /* TLS_SUPPORT */
#ifdef CYRUS_SASL
saslmech, server_mechs);
}
- if (sm_auth_sasl(user, saslmech ? saslmech : server_mechs,
+ if (sm_auth_sasl(user, saslssf, saslmech ? saslmech : server_mechs,
server) != RP_OK) {
sm_end(NOTOK);
return NOTOK;
send_options: ;
if (watch && EHLOset ("XVRB"))
smtalk (SM_HELO, "VERB on");
- if (onex && EHLOset ("XONE"))
- smtalk (SM_HELO, "ONEX");
if (queued && EHLOset ("XQUE"))
smtalk (SM_HELO, "QUED");
int
sendmail_init (char *client, char *server, int watch, int verbose,
- int debug, int onex, int queued,
- int sasl, char *saslmech, char *user)
+ int debug, int queued,
+ int sasl, int saslssf, char *saslmech, char *user)
{
+ unsigned int i, result, vecp;
+ int pdi[2], pdo[2];
+ char *vec[15];
#ifdef CYRUS_SASL
char *server_mechs;
+#else /* CYRUS_SASL */
+ NMH_UNUSED (server);
+ NMH_UNUSED (sasl);
+ NMH_UNUSED (saslssf);
+ NMH_UNUSED (saslmech);
+ NMH_UNUSED (user);
#endif /* CYRUS_SASL */
- int i, result, vecp;
- int pdi[2], pdo[2];
- char *vec[15];
if (watch)
verbose = TRUE;
if (clientname)
client = clientname;
else
- client = LocalName(); /* no clientname -> LocalName */
+ client = LocalName(1); /* no clientname -> LocalName */
}
/*
vec[vecp++] = watch ? "-odi" : queued ? "-odq" : "-odb";
vec[vecp++] = "-oem";
vec[vecp++] = "-om";
-# ifndef RAND
if (verbose)
vec[vecp++] = "-ov";
-# endif /* not RAND */
vec[vecp++] = NULL;
setgid (getegid ());
saslmech, server_mechs);
}
- if (sm_auth_sasl(user, saslmech ? saslmech : server_mechs,
+ if (sm_auth_sasl(user, saslssf, saslmech ? saslmech : server_mechs,
server) != RP_OK) {
sm_end(NOTOK);
return NOTOK;
}
#endif /* CYRUS_SASL */
- if (onex)
- smtalk (SM_HELO, "ONEX");
if (watch)
smtalk (SM_HELO, "VERB on");
}
int
-sm_winit (int mode, char *from)
+sm_winit (char *from)
{
- char *smtpcom = NULL;
-
- switch (mode) {
- case S_MAIL:
- smtpcom = "MAIL";
- break;
-
- case S_SEND:
- smtpcom = "SEND";
- break;
-
- case S_SOML:
- smtpcom = "SOML";
- break;
-
- case S_SAML:
- smtpcom = "SAML";
- break;
-
- default:
- /* Hopefully, we do not get here. */
- break;
- }
-
- switch (smtalk (SM_MAIL, "%s FROM:<%s>", smtpcom, from)) {
+ switch (smtalk (SM_MAIL, "MAIL FROM:<%s>", from)) {
case 250:
sm_addrs = 0;
return RP_OK;
int status;
struct smtp sm_note;
- if (sm_mts == MTS_SENDMAIL) {
+ if (sm_mts == MTS_SENDMAIL_SMTP) {
switch (sm_child) {
case NOTOK:
case OK:
#ifdef TLS_SUPPORT
if (tls_active) {
- SSL_shutdown(ssl);
- SSL_free(ssl);
+ BIO_ssl_shutdown(io);
+ BIO_free_all(io);
}
#endif /* TLS_SUPPORT */
* (optionally) negotiated a security layer.
*/
static int
-sm_auth_sasl(char *user, char *mechlist, char *inhost)
+sm_auth_sasl(char *user, int saslssf, char *mechlist, char *inhost)
{
int result, status;
unsigned int buflen, outlen;
memset(&secprops, 0, sizeof(secprops));
secprops.maxbufsize = SASL_MAXRECVBUF;
- secprops.max_ssf = tls_active ? 0 : UINT_MAX;
+ secprops.max_ssf =
+ tls_active ? 0 : (saslssf != -1 ? (unsigned int) saslssf : UINT_MAX);
result = sasl_setprop(conn, SASL_SEC_PROPS, &secprops);
char *pass = NULL;
int len;
+ NMH_UNUSED (conn);
+
if (! psecret || id != SASL_CB_PASS)
return SASL_BADPARAM;
if (tls_active) {
int ret;
- ret = SSL_write(ssl, buffer, len);
+ ret = BIO_write(io, buffer, len);
- if (SSL_get_error(ssl, ret) != SSL_ERROR_NONE) {
+ if (ret <= 0) {
sm_ierror("TLS error during write: %s",
ERR_error_string(ERR_get_error(), NULL));
return NOTOK;
}
#endif /* CYRUS_SASL */
+#ifdef TLS_SUPPORT
+ if (tls_active) {
+ (void) BIO_flush(io);
+ }
+#endif /* TLS_SUPPORT */
+
fflush(sm_wfp);
}
buffer[*len = 0] = 0;
if ((retval = sm_fgets (buffer, BUFSIZ, sm_rfp)) != RP_OK)
- return retval;
+ return sm_rerror (retval);
*len = strlen (buffer);
/* *len should be >0 except on EOF, but check for safety's sake */
if (*len == 0)
}
-static RETSIGTYPE
+static void
alrmser (int i)
{
+ NMH_UNUSED (i);
+
#ifndef RELIABLE_SIGNALS
SIGNAL (SIGALRM, alrmser);
#endif