summaryrefslogtreecommitdiffstats
path: root/src/tlsproxy/tlsproxy_state.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/tlsproxy/tlsproxy_state.c')
-rw-r--r--src/tlsproxy/tlsproxy_state.c169
1 files changed, 169 insertions, 0 deletions
diff --git a/src/tlsproxy/tlsproxy_state.c b/src/tlsproxy/tlsproxy_state.c
new file mode 100644
index 0000000..df6cbda
--- /dev/null
+++ b/src/tlsproxy/tlsproxy_state.c
@@ -0,0 +1,169 @@
+/*++
+/* NAME
+/* tlsproxy_state 3
+/* SUMMARY
+/* Postfix SMTP server
+/* SYNOPSIS
+/* #include <tlsproxy.h>
+/*
+/* TLSP_STATE *tlsp_state_create(service, plaintext_stream)
+/* const char *service;
+/* VSTREAM *plaintext_stream;
+/*
+/* void tlsp_state_free(state)
+/* TLSP_STATE *state;
+/* DESCRIPTION
+/* This module provides TLSP_STATE constructor and destructor
+/* routines.
+/*
+/* tlsp_state_create() initializes session context.
+/*
+/* tlsp_state_free() destroys session context. If the handshake
+/* was in progress, it logs a 'handshake failed' message.
+/*
+/* Arguments:
+/* .IP service
+/* The service name for the TLS library. This argument is copied.
+/* The destructor will automatically destroy the string.
+/* .IP plaintext_stream
+/* The VSTREAM between postscreen(8) and tlsproxy(8).
+/* The destructor will automatically close the stream.
+/* .PP
+/* Other structure members are set by the application. The
+/* text below describes how the TLSP_STATE destructor
+/* disposes of them.
+/* .IP plaintext_buf
+/* NBBIO for plaintext I/O.
+/* The destructor will automatically turn off read/write/timeout
+/* events and destroy the NBBIO.
+/* .IP ciphertext_fd
+/* The file handle for the remote SMTP client socket.
+/* The destructor will automatically turn off read/write events
+/* and close the file handle.
+/* .IP ciphertext_timer
+/* The destructor will automatically turn off this time event.
+/* .IP timeout
+/* Time limit for plaintext and ciphertext I/O.
+/* .IP remote_endpt
+/* Printable remote endpoint name.
+/* The destructor will automatically destroy the string.
+/* .IP server_id
+/* TLS session cache identifier.
+/* The destructor will automatically destroy the string.
+/* DIAGNOSTICS
+/* All errors are fatal.
+/* LICENSE
+/* .ad
+/* .fi
+/* The Secure Mailer license must be distributed with this software.
+/* AUTHOR(S)
+/* Wietse Venema
+/* IBM T.J. Watson Research
+/* P.O. Box 704
+/* Yorktown Heights, NY 10598, USA
+/*
+/* Wietse Venema
+/* Google, Inc.
+/* 111 8th Avenue
+/* New York, NY 10011, USA
+/*--*/
+
+ /*
+ * System library.
+ */
+#include <sys_defs.h>
+
+ /*
+ * Utility library.
+ */
+#include <msg.h>
+#include <mymalloc.h>
+#include <nbbio.h>
+
+ /*
+ * Master library.
+ */
+#include <mail_server.h>
+
+ /*
+ * TLS library.
+ */
+#ifdef USE_TLS
+#define TLS_INTERNAL /* XXX */
+#include <tls.h>
+#include <tls_proxy.h>
+
+ /*
+ * Application-specific.
+ */
+#include <tlsproxy.h>
+
+/* tlsp_state_create - create TLS proxy state object */
+
+TLSP_STATE *tlsp_state_create(const char *service,
+ VSTREAM *plaintext_stream)
+{
+ TLSP_STATE *state = (TLSP_STATE *) mymalloc(sizeof(*state));
+
+ state->flags = TLSP_FLAG_DO_HANDSHAKE;
+ state->service = mystrdup(service);
+ state->plaintext_stream = plaintext_stream;
+ state->plaintext_buf = 0;
+ state->ciphertext_fd = -1;
+ state->ciphertext_timer = 0;
+ state->timeout = -1;
+ state->remote_endpt = 0;
+ state->server_id = 0;
+ state->tls_context = 0;
+ state->tls_params = 0;
+ state->server_init_props = 0;
+ state->server_start_props = 0;
+ state->client_init_props = 0;
+ state->client_start_props = 0;
+
+ return (state);
+}
+
+/* tlsp_state_free - destroy state objects, connection and events */
+
+void tlsp_state_free(TLSP_STATE *state)
+{
+ /* Don't log failure after plaintext EOF. */
+ if (state->remote_endpt && state->server_id
+ && (state->flags & TLSP_FLAG_DO_HANDSHAKE))
+ msg_info("TLS handshake failed for service=%s peer=%s",
+ state->server_id, state->remote_endpt);
+ myfree(state->service);
+ if (state->plaintext_buf) /* turns off plaintext events */
+ nbbio_free(state->plaintext_buf);
+ else
+ event_disable_readwrite(vstream_fileno(state->plaintext_stream));
+ event_server_disconnect(state->plaintext_stream);
+ if (state->ciphertext_fd >= 0) {
+ event_disable_readwrite(state->ciphertext_fd);
+ (void) close(state->ciphertext_fd);
+ }
+ if (state->ciphertext_timer)
+ event_cancel_timer(state->ciphertext_timer, (void *) state);
+ if (state->remote_endpt) {
+ msg_info("DISCONNECT %s", state->remote_endpt);
+ myfree(state->remote_endpt);
+ }
+ if (state->server_id)
+ myfree(state->server_id);
+ if (state->tls_context)
+ tls_free_context(state->tls_context);
+ if (state->tls_params)
+ tls_proxy_client_param_free(state->tls_params);
+ if (state->server_init_props)
+ tls_proxy_server_init_free(state->server_init_props);
+ if (state->server_start_props)
+ tls_proxy_server_start_free(state->server_start_props);
+ if (state->client_init_props)
+ tls_proxy_client_init_free(state->client_init_props);
+ if (state->client_start_props)
+ tls_proxy_client_start_free(state->client_start_props);
+ myfree((void *) state);
+}
+
+#endif