diff options
author | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-28 09:51:24 +0000 |
---|---|---|
committer | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-28 09:51:24 +0000 |
commit | f7548d6d28c313cf80e6f3ef89aed16a19815df1 (patch) | |
tree | a3f6f2a3f247293bee59ecd28e8cd8ceb6ca064a /src/submission | |
parent | Initial commit. (diff) | |
download | dovecot-upstream.tar.xz dovecot-upstream.zip |
Adding upstream version 1:2.3.19.1+dfsg1.upstream/1%2.3.19.1+dfsg1upstream
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to '')
26 files changed, 7717 insertions, 0 deletions
diff --git a/src/submission-login/Makefile.am b/src/submission-login/Makefile.am new file mode 100644 index 0000000..2385faf --- /dev/null +++ b/src/submission-login/Makefile.am @@ -0,0 +1,32 @@ +pkglibexecdir = $(libexecdir)/dovecot + +pkglibexec_PROGRAMS = submission-login + +AM_CPPFLAGS = \ + -I$(top_srcdir)/src/lib \ + -I$(top_srcdir)/src/lib-settings \ + -I$(top_srcdir)/src/lib-sasl \ + -I$(top_srcdir)/src/lib-auth \ + -I$(top_srcdir)/src/lib-master \ + -I$(top_srcdir)/src/lib-smtp \ + -I$(top_srcdir)/src/login-common + +submission_login_LDADD = \ + $(LIBDOVECOT_LOGIN) \ + $(LIBDOVECOT) \ + $(SSL_LIBS) +submission_login_DEPENDENCIES = \ + $(LIBDOVECOT_LOGIN) \ + $(LIBDOVECOT_DEPS) + +submission_login_SOURCES = \ + client.c \ + client-authenticate.c \ + submission-login-settings.c \ + submission-proxy.c + +noinst_HEADERS = \ + client.h \ + client-authenticate.h \ + submission-login-settings.h \ + submission-proxy.h diff --git a/src/submission-login/Makefile.in b/src/submission-login/Makefile.in new file mode 100644 index 0000000..3b33b87 --- /dev/null +++ b/src/submission-login/Makefile.in @@ -0,0 +1,830 @@ +# Makefile.in generated by automake 1.16.1 from Makefile.am. +# @configure_input@ + +# Copyright (C) 1994-2018 Free Software Foundation, Inc. + +# This Makefile.in is free software; the Free Software Foundation +# gives unlimited permission to copy and/or distribute it, +# with or without modifications, as long as this notice is preserved. + +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY, to the extent permitted by law; without +# even the implied warranty of MERCHANTABILITY or FITNESS FOR A +# PARTICULAR PURPOSE. + +@SET_MAKE@ + + +VPATH = @srcdir@ +am__is_gnu_make = { \ + if test -z '$(MAKELEVEL)'; then \ + false; \ + elif test -n '$(MAKE_HOST)'; then \ + true; \ + elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ + true; \ + else \ + false; \ + fi; \ +} +am__make_running_with_option = \ + case $${target_option-} in \ + ?) ;; \ + *) echo "am__make_running_with_option: internal error: invalid" \ + "target option '$${target_option-}' specified" >&2; \ + exit 1;; \ + esac; \ + has_opt=no; \ + sane_makeflags=$$MAKEFLAGS; \ + if $(am__is_gnu_make); then \ + sane_makeflags=$$MFLAGS; \ + else \ + case $$MAKEFLAGS in \ + *\\[\ \ ]*) \ + bs=\\; \ + sane_makeflags=`printf '%s\n' "$$MAKEFLAGS" \ + | sed "s/$$bs$$bs[$$bs $$bs ]*//g"`;; \ + esac; \ + fi; \ + skip_next=no; \ + strip_trailopt () \ + { \ + flg=`printf '%s\n' "$$flg" | sed "s/$$1.*$$//"`; \ + }; \ + for flg in $$sane_makeflags; do \ + test $$skip_next = yes && { skip_next=no; continue; }; \ + case $$flg in \ + *=*|--*) continue;; \ + -*I) strip_trailopt 'I'; skip_next=yes;; \ + -*I?*) strip_trailopt 'I';; \ + -*O) strip_trailopt 'O'; skip_next=yes;; \ + -*O?*) strip_trailopt 'O';; \ + -*l) strip_trailopt 'l'; skip_next=yes;; \ + -*l?*) strip_trailopt 'l';; \ + -[dEDm]) skip_next=yes;; \ + -[JT]) skip_next=yes;; \ + esac; \ + case $$flg in \ + *$$target_option*) has_opt=yes; break;; \ + esac; \ + done; \ + test $$has_opt = yes +am__make_dryrun = (target_option=n; $(am__make_running_with_option)) +am__make_keepgoing = (target_option=k; $(am__make_running_with_option)) +pkgdatadir = $(datadir)/@PACKAGE@ +pkgincludedir = $(includedir)/@PACKAGE@ +pkglibdir = $(libdir)/@PACKAGE@ +am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd +install_sh_DATA = $(install_sh) -c -m 644 +install_sh_PROGRAM = $(install_sh) -c +install_sh_SCRIPT = $(install_sh) -c +INSTALL_HEADER = $(INSTALL_DATA) +transform = $(program_transform_name) +NORMAL_INSTALL = : +PRE_INSTALL = : +POST_INSTALL = : +NORMAL_UNINSTALL = : +PRE_UNINSTALL = : +POST_UNINSTALL = : +build_triplet = @build@ +host_triplet = @host@ +pkglibexec_PROGRAMS = submission-login$(EXEEXT) +subdir = src/submission-login +ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 +am__aclocal_m4_deps = $(top_srcdir)/m4/ac_checktype2.m4 \ + $(top_srcdir)/m4/ac_typeof.m4 $(top_srcdir)/m4/arc4random.m4 \ + $(top_srcdir)/m4/blockdev.m4 $(top_srcdir)/m4/c99_vsnprintf.m4 \ + $(top_srcdir)/m4/clock_gettime.m4 $(top_srcdir)/m4/crypt.m4 \ + $(top_srcdir)/m4/crypt_xpg6.m4 $(top_srcdir)/m4/dbqlk.m4 \ + $(top_srcdir)/m4/dirent_dtype.m4 $(top_srcdir)/m4/dovecot.m4 \ + $(top_srcdir)/m4/fd_passing.m4 $(top_srcdir)/m4/fdatasync.m4 \ + $(top_srcdir)/m4/flexible_array_member.m4 \ + $(top_srcdir)/m4/glibc.m4 $(top_srcdir)/m4/gmtime_max.m4 \ + $(top_srcdir)/m4/gmtime_tm_gmtoff.m4 \ + $(top_srcdir)/m4/ioloop.m4 $(top_srcdir)/m4/iovec.m4 \ + $(top_srcdir)/m4/ipv6.m4 $(top_srcdir)/m4/libcap.m4 \ + $(top_srcdir)/m4/libtool.m4 $(top_srcdir)/m4/libwrap.m4 \ + $(top_srcdir)/m4/linux_mremap.m4 $(top_srcdir)/m4/ltoptions.m4 \ + $(top_srcdir)/m4/ltsugar.m4 $(top_srcdir)/m4/ltversion.m4 \ + $(top_srcdir)/m4/lt~obsolete.m4 $(top_srcdir)/m4/mmap_write.m4 \ + $(top_srcdir)/m4/mntctl.m4 $(top_srcdir)/m4/modules.m4 \ + $(top_srcdir)/m4/notify.m4 $(top_srcdir)/m4/nsl.m4 \ + $(top_srcdir)/m4/off_t_max.m4 $(top_srcdir)/m4/pkg.m4 \ + $(top_srcdir)/m4/pr_set_dumpable.m4 \ + $(top_srcdir)/m4/q_quotactl.m4 $(top_srcdir)/m4/quota.m4 \ + $(top_srcdir)/m4/random.m4 $(top_srcdir)/m4/rlimit.m4 \ + $(top_srcdir)/m4/sendfile.m4 $(top_srcdir)/m4/size_t_signed.m4 \ + $(top_srcdir)/m4/sockpeercred.m4 $(top_srcdir)/m4/sql.m4 \ + $(top_srcdir)/m4/ssl.m4 $(top_srcdir)/m4/st_tim.m4 \ + $(top_srcdir)/m4/static_array.m4 $(top_srcdir)/m4/test_with.m4 \ + $(top_srcdir)/m4/time_t.m4 $(top_srcdir)/m4/typeof.m4 \ + $(top_srcdir)/m4/typeof_dev_t.m4 \ + $(top_srcdir)/m4/uoff_t_max.m4 $(top_srcdir)/m4/vararg.m4 \ + $(top_srcdir)/m4/want_apparmor.m4 \ + $(top_srcdir)/m4/want_bsdauth.m4 \ + $(top_srcdir)/m4/want_bzlib.m4 \ + $(top_srcdir)/m4/want_cassandra.m4 \ + $(top_srcdir)/m4/want_cdb.m4 \ + $(top_srcdir)/m4/want_checkpassword.m4 \ + $(top_srcdir)/m4/want_clucene.m4 $(top_srcdir)/m4/want_db.m4 \ + $(top_srcdir)/m4/want_gssapi.m4 $(top_srcdir)/m4/want_icu.m4 \ + $(top_srcdir)/m4/want_ldap.m4 $(top_srcdir)/m4/want_lua.m4 \ + $(top_srcdir)/m4/want_lz4.m4 $(top_srcdir)/m4/want_lzma.m4 \ + $(top_srcdir)/m4/want_mysql.m4 $(top_srcdir)/m4/want_pam.m4 \ + $(top_srcdir)/m4/want_passwd.m4 $(top_srcdir)/m4/want_pgsql.m4 \ + $(top_srcdir)/m4/want_prefetch.m4 \ + $(top_srcdir)/m4/want_shadow.m4 \ + $(top_srcdir)/m4/want_sodium.m4 $(top_srcdir)/m4/want_solr.m4 \ + $(top_srcdir)/m4/want_sqlite.m4 \ + $(top_srcdir)/m4/want_stemmer.m4 \ + $(top_srcdir)/m4/want_systemd.m4 \ + $(top_srcdir)/m4/want_textcat.m4 \ + $(top_srcdir)/m4/want_unwind.m4 $(top_srcdir)/m4/want_zlib.m4 \ + $(top_srcdir)/m4/want_zstd.m4 $(top_srcdir)/configure.ac +am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ + $(ACLOCAL_M4) +DIST_COMMON = $(srcdir)/Makefile.am $(noinst_HEADERS) \ + $(am__DIST_COMMON) +mkinstalldirs = $(install_sh) -d +CONFIG_HEADER = $(top_builddir)/config.h +CONFIG_CLEAN_FILES = +CONFIG_CLEAN_VPATH_FILES = +am__installdirs = "$(DESTDIR)$(pkglibexecdir)" +PROGRAMS = $(pkglibexec_PROGRAMS) +am_submission_login_OBJECTS = client.$(OBJEXT) \ + client-authenticate.$(OBJEXT) \ + submission-login-settings.$(OBJEXT) submission-proxy.$(OBJEXT) +submission_login_OBJECTS = $(am_submission_login_OBJECTS) +am__DEPENDENCIES_1 = +AM_V_lt = $(am__v_lt_@AM_V@) +am__v_lt_ = $(am__v_lt_@AM_DEFAULT_V@) +am__v_lt_0 = --silent +am__v_lt_1 = +AM_V_P = $(am__v_P_@AM_V@) +am__v_P_ = $(am__v_P_@AM_DEFAULT_V@) +am__v_P_0 = false +am__v_P_1 = : +AM_V_GEN = $(am__v_GEN_@AM_V@) +am__v_GEN_ = $(am__v_GEN_@AM_DEFAULT_V@) +am__v_GEN_0 = @echo " GEN " $@; +am__v_GEN_1 = +AM_V_at = $(am__v_at_@AM_V@) +am__v_at_ = $(am__v_at_@AM_DEFAULT_V@) +am__v_at_0 = @ +am__v_at_1 = +DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir) +depcomp = $(SHELL) $(top_srcdir)/depcomp +am__maybe_remake_depfiles = depfiles +am__depfiles_remade = ./$(DEPDIR)/client-authenticate.Po \ + ./$(DEPDIR)/client.Po ./$(DEPDIR)/submission-login-settings.Po \ + ./$(DEPDIR)/submission-proxy.Po +am__mv = mv -f +COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ + $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) +LTCOMPILE = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ + $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) \ + $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) \ + $(AM_CFLAGS) $(CFLAGS) +AM_V_CC = $(am__v_CC_@AM_V@) +am__v_CC_ = $(am__v_CC_@AM_DEFAULT_V@) +am__v_CC_0 = @echo " CC " $@; +am__v_CC_1 = +CCLD = $(CC) +LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ + $(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \ + $(AM_LDFLAGS) $(LDFLAGS) -o $@ +AM_V_CCLD = $(am__v_CCLD_@AM_V@) +am__v_CCLD_ = $(am__v_CCLD_@AM_DEFAULT_V@) +am__v_CCLD_0 = @echo " CCLD " $@; +am__v_CCLD_1 = +SOURCES = $(submission_login_SOURCES) +DIST_SOURCES = $(submission_login_SOURCES) +am__can_run_installinfo = \ + case $$AM_UPDATE_INFO_DIR in \ + n|no|NO) false;; \ + *) (install-info --version) >/dev/null 2>&1;; \ + esac +HEADERS = $(noinst_HEADERS) +am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP) +# Read a list of newline-separated strings from the standard input, +# and print each of them once, without duplicates. Input order is +# *not* preserved. +am__uniquify_input = $(AWK) '\ + BEGIN { nonempty = 0; } \ + { items[$$0] = 1; nonempty = 1; } \ + END { if (nonempty) { for (i in items) print i; }; } \ +' +# Make sure the list of sources is unique. This is necessary because, +# e.g., the same source file might be shared among _SOURCES variables +# for different programs/libraries. +am__define_uniq_tagged_files = \ + list='$(am__tagged_files)'; \ + unique=`for i in $$list; do \ + if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ + done | $(am__uniquify_input)` +ETAGS = etags +CTAGS = ctags +am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp +DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) +pkglibexecdir = $(libexecdir)/dovecot +ACLOCAL = @ACLOCAL@ +ACLOCAL_AMFLAGS = @ACLOCAL_AMFLAGS@ +AMTAR = @AMTAR@ +AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ +APPARMOR_LIBS = @APPARMOR_LIBS@ +AR = @AR@ +AUTH_CFLAGS = @AUTH_CFLAGS@ +AUTH_LIBS = @AUTH_LIBS@ +AUTOCONF = @AUTOCONF@ +AUTOHEADER = @AUTOHEADER@ +AUTOMAKE = @AUTOMAKE@ +AWK = @AWK@ +BINARY_CFLAGS = @BINARY_CFLAGS@ +BINARY_LDFLAGS = @BINARY_LDFLAGS@ +BISON = @BISON@ +CASSANDRA_CFLAGS = @CASSANDRA_CFLAGS@ +CASSANDRA_LIBS = @CASSANDRA_LIBS@ +CC = @CC@ +CCDEPMODE = @CCDEPMODE@ +CDB_LIBS = @CDB_LIBS@ +CFLAGS = @CFLAGS@ +CLUCENE_CFLAGS = @CLUCENE_CFLAGS@ +CLUCENE_LIBS = @CLUCENE_LIBS@ +COMPRESS_LIBS = @COMPRESS_LIBS@ +CPP = @CPP@ +CPPFLAGS = @CPPFLAGS@ +CRYPT_LIBS = @CRYPT_LIBS@ +CXX = @CXX@ +CXXCPP = @CXXCPP@ +CXXDEPMODE = @CXXDEPMODE@ +CXXFLAGS = @CXXFLAGS@ +CYGPATH_W = @CYGPATH_W@ +DEFS = @DEFS@ +DEPDIR = @DEPDIR@ +DICT_LIBS = @DICT_LIBS@ +DLLIB = @DLLIB@ +DLLTOOL = @DLLTOOL@ +DSYMUTIL = @DSYMUTIL@ +DUMPBIN = @DUMPBIN@ +ECHO_C = @ECHO_C@ +ECHO_N = @ECHO_N@ +ECHO_T = @ECHO_T@ +EGREP = @EGREP@ +EXEEXT = @EXEEXT@ +FGREP = @FGREP@ +FLEX = @FLEX@ +FUZZER_CPPFLAGS = @FUZZER_CPPFLAGS@ +FUZZER_LDFLAGS = @FUZZER_LDFLAGS@ +GREP = @GREP@ +INSTALL = @INSTALL@ +INSTALL_DATA = @INSTALL_DATA@ +INSTALL_PROGRAM = @INSTALL_PROGRAM@ +INSTALL_SCRIPT = @INSTALL_SCRIPT@ +INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ +KRB5CONFIG = @KRB5CONFIG@ +KRB5_CFLAGS = @KRB5_CFLAGS@ +KRB5_LIBS = @KRB5_LIBS@ +LD = @LD@ +LDAP_LIBS = @LDAP_LIBS@ +LDFLAGS = @LDFLAGS@ +LD_NO_WHOLE_ARCHIVE = @LD_NO_WHOLE_ARCHIVE@ +LD_WHOLE_ARCHIVE = @LD_WHOLE_ARCHIVE@ +LIBCAP = @LIBCAP@ +LIBDOVECOT = @LIBDOVECOT@ +LIBDOVECOT_COMPRESS = @LIBDOVECOT_COMPRESS@ +LIBDOVECOT_DEPS = @LIBDOVECOT_DEPS@ +LIBDOVECOT_DSYNC = @LIBDOVECOT_DSYNC@ +LIBDOVECOT_LA_LIBS = @LIBDOVECOT_LA_LIBS@ +LIBDOVECOT_LDA = @LIBDOVECOT_LDA@ +LIBDOVECOT_LDAP = @LIBDOVECOT_LDAP@ +LIBDOVECOT_LIBFTS = @LIBDOVECOT_LIBFTS@ +LIBDOVECOT_LIBFTS_DEPS = @LIBDOVECOT_LIBFTS_DEPS@ +LIBDOVECOT_LOGIN = @LIBDOVECOT_LOGIN@ +LIBDOVECOT_LUA = @LIBDOVECOT_LUA@ +LIBDOVECOT_LUA_DEPS = @LIBDOVECOT_LUA_DEPS@ +LIBDOVECOT_SQL = @LIBDOVECOT_SQL@ +LIBDOVECOT_STORAGE = @LIBDOVECOT_STORAGE@ +LIBDOVECOT_STORAGE_DEPS = @LIBDOVECOT_STORAGE_DEPS@ +LIBEXTTEXTCAT_CFLAGS = @LIBEXTTEXTCAT_CFLAGS@ +LIBEXTTEXTCAT_LIBS = @LIBEXTTEXTCAT_LIBS@ +LIBICONV = @LIBICONV@ +LIBICU_CFLAGS = @LIBICU_CFLAGS@ +LIBICU_LIBS = @LIBICU_LIBS@ +LIBOBJS = @LIBOBJS@ +LIBS = @LIBS@ +LIBSODIUM_CFLAGS = @LIBSODIUM_CFLAGS@ +LIBSODIUM_LIBS = @LIBSODIUM_LIBS@ +LIBTIRPC_CFLAGS = @LIBTIRPC_CFLAGS@ +LIBTIRPC_LIBS = @LIBTIRPC_LIBS@ +LIBTOOL = @LIBTOOL@ +LIBUNWIND_CFLAGS = @LIBUNWIND_CFLAGS@ +LIBUNWIND_LIBS = @LIBUNWIND_LIBS@ +LIBWRAP_LIBS = @LIBWRAP_LIBS@ +LINKED_STORAGE_LDADD = @LINKED_STORAGE_LDADD@ +LIPO = @LIPO@ +LN_S = @LN_S@ +LTLIBICONV = @LTLIBICONV@ +LTLIBOBJS = @LTLIBOBJS@ +LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@ +LUA_CFLAGS = @LUA_CFLAGS@ +LUA_LIBS = @LUA_LIBS@ +MAINT = @MAINT@ +MAKEINFO = @MAKEINFO@ +MANIFEST_TOOL = @MANIFEST_TOOL@ +MKDIR_P = @MKDIR_P@ +MODULE_LIBS = @MODULE_LIBS@ +MODULE_SUFFIX = @MODULE_SUFFIX@ +MYSQL_CFLAGS = @MYSQL_CFLAGS@ +MYSQL_CONFIG = @MYSQL_CONFIG@ +MYSQL_LIBS = @MYSQL_LIBS@ +NM = @NM@ +NMEDIT = @NMEDIT@ +NOPLUGIN_LDFLAGS = @NOPLUGIN_LDFLAGS@ +OBJDUMP = @OBJDUMP@ +OBJEXT = @OBJEXT@ +OTOOL = @OTOOL@ +OTOOL64 = @OTOOL64@ +PACKAGE = @PACKAGE@ +PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ +PACKAGE_NAME = @PACKAGE_NAME@ +PACKAGE_STRING = @PACKAGE_STRING@ +PACKAGE_TARNAME = @PACKAGE_TARNAME@ +PACKAGE_URL = @PACKAGE_URL@ +PACKAGE_VERSION = @PACKAGE_VERSION@ +PANDOC = @PANDOC@ +PATH_SEPARATOR = @PATH_SEPARATOR@ +PGSQL_CFLAGS = @PGSQL_CFLAGS@ +PGSQL_LIBS = @PGSQL_LIBS@ +PG_CONFIG = @PG_CONFIG@ +PIE_CFLAGS = @PIE_CFLAGS@ +PIE_LDFLAGS = @PIE_LDFLAGS@ +PKG_CONFIG = @PKG_CONFIG@ +PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@ +PKG_CONFIG_PATH = @PKG_CONFIG_PATH@ +QUOTA_LIBS = @QUOTA_LIBS@ +RANLIB = @RANLIB@ +RELRO_LDFLAGS = @RELRO_LDFLAGS@ +RPCGEN = @RPCGEN@ +RUN_TEST = @RUN_TEST@ +SED = @SED@ +SETTING_FILES = @SETTING_FILES@ +SET_MAKE = @SET_MAKE@ +SHELL = @SHELL@ +SQLITE_CFLAGS = @SQLITE_CFLAGS@ +SQLITE_LIBS = @SQLITE_LIBS@ +SQL_CFLAGS = @SQL_CFLAGS@ +SQL_LIBS = @SQL_LIBS@ +SSL_CFLAGS = @SSL_CFLAGS@ +SSL_LIBS = @SSL_LIBS@ +STRIP = @STRIP@ +SYSTEMD_CFLAGS = @SYSTEMD_CFLAGS@ +SYSTEMD_LIBS = @SYSTEMD_LIBS@ +VALGRIND = @VALGRIND@ +VERSION = @VERSION@ +ZSTD_CFLAGS = @ZSTD_CFLAGS@ +ZSTD_LIBS = @ZSTD_LIBS@ +abs_builddir = @abs_builddir@ +abs_srcdir = @abs_srcdir@ +abs_top_builddir = @abs_top_builddir@ +abs_top_srcdir = @abs_top_srcdir@ +ac_ct_AR = @ac_ct_AR@ +ac_ct_CC = @ac_ct_CC@ +ac_ct_CXX = @ac_ct_CXX@ +ac_ct_DUMPBIN = @ac_ct_DUMPBIN@ +am__include = @am__include@ +am__leading_dot = @am__leading_dot@ +am__quote = @am__quote@ +am__tar = @am__tar@ +am__untar = @am__untar@ +bindir = @bindir@ +build = @build@ +build_alias = @build_alias@ +build_cpu = @build_cpu@ +build_os = @build_os@ +build_vendor = @build_vendor@ +builddir = @builddir@ +datadir = @datadir@ +datarootdir = @datarootdir@ +dict_drivers = @dict_drivers@ +docdir = @docdir@ +dvidir = @dvidir@ +exec_prefix = @exec_prefix@ +host = @host@ +host_alias = @host_alias@ +host_cpu = @host_cpu@ +host_os = @host_os@ +host_vendor = @host_vendor@ +htmldir = @htmldir@ +includedir = @includedir@ +infodir = @infodir@ +install_sh = @install_sh@ +libdir = @libdir@ +libexecdir = @libexecdir@ +localedir = @localedir@ +localstatedir = @localstatedir@ +mandir = @mandir@ +mkdir_p = @mkdir_p@ +moduledir = @moduledir@ +oldincludedir = @oldincludedir@ +pdfdir = @pdfdir@ +prefix = @prefix@ +program_transform_name = @program_transform_name@ +psdir = @psdir@ +rundir = @rundir@ +runstatedir = @runstatedir@ +sbindir = @sbindir@ +sharedstatedir = @sharedstatedir@ +sql_drivers = @sql_drivers@ +srcdir = @srcdir@ +ssldir = @ssldir@ +statedir = @statedir@ +sysconfdir = @sysconfdir@ +systemdservicetype = @systemdservicetype@ +systemdsystemunitdir = @systemdsystemunitdir@ +target_alias = @target_alias@ +top_build_prefix = @top_build_prefix@ +top_builddir = @top_builddir@ +top_srcdir = @top_srcdir@ +AM_CPPFLAGS = \ + -I$(top_srcdir)/src/lib \ + -I$(top_srcdir)/src/lib-settings \ + -I$(top_srcdir)/src/lib-sasl \ + -I$(top_srcdir)/src/lib-auth \ + -I$(top_srcdir)/src/lib-master \ + -I$(top_srcdir)/src/lib-smtp \ + -I$(top_srcdir)/src/login-common + +submission_login_LDADD = \ + $(LIBDOVECOT_LOGIN) \ + $(LIBDOVECOT) \ + $(SSL_LIBS) + +submission_login_DEPENDENCIES = \ + $(LIBDOVECOT_LOGIN) \ + $(LIBDOVECOT_DEPS) + +submission_login_SOURCES = \ + client.c \ + client-authenticate.c \ + submission-login-settings.c \ + submission-proxy.c + +noinst_HEADERS = \ + client.h \ + client-authenticate.h \ + submission-login-settings.h \ + submission-proxy.h + +all: all-am + +.SUFFIXES: +.SUFFIXES: .c .lo .o .obj +$(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.am $(am__configure_deps) + @for dep in $?; do \ + case '$(am__configure_deps)' in \ + *$$dep*) \ + ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \ + && { if test -f $@; then exit 0; else break; fi; }; \ + exit 1;; \ + esac; \ + done; \ + echo ' cd $(top_srcdir) && $(AUTOMAKE) --foreign src/submission-login/Makefile'; \ + $(am__cd) $(top_srcdir) && \ + $(AUTOMAKE) --foreign src/submission-login/Makefile +Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status + @case '$?' in \ + *config.status*) \ + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \ + *) \ + echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__maybe_remake_depfiles)'; \ + cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__maybe_remake_depfiles);; \ + esac; + +$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh + +$(top_srcdir)/configure: @MAINTAINER_MODE_TRUE@ $(am__configure_deps) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh +$(ACLOCAL_M4): @MAINTAINER_MODE_TRUE@ $(am__aclocal_m4_deps) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh +$(am__aclocal_m4_deps): +install-pkglibexecPROGRAMS: $(pkglibexec_PROGRAMS) + @$(NORMAL_INSTALL) + @list='$(pkglibexec_PROGRAMS)'; test -n "$(pkglibexecdir)" || list=; \ + if test -n "$$list"; then \ + echo " $(MKDIR_P) '$(DESTDIR)$(pkglibexecdir)'"; \ + $(MKDIR_P) "$(DESTDIR)$(pkglibexecdir)" || exit 1; \ + fi; \ + for p in $$list; do echo "$$p $$p"; done | \ + sed 's/$(EXEEXT)$$//' | \ + while read p p1; do if test -f $$p \ + || test -f $$p1 \ + ; then echo "$$p"; echo "$$p"; else :; fi; \ + done | \ + sed -e 'p;s,.*/,,;n;h' \ + -e 's|.*|.|' \ + -e 'p;x;s,.*/,,;s/$(EXEEXT)$$//;$(transform);s/$$/$(EXEEXT)/' | \ + sed 'N;N;N;s,\n, ,g' | \ + $(AWK) 'BEGIN { files["."] = ""; dirs["."] = 1 } \ + { d=$$3; if (dirs[d] != 1) { print "d", d; dirs[d] = 1 } \ + if ($$2 == $$4) files[d] = files[d] " " $$1; \ + else { print "f", $$3 "/" $$4, $$1; } } \ + END { for (d in files) print "f", d, files[d] }' | \ + while read type dir files; do \ + if test "$$dir" = .; then dir=; else dir=/$$dir; fi; \ + test -z "$$files" || { \ + echo " $(INSTALL_PROGRAM_ENV) $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL_PROGRAM) $$files '$(DESTDIR)$(pkglibexecdir)$$dir'"; \ + $(INSTALL_PROGRAM_ENV) $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL_PROGRAM) $$files "$(DESTDIR)$(pkglibexecdir)$$dir" || exit $$?; \ + } \ + ; done + +uninstall-pkglibexecPROGRAMS: + @$(NORMAL_UNINSTALL) + @list='$(pkglibexec_PROGRAMS)'; test -n "$(pkglibexecdir)" || list=; \ + files=`for p in $$list; do echo "$$p"; done | \ + sed -e 'h;s,^.*/,,;s/$(EXEEXT)$$//;$(transform)' \ + -e 's/$$/$(EXEEXT)/' \ + `; \ + test -n "$$list" || exit 0; \ + echo " ( cd '$(DESTDIR)$(pkglibexecdir)' && rm -f" $$files ")"; \ + cd "$(DESTDIR)$(pkglibexecdir)" && rm -f $$files + +clean-pkglibexecPROGRAMS: + @list='$(pkglibexec_PROGRAMS)'; test -n "$$list" || exit 0; \ + echo " rm -f" $$list; \ + rm -f $$list || exit $$?; \ + test -n "$(EXEEXT)" || exit 0; \ + list=`for p in $$list; do echo "$$p"; done | sed 's/$(EXEEXT)$$//'`; \ + echo " rm -f" $$list; \ + rm -f $$list + +submission-login$(EXEEXT): $(submission_login_OBJECTS) $(submission_login_DEPENDENCIES) $(EXTRA_submission_login_DEPENDENCIES) + @rm -f submission-login$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(submission_login_OBJECTS) $(submission_login_LDADD) $(LIBS) + +mostlyclean-compile: + -rm -f *.$(OBJEXT) + +distclean-compile: + -rm -f *.tab.c + +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/client-authenticate.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/client.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/submission-login-settings.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/submission-proxy.Po@am__quote@ # am--include-marker + +$(am__depfiles_remade): + @$(MKDIR_P) $(@D) + @echo '# dummy' >$@-t && $(am__mv) $@-t $@ + +am--depfiles: $(am__depfiles_remade) + +.c.o: +@am__fastdepCC_TRUE@ $(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c -o $@ $< + +.c.obj: +@am__fastdepCC_TRUE@ $(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'` +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c -o $@ `$(CYGPATH_W) '$<'` + +.c.lo: +@am__fastdepCC_TRUE@ $(AM_V_CC)$(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LTCOMPILE) -c -o $@ $< + +mostlyclean-libtool: + -rm -f *.lo + +clean-libtool: + -rm -rf .libs _libs + +ID: $(am__tagged_files) + $(am__define_uniq_tagged_files); mkid -fID $$unique +tags: tags-am +TAGS: tags + +tags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files) + set x; \ + here=`pwd`; \ + $(am__define_uniq_tagged_files); \ + shift; \ + if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \ + test -n "$$unique" || unique=$$empty_fix; \ + if test $$# -gt 0; then \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + "$$@" $$unique; \ + else \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + $$unique; \ + fi; \ + fi +ctags: ctags-am + +CTAGS: ctags +ctags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files) + $(am__define_uniq_tagged_files); \ + test -z "$(CTAGS_ARGS)$$unique" \ + || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ + $$unique + +GTAGS: + here=`$(am__cd) $(top_builddir) && pwd` \ + && $(am__cd) $(top_srcdir) \ + && gtags -i $(GTAGS_ARGS) "$$here" +cscopelist: cscopelist-am + +cscopelist-am: $(am__tagged_files) + list='$(am__tagged_files)'; \ + case "$(srcdir)" in \ + [\\/]* | ?:[\\/]*) sdir="$(srcdir)" ;; \ + *) sdir=$(subdir)/$(srcdir) ;; \ + esac; \ + for i in $$list; do \ + if test -f "$$i"; then \ + echo "$(subdir)/$$i"; \ + else \ + echo "$$sdir/$$i"; \ + fi; \ + done >> $(top_builddir)/cscope.files + +distclean-tags: + -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags + +distdir: $(BUILT_SOURCES) + $(MAKE) $(AM_MAKEFLAGS) distdir-am + +distdir-am: $(DISTFILES) + @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ + topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ + list='$(DISTFILES)'; \ + dist_files=`for file in $$list; do echo $$file; done | \ + sed -e "s|^$$srcdirstrip/||;t" \ + -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \ + case $$dist_files in \ + */*) $(MKDIR_P) `echo "$$dist_files" | \ + sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \ + sort -u` ;; \ + esac; \ + for file in $$dist_files; do \ + if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ + if test -d $$d/$$file; then \ + dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ + if test -d "$(distdir)/$$file"; then \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ + fi; \ + if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ + cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ + fi; \ + cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \ + else \ + test -f "$(distdir)/$$file" \ + || cp -p $$d/$$file "$(distdir)/$$file" \ + || exit 1; \ + fi; \ + done +check-am: all-am +check: check-am +all-am: Makefile $(PROGRAMS) $(HEADERS) +installdirs: + for dir in "$(DESTDIR)$(pkglibexecdir)"; do \ + test -z "$$dir" || $(MKDIR_P) "$$dir"; \ + done +install: install-am +install-exec: install-exec-am +install-data: install-data-am +uninstall: uninstall-am + +install-am: all-am + @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am + +installcheck: installcheck-am +install-strip: + if test -z '$(STRIP)'; then \ + $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ + install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ + install; \ + else \ + $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ + install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ + "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'" install; \ + fi +mostlyclean-generic: + +clean-generic: + +distclean-generic: + -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) + -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) + +maintainer-clean-generic: + @echo "This command is intended for maintainers to use" + @echo "it deletes files that may require special tools to rebuild." +clean: clean-am + +clean-am: clean-generic clean-libtool clean-pkglibexecPROGRAMS \ + mostlyclean-am + +distclean: distclean-am + -rm -f ./$(DEPDIR)/client-authenticate.Po + -rm -f ./$(DEPDIR)/client.Po + -rm -f ./$(DEPDIR)/submission-login-settings.Po + -rm -f ./$(DEPDIR)/submission-proxy.Po + -rm -f Makefile +distclean-am: clean-am distclean-compile distclean-generic \ + distclean-tags + +dvi: dvi-am + +dvi-am: + +html: html-am + +html-am: + +info: info-am + +info-am: + +install-data-am: + +install-dvi: install-dvi-am + +install-dvi-am: + +install-exec-am: install-pkglibexecPROGRAMS + +install-html: install-html-am + +install-html-am: + +install-info: install-info-am + +install-info-am: + +install-man: + +install-pdf: install-pdf-am + +install-pdf-am: + +install-ps: install-ps-am + +install-ps-am: + +installcheck-am: + +maintainer-clean: maintainer-clean-am + -rm -f ./$(DEPDIR)/client-authenticate.Po + -rm -f ./$(DEPDIR)/client.Po + -rm -f ./$(DEPDIR)/submission-login-settings.Po + -rm -f ./$(DEPDIR)/submission-proxy.Po + -rm -f Makefile +maintainer-clean-am: distclean-am maintainer-clean-generic + +mostlyclean: mostlyclean-am + +mostlyclean-am: mostlyclean-compile mostlyclean-generic \ + mostlyclean-libtool + +pdf: pdf-am + +pdf-am: + +ps: ps-am + +ps-am: + +uninstall-am: uninstall-pkglibexecPROGRAMS + +.MAKE: install-am install-strip + +.PHONY: CTAGS GTAGS TAGS all all-am am--depfiles check check-am clean \ + clean-generic clean-libtool clean-pkglibexecPROGRAMS \ + cscopelist-am ctags ctags-am distclean distclean-compile \ + distclean-generic distclean-libtool distclean-tags distdir dvi \ + dvi-am html html-am info info-am install install-am \ + install-data install-data-am install-dvi install-dvi-am \ + install-exec install-exec-am install-html install-html-am \ + install-info install-info-am install-man install-pdf \ + install-pdf-am install-pkglibexecPROGRAMS install-ps \ + install-ps-am install-strip installcheck installcheck-am \ + installdirs maintainer-clean maintainer-clean-generic \ + mostlyclean mostlyclean-compile mostlyclean-generic \ + mostlyclean-libtool pdf pdf-am ps ps-am tags tags-am uninstall \ + uninstall-am uninstall-pkglibexecPROGRAMS + +.PRECIOUS: Makefile + + +# Tell versions [3.59,3.63) of GNU make to not export all variables. +# Otherwise a system limit (for SysV at least) may be exceeded. +.NOEXPORT: diff --git a/src/submission-login/client-authenticate.c b/src/submission-login/client-authenticate.c new file mode 100644 index 0000000..e1a5ae2 --- /dev/null +++ b/src/submission-login/client-authenticate.c @@ -0,0 +1,360 @@ +/* Copyright (c) 2013-2018 Dovecot authors, see the included COPYING file */ + +#include "login-common.h" +#include "base64.h" +#include "buffer.h" +#include "hex-binary.h" +#include "ioloop.h" +#include "istream.h" +#include "ostream.h" +#include "safe-memset.h" +#include "str.h" +#include "str-sanitize.h" +#include "auth-client.h" +#include "master-service-ssl-settings.h" +#include "client.h" +#include "client-authenticate.h" +#include "submission-proxy.h" +#include "submission-login-settings.h" + +static void cmd_helo_reply(struct submission_client *subm_client, + struct smtp_server_cmd_ctx *cmd, + struct smtp_server_cmd_helo *data) +{ + struct client *client = &subm_client->common; + const struct submission_login_settings *set = subm_client->set; + enum smtp_capability backend_caps = subm_client->backend_capabilities; + bool exotic_backend = + HAS_ALL_BITS(set->parsed_workarounds, + SUBMISSION_LOGIN_WORKAROUND_EXOTIC_BACKEND); + struct smtp_server_reply *reply; + + reply = smtp_server_reply_create_ehlo(cmd->cmd); + if (!data->helo.old_smtp) { + if ((backend_caps & SMTP_CAPABILITY_8BITMIME) != 0) + smtp_server_reply_ehlo_add(reply, "8BITMIME"); + + if (client->secured || + strcmp(client->ssl_set->ssl, "required") != 0) { + const struct auth_mech_desc *mechs; + unsigned int count, i; + string_t *param = t_str_new(128); + + mechs = sasl_server_get_advertised_mechs(client, + &count); + for (i = 0; i < count; i++) { + if (i > 0) + str_append_c(param, ' '); + str_append(param, mechs[i].name); + } + smtp_server_reply_ehlo_add_param(reply, + "AUTH", "%s", str_c(param)); + } + + if ((backend_caps & SMTP_CAPABILITY_BINARYMIME) != 0 && + (backend_caps & SMTP_CAPABILITY_CHUNKING) != 0) + smtp_server_reply_ehlo_add(reply, "BINARYMIME"); + if (!exotic_backend || + (backend_caps & SMTP_CAPABILITY_BURL) != 0) { + smtp_server_reply_ehlo_add_param(reply, "BURL", "imap"); + } + if (!exotic_backend || + (backend_caps & SMTP_CAPABILITY_CHUNKING) != 0) { + smtp_server_reply_ehlo_add(reply, + "CHUNKING"); + } + if ((backend_caps & SMTP_CAPABILITY_DSN) != 0) + smtp_server_reply_ehlo_add(reply, "DSN"); + if (!exotic_backend || + (backend_caps & SMTP_CAPABILITY_ENHANCEDSTATUSCODES) != 0) { + smtp_server_reply_ehlo_add( + reply, "ENHANCEDSTATUSCODES"); + } + + if (subm_client->set->submission_max_mail_size > 0) { + smtp_server_reply_ehlo_add_param(reply, + "SIZE", "%"PRIuUOFF_T, + subm_client->set->submission_max_mail_size); + } else if (!exotic_backend || + (backend_caps & SMTP_CAPABILITY_SIZE) != 0) { + smtp_server_reply_ehlo_add(reply, "SIZE"); + } + + if (client_is_tls_enabled(client) && !client->tls) + smtp_server_reply_ehlo_add(reply, "STARTTLS"); + if (!exotic_backend || + (backend_caps & SMTP_CAPABILITY_PIPELINING) != 0) + smtp_server_reply_ehlo_add(reply, "PIPELINING"); + if ((backend_caps & SMTP_CAPABILITY_VRFY) != 0) + smtp_server_reply_ehlo_add(reply, "VRFY"); + smtp_server_reply_ehlo_add_xclient(reply); + } + smtp_server_reply_submit(reply); +} + +int cmd_helo(void *conn_ctx, struct smtp_server_cmd_ctx *cmd, + struct smtp_server_cmd_helo *data) +{ + struct submission_client *subm_client = conn_ctx; + + T_BEGIN { + cmd_helo_reply(subm_client, cmd, data); + } T_END; + + return 1; +} + +void submission_client_auth_result(struct client *client, + enum client_auth_result result, + const struct client_auth_reply *reply ATTR_UNUSED, + const char *text) +{ + struct submission_client *subm_client = + container_of(client, struct submission_client, common); + struct smtp_server_cmd_ctx *cmd = subm_client->pending_auth; + + if (subm_client->conn == NULL) + return; + + subm_client->pending_auth = NULL; + i_assert(cmd != NULL); + + switch (result) { + case CLIENT_AUTH_RESULT_SUCCESS: + /* nothing to be done for SMTP */ + if (client->login_proxy != NULL) + subm_client->pending_auth = cmd; + break; + case CLIENT_AUTH_RESULT_TEMPFAIL: + /* RFC4954, Section 6: + + 454 4.7.0 Temporary authentication failure + + This response to the AUTH command indicates that the + authentication failed due to a temporary server failure. + */ + smtp_server_reply(cmd, 454, "4.7.0", "%s", text); + break; + case CLIENT_AUTH_RESULT_ABORTED: + /* RFC4954, Section 4: + + If the client wishes to cancel the authentication exchange, + it issues a line with a single "*". If the server receives + such a response, it MUST reject the AUTH command by sending + a 501 reply. */ + smtp_server_reply(cmd, 501, "5.5.2", "%s", text); + break; + case CLIENT_AUTH_RESULT_INVALID_BASE64: + /* RFC4954, Section 4: + + If the server cannot [BASE64] decode any client response, it + MUST reject the AUTH command with a 501 reply (and an + enhanced status code of 5.5.2). */ + smtp_server_reply(cmd, 501, "5.5.2", "%s", text); + break; + case CLIENT_AUTH_RESULT_SSL_REQUIRED: + /* RFC3207, Section 4: + + A SMTP server that is not publicly referenced may choose to + require that the client perform a TLS negotiation before + accepting any commands. In this case, the server SHOULD + return the reply code: + + 530 Must issue a STARTTLS command first + + to every command other than NOOP, EHLO, STARTTLS, or QUIT. + If the client and server are using the ENHANCEDSTATUSCODES + ESMTP extension [RFC2034], the status code to be returned + SHOULD be 5.7.0. */ + smtp_server_reply(cmd, 530, "5.7.0", "%s", text); + break; + case CLIENT_AUTH_RESULT_MECH_SSL_REQUIRED: + /* RFC5248, Section 2.4: + + 523 X.7.10 Encryption Needed + + This indicates that an external strong privacy layer is + needed in order to use the requested authentication + mechanism. This is primarily intended for use with clear text + authentication mechanisms. A client that receives this may + activate a security layer such as TLS prior to + authenticating, or attempt to use a stronger mechanism. */ + smtp_server_reply(cmd, 523, "5.7.10", "%s", text); + break; + case CLIENT_AUTH_RESULT_MECH_INVALID: + /* RFC4954, Section 4: + + If the requested authentication mechanism is invalid (e.g., + is not supported or requires an encryption layer), the server + rejects the AUTH command with a 504 reply. If the server + supports the [ESMTP-CODES] extension, it SHOULD return a + 5.5.4 enhanced response code. */ + smtp_server_reply(cmd, 504, "5.5.4", "%s", text); + break; + case CLIENT_AUTH_RESULT_LOGIN_DISABLED: + case CLIENT_AUTH_RESULT_ANONYMOUS_DENIED: + /* RFC5248, Section 2.4: + + 525 X.7.13 User Account Disabled + + Sometimes a system administrator will have to disable a + user's account (e.g., due to lack of payment, abuse, evidence + of a break-in attempt, etc.). This error code occurs after a + successful authentication to a disabled account. This informs + the client that the failure is permanent until the user + contacts their system administrator to get the account + re-enabled. */ + smtp_server_reply(cmd, 525, "5.7.13", "%s", text); + break; + case CLIENT_AUTH_RESULT_PASS_EXPIRED: + default: + /* FIXME: RFC4954, Section 4: + + If the client uses an initial-response argument to the AUTH + command with a SASL mechanism in which the client does not + begin the authentication exchange, the server MUST reject the + AUTH command with a 501 reply. Servers using the enhanced + status codes extension [ESMTP-CODES] SHOULD return an + enhanced status code of 5.7.0 in this case. + + >> Currently, this is checked at the server side, but only a + generic error is ever produced. + */ + /* NOTE: RFC4954, Section 4: + + If, during an authentication exchange, the server receives a + line that is longer than the server's authentication buffer, + the server fails the AUTH command with the 500 reply. Servers + using the enhanced status codes extension [ESMTP-CODES] + SHOULD return an enhanced status code of 5.5.6 in this case. + + >> Currently, client is disconnected from login-common. + */ + /* RFC4954, Section 4: + + If the server is unable to authenticate the client, it SHOULD + reject the AUTH command with a 535 reply unless a more + specific error code is appropriate. + + RFC4954, Section 6: + + 535 5.7.8 Authentication credentials invalid + + This response to the AUTH command indicates that the + authentication failed due to invalid or insufficient + authentication credentials. + */ + smtp_server_reply(cmd, 535, "5.7.8", "%s", text); + break; + } +} + +int cmd_auth_continue(void *conn_ctx, + struct smtp_server_cmd_ctx *cmd ATTR_UNUSED, + const char *response) +{ + struct submission_client *subm_client = conn_ctx; + struct client *client = &subm_client->common; + + if (strcmp(response, "*") == 0) { + client_auth_abort(client); + return 0; + } + + client_auth_respond(client, response); + return 0; +} + +void submission_client_auth_send_challenge(struct client *client, + const char *data) +{ + struct submission_client *subm_client = + container_of(client, struct submission_client, common); + struct smtp_server_cmd_ctx *cmd = subm_client->pending_auth; + + i_assert(cmd != NULL); + + smtp_server_cmd_auth_send_challenge(cmd, data); +} + +static void +cmd_auth_set_master_data_prefix(struct submission_client *subm_client, + const char *mail_params) ATTR_NULL(2) +{ + struct client *client = &subm_client->common; + struct smtp_server_helo_data *helo; + struct smtp_proxy_data proxy; + + buffer_t *buf = buffer_create_dynamic(default_pool, 2048); + + /* pass ehlo parameter to post-login service upon successful login */ + helo = smtp_server_connection_get_helo_data(subm_client->conn); + if (helo->domain_valid) { + i_assert(helo->domain != NULL); + buffer_append(buf, helo->domain, strlen(helo->domain)); + } + buffer_append_c(buf, '\0'); + + /* pass proxied ehlo parameter to post-login service upon successful + login */ + smtp_server_connection_get_proxy_data(subm_client->conn, &proxy); + if (proxy.helo != NULL) + buffer_append(buf, proxy.helo, strlen(proxy.helo)); + buffer_append_c(buf, '\0'); + + /* Pass MAIL command to post-login service if any. */ + if (mail_params != NULL) { + buffer_append(buf, "MAIL ", 5); + buffer_append(buf, mail_params, strlen(mail_params)); + buffer_append(buf, "\r\n", 2); + } + + i_free(client->master_data_prefix); + client->master_data_prefix_len = buf->used; + client->master_data_prefix = buffer_free_without_data(&buf); +} + +int cmd_auth(void *conn_ctx, struct smtp_server_cmd_ctx *cmd, + struct smtp_server_cmd_auth *data) +{ + struct submission_client *subm_client = conn_ctx; + struct client *client = &subm_client->common; + + cmd_auth_set_master_data_prefix(subm_client, NULL); + + i_assert(subm_client->pending_auth == NULL); + subm_client->pending_auth = cmd; + + (void)client_auth_begin(client, data->sasl_mech, data->initial_response); + return 0; +} + +void cmd_mail(struct smtp_server_cmd_ctx *cmd, const char *params) +{ + struct smtp_server_connection *conn = cmd->conn; + struct submission_client *subm_client = + smtp_server_connection_get_context(conn); + struct client *client = &subm_client->common; + enum submission_login_client_workarounds workarounds = + subm_client->set->parsed_workarounds; + + if (HAS_NO_BITS(workarounds, + SUBMISSION_LOGIN_WORKAROUND_IMPLICIT_AUTH_EXTERNAL) || + sasl_server_find_available_mech(client, "EXTERNAL") == NULL) { + smtp_server_command_fail(cmd->cmd, 530, "5.7.0", + "Authentication required."); + return; + } + + e_debug(cmd->event, + "Performing implicit EXTERNAL authentication"); + + smtp_server_command_input_lock(cmd); + + cmd_auth_set_master_data_prefix(subm_client, params); + + i_assert(subm_client->pending_auth == NULL); + subm_client->pending_auth = cmd; + + (void)client_auth_begin_implicit(client, "EXTERNAL", "="); +} diff --git a/src/submission-login/client-authenticate.h b/src/submission-login/client-authenticate.h new file mode 100644 index 0000000..8353b49 --- /dev/null +++ b/src/submission-login/client-authenticate.h @@ -0,0 +1,21 @@ +#ifndef CLIENT_AUTHENTICATE_H +#define CLIENT_AUTHENTICATE_H + +void submission_client_auth_result(struct client *client, + enum client_auth_result result, + const struct client_auth_reply *reply, + const char *text); + +void submission_client_auth_send_challenge(struct client *client, + const char *data); + +int cmd_helo(void *conn_ctx, struct smtp_server_cmd_ctx *cmd, + struct smtp_server_cmd_helo *data); +int cmd_auth_continue(void *conn_ctx, struct smtp_server_cmd_ctx *cmd, + const char *response); +int cmd_auth(void *conn_ctx, struct smtp_server_cmd_ctx *cmd, + struct smtp_server_cmd_auth *data); + +void cmd_mail(struct smtp_server_cmd_ctx *cmd, const char *params); + +#endif diff --git a/src/submission-login/client.c b/src/submission-login/client.c new file mode 100644 index 0000000..9922c9d --- /dev/null +++ b/src/submission-login/client.c @@ -0,0 +1,329 @@ +/* Copyright (c) 2013-2018 Dovecot authors, see the included COPYING file */ + +#include "login-common.h" +#include "base64.h" +#include "buffer.h" +#include "ioloop.h" +#include "istream.h" +#include "ostream.h" +#include "randgen.h" +#include "hostpid.h" +#include "safe-memset.h" +#include "str.h" +#include "strescape.h" +#include "master-service.h" +#include "master-service-ssl-settings.h" +#include "client.h" +#include "client-authenticate.h" +#include "auth-client.h" +#include "submission-proxy.h" +#include "submission-login-settings.h" + +/* Disconnect client when it sends too many bad commands */ +#define CLIENT_MAX_BAD_COMMANDS 10 + +static const struct smtp_server_callbacks smtp_callbacks; + +static struct smtp_server *smtp_server = NULL; + +static void +client_parse_backend_capabilities(struct submission_client *subm_client ) +{ + const struct submission_login_settings *set = subm_client->set; + const char *const *str; + + if (set->submission_backend_capabilities == NULL) { + subm_client->backend_capabilities = SMTP_CAPABILITY_8BITMIME; + return; + } + + subm_client->backend_capabilities = SMTP_CAPABILITY_NONE; + str = t_strsplit_spaces(set->submission_backend_capabilities, " ,"); + for (; *str != NULL; str++) { + enum smtp_capability cap = smtp_capability_find_by_name(*str); + + if (cap == SMTP_CAPABILITY_NONE) { + i_warning("Unknown SMTP capability in submission_backend_capabilities: " + "%s", *str); + continue; + } + + subm_client->backend_capabilities |= cap; + } + + /* Make sure CHUNKING support is always enabled when BINARYMIME is + enabled by explicit configuration. */ + if (HAS_ALL_BITS(subm_client->backend_capabilities, + SMTP_CAPABILITY_BINARYMIME)) { + subm_client->backend_capabilities |= SMTP_CAPABILITY_CHUNKING; + } +} + +static int submission_login_start_tls(void *conn_ctx, + struct istream **input, struct ostream **output) +{ + struct submission_client *subm_client = conn_ctx; + struct client *client = &subm_client->common; + + client->starttls = TRUE; + if (client_init_ssl(client) < 0) { + client_notify_disconnect(client, + CLIENT_DISCONNECT_INTERNAL_ERROR, + "TLS initialization failed."); + client_destroy(client, + "Disconnected: TLS initialization failed."); + return -1; + } + login_refresh_proctitle(); + + *input = client->input; + *output = client->output; + return 0; +} + +static struct client *submission_client_alloc(pool_t pool) +{ + struct submission_client *subm_client; + + subm_client = p_new(pool, struct submission_client, 1); + return &subm_client->common; +} + +static void submission_client_create(struct client *client, + void **other_sets) +{ + static const char *const xclient_extensions[] = + { "FORWARD", NULL }; + struct submission_client *subm_client = + container_of(client, struct submission_client, common); + struct smtp_server_settings smtp_set; + + subm_client->set = other_sets[0]; + client_parse_backend_capabilities(subm_client); + + i_zero(&smtp_set); + smtp_set.capabilities = SMTP_CAPABILITY_SIZE | + SMTP_CAPABILITY_ENHANCEDSTATUSCODES | SMTP_CAPABILITY_AUTH | + SMTP_CAPABILITY_XCLIENT; + if (client_is_tls_enabled(client)) + smtp_set.capabilities |= SMTP_CAPABILITY_STARTTLS; + smtp_set.hostname = subm_client->set->hostname; + smtp_set.login_greeting = client->set->login_greeting; + smtp_set.tls_required = !client->secured && + (strcmp(client->ssl_set->ssl, "required") == 0); + smtp_set.xclient_extensions = xclient_extensions; + smtp_set.command_limits.max_parameters_size = LOGIN_MAX_INBUF_SIZE; + smtp_set.command_limits.max_auth_size = LOGIN_MAX_AUTH_BUF_SIZE; + smtp_set.debug = client->set->auth_debug; + + subm_client->conn = smtp_server_connection_create_from_streams( + smtp_server, client->input, client->output, + &client->real_remote_ip, client->real_remote_port, + &smtp_set, &smtp_callbacks, subm_client); +} + +static void submission_client_destroy(struct client *client) +{ + struct submission_client *subm_client = + container_of(client, struct submission_client, common); + + if (subm_client->conn != NULL) + smtp_server_connection_close(&subm_client->conn, NULL); + i_free_and_null(subm_client->proxy_xclient); +} + +static void submission_client_notify_auth_ready(struct client *client) +{ + struct submission_client *subm_client = + container_of(client, struct submission_client, common); + + client->banner_sent = TRUE; + smtp_server_connection_start(subm_client->conn); +} + +static void +submission_client_notify_disconnect(struct client *_client, + enum client_disconnect_reason reason, + const char *text) +{ + struct submission_client *client = + container_of(_client, struct submission_client, common); + struct smtp_server_connection *conn; + + conn = client->conn; + client->conn = NULL; + if (conn != NULL) { + switch (reason) { + case CLIENT_DISCONNECT_TIMEOUT: + smtp_server_connection_terminate(&conn, "4.4.2", text); + break; + case CLIENT_DISCONNECT_SYSTEM_SHUTDOWN: + smtp_server_connection_terminate(&conn, "4.3.2", text); + break; + case CLIENT_DISCONNECT_INTERNAL_ERROR: + default: + smtp_server_connection_terminate(&conn, "4.0.0", text); + break; + } + } +} + +static void +client_connection_cmd_xclient(void *context, + struct smtp_server_cmd_ctx *cmd, + struct smtp_proxy_data *data) +{ + unsigned int i; + + struct submission_client *client = context; + + if (data->source_ip.family != 0) + client->common.ip = data->source_ip; + if (data->source_port != 0) + client->common.remote_port = data->source_port; + if (data->ttl_plus_1 > 0) + client->common.proxy_ttl = data->ttl_plus_1 - 1; + if (data->session != NULL) { + client->common.session_id = + p_strdup(client->common.pool, data->session); + } + + for (i = 0; i < data->extra_fields_count; i++) { + const char *name = data->extra_fields[i].name; + const char *value = data->extra_fields[i].value; + + if (strcasecmp(name, "FORWARD") == 0) { + size_t value_len = strlen(value); + if (client->common.forward_fields != NULL) { + str_truncate(client->common.forward_fields, 0); + } else { + client->common.forward_fields = str_new( + client->common.preproxy_pool, + MAX_BASE64_DECODED_SIZE(value_len)); + if (base64_decode(value, value_len, NULL, + client->common.forward_fields) < 0) { + smtp_server_reply(cmd, 501, "5.5.4", + "Invalid FORWARD parameter"); + } + } + } + } +} + +static void client_connection_disconnect(void *context, const char *reason) +{ + struct submission_client *client = context; + + client->pending_auth = NULL; + client_disconnect(&client->common, reason, + !client->common.login_success); +} + +static void client_connection_free(void *context) +{ + struct submission_client *client = context; + + if (client->conn == NULL) + return; + client->conn = NULL; + client_destroy(&client->common, NULL); +} + +static bool client_connection_is_trusted(void *context) +{ + struct submission_client *client = context; + + return client->common.trusted; +} + +static void submission_login_die(void) +{ + /* do nothing. submission connections typically die pretty quick anyway. + */ +} + +static void submission_login_preinit(void) +{ + login_set_roots = submission_login_setting_roots; +} + +static void submission_login_init(void) +{ + struct smtp_server_settings smtp_server_set; + + /* override the default login_die() */ + master_service_set_die_callback(master_service, submission_login_die); + + /* initialize SMTP server */ + i_zero(&smtp_server_set); + smtp_server_set.protocol = SMTP_PROTOCOL_SMTP; + smtp_server_set.max_pipelined_commands = 5; + smtp_server_set.max_bad_commands = CLIENT_MAX_BAD_COMMANDS; + smtp_server_set.reason_code_module = "submission"; + /* Pre-auth state is always logged either as GREETING or READY. + It's not very useful. */ + smtp_server_set.no_state_in_reason = TRUE; + smtp_server = smtp_server_init(&smtp_server_set); + smtp_server_command_override(smtp_server, "MAIL", cmd_mail, + SMTP_SERVER_CMD_FLAG_PREAUTH); +} + +static void submission_login_deinit(void) +{ + clients_destroy_all(); + + smtp_server_deinit(&smtp_server); +} + +static const struct smtp_server_callbacks smtp_callbacks = { + .conn_cmd_helo = cmd_helo, + + .conn_start_tls = submission_login_start_tls, + + .conn_cmd_auth = cmd_auth, + .conn_cmd_auth_continue = cmd_auth_continue, + + .conn_cmd_xclient = client_connection_cmd_xclient, + + .conn_disconnect = client_connection_disconnect, + .conn_free = client_connection_free, + + .conn_is_trusted = client_connection_is_trusted +}; + +static struct client_vfuncs submission_client_vfuncs = { + .alloc = submission_client_alloc, + .create = submission_client_create, + .destroy = submission_client_destroy, + .notify_auth_ready = submission_client_notify_auth_ready, + .notify_disconnect = submission_client_notify_disconnect, + .auth_send_challenge = submission_client_auth_send_challenge, + .auth_result = submission_client_auth_result, + .proxy_reset = submission_proxy_reset, + .proxy_parse_line = submission_proxy_parse_line, + .proxy_failed = submission_proxy_failed, + .proxy_get_state = submission_proxy_get_state, +}; + +static struct login_binary submission_login_binary = { + .protocol = "submission", + .process_name = "submission-login", + .default_port = 587, + + .event_category = { + .name = "submission", + }, + + .client_vfuncs = &submission_client_vfuncs, + .preinit = submission_login_preinit, + .init = submission_login_init, + .deinit = submission_login_deinit, + + .sasl_support_final_reply = FALSE, + .anonymous_login_acceptable = FALSE, +}; + +int main(int argc, char *argv[]) +{ + return login_binary_run(&submission_login_binary, argc, argv); +} diff --git a/src/submission-login/client.h b/src/submission-login/client.h new file mode 100644 index 0000000..ba932af --- /dev/null +++ b/src/submission-login/client.h @@ -0,0 +1,38 @@ +#ifndef CLIENT_H +#define CLIENT_H + +#include "net.h" +#include "client-common.h" +#include "auth-client.h" +#include "smtp-server.h" + +enum submission_proxy_state { + SUBMISSION_PROXY_BANNER = 0, + SUBMISSION_PROXY_EHLO, + SUBMISSION_PROXY_STARTTLS, + SUBMISSION_PROXY_TLS_EHLO, + SUBMISSION_PROXY_XCLIENT, + SUBMISSION_PROXY_XCLIENT_EHLO, + SUBMISSION_PROXY_AUTHENTICATE, + + SUBMISSION_PROXY_STATE_COUNT +}; + +struct submission_client { + struct client common; + const struct submission_login_settings *set; + enum smtp_capability backend_capabilities; + + struct smtp_server_connection *conn; + struct smtp_server_cmd_ctx *pending_auth; + + enum submission_proxy_state proxy_state; + enum smtp_capability proxy_capability; + char *proxy_sasl_ir; + unsigned int proxy_reply_status; + struct smtp_server_reply *proxy_reply; + const char **proxy_xclient; + unsigned int proxy_xclient_replies_expected; +}; + +#endif diff --git a/src/submission-login/submission-login-settings.c b/src/submission-login/submission-login-settings.c new file mode 100644 index 0000000..b35f97f --- /dev/null +++ b/src/submission-login/submission-login-settings.c @@ -0,0 +1,166 @@ +/* Copyright (c) 2013-2018 Dovecot authors, see the included COPYING file */ + +#include "lib.h" +#include "hostpid.h" +#include "buffer.h" +#include "settings-parser.h" +#include "service-settings.h" +#include "login-settings.h" +#include "submission-login-settings.h" + +#include <stddef.h> + +static bool +submission_login_settings_check(void *_set, pool_t pool, const char **error_r); + +/* <settings checks> */ +static struct inet_listener_settings submission_login_inet_listeners_array[] = { + { .name = "submission", .address = "", .port = 587 }, + { .name = "submissions", .address = "", .port = 465, .ssl = TRUE } +}; +static struct inet_listener_settings *submission_login_inet_listeners[] = { + &submission_login_inet_listeners_array[0] +}; +static buffer_t submission_login_inet_listeners_buf = { + { { submission_login_inet_listeners, + sizeof(submission_login_inet_listeners) } } +}; + +/* </settings checks> */ +struct service_settings submission_login_service_settings = { + .name = "submission-login", + .protocol = "submission", + .type = "login", + .executable = "submission-login", + .user = "$default_login_user", + .group = "", + .privileged_group = "", + .extra_groups = "", + .chroot = "login", + + .drop_priv_before_exec = FALSE, + + .process_min_avail = 0, + .process_limit = 0, + .client_limit = 0, + .service_count = 1, + .idle_kill = 0, + .vsz_limit = UOFF_T_MAX, + + .unix_listeners = ARRAY_INIT, + .fifo_listeners = ARRAY_INIT, + .inet_listeners = { { &submission_login_inet_listeners_buf, + sizeof(submission_login_inet_listeners[0]) } } +}; + +#undef DEF +#define DEF(type, name) \ + SETTING_DEFINE_STRUCT_##type(#name, name, struct submission_login_settings) + +static const struct setting_define submission_login_setting_defines[] = { + DEF(STR, hostname), + + DEF(SIZE, submission_max_mail_size), + DEF(STR, submission_client_workarounds), + DEF(STR, submission_backend_capabilities), + + SETTING_DEFINE_LIST_END +}; + +static const struct submission_login_settings submission_login_default_settings = { + .hostname = "", + + .submission_max_mail_size = 0, + .submission_client_workarounds = "", + .submission_backend_capabilities = NULL +}; + +static const struct setting_parser_info *submission_login_setting_dependencies[] = { + &login_setting_parser_info, + NULL +}; + +const struct setting_parser_info submission_login_setting_parser_info = { + .module_name = "submission-login", + .defines = submission_login_setting_defines, + .defaults = &submission_login_default_settings, + + .type_offset = SIZE_MAX, + .struct_size = sizeof(struct submission_login_settings), + .parent_offset = SIZE_MAX, + + .check_func = submission_login_settings_check, + .dependencies = submission_login_setting_dependencies +}; + +const struct setting_parser_info *submission_login_setting_roots[] = { + &login_setting_parser_info, + &submission_login_setting_parser_info, + NULL +}; + +/* <settings checks> */ +struct submission_login_client_workaround_list { + const char *name; + enum submission_login_client_workarounds num; +}; + +/* These definitions need to be kept in sync with equivalent definitions present + in src/submission/submission-settings.c. Workarounds that are not relevant + to the submission-login service are defined as 0 here to prevent "Unknown + workaround" errors below. */ +static const struct submission_login_client_workaround_list +submission_login_client_workaround_list[] = { + { "whitespace-before-path", 0}, + { "mailbox-for-path", 0 }, + { "implicit-auth-external", + SUBMISSION_LOGIN_WORKAROUND_IMPLICIT_AUTH_EXTERNAL }, + { "exotic-backend", + SUBMISSION_LOGIN_WORKAROUND_EXOTIC_BACKEND }, + { NULL, 0 } +}; + +static int +submission_login_settings_parse_workarounds( + struct submission_login_settings *set, const char **error_r) +{ + enum submission_login_client_workarounds client_workarounds = 0; + const struct submission_login_client_workaround_list *list; + const char *const *str; + + str = t_strsplit_spaces(set->submission_client_workarounds, " ,"); + for (; *str != NULL; str++) { + list = submission_login_client_workaround_list; + for (; list->name != NULL; list++) { + if (strcasecmp(*str, list->name) == 0) { + client_workarounds |= list->num; + break; + } + } + if (list->name == NULL) { + *error_r = t_strdup_printf( + "submission_client_workarounds: " + "Unknown workaround: %s", *str); + return -1; + } + } + set->parsed_workarounds = client_workarounds; + return 0; +} + +static bool +submission_login_settings_check(void *_set, pool_t pool ATTR_UNUSED, + const char **error_r) +{ + struct submission_login_settings *set = _set; + + if (submission_login_settings_parse_workarounds(set, error_r) < 0) + return FALSE; + +#ifndef CONFIG_BINARY + if (*set->hostname == '\0') + set->hostname = p_strdup(pool, my_hostdomain()); +#endif + return TRUE; +} +/* </settings checks> */ diff --git a/src/submission-login/submission-login-settings.h b/src/submission-login/submission-login-settings.h new file mode 100644 index 0000000..57334b4 --- /dev/null +++ b/src/submission-login/submission-login-settings.h @@ -0,0 +1,24 @@ +#ifndef SUBMISSION_LOGIN_SETTINGS_H +#define SUBMISSION_LOGIN_SETTINGS_H + +/* <settings checks> */ +enum submission_login_client_workarounds { + SUBMISSION_LOGIN_WORKAROUND_IMPLICIT_AUTH_EXTERNAL = BIT(0), + SUBMISSION_LOGIN_WORKAROUND_EXOTIC_BACKEND = BIT(1), +}; +/* </settings checks> */ + +struct submission_login_settings { + const char *hostname; + + /* submission: */ + uoff_t submission_max_mail_size; + const char *submission_client_workarounds; + const char *submission_backend_capabilities; + + enum submission_login_client_workarounds parsed_workarounds; +}; + +extern const struct setting_parser_info *submission_login_setting_roots[]; + +#endif diff --git a/src/submission-login/submission-proxy.c b/src/submission-login/submission-proxy.c new file mode 100644 index 0000000..190617b --- /dev/null +++ b/src/submission-login/submission-proxy.c @@ -0,0 +1,709 @@ +/* Copyright (c) 2017-2018 Dovecot authors, see the included COPYING file */ + +#include "login-common.h" +#include "ioloop.h" +#include "istream.h" +#include "ostream.h" +#include "base64.h" +#include "safe-memset.h" +#include "str.h" +#include "str-sanitize.h" +#include "strescape.h" +#include "dsasl-client.h" +#include "client.h" +#include "smtp-syntax.h" +#include "submission-login-settings.h" +#include "submission-proxy.h" + +#include <ctype.h> + +static const char *submission_proxy_state_names[SUBMISSION_PROXY_STATE_COUNT] = { + "banner", "ehlo", "starttls", "tls-ehlo", "xclient", "xclient-ehlo", "authenticate" +}; + +static void +submission_proxy_success_reply_sent( + struct smtp_server_cmd_ctx *cmd ATTR_UNUSED, + struct submission_client *subm_client) +{ + client_proxy_finish_destroy_client(&subm_client->common); +} + +static int +proxy_send_starttls(struct submission_client *client, struct ostream *output) +{ + enum login_proxy_ssl_flags ssl_flags; + + ssl_flags = login_proxy_get_ssl_flags(client->common.login_proxy); + if ((ssl_flags & PROXY_SSL_FLAG_STARTTLS) == 0) + return 0; + + if ((client->proxy_capability & SMTP_CAPABILITY_STARTTLS) == 0) { + login_proxy_failed( + client->common.login_proxy, + login_proxy_get_event(client->common.login_proxy), + LOGIN_PROXY_FAILURE_TYPE_REMOTE_CONFIG, + "STARTTLS not supported"); + return -1; + } + o_stream_nsend_str(output, "STARTTLS\r\n"); + client->proxy_state = SUBMISSION_PROXY_STARTTLS; + return 1; +} + +static buffer_t * +proxy_compose_xclient_forward(struct submission_client *client) +{ + const char *const *arg; + string_t *str; + + if (*client->common.auth_passdb_args == NULL) + return NULL; + + str = t_str_new(128); + for (arg = client->common.auth_passdb_args; *arg != NULL; arg++) { + if (strncasecmp(*arg, "forward_", 8) == 0) { + if (str_len(str) > 0) + str_append_c(str, '\t'); + str_append_tabescaped(str, (*arg)+8); + } + } + if (str_len(str) == 0) + return NULL; + + return t_base64_encode(0, 0, str_data(str), str_len(str)); +} + +static void +proxy_send_xclient_more_data(struct submission_client *client, + struct ostream *output, string_t *buf, + const char *field, const unsigned char *value, + size_t value_size) +{ + const size_t cmd_len = strlen("XCLIENT"); + size_t prev_len = str_len(buf); + + str_append_c(buf, ' '); + str_append(buf, field); + str_append_c(buf, '='); + smtp_xtext_encode(buf, value, value_size); + + if (str_len(buf) > 512) { + if (prev_len <= cmd_len) + prev_len = str_len(buf); + o_stream_nsend(output, str_data(buf), prev_len); + o_stream_nsend(output, "\r\n", 2); + client->proxy_xclient_replies_expected++; + str_delete(buf, cmd_len, prev_len - cmd_len); + } +} + +static void +proxy_send_xclient_more(struct submission_client *client, + struct ostream *output, string_t *buf, + const char *field, const char *value) +{ + proxy_send_xclient_more_data(client, output, buf, field, + (const unsigned char *)value, + strlen(value)); +} + +static int +proxy_send_xclient(struct submission_client *client, struct ostream *output) +{ + string_t *str; + + if ((client->proxy_capability & SMTP_CAPABILITY_XCLIENT) == 0 || + client->common.proxy_not_trusted) + return 0; + + struct smtp_proxy_data proxy_data; + + smtp_server_connection_get_proxy_data(client->conn, &proxy_data); + i_assert(client->common.proxy_ttl > 1); + + /* remote supports XCLIENT, send it */ + client->proxy_xclient_replies_expected = 0; + str = t_str_new(128); + str_append(str, "XCLIENT"); + if (str_array_icase_find(client->proxy_xclient, "HELO")) { + if (proxy_data.helo != NULL) { + proxy_send_xclient_more(client, output, str, "HELO", + proxy_data.helo); + } else { + proxy_send_xclient_more(client, output, str, "HELO", + "[UNAVAILABLE]"); + } + } + if (str_array_icase_find(client->proxy_xclient, "PROTO")) { + const char *proto = "[UNAVAILABLE]"; + + switch (proxy_data.proto) { + case SMTP_PROXY_PROTOCOL_UNKNOWN: + break; + case SMTP_PROXY_PROTOCOL_SMTP: + proto = "SMTP"; + break; + case SMTP_PROXY_PROTOCOL_ESMTP: + proto = "ESMTP"; + break; + case SMTP_PROXY_PROTOCOL_LMTP: + proto = "LMTP"; + break; + } + proxy_send_xclient_more(client, output, str, "PROTO", proto); + } + if (client->common.proxy_noauth && + str_array_icase_find(client->proxy_xclient, "LOGIN")) { + if (proxy_data.login != NULL) { + proxy_send_xclient_more(client, output, str, "LOGIN", + proxy_data.login); + } else if (client->common.virtual_user != NULL) { + proxy_send_xclient_more(client, output, str, "LOGIN", + client->common.virtual_user); + } else { + proxy_send_xclient_more(client, output, str, "LOGIN", + "[UNAVAILABLE]"); + } + } + if (str_array_icase_find(client->proxy_xclient, "TTL")) { + proxy_send_xclient_more( + client, output, str, "TTL", + t_strdup_printf("%u",client->common.proxy_ttl - 1)); + } + if (str_array_icase_find(client->proxy_xclient, "PORT")) { + proxy_send_xclient_more( + client, output, str, "PORT", + t_strdup_printf("%u", client->common.remote_port)); + } + if (str_array_icase_find(client->proxy_xclient, "ADDR")) { + proxy_send_xclient_more(client, output, str, "ADDR", + net_ip2addr(&client->common.ip)); + } + if (str_array_icase_find(client->proxy_xclient, "SESSION")) { + proxy_send_xclient_more(client, output, str, "SESSION", + client_get_session_id(&client->common)); + } + if (str_array_icase_find(client->proxy_xclient, "FORWARD")) { + buffer_t *fwd = proxy_compose_xclient_forward(client); + + if (fwd != NULL) { + proxy_send_xclient_more_data( + client, output, str, "FORWARD", + fwd->data, fwd->used); + } + } + str_append(str, "\r\n"); + o_stream_nsend(output, str_data(str), str_len(str)); + client->proxy_state = SUBMISSION_PROXY_XCLIENT; + client->proxy_xclient_replies_expected++; + return 1; +} + +static int +proxy_send_login(struct submission_client *client, struct ostream *output) +{ + struct dsasl_client_settings sasl_set; + const unsigned char *sasl_output; + size_t sasl_output_len; + const char *mech_name, *error; + string_t *str; + + if ((client->proxy_capability & SMTP_CAPABILITY_AUTH) == 0) { + /* Prevent sending credentials to a server that has login + disabled; i.e., due to the lack of TLS */ + login_proxy_failed(client->common.login_proxy, + login_proxy_get_event(client->common.login_proxy), + LOGIN_PROXY_FAILURE_TYPE_REMOTE_CONFIG, + "Authentication support not advertised (TLS required?)"); + return -1; + } + + str = t_str_new(128); + + if (client->common.proxy_mech == NULL) + client->common.proxy_mech = &dsasl_client_mech_plain; + + i_assert(client->common.proxy_sasl_client == NULL); + i_zero(&sasl_set); + sasl_set.authid = client->common.proxy_master_user != NULL ? + client->common.proxy_master_user : client->common.proxy_user; + sasl_set.authzid = client->common.proxy_user; + sasl_set.password = client->common.proxy_password; + client->common.proxy_sasl_client = + dsasl_client_new(client->common.proxy_mech, &sasl_set); + mech_name = dsasl_client_mech_get_name(client->common.proxy_mech); + + str_printfa(str, "AUTH %s", mech_name); + if (dsasl_client_output(client->common.proxy_sasl_client, + &sasl_output, &sasl_output_len, &error) < 0) { + const char *reason = t_strdup_printf( + "SASL mechanism %s init failed: %s", + mech_name, error); + login_proxy_failed(client->common.login_proxy, + login_proxy_get_event(client->common.login_proxy), + LOGIN_PROXY_FAILURE_TYPE_INTERNAL, reason); + return -1; + } + + string_t *sasl_output_base64 = t_str_new( + MAX_BASE64_ENCODED_SIZE(sasl_output_len)); + base64_encode(sasl_output, sasl_output_len, sasl_output_base64); + + /* RFC 4954, Section 4: + + Note that the AUTH command is still subject to the line length + limitations defined in [SMTP]. If use of the initial response + argument would cause the AUTH command to exceed this length, the + client MUST NOT use the initial response parameter (and instead + proceed as defined in Section 5.1 of [SASL]). + + If the client is transmitting an initial response of zero length, it + MUST instead transmit the response as a single equals sign ("="). + This indicates that the response is present, but contains no data. + */ + + i_assert(client->proxy_sasl_ir == NULL); + if (str_len(sasl_output_base64) == 0) + str_append(str, " ="); + else if ((5 + strlen(mech_name) + 1 + str_len(sasl_output_base64)) > + SMTP_BASE_LINE_LENGTH_LIMIT) + client->proxy_sasl_ir = i_strdup(str_c(sasl_output_base64)); + else { + str_append_c(str, ' '); + str_append_str(str, sasl_output_base64); + } + + str_append(str, "\r\n"); + o_stream_nsend(output, str_data(str), str_len(str)); + + client->proxy_state = SUBMISSION_PROXY_AUTHENTICATE; + return 0; +} + +static int +proxy_handle_ehlo_reply(struct submission_client *client, + struct ostream *output) +{ + struct smtp_server_cmd_ctx *cmd = client->pending_auth; + int ret; + + switch (client->proxy_state) { + case SUBMISSION_PROXY_EHLO: + ret = proxy_send_starttls(client, output); + if (ret < 0) + return -1; + if (ret != 0) + return 0; + /* Fall through */ + case SUBMISSION_PROXY_TLS_EHLO: + ret = proxy_send_xclient(client, output); + if (ret < 0) + return -1; + if (ret != 0) { + client->proxy_capability = 0; + i_free_and_null(client->proxy_xclient); + o_stream_nsend_str(output, t_strdup_printf( + "EHLO %s\r\n", + client->set->hostname)); + return 0; + } + break; + case SUBMISSION_PROXY_XCLIENT_EHLO: + break; + default: + i_unreached(); + } + + if (client->common.proxy_noauth) { + smtp_server_connection_input_lock(cmd->conn); + + smtp_server_command_add_hook( + cmd->cmd, SMTP_SERVER_COMMAND_HOOK_DESTROY, + submission_proxy_success_reply_sent, client); + client->pending_auth = NULL; + + smtp_server_reply(cmd, 235, "2.7.0", "Logged in."); + return 1; + } + + return proxy_send_login(client, output); +} + +static int +submission_proxy_continue_sasl_auth(struct client *client, + struct ostream *output, const char *line, + bool last_line) +{ + struct submission_client *subm_client = + container_of(client, struct submission_client, common); + string_t *str; + const unsigned char *data; + size_t data_len; + const char *error; + int ret; + + if (!last_line) { + const char *reason = t_strdup_printf( + "Server returned multi-line challenge: 334 %s", + str_sanitize(line, 1024)); + login_proxy_failed(client->login_proxy, + login_proxy_get_event(client->login_proxy), + LOGIN_PROXY_FAILURE_TYPE_PROTOCOL, reason); + return -1; + } + if (subm_client->proxy_sasl_ir != NULL) { + if (*line == '\0') { + /* Send initial response */ + o_stream_nsend(output, subm_client->proxy_sasl_ir, + strlen(subm_client->proxy_sasl_ir)); + o_stream_nsend_str(output, "\r\n"); + i_free(subm_client->proxy_sasl_ir); + return 0; + } + const char *reason = t_strdup_printf( + "Server sent unexpected server-first challenge: " + "334 %s", str_sanitize(line, 1024)); + login_proxy_failed(client->login_proxy, + login_proxy_get_event(client->login_proxy), + LOGIN_PROXY_FAILURE_TYPE_PROTOCOL, reason); + return -1; + } + + str = t_str_new(128); + if (base64_decode(line, strlen(line), NULL, str) < 0) { + login_proxy_failed(client->login_proxy, + login_proxy_get_event(client->login_proxy), + LOGIN_PROXY_FAILURE_TYPE_PROTOCOL, + "Invalid base64 data in AUTH response"); + return -1; + } + ret = dsasl_client_input(client->proxy_sasl_client, + str_data(str), str_len(str), &error); + if (ret == 0) { + ret = dsasl_client_output(client->proxy_sasl_client, + &data, &data_len, &error); + } + if (ret < 0) { + const char *reason = t_strdup_printf( + "Invalid authentication data: %s", error); + login_proxy_failed(client->login_proxy, + login_proxy_get_event(client->login_proxy), + LOGIN_PROXY_FAILURE_TYPE_PROTOCOL, reason); + return -1; + } + i_assert(ret == 0); + + str_truncate(str, 0); + base64_encode(data, data_len, str); + str_append(str, "\r\n"); + + o_stream_nsend(output, str_data(str), str_len(str)); + return 0; +} + +static const char * +strip_enhanced_code(const char *text, const char **enh_code_r) +{ + const char *p = text; + unsigned int digits; + + *enh_code_r = NULL; + + if (*p != '2' && *p != '4' && *p != '5') + return text; + p++; + if (*p != '.') + return text; + p++; + + digits = 0; + while (i_isdigit(*p) && digits < 3) { + p++; + digits++; + } + if (*p != '.') + return text; + p++; + + digits = 0; + while (i_isdigit(*p) && digits < 3) { + p++; + digits++; + } + if (*p != ' ') + return text; + *enh_code_r = t_strdup_until(text, p); + p++; + return p; +} + +int submission_proxy_parse_line(struct client *client, const char *line) +{ + struct submission_client *subm_client = + container_of(client, struct submission_client, common); + struct smtp_server_cmd_ctx *cmd = subm_client->pending_auth; + struct smtp_server_command *command = cmd->cmd; + struct ostream *output; + bool last_line = FALSE, invalid_line = FALSE; + const char *text = NULL, *enh_code = NULL; + unsigned int status = 0; + + i_assert(!client->destroyed); + i_assert(cmd != NULL); + + if ((line[3] != ' ' && line[3] != '-') || + str_parse_uint(line, &status, &text) < 0 || + status < 200 || status >= 560) { + invalid_line = TRUE; + } else { + text++; + + if ((subm_client->proxy_capability & + SMTP_CAPABILITY_ENHANCEDSTATUSCODES) != 0) + text = strip_enhanced_code(text, &enh_code); + } + if (subm_client->proxy_reply_status != 0 && + subm_client->proxy_reply_status != status) { + const char *reason = t_strdup_printf( + "Inconsistent SMTP reply: %s (status != %u)", + str_sanitize(line, 160), + subm_client->proxy_reply_status); + login_proxy_failed(client->login_proxy, + login_proxy_get_event(client->login_proxy), + LOGIN_PROXY_FAILURE_TYPE_PROTOCOL, reason); + return -1; + } + if (line[3] == ' ') { + last_line = TRUE; + subm_client->proxy_reply_status = 0; + } else { + subm_client->proxy_reply_status = status; + } + + output = login_proxy_get_ostream(client->login_proxy); + switch (subm_client->proxy_state) { + case SUBMISSION_PROXY_BANNER: + /* this is a banner */ + if (invalid_line || status != 220) { + const char *reason = t_strdup_printf( + "Invalid banner: %s", str_sanitize(line, 160)); + login_proxy_failed(client->login_proxy, + login_proxy_get_event(client->login_proxy), + LOGIN_PROXY_FAILURE_TYPE_PROTOCOL, reason); + return -1; + } + if (!last_line) + return 0; + + subm_client->proxy_state = SUBMISSION_PROXY_EHLO; + o_stream_nsend_str(output, t_strdup_printf("EHLO %s\r\n", + subm_client->set->hostname)); + return 0; + case SUBMISSION_PROXY_EHLO: + case SUBMISSION_PROXY_TLS_EHLO: + case SUBMISSION_PROXY_XCLIENT_EHLO: + if (invalid_line || (status / 100) != 2) { + const char *reason = t_strdup_printf( + "Invalid EHLO line: %s", + str_sanitize(line, 160)); + login_proxy_failed(client->login_proxy, + login_proxy_get_event(client->login_proxy), + LOGIN_PROXY_FAILURE_TYPE_PROTOCOL, reason); + return -1; + } + + if (strncasecmp(text, "XCLIENT ", 8) == 0) { + subm_client->proxy_capability |= + SMTP_CAPABILITY_XCLIENT; + i_free_and_null(subm_client->proxy_xclient); + subm_client->proxy_xclient = p_strarray_dup( + default_pool, t_strsplit_spaces(text + 8, " ")); + } else if (strncasecmp(text, "STARTTLS", 9) == 0) { + subm_client->proxy_capability |= + SMTP_CAPABILITY_STARTTLS; + } else if (strncasecmp(text, "AUTH", 4) == 0 && + text[4] == ' ' && text[5] != '\0') { + subm_client->proxy_capability |= + SMTP_CAPABILITY_AUTH; + } else if (strcasecmp(text, "ENHANCEDSTATUSCODES") == 0) { + subm_client->proxy_capability |= + SMTP_CAPABILITY_ENHANCEDSTATUSCODES; + } + if (!last_line) + return 0; + + return proxy_handle_ehlo_reply(subm_client, output); + case SUBMISSION_PROXY_STARTTLS: + if (invalid_line || status != 220) { + const char *reason = t_strdup_printf( + "STARTTLS failed: %s", + str_sanitize(line, 160)); + login_proxy_failed(client->login_proxy, + login_proxy_get_event(client->login_proxy), + LOGIN_PROXY_FAILURE_TYPE_REMOTE, reason); + return -1; + } + if (!last_line) + return 0; + if (login_proxy_starttls(client->login_proxy) < 0) + return -1; + /* i/ostreams changed. */ + output = login_proxy_get_ostream(client->login_proxy); + + subm_client->proxy_capability = 0; + i_free_and_null(subm_client->proxy_xclient); + subm_client->proxy_state = SUBMISSION_PROXY_TLS_EHLO; + o_stream_nsend_str(output, t_strdup_printf( + "EHLO %s\r\n", subm_client->set->hostname)); + return 0; + case SUBMISSION_PROXY_XCLIENT: + if (invalid_line || (status / 100) != 2) { + const char *reason = t_strdup_printf( + "XCLIENT failed: %s", str_sanitize(line, 160)); + login_proxy_failed(client->login_proxy, + login_proxy_get_event(client->login_proxy), + LOGIN_PROXY_FAILURE_TYPE_REMOTE, reason); + return -1; + } + if (!last_line) + return 0; + i_assert(subm_client->proxy_xclient_replies_expected > 0); + if (--subm_client->proxy_xclient_replies_expected > 0) + return 0; + subm_client->proxy_state = SUBMISSION_PROXY_XCLIENT_EHLO; + return 0; + case SUBMISSION_PROXY_AUTHENTICATE: + if (invalid_line) + break; + if (status == 334 && client->proxy_sasl_client != NULL) { + /* continue SASL authentication */ + if (submission_proxy_continue_sasl_auth( + client, output, text, last_line) < 0) + return -1; + return 0; + } + + i_assert(subm_client->proxy_reply == NULL); + subm_client->proxy_reply = smtp_server_reply_create( + command, status, enh_code); + smtp_server_reply_add_text(subm_client->proxy_reply, text); + + if (!last_line) + return 0; + if ((status / 100) != 2) + break; + + smtp_server_connection_input_lock(cmd->conn); + + smtp_server_command_add_hook( + command, SMTP_SERVER_COMMAND_HOOK_DESTROY, + submission_proxy_success_reply_sent, subm_client); + + subm_client->pending_auth = NULL; + + /* Login successful. Send this reply to client. */ + smtp_server_reply_submit(subm_client->proxy_reply); + + return 1; + case SUBMISSION_PROXY_STATE_COUNT: + i_unreached(); + } + + /* Login failed. Pass through the error message to client. + + If the backend server isn't Dovecot, the error message may + be different from Dovecot's "user doesn't exist" error. This + would allow an attacker to find out what users exist in the + system. + + The optimal way to handle this would be to replace the + backend's "password failed" error message with Dovecot's + AUTH_FAILED_MSG, but this would require a new setting and + the sysadmin to actually bother setting it properly. + + So for now we'll just forward the error message. This + shouldn't be a real problem since of course everyone will + be using only Dovecot as their backend :) */ + enum login_proxy_failure_type failure_type = + LOGIN_PROXY_FAILURE_TYPE_AUTH; + if ((status / 100) == 4) + failure_type = LOGIN_PROXY_FAILURE_TYPE_AUTH_TEMPFAIL; + else { + i_assert((status / 100) != 2); + i_assert(subm_client->proxy_reply != NULL); + smtp_server_reply_submit(subm_client->proxy_reply); + subm_client->pending_auth = NULL; + } + + login_proxy_failed(client->login_proxy, + login_proxy_get_event(client->login_proxy), + failure_type, text); + return -1; +} + +void submission_proxy_reset(struct client *client) +{ + struct submission_client *subm_client = + container_of(client, struct submission_client, common); + + subm_client->proxy_state = SUBMISSION_PROXY_BANNER; + subm_client->proxy_capability = 0; + i_free_and_null(subm_client->proxy_xclient); + i_free(subm_client->proxy_sasl_ir); + subm_client->proxy_reply_status = 0; + subm_client->proxy_reply = NULL; +} + +static void +submission_proxy_send_failure_reply(struct submission_client *subm_client, + enum login_proxy_failure_type type, + const char *reason ATTR_UNUSED) +{ + struct smtp_server_cmd_ctx *cmd = subm_client->pending_auth; + + switch (type) { + case LOGIN_PROXY_FAILURE_TYPE_CONNECT: + case LOGIN_PROXY_FAILURE_TYPE_INTERNAL: + case LOGIN_PROXY_FAILURE_TYPE_INTERNAL_CONFIG: + case LOGIN_PROXY_FAILURE_TYPE_REMOTE: + case LOGIN_PROXY_FAILURE_TYPE_REMOTE_CONFIG: + case LOGIN_PROXY_FAILURE_TYPE_PROTOCOL: + i_assert(cmd != NULL); + subm_client->pending_auth = NULL; + smtp_server_reply(cmd, 454, "4.7.0", LOGIN_PROXY_FAILURE_MSG); + break; + case LOGIN_PROXY_FAILURE_TYPE_AUTH_TEMPFAIL: + i_assert(cmd != NULL); + subm_client->pending_auth = NULL; + + i_assert(subm_client->proxy_reply != NULL); + smtp_server_reply_submit(subm_client->proxy_reply); + break; + case LOGIN_PROXY_FAILURE_TYPE_AUTH: + /* reply was already sent */ + i_assert(cmd == NULL); + break; + } +} + +void submission_proxy_failed(struct client *client, + enum login_proxy_failure_type type, + const char *reason, bool reconnecting) +{ + struct submission_client *subm_client = + container_of(client, struct submission_client, common); + + if (!reconnecting) + submission_proxy_send_failure_reply(subm_client, type, reason); + client_common_proxy_failed(client, type, reason, reconnecting); +} + +const char *submission_proxy_get_state(struct client *client) +{ + struct submission_client *subm_client = + container_of(client, struct submission_client, common); + + i_assert(subm_client->proxy_state < SUBMISSION_PROXY_STATE_COUNT); + return submission_proxy_state_names[subm_client->proxy_state]; +} diff --git a/src/submission-login/submission-proxy.h b/src/submission-login/submission-proxy.h new file mode 100644 index 0000000..19342cf --- /dev/null +++ b/src/submission-login/submission-proxy.h @@ -0,0 +1,12 @@ +#ifndef SUBMISSION_PROXY_H +#define SUBMISSION_PROXY_H + +void submission_proxy_reset(struct client *client); +int submission_proxy_parse_line(struct client *client, const char *line); + +void submission_proxy_failed(struct client *client, + enum login_proxy_failure_type type, + const char *reason, bool reconnecting); +const char *submission_proxy_get_state(struct client *client); + +#endif diff --git a/src/submission/Makefile.am b/src/submission/Makefile.am new file mode 100644 index 0000000..6d37277 --- /dev/null +++ b/src/submission/Makefile.am @@ -0,0 +1,55 @@ +pkglibexecdir = $(libexecdir)/dovecot + +pkglibexec_PROGRAMS = submission + +AM_CPPFLAGS = \ + -I$(top_srcdir)/src/lib \ + -I$(top_srcdir)/src/lib-settings \ + -I$(top_srcdir)/src/lib-auth \ + -I$(top_srcdir)/src/lib-mail \ + -I$(top_srcdir)/src/lib-ssl-iostream \ + -I$(top_srcdir)/src/lib-imap \ + -I$(top_srcdir)/src/lib-imap-storage \ + -I$(top_srcdir)/src/lib-imap-urlauth \ + -I$(top_srcdir)/src/lib-index \ + -I$(top_srcdir)/src/lib-master \ + -I$(top_srcdir)/src/lib-storage \ + -I$(top_srcdir)/src/lib-storage/index \ + -I$(top_srcdir)/src/lib-storage/index/raw \ + -I$(top_srcdir)/src/lib-smtp + +urlauth_libs = \ + $(top_builddir)/src/lib-imap-urlauth/libimap-urlauth.la + +submission_LDFLAGS = -export-dynamic + +submission_LDADD = \ + $(urlauth_libs) \ + $(LIBDOVECOT_STORAGE) \ + $(LIBDOVECOT) \ + $(MODULE_LIBS) +submission_DEPENDENCIES = \ + $(urlauth_libs) \ + $(LIBDOVECOT_STORAGE_DEPS) \ + $(LIBDOVECOT_DEPS) + +submission_SOURCES = \ + main.c \ + submission-backend.c \ + submission-backend-relay.c \ + submission-recipient.c \ + submission-client.c \ + submission-commands.c \ + submission-settings.c + +headers = \ + submission-common.h \ + submission-backend.h \ + submission-backend-relay.h \ + submission-commands.h \ + submission-recipient.h \ + submission-client.h \ + submission-settings.h + +pkginc_libdir=$(pkgincludedir) +pkginc_lib_HEADERS = $(headers) diff --git a/src/submission/Makefile.in b/src/submission/Makefile.in new file mode 100644 index 0000000..8f7ee4d --- /dev/null +++ b/src/submission/Makefile.in @@ -0,0 +1,918 @@ +# Makefile.in generated by automake 1.16.1 from Makefile.am. +# @configure_input@ + +# Copyright (C) 1994-2018 Free Software Foundation, Inc. + +# This Makefile.in is free software; the Free Software Foundation +# gives unlimited permission to copy and/or distribute it, +# with or without modifications, as long as this notice is preserved. + +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY, to the extent permitted by law; without +# even the implied warranty of MERCHANTABILITY or FITNESS FOR A +# PARTICULAR PURPOSE. + +@SET_MAKE@ + + +VPATH = @srcdir@ +am__is_gnu_make = { \ + if test -z '$(MAKELEVEL)'; then \ + false; \ + elif test -n '$(MAKE_HOST)'; then \ + true; \ + elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ + true; \ + else \ + false; \ + fi; \ +} +am__make_running_with_option = \ + case $${target_option-} in \ + ?) ;; \ + *) echo "am__make_running_with_option: internal error: invalid" \ + "target option '$${target_option-}' specified" >&2; \ + exit 1;; \ + esac; \ + has_opt=no; \ + sane_makeflags=$$MAKEFLAGS; \ + if $(am__is_gnu_make); then \ + sane_makeflags=$$MFLAGS; \ + else \ + case $$MAKEFLAGS in \ + *\\[\ \ ]*) \ + bs=\\; \ + sane_makeflags=`printf '%s\n' "$$MAKEFLAGS" \ + | sed "s/$$bs$$bs[$$bs $$bs ]*//g"`;; \ + esac; \ + fi; \ + skip_next=no; \ + strip_trailopt () \ + { \ + flg=`printf '%s\n' "$$flg" | sed "s/$$1.*$$//"`; \ + }; \ + for flg in $$sane_makeflags; do \ + test $$skip_next = yes && { skip_next=no; continue; }; \ + case $$flg in \ + *=*|--*) continue;; \ + -*I) strip_trailopt 'I'; skip_next=yes;; \ + -*I?*) strip_trailopt 'I';; \ + -*O) strip_trailopt 'O'; skip_next=yes;; \ + -*O?*) strip_trailopt 'O';; \ + -*l) strip_trailopt 'l'; skip_next=yes;; \ + -*l?*) strip_trailopt 'l';; \ + -[dEDm]) skip_next=yes;; \ + -[JT]) skip_next=yes;; \ + esac; \ + case $$flg in \ + *$$target_option*) has_opt=yes; break;; \ + esac; \ + done; \ + test $$has_opt = yes +am__make_dryrun = (target_option=n; $(am__make_running_with_option)) +am__make_keepgoing = (target_option=k; $(am__make_running_with_option)) +pkgdatadir = $(datadir)/@PACKAGE@ +pkgincludedir = $(includedir)/@PACKAGE@ +pkglibdir = $(libdir)/@PACKAGE@ +am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd +install_sh_DATA = $(install_sh) -c -m 644 +install_sh_PROGRAM = $(install_sh) -c +install_sh_SCRIPT = $(install_sh) -c +INSTALL_HEADER = $(INSTALL_DATA) +transform = $(program_transform_name) +NORMAL_INSTALL = : +PRE_INSTALL = : +POST_INSTALL = : +NORMAL_UNINSTALL = : +PRE_UNINSTALL = : +POST_UNINSTALL = : +build_triplet = @build@ +host_triplet = @host@ +pkglibexec_PROGRAMS = submission$(EXEEXT) +subdir = src/submission +ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 +am__aclocal_m4_deps = $(top_srcdir)/m4/ac_checktype2.m4 \ + $(top_srcdir)/m4/ac_typeof.m4 $(top_srcdir)/m4/arc4random.m4 \ + $(top_srcdir)/m4/blockdev.m4 $(top_srcdir)/m4/c99_vsnprintf.m4 \ + $(top_srcdir)/m4/clock_gettime.m4 $(top_srcdir)/m4/crypt.m4 \ + $(top_srcdir)/m4/crypt_xpg6.m4 $(top_srcdir)/m4/dbqlk.m4 \ + $(top_srcdir)/m4/dirent_dtype.m4 $(top_srcdir)/m4/dovecot.m4 \ + $(top_srcdir)/m4/fd_passing.m4 $(top_srcdir)/m4/fdatasync.m4 \ + $(top_srcdir)/m4/flexible_array_member.m4 \ + $(top_srcdir)/m4/glibc.m4 $(top_srcdir)/m4/gmtime_max.m4 \ + $(top_srcdir)/m4/gmtime_tm_gmtoff.m4 \ + $(top_srcdir)/m4/ioloop.m4 $(top_srcdir)/m4/iovec.m4 \ + $(top_srcdir)/m4/ipv6.m4 $(top_srcdir)/m4/libcap.m4 \ + $(top_srcdir)/m4/libtool.m4 $(top_srcdir)/m4/libwrap.m4 \ + $(top_srcdir)/m4/linux_mremap.m4 $(top_srcdir)/m4/ltoptions.m4 \ + $(top_srcdir)/m4/ltsugar.m4 $(top_srcdir)/m4/ltversion.m4 \ + $(top_srcdir)/m4/lt~obsolete.m4 $(top_srcdir)/m4/mmap_write.m4 \ + $(top_srcdir)/m4/mntctl.m4 $(top_srcdir)/m4/modules.m4 \ + $(top_srcdir)/m4/notify.m4 $(top_srcdir)/m4/nsl.m4 \ + $(top_srcdir)/m4/off_t_max.m4 $(top_srcdir)/m4/pkg.m4 \ + $(top_srcdir)/m4/pr_set_dumpable.m4 \ + $(top_srcdir)/m4/q_quotactl.m4 $(top_srcdir)/m4/quota.m4 \ + $(top_srcdir)/m4/random.m4 $(top_srcdir)/m4/rlimit.m4 \ + $(top_srcdir)/m4/sendfile.m4 $(top_srcdir)/m4/size_t_signed.m4 \ + $(top_srcdir)/m4/sockpeercred.m4 $(top_srcdir)/m4/sql.m4 \ + $(top_srcdir)/m4/ssl.m4 $(top_srcdir)/m4/st_tim.m4 \ + $(top_srcdir)/m4/static_array.m4 $(top_srcdir)/m4/test_with.m4 \ + $(top_srcdir)/m4/time_t.m4 $(top_srcdir)/m4/typeof.m4 \ + $(top_srcdir)/m4/typeof_dev_t.m4 \ + $(top_srcdir)/m4/uoff_t_max.m4 $(top_srcdir)/m4/vararg.m4 \ + $(top_srcdir)/m4/want_apparmor.m4 \ + $(top_srcdir)/m4/want_bsdauth.m4 \ + $(top_srcdir)/m4/want_bzlib.m4 \ + $(top_srcdir)/m4/want_cassandra.m4 \ + $(top_srcdir)/m4/want_cdb.m4 \ + $(top_srcdir)/m4/want_checkpassword.m4 \ + $(top_srcdir)/m4/want_clucene.m4 $(top_srcdir)/m4/want_db.m4 \ + $(top_srcdir)/m4/want_gssapi.m4 $(top_srcdir)/m4/want_icu.m4 \ + $(top_srcdir)/m4/want_ldap.m4 $(top_srcdir)/m4/want_lua.m4 \ + $(top_srcdir)/m4/want_lz4.m4 $(top_srcdir)/m4/want_lzma.m4 \ + $(top_srcdir)/m4/want_mysql.m4 $(top_srcdir)/m4/want_pam.m4 \ + $(top_srcdir)/m4/want_passwd.m4 $(top_srcdir)/m4/want_pgsql.m4 \ + $(top_srcdir)/m4/want_prefetch.m4 \ + $(top_srcdir)/m4/want_shadow.m4 \ + $(top_srcdir)/m4/want_sodium.m4 $(top_srcdir)/m4/want_solr.m4 \ + $(top_srcdir)/m4/want_sqlite.m4 \ + $(top_srcdir)/m4/want_stemmer.m4 \ + $(top_srcdir)/m4/want_systemd.m4 \ + $(top_srcdir)/m4/want_textcat.m4 \ + $(top_srcdir)/m4/want_unwind.m4 $(top_srcdir)/m4/want_zlib.m4 \ + $(top_srcdir)/m4/want_zstd.m4 $(top_srcdir)/configure.ac +am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ + $(ACLOCAL_M4) +DIST_COMMON = $(srcdir)/Makefile.am $(pkginc_lib_HEADERS) \ + $(am__DIST_COMMON) +mkinstalldirs = $(install_sh) -d +CONFIG_HEADER = $(top_builddir)/config.h +CONFIG_CLEAN_FILES = +CONFIG_CLEAN_VPATH_FILES = +am__installdirs = "$(DESTDIR)$(pkglibexecdir)" \ + "$(DESTDIR)$(pkginc_libdir)" +PROGRAMS = $(pkglibexec_PROGRAMS) +am_submission_OBJECTS = main.$(OBJEXT) submission-backend.$(OBJEXT) \ + submission-backend-relay.$(OBJEXT) \ + submission-recipient.$(OBJEXT) submission-client.$(OBJEXT) \ + submission-commands.$(OBJEXT) submission-settings.$(OBJEXT) +submission_OBJECTS = $(am_submission_OBJECTS) +am__DEPENDENCIES_1 = +AM_V_lt = $(am__v_lt_@AM_V@) +am__v_lt_ = $(am__v_lt_@AM_DEFAULT_V@) +am__v_lt_0 = --silent +am__v_lt_1 = +submission_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ + $(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \ + $(submission_LDFLAGS) $(LDFLAGS) -o $@ +AM_V_P = $(am__v_P_@AM_V@) +am__v_P_ = $(am__v_P_@AM_DEFAULT_V@) +am__v_P_0 = false +am__v_P_1 = : +AM_V_GEN = $(am__v_GEN_@AM_V@) +am__v_GEN_ = $(am__v_GEN_@AM_DEFAULT_V@) +am__v_GEN_0 = @echo " GEN " $@; +am__v_GEN_1 = +AM_V_at = $(am__v_at_@AM_V@) +am__v_at_ = $(am__v_at_@AM_DEFAULT_V@) +am__v_at_0 = @ +am__v_at_1 = +DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir) +depcomp = $(SHELL) $(top_srcdir)/depcomp +am__maybe_remake_depfiles = depfiles +am__depfiles_remade = ./$(DEPDIR)/main.Po \ + ./$(DEPDIR)/submission-backend-relay.Po \ + ./$(DEPDIR)/submission-backend.Po \ + ./$(DEPDIR)/submission-client.Po \ + ./$(DEPDIR)/submission-commands.Po \ + ./$(DEPDIR)/submission-recipient.Po \ + ./$(DEPDIR)/submission-settings.Po +am__mv = mv -f +COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ + $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) +LTCOMPILE = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ + $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) \ + $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) \ + $(AM_CFLAGS) $(CFLAGS) +AM_V_CC = $(am__v_CC_@AM_V@) +am__v_CC_ = $(am__v_CC_@AM_DEFAULT_V@) +am__v_CC_0 = @echo " CC " $@; +am__v_CC_1 = +CCLD = $(CC) +LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ + $(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \ + $(AM_LDFLAGS) $(LDFLAGS) -o $@ +AM_V_CCLD = $(am__v_CCLD_@AM_V@) +am__v_CCLD_ = $(am__v_CCLD_@AM_DEFAULT_V@) +am__v_CCLD_0 = @echo " CCLD " $@; +am__v_CCLD_1 = +SOURCES = $(submission_SOURCES) +DIST_SOURCES = $(submission_SOURCES) +am__can_run_installinfo = \ + case $$AM_UPDATE_INFO_DIR in \ + n|no|NO) false;; \ + *) (install-info --version) >/dev/null 2>&1;; \ + esac +am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`; +am__vpath_adj = case $$p in \ + $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \ + *) f=$$p;; \ + esac; +am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`; +am__install_max = 40 +am__nobase_strip_setup = \ + srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'` +am__nobase_strip = \ + for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||" +am__nobase_list = $(am__nobase_strip_setup); \ + for p in $$list; do echo "$$p $$p"; done | \ + sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \ + $(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \ + if (++n[$$2] == $(am__install_max)) \ + { print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \ + END { for (dir in files) print dir, files[dir] }' +am__base_list = \ + sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \ + sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g' +am__uninstall_files_from_dir = { \ + test -z "$$files" \ + || { test ! -d "$$dir" && test ! -f "$$dir" && test ! -r "$$dir"; } \ + || { echo " ( cd '$$dir' && rm -f" $$files ")"; \ + $(am__cd) "$$dir" && rm -f $$files; }; \ + } +HEADERS = $(pkginc_lib_HEADERS) +am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP) +# Read a list of newline-separated strings from the standard input, +# and print each of them once, without duplicates. Input order is +# *not* preserved. +am__uniquify_input = $(AWK) '\ + BEGIN { nonempty = 0; } \ + { items[$$0] = 1; nonempty = 1; } \ + END { if (nonempty) { for (i in items) print i; }; } \ +' +# Make sure the list of sources is unique. This is necessary because, +# e.g., the same source file might be shared among _SOURCES variables +# for different programs/libraries. +am__define_uniq_tagged_files = \ + list='$(am__tagged_files)'; \ + unique=`for i in $$list; do \ + if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ + done | $(am__uniquify_input)` +ETAGS = etags +CTAGS = ctags +am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp +DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) +pkglibexecdir = $(libexecdir)/dovecot +ACLOCAL = @ACLOCAL@ +ACLOCAL_AMFLAGS = @ACLOCAL_AMFLAGS@ +AMTAR = @AMTAR@ +AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ +APPARMOR_LIBS = @APPARMOR_LIBS@ +AR = @AR@ +AUTH_CFLAGS = @AUTH_CFLAGS@ +AUTH_LIBS = @AUTH_LIBS@ +AUTOCONF = @AUTOCONF@ +AUTOHEADER = @AUTOHEADER@ +AUTOMAKE = @AUTOMAKE@ +AWK = @AWK@ +BINARY_CFLAGS = @BINARY_CFLAGS@ +BINARY_LDFLAGS = @BINARY_LDFLAGS@ +BISON = @BISON@ +CASSANDRA_CFLAGS = @CASSANDRA_CFLAGS@ +CASSANDRA_LIBS = @CASSANDRA_LIBS@ +CC = @CC@ +CCDEPMODE = @CCDEPMODE@ +CDB_LIBS = @CDB_LIBS@ +CFLAGS = @CFLAGS@ +CLUCENE_CFLAGS = @CLUCENE_CFLAGS@ +CLUCENE_LIBS = @CLUCENE_LIBS@ +COMPRESS_LIBS = @COMPRESS_LIBS@ +CPP = @CPP@ +CPPFLAGS = @CPPFLAGS@ +CRYPT_LIBS = @CRYPT_LIBS@ +CXX = @CXX@ +CXXCPP = @CXXCPP@ +CXXDEPMODE = @CXXDEPMODE@ +CXXFLAGS = @CXXFLAGS@ +CYGPATH_W = @CYGPATH_W@ +DEFS = @DEFS@ +DEPDIR = @DEPDIR@ +DICT_LIBS = @DICT_LIBS@ +DLLIB = @DLLIB@ +DLLTOOL = @DLLTOOL@ +DSYMUTIL = @DSYMUTIL@ +DUMPBIN = @DUMPBIN@ +ECHO_C = @ECHO_C@ +ECHO_N = @ECHO_N@ +ECHO_T = @ECHO_T@ +EGREP = @EGREP@ +EXEEXT = @EXEEXT@ +FGREP = @FGREP@ +FLEX = @FLEX@ +FUZZER_CPPFLAGS = @FUZZER_CPPFLAGS@ +FUZZER_LDFLAGS = @FUZZER_LDFLAGS@ +GREP = @GREP@ +INSTALL = @INSTALL@ +INSTALL_DATA = @INSTALL_DATA@ +INSTALL_PROGRAM = @INSTALL_PROGRAM@ +INSTALL_SCRIPT = @INSTALL_SCRIPT@ +INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ +KRB5CONFIG = @KRB5CONFIG@ +KRB5_CFLAGS = @KRB5_CFLAGS@ +KRB5_LIBS = @KRB5_LIBS@ +LD = @LD@ +LDAP_LIBS = @LDAP_LIBS@ +LDFLAGS = @LDFLAGS@ +LD_NO_WHOLE_ARCHIVE = @LD_NO_WHOLE_ARCHIVE@ +LD_WHOLE_ARCHIVE = @LD_WHOLE_ARCHIVE@ +LIBCAP = @LIBCAP@ +LIBDOVECOT = @LIBDOVECOT@ +LIBDOVECOT_COMPRESS = @LIBDOVECOT_COMPRESS@ +LIBDOVECOT_DEPS = @LIBDOVECOT_DEPS@ +LIBDOVECOT_DSYNC = @LIBDOVECOT_DSYNC@ +LIBDOVECOT_LA_LIBS = @LIBDOVECOT_LA_LIBS@ +LIBDOVECOT_LDA = @LIBDOVECOT_LDA@ +LIBDOVECOT_LDAP = @LIBDOVECOT_LDAP@ +LIBDOVECOT_LIBFTS = @LIBDOVECOT_LIBFTS@ +LIBDOVECOT_LIBFTS_DEPS = @LIBDOVECOT_LIBFTS_DEPS@ +LIBDOVECOT_LOGIN = @LIBDOVECOT_LOGIN@ +LIBDOVECOT_LUA = @LIBDOVECOT_LUA@ +LIBDOVECOT_LUA_DEPS = @LIBDOVECOT_LUA_DEPS@ +LIBDOVECOT_SQL = @LIBDOVECOT_SQL@ +LIBDOVECOT_STORAGE = @LIBDOVECOT_STORAGE@ +LIBDOVECOT_STORAGE_DEPS = @LIBDOVECOT_STORAGE_DEPS@ +LIBEXTTEXTCAT_CFLAGS = @LIBEXTTEXTCAT_CFLAGS@ +LIBEXTTEXTCAT_LIBS = @LIBEXTTEXTCAT_LIBS@ +LIBICONV = @LIBICONV@ +LIBICU_CFLAGS = @LIBICU_CFLAGS@ +LIBICU_LIBS = @LIBICU_LIBS@ +LIBOBJS = @LIBOBJS@ +LIBS = @LIBS@ +LIBSODIUM_CFLAGS = @LIBSODIUM_CFLAGS@ +LIBSODIUM_LIBS = @LIBSODIUM_LIBS@ +LIBTIRPC_CFLAGS = @LIBTIRPC_CFLAGS@ +LIBTIRPC_LIBS = @LIBTIRPC_LIBS@ +LIBTOOL = @LIBTOOL@ +LIBUNWIND_CFLAGS = @LIBUNWIND_CFLAGS@ +LIBUNWIND_LIBS = @LIBUNWIND_LIBS@ +LIBWRAP_LIBS = @LIBWRAP_LIBS@ +LINKED_STORAGE_LDADD = @LINKED_STORAGE_LDADD@ +LIPO = @LIPO@ +LN_S = @LN_S@ +LTLIBICONV = @LTLIBICONV@ +LTLIBOBJS = @LTLIBOBJS@ +LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@ +LUA_CFLAGS = @LUA_CFLAGS@ +LUA_LIBS = @LUA_LIBS@ +MAINT = @MAINT@ +MAKEINFO = @MAKEINFO@ +MANIFEST_TOOL = @MANIFEST_TOOL@ +MKDIR_P = @MKDIR_P@ +MODULE_LIBS = @MODULE_LIBS@ +MODULE_SUFFIX = @MODULE_SUFFIX@ +MYSQL_CFLAGS = @MYSQL_CFLAGS@ +MYSQL_CONFIG = @MYSQL_CONFIG@ +MYSQL_LIBS = @MYSQL_LIBS@ +NM = @NM@ +NMEDIT = @NMEDIT@ +NOPLUGIN_LDFLAGS = @NOPLUGIN_LDFLAGS@ +OBJDUMP = @OBJDUMP@ +OBJEXT = @OBJEXT@ +OTOOL = @OTOOL@ +OTOOL64 = @OTOOL64@ +PACKAGE = @PACKAGE@ +PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ +PACKAGE_NAME = @PACKAGE_NAME@ +PACKAGE_STRING = @PACKAGE_STRING@ +PACKAGE_TARNAME = @PACKAGE_TARNAME@ +PACKAGE_URL = @PACKAGE_URL@ +PACKAGE_VERSION = @PACKAGE_VERSION@ +PANDOC = @PANDOC@ +PATH_SEPARATOR = @PATH_SEPARATOR@ +PGSQL_CFLAGS = @PGSQL_CFLAGS@ +PGSQL_LIBS = @PGSQL_LIBS@ +PG_CONFIG = @PG_CONFIG@ +PIE_CFLAGS = @PIE_CFLAGS@ +PIE_LDFLAGS = @PIE_LDFLAGS@ +PKG_CONFIG = @PKG_CONFIG@ +PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@ +PKG_CONFIG_PATH = @PKG_CONFIG_PATH@ +QUOTA_LIBS = @QUOTA_LIBS@ +RANLIB = @RANLIB@ +RELRO_LDFLAGS = @RELRO_LDFLAGS@ +RPCGEN = @RPCGEN@ +RUN_TEST = @RUN_TEST@ +SED = @SED@ +SETTING_FILES = @SETTING_FILES@ +SET_MAKE = @SET_MAKE@ +SHELL = @SHELL@ +SQLITE_CFLAGS = @SQLITE_CFLAGS@ +SQLITE_LIBS = @SQLITE_LIBS@ +SQL_CFLAGS = @SQL_CFLAGS@ +SQL_LIBS = @SQL_LIBS@ +SSL_CFLAGS = @SSL_CFLAGS@ +SSL_LIBS = @SSL_LIBS@ +STRIP = @STRIP@ +SYSTEMD_CFLAGS = @SYSTEMD_CFLAGS@ +SYSTEMD_LIBS = @SYSTEMD_LIBS@ +VALGRIND = @VALGRIND@ +VERSION = @VERSION@ +ZSTD_CFLAGS = @ZSTD_CFLAGS@ +ZSTD_LIBS = @ZSTD_LIBS@ +abs_builddir = @abs_builddir@ +abs_srcdir = @abs_srcdir@ +abs_top_builddir = @abs_top_builddir@ +abs_top_srcdir = @abs_top_srcdir@ +ac_ct_AR = @ac_ct_AR@ +ac_ct_CC = @ac_ct_CC@ +ac_ct_CXX = @ac_ct_CXX@ +ac_ct_DUMPBIN = @ac_ct_DUMPBIN@ +am__include = @am__include@ +am__leading_dot = @am__leading_dot@ +am__quote = @am__quote@ +am__tar = @am__tar@ +am__untar = @am__untar@ +bindir = @bindir@ +build = @build@ +build_alias = @build_alias@ +build_cpu = @build_cpu@ +build_os = @build_os@ +build_vendor = @build_vendor@ +builddir = @builddir@ +datadir = @datadir@ +datarootdir = @datarootdir@ +dict_drivers = @dict_drivers@ +docdir = @docdir@ +dvidir = @dvidir@ +exec_prefix = @exec_prefix@ +host = @host@ +host_alias = @host_alias@ +host_cpu = @host_cpu@ +host_os = @host_os@ +host_vendor = @host_vendor@ +htmldir = @htmldir@ +includedir = @includedir@ +infodir = @infodir@ +install_sh = @install_sh@ +libdir = @libdir@ +libexecdir = @libexecdir@ +localedir = @localedir@ +localstatedir = @localstatedir@ +mandir = @mandir@ +mkdir_p = @mkdir_p@ +moduledir = @moduledir@ +oldincludedir = @oldincludedir@ +pdfdir = @pdfdir@ +prefix = @prefix@ +program_transform_name = @program_transform_name@ +psdir = @psdir@ +rundir = @rundir@ +runstatedir = @runstatedir@ +sbindir = @sbindir@ +sharedstatedir = @sharedstatedir@ +sql_drivers = @sql_drivers@ +srcdir = @srcdir@ +ssldir = @ssldir@ +statedir = @statedir@ +sysconfdir = @sysconfdir@ +systemdservicetype = @systemdservicetype@ +systemdsystemunitdir = @systemdsystemunitdir@ +target_alias = @target_alias@ +top_build_prefix = @top_build_prefix@ +top_builddir = @top_builddir@ +top_srcdir = @top_srcdir@ +AM_CPPFLAGS = \ + -I$(top_srcdir)/src/lib \ + -I$(top_srcdir)/src/lib-settings \ + -I$(top_srcdir)/src/lib-auth \ + -I$(top_srcdir)/src/lib-mail \ + -I$(top_srcdir)/src/lib-ssl-iostream \ + -I$(top_srcdir)/src/lib-imap \ + -I$(top_srcdir)/src/lib-imap-storage \ + -I$(top_srcdir)/src/lib-imap-urlauth \ + -I$(top_srcdir)/src/lib-index \ + -I$(top_srcdir)/src/lib-master \ + -I$(top_srcdir)/src/lib-storage \ + -I$(top_srcdir)/src/lib-storage/index \ + -I$(top_srcdir)/src/lib-storage/index/raw \ + -I$(top_srcdir)/src/lib-smtp + +urlauth_libs = \ + $(top_builddir)/src/lib-imap-urlauth/libimap-urlauth.la + +submission_LDFLAGS = -export-dynamic +submission_LDADD = \ + $(urlauth_libs) \ + $(LIBDOVECOT_STORAGE) \ + $(LIBDOVECOT) \ + $(MODULE_LIBS) + +submission_DEPENDENCIES = \ + $(urlauth_libs) \ + $(LIBDOVECOT_STORAGE_DEPS) \ + $(LIBDOVECOT_DEPS) + +submission_SOURCES = \ + main.c \ + submission-backend.c \ + submission-backend-relay.c \ + submission-recipient.c \ + submission-client.c \ + submission-commands.c \ + submission-settings.c + +headers = \ + submission-common.h \ + submission-backend.h \ + submission-backend-relay.h \ + submission-commands.h \ + submission-recipient.h \ + submission-client.h \ + submission-settings.h + +pkginc_libdir = $(pkgincludedir) +pkginc_lib_HEADERS = $(headers) +all: all-am + +.SUFFIXES: +.SUFFIXES: .c .lo .o .obj +$(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.am $(am__configure_deps) + @for dep in $?; do \ + case '$(am__configure_deps)' in \ + *$$dep*) \ + ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \ + && { if test -f $@; then exit 0; else break; fi; }; \ + exit 1;; \ + esac; \ + done; \ + echo ' cd $(top_srcdir) && $(AUTOMAKE) --foreign src/submission/Makefile'; \ + $(am__cd) $(top_srcdir) && \ + $(AUTOMAKE) --foreign src/submission/Makefile +Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status + @case '$?' in \ + *config.status*) \ + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \ + *) \ + echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__maybe_remake_depfiles)'; \ + cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__maybe_remake_depfiles);; \ + esac; + +$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh + +$(top_srcdir)/configure: @MAINTAINER_MODE_TRUE@ $(am__configure_deps) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh +$(ACLOCAL_M4): @MAINTAINER_MODE_TRUE@ $(am__aclocal_m4_deps) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh +$(am__aclocal_m4_deps): +install-pkglibexecPROGRAMS: $(pkglibexec_PROGRAMS) + @$(NORMAL_INSTALL) + @list='$(pkglibexec_PROGRAMS)'; test -n "$(pkglibexecdir)" || list=; \ + if test -n "$$list"; then \ + echo " $(MKDIR_P) '$(DESTDIR)$(pkglibexecdir)'"; \ + $(MKDIR_P) "$(DESTDIR)$(pkglibexecdir)" || exit 1; \ + fi; \ + for p in $$list; do echo "$$p $$p"; done | \ + sed 's/$(EXEEXT)$$//' | \ + while read p p1; do if test -f $$p \ + || test -f $$p1 \ + ; then echo "$$p"; echo "$$p"; else :; fi; \ + done | \ + sed -e 'p;s,.*/,,;n;h' \ + -e 's|.*|.|' \ + -e 'p;x;s,.*/,,;s/$(EXEEXT)$$//;$(transform);s/$$/$(EXEEXT)/' | \ + sed 'N;N;N;s,\n, ,g' | \ + $(AWK) 'BEGIN { files["."] = ""; dirs["."] = 1 } \ + { d=$$3; if (dirs[d] != 1) { print "d", d; dirs[d] = 1 } \ + if ($$2 == $$4) files[d] = files[d] " " $$1; \ + else { print "f", $$3 "/" $$4, $$1; } } \ + END { for (d in files) print "f", d, files[d] }' | \ + while read type dir files; do \ + if test "$$dir" = .; then dir=; else dir=/$$dir; fi; \ + test -z "$$files" || { \ + echo " $(INSTALL_PROGRAM_ENV) $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL_PROGRAM) $$files '$(DESTDIR)$(pkglibexecdir)$$dir'"; \ + $(INSTALL_PROGRAM_ENV) $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL_PROGRAM) $$files "$(DESTDIR)$(pkglibexecdir)$$dir" || exit $$?; \ + } \ + ; done + +uninstall-pkglibexecPROGRAMS: + @$(NORMAL_UNINSTALL) + @list='$(pkglibexec_PROGRAMS)'; test -n "$(pkglibexecdir)" || list=; \ + files=`for p in $$list; do echo "$$p"; done | \ + sed -e 'h;s,^.*/,,;s/$(EXEEXT)$$//;$(transform)' \ + -e 's/$$/$(EXEEXT)/' \ + `; \ + test -n "$$list" || exit 0; \ + echo " ( cd '$(DESTDIR)$(pkglibexecdir)' && rm -f" $$files ")"; \ + cd "$(DESTDIR)$(pkglibexecdir)" && rm -f $$files + +clean-pkglibexecPROGRAMS: + @list='$(pkglibexec_PROGRAMS)'; test -n "$$list" || exit 0; \ + echo " rm -f" $$list; \ + rm -f $$list || exit $$?; \ + test -n "$(EXEEXT)" || exit 0; \ + list=`for p in $$list; do echo "$$p"; done | sed 's/$(EXEEXT)$$//'`; \ + echo " rm -f" $$list; \ + rm -f $$list + +submission$(EXEEXT): $(submission_OBJECTS) $(submission_DEPENDENCIES) $(EXTRA_submission_DEPENDENCIES) + @rm -f submission$(EXEEXT) + $(AM_V_CCLD)$(submission_LINK) $(submission_OBJECTS) $(submission_LDADD) $(LIBS) + +mostlyclean-compile: + -rm -f *.$(OBJEXT) + +distclean-compile: + -rm -f *.tab.c + +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/main.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/submission-backend-relay.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/submission-backend.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/submission-client.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/submission-commands.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/submission-recipient.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/submission-settings.Po@am__quote@ # am--include-marker + +$(am__depfiles_remade): + @$(MKDIR_P) $(@D) + @echo '# dummy' >$@-t && $(am__mv) $@-t $@ + +am--depfiles: $(am__depfiles_remade) + +.c.o: +@am__fastdepCC_TRUE@ $(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c -o $@ $< + +.c.obj: +@am__fastdepCC_TRUE@ $(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'` +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c -o $@ `$(CYGPATH_W) '$<'` + +.c.lo: +@am__fastdepCC_TRUE@ $(AM_V_CC)$(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LTCOMPILE) -c -o $@ $< + +mostlyclean-libtool: + -rm -f *.lo + +clean-libtool: + -rm -rf .libs _libs +install-pkginc_libHEADERS: $(pkginc_lib_HEADERS) + @$(NORMAL_INSTALL) + @list='$(pkginc_lib_HEADERS)'; test -n "$(pkginc_libdir)" || list=; \ + if test -n "$$list"; then \ + echo " $(MKDIR_P) '$(DESTDIR)$(pkginc_libdir)'"; \ + $(MKDIR_P) "$(DESTDIR)$(pkginc_libdir)" || exit 1; \ + fi; \ + for p in $$list; do \ + if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \ + echo "$$d$$p"; \ + done | $(am__base_list) | \ + while read files; do \ + echo " $(INSTALL_HEADER) $$files '$(DESTDIR)$(pkginc_libdir)'"; \ + $(INSTALL_HEADER) $$files "$(DESTDIR)$(pkginc_libdir)" || exit $$?; \ + done + +uninstall-pkginc_libHEADERS: + @$(NORMAL_UNINSTALL) + @list='$(pkginc_lib_HEADERS)'; test -n "$(pkginc_libdir)" || list=; \ + files=`for p in $$list; do echo $$p; done | sed -e 's|^.*/||'`; \ + dir='$(DESTDIR)$(pkginc_libdir)'; $(am__uninstall_files_from_dir) + +ID: $(am__tagged_files) + $(am__define_uniq_tagged_files); mkid -fID $$unique +tags: tags-am +TAGS: tags + +tags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files) + set x; \ + here=`pwd`; \ + $(am__define_uniq_tagged_files); \ + shift; \ + if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \ + test -n "$$unique" || unique=$$empty_fix; \ + if test $$# -gt 0; then \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + "$$@" $$unique; \ + else \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + $$unique; \ + fi; \ + fi +ctags: ctags-am + +CTAGS: ctags +ctags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files) + $(am__define_uniq_tagged_files); \ + test -z "$(CTAGS_ARGS)$$unique" \ + || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ + $$unique + +GTAGS: + here=`$(am__cd) $(top_builddir) && pwd` \ + && $(am__cd) $(top_srcdir) \ + && gtags -i $(GTAGS_ARGS) "$$here" +cscopelist: cscopelist-am + +cscopelist-am: $(am__tagged_files) + list='$(am__tagged_files)'; \ + case "$(srcdir)" in \ + [\\/]* | ?:[\\/]*) sdir="$(srcdir)" ;; \ + *) sdir=$(subdir)/$(srcdir) ;; \ + esac; \ + for i in $$list; do \ + if test -f "$$i"; then \ + echo "$(subdir)/$$i"; \ + else \ + echo "$$sdir/$$i"; \ + fi; \ + done >> $(top_builddir)/cscope.files + +distclean-tags: + -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags + +distdir: $(BUILT_SOURCES) + $(MAKE) $(AM_MAKEFLAGS) distdir-am + +distdir-am: $(DISTFILES) + @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ + topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ + list='$(DISTFILES)'; \ + dist_files=`for file in $$list; do echo $$file; done | \ + sed -e "s|^$$srcdirstrip/||;t" \ + -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \ + case $$dist_files in \ + */*) $(MKDIR_P) `echo "$$dist_files" | \ + sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \ + sort -u` ;; \ + esac; \ + for file in $$dist_files; do \ + if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ + if test -d $$d/$$file; then \ + dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ + if test -d "$(distdir)/$$file"; then \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ + fi; \ + if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ + cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ + fi; \ + cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \ + else \ + test -f "$(distdir)/$$file" \ + || cp -p $$d/$$file "$(distdir)/$$file" \ + || exit 1; \ + fi; \ + done +check-am: all-am +check: check-am +all-am: Makefile $(PROGRAMS) $(HEADERS) +installdirs: + for dir in "$(DESTDIR)$(pkglibexecdir)" "$(DESTDIR)$(pkginc_libdir)"; do \ + test -z "$$dir" || $(MKDIR_P) "$$dir"; \ + done +install: install-am +install-exec: install-exec-am +install-data: install-data-am +uninstall: uninstall-am + +install-am: all-am + @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am + +installcheck: installcheck-am +install-strip: + if test -z '$(STRIP)'; then \ + $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ + install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ + install; \ + else \ + $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ + install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ + "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'" install; \ + fi +mostlyclean-generic: + +clean-generic: + +distclean-generic: + -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) + -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) + +maintainer-clean-generic: + @echo "This command is intended for maintainers to use" + @echo "it deletes files that may require special tools to rebuild." +clean: clean-am + +clean-am: clean-generic clean-libtool clean-pkglibexecPROGRAMS \ + mostlyclean-am + +distclean: distclean-am + -rm -f ./$(DEPDIR)/main.Po + -rm -f ./$(DEPDIR)/submission-backend-relay.Po + -rm -f ./$(DEPDIR)/submission-backend.Po + -rm -f ./$(DEPDIR)/submission-client.Po + -rm -f ./$(DEPDIR)/submission-commands.Po + -rm -f ./$(DEPDIR)/submission-recipient.Po + -rm -f ./$(DEPDIR)/submission-settings.Po + -rm -f Makefile +distclean-am: clean-am distclean-compile distclean-generic \ + distclean-tags + +dvi: dvi-am + +dvi-am: + +html: html-am + +html-am: + +info: info-am + +info-am: + +install-data-am: install-pkginc_libHEADERS + +install-dvi: install-dvi-am + +install-dvi-am: + +install-exec-am: install-pkglibexecPROGRAMS + +install-html: install-html-am + +install-html-am: + +install-info: install-info-am + +install-info-am: + +install-man: + +install-pdf: install-pdf-am + +install-pdf-am: + +install-ps: install-ps-am + +install-ps-am: + +installcheck-am: + +maintainer-clean: maintainer-clean-am + -rm -f ./$(DEPDIR)/main.Po + -rm -f ./$(DEPDIR)/submission-backend-relay.Po + -rm -f ./$(DEPDIR)/submission-backend.Po + -rm -f ./$(DEPDIR)/submission-client.Po + -rm -f ./$(DEPDIR)/submission-commands.Po + -rm -f ./$(DEPDIR)/submission-recipient.Po + -rm -f ./$(DEPDIR)/submission-settings.Po + -rm -f Makefile +maintainer-clean-am: distclean-am maintainer-clean-generic + +mostlyclean: mostlyclean-am + +mostlyclean-am: mostlyclean-compile mostlyclean-generic \ + mostlyclean-libtool + +pdf: pdf-am + +pdf-am: + +ps: ps-am + +ps-am: + +uninstall-am: uninstall-pkginc_libHEADERS uninstall-pkglibexecPROGRAMS + +.MAKE: install-am install-strip + +.PHONY: CTAGS GTAGS TAGS all all-am am--depfiles check check-am clean \ + clean-generic clean-libtool clean-pkglibexecPROGRAMS \ + cscopelist-am ctags ctags-am distclean distclean-compile \ + distclean-generic distclean-libtool distclean-tags distdir dvi \ + dvi-am html html-am info info-am install install-am \ + install-data install-data-am install-dvi install-dvi-am \ + install-exec install-exec-am install-html install-html-am \ + install-info install-info-am install-man install-pdf \ + install-pdf-am install-pkginc_libHEADERS \ + install-pkglibexecPROGRAMS install-ps install-ps-am \ + install-strip installcheck installcheck-am installdirs \ + maintainer-clean maintainer-clean-generic mostlyclean \ + mostlyclean-compile mostlyclean-generic mostlyclean-libtool \ + pdf pdf-am ps ps-am tags tags-am uninstall uninstall-am \ + uninstall-pkginc_libHEADERS uninstall-pkglibexecPROGRAMS + +.PRECIOUS: Makefile + + +# Tell versions [3.59,3.63) of GNU make to not export all variables. +# Otherwise a system limit (for SysV at least) may be exceeded. +.NOEXPORT: diff --git a/src/submission/main.c b/src/submission/main.c new file mode 100644 index 0000000..d335716 --- /dev/null +++ b/src/submission/main.c @@ -0,0 +1,433 @@ +/* Copyright (c) 2013-2018 Dovecot authors, see the included COPYING file */ + +#include "submission-common.h" +#include "buffer.h" +#include "str.h" +#include "istream.h" +#include "ostream.h" +#include "array.h" +#include "base64.h" +#include "hostpid.h" +#include "path-util.h" +#include "process-title.h" +#include "restrict-access.h" +#include "fd-util.h" +#include "settings-parser.h" +#include "master-service.h" +#include "master-login.h" +#include "master-service-settings.h" +#include "master-interface.h" +#include "var-expand.h" +#include "mail-error.h" +#include "mail-user.h" +#include "mail-storage-service.h" +#include "smtp-server.h" +#include "smtp-client.h" + +#include "submission-commands.h" + +#include <stdio.h> +#include <unistd.h> + +#define DNS_CLIENT_SOCKET_PATH "dns-client" + +#define LMTP_MASTER_FIRST_LISTEN_FD 3 + +#define IS_STANDALONE() \ + (getenv(MASTER_IS_PARENT_ENV) == NULL) + +struct smtp_server *smtp_server = NULL; +struct smtp_client *smtp_client = NULL; + +static bool verbose_proctitle = FALSE; +static struct mail_storage_service_ctx *storage_service; +static struct master_login *master_login = NULL; + +submission_client_created_func_t *hook_client_created = NULL; +bool submission_debug = FALSE; + +submission_client_created_func_t * +submission_client_created_hook_set(submission_client_created_func_t *new_hook) +{ + submission_client_created_func_t *old_hook = hook_client_created; + + hook_client_created = new_hook; + return old_hook; +} + +void submission_refresh_proctitle(void) +{ + struct client *client; + string_t *title = t_str_new(128); + + if (!verbose_proctitle) + return; + + str_append_c(title, '['); + switch (submission_client_count) { + case 0: + str_append(title, "idling"); + break; + case 1: + client = submission_clients; + str_append(title, client->user->username); + if (client->user->conn.remote_ip != NULL) { + str_append_c(title, ' '); + str_append(title, + net_ip2addr(client->user->conn.remote_ip)); + } + str_append_c(title, ' '); + str_append(title, smtp_server_state_names[client->state.state]); + if (client->state.args != NULL && *client->state.args != '\0') { + str_append_c(title, ' '); + str_append(title, client->state.args); + } + break; + default: + str_printfa(title, "%u connections", submission_client_count); + break; + } + str_append_c(title, ']'); + process_title_set(str_c(title)); +} + +static void submission_die(void) +{ + /* do nothing. submission connections typically die pretty quick anyway. + */ +} + +static void +send_error(int fd_out, const char *hostname, const char *error_code, + const char *error_msg) +{ + const char *msg; + + msg = t_strdup_printf("451 %s %s\r\n" + "421 4.3.2 %s Shutting down due to fatal error\r\n", + error_code, error_msg, hostname); + if (write(fd_out, msg, strlen(msg)) < 0) { + if (errno != EAGAIN && errno != EPIPE) + i_error("write(client) failed: %m"); + } +} + +static bool +extract_input_data_field(const unsigned char **data, size_t *data_len, + const char **value_r) +{ + size_t value_len = 0; + + if (*data_len == 0) + return FALSE; + + if (**data == '\0') { + value_len = 1; + } else { + *value_r = t_strndup(*data, *data_len); + value_len = strlen(*value_r) + 1; + } + + if (value_len > *data_len) { + *data = &uchar_nul; + *data_len = 0; + } else { + *data = *data + value_len; + *data_len = *data_len - value_len; + } + return TRUE; +} + +static int +client_create_from_input(const struct mail_storage_service_input *input, + enum mail_auth_request_flags login_flags, + int fd_in, int fd_out, const buffer_t *input_buf, + const char **error_r) +{ + struct mail_storage_service_user *user; + struct mail_user *mail_user; + struct submission_settings *set; + bool no_greeting = HAS_ALL_BITS(login_flags, + MAIL_AUTH_REQUEST_FLAG_IMPLICIT); + const char *errstr; + const char *helo = NULL; + struct smtp_proxy_data proxy_data; + const unsigned char *data; + size_t data_len; + + if (mail_storage_service_lookup_next(storage_service, input, + &user, &mail_user, error_r) <= 0) { + send_error(fd_out, my_hostname, + "4.7.0", MAIL_ERRSTR_CRITICAL_MSG); + return -1; + } + restrict_access_allow_coredumps(TRUE); + + set = mail_storage_service_user_get_set(user)[1]; + if (set->verbose_proctitle) + verbose_proctitle = TRUE; + + if (settings_var_expand(&submission_setting_parser_info, set, + mail_user->pool, mail_user_var_expand_table(mail_user), + &errstr) <= 0) { + *error_r = t_strdup_printf("Failed to expand settings: %s", errstr); + send_error(fd_out, set->hostname, + "4.3.5", MAIL_ERRSTR_CRITICAL_MSG); + mail_user_deinit(&mail_user); + mail_storage_service_user_unref(&user); + return -1; + } + + if (set->submission_relay_host == NULL || + *set->submission_relay_host == '\0') { + *error_r = "No relay host configured for submission proxy " + "(submission_relay_host is unset)"; + send_error(fd_out, set->hostname, + "4.3.5", MAIL_ERRSTR_CRITICAL_MSG); + mail_user_deinit(&mail_user); + mail_storage_service_user_unref(&user); + return -1; + } + + /* parse input data */ + data = NULL; + data_len = 0; + i_zero(&proxy_data); + if (input_buf != NULL && input_buf->used > 0) { + data = input_buf->data; + data_len = input_buf->used; + + if (extract_input_data_field(&data, &data_len, &helo) && + extract_input_data_field(&data, &data_len, + &proxy_data.helo)) { + /* nothing to do */ + } + + /* NOTE: actually, pipelining the AUTH command is stricly + speaking not allowed, but we support it anyway. + */ + } + + (void)client_create(fd_in, fd_out, mail_user, + user, set, helo, &proxy_data, data, data_len, + no_greeting); + return 0; +} + +static void main_stdio_run(const char *username) +{ + struct mail_storage_service_input input; + buffer_t *input_buf; + const char *value, *error, *input_base64; + + i_zero(&input); + input.module = input.service = "submission"; + input.username = username != NULL ? username : getenv("USER"); + if (input.username == NULL && IS_STANDALONE()) + input.username = getlogin(); + if (input.username == NULL) + i_fatal("USER environment missing"); + if ((value = getenv("IP")) != NULL) + (void)net_addr2ip(value, &input.remote_ip); + if ((value = getenv("LOCAL_IP")) != NULL) + (void)net_addr2ip(value, &input.local_ip); + + input_base64 = getenv("CLIENT_INPUT"); + input_buf = input_base64 == NULL ? NULL : + t_base64_decode_str(input_base64); + + if (client_create_from_input(&input, 0, STDIN_FILENO, STDOUT_FILENO, + input_buf, &error) < 0) + i_fatal("%s", error); +} + +static void +login_client_connected(const struct master_login_client *login_client, + const char *username, const char *const *extra_fields) +{ + struct mail_storage_service_input input; + enum mail_auth_request_flags flags = login_client->auth_req.flags; + const char *error; + buffer_t input_buf; + + i_zero(&input); + input.module = input.service = "submission"; + input.local_ip = login_client->auth_req.local_ip; + input.remote_ip = login_client->auth_req.remote_ip; + input.local_port = login_client->auth_req.local_port; + input.remote_port = login_client->auth_req.remote_port; + input.username = username; + input.userdb_fields = extra_fields; + input.session_id = login_client->session_id; + if ((flags & MAIL_AUTH_REQUEST_FLAG_CONN_SECURED) != 0) + input.conn_secured = TRUE; + if ((flags & MAIL_AUTH_REQUEST_FLAG_CONN_SSL_SECURED) != 0) + input.conn_ssl_secured = TRUE; + + buffer_create_from_const_data(&input_buf, login_client->data, + login_client->auth_req.data_size); + if (client_create_from_input(&input, flags, + login_client->fd, login_client->fd, + &input_buf, &error) < 0) { + int fd = login_client->fd; + i_error("%s", error); + i_close_fd(&fd); + master_service_client_connection_destroyed(master_service); + } +} + +static void login_client_failed(const struct master_login_client *client, + const char *errormsg) +{ + const char *msg; + + msg = t_strdup_printf("451 4.7.0 %s\r\n" + "421 4.3.2 %s Shutting down due to fatal error\r\n", + errormsg, my_hostname); + if (write(client->fd, msg, strlen(msg)) < 0) { + /* ignored */ + } +} + +static void client_connected(struct master_service_connection *conn) +{ + /* when running standalone, we shouldn't even get here */ + i_assert(master_login != NULL); + + master_service_client_connection_accept(conn); + master_login_add(master_login, conn->fd); +} + +int main(int argc, char *argv[]) +{ + static const struct setting_parser_info *set_roots[] = { + &submission_setting_parser_info, + NULL + }; + struct master_login_settings login_set; + enum master_service_flags service_flags = 0; + enum mail_storage_service_flags storage_service_flags = 0; + struct smtp_server_settings smtp_server_set; + struct smtp_client_settings smtp_client_set; + const char *username = NULL, *auth_socket_path = "auth-master"; + const char *tmp_socket_path; + const char *error; + int c; + + i_zero(&login_set); + login_set.postlogin_timeout_secs = MASTER_POSTLOGIN_TIMEOUT_DEFAULT; + login_set.request_auth_token = TRUE; + + if (IS_STANDALONE() && getuid() == 0 && + net_getpeername(1, NULL, NULL) == 0) { + printf("421 5.3.5 The submission binary must not be started " + "from inetd, use submission-login instead.\r\n"); + return 1; + } + + if (IS_STANDALONE()) { + service_flags |= MASTER_SERVICE_FLAG_STANDALONE | + MASTER_SERVICE_FLAG_STD_CLIENT; + } else { + service_flags |= MASTER_SERVICE_FLAG_KEEP_CONFIG_OPEN; + } + + master_service = master_service_init("submission", service_flags, + &argc, &argv, "a:Dt:u:"); + while ((c = master_getopt(master_service)) > 0) { + switch (c) { + case 'a': + auth_socket_path = optarg; + break; + case 't': + if (str_to_uint(optarg, + &login_set.postlogin_timeout_secs) < 0 || + login_set.postlogin_timeout_secs == 0) + i_fatal("Invalid -t parameter: %s", optarg); + break; + case 'u': + storage_service_flags |= + MAIL_STORAGE_SERVICE_FLAG_USERDB_LOOKUP; + username = optarg; + break; + case 'D': + submission_debug = TRUE; + break; + default: + return FATAL_DEFAULT; + } + } + + if (t_abspath(auth_socket_path, &login_set.auth_socket_path, + &error) < 0) { + i_fatal("t_abspath(%s) failed: %s", auth_socket_path, + error); + } + if (argv[optind] != NULL) { + if (t_abspath(argv[optind], + &login_set.postlogin_socket_path, &error) < 0) { + i_fatal("t_abspath(%s) failed: %s", + argv[optind], error); + } + } + login_set.callback = login_client_connected; + login_set.failure_callback = login_client_failed; + + master_service_set_die_callback(master_service, submission_die); + + storage_service = + mail_storage_service_init(master_service, + set_roots, storage_service_flags); + + /* initialize SMTP server */ + i_zero(&smtp_server_set); + smtp_server_set.capabilities = SMTP_CAPABILITY_DSN; + smtp_server_set.protocol = SMTP_PROTOCOL_SMTP; + smtp_server_set.max_pipelined_commands = 5; + smtp_server_set.debug = submission_debug; + smtp_server_set.reason_code_module = "submission"; + smtp_server = smtp_server_init(&smtp_server_set); + smtp_server_command_register(smtp_server, "BURL", cmd_burl, 0); + + if (t_abspath(DNS_CLIENT_SOCKET_PATH, &tmp_socket_path, &error) < 0) + i_fatal("t_abspath(%s) failed: %s", DNS_CLIENT_SOCKET_PATH, error); + + /* initialize SMTP client */ + i_zero(&smtp_client_set); + smtp_client_set.my_hostname = my_hostdomain(); + smtp_client_set.debug = submission_debug; + smtp_client_set.dns_client_socket_path = tmp_socket_path; + smtp_client = smtp_client_init(&smtp_client_set); + + if (!IS_STANDALONE()) + master_login = master_login_init(master_service, &login_set); + + master_service_init_finish(master_service); + /* NOTE: login_set.*_socket_path are now invalid due to data stack + having been freed */ + + /* fake that we're running, so we know if client was destroyed + while handling its initial input */ + io_loop_set_running(current_ioloop); + + if (IS_STANDALONE()) { + T_BEGIN { + main_stdio_run(username); + } T_END; + } else { + io_loop_set_running(current_ioloop); + } + + if (io_loop_is_running(current_ioloop)) + master_service_run(master_service, client_connected); + clients_destroy_all(); + + smtp_client_deinit(&smtp_client); + smtp_server_deinit(&smtp_server); + + if (master_login != NULL) + master_login_deinit(&master_login); + mail_storage_service_deinit(&storage_service); + master_service_deinit(&master_service); + return 0; +} diff --git a/src/submission/submission-backend-relay.c b/src/submission/submission-backend-relay.c new file mode 100644 index 0000000..eededa0 --- /dev/null +++ b/src/submission/submission-backend-relay.c @@ -0,0 +1,1260 @@ +/* Copyright (c) 2018 Dovecot authors, see the included COPYING file */ + +#include "submission-common.h" +#include "str.h" +#include "str-sanitize.h" +#include "mail-user.h" +#include "iostream-ssl.h" +#include "smtp-client.h" +#include "smtp-client-connection.h" +#include "smtp-client-transaction.h" +#include "smtp-client-command.h" + +#include "submission-recipient.h" +#include "submission-backend-relay.h" + +struct submission_backend_relay { + struct submission_backend backend; + + struct smtp_client_connection *conn; + struct smtp_client_transaction *trans; + + bool trans_started:1; + bool trusted:1; + bool quit_confirmed:1; +}; + +static struct submission_backend_vfuncs backend_relay_vfuncs; + +/* + * Common + */ + +/* The command handling of the submission relay service aims to follow the + following rules: + + - Attempt to keep pipelined commands pipelined when relaying them to the + actual relay service. + - Don't forward commands if they're known to fail at the relay server. Errors + can still occur if pipelined commands fail. Abort subsequent pending + commands if such failures affect those commands. + - Keep predictable errors consistent as much as possible; send our own reply + if the error condition is clear (e.g. missing MAIL, RCPT). +*/ + +static bool +backend_relay_handle_relay_reply(struct submission_backend_relay *backend, + struct smtp_server_cmd_ctx *cmd, + const struct smtp_reply *reply, + struct smtp_reply *reply_r) ATTR_NULL(2) +{ + struct client *client = backend->backend.client; + struct mail_user *user = client->user; + const char *enh_code, *msg, *log_msg = NULL; + const char *const *reply_lines; + bool result = TRUE; + + *reply_r = *reply; + + switch (reply->status) { + case SMTP_CLIENT_COMMAND_ERROR_ABORTED: + return FALSE; + case SMTP_CLIENT_COMMAND_ERROR_HOST_LOOKUP_FAILED: + case SMTP_CLIENT_COMMAND_ERROR_CONNECT_FAILED: + case SMTP_CLIENT_COMMAND_ERROR_AUTH_FAILED: + enh_code = "4.4.0"; + msg = "Failed to connect to relay server"; + result = FALSE; + break; + case SMTP_CLIENT_COMMAND_ERROR_CONNECTION_CLOSED: + enh_code = smtp_reply_get_enh_code(reply); + log_msg = "Lost connection to relay server"; + reply_lines = smtp_reply_get_text_lines_omit_prefix(reply); + msg = t_strconcat("Lost connection to relay server:\n", + t_strarray_join(reply_lines, "\n"), NULL); + result = FALSE; + break; + case SMTP_CLIENT_COMMAND_ERROR_CONNECTION_LOST: + case SMTP_CLIENT_COMMAND_ERROR_BAD_REPLY: + case SMTP_CLIENT_COMMAND_ERROR_TIMED_OUT: + enh_code = "4.4.0"; + log_msg = msg = "Lost connection to relay server"; + result = FALSE; + break; + /* RFC 4954, Section 6: 530 5.7.0 Authentication required + + This response SHOULD be returned by any command other than AUTH, + EHLO, HELO, NOOP, RSET, or QUIT when server policy requires + authentication in order to perform the requested action and + authentication is not currently in force. */ + case 530: + log_msg = "Relay server requires authentication"; + enh_code = "4.3.5", + msg = "Internal error occurred. " + "Refer to server log for more information."; + result = FALSE; + break; + default: + break; + } + + if (!result) { + const char *detail = "", *reason; + + i_assert(msg != NULL); + + switch (reply->status) { + case SMTP_CLIENT_COMMAND_ERROR_ABORTED: + i_unreached(); + case SMTP_CLIENT_COMMAND_ERROR_HOST_LOOKUP_FAILED: + detail = " (DNS lookup)"; + break; + case SMTP_CLIENT_COMMAND_ERROR_CONNECT_FAILED: + case SMTP_CLIENT_COMMAND_ERROR_AUTH_FAILED: + detail = " (connect)"; + break; + case SMTP_CLIENT_COMMAND_ERROR_CONNECTION_LOST: + case SMTP_CLIENT_COMMAND_ERROR_CONNECTION_CLOSED: + if (backend->quit_confirmed) + return FALSE; + detail = " (connection lost)"; + break; + case SMTP_CLIENT_COMMAND_ERROR_BAD_REPLY: + detail = " (bad reply)"; + break; + case SMTP_CLIENT_COMMAND_ERROR_TIMED_OUT: + detail = " (timed out)"; + break; + default: + break; + } + + reason = t_strdup_printf("%s%s", msg, detail); + smtp_client_transaction_destroy(&backend->trans); + if (log_msg != NULL) { + if (smtp_reply_is_remote(reply)) { + i_error("%s: %s", + log_msg, smtp_reply_log(reply)); + } else if (user->mail_debug) { + i_debug("%s: %s", + log_msg, smtp_reply_log(reply)); + } + } + submission_backend_fail(&backend->backend, cmd, + enh_code, reason); + return FALSE; + } + + if (!smtp_reply_has_enhanced_code(reply)) { + reply_r->enhanced_code = + SMTP_REPLY_ENH_CODE(reply->status / 100, 0, 0); + } + return TRUE; +} + +/* + * Mail transaction + */ + +static void +backend_relay_trans_finished(struct submission_backend_relay *backend) +{ + backend->trans = NULL; +} + +static void +backend_relay_trans_start_callback( + const struct smtp_reply *relay_reply ATTR_UNUSED, + struct submission_backend_relay *backend ATTR_UNUSED) +{ + /* nothing to do */ +} + +static void +backend_relay_trans_start(struct submission_backend *_backend, + struct smtp_server_transaction *trans ATTR_UNUSED, + const struct smtp_address *path, + const struct smtp_params_mail *params) +{ + struct submission_backend_relay *backend = + (struct submission_backend_relay *)_backend; + + if (backend->trans == NULL) { + backend->trans_started = TRUE; + backend->trans = smtp_client_transaction_create( + backend->conn, path, params, 0, + backend_relay_trans_finished, backend); + smtp_client_transaction_set_immediate(backend->trans, TRUE); + smtp_client_transaction_start( + backend->trans, backend_relay_trans_start_callback, + backend); + } else if (!backend->trans_started) { + backend->trans_started = TRUE; + smtp_client_transaction_start_empty( + backend->trans, path, params, + backend_relay_trans_start_callback, backend); + } +} + +static void +backend_relay_trans_free(struct submission_backend *_backend, + struct smtp_server_transaction *trans ATTR_UNUSED) +{ + struct submission_backend_relay *backend = + (struct submission_backend_relay *)_backend; + + backend->trans_started = FALSE; + + if (backend->trans == NULL) + return; + + smtp_client_transaction_destroy(&backend->trans); +} + +struct smtp_client_transaction * +submission_backend_relay_init_transaction( + struct submission_backend_relay *backend, + enum smtp_client_transaction_flags flags) +{ + i_assert(backend->trans == NULL); + + backend->trans = smtp_client_transaction_create_empty( + backend->conn, flags, + backend_relay_trans_finished, backend); + smtp_client_transaction_set_immediate(backend->trans, TRUE); + + return backend->trans; +} + +/* + * EHLO, HELO commands + */ + +struct relay_cmd_helo_context { + struct submission_backend_relay *backend; + + struct smtp_server_cmd_ctx *cmd; + struct smtp_server_cmd_helo *data; + + struct smtp_client_command *cmd_relayed; +}; + +static void +relay_cmd_helo_destroy(struct smtp_server_cmd_ctx *cmd ATTR_UNUSED, + struct relay_cmd_helo_context *helo_cmd) +{ + i_assert(helo_cmd != NULL); + if (helo_cmd->cmd_relayed != NULL) + smtp_client_command_abort(&helo_cmd->cmd_relayed); +} + +static void +relay_cmd_helo_update_xclient(struct submission_backend_relay *backend, + struct smtp_server_cmd_helo *data) +{ + struct smtp_proxy_data proxy_data; + + if (!backend->trusted) + return; + + i_zero(&proxy_data); + proxy_data.helo = data->helo.domain; + smtp_client_connection_update_proxy_data(backend->conn, &proxy_data); +} + +static void +relay_cmd_helo_reply(struct smtp_server_cmd_ctx *cmd, + struct relay_cmd_helo_context *helo_cmd) +{ + struct submission_backend_relay *backend = helo_cmd->backend; + + if (helo_cmd->data->changed) + relay_cmd_helo_update_xclient(backend, helo_cmd->data); + + T_BEGIN { + submission_backend_helo_reply_submit(&backend->backend, cmd, + helo_cmd->data); + } T_END; +} + +static void +relay_cmd_helo_callback(const struct smtp_reply *relay_reply, + struct relay_cmd_helo_context *helo_cmd) +{ + i_assert(helo_cmd != NULL); + + struct smtp_server_cmd_ctx *cmd = helo_cmd->cmd; + struct submission_backend_relay *backend = helo_cmd->backend; + struct smtp_reply reply; + + /* finished relaying EHLO command to relay server */ + helo_cmd->cmd_relayed = NULL; + + if (!backend_relay_handle_relay_reply(backend, cmd, relay_reply, + &reply)) + return; + + if (smtp_reply_is_success(&reply)) { + relay_cmd_helo_reply(cmd, helo_cmd); + } else { + /* RFC 2034, Section 4: + + These codes must appear in all 2xx, 4xx, and 5xx response + lines other than initial greeting and any response to HELO + or EHLO. + */ + reply.enhanced_code = SMTP_REPLY_ENH_CODE_NONE; + smtp_server_reply_forward(cmd, &reply); + } +} + +static void +relay_cmd_helo_start(struct smtp_server_cmd_ctx *cmd ATTR_UNUSED, + struct relay_cmd_helo_context *helo_cmd) +{ + struct submission_backend_relay *backend = helo_cmd->backend; + + if (helo_cmd->data->changed) + relay_cmd_helo_update_xclient(backend, helo_cmd->data); +} + +static int +backend_relay_cmd_helo(struct submission_backend *_backend, + struct smtp_server_cmd_ctx *cmd, + struct smtp_server_cmd_helo *data) +{ + struct submission_backend_relay *backend = + (struct submission_backend_relay *)_backend; + struct relay_cmd_helo_context *helo_cmd; + + helo_cmd = p_new(cmd->pool, struct relay_cmd_helo_context, 1); + helo_cmd->backend = backend; + helo_cmd->cmd = cmd; + helo_cmd->data = data; + + /* This is not the first HELO/EHLO; just relay a RSET command */ + smtp_server_command_add_hook(cmd->cmd, SMTP_SERVER_COMMAND_HOOK_NEXT, + relay_cmd_helo_start, helo_cmd); + smtp_server_command_add_hook(cmd->cmd, SMTP_SERVER_COMMAND_HOOK_DESTROY, + relay_cmd_helo_destroy, helo_cmd); + helo_cmd->cmd_relayed = smtp_client_command_rset_submit( + backend->conn, 0, relay_cmd_helo_callback, helo_cmd); + return 0; +} + +/* + * MAIL command + */ + +struct relay_cmd_mail_context { + struct submission_backend_relay *backend; + + struct smtp_server_cmd_ctx *cmd; + struct smtp_server_cmd_mail *data; + + struct smtp_client_transaction_mail *relay_mail; +}; + +static void +relay_cmd_mail_replied(struct smtp_server_cmd_ctx *cmd ATTR_UNUSED, + struct relay_cmd_mail_context *mail_cmd) +{ + if (mail_cmd->relay_mail != NULL) + smtp_client_transaction_mail_abort(&mail_cmd->relay_mail); +} + +static void +relay_cmd_mail_callback(const struct smtp_reply *relay_reply, + struct relay_cmd_mail_context *mail_cmd) +{ + i_assert(mail_cmd != NULL); + + struct smtp_server_cmd_ctx *cmd = mail_cmd->cmd; + struct submission_backend_relay *backend = mail_cmd->backend; + struct smtp_reply reply; + + /* finished relaying MAIL command to relay server */ + mail_cmd->relay_mail = NULL; + + if (!backend_relay_handle_relay_reply(backend, cmd, relay_reply, + &reply)) + return; + + if (smtp_reply_is_success(relay_reply)) { + /* if relay accepts it, we accept it too */ + + /* the default 2.0.0 code won't do */ + if (!smtp_reply_has_enhanced_code(relay_reply)) + reply.enhanced_code = SMTP_REPLY_ENH_CODE(2, 1, 0); + } + + /* forward reply */ + smtp_server_reply_forward(cmd, &reply); +} + +static int +relay_cmd_mail_parameter_auth(struct submission_backend_relay *backend, + struct smtp_server_cmd_ctx *cmd, + enum smtp_capability relay_caps, + struct smtp_server_cmd_mail *data) +{ + struct client *client = backend->backend.client; + struct smtp_params_mail *params = &data->params; + struct smtp_address *auth_addr; + const char *error; + + if ((relay_caps & SMTP_CAPABILITY_AUTH) == 0) + return 0; + + auth_addr = NULL; + if (smtp_address_parse_username(cmd->pool, client->user->username, + &auth_addr, &error) < 0) { + i_warning("Username `%s' is not a valid SMTP address: %s", + client->user->username, error); + } + + params->auth = auth_addr; + return 0; +} + +static int +relay_cmd_mail_parameter_size(struct submission_backend_relay *backend, + struct smtp_server_cmd_ctx *cmd, + enum smtp_capability relay_caps, + struct smtp_server_cmd_mail *data) +{ + struct client *client = backend->backend.client; + uoff_t max_size; + + /* SIZE=<size-value>: RFC 1870 */ + + if (data->params.size == 0 || (relay_caps & SMTP_CAPABILITY_SIZE) == 0) + return 0; + + /* determine actual size limit (account for our additions) */ + max_size = client_get_max_mail_size(client); + if (max_size > 0 && data->params.size > max_size) { + smtp_server_reply( + cmd, 552, "5.3.4", + "Message size exceeds fixed maximum message size"); + return -1; + } + + /* relay the SIZE parameter (account for additional size) */ + data->params.size += SUBMISSION_MAX_ADDITIONAL_MAIL_SIZE; + return 0; +} + +static int +backend_relay_cmd_mail(struct submission_backend *_backend, + struct smtp_server_cmd_ctx *cmd, + struct smtp_server_cmd_mail *data) +{ + struct submission_backend_relay *backend = + (struct submission_backend_relay *)_backend; + enum smtp_capability relay_caps = + smtp_client_connection_get_capabilities(backend->conn); + struct relay_cmd_mail_context *mail_cmd; + + /* check and adjust parameters where necessary */ + if (relay_cmd_mail_parameter_auth(backend, cmd, relay_caps, data) < 0) + return -1; + if (relay_cmd_mail_parameter_size(backend, cmd, relay_caps, data) < 0) + return -1; + + /* queue command (pipeline) */ + mail_cmd = p_new(cmd->pool, struct relay_cmd_mail_context, 1); + mail_cmd->backend = backend; + mail_cmd->cmd = cmd; + mail_cmd->data = data; + + smtp_server_command_add_hook(cmd->cmd, SMTP_SERVER_COMMAND_HOOK_REPLIED, + relay_cmd_mail_replied, mail_cmd); + + if (backend->trans == NULL) { + /* start client transaction */ + backend->trans_started = TRUE; + backend->trans = smtp_client_transaction_create( + backend->conn, data->path, &data->params, 0, + backend_relay_trans_finished, backend); + smtp_client_transaction_set_immediate(backend->trans, TRUE); + smtp_client_transaction_start( + backend->trans, relay_cmd_mail_callback, mail_cmd); + } else { + /* forward pipelined MAIL command */ + i_assert(backend->trans_started); + mail_cmd->relay_mail = smtp_client_transaction_add_mail( + backend->trans, data->path, &data->params, + relay_cmd_mail_callback, mail_cmd); + } + return 0; +} + +/* + * RCPT command + */ + +struct relay_cmd_rcpt_context { + struct submission_backend_relay *backend; + struct submission_recipient *rcpt; + + struct smtp_server_cmd_ctx *cmd; + + struct smtp_client_transaction_rcpt *relay_rcpt; +}; + +static void +relay_cmd_rcpt_replied(struct smtp_server_cmd_ctx *cmd ATTR_UNUSED, + struct relay_cmd_rcpt_context *rcpt_cmd) +{ + if (rcpt_cmd->relay_rcpt != NULL) + smtp_client_transaction_rcpt_abort(&rcpt_cmd->relay_rcpt); +} + +static void +relay_cmd_rcpt_callback(const struct smtp_reply *relay_reply, + struct relay_cmd_rcpt_context *rcpt_cmd) +{ + i_assert(rcpt_cmd != NULL); + + struct smtp_server_cmd_ctx *cmd = rcpt_cmd->cmd; + struct submission_backend_relay *backend = rcpt_cmd->backend; + struct submission_recipient *srcpt = rcpt_cmd->rcpt; + struct smtp_server_recipient *rcpt = srcpt->rcpt; + struct smtp_client_transaction_rcpt *relay_rcpt = rcpt_cmd->relay_rcpt; + struct smtp_reply reply; + + /* finished relaying RCPT command to relay server */ + rcpt_cmd->relay_rcpt = NULL; + + if (!backend_relay_handle_relay_reply(backend, cmd, relay_reply, + &reply)) + return; + + if (smtp_reply_is_success(&reply)) { + /* the default 2.0.0 code won't do */ + if (!smtp_reply_has_enhanced_code(&reply)) + reply.enhanced_code = SMTP_REPLY_ENH_CODE(2, 1, 5); + + i_assert(relay_rcpt != NULL); + srcpt->backend_context = relay_rcpt; + } + + /* forward reply */ + smtp_server_recipient_reply_forward(rcpt, &reply); +} + +static int +backend_relay_cmd_rcpt(struct submission_backend *_backend, + struct smtp_server_cmd_ctx *cmd, + struct submission_recipient *srcpt) +{ + struct submission_backend_relay *backend = + (struct submission_backend_relay *)_backend; + struct smtp_server_recipient *rcpt = srcpt->rcpt; + struct relay_cmd_rcpt_context *rcpt_cmd; + + /* queue command (pipeline) */ + rcpt_cmd = p_new(cmd->pool, struct relay_cmd_rcpt_context, 1); + rcpt_cmd->backend = backend; + rcpt_cmd->cmd = cmd; + rcpt_cmd->rcpt = srcpt; + + smtp_server_command_add_hook(cmd->cmd, SMTP_SERVER_COMMAND_HOOK_REPLIED, + relay_cmd_rcpt_replied, rcpt_cmd); + + if (backend->trans == NULL) + (void)submission_backend_relay_init_transaction(backend, 0); + rcpt_cmd->relay_rcpt = smtp_client_transaction_add_pool_rcpt( + backend->trans, rcpt->pool, rcpt->path, &rcpt->params, + relay_cmd_rcpt_callback, rcpt_cmd); + return 0; +} + +/* + * RSET command + */ + +struct relay_cmd_rset_context { + struct submission_backend_relay *backend; + + struct smtp_server_cmd_ctx *cmd; + + struct smtp_client_command *cmd_relayed; +}; + +static void +relay_cmd_rset_destroy(struct smtp_server_cmd_ctx *cmd ATTR_UNUSED, + struct relay_cmd_rset_context *rset_cmd) +{ + i_assert(rset_cmd != NULL); + if (rset_cmd->cmd_relayed != NULL) + smtp_client_command_abort(&rset_cmd->cmd_relayed); +} + +static void +relay_cmd_rset_callback(const struct smtp_reply *relay_reply, + struct relay_cmd_rset_context *rset_cmd) +{ + i_assert(rset_cmd != NULL); + + struct smtp_server_cmd_ctx *cmd = rset_cmd->cmd; + struct submission_backend_relay *backend = rset_cmd->backend; + struct smtp_reply reply; + + /* finished relaying MAIL command to relay server */ + rset_cmd->cmd_relayed = NULL; + + if (!backend_relay_handle_relay_reply(backend, cmd, relay_reply, + &reply)) + return; + + /* forward reply */ + smtp_server_reply_forward(cmd, &reply); +} + +static int +backend_relay_cmd_rset(struct submission_backend *_backend, + struct smtp_server_cmd_ctx *cmd) +{ + struct submission_backend_relay *backend = + (struct submission_backend_relay *)_backend; + struct relay_cmd_rset_context *rset_cmd; + + rset_cmd = p_new(cmd->pool, struct relay_cmd_rset_context, 1); + rset_cmd->backend = backend; + rset_cmd->cmd = cmd; + + if (backend->trans != NULL) { + /* RSET pipelined after MAIL */ + smtp_client_transaction_reset(backend->trans, + relay_cmd_rset_callback, + rset_cmd); + } else { + /* RSET alone */ + smtp_server_command_add_hook(cmd->cmd, + SMTP_SERVER_COMMAND_HOOK_DESTROY, + relay_cmd_rset_destroy, rset_cmd); + rset_cmd->cmd_relayed = smtp_client_command_rset_submit( + backend->conn, 0, relay_cmd_rset_callback, rset_cmd); + } + return 0; +} + +/* + * DATA/BDAT commands + */ + +struct relay_cmd_data_context { + struct submission_backend_relay *backend; + + struct smtp_server_cmd_ctx *cmd; + struct smtp_server_transaction *trans; +}; + +static void +relay_cmd_data_rcpt_callback(const struct smtp_reply *relay_reply, + struct submission_recipient *srcpt) +{ + struct smtp_server_recipient *rcpt = srcpt->rcpt; + struct smtp_server_cmd_ctx *cmd = rcpt->cmd; + struct submission_backend_relay *backend = + (struct submission_backend_relay *)srcpt->backend; + struct client *client = srcpt->backend->client; + struct smtp_server_transaction *trans = + smtp_server_connection_get_transaction(client->conn); + struct smtp_reply reply; + + i_assert(HAS_ALL_BITS(trans->flags, + SMTP_SERVER_TRANSACTION_FLAG_REPLY_PER_RCPT)); + + /* check for fatal problems */ + if (!backend_relay_handle_relay_reply(backend, cmd, relay_reply, + &reply)) + return; + + if (smtp_reply_is_success(&reply)) { + i_info("Successfully relayed message: " + "from=<%s>, to=<%s>, size=%"PRIuUOFF_T", " + "id=%s, rcpt=%u/%u, reply=`%s'", + smtp_address_encode(trans->mail_from), + smtp_address_encode(rcpt->path), + client->state.data_size, trans->id, + rcpt->index, array_count(&trans->rcpt_to), + str_sanitize(smtp_reply_log(&reply), 128)); + + } else { + i_info("Failed to relay message: " + "from=<%s>, to=<%s>, size=%"PRIuUOFF_T", " + "rcpt=%u/%u, reply=`%s'", + smtp_address_encode(trans->mail_from), + smtp_address_encode(rcpt->path), + client->state.data_size, rcpt->index, + array_count(&trans->rcpt_to), + str_sanitize(smtp_reply_log(&reply), 128)); + } + + smtp_server_recipient_reply_forward(rcpt, &reply); +} + +static void +relay_cmd_data_callback(const struct smtp_reply *relay_reply, + struct relay_cmd_data_context *data_ctx) +{ + i_assert(data_ctx != NULL); + + struct smtp_server_cmd_ctx *cmd = data_ctx->cmd; + struct smtp_server_transaction *trans = data_ctx->trans; + struct submission_backend_relay *backend = data_ctx->backend; + struct client *client = backend->backend.client; + struct smtp_reply reply; + + /* finished relaying message to relay server */ + + if (HAS_ALL_BITS(trans->flags, + SMTP_SERVER_TRANSACTION_FLAG_REPLY_PER_RCPT)) { + /* handled recipient replies individually */ + return; + } + + /* check for fatal problems */ + if (!backend_relay_handle_relay_reply(backend, cmd, relay_reply, + &reply)) + return; + + if (smtp_reply_is_success(&reply)) { + i_info("Successfully relayed message: " + "from=<%s>, size=%"PRIuUOFF_T", " + "id=%s, nrcpt=%u, reply=`%s'", + smtp_address_encode(trans->mail_from), + client->state.data_size, trans->id, + array_count(&trans->rcpt_to), + str_sanitize(smtp_reply_log(&reply), 128)); + + } else { + i_info("Failed to relay message: " + "from=<%s>, size=%"PRIuUOFF_T", nrcpt=%u, reply=`%s'", + smtp_address_encode(trans->mail_from), + client->state.data_size, array_count(&trans->rcpt_to), + str_sanitize(smtp_reply_log(&reply), 128)); + } + + smtp_server_reply_forward(cmd, &reply); +} + +static void +backend_relay_cmd_data_init_callbacks(struct submission_backend_relay *backend, + struct smtp_server_transaction *trans) +{ + struct client *client = backend->backend.client; + struct submission_recipient *rcpt; + + if (!HAS_ALL_BITS(trans->flags, + SMTP_SERVER_TRANSACTION_FLAG_REPLY_PER_RCPT)) + return; + + array_foreach_elem(&client->rcpt_to, rcpt) { + struct smtp_client_transaction_rcpt *relay_rcpt = + rcpt->backend_context; + + smtp_client_transaction_rcpt_set_data_callback( + relay_rcpt, relay_cmd_data_rcpt_callback, rcpt); + } +} + +static int +backend_relay_cmd_data(struct submission_backend *_backend, + struct smtp_server_cmd_ctx *cmd, + struct smtp_server_transaction *trans, + struct istream *data_input, uoff_t data_size ATTR_UNUSED) +{ + struct submission_backend_relay *backend = + (struct submission_backend_relay *)_backend; + struct relay_cmd_data_context *data_ctx; + + /* start relaying to relay server */ + data_ctx = p_new(trans->pool, struct relay_cmd_data_context, 1); + data_ctx->backend = backend; + data_ctx->cmd = cmd; + data_ctx->trans = trans; + trans->context = (void*)data_ctx; + + i_assert(backend->trans != NULL); + + backend_relay_cmd_data_init_callbacks(backend, trans); + + smtp_client_transaction_send(backend->trans, data_input, + relay_cmd_data_callback, data_ctx); + return 0; +} + +/* + * VRFY command + */ + +struct relay_cmd_vrfy_context { + struct submission_backend_relay *backend; + + struct smtp_server_cmd_ctx *cmd; + + struct smtp_client_command *cmd_relayed; +}; + +static void +relay_cmd_vrfy_destroy(struct smtp_server_cmd_ctx *cmd ATTR_UNUSED, + struct relay_cmd_vrfy_context *vrfy_cmd) +{ + i_assert(vrfy_cmd != NULL); + if (vrfy_cmd->cmd_relayed != NULL) + smtp_client_command_abort(&vrfy_cmd->cmd_relayed); +} + +static void +relay_cmd_vrfy_callback(const struct smtp_reply *relay_reply, + struct relay_cmd_vrfy_context *vrfy_cmd) +{ + i_assert(vrfy_cmd != NULL); + + struct smtp_server_cmd_ctx *cmd = vrfy_cmd->cmd; + struct submission_backend_relay *backend = vrfy_cmd->backend; + struct smtp_reply reply; + + /* finished relaying VRFY command to relay server */ + vrfy_cmd->cmd_relayed = NULL; + + if (!backend_relay_handle_relay_reply(backend, cmd, relay_reply, + &reply)) + return; + + /* RFC 5321, Section 3.5.3: + + A server MUST NOT return a 250 code in response to a VRFY or EXPN + command unless it has actually verified the address. In particular, + a server MUST NOT return 250 if all it has done is to verify that the + syntax given is valid. In that case, 502 (Command not implemented) + or 500 (Syntax error, command unrecognized) SHOULD be returned. As + stated elsewhere, implementation (in the sense of actually validating + addresses and returning information) of VRFY and EXPN are strongly + recommended. Hence, implementations that return 500 or 502 for VRFY + are not in full compliance with this specification. + */ + if (reply.status == 500 || reply.status == 502) { + smtp_server_cmd_vrfy_reply_default(cmd); + return; + } + + if (!smtp_reply_has_enhanced_code(&reply)) { + switch (relay_reply->status) { + case 250: + case 251: + case 252: + reply.enhanced_code = SMTP_REPLY_ENH_CODE(2, 5, 0); + break; + default: + break; + } + } + + smtp_server_reply_forward(cmd, &reply); +} + +static int +backend_relay_cmd_vrfy(struct submission_backend *_backend, + struct smtp_server_cmd_ctx *cmd, const char *param) +{ + struct submission_backend_relay *backend = + (struct submission_backend_relay *)_backend; + struct relay_cmd_vrfy_context *vrfy_cmd; + + vrfy_cmd = p_new(cmd->pool, struct relay_cmd_vrfy_context, 1); + vrfy_cmd->backend = backend; + vrfy_cmd->cmd = cmd; + + smtp_server_command_add_hook(cmd->cmd, SMTP_SERVER_COMMAND_HOOK_DESTROY, + relay_cmd_vrfy_destroy, vrfy_cmd); + vrfy_cmd->cmd_relayed = smtp_client_command_vrfy_submit( + backend->conn, 0, param, relay_cmd_vrfy_callback, vrfy_cmd); + return 0; +} + +/* + * NOOP command + */ + +struct relay_cmd_noop_context { + struct submission_backend_relay *backend; + + struct smtp_server_cmd_ctx *cmd; + + struct smtp_client_command *cmd_relayed; +}; + +static void +relay_cmd_noop_destroy(struct smtp_server_cmd_ctx *cmd ATTR_UNUSED, + struct relay_cmd_noop_context *noop_cmd) +{ + i_assert(noop_cmd != NULL); + if (noop_cmd->cmd_relayed != NULL) + smtp_client_command_abort(&noop_cmd->cmd_relayed); +} + +static void +relay_cmd_noop_callback(const struct smtp_reply *relay_reply, + struct relay_cmd_noop_context *noop_cmd) +{ + i_assert(noop_cmd != NULL); + + struct smtp_server_cmd_ctx *cmd = noop_cmd->cmd; + struct submission_backend_relay *backend = noop_cmd->backend; + struct smtp_reply reply; + + /* finished relaying NOOP command to relay server */ + noop_cmd->cmd_relayed = NULL; + + if (!backend_relay_handle_relay_reply(backend, cmd, relay_reply, + &reply)) + return; + + if (smtp_reply_is_success(&reply)) + smtp_server_cmd_noop_reply_success(cmd); + else + smtp_server_reply_forward(cmd, &reply); +} + +static int +backend_relay_cmd_noop(struct submission_backend *_backend, + struct smtp_server_cmd_ctx *cmd) +{ + struct submission_backend_relay *backend = + (struct submission_backend_relay *)_backend; + struct relay_cmd_noop_context *noop_cmd; + + noop_cmd = p_new(cmd->pool, struct relay_cmd_noop_context, 1); + noop_cmd->backend = backend; + noop_cmd->cmd = cmd; + + smtp_server_command_add_hook(cmd->cmd, SMTP_SERVER_COMMAND_HOOK_DESTROY, + relay_cmd_noop_destroy, noop_cmd); + noop_cmd->cmd_relayed = smtp_client_command_noop_submit( + backend->conn, 0, relay_cmd_noop_callback, noop_cmd); + return 0; +} + +/* + * QUIT command + */ + +struct relay_cmd_quit_context { + struct submission_backend_relay *backend; + + struct smtp_server_cmd_ctx *cmd; + + struct smtp_client_command *cmd_relayed; +}; + +static void +relay_cmd_quit_destroy(struct smtp_server_cmd_ctx *cmd ATTR_UNUSED, + struct relay_cmd_quit_context *quit_cmd) +{ + i_assert(quit_cmd != NULL); + if (quit_cmd->cmd_relayed != NULL) + smtp_client_command_abort(&quit_cmd->cmd_relayed); +} + +static void relay_cmd_quit_relayed_destroy(void *context) +{ + struct relay_cmd_quit_context *quit_cmd = context; + + i_assert(quit_cmd != NULL); + quit_cmd->cmd_relayed = NULL; +} + +static void +relay_cmd_quit_replied(struct smtp_server_cmd_ctx *cmd ATTR_UNUSED, + struct relay_cmd_quit_context *quit_cmd) +{ + if (quit_cmd->cmd_relayed != NULL) + smtp_client_command_abort(&quit_cmd->cmd_relayed); +} + +static void relay_cmd_quit_finish(struct relay_cmd_quit_context *quit_cmd) +{ + struct smtp_server_cmd_ctx *cmd = quit_cmd->cmd; + + quit_cmd->backend->quit_confirmed = TRUE; + if (quit_cmd->cmd_relayed != NULL) + smtp_client_command_abort(&quit_cmd->cmd_relayed); + smtp_server_reply_quit(cmd); +} + +static void +relay_cmd_quit_callback(const struct smtp_reply *relay_reply ATTR_UNUSED, + struct relay_cmd_quit_context *quit_cmd) +{ + i_assert(quit_cmd != NULL); + quit_cmd->cmd_relayed = NULL; + relay_cmd_quit_finish(quit_cmd); +} + +static void relay_cmd_quit_relay(struct relay_cmd_quit_context *quit_cmd) +{ + struct submission_backend_relay *backend = quit_cmd->backend; + struct smtp_server_cmd_ctx *cmd = quit_cmd->cmd; + + if (quit_cmd->cmd_relayed != NULL) + return; + + if (smtp_client_connection_get_state(backend->conn) + < SMTP_CLIENT_CONNECTION_STATE_READY) { + /* Don't bother relaying QUIT command when relay is not + fully initialized. */ + quit_cmd->backend->quit_confirmed = TRUE; + smtp_server_reply_quit(cmd); + return; + } + + /* RFC 5321, Section 4.1.1.10: + + The sender MUST NOT intentionally close the transmission channel + until it sends a QUIT command, and it SHOULD wait until it receives + the reply (even if there was an error response to a previous + command). */ + quit_cmd->cmd_relayed = + smtp_client_command_new(backend->conn, 0, + relay_cmd_quit_callback, quit_cmd); + smtp_client_command_write(quit_cmd->cmd_relayed, "QUIT"); + smtp_client_command_set_abort_callback( + quit_cmd->cmd_relayed, + relay_cmd_quit_relayed_destroy, quit_cmd); + smtp_client_command_submit(quit_cmd->cmd_relayed); +} + +static void +relay_cmd_quit_next(struct smtp_server_cmd_ctx *cmd ATTR_UNUSED, + struct relay_cmd_quit_context *quit_cmd) +{ + /* QUIT command is next to reply */ + relay_cmd_quit_relay(quit_cmd); +} + +static int +backend_relay_cmd_quit(struct submission_backend *_backend, + struct smtp_server_cmd_ctx *cmd) +{ + struct submission_backend_relay *backend = + (struct submission_backend_relay *)_backend; + struct relay_cmd_quit_context *quit_cmd; + + quit_cmd = p_new(cmd->pool, struct relay_cmd_quit_context, 1); + quit_cmd->backend = backend; + quit_cmd->cmd = cmd; + + smtp_server_command_add_hook(cmd->cmd, SMTP_SERVER_COMMAND_HOOK_NEXT, + relay_cmd_quit_next, quit_cmd); + smtp_server_command_add_hook(cmd->cmd, SMTP_SERVER_COMMAND_HOOK_REPLIED, + relay_cmd_quit_replied, quit_cmd); + smtp_server_command_add_hook(cmd->cmd, SMTP_SERVER_COMMAND_HOOK_DESTROY, + relay_cmd_quit_destroy, quit_cmd); + + if (smtp_client_connection_get_state(backend->conn) + >= SMTP_CLIENT_CONNECTION_STATE_READY) + relay_cmd_quit_relay(quit_cmd); + return 0; +} + +/* + * Relay backend + */ + +struct submission_backend_relay * +submission_backend_relay_create( + struct client *client, + const struct submision_backend_relay_settings *set) +{ + struct submission_backend_relay *backend; + struct mail_user *user = client->user; + struct ssl_iostream_settings ssl_set; + struct smtp_client_settings smtp_set; + pool_t pool; + + pool = pool_alloconly_create("submission relay backend", 1024); + backend = p_new(pool, struct submission_backend_relay, 1); + submission_backend_init(&backend->backend, pool, client, + &backend_relay_vfuncs); + + mail_user_init_ssl_client_settings(user, &ssl_set); + if (set->ssl_verify) + ssl_set.verbose_invalid_cert = TRUE; + else + ssl_set.allow_invalid_cert = TRUE; + + /* make relay connection */ + i_zero(&smtp_set); + smtp_set.my_hostname = set->my_hostname; + smtp_set.extra_capabilities = set->extra_capabilities; + smtp_set.ssl = &ssl_set; + smtp_set.debug = user->mail_debug; + + if (set->rawlog_dir != NULL) { + smtp_set.rawlog_dir = + mail_user_home_expand(user, set->rawlog_dir); + } + + if (set->trusted) { + backend->trusted = TRUE; + smtp_set.peer_trusted = TRUE; + + smtp_server_connection_get_proxy_data(client->conn, + &smtp_set.proxy_data); + + if (user->conn.remote_ip != NULL) { + smtp_set.proxy_data.source_ip = + *user->conn.remote_ip; + smtp_set.proxy_data.source_port = + user->conn.remote_port; + } + smtp_set.proxy_data.login = user->username; + smtp_set.xclient_defer = TRUE; + } + + smtp_set.username = set->user; + smtp_set.master_user = set->master_user; + smtp_set.password = set->password; + smtp_set.sasl_mech = set->sasl_mech; + smtp_set.connect_timeout_msecs = set->connect_timeout_msecs; + smtp_set.command_timeout_msecs = set->command_timeout_msecs; + + if (set->path != NULL) { + backend->conn = smtp_client_connection_create_unix( + smtp_client, set->protocol, set->path, &smtp_set); + } else if (set->ip.family == 0) { + backend->conn = smtp_client_connection_create( + smtp_client, set->protocol, set->host, set->port, + set->ssl_mode, &smtp_set); + } else { + backend->conn = smtp_client_connection_create_ip( + smtp_client, set->protocol, &set->ip, set->port, + set->host, set->ssl_mode, &smtp_set); + } + + return backend; +} + +struct submission_backend * +submission_backend_relay_get(struct submission_backend_relay *backend) +{ + return &backend->backend; +} + +struct smtp_client_connection * +submission_backend_relay_get_connection( + struct submission_backend_relay *backend) +{ + return backend->conn; +} + +struct smtp_client_transaction * +submission_backend_relay_get_transaction( + struct submission_backend_relay *backend) +{ + return backend->trans; +} + +static void backend_relay_destroy(struct submission_backend *_backend) +{ + struct submission_backend_relay *backend = + (struct submission_backend_relay *)_backend; + + if (backend->trans != NULL) + smtp_client_transaction_destroy(&backend->trans); + if (backend->conn != NULL) + smtp_client_connection_close(&backend->conn); +} + +static void backend_relay_ready_cb(const struct smtp_reply *reply, + void *context) +{ + struct submission_backend_relay *backend = context; + struct smtp_reply dummy; + + /* check relay status */ + if (!backend_relay_handle_relay_reply(backend, NULL, reply, &dummy)) + return; + if (!smtp_reply_is_success(reply)) { + i_error("Failed to establish relay connection: %s", + smtp_reply_log(reply)); + submission_backend_fail( + &backend->backend, NULL, "4.4.0", + "Failed to establish relay connection"); + return; + } + + /* notify the backend API about the fact that we're ready and propagate + our capabilities */ + submission_backend_started(&backend->backend, + smtp_client_connection_get_capabilities(backend->conn)); +} + +static void backend_relay_start(struct submission_backend *_backend) +{ + struct submission_backend_relay *backend = + (struct submission_backend_relay *)_backend; + + smtp_client_connection_connect(backend->conn, + backend_relay_ready_cb, backend); +} + +/* try to proxy pipelined commands in a similarly pipelined fashion */ +static void +backend_relay_client_input_pre(struct submission_backend *_backend) +{ + struct submission_backend_relay *backend = + (struct submission_backend_relay *)_backend; + + if (backend->conn != NULL) + smtp_client_connection_cork(backend->conn); +} +static void +backend_relay_client_input_post(struct submission_backend *_backend) +{ + struct submission_backend_relay *backend = + (struct submission_backend_relay *)_backend; + + if (backend->conn != NULL) + smtp_client_connection_uncork(backend->conn); +} + +static uoff_t +backend_relay_get_max_mail_size(struct submission_backend *_backend) +{ + struct submission_backend_relay *backend = + (struct submission_backend_relay *)_backend; + + return smtp_client_connection_get_size_capability(backend->conn); +} + +static struct submission_backend_vfuncs backend_relay_vfuncs = { + .destroy = backend_relay_destroy, + + .start = backend_relay_start, + + .client_input_pre = backend_relay_client_input_pre, + .client_input_post = backend_relay_client_input_post, + + .get_max_mail_size = backend_relay_get_max_mail_size, + + .trans_start = backend_relay_trans_start, + .trans_free = backend_relay_trans_free, + + .cmd_helo = backend_relay_cmd_helo, + + .cmd_mail = backend_relay_cmd_mail, + .cmd_rcpt = backend_relay_cmd_rcpt, + .cmd_rset = backend_relay_cmd_rset, + .cmd_data = backend_relay_cmd_data, + + .cmd_vrfy = backend_relay_cmd_vrfy, + .cmd_noop = backend_relay_cmd_noop, + + .cmd_quit = backend_relay_cmd_quit, +}; diff --git a/src/submission/submission-backend-relay.h b/src/submission/submission-backend-relay.h new file mode 100644 index 0000000..82a600a --- /dev/null +++ b/src/submission/submission-backend-relay.h @@ -0,0 +1,64 @@ +#ifndef SUBMISSION_BACKEND_RELAY_H +#define SUBMISSION_BACKEND_RELAY_H + +#include "smtp-client-connection.h" +#include "smtp-client-transaction.h" + +#include "submission-backend.h" + +struct client; +struct submission_backend_relay; + +struct submision_backend_relay_settings { + const char *my_hostname; + + enum smtp_protocol protocol; + const char *path, *host; + struct ip_addr ip; /* if empty, resolve host */ + in_port_t port; + + const char *const *extra_capabilities; + + const char *user, *master_user; + const char *password; + const struct dsasl_client_mech *sasl_mech; + + enum smtp_client_connection_ssl_mode ssl_mode; + + const char *rawlog_dir; + unsigned int max_idle_time; + + unsigned int connect_timeout_msecs; + unsigned int command_timeout_msecs; + + bool ssl_verify:1; + bool trusted:1; +}; + +struct submission_backend_relay * +submission_backend_relay_create( + struct client *client, + const struct submision_backend_relay_settings *set); + +/* Returns the base backend object for this relay backend */ +struct submission_backend * +submission_backend_relay_get(struct submission_backend_relay *backend) + ATTR_PURE; + +/* Returns the client connection for this relay backend */ +struct smtp_client_connection * +submission_backend_relay_get_connection( + struct submission_backend_relay *backend) ATTR_PURE; +/* Returns the current client transaction for this relay backend */ +struct smtp_client_transaction * +submission_backend_relay_get_transaction( + struct submission_backend_relay *backend) ATTR_PURE; + +/* Initializes the client transaction manually, which allows providing + alternative transaction flags. */ +struct smtp_client_transaction * +submission_backend_relay_init_transaction( + struct submission_backend_relay *backend, + enum smtp_client_transaction_flags flags); + +#endif diff --git a/src/submission/submission-backend.c b/src/submission/submission-backend.c new file mode 100644 index 0000000..889a24b --- /dev/null +++ b/src/submission/submission-backend.c @@ -0,0 +1,448 @@ +/* Copyright (c) 2018 Dovecot authors, see the included COPYING file */ + +#include "submission-common.h" +#include "llist.h" +#include "istream.h" +#include "istream-sized.h" + +#include "submission-recipient.h" +#include "submission-client.h" +#include "submission-commands.h" +#include "submission-backend.h" + +struct submission_backend_module_register +submission_backend_module_register = { 0 }; + +void submission_backend_init(struct submission_backend *backend, + pool_t pool, struct client *client, + const struct submission_backend_vfuncs *vfunc) +{ + backend->pool = pool; + backend->client = client; + backend->v = *vfunc; + + p_array_init(&backend->module_contexts, pool, 5); + + client->backends_count++; + DLLIST_PREPEND(&client->backends, backend); +} + +static void submission_backend_destroy(struct submission_backend *backend) +{ + struct client *client = backend->client; + + i_stream_unref(&backend->data_input); + + i_free(backend->fail_enh_code); + i_free(backend->fail_reason); + + DLLIST_REMOVE(&client->backends, backend); + backend->v.destroy(backend); + pool_unref(&backend->pool); +} + +void submission_backends_destroy_all(struct client *client) +{ + while (client->backends != NULL) + submission_backend_destroy(client->backends); + array_clear(&client->rcpt_backends); + client->state.backend = NULL; +} + +void submission_backend_start(struct submission_backend *backend) +{ + if (backend->started) + return; + if (backend->fail_reason != NULL) { + /* Don't restart until failure is reset at transaction end */ + return; + } + backend->started = TRUE; + backend->v.start(backend); +} + +void submission_backend_started(struct submission_backend *backend, + enum smtp_capability caps) +{ + struct client *client = backend->client; + + if (backend == client->backend_default) + client_default_backend_started(client, caps); + backend->ready = TRUE; + if (backend->v.ready != NULL) + backend->v.ready(backend, caps); +} + +static void +submission_backend_fail_rcpts(struct submission_backend *backend) +{ + struct client *client = backend->client; + struct submission_recipient *srcpt; + const char *enh_code = backend->fail_enh_code; + const char *reason = backend->fail_reason; + + i_assert(array_count(&client->rcpt_to) > 0); + + i_assert(reason != NULL); + if (enh_code == NULL) + enh_code = "4.0.0"; + + array_foreach_elem(&client->rcpt_to, srcpt) { + struct smtp_server_recipient *rcpt = srcpt->rcpt; + + if (srcpt->backend != backend) + continue; + if (rcpt->cmd == NULL) + continue; + + smtp_server_recipient_reply(rcpt, 451, enh_code, "%s", reason); + } +} + +static inline void +submission_backend_reply_failure(struct submission_backend *backend, + struct smtp_server_cmd_ctx *cmd) +{ + const char *enh_code = backend->fail_enh_code; + const char *reason = backend->fail_reason; + + if (enh_code == NULL) + enh_code = "4.0.0"; + + i_assert(smtp_server_command_get_reply_count(cmd->cmd) == 1); + smtp_server_reply(cmd, 451, enh_code, "%s", reason); +} + +static inline bool +submission_backend_handle_failure(struct submission_backend *backend, + struct smtp_server_cmd_ctx *cmd) +{ + if (backend->fail_reason == NULL) + return TRUE; + + /* already failed */ + submission_backend_reply_failure(backend, cmd); + return TRUE; +} + +void submission_backend_fail(struct submission_backend *backend, + struct smtp_server_cmd_ctx *cmd, + const char *enh_code, const char *reason) +{ + struct client *client = backend->client; + bool failed_before = (backend->fail_reason != NULL); + + /* Can be called several times */ + + if (backend == client->backend_default) { + /* default backend: fail the whole client */ + client_destroy(&client, enh_code, reason); + return; + } + + /* Non-default backend for this transaction (maybe even for only + some of the approved recipients): fail only the affected + transaction and/or specific recipients. */ + + /* Remember the failure only once */ + if (!failed_before) { + backend->fail_enh_code = i_strdup(enh_code); + backend->fail_reason = i_strdup(reason); + } + if (cmd == NULL) { + /* Called outside command context: just remember the failure */ + } else if (smtp_server_command_get_reply_count(cmd->cmd) > 1) { + /* Fail DATA/BDAT/BURL command expecting several replies */ + submission_backend_fail_rcpts(backend); + } else { + /* Single command */ + submission_backend_reply_failure(backend, cmd); + } + + /* Call the fail vfunc only once */ + if (!failed_before && backend->v.fail != NULL) + backend->v.fail(backend, enh_code, reason); + backend->started = FALSE; + backend->ready = FALSE; +} + +void submission_backends_client_input_pre(struct client *client) +{ + struct submission_backend *backend; + + for (backend = client->backends; backend != NULL; + backend = backend->next) { + if (!backend->started) + continue; + if (backend->v.client_input_pre != NULL) + backend->v.client_input_pre(backend); + + } +} + +void submission_backends_client_input_post(struct client *client) +{ + struct submission_backend *backend; + + for (backend = client->backends; backend != NULL; + backend = backend->next) { + if (!backend->started) + continue; + if (backend->v.client_input_post != NULL) + backend->v.client_input_post(backend); + } +} + +uoff_t submission_backend_get_max_mail_size(struct submission_backend *backend) +{ + if (backend->v.get_max_mail_size != NULL) + return backend->v.get_max_mail_size(backend); + return UOFF_T_MAX; +} + +void submission_backend_trans_start(struct submission_backend *backend, + struct smtp_server_transaction *trans) +{ + submission_backend_start(backend); + + if (backend->trans_started) + return; + backend->trans_started = TRUE; + + if (backend->v.trans_start != NULL) { + backend->v.trans_start(backend, trans, + trans->mail_from, &trans->params); + } +} + +static void +submission_backend_trans_free(struct submission_backend *backend, + struct smtp_server_transaction *trans) +{ + i_stream_unref(&backend->data_input); + if (backend->v.trans_free != NULL) + backend->v.trans_free(backend, trans); + backend->trans_started = FALSE; + + i_free(backend->fail_enh_code); + i_free(backend->fail_reason); +} + +void submission_backends_trans_start(struct client *client, + struct smtp_server_transaction *trans) +{ + struct submission_backend *backend; + + i_assert(client->state.backend != NULL); + submission_backend_trans_start(client->state.backend, trans); + + array_foreach_elem(&client->pending_backends, backend) + submission_backend_trans_start(backend, trans); + array_clear(&client->pending_backends); +} + +void submission_backends_trans_free(struct client *client, + struct smtp_server_transaction *trans) +{ + struct submission_backend *backend; + + i_assert(client->state.backend != NULL || + array_count(&client->rcpt_backends) == 0); + + array_foreach_elem(&client->rcpt_backends, backend) + submission_backend_trans_free(backend, trans); + array_clear(&client->pending_backends); + array_clear(&client->rcpt_backends); + client->state.backend = NULL; +} + +int submission_backend_cmd_helo(struct submission_backend *backend, + struct smtp_server_cmd_ctx *cmd, + struct smtp_server_cmd_helo *data) +{ + /* failure on default backend closes the client connection */ + i_assert(backend->fail_reason == NULL); + + if (!backend->started || backend->v.cmd_helo == NULL) { + /* default backend is not interested, respond right away */ + submission_helo_reply_submit(cmd, data); + return 1; + } + + return backend->v.cmd_helo(backend, cmd, data); +} + +void submission_backend_helo_reply_submit( + struct submission_backend *backend ATTR_UNUSED, + struct smtp_server_cmd_ctx *cmd, struct smtp_server_cmd_helo *data) +{ + submission_helo_reply_submit(cmd, data); +} + +int submission_backend_cmd_mail(struct submission_backend *backend, + struct smtp_server_cmd_ctx *cmd, + struct smtp_server_cmd_mail *data) +{ + if (!submission_backend_handle_failure(backend, cmd)) + return -1; + + submission_backend_start(backend); + + if (backend->v.cmd_mail == NULL) { + /* mail backend is not interested, respond right away */ + return 1; + } + + return backend->v.cmd_mail(backend, cmd, data); +} + +static void +submission_backend_add_pending(struct submission_backend *backend) +{ + struct client *client = backend->client; + struct submission_backend *pending_backend; + + array_foreach_elem(&client->pending_backends, pending_backend) { + if (backend == pending_backend) + return; + } + + array_push_back(&client->pending_backends, &backend); +} + +int submission_backend_cmd_rcpt(struct submission_backend *backend, + struct smtp_server_cmd_ctx *cmd, + struct submission_recipient *srcpt) +{ + struct smtp_server_transaction *trans; + + if (!submission_backend_handle_failure(backend, cmd)) + return -1; + + i_assert(backend->started); + + if (backend->v.cmd_rcpt == NULL) { + /* backend is not interested, respond right away */ + return 1; + } + + trans = smtp_server_connection_get_transaction(cmd->conn); + if (trans != NULL) + submission_backend_trans_start(srcpt->backend, trans); + else + submission_backend_add_pending(srcpt->backend); + + return backend->v.cmd_rcpt(backend, cmd, srcpt); +} + +int submission_backend_cmd_rset(struct submission_backend *backend, + struct smtp_server_cmd_ctx *cmd) +{ + if (!submission_backend_handle_failure(backend, cmd)) + return -1; + + submission_backend_start(backend); + + if (backend->v.cmd_rset == NULL) { + /* backend is not interested, respond right away */ + return 1; + } + return backend->v.cmd_rset(backend, cmd); +} + +static int +submission_backend_cmd_data(struct submission_backend *backend, + struct smtp_server_cmd_ctx *cmd, + struct smtp_server_transaction *trans) +{ + if (backend->fail_reason != NULL) { + submission_backend_fail_rcpts(backend); + return 0; + } + + i_assert(backend->started); + + return backend->v.cmd_data(backend, cmd, trans, + backend->data_input, backend->data_size); +} + +int submission_backends_cmd_data(struct client *client, + struct smtp_server_cmd_ctx *cmd, + struct smtp_server_transaction *trans, + struct istream *data_input, uoff_t data_size) +{ + struct submission_backend *backend; + int ret = 0; + + i_assert(array_count(&client->rcpt_backends) > 0); + + /* Make sure data input stream is at the beginning (plugins may have + messed with it. */ + i_stream_seek(data_input, 0); + + /* create the data_input streams first */ + array_foreach_elem(&client->rcpt_backends, backend) { + backend->data_input = + i_stream_create_sized(data_input, data_size); + backend->data_size = data_size; + } + + /* now that all the streams are created, start reading them + (reading them earlier could have caused the data_input parent's + offset to change) */ + array_foreach_elem(&client->rcpt_backends, backend) { + ret = submission_backend_cmd_data(backend, cmd, trans); + if (ret < 0) + break; + } + + return ret; +} + +int submission_backend_cmd_vrfy(struct submission_backend *backend, + struct smtp_server_cmd_ctx *cmd, + const char *param) +{ + /* failure on default backend closes the client connection */ + i_assert(backend->fail_reason == NULL); + + submission_backend_start(backend); + + if (backend->v.cmd_vrfy == NULL) { + /* backend is not interested, respond right away */ + return 1; + } + return backend->v.cmd_vrfy(backend, cmd, param); +} + +int submission_backend_cmd_noop(struct submission_backend *backend, + struct smtp_server_cmd_ctx *cmd) +{ + /* failure on default backend closes the client connection */ + i_assert(backend->fail_reason == NULL); + + submission_backend_start(backend); + + if (backend->v.cmd_noop == NULL) { + /* backend is not interested, respond right away */ + return 1; + } + return backend->v.cmd_noop(backend, cmd); +} + +int submission_backend_cmd_quit(struct submission_backend *backend, + struct smtp_server_cmd_ctx *cmd) +{ + /* failure on default backend closes the client connection */ + i_assert(backend->fail_reason == NULL); + + if (!backend->started) { + /* quit before backend even started */ + return 1; + } + if (backend->v.cmd_quit == NULL) { + /* backend is not interested, respond right away */ + return 1; + } + return backend->v.cmd_quit(backend, cmd); +} diff --git a/src/submission/submission-backend.h b/src/submission/submission-backend.h new file mode 100644 index 0000000..25d2389 --- /dev/null +++ b/src/submission/submission-backend.h @@ -0,0 +1,170 @@ +#ifndef SUBMISSION_BACKEND_H +#define SUBMISSION_BACKEND_H + +struct submission_recipient; +struct submission_backend; +union submission_backend_module_context; + +struct submission_backend_vfuncs { + void (*destroy)(struct submission_backend *backend); + + void (*start)(struct submission_backend *backend); + void (*ready)(struct submission_backend *backend, + enum smtp_capability caps); + + void (*fail)(struct submission_backend *backend, const char *enh_code, + const char *reason); + + void (*client_input_pre)(struct submission_backend *backend); + void (*client_input_post)(struct submission_backend *backend); + + uoff_t (*get_max_mail_size)(struct submission_backend *backend); + + void (*trans_start)(struct submission_backend *backend, + struct smtp_server_transaction *trans, + const struct smtp_address *path, + const struct smtp_params_mail *params); + void (*trans_free)(struct submission_backend *backend, + struct smtp_server_transaction *trans); + + /* Command handlers: + + These implement the behavior of the various core SMTP commands. + SMTP commands are handled asynchronously, which means that the + command is not necessarily finished when these handlers end. A + command is finished either when 1 is returned or a reply is submitted + for it. When a handler returns 0, the command implementation is + waiting for an external event and when it returns -1 an error + occurred. When 1 is returned, a default success reply is submitted + implicitly. Not submitting an error reply when -1 is returned causes + an assert fail. See src/lib-smtp/smtp-server.h for details. + + When overriding these handler vfuncs, the base implementation should + usually be called at some point. When it is called immediately, its + result can be returned as normal. When the override returns 0, the + base implementation would be called at a later time when some + external state is achieved. Note that the overriding function then + assumes the responsibility to submit the default reply when none is + submitted and the base implementation returns 1. + + Also note that only the default backend actually triggers all of + these command callbacks. Secondary backends only get called for + transaction commands and only when that backend is tied to the + transaction somehow; e.g., as the primary transaction backend or when + it is tied to one of the approved recipients. + */ + int (*cmd_helo)(struct submission_backend *backend, + struct smtp_server_cmd_ctx *cmd, + struct smtp_server_cmd_helo *data); + + int (*cmd_mail)(struct submission_backend *backend, + struct smtp_server_cmd_ctx *cmd, + struct smtp_server_cmd_mail *data); + int (*cmd_rcpt)(struct submission_backend *backend, + struct smtp_server_cmd_ctx *cmd, + struct submission_recipient *srcpt); + int (*cmd_rset)(struct submission_backend *backend, + struct smtp_server_cmd_ctx *cmd); + int (*cmd_data)(struct submission_backend *backend, + struct smtp_server_cmd_ctx *cmd, + struct smtp_server_transaction *trans, + struct istream *data_input, uoff_t data_size); + + int (*cmd_vrfy)(struct submission_backend *backend, + struct smtp_server_cmd_ctx *cmd, + const char *param); + int (*cmd_noop)(struct submission_backend *backend, + struct smtp_server_cmd_ctx *cmd); + + int (*cmd_quit)(struct submission_backend *backend, + struct smtp_server_cmd_ctx *cmd); +}; + +struct submission_backend { + pool_t pool; + struct client *client; + + struct submission_backend *prev, *next; + + struct submission_backend_vfuncs v; + + struct istream *data_input; + uoff_t data_size; + + char *fail_enh_code; + char *fail_reason; + + /* Module-specific contexts. */ + ARRAY(union submission_backend_module_context *) module_contexts; + + bool started:1; + bool ready:1; + bool trans_started:1; +}; + +struct submission_backend_module_register { + unsigned int id; +}; + +union submission_backend_module_context { + struct submission_backend_module_register *reg; +}; +extern struct submission_backend_module_register +submission_backend_module_register; + +void submission_backend_init(struct submission_backend *backend, + pool_t pool, struct client *client, + const struct submission_backend_vfuncs *vfunc); +void submission_backends_destroy_all(struct client *client); + +void submission_backend_start(struct submission_backend *backend); +void submission_backend_started(struct submission_backend *backend, + enum smtp_capability caps); + +void submission_backend_fail(struct submission_backend *backend, + struct smtp_server_cmd_ctx *cmd, + const char *enh_code, const char *reason) + ATTR_NULL(2); + +void submission_backends_client_input_pre(struct client *client); +void submission_backends_client_input_post(struct client *client); + +uoff_t submission_backend_get_max_mail_size(struct submission_backend *backend); + +void submission_backend_trans_start(struct submission_backend *backend, + struct smtp_server_transaction *trans); +void submission_backends_trans_start(struct client *client, + struct smtp_server_transaction *trans); +void submission_backends_trans_free(struct client *client, + struct smtp_server_transaction *trans); + +void submission_backend_helo_reply_submit(struct submission_backend *backend, + struct smtp_server_cmd_ctx *cmd, + struct smtp_server_cmd_helo *data); +int submission_backend_cmd_helo(struct submission_backend *backend, + struct smtp_server_cmd_ctx *cmd, + struct smtp_server_cmd_helo *data); + +int submission_backend_cmd_mail(struct submission_backend *backend, + struct smtp_server_cmd_ctx *cmd, + struct smtp_server_cmd_mail *data); +int submission_backend_cmd_rcpt(struct submission_backend *backend, + struct smtp_server_cmd_ctx *cmd, + struct submission_recipient *srcpt); +int submission_backend_cmd_rset(struct submission_backend *backend, + struct smtp_server_cmd_ctx *cmd); +int submission_backends_cmd_data(struct client *client, + struct smtp_server_cmd_ctx *cmd, + struct smtp_server_transaction *trans, + struct istream *data_input, uoff_t data_size); + +int submission_backend_cmd_vrfy(struct submission_backend *backend, + struct smtp_server_cmd_ctx *cmd, + const char *param); +int submission_backend_cmd_noop(struct submission_backend *backend, + struct smtp_server_cmd_ctx *cmd); + +int submission_backend_cmd_quit(struct submission_backend *backend, + struct smtp_server_cmd_ctx *cmd); + +#endif diff --git a/src/submission/submission-client.c b/src/submission/submission-client.c new file mode 100644 index 0000000..2ced163 --- /dev/null +++ b/src/submission/submission-client.c @@ -0,0 +1,555 @@ +/* Copyright (c) 2013-2018 Dovecot authors, see the included COPYING file */ + +#include "submission-common.h" +#include "array.h" +#include "ioloop.h" +#include "base64.h" +#include "str.h" +#include "llist.h" +#include "net.h" +#include "istream.h" +#include "ostream.h" +#include "hostpid.h" +#include "var-expand.h" +#include "settings-parser.h" +#include "master-service.h" +#include "master-service-settings.h" +#include "mail-namespace.h" +#include "mail-storage.h" +#include "mail-storage-service.h" +#include "raw-storage.h" +#include "imap-urlauth.h" +#include "smtp-syntax.h" +#include "smtp-client-connection.h" + +#include "submission-backend-relay.h" +#include "submission-recipient.h" +#include "submission-commands.h" +#include "submission-settings.h" + +#include <unistd.h> + +/* max. length of input command line */ +#define MAX_INBUF_SIZE 4096 + +/* Stop reading input when output buffer has this many bytes. Once the buffer + size has dropped to half of it, start reading input again. */ +#define OUTBUF_THROTTLE_SIZE 4096 + +/* Disconnect client when it sends too many bad commands in a row */ +#define CLIENT_MAX_BAD_COMMANDS 20 + +/* Disconnect client after idling this many milliseconds */ +#define CLIENT_IDLE_TIMEOUT_MSECS (10*60*1000) + +static const struct smtp_server_callbacks smtp_callbacks; +static const struct submission_client_vfuncs submission_client_vfuncs; + +struct submission_module_register submission_module_register = { 0 }; + +struct client *submission_clients; +unsigned int submission_client_count; + +static void client_input_pre(void *context) +{ + struct client *client = context; + + submission_backends_client_input_pre(client); +} +static void client_input_post(void *context) +{ + struct client *client = context; + + submission_backends_client_input_post(client); +} + +static void client_parse_backend_capabilities(struct client *client) +{ + const struct submission_settings *set = client->set; + const char *const *str; + + client->backend_capabilities = SMTP_CAPABILITY_NONE; + if (set->submission_backend_capabilities == NULL) + return; + + str = t_strsplit_spaces(set->submission_backend_capabilities, " ,"); + for (; *str != NULL; str++) { + enum smtp_capability cap = smtp_capability_find_by_name(*str); + + if (cap == SMTP_CAPABILITY_NONE) { + i_warning("Unknown SMTP capability in submission_backend_capabilities: " + "%s", *str); + continue; + } + + client->backend_capabilities |= cap; + } + + /* Make sure CHUNKING support is always enabled when BINARYMIME is + enabled by explicit configuration. */ + if (HAS_ALL_BITS(client->backend_capabilities, + SMTP_CAPABILITY_BINARYMIME)) { + client->backend_capabilities |= SMTP_CAPABILITY_CHUNKING; + } + + client->backend_capabilities_configured = TRUE; +} + +void client_apply_backend_capabilities(struct client *client) +{ + enum smtp_capability caps = client->backend_capabilities; + + /* propagate capabilities */ + caps |= SMTP_CAPABILITY_AUTH | SMTP_CAPABILITY_PIPELINING | + SMTP_CAPABILITY_SIZE | SMTP_CAPABILITY_ENHANCEDSTATUSCODES | + SMTP_CAPABILITY_CHUNKING | SMTP_CAPABILITY_BURL; + caps &= SUBMISSION_SUPPORTED_SMTP_CAPABILITIES; + smtp_server_connection_set_capabilities(client->conn, caps); +} + +void client_default_backend_started(struct client *client, + enum smtp_capability caps) +{ + /* propagate capabilities from backend to frontend */ + if (!client->backend_capabilities_configured) { + client->backend_capabilities = caps; + client_apply_backend_capabilities(client); + + /* resume the server now that we have the backend + capabilities */ + smtp_server_connection_resume(client->conn); + } +} + +static void +client_create_backend_default(struct client *client, + const struct submission_settings *set) +{ + struct submision_backend_relay_settings relay_set; + + i_zero(&relay_set); + relay_set.my_hostname = set->hostname; + relay_set.protocol = SMTP_PROTOCOL_SMTP; + relay_set.host = set->submission_relay_host; + relay_set.port = set->submission_relay_port; + relay_set.user = set->submission_relay_user; + relay_set.master_user = set->submission_relay_master_user; + relay_set.password = set->submission_relay_password; + relay_set.rawlog_dir = set->submission_relay_rawlog_dir; + relay_set.max_idle_time = set->submission_relay_max_idle_time; + relay_set.connect_timeout_msecs = set->submission_relay_connect_timeout; + relay_set.command_timeout_msecs = set->submission_relay_command_timeout; + relay_set.trusted = set->submission_relay_trusted; + + if (strcmp(set->submission_relay_ssl, "smtps") == 0) + relay_set.ssl_mode = SMTP_CLIENT_SSL_MODE_IMMEDIATE; + else if (strcmp(set->submission_relay_ssl, "starttls") == 0) + relay_set.ssl_mode = SMTP_CLIENT_SSL_MODE_STARTTLS; + else + relay_set.ssl_mode = SMTP_CLIENT_SSL_MODE_NONE; + relay_set.ssl_verify = set->submission_relay_ssl_verify; + + client->backend_default_relay = + submission_backend_relay_create(client, &relay_set); + client->backend_default = + submission_backend_relay_get(client->backend_default_relay); +} + +static void client_init_urlauth(struct client *client) +{ + static const char *access_apps[] = { "submit+", NULL }; + struct imap_urlauth_config config; + + i_zero(&config); + config.url_host = client->set->imap_urlauth_host; + config.url_port = client->set->imap_urlauth_port; + config.socket_path = t_strconcat(client->user->set->base_dir, + "/"IMAP_URLAUTH_SOCKET_NAME, NULL); + config.session_id = client->user->session_id; + config.access_anonymous = client->user->anonymous; + config.access_user = client->user->username; + config.access_service = "submission"; + config.access_applications = access_apps; + + client->urlauth_ctx = imap_urlauth_init(client->user, &config); +} + +struct client * +client_create(int fd_in, int fd_out, struct mail_user *user, + struct mail_storage_service_user *service_user, + const struct submission_settings *set, const char *helo, + const struct smtp_proxy_data *proxy_data, + const unsigned char *pdata, unsigned int pdata_len, + bool no_greeting) +{ + enum submission_client_workarounds workarounds = + set->parsed_workarounds; + const struct mail_storage_settings *mail_set; + struct smtp_server_settings smtp_set; + const char *ident; + struct client *client; + pool_t pool; + + /* always use nonblocking I/O */ + net_set_nonblock(fd_in, TRUE); + net_set_nonblock(fd_out, TRUE); + + pool = pool_alloconly_create("submission client", 2048); + client = p_new(pool, struct client, 1); + client->pool = pool; + client->v = submission_client_vfuncs; + client->user = user; + client->service_user = service_user; + client->set = set; + + i_array_init(&client->pending_backends, 4); + i_array_init(&client->rcpt_to, 8); + i_array_init(&client->rcpt_backends, 8); + + i_zero(&smtp_set); + smtp_set.hostname = set->hostname; + smtp_set.login_greeting = set->login_greeting; + smtp_set.max_recipients = set->submission_max_recipients; + smtp_set.max_client_idle_time_msecs = CLIENT_IDLE_TIMEOUT_MSECS; + smtp_set.max_message_size = set->submission_max_mail_size; + smtp_set.rawlog_dir = set->rawlog_dir; + smtp_set.no_greeting = no_greeting; + smtp_set.debug = user->mail_debug; + + if ((workarounds & SUBMISSION_WORKAROUND_WHITESPACE_BEFORE_PATH) != 0) { + smtp_set.workarounds |= + SMTP_SERVER_WORKAROUND_WHITESPACE_BEFORE_PATH; + } + if ((workarounds & SUBMISSION_WORKAROUND_MAILBOX_FOR_PATH) != 0) { + smtp_set.workarounds |= + SMTP_SERVER_WORKAROUND_MAILBOX_FOR_PATH; + } + + client_parse_backend_capabilities(client); + + p_array_init(&client->module_contexts, client->pool, 5); + + client->conn = smtp_server_connection_create(smtp_server, + fd_in, fd_out, user->conn.remote_ip, user->conn.remote_port, + FALSE, &smtp_set, &smtp_callbacks, client); + smtp_server_connection_set_proxy_data(client->conn, proxy_data); + smtp_server_connection_login(client->conn, client->user->username, helo, + pdata, pdata_len, user->conn.ssl_secured); + + client_create_backend_default(client, set); + + mail_set = mail_user_set_get_storage_set(user); + if (*set->imap_urlauth_host != '\0' && + *mail_set->mail_attribute_dict != '\0') { + /* Enable BURL capability only when urlauth dict is + configured correctly */ + client_init_urlauth(client); + } + + submission_client_count++; + DLLIST_PREPEND(&submission_clients, client); + + ident = mail_user_get_anvil_userip_ident(client->user); + if (ident != NULL) { + master_service_anvil_send( + master_service, t_strconcat( + "CONNECT\t", my_pid, "\tsubmission/", ident, + "\n", NULL)); + client->anvil_sent = TRUE; + } + + if (hook_client_created != NULL) + hook_client_created(&client); + + if (user->anonymous && !client->anonymous_allowed) { + smtp_server_connection_abort( + &client->conn, 534, "5.7.9", + "Anonymous login is not allowed for submission"); + } else if (client->backend_capabilities_configured) { + client_apply_backend_capabilities(client); + smtp_server_connection_start(client->conn); + } else { + submission_backend_start(client->backend_default); + smtp_server_connection_start_pending(client->conn); + } + + submission_refresh_proctitle(); + return client; +} + +static void client_state_reset(struct client *client) +{ + i_free(client->state.args); + i_stream_unref(&client->state.data_input); + pool_unref(&client->state.pool); + + i_zero(&client->state); +} + +void client_destroy(struct client **_client, const char *prefix, + const char *reason) +{ + struct client *client = *_client; + struct smtp_server_connection *conn = client->conn; + + *_client = NULL; + + smtp_server_connection_terminate( + &conn, (prefix == NULL ? "4.0.0" : prefix), reason); +} + +static void +client_default_destroy(struct client *client) +{ + i_assert(client->disconnected); + + if (client->destroyed) + return; + client->destroyed = TRUE; + + submission_backends_destroy_all(client); + array_free(&client->pending_backends); + array_free(&client->rcpt_to); + array_free(&client->rcpt_backends); + + submission_client_count--; + DLLIST_REMOVE(&submission_clients, client); + + if (client->anvil_sent) { + master_service_anvil_send( + master_service, t_strconcat( + "DISCONNECT\t", my_pid, "\tsubmission/", + mail_user_get_anvil_userip_ident(client->user), + "\n", NULL)); + } + + if (client->urlauth_ctx != NULL) + imap_urlauth_deinit(&client->urlauth_ctx); + + mail_user_deinit(&client->user); + mail_storage_service_user_unref(&client->service_user); + + client_state_reset(client); + + pool_unref(&client->pool); + + master_service_client_connection_destroyed(master_service); + submission_refresh_proctitle(); +} + +static void +client_connection_trans_start(void *context, + struct smtp_server_transaction *trans) +{ + struct client *client = context; + + client->state.pool = + pool_alloconly_create("submission client state", 1024); + + client->v.trans_start(client, trans); +} + +static void +client_default_trans_start(struct client *client, + struct smtp_server_transaction *trans) +{ + submission_backends_trans_start(client, trans); +} + +static void +client_connection_trans_free(void *context, + struct smtp_server_transaction *trans) +{ + struct client *client = context; + + client->v.trans_free(client, trans); +} + +static void +client_default_trans_free(struct client *client, + struct smtp_server_transaction *trans) +{ + array_clear(&client->rcpt_to); + + submission_backends_trans_free(client, trans); + client_state_reset(client); +} + +static void +client_connection_state_changed(void *context ATTR_UNUSED, + enum smtp_server_state new_state, + const char *new_args) +{ + struct client *client = context; + + i_free(client->state.args); + + client->state.state = new_state; + client->state.args = i_strdup(new_args); + + if (submission_client_count == 1) + submission_refresh_proctitle(); +} + +static const char *client_stats(struct client *client) +{ + const struct smtp_server_stats *stats = + smtp_server_connection_get_stats(client->conn); + const char *trans_id = + smtp_server_connection_get_transaction_id(client->conn); + const struct var_expand_table logout_tab[] = { + { 'i', dec2str(stats->input), "input" }, + { 'o', dec2str(stats->output), "output" }, + { '\0', dec2str(stats->command_count), "command_count" }, + { '\0', dec2str(stats->reply_count), "reply_count" }, + { '\0', trans_id, "transaction_id" }, + { '\0', NULL, NULL } + }; + const struct var_expand_table *user_tab = + mail_user_var_expand_table(client->user); + const struct var_expand_table *tab = + t_var_expand_merge_tables(logout_tab, user_tab); + string_t *str; + const char *error; + + str = t_str_new(128); + if (var_expand_with_funcs(str, client->set->submission_logout_format, + tab, mail_user_var_expand_func_table, + client->user, &error) < 0) { + i_error("Failed to expand submission_logout_format=%s: %s", + client->set->submission_logout_format, error); + } + return str_c(str); +} + +static void client_connection_disconnect(void *context, const char *reason) +{ + struct client *client = context; + const char *log_reason; + + if (client->disconnected) + return; + client->disconnected = TRUE; + + timeout_remove(&client->to_quit); + submission_backends_destroy_all(client); + + if (array_is_created(&client->rcpt_to)) + array_clear(&client->rcpt_to); + + if (reason == NULL) + log_reason = "Connection closed"; + else + log_reason = t_str_oneline(reason); + i_info("Disconnected: %s %s", log_reason, client_stats(client)); +} + +static void client_connection_free(void *context) +{ + struct client *client = context; + + client->v.destroy(client); +} + +uoff_t client_get_max_mail_size(struct client *client) +{ + struct submission_backend *backend; + uoff_t max_size, limit; + + /* Account for backend SIZE limits and calculate our own relative to + those. */ + max_size = client->set->submission_max_mail_size; + if (max_size == 0) + max_size = UOFF_T_MAX; + for (backend = client->backends; backend != NULL; + backend = backend->next) { + limit = submission_backend_get_max_mail_size(backend); + + if (limit <= SUBMISSION_MAX_ADDITIONAL_MAIL_SIZE) + continue; + limit -= SUBMISSION_MAX_ADDITIONAL_MAIL_SIZE; + if (limit < max_size) + max_size = limit; + } + + return max_size; +} + +void client_add_extra_capability(struct client *client, const char *capability, + const char *params) +{ + struct client_extra_capability cap; + + /* Don't add capabilties handled by lib-smtp here */ + i_assert(smtp_capability_find_by_name(capability) + == SMTP_CAPABILITY_NONE); + + /* Avoid committing protocol errors */ + i_assert(smtp_ehlo_keyword_is_valid(capability)); + i_assert(params == NULL || smtp_ehlo_params_str_is_valid(params)); + + i_zero(&cap); + cap.capability = p_strdup(client->pool, capability); + cap.params = p_strdup(client->pool, params); + + if (!array_is_created(&client->extra_capabilities)) + p_array_init(&client->extra_capabilities, client->pool, 5); + + array_push_back(&client->extra_capabilities, &cap); +} + +void clients_destroy_all(void) +{ + while (submission_clients != NULL) { + struct client *client = submission_clients; + + mail_storage_service_io_activate_user(client->service_user); + client_destroy(&client, "4.3.2", "Shutting down"); + } +} + +static const struct smtp_server_callbacks smtp_callbacks = { + .conn_cmd_helo = cmd_helo, + + .conn_cmd_mail = cmd_mail, + .conn_cmd_rcpt = cmd_rcpt, + .conn_cmd_rset = cmd_rset, + + .conn_cmd_data_begin = cmd_data_begin, + .conn_cmd_data_continue = cmd_data_continue, + + .conn_cmd_vrfy = cmd_vrfy, + + .conn_cmd_noop = cmd_noop, + .conn_cmd_quit = cmd_quit, + + .conn_cmd_input_pre = client_input_pre, + .conn_cmd_input_post = client_input_post, + + .conn_trans_start = client_connection_trans_start, + .conn_trans_free = client_connection_trans_free, + + .conn_state_changed = client_connection_state_changed, + + .conn_disconnect = client_connection_disconnect, + .conn_free = client_connection_free, +}; + +static const struct submission_client_vfuncs submission_client_vfuncs = { + client_default_destroy, + + .trans_start = client_default_trans_start, + .trans_free = client_default_trans_free, + + .cmd_helo = client_default_cmd_helo, + + .cmd_mail = client_default_cmd_mail, + .cmd_rcpt = client_default_cmd_rcpt, + .cmd_rset = client_default_cmd_rset, + .cmd_data = client_default_cmd_data, + + .cmd_vrfy = client_default_cmd_vrfy, + + .cmd_noop = client_default_cmd_noop, + .cmd_quit = client_default_cmd_quit, +}; diff --git a/src/submission/submission-client.h b/src/submission/submission-client.h new file mode 100644 index 0000000..4bafd03 --- /dev/null +++ b/src/submission/submission-client.h @@ -0,0 +1,161 @@ +#ifndef CLIENT_H +#define CLIENT_H + +#include "net.h" + +struct smtp_reply; + +struct submission_recipient; +struct submission_backend; +struct submission_backend_relay; +struct client; + +struct client_state { + pool_t pool; + enum smtp_server_state state; + char *args; + + struct submission_backend *backend; + struct istream *data_input; + uoff_t data_size; + + bool anonymous_allowed:1; +}; + +struct client_extra_capability { + const char *capability; + const char *params; +}; + +struct submission_client_vfuncs { + void (*destroy)(struct client *client); + + void (*trans_start)(struct client *client, + struct smtp_server_transaction *trans); + void (*trans_free)(struct client *client, + struct smtp_server_transaction *trans); + + /* Command handlers: + + These implement the behavior of the various core SMTP commands. + SMTP commands are handled asynchronously, which means that the + command is not necessarily finished when these handlers end. A + command is finished either when 1 is returned or a reply is submitted + for it. When a handler returns 0, the command implementation is + waiting for an external event and when it returns -1 an error + occurred. When 1 is returned, a default success reply is submitted + implicitly. Not submitting an error reply when -1 is returned causes + an assert fail. See src/lib-smtp/smtp-server.h for details. + + When overriding these handler vfuncs, the base implementation should + usually be called at some point. When it is called immediately, its + result can be returned as normal. When the override returns 0, the + base implementation would be called at a later time when some + external state is achieved. Note that the overriding function then + assumes the responsibility to submit the default reply when none is + submitted and the base implementation returns 1. + */ + int (*cmd_helo)(struct client *client, struct smtp_server_cmd_ctx *cmd, + struct smtp_server_cmd_helo *data); + + int (*cmd_mail)(struct client *client, struct smtp_server_cmd_ctx *cmd, + struct smtp_server_cmd_mail *data); + int (*cmd_rcpt)(struct client *client, + struct smtp_server_cmd_ctx *cmd, + struct submission_recipient *srcpt); + int (*cmd_rset)(struct client *client, struct smtp_server_cmd_ctx *cmd); + int (*cmd_data)(struct client *client, + struct smtp_server_cmd_ctx *cmd, + struct smtp_server_transaction *trans, + struct istream *data_input, uoff_t data_size); + + int (*cmd_vrfy)(struct client *client, struct smtp_server_cmd_ctx *cmd, + const char *param); + + int (*cmd_noop)(struct client *client, struct smtp_server_cmd_ctx *cmd); + int (*cmd_quit)(struct client *client, struct smtp_server_cmd_ctx *cmd); +}; + +struct client { + struct client *prev, *next; + pool_t pool; + + struct submission_client_vfuncs v; + + const struct setting_parser_info *user_set_info; + const struct submission_settings *set; + + struct smtp_server_connection *conn; + struct client_state state; + ARRAY(struct submission_backend *) pending_backends; + ARRAY(struct submission_recipient *) rcpt_to; + ARRAY(struct submission_backend *) rcpt_backends; + + struct mail_storage_service_user *service_user; + struct mail_user *user; + + /* IMAP URLAUTH context (RFC4467) for BURL (RFC4468) */ + struct imap_urlauth_context *urlauth_ctx; + + struct timeout *to_quit; + + enum smtp_capability backend_capabilities; + struct submission_backend *backend_default; + struct submission_backend_relay *backend_default_relay; + struct submission_backend *backends; + unsigned int backends_count; + + /* Extra (non-standard) capabilities */ + ARRAY(struct client_extra_capability) extra_capabilities; + + /* Module-specific contexts. */ + ARRAY(union submission_module_context *) module_contexts; + + bool standalone:1; + bool disconnected:1; + bool destroyed:1; + bool anvil_sent:1; + bool backend_capabilities_configured:1; + bool anonymous_allowed:1; +}; + +struct submission_module_register { + unsigned int id; +}; + +union submission_module_context { + struct submission_client_vfuncs super; + struct submission_module_register *reg; +}; +extern struct submission_module_register submission_module_register; + +extern struct client *submission_clients; +extern unsigned int submission_client_count; + +struct client * +client_create(int fd_in, int fd_out, struct mail_user *user, + struct mail_storage_service_user *service_user, + const struct submission_settings *set, const char *helo, + const struct smtp_proxy_data *proxy_data, + const unsigned char *pdata, unsigned int pdata_len, + bool no_greeting); +void client_destroy(struct client **client, const char *prefix, + const char *reason) ATTR_NULL(2, 3); + +typedef void (*client_input_callback_t)(struct client *context); + +void client_apply_backend_capabilities(struct client *client); +void client_default_backend_started(struct client *client, + enum smtp_capability caps); + +uoff_t client_get_max_mail_size(struct client *client); + +void client_add_extra_capability(struct client *client, const char *capability, + const char *params) ATTR_NULL(2); + +int client_input_read(struct client *client); +int client_handle_input(struct client *client); + +void clients_destroy_all(void); + +#endif diff --git a/src/submission/submission-commands.c b/src/submission/submission-commands.c new file mode 100644 index 0000000..8f6fbfb --- /dev/null +++ b/src/submission/submission-commands.c @@ -0,0 +1,615 @@ +/* Copyright (c) 2013-2018 Dovecot authors, see the included COPYING file */ + +#include "submission-common.h" +#include "str.h" +#include "istream.h" +#include "istream-concat.h" +#include "istream-seekable.h" +#include "mail-storage.h" +#include "imap-url.h" +#include "imap-msgpart.h" +#include "imap-msgpart-url.h" +#include "imap-urlauth.h" +#include "imap-urlauth-fetch.h" + +#include "submission-recipient.h" +#include "submission-commands.h" +#include "submission-backend-relay.h" + +/* + * EHLO, HELO commands + */ + +static void +submission_helo_reply_add_extra(struct client *client, + struct smtp_server_reply *reply) +{ + const struct client_extra_capability *cap; + + if (!array_is_created(&client->extra_capabilities)) + return; + + array_foreach(&client->extra_capabilities, cap) { + if (cap->params == NULL) { + smtp_server_reply_ehlo_add(reply, cap->capability); + } else { + smtp_server_reply_ehlo_add_param(reply, cap->capability, + "%s", cap->params); + } + } +} + +void submission_helo_reply_submit(struct smtp_server_cmd_ctx *cmd, + struct smtp_server_cmd_helo *data) +{ + struct client *client = smtp_server_connection_get_context(cmd->conn); + enum smtp_capability backend_caps = client->backend_capabilities; + struct smtp_server_reply *reply; + uoff_t cap_size; + + reply = smtp_server_reply_create_ehlo(cmd->cmd); + if (!data->helo.old_smtp) { + string_t *burl_params = t_str_new(256); + + str_append(burl_params, "imap"); + if (*client->set->imap_urlauth_host == '\0' || + strcmp(client->set->imap_urlauth_host, + URL_HOST_ALLOW_ANY) == 0) { + str_printfa(burl_params, " imap://%s", + client->set->hostname); + } else { + str_printfa(burl_params, " imap://%s", + client->set->imap_urlauth_host); + } + if (client->set->imap_urlauth_port != 143) { + str_printfa(burl_params, ":%u", + client->set->imap_urlauth_port); + } + + if ((backend_caps & SMTP_CAPABILITY_8BITMIME) != 0) + smtp_server_reply_ehlo_add(reply, "8BITMIME"); + smtp_server_reply_ehlo_add(reply, "AUTH"); + if ((backend_caps & SMTP_CAPABILITY_BINARYMIME) != 0 && + (backend_caps & SMTP_CAPABILITY_CHUNKING) != 0) + smtp_server_reply_ehlo_add(reply, "BINARYMIME"); + smtp_server_reply_ehlo_add_param(reply, + "BURL", "%s", str_c(burl_params)); + smtp_server_reply_ehlo_add(reply, "CHUNKING"); + if ((backend_caps & SMTP_CAPABILITY_DSN) != 0) + smtp_server_reply_ehlo_add(reply, "DSN"); + smtp_server_reply_ehlo_add(reply, + "ENHANCEDSTATUSCODES"); + smtp_server_reply_ehlo_add(reply, + "PIPELINING"); + + cap_size = client_get_max_mail_size(client); + if (cap_size > 0) { + smtp_server_reply_ehlo_add_param(reply, + "SIZE", "%"PRIuUOFF_T, cap_size); + } else { + smtp_server_reply_ehlo_add(reply, "SIZE"); + } + if ((backend_caps & SMTP_CAPABILITY_VRFY) != 0) + smtp_server_reply_ehlo_add(reply, "VRFY"); + + submission_helo_reply_add_extra(client, reply); + } + smtp_server_reply_submit(reply); +} + +int cmd_helo(void *conn_ctx, struct smtp_server_cmd_ctx *cmd, + struct smtp_server_cmd_helo *data) +{ + struct client *client = conn_ctx; + + if (!data->first || + smtp_server_connection_get_state(client->conn, NULL) + >= SMTP_SERVER_STATE_READY) + return client->v.cmd_helo(client, cmd, data); + + /* respond right away */ + submission_helo_reply_submit(cmd, data); + return 1; +} + +int client_default_cmd_helo(struct client *client, + struct smtp_server_cmd_ctx *cmd, + struct smtp_server_cmd_helo *data) +{ + return submission_backend_cmd_helo(client->backend_default, cmd, data); +} + + +/* + * MAIL command + */ + +int cmd_mail(void *conn_ctx, struct smtp_server_cmd_ctx *cmd, + struct smtp_server_cmd_mail *data) +{ + struct client *client = conn_ctx; + + client->state.backend = client->backend_default; + + return client->v.cmd_mail(client, cmd, data); +} + +int client_default_cmd_mail(struct client *client, + struct smtp_server_cmd_ctx *cmd, + struct smtp_server_cmd_mail *data) +{ + if (client->user->anonymous && !client->state.anonymous_allowed) { + /* NOTE: may need to allow anonymous BURL access in the future, + but while that is not supported, deny all anonymous access + explicitly. */ + smtp_server_reply(cmd, 554, "5.7.1", + "Access denied (anonymous user)"); + return -1; + } + + return submission_backend_cmd_mail(client->state.backend, cmd, data); +} + +/* + * RCPT command + */ + +int cmd_rcpt(void *conn_ctx, struct smtp_server_cmd_ctx *cmd, + struct smtp_server_recipient *rcpt) +{ + struct client *client = conn_ctx; + struct submission_recipient *srcpt; + + srcpt = submission_recipient_create(client, rcpt); + + return client->v.cmd_rcpt(client, cmd, srcpt); +} + +int client_default_cmd_rcpt(struct client *client ATTR_UNUSED, + struct smtp_server_cmd_ctx *cmd, + struct submission_recipient *srcpt) +{ + if (client->user->anonymous && !srcpt->anonymous_allowed) { + /* NOTE: may need to allow anonymous BURL access in the future, + but while that is not supported, deny all anonymous access + explicitly. */ + smtp_server_recipient_reply( + srcpt->rcpt, 554, "5.7.1", + "Access denied (anonymous user)"); + return -1; + } + + return submission_backend_cmd_rcpt(srcpt->backend, cmd, srcpt); +} + +/* + * RSET command + */ + +int cmd_rset(void *conn_ctx, struct smtp_server_cmd_ctx *cmd) +{ + struct client *client = conn_ctx; + + return client->v.cmd_rset(client, cmd); +} + +int client_default_cmd_rset(struct client *client, + struct smtp_server_cmd_ctx *cmd) +{ + struct submission_backend *backend = client->state.backend; + + if (backend == NULL) + backend = client->backend_default; + + /* all backends will also be notified through trans_free(), but that + doesn't allow changing the RSET command response. */ + return submission_backend_cmd_rset(backend, cmd); +} + +/* + * DATA/BDAT commands + */ + +int cmd_data_continue(void *conn_ctx, struct smtp_server_cmd_ctx *cmd, + struct smtp_server_transaction *trans) +{ + struct client *client = conn_ctx; + struct istream *data_input = client->state.data_input; + uoff_t data_size; + struct istream *inputs[3]; + string_t *added_headers; + const unsigned char *data; + size_t size; + int ret; + + while ((ret = i_stream_read_more(data_input, &data, &size)) > 0) { + i_stream_skip(data_input, size); + if (!smtp_server_cmd_data_check_size(cmd)) + return -1; + } + + if (ret == 0) + return 0; + if (ret < 0 && data_input->stream_errno != 0) + return -1; + + /* Done reading DATA stream; remove it from state and continue with + local variable. */ + client->state.data_input = NULL; + + /* Current data stream position is the data size */ + client->state.data_size = data_input->v_offset; + + /* prepend our own headers */ + added_headers = t_str_new(200); + smtp_server_transaction_write_trace_record( + added_headers, trans, SMTP_SERVER_TRACE_RCPT_TO_ADDRESS_FINAL); + + i_stream_seek(data_input, 0); + inputs[0] = i_stream_create_copy_from_data( + str_data(added_headers), str_len(added_headers)); + inputs[1] = data_input; + inputs[2] = NULL; + + data_input = i_stream_create_concat(inputs); + i_stream_set_name(data_input, "<submission DATA>"); + data_size = client->state.data_size + str_len(added_headers); + + i_stream_unref(&inputs[0]); + i_stream_unref(&inputs[1]); + + ret = client->v.cmd_data(client, cmd, trans, data_input, data_size); + + i_stream_unref(&data_input); + return ret; +} + +int cmd_data_begin(void *conn_ctx, + struct smtp_server_cmd_ctx *cmd ATTR_UNUSED, + struct smtp_server_transaction *trans ATTR_UNUSED, + struct istream *data_input) +{ + struct client *client = conn_ctx; + struct istream *inputs[2]; + string_t *path; + + if (client->user->anonymous && !client->state.anonymous_allowed) { + smtp_server_reply(cmd, 554, "5.7.1", + "Access denied (anonymous user)"); + return -1; + } + + inputs[0] = data_input; + inputs[1] = NULL; + + path = t_str_new(256); + mail_user_set_get_temp_prefix(path, client->user->set); + client->state.data_input = i_stream_create_seekable_path(inputs, + SUBMISSION_MAIL_DATA_MAX_INMEMORY_SIZE, str_c(path)); + return 0; +} + +int client_default_cmd_data(struct client *client, + struct smtp_server_cmd_ctx *cmd, + struct smtp_server_transaction *trans, + struct istream *data_input, uoff_t data_size) +{ + return submission_backends_cmd_data(client, cmd, trans, + data_input, data_size); +} + +/* + * BURL command + */ + +/* FIXME: RFC 4468 + If the URL argument to BURL refers to binary data, then the submit server + MAY refuse the command or down convert as described in Binary SMTP. + */ + +struct cmd_burl_context { + struct client *client; + struct smtp_server_cmd_ctx *cmd; + + struct imap_urlauth_fetch *urlauth_fetch; + struct imap_msgpart_url *url_fetch; + + bool chunk_last:1; +}; + +static void +cmd_burl_destroy(struct smtp_server_cmd_ctx *cmd ATTR_UNUSED, + struct cmd_burl_context *burl_cmd) +{ + if (burl_cmd->urlauth_fetch != NULL) + imap_urlauth_fetch_deinit(&burl_cmd->urlauth_fetch); + if (burl_cmd->url_fetch != NULL) + imap_msgpart_url_free(&burl_cmd->url_fetch); +} + +static int +cmd_burl_fetch_cb(struct imap_urlauth_fetch_reply *reply, + bool last, void *context) +{ + struct cmd_burl_context *burl_cmd = context; + struct smtp_server_cmd_ctx *cmd = burl_cmd->cmd; + int ret; + + i_assert(last); + + if (reply == NULL) { + /* fatal failure */ + // FIXME: make this an internal error + smtp_server_reply(cmd, 554, "5.6.6", + "IMAP URLAUTH resolution failed"); + return -1; + } + if (!reply->succeeded) { + /* URL fetch failed */ + if (reply->error != NULL) { + smtp_server_reply(cmd, 554, "5.6.6", + "IMAP URLAUTH resolution failed: %s", + reply->error); + } else { + smtp_server_reply(cmd, 554, "5.6.6", + "IMAP URLAUTH resolution failed"); + } + return 1; + } + + /* URL fetch succeeded */ + ret = smtp_server_connection_data_chunk_add(cmd, + reply->input, reply->size, burl_cmd->chunk_last, FALSE); + if (ret < 0) + return -1; + + /* Command is likely not yet complete at this point, so return 0 */ + return 0; +} + +static int +cmd_burl_fetch_trusted(struct cmd_burl_context *burl_cmd, + struct imap_url *imap_url) +{ + struct smtp_server_cmd_ctx *cmd = burl_cmd->cmd; + struct client *client = burl_cmd->client; + const char *host_name = client->set->imap_urlauth_host; + in_port_t host_port = client->set->imap_urlauth_port; + struct imap_msgpart_open_result result; + const char *error; + + /* validate host */ + if (imap_url->host.name == NULL || + (strcmp(host_name, URL_HOST_ALLOW_ANY) != 0 && + strcmp(imap_url->host.name, host_name) != 0)) { + smtp_server_reply(cmd, 554, "5.6.6", + "IMAP URL resolution failed: " + "Inappropriate or missing host name"); + return -1; + } + + /* validate port */ + if ((imap_url->port == 0 && host_port != 143) || + (imap_url->port != 0 && host_port != imap_url->port)) { + smtp_server_reply(cmd, 554, "5.6.6", + "IMAP URL resolution failed: " + "Inappropriate server port"); + return -1; + } + + /* retrieve URL */ + if (imap_msgpart_url_create + (client->user, imap_url, &burl_cmd->url_fetch, &error) < 0) { + smtp_server_reply(cmd, 554, "5.6.6", + "IMAP URL resolution failed: %s", error); + return -1; + } + if (imap_msgpart_url_read_part(burl_cmd->url_fetch, + &result, &error) <= 0) { + smtp_server_reply(cmd, 554, "5.6.6", + "IMAP URL resolution failed: %s", error); + return -1; + } + + return smtp_server_connection_data_chunk_add(cmd, + result.input, result.size, burl_cmd->chunk_last, FALSE); +} + +static int +cmd_burl_fetch(struct cmd_burl_context *burl_cmd, const char *url, + struct imap_url *imap_url) +{ + struct smtp_server_cmd_ctx *cmd = burl_cmd->cmd; + struct client *client = burl_cmd->client; + + if (client->urlauth_ctx == NULL) { + /* RFC5248, Section 2.4: + + 554 5.7.14 Trust relationship required + + The submission server requires a configured trust + relationship with a third-party server in order to access + the message content. This value replaces the prior use of + X.7.8 for this error condition, thereby updating [RFC4468]. + */ + smtp_server_reply(cmd, 554, "5.7.14", + "No IMAP URLAUTH access available"); + return -1; + } + + /* urlauth */ + burl_cmd->urlauth_fetch = + imap_urlauth_fetch_init(client->urlauth_ctx, + cmd_burl_fetch_cb, burl_cmd); + if (imap_urlauth_fetch_url_parsed(burl_cmd->urlauth_fetch, + url, imap_url, IMAP_URLAUTH_FETCH_FLAG_BODY) == 0) { + /* wait for URL fetch */ + return 0; + } + return 1; +} + +void cmd_burl(struct smtp_server_cmd_ctx *cmd, const char *params) +{ + struct smtp_server_connection *conn = cmd->conn; + struct client *client = smtp_server_connection_get_context(conn); + struct cmd_burl_context *burl_cmd; + const char *const *argv; + enum imap_url_parse_flags url_parse_flags = + IMAP_URL_PARSE_ALLOW_URLAUTH; + struct imap_url *imap_url; + const char *url, *error; + bool chunk_last = FALSE; + int ret = 1; + + smtp_server_connection_data_chunk_init(cmd); + + /* burl-cmd = "BURL" SP absolute-URI [SP end-marker] CRLF + end-marker = "LAST" + */ + argv = t_strsplit(params, " "); + url = argv[0]; + if (url == NULL) { + smtp_server_reply(cmd, 501, "5.5.4", + "Missing chunk URL parameter"); + ret = -1; + } else if (imap_url_parse(url, NULL, url_parse_flags, + &imap_url, &error) < 0) { + smtp_server_reply(cmd, 501, "5.5.4", + "Invalid chunk URL: %s", error); + ret = -1; + } else if (argv[1] != NULL) { + if (strcasecmp(argv[1], "LAST") != 0) { + smtp_server_reply(cmd, 501, "5.5.4", + "Invalid end marker parameter"); + ret = -1; + } else if (argv[2] != NULL) { + smtp_server_reply(cmd, 501, "5.5.4", + "Invalid parameters"); + ret = -1; + } else { + chunk_last = TRUE; + } + } + + if (ret < 0 || !smtp_server_connection_data_check_state(cmd)) + return; + + if (client->user->anonymous) { + smtp_server_reply(cmd, 554, "5.7.1", + "Access denied (anonymous user)"); + return; + } + + burl_cmd = p_new(cmd->pool, struct cmd_burl_context, 1); + burl_cmd->client = client; + burl_cmd->cmd = cmd; + burl_cmd->chunk_last = chunk_last; + + smtp_server_command_add_hook(cmd->cmd, SMTP_SERVER_COMMAND_HOOK_DESTROY, + cmd_burl_destroy, burl_cmd); + + if (imap_url->uauth_rumpurl == NULL) { + /* direct local url */ + ret = cmd_burl_fetch_trusted(burl_cmd, imap_url); + } else { + ret = cmd_burl_fetch(burl_cmd, url, imap_url); + } + + if (ret == 0 && chunk_last) + smtp_server_command_input_lock(cmd); +} + +/* + * VRFY command + */ + +int cmd_vrfy(void *conn_ctx, struct smtp_server_cmd_ctx *cmd, + const char *param) +{ + struct client *client = conn_ctx; + + if (client->user->anonymous) { + smtp_server_reply(cmd, 550, "5.7.1", + "Access denied (anonymous user)"); + return -1; + } + + return client->v.cmd_vrfy(client, cmd, param); +} + +int client_default_cmd_vrfy(struct client *client, + struct smtp_server_cmd_ctx *cmd, const char *param) +{ + return submission_backend_cmd_vrfy(client->backend_default, cmd, param); +} + +/* + * NOOP command + */ + +int cmd_noop(void *conn_ctx, struct smtp_server_cmd_ctx *cmd) +{ + struct client *client = conn_ctx; + + return client->v.cmd_noop(client, cmd); +} + +int client_default_cmd_noop(struct client *client, + struct smtp_server_cmd_ctx *cmd) +{ + return submission_backend_cmd_noop(client->backend_default, cmd); +} + +/* + * QUIT command + */ + +struct cmd_quit_context { + struct client *client; + + struct smtp_server_cmd_ctx *cmd; +}; + +static void cmd_quit_finish(struct cmd_quit_context *quit_cmd) +{ + struct client *client = quit_cmd->client; + struct smtp_server_cmd_ctx *cmd = quit_cmd->cmd; + + timeout_remove(&client->to_quit); + smtp_server_reply_quit(cmd); +} + +static void +cmd_quit_next(struct smtp_server_cmd_ctx *cmd ATTR_UNUSED, + struct cmd_quit_context *quit_cmd) +{ + struct client *client = quit_cmd->client; + + /* give backend a brief interval to generate a quit reply */ + client->to_quit = timeout_add(SUBMISSION_MAX_WAIT_QUIT_REPLY_MSECS, + cmd_quit_finish, quit_cmd); +} + +int cmd_quit(void *conn_ctx, struct smtp_server_cmd_ctx *cmd) +{ + struct client *client = conn_ctx; + struct cmd_quit_context *quit_cmd; + + quit_cmd = p_new(cmd->pool, struct cmd_quit_context, 1); + quit_cmd->client = client; + quit_cmd->cmd = cmd; + + smtp_server_command_add_hook(cmd->cmd, SMTP_SERVER_COMMAND_HOOK_NEXT, + cmd_quit_next, quit_cmd); + + return client->v.cmd_quit(client, cmd); +} + +int client_default_cmd_quit(struct client *client, + struct smtp_server_cmd_ctx *cmd) +{ + return submission_backend_cmd_quit(client->backend_default, cmd); +} + + diff --git a/src/submission/submission-commands.h b/src/submission/submission-commands.h new file mode 100644 index 0000000..3fa25cc --- /dev/null +++ b/src/submission/submission-commands.h @@ -0,0 +1,98 @@ +#ifndef SUBMISSION_COMMANDS_H +#define SUBMISSION_COMMANDS_H + +/* + * HELO command + */ + +void submission_helo_reply_submit(struct smtp_server_cmd_ctx *cmd, + struct smtp_server_cmd_helo *data); + +int cmd_helo(void *conn_ctx, struct smtp_server_cmd_ctx *cmd, + struct smtp_server_cmd_helo *data); + +int client_default_cmd_helo(struct client *client, + struct smtp_server_cmd_ctx *cmd, + struct smtp_server_cmd_helo *data); + +/* + * MAIL command + */ + +int cmd_mail(void *conn_ctx, struct smtp_server_cmd_ctx *cmd, + struct smtp_server_cmd_mail *data); + +int client_default_cmd_mail(struct client *client, + struct smtp_server_cmd_ctx *cmd, + struct smtp_server_cmd_mail *data); + +/* + * RCPT command + */ + +int cmd_rcpt(void *conn_ctx, struct smtp_server_cmd_ctx *cmd, + struct smtp_server_recipient *rcpt); + +int client_default_cmd_rcpt(struct client *client ATTR_UNUSED, + struct smtp_server_cmd_ctx *cmd, + struct submission_recipient *srcpt); + +/* + * RSET command + */ + +int cmd_rset(void *conn_ctx, struct smtp_server_cmd_ctx *cmd); + +int client_default_cmd_rset(struct client *client, + struct smtp_server_cmd_ctx *cmd); + +/* + * DATA/BDAT commands + */ + +int cmd_data_begin(void *conn_ctx, struct smtp_server_cmd_ctx *cmd, + struct smtp_server_transaction *trans, + struct istream *data_input); +int cmd_data_continue(void *conn_ctx, struct smtp_server_cmd_ctx *cmd, + struct smtp_server_transaction *trans); + +int client_default_cmd_data(struct client *client, + struct smtp_server_cmd_ctx *cmd, + struct smtp_server_transaction *trans, + struct istream *data_input, uoff_t data_size); + +/* + * BURL command + */ + +void cmd_burl(struct smtp_server_cmd_ctx *cmd, const char *params); + +/* + * VRFY command + */ + +int cmd_vrfy(void *conn_ctx, struct smtp_server_cmd_ctx *cmd, + const char *param); + +int client_default_cmd_vrfy(struct client *client, + struct smtp_server_cmd_ctx *cmd, const char *param); + +/* + * NOOP command + */ + +int cmd_noop(void *conn_ctx, struct smtp_server_cmd_ctx *cmd); + +int client_default_cmd_noop(struct client *client, + struct smtp_server_cmd_ctx *cmd); + +/* + * QUIT command + */ + +int cmd_quit(void *conn_ctx, struct smtp_server_cmd_ctx *cmd); + +int client_default_cmd_quit(struct client *client, + struct smtp_server_cmd_ctx *cmd); + +#endif diff --git a/src/submission/submission-common.h b/src/submission/submission-common.h new file mode 100644 index 0000000..093d503 --- /dev/null +++ b/src/submission/submission-common.h @@ -0,0 +1,46 @@ +#ifndef SUBMISSION_COMMON_H +#define SUBMISSION_COMMON_H + +#include "lib.h" +#include "array.h" +#include "ioloop.h" +#include "smtp-reply.h" +#include "smtp-server.h" +#include "submission-client.h" +#include "submission-settings.h" + +#define URL_HOST_ALLOW_ANY "*" + +/* Maximum number of bytes added to a relayed message. This is used to + calculate the SIZE capability based on what the backend server states. */ +#define SUBMISSION_MAX_ADDITIONAL_MAIL_SIZE 1024 +#define SUBMISSION_MAIL_DATA_MAX_INMEMORY_SIZE (1024*128) + +/* Maximum time to wait for QUIT reply from relay server */ +#define SUBMISSION_MAX_WAIT_QUIT_REPLY_MSECS 2000 + +#define SUBMISSION_SUPPORTED_SMTP_CAPABILITIES \ + (SMTP_CAPABILITY_AUTH | SMTP_CAPABILITY_PIPELINING | \ + SMTP_CAPABILITY_SIZE | SMTP_CAPABILITY_ENHANCEDSTATUSCODES | \ + SMTP_CAPABILITY_8BITMIME | SMTP_CAPABILITY_CHUNKING | \ + SMTP_CAPABILITY_BINARYMIME | SMTP_CAPABILITY_BURL | \ + SMTP_CAPABILITY_DSN | SMTP_CAPABILITY_VRFY) + +typedef void submission_client_created_func_t(struct client **client); + +extern submission_client_created_func_t *hook_client_created; +extern bool submission_debug; + +extern struct smtp_server *smtp_server; +extern struct smtp_client *smtp_client; + +/* Sets the hook_client_created and returns the previous hook, + which the new_hook should call if it's non-NULL. */ +submission_client_created_func_t * +submission_client_created_hook_set(submission_client_created_func_t *new_hook); + +void submission_refresh_proctitle(void); + +void client_handshake(struct client *client); + +#endif diff --git a/src/submission/submission-recipient.c b/src/submission/submission-recipient.c new file mode 100644 index 0000000..a49b038 --- /dev/null +++ b/src/submission/submission-recipient.c @@ -0,0 +1,55 @@ +/* Copyright (c) 2018 Dovecot authors, see the included COPYING file */ + +#include "submission-common.h" + +#include "submission-backend.h" +#include "submission-recipient.h" + +struct submission_recipient_module_register +submission_recipient_module_register = { 0 }; + +static void +submission_recipient_approved(struct smtp_server_recipient *rcpt ATTR_UNUSED, + struct submission_recipient *srcpt); + +struct submission_recipient * +submission_recipient_create(struct client *client, + struct smtp_server_recipient *rcpt) +{ + struct submission_recipient *srcpt; + + srcpt = p_new(rcpt->pool, struct submission_recipient, 1); + srcpt->rcpt = rcpt; + srcpt->backend = client->state.backend; + + rcpt->context = srcpt; + + p_array_init(&srcpt->module_contexts, rcpt->pool, 5); + + smtp_server_recipient_add_hook( + rcpt, SMTP_SERVER_RECIPIENT_HOOK_APPROVED, + submission_recipient_approved, srcpt); + + return srcpt; +} + +static void +submission_recipient_approved(struct smtp_server_recipient *rcpt ATTR_UNUSED, + struct submission_recipient *srcpt) +{ + struct submission_backend *backend = srcpt->backend; + struct client *client = backend->client; + struct submission_backend *rcpt_backend; + bool backend_found = FALSE; + + array_push_back(&client->rcpt_to, &srcpt); + + array_foreach_elem(&client->rcpt_backends, rcpt_backend) { + if (rcpt_backend == backend) { + backend_found = TRUE; + break; + } + } + if (!backend_found) + array_push_back(&client->rcpt_backends, &backend); +} diff --git a/src/submission/submission-recipient.h b/src/submission/submission-recipient.h new file mode 100644 index 0000000..d80046f --- /dev/null +++ b/src/submission/submission-recipient.h @@ -0,0 +1,33 @@ +#ifndef SUBMISSION_RECIPIENT_H +#define SUBMISSION_RECIPIENT_H + +struct submission_backend; +struct client; + +struct submission_recipient { + struct smtp_server_recipient *rcpt; + + struct submission_backend *backend; + void *backend_context; + + /* Module-specific contexts. */ + ARRAY(union submission_recipient_module_context *) module_contexts; + + bool anonymous_allowed:1; +}; + +struct submission_recipient_module_register { + unsigned int id; +}; + +union submission_recipient_module_context { + struct submission_recipient_module_register *reg; +}; +extern struct submission_recipient_module_register +submission_recipient_module_register; + +struct submission_recipient * +submission_recipient_create(struct client *client, + struct smtp_server_recipient *rcpt); + +#endif diff --git a/src/submission/submission-settings.c b/src/submission/submission-settings.c new file mode 100644 index 0000000..6764b3d --- /dev/null +++ b/src/submission/submission-settings.c @@ -0,0 +1,225 @@ +/* Copyright (c) 2013-2018 Dovecot authors, see the included COPYING file */ + +#include "lib.h" +#include "hostpid.h" +#include "buffer.h" +#include "settings-parser.h" +#include "service-settings.h" +#include "mail-storage-settings.h" +#include "submission-settings.h" + +#include <stddef.h> +#include <unistd.h> + +static bool submission_settings_verify(void *_set, pool_t pool, + const char **error_r); + +/* <settings checks> */ +static struct file_listener_settings submission_unix_listeners_array[] = { + { "login/submission", 0666, "", "" } +}; +static struct file_listener_settings *submission_unix_listeners[] = { + &submission_unix_listeners_array[0] +}; +static buffer_t submission_unix_listeners_buf = { + { { submission_unix_listeners, sizeof(submission_unix_listeners) } } +}; +/* </settings checks> */ + +struct service_settings submission_service_settings = { + .name = "submission", + .protocol = "submission", + .type = "", + .executable = "submission", + .user = "", + .group = "", + .privileged_group = "", + .extra_groups = "$default_internal_group", + .chroot = "", + + .drop_priv_before_exec = FALSE, + + .process_min_avail = 0, + .process_limit = 1024, + .client_limit = 1, + .service_count = 1, + .idle_kill = 0, + .vsz_limit = UOFF_T_MAX, + + .unix_listeners = { { &submission_unix_listeners_buf, + sizeof(submission_unix_listeners[0]) } }, + .fifo_listeners = ARRAY_INIT, + .inet_listeners = ARRAY_INIT +}; + +#undef DEF +#define DEF(type, name) \ + SETTING_DEFINE_STRUCT_##type(#name, name, struct submission_settings) + +static const struct setting_define submission_setting_defines[] = { + DEF(BOOL, verbose_proctitle), + DEF(STR_VARS, rawlog_dir), + + DEF(STR, hostname), + + DEF(STR, login_greeting), + DEF(STR, login_trusted_networks), + + DEF(STR, recipient_delimiter), + + DEF(SIZE, submission_max_mail_size), + DEF(UINT, submission_max_recipients), + DEF(STR, submission_client_workarounds), + DEF(STR, submission_logout_format), + + DEF(STR, submission_backend_capabilities), + + DEF(STR, submission_relay_host), + DEF(IN_PORT, submission_relay_port), + DEF(BOOL, submission_relay_trusted), + + DEF(STR, submission_relay_user), + DEF(STR, submission_relay_master_user), + DEF(STR, submission_relay_password), + + DEF(ENUM, submission_relay_ssl), + DEF(BOOL, submission_relay_ssl_verify), + + DEF(STR_VARS, submission_relay_rawlog_dir), + DEF(TIME, submission_relay_max_idle_time), + + DEF(TIME_MSECS, submission_relay_connect_timeout), + DEF(TIME_MSECS, submission_relay_command_timeout), + + DEF(STR, imap_urlauth_host), + DEF(IN_PORT, imap_urlauth_port), + + SETTING_DEFINE_LIST_END +}; + +static const struct submission_settings submission_default_settings = { + .verbose_proctitle = FALSE, + .rawlog_dir = "", + + .hostname = "", + + .login_greeting = PACKAGE_NAME" ready.", + .login_trusted_networks = "", + + .recipient_delimiter = "+", + + .submission_max_mail_size = 40*1024*1024, + .submission_max_recipients = 0, + .submission_client_workarounds = "", + .submission_logout_format = "in=%i out=%o", + + .submission_backend_capabilities = NULL, + + .submission_relay_host = "", + .submission_relay_port = 25, + .submission_relay_trusted = FALSE, + + .submission_relay_user = "", + .submission_relay_master_user = "", + .submission_relay_password = "", + + .submission_relay_ssl = "no:smtps:starttls", + .submission_relay_ssl_verify = TRUE, + + .submission_relay_rawlog_dir = "", + .submission_relay_max_idle_time = 60*29, + + .submission_relay_connect_timeout = 30*1000, + .submission_relay_command_timeout = 60*5*1000, + + .imap_urlauth_host = "", + .imap_urlauth_port = 143, +}; + +static const struct setting_parser_info *submission_setting_dependencies[] = { + &mail_user_setting_parser_info, + NULL +}; + +const struct setting_parser_info submission_setting_parser_info = { + .module_name = "submission", + .defines = submission_setting_defines, + .defaults = &submission_default_settings, + + .type_offset = SIZE_MAX, + .struct_size = sizeof(struct submission_settings), + + .parent_offset = SIZE_MAX, + + .check_func = submission_settings_verify, + .dependencies = submission_setting_dependencies +}; + +/* <settings checks> */ +struct submission_client_workaround_list { + const char *name; + enum submission_client_workarounds num; +}; + +/* These definitions need to be kept in sync with equivalent definitions present + in src/submission-login/submission-login-settings.c. Workarounds that are not + relevant to the submission service are defined as 0 here to prevent "Unknown + workaround" errors below. */ +static const struct submission_client_workaround_list +submission_client_workaround_list[] = { + { "whitespace-before-path", + SUBMISSION_WORKAROUND_WHITESPACE_BEFORE_PATH }, + { "mailbox-for-path", + SUBMISSION_WORKAROUND_MAILBOX_FOR_PATH }, + { "implicit-auth-external", 0 }, + { "exotic-backend", 0 }, + { NULL, 0 } +}; + +static int +submission_settings_parse_workarounds(struct submission_settings *set, + const char **error_r) +{ + enum submission_client_workarounds client_workarounds = 0; + const struct submission_client_workaround_list *list; + const char *const *str; + + str = t_strsplit_spaces(set->submission_client_workarounds, " ,"); + for (; *str != NULL; str++) { + list = submission_client_workaround_list; + for (; list->name != NULL; list++) { + if (strcasecmp(*str, list->name) == 0) { + client_workarounds |= list->num; + break; + } + } + if (list->name == NULL) { + *error_r = t_strdup_printf( + "submission_client_workarounds: " + "Unknown workaround: %s", *str); + return -1; + } + } + set->parsed_workarounds = client_workarounds; + return 0; +} + +static bool +submission_settings_verify(void *_set, pool_t pool ATTR_UNUSED, const char **error_r) +{ + struct submission_settings *set = _set; + + if (submission_settings_parse_workarounds(set, error_r) < 0) + return FALSE; + +#ifndef CONFIG_BINARY + if (set->submission_relay_max_idle_time == 0) { + *error_r = "submission_relay_max_idle_time must not be 0"; + return FALSE; + } + if (*set->hostname == '\0') + set->hostname = p_strdup(pool, my_hostdomain()); +#endif + return TRUE; +} +/* </settings checks> */ diff --git a/src/submission/submission-settings.h b/src/submission/submission-settings.h new file mode 100644 index 0000000..04f1beb --- /dev/null +++ b/src/submission/submission-settings.h @@ -0,0 +1,60 @@ +#ifndef SUBMISSION_SETTINGS_H +#define SUBMISSION_SETTINGS_H + +#include "smtp-server.h" + +/* <settings checks> */ +enum submission_client_workarounds { + SUBMISSION_WORKAROUND_WHITESPACE_BEFORE_PATH = BIT(0), + SUBMISSION_WORKAROUND_MAILBOX_FOR_PATH = BIT(1), +}; +/* </settings checks> */ + +struct submission_settings { + bool verbose_proctitle; + const char *rawlog_dir; + + const char *hostname; + + const char *login_greeting; + const char *login_trusted_networks; + + const char *recipient_delimiter; + + /* submission: */ + uoff_t submission_max_mail_size; + unsigned int submission_max_recipients; + const char *submission_client_workarounds; + const char *submission_logout_format; + + /* submission backend: */ + const char *submission_backend_capabilities; + + /* submission relay: */ + const char *submission_relay_host; + in_port_t submission_relay_port; + bool submission_relay_trusted; + + const char *submission_relay_user; + const char *submission_relay_master_user; + const char *submission_relay_password; + + const char *submission_relay_ssl; + bool submission_relay_ssl_verify; + + const char *submission_relay_rawlog_dir; + unsigned int submission_relay_max_idle_time; + + unsigned int submission_relay_connect_timeout; + unsigned int submission_relay_command_timeout; + + /* imap urlauth: */ + const char *imap_urlauth_host; + in_port_t imap_urlauth_port; + + enum submission_client_workarounds parsed_workarounds; +}; + +extern const struct setting_parser_info submission_setting_parser_info; + +#endif |