diff options
Diffstat (limited to '')
-rw-r--r-- | src/lib-smtp/smtp-server-cmd-starttls.c | 179 |
1 files changed, 179 insertions, 0 deletions
diff --git a/src/lib-smtp/smtp-server-cmd-starttls.c b/src/lib-smtp/smtp-server-cmd-starttls.c new file mode 100644 index 0000000..de53b39 --- /dev/null +++ b/src/lib-smtp/smtp-server-cmd-starttls.c @@ -0,0 +1,179 @@ +/* Copyright (c) 2013-2018 Dovecot authors, see the included COPYING file */ + +#include "lib.h" +#include "istream.h" +#include "ostream.h" +#include "iostream-ssl.h" +#include "master-service.h" +#include "master-service-ssl.h" +#include "smtp-syntax.h" + +#include "smtp-server-private.h" + +/* STARTTLS command (RFC 3207) */ + +static int cmd_starttls_start(struct smtp_server_connection *conn) +{ + const struct smtp_server_callbacks *callbacks = conn->callbacks; + + e_debug(conn->event, "Starting TLS"); + + if (callbacks != NULL && callbacks->conn_start_tls != NULL) { + struct smtp_server_connection *tmp_conn = conn; + struct istream *input = conn->conn.input; + struct ostream *output = conn->conn.output; + int ret; + + smtp_server_connection_ref(tmp_conn); + ret = callbacks->conn_start_tls(tmp_conn->context, + &input, &output); + if (!smtp_server_connection_unref(&tmp_conn) || ret < 0) + return -1; + + smtp_server_connection_set_ssl_streams(conn, input, output); + } else if (smtp_server_connection_ssl_init(conn) < 0) { + smtp_server_connection_close(&conn, + "SSL Initialization failed"); + return -1; + } + + /* The command queue must be empty at this point. If anything were to be + queued somehow, this connection is vulnerable to STARTTLS command + insertion. + */ + i_assert(conn->command_queue_count == 0 && + conn->command_queue_head == NULL); + + /* RFC 3207, Section 4.2: + + Upon completion of the TLS handshake, the SMTP protocol is reset to + the initial state (the state in SMTP after a server issues a 220 + service ready greeting). The server MUST discard any knowledge + obtained from the client, such as the argument to the EHLO command, + which was not obtained from the TLS negotiation itself. + */ + smtp_server_connection_clear(conn); + smtp_server_connection_input_unlock(conn); + + return 0; +} + +static int cmd_starttls_output(struct smtp_server_connection *conn) +{ + int ret; + + if ((ret=smtp_server_connection_flush(conn)) < 0) + return 1; + + if (ret > 0) { + o_stream_unset_flush_callback(conn->conn.output); + if (cmd_starttls_start(conn) < 0) + return -1; + } + return 1; +} + +static void +cmd_starttls_destroy(struct smtp_server_cmd_ctx *cmd, void *context ATTR_UNUSED) +{ + struct smtp_server_connection *conn = cmd->conn; + struct smtp_server_command *command = cmd->cmd; + int ret; + + if (conn->conn.output == NULL) + return; + + if (smtp_server_command_replied_success(command)) { + /* only one valid success status for STARTTLS command */ + i_assert(smtp_server_command_reply_status_equals(command, 220)); + + /* uncork */ + o_stream_uncork(conn->conn.output); + + /* flush */ + if ((ret=smtp_server_connection_flush(conn)) < 0) { + return; + } else if (ret == 0) { + /* the buffer has to be flushed */ + i_assert(!conn->conn.output->closed); + o_stream_set_flush_callback(conn->conn.output, + cmd_starttls_output, + conn); + o_stream_set_flush_pending(conn->conn.output, TRUE); + } else { + cmd_starttls_start(conn); + } + } +} + +static void +cmd_starttls_next(struct smtp_server_cmd_ctx *cmd, void *context ATTR_UNUSED) +{ + struct smtp_server_connection *conn = cmd->conn; + struct smtp_server_command *command = cmd->cmd; + const struct smtp_server_callbacks *callbacks = conn->callbacks; + int ret; + + /* The command queue can only contain the STARTTLS command at this + point. If anything beyond the STARTTLS were queued somehow, this + connection is vulnerable to STARTTLS command insertion. + */ + i_assert(conn->command_queue_count == 1 && + conn->command_queue_tail == command); + + smtp_server_connection_set_state(conn, SMTP_SERVER_STATE_STARTTLS, + NULL); + + smtp_server_command_ref(command); + if (callbacks != NULL && callbacks->conn_cmd_starttls != NULL) + ret = callbacks->conn_cmd_starttls(conn->context, cmd); + else + ret = 1; + + smtp_server_command_add_hook(command, SMTP_SERVER_COMMAND_HOOK_DESTROY, + cmd_starttls_destroy, NULL); + + if (ret <= 0) { + i_assert(ret == 0 || smtp_server_command_is_replied(command)); + /* command is waiting for external event or it failed */ + smtp_server_command_unref(&command); + return; + } + if (!smtp_server_command_is_replied(command)) { + smtp_server_reply(cmd, + 220, "2.0.0", "Begin TLS negotiation now."); + } + smtp_server_command_unref(&command); +} + +void smtp_server_cmd_starttls(struct smtp_server_cmd_ctx *cmd, + const char *params) +{ + struct smtp_server_connection *conn = cmd->conn; + struct smtp_server_command *command = cmd->cmd; + enum smtp_capability capabilities = conn->set.capabilities; + + if (conn->ssl_secured) { + i_assert((capabilities & SMTP_CAPABILITY_STARTTLS) == 0); + smtp_server_reply(cmd, + 502, "5.5.1", "TLS is already active."); + return; + } else if ((capabilities & SMTP_CAPABILITY_STARTTLS) == 0) { + smtp_server_reply(cmd, + 502, "5.5.1", "TLS support is not enabled."); + return; + } + + /* "STARTTLS" CRLF */ + if (*params != '\0') { + smtp_server_reply(cmd, + 501, "5.5.4", "Invalid parameters"); + return; + } + + smtp_server_command_input_lock(cmd); + smtp_server_connection_input_lock(conn); + + smtp_server_command_add_hook(command, SMTP_SERVER_COMMAND_HOOK_NEXT, + cmd_starttls_next, NULL); +} |