1 files changed, 179 insertions, 0 deletions
diff --git a/src/lib-smtp/smtp-server-cmd-starttls.c b/src/lib-smtp/smtp-server-cmd-starttls.c
new file mode 100644
index 0000000..de53b39
--- /dev/null
+++ b/src/lib-smtp/smtp-server-cmd-starttls.c
@@ -0,0 +1,179 @@
+/* Copyright (c) 2013-2018 Dovecot authors, see the included COPYING file */
+
+#include "lib.h"
+#include "istream.h"
+#include "ostream.h"
+#include "iostream-ssl.h"
+#include "master-service.h"
+#include "master-service-ssl.h"
+#include "smtp-syntax.h"
+
+#include "smtp-server-private.h"
+
+/* STARTTLS command (RFC 3207) */
+
+static int cmd_starttls_start(struct smtp_server_connection *conn)
+{
+	const struct smtp_server_callbacks *callbacks = conn->callbacks;
+
+	e_debug(conn->event, "Starting TLS");
+
+	if (callbacks != NULL && callbacks->conn_start_tls != NULL) {
+		struct smtp_server_connection *tmp_conn = conn;
+		struct istream *input = conn->conn.input;
+		struct ostream *output = conn->conn.output;
+		int ret;
+
+		smtp_server_connection_ref(tmp_conn);
+		ret = callbacks->conn_start_tls(tmp_conn->context,
+			&input, &output);
+		if (!smtp_server_connection_unref(&tmp_conn) || ret < 0)
+			return -1;
+
+		smtp_server_connection_set_ssl_streams(conn, input, output);
+	} else if (smtp_server_connection_ssl_init(conn) < 0) {
+		smtp_server_connection_close(&conn,
+			"SSL Initialization failed");
+		return -1;
+	}
+
+	/* The command queue must be empty at this point. If anything were to be
+	   queued somehow, this connection is vulnerable to STARTTLS command
+	   insertion.
+	 */
+	i_assert(conn->command_queue_count == 0 &&
+		 conn->command_queue_head == NULL);
+
+	/* RFC 3207, Section 4.2:
+
+	   Upon completion of the TLS handshake, the SMTP protocol is reset to
+	   the initial state (the state in SMTP after a server issues a 220
+	   service ready greeting). The server MUST discard any knowledge
+	   obtained from the client, such as the argument to the EHLO command,
+	   which was not obtained from the TLS negotiation itself.
+	*/
+	smtp_server_connection_clear(conn);
+	smtp_server_connection_input_unlock(conn);
+
+	return 0;
+}
+
+static int cmd_starttls_output(struct smtp_server_connection *conn)
+{
+	int ret;
+
+	if ((ret=smtp_server_connection_flush(conn)) < 0)
+		return 1;
+
+	if (ret > 0) {
+		o_stream_unset_flush_callback(conn->conn.output);
+		if (cmd_starttls_start(conn) < 0)
+			return -1;
+	}
+	return 1;
+}
+
+static void
+cmd_starttls_destroy(struct smtp_server_cmd_ctx *cmd, void *context ATTR_UNUSED)
+{
+	struct smtp_server_connection *conn = cmd->conn;
+	struct smtp_server_command *command = cmd->cmd;
+	int ret;
+
+	if (conn->conn.output == NULL)
+		return;
+
+	if (smtp_server_command_replied_success(command)) {
+		/* only one valid success status for STARTTLS command */
+		i_assert(smtp_server_command_reply_status_equals(command, 220));
+
+		/* uncork */
+		o_stream_uncork(conn->conn.output);
+
+		/* flush */
+		if ((ret=smtp_server_connection_flush(conn)) < 0) {
+			return;
+		} else if (ret == 0) {
+			/* the buffer has to be flushed */
+			i_assert(!conn->conn.output->closed);
+			o_stream_set_flush_callback(conn->conn.output,
+						    cmd_starttls_output,
+						    conn);
+			o_stream_set_flush_pending(conn->conn.output, TRUE);
+		} else {
+			cmd_starttls_start(conn);
+		}
+	}
+}
+
+static void
+cmd_starttls_next(struct smtp_server_cmd_ctx *cmd, void *context ATTR_UNUSED)
+{
+	struct smtp_server_connection *conn = cmd->conn;
+	struct smtp_server_command *command = cmd->cmd;
+	const struct smtp_server_callbacks *callbacks = conn->callbacks;
+	int ret;
+
+	/* The command queue can only contain the STARTTLS command at this
+	   point. If anything beyond the STARTTLS were queued somehow, this
+	   connection is vulnerable to STARTTLS command insertion.
+	 */
+	i_assert(conn->command_queue_count == 1 &&
+	         conn->command_queue_tail == command);
+
+	smtp_server_connection_set_state(conn, SMTP_SERVER_STATE_STARTTLS,
+					 NULL);
+
+	smtp_server_command_ref(command);
+	if (callbacks != NULL && callbacks->conn_cmd_starttls != NULL)
+		ret = callbacks->conn_cmd_starttls(conn->context, cmd);
+	else
+		ret = 1;
+
+	smtp_server_command_add_hook(command, SMTP_SERVER_COMMAND_HOOK_DESTROY,
+				     cmd_starttls_destroy, NULL);
+
+	if (ret <= 0) {
+		i_assert(ret == 0 || smtp_server_command_is_replied(command));
+		/* command is waiting for external event or it failed */
+		smtp_server_command_unref(&command);
+		return;
+	}
+	if (!smtp_server_command_is_replied(command)) {
+		smtp_server_reply(cmd,
+			220, "2.0.0", "Begin TLS negotiation now.");
+	}
+	smtp_server_command_unref(&command);
+}
+
+void smtp_server_cmd_starttls(struct smtp_server_cmd_ctx *cmd,
+			      const char *params)
+{
+	struct smtp_server_connection *conn = cmd->conn;
+	struct smtp_server_command *command = cmd->cmd;
+	enum smtp_capability capabilities = conn->set.capabilities;
+
+	if (conn->ssl_secured) {
+		i_assert((capabilities & SMTP_CAPABILITY_STARTTLS) == 0);
+		smtp_server_reply(cmd,
+			502, "5.5.1", "TLS is already active.");
+		return;
+	} else if ((capabilities & SMTP_CAPABILITY_STARTTLS) == 0) {
+		smtp_server_reply(cmd,
+			502, "5.5.1", "TLS support is not enabled.");
+		return;
+	}
+
+	/* "STARTTLS" CRLF */
+	if (*params != '\0') {
+		smtp_server_reply(cmd,
+			501, "5.5.4", "Invalid parameters");
+		return;
+	}
+
+	smtp_server_command_input_lock(cmd);
+	smtp_server_connection_input_lock(conn);
+
+	smtp_server_command_add_hook(command, SMTP_SERVER_COMMAND_HOOK_NEXT,
+				     cmd_starttls_next, NULL);
+}