smtpd.c 33 KB

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071727374757677787980818283848586878889909192939495969798991001011021031041051061071081091101111121131141151161171181191201211221231241251261271281291301311321331341351361371381391401411421431441451461471481491501511521531541551561571581591601611621631641651661671681691701711721731741751761771781791801811821831841851861871881891901911921931941951961971981992002012022032042052062072082092102112122132142152162172182192202212222232242252262272282292302312322332342352362372382392402412422432442452462472482492502512522532542552562572582592602612622632642652662672682692702712722732742752762772782792802812822832842852862872882892902912922932942952962972982993003013023033043053063073083093103113123133143153163173183193203213223233243253263273283293303313323333343353363373383393403413423433443453463473483493503513523533543553563573583593603613623633643653663673683693703713723733743753763773783793803813823833843853863873883893903913923933943953963973983994004014024034044054064074084094104114124134144154164174184194204214224234244254264274284294304314324334344354364374384394404414424434444454464474484494504514524534544554564574584594604614624634644654664674684694704714724734744754764774784794804814824834844854864874884894904914924934944954964974984995005015025035045055065075085095105115125135145155165175185195205215225235245255265275285295305315325335345355365375385395405415425435445455465475485495505515525535545555565575585595605615625635645655665675685695705715725735745755765775785795805815825835845855865875885895905915925935945955965975985996006016026036046056066076086096106116126136146156166176186196206216226236246256266276286296306316326336346356366376386396406416426436446456466476486496506516526536546556566576586596606616626636646656666676686696706716726736746756766776786796806816826836846856866876886896906916926936946956966976986997007017027037047057067077087097107117127137147157167177187197207217227237247257267277287297307317327337347357367377387397407417427437447457467477487497507517527537547557567577587597607617627637647657667677687697707717727737747757767777787797807817827837847857867877887897907917927937947957967977987998008018028038048058068078088098108118128138148158168178188198208218228238248258268278288298308318328338348358368378388398408418428438448458468478488498508518528538548558568578588598608618628638648658668678688698708718728738748758768778788798808818828838848858868878888898908918928938948958968978988999009019029039049059069079089099109119129139149159169179189199209219229239249259269279289299309319329339349359369379389399409419429439449459469479489499509519529539549559569579589599609619629639649659669679689699709719729739749759769779789799809819829839849859869879889899909919929939949959969979989991000100110021003100410051006100710081009101010111012101310141015101610171018101910201021102210231024102510261027102810291030103110321033103410351036103710381039104010411042104310441045104610471048104910501051105210531054105510561057105810591060106110621063106410651066106710681069107010711072107310741075107610771078107910801081108210831084108510861087108810891090109110921093109410951096109710981099110011011102110311041105110611071108110911101111111211131114111511161117111811191120112111221123112411251126112711281129113011311132113311341135113611371138113911401141114211431144114511461147114811491150115111521153115411551156115711581159116011611162116311641165116611671168116911701171117211731174117511761177117811791180118111821183118411851186118711881189119011911192119311941195119611971198119912001201120212031204120512061207120812091210121112121213121412151216121712181219122012211222122312241225122612271228122912301231123212331234123512361237123812391240124112421243124412451246124712481249125012511252125312541255125612571258125912601261126212631264126512661267126812691270127112721273127412751276127712781279128012811282128312841285128612871288128912901291129212931294129512961297129812991300130113021303130413051306130713081309131013111312131313141315131613171318131913201321132213231324132513261327132813291330133113321333133413351336133713381339134013411342134313441345134613471348134913501351135213531354135513561357135813591360136113621363136413651366136713681369137013711372137313741375137613771378137913801381138213831384138513861387138813891390139113921393139413951396139713981399140014011402140314041405140614071408140914101411141214131414141514161417141814191420142114221423142414251426142714281429143014311432143314341435143614371438143914401441144214431444144514461447144814491450145114521453145414551456145714581459146014611462146314641465146614671468146914701471147214731474147514761477147814791480148114821483148414851486148714881489149014911492149314941495149614971498149915001501150215031504150515061507150815091510151115121513151415151516151715181519152015211522152315241525152615271528152915301531153215331534153515361537153815391540154115421543154415451546154715481549155015511552155315541555155615571558155915601561156215631564156515661567156815691570157115721573157415751576157715781579158015811582158315841585158615871588158915901591159215931594159515961597159815991600160116021603160416051606160716081609161016111612161316141615161616171618161916201621162216231624
  1. #include "common.h"
  2. #include "smtpd.h"
  3. #include "smtp.h"
  4. #include <ctype.h>
  5. #include <ip.h>
  6. #include <ndb.h>
  7. #include <mp.h>
  8. #include <libsec.h>
  9. #include <auth.h>
  10. #include "../smtp/y.tab.h"
  11. #define DBGMX 1
  12. char *me;
  13. char *him="";
  14. char *dom;
  15. process *pp;
  16. String *mailer;
  17. NetConnInfo *nci;
  18. int filterstate = ACCEPT;
  19. int trusted;
  20. int logged;
  21. int rejectcount;
  22. int hardreject;
  23. Biobuf bin;
  24. int debug;
  25. int Dflag;
  26. int fflag;
  27. int gflag;
  28. int rflag;
  29. int sflag;
  30. int authenticate;
  31. int authenticated;
  32. int passwordinclear;
  33. char *tlscert;
  34. uchar rsysip[IPaddrlen];
  35. List senders;
  36. List rcvers;
  37. char pipbuf[ERRMAX];
  38. char *piperror;
  39. String* mailerpath(char*);
  40. int pipemsg(int*);
  41. int rejectcheck(void);
  42. String* startcmd(void);
  43. static int
  44. catchalarm(void *a, char *msg)
  45. {
  46. int rv = 1;
  47. USED(a);
  48. /* log alarms but continue */
  49. if(strstr(msg, "alarm")){
  50. if(senders.first && rcvers.first)
  51. syslog(0, "smtpd", "note: %s->%s: %s",
  52. s_to_c(senders.first->p),
  53. s_to_c(rcvers.first->p), msg);
  54. else
  55. syslog(0, "smtpd", "note: %s", msg);
  56. rv = 0;
  57. }
  58. /* kill the children if there are any */
  59. if(pp)
  60. syskillpg(pp->pid);
  61. return rv;
  62. }
  63. /* override string error functions to do something reasonable */
  64. void
  65. s_error(char *f, char *status)
  66. {
  67. char errbuf[Errlen];
  68. errbuf[0] = 0;
  69. rerrstr(errbuf, sizeof(errbuf));
  70. if(f && *f)
  71. reply("452 4.3.0 out of memory %s: %s\r\n", f, errbuf);
  72. else
  73. reply("452 4.3.0 out of memory %s\r\n", errbuf);
  74. syslog(0, "smtpd", "++Malloc failure %s [%s]", him, nci->rsys);
  75. exits(status);
  76. }
  77. static void
  78. usage(void)
  79. {
  80. fprint(2,
  81. "usage: smtpd [-adDfghprs] [-c cert] [-k ip] [-m mailer] [-n net]\n");
  82. exits("usage");
  83. }
  84. void
  85. main(int argc, char **argv)
  86. {
  87. char *netdir;
  88. char buf[1024];
  89. netdir = nil;
  90. quotefmtinstall();
  91. fmtinstall('I', eipfmt);
  92. ARGBEGIN{
  93. case 'a':
  94. authenticate = 1;
  95. break;
  96. case 'c':
  97. tlscert = EARGF(usage());
  98. break;
  99. case 'D':
  100. Dflag++;
  101. break;
  102. case 'd':
  103. debug++;
  104. break;
  105. case 'f': /* disallow relaying */
  106. fflag = 1;
  107. break;
  108. case 'g':
  109. gflag = 1;
  110. break;
  111. case 'h': /* default domain name */
  112. dom = EARGF(usage());
  113. break;
  114. case 'k': /* prohibited ip address */
  115. addbadguy(EARGF(usage()));
  116. break;
  117. case 'm': /* set mail command */
  118. mailer = mailerpath(EARGF(usage()));
  119. break;
  120. case 'n': /* log peer ip address */
  121. netdir = EARGF(usage());
  122. break;
  123. case 'p':
  124. passwordinclear = 1;
  125. break;
  126. case 'r':
  127. rflag = 1; /* verify sender's domain */
  128. break;
  129. case 's': /* save blocked messages */
  130. sflag = 1;
  131. break;
  132. case 't':
  133. fprint(2, "%s: the -t option is no longer supported, see -c\n",
  134. argv0);
  135. tlscert = "/sys/lib/ssl/smtpd-cert.pem";
  136. break;
  137. default:
  138. usage();
  139. }ARGEND;
  140. nci = getnetconninfo(netdir, 0);
  141. if(nci == nil)
  142. sysfatal("can't get remote system's address");
  143. parseip(rsysip, nci->rsys);
  144. if(mailer == nil)
  145. mailer = mailerpath("send");
  146. if(debug){
  147. close(2);
  148. snprint(buf, sizeof(buf), "%s/smtpd.db", UPASLOG);
  149. if (open(buf, OWRITE) >= 0) {
  150. seek(2, 0, 2);
  151. fprint(2, "%d smtpd %s\n", getpid(), thedate());
  152. } else
  153. debug = 0;
  154. }
  155. getconf();
  156. Binit(&bin, 0, OREAD);
  157. if (chdir(UPASLOG) < 0)
  158. syslog(0, "smtpd", "no %s: %r", UPASLOG);
  159. me = sysname_read();
  160. if(dom == 0 || dom[0] == 0)
  161. dom = domainname_read();
  162. if(dom == 0 || dom[0] == 0)
  163. dom = me;
  164. sayhi();
  165. parseinit();
  166. /* allow 45 minutes to parse the header */
  167. atnotify(catchalarm, 1);
  168. alarm(45*60*1000);
  169. zzparse();
  170. exits(0);
  171. }
  172. void
  173. listfree(List *l)
  174. {
  175. Link *lp, *next;
  176. for(lp = l->first; lp; lp = next){
  177. next = lp->next;
  178. s_free(lp->p);
  179. free(lp);
  180. }
  181. l->first = l->last = 0;
  182. }
  183. void
  184. listadd(List *l, String *path)
  185. {
  186. Link *lp;
  187. lp = (Link *)malloc(sizeof *lp);
  188. lp->p = path;
  189. lp->next = 0;
  190. if(l->last)
  191. l->last->next = lp;
  192. else
  193. l->first = lp;
  194. l->last = lp;
  195. }
  196. #define SIZE 4096
  197. int
  198. reply(char *fmt, ...)
  199. {
  200. int n;
  201. char buf[SIZE], *out;
  202. va_list arg;
  203. va_start(arg, fmt);
  204. out = vseprint(buf, buf+SIZE, fmt, arg);
  205. va_end(arg);
  206. n = (long)(out - buf);
  207. if(debug) {
  208. seek(2, 0, 2);
  209. write(2, buf, n);
  210. }
  211. write(1, buf, n);
  212. return n;
  213. }
  214. void
  215. reset(void)
  216. {
  217. if(rejectcheck())
  218. return;
  219. listfree(&rcvers);
  220. listfree(&senders);
  221. if(filterstate != DIALUP){
  222. logged = 0;
  223. filterstate = ACCEPT;
  224. }
  225. reply("250 2.0.0 ok\r\n");
  226. }
  227. void
  228. sayhi(void)
  229. {
  230. reply("220 %s ESMTP\r\n", dom);
  231. }
  232. /*
  233. * make callers from class A networks infested by spammers
  234. * wait longer.
  235. */
  236. static char netaspam[256] = {
  237. [58] 1,
  238. [66] 1,
  239. [71] 1,
  240. [76] 1,
  241. [77] 1,
  242. [78] 1,
  243. [79] 1,
  244. [80] 1,
  245. [81] 1,
  246. [82] 1,
  247. [83] 1,
  248. [84] 1,
  249. [85] 1,
  250. [86] 1,
  251. [87] 1,
  252. [88] 1,
  253. [89] 1,
  254. [190] 1,
  255. [201] 1,
  256. [217] 1,
  257. };
  258. static int
  259. delaysecs(void)
  260. {
  261. if (netaspam[rsysip[0]])
  262. return 60;
  263. return 15;
  264. }
  265. void
  266. hello(String *himp, int extended)
  267. {
  268. char **mynames;
  269. char *ldot, *rdot;
  270. him = s_to_c(himp);
  271. syslog(0, "smtpd", "%s from %s as %s", extended? "ehlo": "helo",
  272. nci->rsys, him);
  273. if(rejectcheck())
  274. return;
  275. if (strchr(him, '.') && nci && !trusted && fflag &&
  276. strcmp(nci->rsys, nci->lsys) != 0){
  277. /*
  278. * We don't care if he lies about who he is, but it is
  279. * not okay to pretend to be us. Many viruses do this,
  280. * just parroting back what we say in the greeting.
  281. */
  282. if(strcmp(him, dom) == 0)
  283. goto Liarliar;
  284. for(mynames = sysnames_read(); mynames && *mynames; mynames++){
  285. if(cistrcmp(*mynames, him) == 0){
  286. Liarliar:
  287. syslog(0, "smtpd",
  288. "Hung up on %s; claimed to be %s",
  289. nci->rsys, him);
  290. reply("554 5.7.0 Liar!\r\n");
  291. exits("client pretended to be us");
  292. return;
  293. }
  294. }
  295. }
  296. /*
  297. * it is unacceptable to claim any string that doesn't look like
  298. * a domain name (e.g., has at least one dot in it), but
  299. * Microsoft mail client software gets this wrong, so let trusted
  300. * (local) clients omit the dot.
  301. */
  302. rdot = strrchr(him, '.');
  303. if (rdot && rdot[1] == '\0') {
  304. *rdot = '\0'; /* clobber trailing dot */
  305. rdot = strrchr(him, '.'); /* try again */
  306. }
  307. if (!trusted && rdot == nil)
  308. goto Liarliar;
  309. /*
  310. * Reject obviously bogus domains and those reserved by RFC 2606.
  311. */
  312. if (rdot == nil)
  313. rdot = him;
  314. else
  315. rdot++;
  316. if (cistrcmp(rdot, "localdomain") == 0 ||
  317. cistrcmp(rdot, "localhost") == 0 ||
  318. cistrcmp(rdot, "example") == 0 ||
  319. cistrcmp(rdot, "invalid") == 0 ||
  320. cistrcmp(rdot, "test") == 0)
  321. goto Liarliar; /* bad top-level domain */
  322. /* check second-level RFC 2606 domains: example\.(com|net|org) */
  323. if (rdot != him)
  324. *--rdot = '\0';
  325. ldot = strrchr(him, '.');
  326. if (rdot != him)
  327. *rdot = '.';
  328. if (ldot == nil)
  329. ldot = him;
  330. else
  331. ldot++;
  332. if (cistrcmp(ldot, "example.com") == 0 ||
  333. cistrcmp(ldot, "example.net") == 0 ||
  334. cistrcmp(ldot, "example.org") == 0)
  335. goto Liarliar;
  336. /*
  337. * similarly, if the claimed domain is not an address-literal,
  338. * require at least one letter, which there will be in
  339. * at least the last component (e.g., .com, .net) if it's real.
  340. * this rejects non-address-literal IP addresses,
  341. * among other bogosities.
  342. */
  343. if (!trusted && him[0] != '[') {
  344. char *p;
  345. for (p = him; *p != '\0'; p++)
  346. if (isascii(*p) && isalpha(*p))
  347. break;
  348. if (*p == '\0')
  349. goto Liarliar;
  350. }
  351. if(strchr(him, '.') == 0 && nci != nil && strchr(nci->rsys, '.') != nil)
  352. him = nci->rsys;
  353. if(Dflag)
  354. sleep(delaysecs()*1000);
  355. reply("250%c%s you are %s\r\n", extended ? '-' : ' ', dom, him);
  356. if (extended) {
  357. reply("250-ENHANCEDSTATUSCODES\r\n"); /* RFCs 2034 and 3463 */
  358. if(tlscert != nil)
  359. reply("250-STARTTLS\r\n");
  360. if (passwordinclear)
  361. reply("250 AUTH CRAM-MD5 PLAIN LOGIN\r\n");
  362. else
  363. reply("250 AUTH CRAM-MD5\r\n");
  364. }
  365. }
  366. void
  367. sender(String *path)
  368. {
  369. String *s;
  370. static char *lastsender;
  371. if(rejectcheck())
  372. return;
  373. if (authenticate && !authenticated) {
  374. rejectcount++;
  375. reply("530 5.7.0 Authentication required\r\n");
  376. return;
  377. }
  378. if(him == 0 || *him == 0){
  379. rejectcount++;
  380. reply("503 Start by saying HELO, please.\r\n", s_to_c(path));
  381. return;
  382. }
  383. /* don't add the domain onto black holes or we will loop */
  384. if(strchr(s_to_c(path), '!') == 0 && strcmp(s_to_c(path), "/dev/null") != 0){
  385. s = s_new();
  386. s_append(s, him);
  387. s_append(s, "!");
  388. s_append(s, s_to_c(path));
  389. s_terminate(s);
  390. s_free(path);
  391. path = s;
  392. }
  393. if(shellchars(s_to_c(path))){
  394. rejectcount++;
  395. reply("501 5.1.3 Bad character in sender address %s.\r\n",
  396. s_to_c(path));
  397. return;
  398. }
  399. /*
  400. * if the last sender address resulted in a rejection because the sending
  401. * domain didn't exist and this sender has the same domain, reject
  402. * immediately.
  403. */
  404. if(lastsender){
  405. if (strncmp(lastsender, s_to_c(path), strlen(lastsender)) == 0){
  406. filterstate = REFUSED;
  407. rejectcount++;
  408. reply("554 5.1.8 Sender domain must exist: %s\r\n",
  409. s_to_c(path));
  410. return;
  411. }
  412. free(lastsender); /* different sender domain */
  413. lastsender = 0;
  414. }
  415. /*
  416. * see if this ip address, domain name, user name or account is blocked
  417. */
  418. filterstate = blocked(path);
  419. logged = 0;
  420. listadd(&senders, path);
  421. reply("250 2.0.0 sender is %s\r\n", s_to_c(path));
  422. }
  423. enum { Rcpt, Domain, Ntoks };
  424. typedef struct Sender Sender;
  425. struct Sender {
  426. Sender *next;
  427. char *rcpt;
  428. char *domain;
  429. };
  430. static Sender *sendlist, *sendlast;
  431. static int
  432. rdsenders(void)
  433. {
  434. int lnlen, nf, ok = 1;
  435. char *line, *senderfile;
  436. char *toks[Ntoks];
  437. Biobuf *sf;
  438. Sender *snd;
  439. static int beenhere = 0;
  440. if (beenhere)
  441. return 1;
  442. beenhere = 1;
  443. /*
  444. * we're sticking with a system-wide sender list because
  445. * per-user lists would require fully resolving recipient
  446. * addresses to determine which users they correspond to
  447. * (barring exploiting syntactic conventions).
  448. */
  449. senderfile = smprint("%s/senders", UPASLIB);
  450. sf = Bopen(senderfile, OREAD);
  451. free(senderfile);
  452. if (sf == nil)
  453. return 1;
  454. while ((line = Brdline(sf, '\n')) != nil) {
  455. if (line[0] == '#' || line[0] == '\n')
  456. continue;
  457. lnlen = Blinelen(sf);
  458. line[lnlen-1] = '\0'; /* clobber newline */
  459. nf = tokenize(line, toks, nelem(toks));
  460. if (nf != nelem(toks))
  461. continue; /* malformed line */
  462. snd = malloc(sizeof *snd);
  463. if (snd == nil)
  464. sysfatal("out of memory: %r");
  465. memset(snd, 0, sizeof *snd);
  466. snd->next = nil;
  467. if (sendlast == nil)
  468. sendlist = snd;
  469. else
  470. sendlast->next = snd;
  471. sendlast = snd;
  472. snd->rcpt = strdup(toks[Rcpt]);
  473. snd->domain = strdup(toks[Domain]);
  474. }
  475. Bterm(sf);
  476. return ok;
  477. }
  478. /*
  479. * read (recipient, sender's DNS) pairs from /mail/lib/senders.
  480. * Only allow mail to recipient from any of sender's IPs.
  481. * A recipient not mentioned in the file is always permitted.
  482. */
  483. static int
  484. senderok(char *rcpt)
  485. {
  486. int mentioned = 0, matched = 0;
  487. uchar dnsip[IPaddrlen];
  488. Sender *snd;
  489. Ndbtuple *nt, *next, *first;
  490. rdsenders();
  491. for (snd = sendlist; snd != nil; snd = snd->next) {
  492. if (strcmp(rcpt, snd->rcpt) != 0)
  493. continue;
  494. /*
  495. * see if this domain's ips match nci->rsys.
  496. * if not, perhaps a later entry's domain will.
  497. */
  498. mentioned = 1;
  499. if (parseip(dnsip, snd->domain) != -1 &&
  500. memcmp(rsysip, dnsip, IPaddrlen) == 0)
  501. return 1;
  502. /*
  503. * NB: nt->line links form a circular list(!).
  504. * we need to make one complete pass over it to free it all.
  505. */
  506. first = nt = dnsquery(nci->root, snd->domain, "ip");
  507. if (first == nil)
  508. continue;
  509. do {
  510. if (strcmp(nt->attr, "ip") == 0 &&
  511. parseip(dnsip, nt->val) != -1 &&
  512. memcmp(rsysip, dnsip, IPaddrlen) == 0)
  513. matched = 1;
  514. next = nt->line;
  515. free(nt);
  516. nt = next;
  517. } while (nt != first);
  518. }
  519. if (matched)
  520. return 1;
  521. else
  522. return !mentioned;
  523. }
  524. void
  525. receiver(String *path)
  526. {
  527. char *sender, *rcpt;
  528. if(rejectcheck())
  529. return;
  530. if(him == 0 || *him == 0){
  531. rejectcount++;
  532. reply("503 Start by saying HELO, please\r\n");
  533. return;
  534. }
  535. if(senders.last)
  536. sender = s_to_c(senders.last->p);
  537. else
  538. sender = "<unknown>";
  539. if(!recipok(s_to_c(path))){
  540. rejectcount++;
  541. syslog(0, "smtpd",
  542. "Disallowed %s (%s/%s) to blocked, unknown or invalid name %s",
  543. sender, him, nci->rsys, s_to_c(path));
  544. reply("550 5.1.1 %s ... user unknown\r\n", s_to_c(path));
  545. return;
  546. }
  547. rcpt = s_to_c(path);
  548. if (!senderok(rcpt)) {
  549. rejectcount++;
  550. syslog(0, "smtpd", "Disallowed sending IP of %s (%s/%s) to %s",
  551. sender, him, nci->rsys, rcpt);
  552. reply("550 5.7.1 %s ... sending system not allowed\r\n", rcpt);
  553. return;
  554. }
  555. logged = 0;
  556. /* forwarding() can modify 'path' on loopback request */
  557. if(filterstate == ACCEPT && fflag && !authenticated && forwarding(path)) {
  558. syslog(0, "smtpd", "Bad Forward %s (%s/%s) (%s)",
  559. s_to_c(senders.last->p), him, nci->rsys, s_to_c(path));
  560. rejectcount++;
  561. reply("550 5.7.1 we don't relay. send to your-path@[] for "
  562. "loopback.\r\n");
  563. return;
  564. }
  565. listadd(&rcvers, path);
  566. reply("250 2.0.0 receiver is %s\r\n", s_to_c(path));
  567. }
  568. void
  569. quit(void)
  570. {
  571. reply("221 2.0.0 Successful termination\r\n");
  572. close(0);
  573. exits(0);
  574. }
  575. void
  576. noop(void)
  577. {
  578. if(rejectcheck())
  579. return;
  580. reply("250 2.0.0 Nothing to see here. Move along ...\r\n");
  581. }
  582. void
  583. help(String *cmd)
  584. {
  585. if(rejectcheck())
  586. return;
  587. if(cmd)
  588. s_free(cmd);
  589. reply("250 2.0.0 See http://www.ietf.org/rfc/rfc2821\r\n");
  590. }
  591. void
  592. verify(String *path)
  593. {
  594. char *p, *q;
  595. char *av[4];
  596. if(rejectcheck())
  597. return;
  598. if(shellchars(s_to_c(path))){
  599. reply("503 5.1.3 Bad character in address %s.\r\n", s_to_c(path));
  600. return;
  601. }
  602. av[0] = s_to_c(mailer);
  603. av[1] = "-x";
  604. av[2] = s_to_c(path);
  605. av[3] = 0;
  606. pp = noshell_proc_start(av, (stream *)0, outstream(), (stream *)0, 1, 0);
  607. if (pp == 0) {
  608. reply("450 4.3.2 We're busy right now, try later\r\n");
  609. return;
  610. }
  611. p = Brdline(pp->std[1]->fp, '\n');
  612. if(p == 0){
  613. reply("550 5.1.0 String does not match anything.\r\n");
  614. } else {
  615. p[Blinelen(pp->std[1]->fp)-1] = 0;
  616. if(strchr(p, ':'))
  617. reply("550 5.1.0 String does not match anything.\r\n");
  618. else{
  619. q = strrchr(p, '!');
  620. if(q)
  621. p = q+1;
  622. reply("250 2.0.0 %s <%s@%s>\r\n", s_to_c(path), p, dom);
  623. }
  624. }
  625. proc_wait(pp);
  626. proc_free(pp);
  627. pp = 0;
  628. }
  629. /*
  630. * get a line that ends in crnl or cr, turn terminating crnl into a nl
  631. *
  632. * return 0 on EOF
  633. */
  634. static int
  635. getcrnl(String *s, Biobuf *fp)
  636. {
  637. int c;
  638. for(;;){
  639. c = Bgetc(fp);
  640. if(debug) {
  641. seek(2, 0, 2);
  642. fprint(2, "%c", c);
  643. }
  644. switch(c){
  645. case 0:
  646. break;
  647. case -1:
  648. goto out;
  649. case '\r':
  650. c = Bgetc(fp);
  651. if(c == '\n'){
  652. if(debug) {
  653. seek(2, 0, 2);
  654. fprint(2, "%c", c);
  655. }
  656. s_putc(s, '\n');
  657. goto out;
  658. }
  659. Bungetc(fp);
  660. s_putc(s, '\r');
  661. break;
  662. case '\n':
  663. s_putc(s, c);
  664. goto out;
  665. default:
  666. s_putc(s, c);
  667. break;
  668. }
  669. }
  670. out:
  671. s_terminate(s);
  672. return s_len(s);
  673. }
  674. void
  675. logcall(int nbytes)
  676. {
  677. Link *l;
  678. String *to, *from;
  679. to = s_new();
  680. from = s_new();
  681. for(l = senders.first; l; l = l->next){
  682. if(l != senders.first)
  683. s_append(from, ", ");
  684. s_append(from, s_to_c(l->p));
  685. }
  686. for(l = rcvers.first; l; l = l->next){
  687. if(l != rcvers.first)
  688. s_append(to, ", ");
  689. s_append(to, s_to_c(l->p));
  690. }
  691. syslog(0, "smtpd", "[%s/%s] %s sent %d bytes to %s", him, nci->rsys,
  692. s_to_c(from), nbytes, s_to_c(to));
  693. s_free(to);
  694. s_free(from);
  695. }
  696. static void
  697. logmsg(char *action)
  698. {
  699. Link *l;
  700. if(logged)
  701. return;
  702. logged = 1;
  703. for(l = rcvers.first; l; l = l->next)
  704. syslog(0, "smtpd", "%s %s (%s/%s) (%s)", action,
  705. s_to_c(senders.last->p), him, nci->rsys, s_to_c(l->p));
  706. }
  707. static int
  708. optoutall(int filterstate)
  709. {
  710. Link *l;
  711. switch(filterstate){
  712. case ACCEPT:
  713. case TRUSTED:
  714. return filterstate;
  715. }
  716. for(l = rcvers.first; l; l = l->next)
  717. if(!optoutofspamfilter(s_to_c(l->p)))
  718. return filterstate;
  719. return ACCEPT;
  720. }
  721. String*
  722. startcmd(void)
  723. {
  724. int n;
  725. char *filename;
  726. char **av;
  727. Link *l;
  728. String *cmd;
  729. /*
  730. * ignore the filterstate if the all the receivers prefer it.
  731. */
  732. filterstate = optoutall(filterstate);
  733. switch (filterstate){
  734. case BLOCKED:
  735. case DELAY:
  736. rejectcount++;
  737. logmsg("Blocked");
  738. filename = dumpfile(s_to_c(senders.last->p));
  739. cmd = s_new();
  740. s_append(cmd, "cat > ");
  741. s_append(cmd, filename);
  742. pp = proc_start(s_to_c(cmd), instream(), 0, outstream(), 0, 0);
  743. break;
  744. case DIALUP:
  745. logmsg("Dialup");
  746. rejectcount++;
  747. reply("554 5.7.1 We don't accept mail from dial-up ports.\r\n");
  748. /*
  749. * we could exit here, because we're never going to accept mail
  750. * from this ip address, but it's unclear that RFC821 allows
  751. * that. Instead we set the hardreject flag and go stupid.
  752. */
  753. hardreject = 1;
  754. return 0;
  755. case DENIED:
  756. logmsg("Denied");
  757. rejectcount++;
  758. reply("554-5.7.1 We don't accept mail from %s.\r\n",
  759. s_to_c(senders.last->p));
  760. reply("554 5.7.1 Contact postmaster@%s for more information.\r\n",
  761. dom);
  762. return 0;
  763. case REFUSED:
  764. logmsg("Refused");
  765. rejectcount++;
  766. reply("554 5.7.1 Sender domain must exist: %s\r\n",
  767. s_to_c(senders.last->p));
  768. return 0;
  769. default:
  770. case NONE:
  771. logmsg("Confused");
  772. rejectcount++;
  773. reply("554-5.7.0 We have had an internal mailer error "
  774. "classifying your message.\r\n");
  775. reply("554-5.7.0 Filterstate is %d\r\n", filterstate);
  776. reply("554 5.7.0 Contact postmaster@%s for more information.\r\n",
  777. dom);
  778. return 0;
  779. case ACCEPT:
  780. case TRUSTED:
  781. /*
  782. * now that all other filters have been passed,
  783. * do grey-list processing.
  784. */
  785. if(gflag)
  786. vfysenderhostok();
  787. /*
  788. * set up mail command
  789. */
  790. cmd = s_clone(mailer);
  791. n = 3;
  792. for(l = rcvers.first; l; l = l->next)
  793. n++;
  794. av = malloc(n * sizeof(char*));
  795. if(av == nil){
  796. reply("450 4.3.2 We're busy right now, try later\r\n");
  797. s_free(cmd);
  798. return 0;
  799. }
  800. n = 0;
  801. av[n++] = s_to_c(cmd);
  802. av[n++] = "-r";
  803. for(l = rcvers.first; l; l = l->next)
  804. av[n++] = s_to_c(l->p);
  805. av[n] = 0;
  806. /*
  807. * start mail process
  808. */
  809. pp = noshell_proc_start(av, instream(), outstream(),
  810. outstream(), 0, 0);
  811. free(av);
  812. break;
  813. }
  814. if(pp == 0) {
  815. reply("450 4.3.2 We're busy right now, try later\r\n");
  816. s_free(cmd);
  817. return 0;
  818. }
  819. return cmd;
  820. }
  821. /*
  822. * print out a header line, expanding any domainless addresses into
  823. * address@him
  824. */
  825. char*
  826. bprintnode(Biobuf *b, Node *p)
  827. {
  828. if(p->s){
  829. if(p->addr && strchr(s_to_c(p->s), '@') == nil){
  830. if(Bprint(b, "%s@%s", s_to_c(p->s), him) < 0)
  831. return nil;
  832. } else {
  833. if(Bwrite(b, s_to_c(p->s), s_len(p->s)) < 0)
  834. return nil;
  835. }
  836. }else{
  837. if(Bputc(b, p->c) < 0)
  838. return nil;
  839. }
  840. if(p->white)
  841. if(Bwrite(b, s_to_c(p->white), s_len(p->white)) < 0)
  842. return nil;
  843. return p->end+1;
  844. }
  845. static String*
  846. getaddr(Node *p)
  847. {
  848. for(; p; p = p->next)
  849. if(p->s && p->addr)
  850. return p->s;
  851. return nil;
  852. }
  853. /*
  854. * add warning headers of the form
  855. * X-warning: <reason>
  856. * for any headers that looked like they might be forged.
  857. *
  858. * return byte count of new headers
  859. */
  860. static int
  861. forgedheaderwarnings(void)
  862. {
  863. int nbytes;
  864. Field *f;
  865. nbytes = 0;
  866. /* warn about envelope sender */
  867. if(strcmp(s_to_c(senders.last->p), "/dev/null") != 0 &&
  868. masquerade(senders.last->p, nil))
  869. nbytes += Bprint(pp->std[0]->fp,
  870. "X-warning: suspect envelope domain\n");
  871. /*
  872. * check Sender: field. If it's OK, ignore the others because this
  873. * is an exploded mailing list.
  874. */
  875. for(f = firstfield; f; f = f->next)
  876. if(f->node->c == SENDER)
  877. if(masquerade(getaddr(f->node), him))
  878. nbytes += Bprint(pp->std[0]->fp,
  879. "X-warning: suspect Sender: domain\n");
  880. else
  881. return nbytes;
  882. /* check From: */
  883. for(f = firstfield; f; f = f->next){
  884. if(f->node->c == FROM && masquerade(getaddr(f->node), him))
  885. nbytes += Bprint(pp->std[0]->fp,
  886. "X-warning: suspect From: domain\n");
  887. }
  888. return nbytes;
  889. }
  890. /*
  891. * pipe message to mailer with the following transformations:
  892. * - change \r\n into \n.
  893. * - add sender's domain to any addrs with no domain
  894. * - add a From: if none of From:, Sender:, or Replyto: exists
  895. * - add a Received: line
  896. */
  897. int
  898. pipemsg(int *byteswritten)
  899. {
  900. int n, nbytes, sawdot, status;
  901. char *cp;
  902. Field *f;
  903. Link *l;
  904. Node *p;
  905. String *hdr, *line;
  906. pipesig(&status); /* set status to 1 on write to closed pipe */
  907. sawdot = 0;
  908. status = 0;
  909. /*
  910. * add a 'From ' line as envelope
  911. */
  912. nbytes = 0;
  913. nbytes += Bprint(pp->std[0]->fp, "From %s %s remote from \n",
  914. s_to_c(senders.first->p), thedate());
  915. /*
  916. * add our own Received: stamp
  917. */
  918. nbytes += Bprint(pp->std[0]->fp, "Received: from %s ", him);
  919. if(nci->rsys)
  920. nbytes += Bprint(pp->std[0]->fp, "([%s]) ", nci->rsys);
  921. nbytes += Bprint(pp->std[0]->fp, "by %s; %s\n", me, thedate());
  922. /*
  923. * read first 16k obeying '.' escape. we're assuming
  924. * the header will all be there.
  925. */
  926. line = s_new();
  927. hdr = s_new();
  928. while(sawdot == 0 && s_len(hdr) < 16*1024){
  929. n = getcrnl(s_reset(line), &bin);
  930. /* eof or error ends the message */
  931. if(n <= 0)
  932. break;
  933. /* a line with only a '.' ends the message */
  934. cp = s_to_c(line);
  935. if(n == 2 && *cp == '.' && *(cp+1) == '\n'){
  936. sawdot = 1;
  937. break;
  938. }
  939. s_append(hdr, *cp == '.' ? cp+1 : cp);
  940. }
  941. /*
  942. * parse header
  943. */
  944. yyinit(s_to_c(hdr), s_len(hdr));
  945. yyparse();
  946. /*
  947. * Look for masquerades. Let Sender: trump From: to allow mailing list
  948. * forwarded messages.
  949. */
  950. if(fflag)
  951. nbytes += forgedheaderwarnings();
  952. /*
  953. * add an orginator and/or destination if either is missing
  954. */
  955. if(originator == 0){
  956. if(senders.last == nil)
  957. Bprint(pp->std[0]->fp, "From: /dev/null@%s\n", him);
  958. else
  959. Bprint(pp->std[0]->fp, "From: %s\n",
  960. s_to_c(senders.last->p));
  961. }
  962. if(destination == 0){
  963. Bprint(pp->std[0]->fp, "To: ");
  964. for(l = rcvers.first; l; l = l->next){
  965. if(l != rcvers.first)
  966. Bprint(pp->std[0]->fp, ", ");
  967. Bprint(pp->std[0]->fp, "%s", s_to_c(l->p));
  968. }
  969. Bprint(pp->std[0]->fp, "\n");
  970. }
  971. /*
  972. * add sender's domain to any domainless addresses
  973. * (to avoid forging local addresses)
  974. */
  975. cp = s_to_c(hdr);
  976. for(f = firstfield; cp != nil && f; f = f->next){
  977. for(p = f->node; cp != 0 && p; p = p->next)
  978. cp = bprintnode(pp->std[0]->fp, p);
  979. if(status == 0 && Bprint(pp->std[0]->fp, "\n") < 0){
  980. piperror = "write error";
  981. status = 1;
  982. }
  983. }
  984. if(cp == nil){
  985. piperror = "sender domain";
  986. status = 1;
  987. }
  988. /* write anything we read following the header */
  989. if(status == 0 &&
  990. Bwrite(pp->std[0]->fp, cp, s_to_c(hdr) + s_len(hdr) - cp) < 0){
  991. piperror = "write error 2";
  992. status = 1;
  993. }
  994. s_free(hdr);
  995. /*
  996. * pass rest of message to mailer. take care of '.'
  997. * escapes.
  998. */
  999. while(sawdot == 0){
  1000. n = getcrnl(s_reset(line), &bin);
  1001. /* eof or error ends the message */
  1002. if(n <= 0)
  1003. break;
  1004. /* a line with only a '.' ends the message */
  1005. cp = s_to_c(line);
  1006. if(n == 2 && *cp == '.' && *(cp+1) == '\n'){
  1007. sawdot = 1;
  1008. break;
  1009. }
  1010. if(cp[0] == '.'){
  1011. cp++;
  1012. n--;
  1013. }
  1014. nbytes += n;
  1015. if(status == 0 && Bwrite(pp->std[0]->fp, cp, n) < 0){
  1016. piperror = "write error 3";
  1017. status = 1;
  1018. }
  1019. }
  1020. s_free(line);
  1021. if(sawdot == 0){
  1022. /* message did not terminate normally */
  1023. snprint(pipbuf, sizeof pipbuf, "network eof: %r");
  1024. piperror = pipbuf;
  1025. syskillpg(pp->pid);
  1026. status = 1;
  1027. }
  1028. if(status == 0 && Bflush(pp->std[0]->fp) < 0){
  1029. piperror = "write error 4";
  1030. status = 1;
  1031. }
  1032. stream_free(pp->std[0]);
  1033. pp->std[0] = 0;
  1034. *byteswritten = nbytes;
  1035. pipesigoff();
  1036. if(status && !piperror)
  1037. piperror = "write on closed pipe";
  1038. return status;
  1039. }
  1040. char*
  1041. firstline(char *x)
  1042. {
  1043. char *p;
  1044. static char buf[128];
  1045. strncpy(buf, x, sizeof(buf));
  1046. buf[sizeof(buf)-1] = 0;
  1047. p = strchr(buf, '\n');
  1048. if(p)
  1049. *p = 0;
  1050. return buf;
  1051. }
  1052. int
  1053. sendermxcheck(void)
  1054. {
  1055. int pid;
  1056. char *cp, *senddom, *user, *who;
  1057. Waitmsg *w;
  1058. who = s_to_c(senders.first->p);
  1059. if(strcmp(who, "/dev/null") == 0){
  1060. /* /dev/null can only send to one rcpt at a time */
  1061. if(rcvers.first != rcvers.last){
  1062. werrstr("rejected: /dev/null sending to multiple "
  1063. "recipients");
  1064. return -1;
  1065. }
  1066. return 0;
  1067. }
  1068. if(access("/mail/lib/validatesender", AEXEC) < 0)
  1069. return 0;
  1070. senddom = strdup(who);
  1071. if((cp = strchr(senddom, '!')) == nil){
  1072. werrstr("rejected: domainless sender %s", who);
  1073. free(senddom);
  1074. return -1;
  1075. }
  1076. *cp++ = 0;
  1077. user = cp;
  1078. switch(pid = fork()){
  1079. case -1:
  1080. werrstr("deferred: fork: %r");
  1081. return -1;
  1082. case 0:
  1083. /*
  1084. * Could add an option with the remote IP address
  1085. * to allow validatesender to implement SPF eventually.
  1086. */
  1087. execl("/mail/lib/validatesender", "validatesender",
  1088. "-n", nci->root, senddom, user, nil);
  1089. _exits("exec validatesender: %r");
  1090. default:
  1091. break;
  1092. }
  1093. free(senddom);
  1094. w = wait();
  1095. if(w == nil){
  1096. werrstr("deferred: wait failed: %r");
  1097. return -1;
  1098. }
  1099. if(w->pid != pid){
  1100. werrstr("deferred: wait returned wrong pid %d != %d",
  1101. w->pid, pid);
  1102. free(w);
  1103. return -1;
  1104. }
  1105. if(w->msg[0] == 0){
  1106. free(w);
  1107. return 0;
  1108. }
  1109. /*
  1110. * skip over validatesender 143123132: prefix from rc.
  1111. */
  1112. cp = strchr(w->msg, ':');
  1113. if(cp && *(cp+1) == ' ')
  1114. werrstr("%s", cp+2);
  1115. else
  1116. werrstr("%s", w->msg);
  1117. free(w);
  1118. return -1;
  1119. }
  1120. void
  1121. data(void)
  1122. {
  1123. int status, nbytes;
  1124. char *cp, *ep;
  1125. char errx[ERRMAX];
  1126. Link *l;
  1127. String *cmd, *err;
  1128. if(rejectcheck())
  1129. return;
  1130. if(senders.last == 0){
  1131. reply("503 2.5.2 Data without MAIL FROM:\r\n");
  1132. rejectcount++;
  1133. return;
  1134. }
  1135. if(rcvers.last == 0){
  1136. reply("503 2.5.2 Data without RCPT TO:\r\n");
  1137. rejectcount++;
  1138. return;
  1139. }
  1140. if(!trusted && sendermxcheck()){
  1141. rerrstr(errx, sizeof errx);
  1142. if(strncmp(errx, "rejected:", 9) == 0)
  1143. reply("554 5.7.1 %s\r\n", errx);
  1144. else
  1145. reply("450 4.7.0 %s\r\n", errx);
  1146. for(l=rcvers.first; l; l=l->next)
  1147. syslog(0, "smtpd", "[%s/%s] %s -> %s sendercheck: %s",
  1148. him, nci->rsys, s_to_c(senders.first->p),
  1149. s_to_c(l->p), errx);
  1150. rejectcount++;
  1151. return;
  1152. }
  1153. cmd = startcmd();
  1154. if(cmd == 0)
  1155. return;
  1156. reply("354 Input message; end with <CRLF>.<CRLF>\r\n");
  1157. /*
  1158. * allow 145 more minutes to move the data
  1159. */
  1160. alarm(145*60*1000);
  1161. status = pipemsg(&nbytes);
  1162. /*
  1163. * read any error messages
  1164. */
  1165. err = s_new();
  1166. while(s_read_line(pp->std[2]->fp, err))
  1167. ;
  1168. alarm(0);
  1169. atnotify(catchalarm, 0);
  1170. status |= proc_wait(pp);
  1171. if(debug){
  1172. seek(2, 0, 2);
  1173. fprint(2, "%d status %ux\n", getpid(), status);
  1174. if(*s_to_c(err))
  1175. fprint(2, "%d error %s\n", getpid(), s_to_c(err));
  1176. }
  1177. /*
  1178. * if process terminated abnormally, send back error message
  1179. */
  1180. if(status){
  1181. int code;
  1182. char *ecode;
  1183. if(strstr(s_to_c(err), "mail refused")){
  1184. syslog(0, "smtpd", "++[%s/%s] %s %s refused: %s",
  1185. him, nci->rsys, s_to_c(senders.first->p),
  1186. s_to_c(cmd), firstline(s_to_c(err)));
  1187. code = 554;
  1188. ecode = "5.0.0";
  1189. } else {
  1190. syslog(0, "smtpd", "++[%s/%s] %s %s %s%s%sreturned %#q %s",
  1191. him, nci->rsys,
  1192. s_to_c(senders.first->p), s_to_c(cmd),
  1193. piperror? "error during pipemsg: ": "",
  1194. piperror? piperror: "",
  1195. piperror? "; ": "",
  1196. pp->waitmsg->msg, firstline(s_to_c(err)));
  1197. code = 450;
  1198. ecode = "4.0.0";
  1199. }
  1200. for(cp = s_to_c(err); ep = strchr(cp, '\n'); cp = ep){
  1201. *ep++ = 0;
  1202. reply("%d-%s %s\r\n", code, ecode, cp);
  1203. }
  1204. reply("%d %s mail process terminated abnormally\r\n",
  1205. code, ecode);
  1206. } else {
  1207. /*
  1208. * if a message appeared on stderr, despite good status,
  1209. * log it. this can happen if rewrite.in contains a bad
  1210. * r.e., for example.
  1211. */
  1212. if(*s_to_c(err))
  1213. syslog(0, "smtpd",
  1214. "%s returned good status, but said: %s",
  1215. s_to_c(mailer), s_to_c(err));
  1216. if(filterstate == BLOCKED)
  1217. reply("554 5.7.1 we believe this is spam. "
  1218. "we don't accept it.\r\n");
  1219. else if(filterstate == DELAY)
  1220. reply("450 4.3.0 There will be a delay in delivery "
  1221. "of this message.\r\n");
  1222. else {
  1223. reply("250 2.5.0 sent\r\n");
  1224. logcall(nbytes);
  1225. }
  1226. }
  1227. proc_free(pp);
  1228. pp = 0;
  1229. s_free(cmd);
  1230. s_free(err);
  1231. listfree(&senders);
  1232. listfree(&rcvers);
  1233. }
  1234. /*
  1235. * when we have blocked a transaction based on IP address, there is nothing
  1236. * that the sender can do to convince us to take the message. after the
  1237. * first rejection, some spammers continually RSET and give a new MAIL FROM:
  1238. * filling our logs with rejections. rejectcheck() limits the retries and
  1239. * swiftly rejects all further commands after the first 500-series message
  1240. * is issued.
  1241. */
  1242. int
  1243. rejectcheck(void)
  1244. {
  1245. if(rejectcount > MAXREJECTS){
  1246. syslog(0, "smtpd", "Rejected (%s/%s)", him, nci->rsys);
  1247. reply("554 5.5.0 too many errors. transaction failed.\r\n");
  1248. exits("errcount");
  1249. }
  1250. if(hardreject){
  1251. rejectcount++;
  1252. reply("554 5.7.1 We don't accept mail from dial-up ports.\r\n");
  1253. }
  1254. return hardreject;
  1255. }
  1256. /*
  1257. * create abs path of the mailer
  1258. */
  1259. String*
  1260. mailerpath(char *p)
  1261. {
  1262. String *s;
  1263. if(p == nil)
  1264. return nil;
  1265. if(*p == '/')
  1266. return s_copy(p);
  1267. s = s_new();
  1268. s_append(s, UPASBIN);
  1269. s_append(s, "/");
  1270. s_append(s, p);
  1271. return s;
  1272. }
  1273. String *
  1274. s_dec64(String *sin)
  1275. {
  1276. int lin, lout;
  1277. String *sout;
  1278. lin = s_len(sin);
  1279. /*
  1280. * if the string is coming from smtpd.y, it will have no nl.
  1281. * if it is coming from getcrnl below, it will have an nl.
  1282. */
  1283. if (*(s_to_c(sin)+lin-1) == '\n')
  1284. lin--;
  1285. sout = s_newalloc(lin+1);
  1286. lout = dec64((uchar *)s_to_c(sout), lin, s_to_c(sin), lin);
  1287. if (lout < 0) {
  1288. s_free(sout);
  1289. return nil;
  1290. }
  1291. sout->ptr = sout->base + lout;
  1292. s_terminate(sout);
  1293. return sout;
  1294. }
  1295. void
  1296. starttls(void)
  1297. {
  1298. int certlen, fd;
  1299. uchar *cert;
  1300. TLSconn *conn;
  1301. if (tlscert == nil) {
  1302. reply("500 5.5.1 illegal command or bad syntax\r\n");
  1303. return;
  1304. }
  1305. conn = mallocz(sizeof *conn, 1);
  1306. cert = readcert(tlscert, &certlen);
  1307. if (conn == nil || cert == nil) {
  1308. if (conn != nil)
  1309. free(conn);
  1310. reply("454 4.7.5 TLS not available\r\n");
  1311. return;
  1312. }
  1313. reply("220 2.0.0 Go ahead make my day\r\n");
  1314. conn->cert = cert;
  1315. conn->certlen = certlen;
  1316. fd = tlsServer(Bfildes(&bin), conn);
  1317. if (fd < 0) {
  1318. free(cert);
  1319. free(conn);
  1320. syslog(0, "smtpd", "TLS start-up failed with %s", him);
  1321. /* force the client to hang up */
  1322. close(Bfildes(&bin)); /* probably fd 0 */
  1323. close(1);
  1324. exits("tls failed");
  1325. }
  1326. Bterm(&bin);
  1327. Binit(&bin, fd, OREAD);
  1328. if (dup(fd, 1) < 0)
  1329. fprint(2, "dup of %d failed: %r\n", fd);
  1330. passwordinclear = 1;
  1331. syslog(0, "smtpd", "started TLS with %s", him);
  1332. }
  1333. void
  1334. auth(String *mech, String *resp)
  1335. {
  1336. char *user, *pass, *scratch = nil;
  1337. AuthInfo *ai = nil;
  1338. Chalstate *chs = nil;
  1339. String *s_resp1_64 = nil, *s_resp2_64 = nil, *s_resp1 = nil;
  1340. String *s_resp2 = nil;
  1341. if (rejectcheck())
  1342. goto bomb_out;
  1343. syslog(0, "smtpd", "auth(%s, %s) from %s", s_to_c(mech),
  1344. "(protected)", him);
  1345. if (authenticated) {
  1346. bad_sequence:
  1347. rejectcount++;
  1348. reply("503 5.5.2 Bad sequence of commands\r\n");
  1349. goto bomb_out;
  1350. }
  1351. if (cistrcmp(s_to_c(mech), "plain") == 0) {
  1352. if (!passwordinclear) {
  1353. rejectcount++;
  1354. reply("538 5.7.1 Encryption required for requested "
  1355. "authentication mechanism\r\n");
  1356. goto bomb_out;
  1357. }
  1358. s_resp1_64 = resp;
  1359. if (s_resp1_64 == nil) {
  1360. reply("334 \r\n");
  1361. s_resp1_64 = s_new();
  1362. if (getcrnl(s_resp1_64, &bin) <= 0)
  1363. goto bad_sequence;
  1364. }
  1365. s_resp1 = s_dec64(s_resp1_64);
  1366. if (s_resp1 == nil) {
  1367. rejectcount++;
  1368. reply("501 5.5.4 Cannot decode base64\r\n");
  1369. goto bomb_out;
  1370. }
  1371. memset(s_to_c(s_resp1_64), 'X', s_len(s_resp1_64));
  1372. user = (s_to_c(s_resp1) + strlen(s_to_c(s_resp1)) + 1);
  1373. pass = user + (strlen(user) + 1);
  1374. ai = auth_userpasswd(user, pass);
  1375. authenticated = ai != nil;
  1376. memset(pass, 'X', strlen(pass));
  1377. goto windup;
  1378. }
  1379. else if (cistrcmp(s_to_c(mech), "login") == 0) {
  1380. if (!passwordinclear) {
  1381. rejectcount++;
  1382. reply("538 5.7.1 Encryption required for requested "
  1383. "authentication mechanism\r\n");
  1384. goto bomb_out;
  1385. }
  1386. if (resp == nil) {
  1387. reply("334 VXNlcm5hbWU6\r\n");
  1388. s_resp1_64 = s_new();
  1389. if (getcrnl(s_resp1_64, &bin) <= 0)
  1390. goto bad_sequence;
  1391. }
  1392. reply("334 UGFzc3dvcmQ6\r\n");
  1393. s_resp2_64 = s_new();
  1394. if (getcrnl(s_resp2_64, &bin) <= 0)
  1395. goto bad_sequence;
  1396. s_resp1 = s_dec64(s_resp1_64);
  1397. s_resp2 = s_dec64(s_resp2_64);
  1398. memset(s_to_c(s_resp2_64), 'X', s_len(s_resp2_64));
  1399. if (s_resp1 == nil || s_resp2 == nil) {
  1400. rejectcount++;
  1401. reply("501 5.5.4 Cannot decode base64\r\n");
  1402. goto bomb_out;
  1403. }
  1404. ai = auth_userpasswd(s_to_c(s_resp1), s_to_c(s_resp2));
  1405. authenticated = ai != nil;
  1406. memset(s_to_c(s_resp2), 'X', s_len(s_resp2));
  1407. windup:
  1408. if (authenticated) {
  1409. /* if you authenticated, we trust you despite your IP */
  1410. trusted = 1;
  1411. reply("235 2.0.0 Authentication successful\r\n");
  1412. } else {
  1413. rejectcount++;
  1414. reply("535 5.7.1 Authentication failed\r\n");
  1415. syslog(0, "smtpd", "authentication failed: %r");
  1416. }
  1417. goto bomb_out;
  1418. }
  1419. else if (cistrcmp(s_to_c(mech), "cram-md5") == 0) {
  1420. int chal64n;
  1421. char *resp, *t;
  1422. chs = auth_challenge("proto=cram role=server");
  1423. if (chs == nil) {
  1424. rejectcount++;
  1425. reply("501 5.7.5 Couldn't get CRAM-MD5 challenge\r\n");
  1426. goto bomb_out;
  1427. }
  1428. scratch = malloc(chs->nchal * 2 + 1);
  1429. chal64n = enc64(scratch, chs->nchal * 2, (uchar *)chs->chal,
  1430. chs->nchal);
  1431. scratch[chal64n] = 0;
  1432. reply("334 %s\r\n", scratch);
  1433. s_resp1_64 = s_new();
  1434. if (getcrnl(s_resp1_64, &bin) <= 0)
  1435. goto bad_sequence;
  1436. s_resp1 = s_dec64(s_resp1_64);
  1437. if (s_resp1 == nil) {
  1438. rejectcount++;
  1439. reply("501 5.5.4 Cannot decode base64\r\n");
  1440. goto bomb_out;
  1441. }
  1442. /* should be of form <user><space><response> */
  1443. resp = s_to_c(s_resp1);
  1444. t = strchr(resp, ' ');
  1445. if (t == nil) {
  1446. rejectcount++;
  1447. reply("501 5.5.4 Poorly formed CRAM-MD5 response\r\n");
  1448. goto bomb_out;
  1449. }
  1450. *t++ = 0;
  1451. chs->user = resp;
  1452. chs->resp = t;
  1453. chs->nresp = strlen(t);
  1454. ai = auth_response(chs);
  1455. authenticated = ai != nil;
  1456. goto windup;
  1457. }
  1458. rejectcount++;
  1459. reply("501 5.5.1 Unrecognised authentication type %s\r\n", s_to_c(mech));
  1460. bomb_out:
  1461. if (ai)
  1462. auth_freeAI(ai);
  1463. if (chs)
  1464. auth_freechal(chs);
  1465. if (scratch)
  1466. free(scratch);
  1467. if (s_resp1)
  1468. s_free(s_resp1);
  1469. if (s_resp2)
  1470. s_free(s_resp2);
  1471. if (s_resp1_64)
  1472. s_free(s_resp1_64);
  1473. if (s_resp2_64)
  1474. s_free(s_resp2_64);
  1475. }