xref: /netbsd-src/external/ibm-public/postfix/dist/src/tlsproxy/tlsproxy_state.c (revision 33881f779a77dce6440bdc44610d94de75bebefe) 
1*33881f77Schristos /*	$NetBSD: tlsproxy_state.c,v 1.3 2020/03/18 19:05:21 christos Exp $	*/
2ff6d749dStron 
3ff6d749dStron /*++
4ff6d749dStron /* NAME
5ff6d749dStron /*	tlsproxy_state 3
6ff6d749dStron /* SUMMARY
7ff6d749dStron /*	Postfix SMTP server
8ff6d749dStron /* SYNOPSIS
9ff6d749dStron /*	#include <tlsproxy.h>
10ff6d749dStron /*
11ff6d749dStron /*	TLSP_STATE *tlsp_state_create(service, plaintext_stream)
12ff6d749dStron /*	const char *service;
13ff6d749dStron /*	VSTREAM	*plaintext_stream;
14ff6d749dStron /*
15ff6d749dStron /*	void	tlsp_state_free(state)
16ff6d749dStron /*	TLSP_STATE *state;
17ff6d749dStron /* DESCRIPTION
18ff6d749dStron /*	This module provides TLSP_STATE constructor and destructor
19ff6d749dStron /*	routines.
20ff6d749dStron /*
21ff6d749dStron /*	tlsp_state_create() initializes session context.
22ff6d749dStron /*
23*33881f77Schristos /*	tlsp_state_free() destroys session context. If the handshake
24*33881f77Schristos /*	was in progress, it logs a 'handshake failed' message.
25ff6d749dStron /*
26ff6d749dStron /*	Arguments:
27ff6d749dStron /* .IP service
28ff6d749dStron /*	The service name for the TLS library. This argument is copied.
29ff6d749dStron /*	The destructor will automatically destroy the string.
30ff6d749dStron /* .IP plaintext_stream
31ff6d749dStron /*	The VSTREAM between postscreen(8) and tlsproxy(8).
32ff6d749dStron /*	The destructor will automatically close the stream.
33ff6d749dStron /* .PP
34ff6d749dStron /*	Other structure members are set by the application. The
35ff6d749dStron /*	text below describes how the TLSP_STATE destructor
36ff6d749dStron /*	disposes of them.
37ff6d749dStron /* .IP plaintext_buf
38ff6d749dStron /*	NBBIO for plaintext I/O.
39ff6d749dStron /*	The destructor will automatically turn off read/write/timeout
40ff6d749dStron /*	events and destroy the NBBIO.
41ff6d749dStron /* .IP ciphertext_fd
42ff6d749dStron /*	The file handle for the remote SMTP client socket.
43ff6d749dStron /*	The destructor will automatically turn off read/write events
44ff6d749dStron /*	and close the file handle.
45ff6d749dStron /* .IP ciphertext_timer
46ff6d749dStron /*	The destructor will automatically turn off this time event.
47ff6d749dStron /* .IP timeout
48ff6d749dStron /*	Time limit for plaintext and ciphertext I/O.
49ff6d749dStron /* .IP remote_endpt
50ff6d749dStron /*	Printable remote endpoint name.
51ff6d749dStron /*	The destructor will automatically destroy the string.
52a30b880eStron /* .IP server_id
53a30b880eStron /*	TLS session cache identifier.
54a30b880eStron /*	The destructor will automatically destroy the string.
55ff6d749dStron /* DIAGNOSTICS
56ff6d749dStron /*	All errors are fatal.
57ff6d749dStron /* LICENSE
58ff6d749dStron /* .ad
59ff6d749dStron /* .fi
60ff6d749dStron /*	The Secure Mailer license must be distributed with this software.
61ff6d749dStron /* AUTHOR(S)
62ff6d749dStron /*	Wietse Venema
63ff6d749dStron /*	IBM T.J. Watson Research
64ff6d749dStron /*	P.O. Box 704
65ff6d749dStron /*	Yorktown Heights, NY 10598, USA
66*33881f77Schristos /*
67*33881f77Schristos /*	Wietse Venema
68*33881f77Schristos /*	Google, Inc.
69*33881f77Schristos /*	111 8th Avenue
70*33881f77Schristos /*	New York, NY 10011, USA
71ff6d749dStron /*--*/
72ff6d749dStron 
73ff6d749dStron  /*
74ff6d749dStron   * System library.
75ff6d749dStron   */
76ff6d749dStron #include <sys_defs.h>
77ff6d749dStron 
78ff6d749dStron  /*
79ff6d749dStron   * Utility library.
80ff6d749dStron   */
81ff6d749dStron #include <msg.h>
82ff6d749dStron #include <mymalloc.h>
83ff6d749dStron #include <nbbio.h>
84ff6d749dStron 
85ff6d749dStron  /*
86ff6d749dStron   * Master library.
87ff6d749dStron   */
88ff6d749dStron #include <mail_server.h>
89ff6d749dStron 
90ff6d749dStron  /*
91ff6d749dStron   * TLS library.
92ff6d749dStron   */
93ff6d749dStron #ifdef USE_TLS
94ff6d749dStron #define TLS_INTERNAL			/* XXX */
95ff6d749dStron #include <tls.h>
96*33881f77Schristos #include <tls_proxy.h>
97ff6d749dStron 
98ff6d749dStron  /*
99ff6d749dStron   * Application-specific.
100ff6d749dStron   */
101ff6d749dStron #include <tlsproxy.h>
102ff6d749dStron 
103ff6d749dStron /* tlsp_state_create - create TLS proxy state object */
104ff6d749dStron 
tlsp_state_create(const char * service,VSTREAM * plaintext_stream)105ff6d749dStron TLSP_STATE *tlsp_state_create(const char *service,
106ff6d749dStron 			              VSTREAM *plaintext_stream)
107ff6d749dStron {
108ff6d749dStron     TLSP_STATE *state = (TLSP_STATE *) mymalloc(sizeof(*state));
109ff6d749dStron 
110ff6d749dStron     state->flags = TLSP_FLAG_DO_HANDSHAKE;
111ff6d749dStron     state->service = mystrdup(service);
112ff6d749dStron     state->plaintext_stream = plaintext_stream;
113ff6d749dStron     state->plaintext_buf = 0;
114ff6d749dStron     state->ciphertext_fd = -1;
115ff6d749dStron     state->ciphertext_timer = 0;
116ff6d749dStron     state->timeout = -1;
117ff6d749dStron     state->remote_endpt = 0;
118a30b880eStron     state->server_id = 0;
119ff6d749dStron     state->tls_context = 0;
120*33881f77Schristos     state->tls_params = 0;
121*33881f77Schristos     state->server_init_props = 0;
122*33881f77Schristos     state->server_start_props = 0;
123*33881f77Schristos     state->client_init_props = 0;
124*33881f77Schristos     state->client_start_props = 0;
125ff6d749dStron 
126ff6d749dStron     return (state);
127ff6d749dStron }
128ff6d749dStron 
129ff6d749dStron /* tlsp_state_free - destroy state objects, connection and events */
130ff6d749dStron 
tlsp_state_free(TLSP_STATE * state)131ff6d749dStron void    tlsp_state_free(TLSP_STATE *state)
132ff6d749dStron {
133*33881f77Schristos     /* Don't log failure after plaintext EOF. */
134*33881f77Schristos     if (state->remote_endpt && state->server_id
135*33881f77Schristos 	&& (state->flags & TLSP_FLAG_DO_HANDSHAKE))
136*33881f77Schristos 	msg_info("TLS handshake failed for service=%s peer=%s",
137*33881f77Schristos 		 state->server_id, state->remote_endpt);
138ff6d749dStron     myfree(state->service);
139ff6d749dStron     if (state->plaintext_buf)			/* turns off plaintext events */
140ff6d749dStron 	nbbio_free(state->plaintext_buf);
141*33881f77Schristos     else
142*33881f77Schristos 	event_disable_readwrite(vstream_fileno(state->plaintext_stream));
143ff6d749dStron     event_server_disconnect(state->plaintext_stream);
144ff6d749dStron     if (state->ciphertext_fd >= 0) {
145ff6d749dStron 	event_disable_readwrite(state->ciphertext_fd);
146ff6d749dStron 	(void) close(state->ciphertext_fd);
147ff6d749dStron     }
148ff6d749dStron     if (state->ciphertext_timer)
149e262b48eSchristos 	event_cancel_timer(state->ciphertext_timer, (void *) state);
150ff6d749dStron     if (state->remote_endpt) {
151ff6d749dStron 	msg_info("DISCONNECT %s", state->remote_endpt);
152ff6d749dStron 	myfree(state->remote_endpt);
153ff6d749dStron     }
154a30b880eStron     if (state->server_id)
155a30b880eStron 	myfree(state->server_id);
156ff6d749dStron     if (state->tls_context)
157ff6d749dStron 	tls_free_context(state->tls_context);
158*33881f77Schristos     if (state->tls_params)
159*33881f77Schristos 	tls_proxy_client_param_free(state->tls_params);
160*33881f77Schristos     if (state->server_init_props)
161*33881f77Schristos 	tls_proxy_server_init_free(state->server_init_props);
162*33881f77Schristos     if (state->server_start_props)
163*33881f77Schristos 	tls_proxy_server_start_free(state->server_start_props);
164*33881f77Schristos     if (state->client_init_props)
165*33881f77Schristos 	tls_proxy_client_init_free(state->client_init_props);
166*33881f77Schristos     if (state->client_start_props)
167*33881f77Schristos 	tls_proxy_client_start_free(state->client_start_props);
168e262b48eSchristos     myfree((void *) state);
169ff6d749dStron }
170ff6d749dStron 
171ff6d749dStron #endif
172