1 /* $NetBSD: tlsproxy.c,v 1.3 2020/03/18 19:05:21 christos Exp $ */ 2 3 /*++ 4 /* NAME 5 /* tlsproxy 8 6 /* SUMMARY 7 /* Postfix TLS proxy 8 /* SYNOPSIS 9 /* \fBtlsproxy\fR [generic Postfix daemon options] 10 /* DESCRIPTION 11 /* The \fBtlsproxy\fR(8) server implements a two-way TLS proxy. It 12 /* is used by the \fBpostscreen\fR(8) server to talk SMTP-over-TLS 13 /* with remote SMTP clients that are not whitelisted (including 14 /* clients whose whitelist status has expired), and by the 15 /* \fBsmtp\fR(8) client to support TLS connection reuse, but it 16 /* should also work for non-SMTP protocols. 17 /* 18 /* Although one \fBtlsproxy\fR(8) process can serve multiple 19 /* sessions at the same time, it is a good idea to allow the 20 /* number of processes to increase with load, so that the 21 /* service remains responsive. 22 /* PROTOCOL EXAMPLE 23 /* .ad 24 /* .fi 25 /* The example below concerns \fBpostscreen\fR(8). However, 26 /* the \fBtlsproxy\fR(8) server is agnostic of the application 27 /* protocol, and the example is easily adapted to other 28 /* applications. 29 /* 30 /* After receiving a valid remote SMTP client STARTTLS command, 31 /* the \fBpostscreen\fR(8) server sends the remote SMTP client 32 /* endpoint string, the requested role (server), and the 33 /* requested timeout to \fBtlsproxy\fR(8). \fBpostscreen\fR(8) 34 /* then receives a "TLS available" indication from \fBtlsproxy\fR(8). 35 /* If the TLS service is available, \fBpostscreen\fR(8) sends 36 /* the remote SMTP client file descriptor to \fBtlsproxy\fR(8), 37 /* and sends the plaintext 220 greeting to the remote SMTP 38 /* client. This triggers TLS negotiations between the remote 39 /* SMTP client and \fBtlsproxy\fR(8). Upon completion of the 40 /* TLS-level handshake, \fBtlsproxy\fR(8) translates between 41 /* plaintext from/to \fBpostscreen\fR(8) and ciphertext to/from 42 /* the remote SMTP client. 43 /* SECURITY 44 /* .ad 45 /* .fi 46 /* The \fBtlsproxy\fR(8) server is moderately security-sensitive. 47 /* It talks to untrusted clients on the network. The process 48 /* can be run chrooted at fixed low privilege. 49 /* DIAGNOSTICS 50 /* Problems and transactions are logged to \fBsyslogd\fR(8) 51 /* or \fBpostlogd\fR(8). 52 /* CONFIGURATION PARAMETERS 53 /* .ad 54 /* .fi 55 /* Changes to \fBmain.cf\fR are not picked up automatically, 56 /* as \fBtlsproxy\fR(8) processes may run for a long time 57 /* depending on mail server load. Use the command "\fBpostfix 58 /* reload\fR" to speed up a change. 59 /* 60 /* The text below provides only a parameter summary. See 61 /* \fBpostconf\fR(5) for more details including examples. 62 /* STARTTLS GLOBAL CONTROLS 63 /* .ad 64 /* .fi 65 /* The following settings are global and therefore cannot be 66 /* overruled by information specified in a \fBtlsproxy\fR(8) 67 /* client request. 68 /* .IP "\fBtls_append_default_CA (no)\fR" 69 /* Append the system-supplied default Certification Authority 70 /* certificates to the ones specified with *_tls_CApath or *_tls_CAfile. 71 /* .IP "\fBtls_daemon_random_bytes (32)\fR" 72 /* The number of pseudo-random bytes that an \fBsmtp\fR(8) or \fBsmtpd\fR(8) 73 /* process requests from the \fBtlsmgr\fR(8) server in order to seed its 74 /* internal pseudo random number generator (PRNG). 75 /* .IP "\fBtls_high_cipherlist (see 'postconf -d' output)\fR" 76 /* The OpenSSL cipherlist for "high" grade ciphers. 77 /* .IP "\fBtls_medium_cipherlist (see 'postconf -d' output)\fR" 78 /* The OpenSSL cipherlist for "medium" or higher grade ciphers. 79 /* .IP "\fBtls_low_cipherlist (see 'postconf -d' output)\fR" 80 /* The OpenSSL cipherlist for "low" or higher grade ciphers. 81 /* .IP "\fBtls_export_cipherlist (see 'postconf -d' output)\fR" 82 /* The OpenSSL cipherlist for "export" or higher grade ciphers. 83 /* .IP "\fBtls_null_cipherlist (eNULL:!aNULL)\fR" 84 /* The OpenSSL cipherlist for "NULL" grade ciphers that provide 85 /* authentication without encryption. 86 /* .IP "\fBtls_eecdh_strong_curve (prime256v1)\fR" 87 /* The elliptic curve used by the Postfix SMTP server for sensibly 88 /* strong 89 /* ephemeral ECDH key exchange. 90 /* .IP "\fBtls_eecdh_ultra_curve (secp384r1)\fR" 91 /* The elliptic curve used by the Postfix SMTP server for maximally 92 /* strong 93 /* ephemeral ECDH key exchange. 94 /* .IP "\fBtls_disable_workarounds (see 'postconf -d' output)\fR" 95 /* List or bit-mask of OpenSSL bug work-arounds to disable. 96 /* .IP "\fBtls_preempt_cipherlist (no)\fR" 97 /* With SSLv3 and later, use the Postfix SMTP server's cipher 98 /* preference order instead of the remote client's cipher preference 99 /* order. 100 /* .PP 101 /* Available in Postfix version 2.9 and later: 102 /* .IP "\fBtls_legacy_public_key_fingerprints (no)\fR" 103 /* A temporary migration aid for sites that use certificate 104 /* \fIpublic-key\fR fingerprints with Postfix 2.9.0..2.9.5, which use 105 /* an incorrect algorithm. 106 /* .PP 107 /* Available in Postfix version 2.11-3.1: 108 /* .IP "\fBtls_dane_digest_agility (on)\fR" 109 /* Configure RFC7671 DANE TLSA digest algorithm agility. 110 /* .IP "\fBtls_dane_trust_anchor_digest_enable (yes)\fR" 111 /* Enable support for RFC 6698 (DANE TLSA) DNS records that contain 112 /* digests of trust-anchors with certificate usage "2". 113 /* .PP 114 /* Available in Postfix version 2.11 and later: 115 /* .IP "\fBtlsmgr_service_name (tlsmgr)\fR" 116 /* The name of the \fBtlsmgr\fR(8) service entry in master.cf. 117 /* .PP 118 /* Available in Postfix version 3.0 and later: 119 /* .IP "\fBtls_session_ticket_cipher (Postfix >= 3.0: aes-256-cbc, Postfix < 3.0: aes-128-cbc)\fR" 120 /* Algorithm used to encrypt RFC5077 TLS session tickets. 121 /* .IP "\fBopenssl_path (openssl)\fR" 122 /* The location of the OpenSSL command line program \fBopenssl\fR(1). 123 /* .PP 124 /* Available in Postfix version 3.2 and later: 125 /* .IP "\fBtls_eecdh_auto_curves (see 'postconf -d' output)\fR" 126 /* The prioritized list of elliptic curves supported by the Postfix 127 /* SMTP client and server. 128 /* .PP 129 /* Available in Postfix version 3.4 and later: 130 /* .IP "\fBtls_server_sni_maps (empty)\fR" 131 /* Optional lookup tables that map names received from remote SMTP 132 /* clients via the TLS Server Name Indication (SNI) extension to the 133 /* appropriate keys and certificate chains. 134 /* .PP 135 /* Available in Postfix 3.5, 3.4.6, 3.3.5, 3.2.10, 3.1.13 and later: 136 /* .IP "\fBtls_fast_shutdown_enable (yes)\fR" 137 /* A workaround for implementations that hang Postfix while shutting 138 /* down a TLS session, until Postfix times out. 139 /* STARTTLS SERVER CONTROLS 140 /* .ad 141 /* .fi 142 /* These settings are clones of Postfix SMTP server settings. 143 /* They allow \fBtlsproxy\fR(8) to load the same certificate 144 /* and private key information as the Postfix SMTP server, 145 /* before dropping privileges, so that the key files can be 146 /* kept read-only for root. These settings can currently not 147 /* be overruled by information in a \fBtlsproxy\fR(8) client 148 /* request, but that limitation may be removed in a future 149 /* version. 150 /* .IP "\fBtlsproxy_tls_CAfile ($smtpd_tls_CAfile)\fR" 151 /* A file containing (PEM format) CA certificates of root CAs 152 /* trusted to sign either remote SMTP client certificates or intermediate 153 /* CA certificates. 154 /* .IP "\fBtlsproxy_tls_CApath ($smtpd_tls_CApath)\fR" 155 /* A directory containing (PEM format) CA certificates of root CAs 156 /* trusted to sign either remote SMTP client certificates or intermediate 157 /* CA certificates. 158 /* .IP "\fBtlsproxy_tls_always_issue_session_ids ($smtpd_tls_always_issue_session_ids)\fR" 159 /* Force the Postfix \fBtlsproxy\fR(8) server to issue a TLS session id, 160 /* even when TLS session caching is turned off. 161 /* .IP "\fBtlsproxy_tls_ask_ccert ($smtpd_tls_ask_ccert)\fR" 162 /* Ask a remote SMTP client for a client certificate. 163 /* .IP "\fBtlsproxy_tls_ccert_verifydepth ($smtpd_tls_ccert_verifydepth)\fR" 164 /* The verification depth for remote SMTP client certificates. 165 /* .IP "\fBtlsproxy_tls_cert_file ($smtpd_tls_cert_file)\fR" 166 /* File with the Postfix \fBtlsproxy\fR(8) server RSA certificate in PEM 167 /* format. 168 /* .IP "\fBtlsproxy_tls_ciphers ($smtpd_tls_ciphers)\fR" 169 /* The minimum TLS cipher grade that the Postfix \fBtlsproxy\fR(8) server 170 /* will use with opportunistic TLS encryption. 171 /* .IP "\fBtlsproxy_tls_dcert_file ($smtpd_tls_dcert_file)\fR" 172 /* File with the Postfix \fBtlsproxy\fR(8) server DSA certificate in PEM 173 /* format. 174 /* .IP "\fBtlsproxy_tls_dh1024_param_file ($smtpd_tls_dh1024_param_file)\fR" 175 /* File with DH parameters that the Postfix \fBtlsproxy\fR(8) server 176 /* should use with non-export EDH ciphers. 177 /* .IP "\fBtlsproxy_tls_dh512_param_file ($smtpd_tls_dh512_param_file)\fR" 178 /* File with DH parameters that the Postfix \fBtlsproxy\fR(8) server 179 /* should use with export-grade EDH ciphers. 180 /* .IP "\fBtlsproxy_tls_dkey_file ($smtpd_tls_dkey_file)\fR" 181 /* File with the Postfix \fBtlsproxy\fR(8) server DSA private key in PEM 182 /* format. 183 /* .IP "\fBtlsproxy_tls_eccert_file ($smtpd_tls_eccert_file)\fR" 184 /* File with the Postfix \fBtlsproxy\fR(8) server ECDSA certificate in PEM 185 /* format. 186 /* .IP "\fBtlsproxy_tls_eckey_file ($smtpd_tls_eckey_file)\fR" 187 /* File with the Postfix \fBtlsproxy\fR(8) server ECDSA private key in PEM 188 /* format. 189 /* .IP "\fBtlsproxy_tls_eecdh_grade ($smtpd_tls_eecdh_grade)\fR" 190 /* The Postfix \fBtlsproxy\fR(8) server security grade for ephemeral 191 /* elliptic-curve Diffie-Hellman (EECDH) key exchange. 192 /* .IP "\fBtlsproxy_tls_exclude_ciphers ($smtpd_tls_exclude_ciphers)\fR" 193 /* List of ciphers or cipher types to exclude from the \fBtlsproxy\fR(8) 194 /* server cipher list at all TLS security levels. 195 /* .IP "\fBtlsproxy_tls_fingerprint_digest ($smtpd_tls_fingerprint_digest)\fR" 196 /* The message digest algorithm to construct remote SMTP 197 /* client-certificate 198 /* fingerprints. 199 /* .IP "\fBtlsproxy_tls_key_file ($smtpd_tls_key_file)\fR" 200 /* File with the Postfix \fBtlsproxy\fR(8) server RSA private key in PEM 201 /* format. 202 /* .IP "\fBtlsproxy_tls_loglevel ($smtpd_tls_loglevel)\fR" 203 /* Enable additional Postfix \fBtlsproxy\fR(8) server logging of TLS 204 /* activity. 205 /* .IP "\fBtlsproxy_tls_mandatory_ciphers ($smtpd_tls_mandatory_ciphers)\fR" 206 /* The minimum TLS cipher grade that the Postfix \fBtlsproxy\fR(8) server 207 /* will use with mandatory TLS encryption. 208 /* .IP "\fBtlsproxy_tls_mandatory_exclude_ciphers ($smtpd_tls_mandatory_exclude_ciphers)\fR" 209 /* Additional list of ciphers or cipher types to exclude from the 210 /* \fBtlsproxy\fR(8) server cipher list at mandatory TLS security levels. 211 /* .IP "\fBtlsproxy_tls_mandatory_protocols ($smtpd_tls_mandatory_protocols)\fR" 212 /* The SSL/TLS protocols accepted by the Postfix \fBtlsproxy\fR(8) server 213 /* with mandatory TLS encryption. 214 /* .IP "\fBtlsproxy_tls_protocols ($smtpd_tls_protocols)\fR" 215 /* List of TLS protocols that the Postfix \fBtlsproxy\fR(8) server will 216 /* exclude or include with opportunistic TLS encryption. 217 /* .IP "\fBtlsproxy_tls_req_ccert ($smtpd_tls_req_ccert)\fR" 218 /* With mandatory TLS encryption, require a trusted remote SMTP 219 /* client certificate in order to allow TLS connections to proceed. 220 /* .IP "\fBtlsproxy_tls_security_level ($smtpd_tls_security_level)\fR" 221 /* The SMTP TLS security level for the Postfix \fBtlsproxy\fR(8) server; 222 /* when a non-empty value is specified, this overrides the obsolete 223 /* parameters smtpd_use_tls and smtpd_enforce_tls. 224 /* .IP "\fBtlsproxy_tls_chain_files ($smtpd_tls_chain_files)\fR" 225 /* Files with the Postfix \fBtlsproxy\fR(8) server keys and certificate 226 /* chains in PEM format. 227 /* STARTTLS CLIENT CONTROLS 228 /* .ad 229 /* .fi 230 /* These settings are clones of Postfix SMTP client settings. 231 /* They allow \fBtlsproxy\fR(8) to load the same certificate 232 /* and private key information as the Postfix SMTP client, 233 /* before dropping privileges, so that the key files can be 234 /* kept read-only for root. Some settings may be overruled by 235 /* information in a \fBtlsproxy\fR(8) client request. 236 /* .PP 237 /* Available in Postfix version 3.4 and later: 238 /* .IP "\fBtlsproxy_client_CAfile ($smtp_tls_CAfile)\fR" 239 /* A file containing CA certificates of root CAs trusted to sign 240 /* either remote TLS server certificates or intermediate CA certificates. 241 /* .IP "\fBtlsproxy_client_CApath ($smtp_tls_CApath)\fR" 242 /* Directory with PEM format Certification Authority certificates 243 /* that the Postfix \fBtlsproxy\fR(8) client uses to verify a remote TLS 244 /* server certificate. 245 /* .IP "\fBtlsproxy_client_chain_files ($smtp_tls_chain_files)\fR" 246 /* Files with the Postfix \fBtlsproxy\fR(8) client keys and certificate 247 /* chains in PEM format. 248 /* .IP "\fBtlsproxy_client_cert_file ($smtp_tls_cert_file)\fR" 249 /* File with the Postfix \fBtlsproxy\fR(8) client RSA certificate in PEM 250 /* format. 251 /* .IP "\fBtlsproxy_client_key_file ($smtp_tls_key_file)\fR" 252 /* File with the Postfix \fBtlsproxy\fR(8) client RSA private key in PEM 253 /* format. 254 /* .IP "\fBtlsproxy_client_dcert_file ($smtp_tls_dcert_file)\fR" 255 /* File with the Postfix \fBtlsproxy\fR(8) client DSA certificate in PEM 256 /* format. 257 /* .IP "\fBtlsproxy_client_dkey_file ($smtp_tls_dkey_file)\fR" 258 /* File with the Postfix \fBtlsproxy\fR(8) client DSA private key in PEM 259 /* format. 260 /* .IP "\fBtlsproxy_client_eccert_file ($smtp_tls_eccert_file)\fR" 261 /* File with the Postfix \fBtlsproxy\fR(8) client ECDSA certificate in PEM 262 /* format. 263 /* .IP "\fBtlsproxy_client_eckey_file ($smtp_tls_eckey_file)\fR" 264 /* File with the Postfix \fBtlsproxy\fR(8) client ECDSA private key in PEM 265 /* format. 266 /* .IP "\fBtlsproxy_client_fingerprint_digest ($smtp_tls_fingerprint_digest)\fR" 267 /* The message digest algorithm used to construct remote TLS server 268 /* certificate fingerprints. 269 /* .IP "\fBtlsproxy_client_loglevel ($smtp_tls_loglevel)\fR" 270 /* Enable additional Postfix \fBtlsproxy\fR(8) client logging of TLS 271 /* activity. 272 /* .IP "\fBtlsproxy_client_loglevel_parameter (smtp_tls_loglevel)\fR" 273 /* The name of the parameter that provides the tlsproxy_client_loglevel 274 /* value. 275 /* .IP "\fBtlsproxy_client_scert_verifydepth ($smtp_tls_scert_verifydepth)\fR" 276 /* The verification depth for remote TLS server certificates. 277 /* .IP "\fBtlsproxy_client_security_level ($smtp_tls_security_level)\fR" 278 /* The default TLS security level for the Postfix \fBtlsproxy\fR(8) 279 /* client. 280 /* .IP "\fBtlsproxy_client_policy_maps ($smtp_tls_policy_maps)\fR" 281 /* Optional lookup tables with the Postfix \fBtlsproxy\fR(8) client TLS 282 /* security policy by next-hop destination. 283 /* .IP "\fBtlsproxy_client_use_tls ($smtp_use_tls)\fR" 284 /* Opportunistic mode: use TLS when a remote server announces TLS 285 /* support. 286 /* .IP "\fBtlsproxy_client_enforce_tls ($smtp_enforce_tls)\fR" 287 /* Enforcement mode: require that SMTP servers use TLS encryption. 288 /* .IP "\fBtlsproxy_client_per_site ($smtp_tls_per_site)\fR" 289 /* Optional lookup tables with the Postfix \fBtlsproxy\fR(8) client TLS 290 /* usage policy by next-hop destination and by remote TLS server 291 /* hostname. 292 /* OBSOLETE STARTTLS SUPPORT CONTROLS 293 /* .ad 294 /* .fi 295 /* These parameters are supported for compatibility with 296 /* \fBsmtpd\fR(8) legacy parameters. 297 /* .IP "\fBtlsproxy_use_tls ($smtpd_use_tls)\fR" 298 /* Opportunistic TLS: announce STARTTLS support to remote SMTP clients, 299 /* but do not require that clients use TLS encryption. 300 /* .IP "\fBtlsproxy_enforce_tls ($smtpd_enforce_tls)\fR" 301 /* Mandatory TLS: announce STARTTLS support to remote SMTP clients, and 302 /* require that clients use TLS encryption. 303 /* RESOURCE CONTROLS 304 /* .ad 305 /* .fi 306 /* .IP "\fBtlsproxy_watchdog_timeout (10s)\fR" 307 /* How much time a \fBtlsproxy\fR(8) process may take to process local 308 /* or remote I/O before it is terminated by a built-in watchdog timer. 309 /* MISCELLANEOUS CONTROLS 310 /* .ad 311 /* .fi 312 /* .IP "\fBconfig_directory (see 'postconf -d' output)\fR" 313 /* The default location of the Postfix main.cf and master.cf 314 /* configuration files. 315 /* .IP "\fBprocess_id (read-only)\fR" 316 /* The process ID of a Postfix command or daemon process. 317 /* .IP "\fBprocess_name (read-only)\fR" 318 /* The process name of a Postfix command or daemon process. 319 /* .IP "\fBsyslog_facility (mail)\fR" 320 /* The syslog facility of Postfix logging. 321 /* .IP "\fBsyslog_name (see 'postconf -d' output)\fR" 322 /* A prefix that is prepended to the process name in syslog 323 /* records, so that, for example, "smtpd" becomes "prefix/smtpd". 324 /* .PP 325 /* Available in Postfix 3.3 and later: 326 /* .IP "\fBservice_name (read-only)\fR" 327 /* The master.cf service name of a Postfix daemon process. 328 /* SEE ALSO 329 /* postscreen(8), Postfix zombie blocker 330 /* smtpd(8), Postfix SMTP server 331 /* postconf(5), configuration parameters 332 /* postlogd(8), Postfix logging 333 /* syslogd(8), system logging 334 /* LICENSE 335 /* .ad 336 /* .fi 337 /* The Secure Mailer license must be distributed with this software. 338 /* HISTORY 339 /* .ad 340 /* .fi 341 /* This service was introduced with Postfix version 2.8. 342 /* AUTHOR(S) 343 /* Wietse Venema 344 /* IBM T.J. Watson Research 345 /* P.O. Box 704 346 /* Yorktown Heights, NY 10598, USA 347 /* 348 /* Wietse Venema 349 /* Google, Inc. 350 /* 111 8th Avenue 351 /* New York, NY 10011, USA 352 /*--*/ 353 354 /* 355 * System library. 356 */ 357 #include <sys_defs.h> 358 #include <errno.h> 359 360 #ifdef STRCASECMP_IN_STRINGS_H 361 #include <strings.h> 362 #endif 363 364 /* 365 * Utility library. 366 */ 367 #include <msg.h> 368 #include <vstream.h> 369 #include <iostuff.h> 370 #include <nbbio.h> 371 #include <mymalloc.h> 372 #include <split_at.h> 373 374 /* 375 * Global library. 376 */ 377 #include <been_here.h> 378 #include <mail_proto.h> 379 #include <mail_params.h> 380 #include <mail_conf.h> 381 #include <mail_version.h> 382 383 /* 384 * Master library. 385 */ 386 #include <mail_server.h> 387 388 /* 389 * TLS library. 390 */ 391 #ifdef USE_TLS 392 #define TLS_INTERNAL /* XXX */ 393 #include <tls.h> 394 #include <tls_proxy.h> 395 396 /* 397 * Application-specific. 398 */ 399 #include <tlsproxy.h> 400 401 /* 402 * Tunable parameters. We define our clones of the smtpd(8) parameters to 403 * avoid any confusion about which parameters are used by this program. 404 */ 405 int var_smtpd_tls_ccert_vd; 406 char *var_smtpd_tls_loglevel; 407 bool var_smtpd_use_tls; 408 bool var_smtpd_enforce_tls; 409 bool var_smtpd_tls_ask_ccert; 410 bool var_smtpd_tls_req_ccert; 411 bool var_smtpd_tls_set_sessid; 412 char *var_smtpd_relay_ccerts; 413 char *var_smtpd_tls_chain_files; 414 char *var_smtpd_tls_cert_file; 415 char *var_smtpd_tls_key_file; 416 char *var_smtpd_tls_dcert_file; 417 char *var_smtpd_tls_dkey_file; 418 char *var_smtpd_tls_eccert_file; 419 char *var_smtpd_tls_eckey_file; 420 char *var_smtpd_tls_CAfile; 421 char *var_smtpd_tls_CApath; 422 char *var_smtpd_tls_ciph; 423 char *var_smtpd_tls_mand_ciph; 424 char *var_smtpd_tls_excl_ciph; 425 char *var_smtpd_tls_mand_excl; 426 char *var_smtpd_tls_proto; 427 char *var_smtpd_tls_mand_proto; 428 char *var_smtpd_tls_dh512_param_file; 429 char *var_smtpd_tls_dh1024_param_file; 430 char *var_smtpd_tls_eecdh; 431 char *var_smtpd_tls_fpt_dgst; 432 char *var_smtpd_tls_level; 433 434 int var_tlsp_tls_ccert_vd; 435 char *var_tlsp_tls_loglevel; 436 bool var_tlsp_use_tls; 437 bool var_tlsp_enforce_tls; 438 bool var_tlsp_tls_ask_ccert; 439 bool var_tlsp_tls_req_ccert; 440 bool var_tlsp_tls_set_sessid; 441 char *var_tlsp_tls_chain_files; 442 char *var_tlsp_tls_cert_file; 443 char *var_tlsp_tls_key_file; 444 char *var_tlsp_tls_dcert_file; 445 char *var_tlsp_tls_dkey_file; 446 char *var_tlsp_tls_eccert_file; 447 char *var_tlsp_tls_eckey_file; 448 char *var_tlsp_tls_CAfile; 449 char *var_tlsp_tls_CApath; 450 char *var_tlsp_tls_ciph; 451 char *var_tlsp_tls_mand_ciph; 452 char *var_tlsp_tls_excl_ciph; 453 char *var_tlsp_tls_mand_excl; 454 char *var_tlsp_tls_proto; 455 char *var_tlsp_tls_mand_proto; 456 char *var_tlsp_tls_dh512_param_file; 457 char *var_tlsp_tls_dh1024_param_file; 458 char *var_tlsp_tls_eecdh; 459 char *var_tlsp_tls_fpt_dgst; 460 char *var_tlsp_tls_level; 461 462 int var_tlsp_watchdog; 463 464 /* 465 * Defaults for tlsp_clnt_*. 466 */ 467 char *var_smtp_tls_loglevel; 468 int var_smtp_tls_scert_vd; 469 char *var_smtp_tls_chain_files; 470 char *var_smtp_tls_cert_file; 471 char *var_smtp_tls_key_file; 472 char *var_smtp_tls_dcert_file; 473 char *var_smtp_tls_dkey_file; 474 char *var_smtp_tls_eccert_file; 475 char *var_smtp_tls_eckey_file; 476 char *var_smtp_tls_CAfile; 477 char *var_smtp_tls_CApath; 478 char *var_smtp_tls_fpt_dgst; 479 char *var_smtp_tls_level; 480 bool var_smtp_use_tls; 481 bool var_smtp_enforce_tls; 482 char *var_smtp_tls_per_site; 483 char *var_smtp_tls_policy; 484 485 char *var_tlsp_clnt_loglevel; 486 char *var_tlsp_clnt_logparam; 487 int var_tlsp_clnt_scert_vd; 488 char *var_tlsp_clnt_chain_files; 489 char *var_tlsp_clnt_cert_file; 490 char *var_tlsp_clnt_key_file; 491 char *var_tlsp_clnt_dcert_file; 492 char *var_tlsp_clnt_dkey_file; 493 char *var_tlsp_clnt_eccert_file; 494 char *var_tlsp_clnt_eckey_file; 495 char *var_tlsp_clnt_CAfile; 496 char *var_tlsp_clnt_CApath; 497 char *var_tlsp_clnt_fpt_dgst; 498 char *var_tlsp_clnt_level; 499 bool var_tlsp_clnt_use_tls; 500 bool var_tlsp_clnt_enforce_tls; 501 char *var_tlsp_clnt_per_site; 502 char *var_tlsp_clnt_policy; 503 504 /* 505 * TLS per-process status. 506 */ 507 static TLS_APPL_STATE *tlsp_server_ctx; 508 static bool tlsp_pre_jail_done; 509 static int ask_client_cert; 510 static char *tlsp_pre_jail_client_param_key; /* pre-jail global params */ 511 static char *tlsp_pre_jail_client_init_key; /* pre-jail init props */ 512 513 /* 514 * TLS per-client status. 515 */ 516 static HTABLE *tlsp_client_app_cache; /* per-client init props */ 517 static BH_TABLE *tlsp_params_mismatch_filter; /* per-client nag filter */ 518 519 /* 520 * Error handling: if a function detects an error, then that function is 521 * responsible for destroying TLSP_STATE. Exceptions to this principle are 522 * indicated in the code. 523 */ 524 525 /* 526 * Internal status API. 527 */ 528 #define TLSP_STAT_OK 0 529 #define TLSP_STAT_ERR (-1) 530 531 /* 532 * SLMs. 533 */ 534 #define STR(x) vstring_str(x) 535 #define LEN(x) VSTRING_LEN(x) 536 537 /* 538 * The code that implements the TLS engine looks simpler than expected. That 539 * is the result of a great deal of effort, mainly in design and analysis. 540 * 541 * The initial use case was to provide TLS support for postscreen(8). 542 * 543 * By design, postscreen(8) is an event-driven server that must scale up to a 544 * large number of clients. This means that postscreen(8) must avoid doing 545 * CPU-intensive operations such as those in OpenSSL. 546 * 547 * tlsproxy(8) runs the OpenSSL code on behalf of postscreen(8), translating 548 * plaintext SMTP messages from postscreen(8) into SMTP-over-TLS messages to 549 * the remote SMTP client, and vice versa. As long as postscreen(8) does not 550 * receive email messages, the cost of doing TLS operations will be modest. 551 * 552 * Like postscreen(8), one tlsproxy(8) process services multiple remote SMTP 553 * clients. Unlike postscreen(8), there can be more than one tlsproxy(8) 554 * process, although their number is meant to be much smaller than the 555 * number of remote SMTP clients that talk TLS. 556 * 557 * As with postscreen(8), all I/O must be event-driven: encrypted traffic 558 * between tlsproxy(8) and remote SMTP clients, and plaintext traffic 559 * between tlsproxy(8) and postscreen(8). Event-driven plaintext I/O is 560 * straightforward enough that it could be abstracted away with the nbbio(3) 561 * module. 562 * 563 * The event-driven TLS I/O implementation is founded on on-line OpenSSL 564 * documentation, supplemented by statements from OpenSSL developers on 565 * public mailing lists. After some field experience with this code, we may 566 * be able to factor it out as a library module, like nbbio(3), that can 567 * become part of the TLS library. 568 * 569 * Later in the life cycle, tlsproxy(8) has also become an enabler for TLS 570 * connection reuse across different SMTP client processes. 571 */ 572 573 static void tlsp_ciphertext_event(int, void *); 574 575 #define TLSP_INIT_TIMEOUT 100 576 577 static void tlsp_plaintext_event(int event, void *context); 578 579 /* tlsp_drain - delayed exit after "postfix reload" */ 580 581 static void tlsp_drain(char *unused_service, char **unused_argv) 582 { 583 int count; 584 585 /* 586 * After "postfix reload", complete work-in-progress in the background, 587 * instead of dropping already-accepted connections on the floor. 588 * 589 * All error retry counts shall be limited. Instead of blocking here, we 590 * could retry failed fork() operations in the event call-back routines, 591 * but we don't need perfection. The host system is severely overloaded 592 * and service levels are already way down. 593 */ 594 for (count = 0; /* see below */ ; count++) { 595 if (count >= 5) { 596 msg_fatal("fork: %m"); 597 } else if (event_server_drain() != 0) { 598 msg_warn("fork: %m"); 599 sleep(1); 600 continue; 601 } else { 602 return; 603 } 604 } 605 } 606 607 /* tlsp_eval_tls_error - translate TLS "error" result into action */ 608 609 static int tlsp_eval_tls_error(TLSP_STATE *state, int err) 610 { 611 int ciphertext_fd = state->ciphertext_fd; 612 613 /* 614 * The ciphertext file descriptor is in non-blocking mode, meaning that 615 * each SSL_accept/connect/read/write/shutdown request may return an 616 * "error" indication that it needs to read or write more ciphertext. The 617 * purpose of this routine is to translate those "error" indications into 618 * the appropriate read/write/timeout event requests. 619 */ 620 switch (err) { 621 622 /* 623 * No error means a successful SSL_accept/connect/shutdown request or 624 * sequence of SSL_read/write requests. Disable read/write events on 625 * the ciphertext stream. Keep the ciphertext stream timer alive as a 626 * safety mechanism for the case that the plaintext pseudothreads get 627 * stuck. 628 */ 629 case SSL_ERROR_NONE: 630 if (state->ssl_last_err != SSL_ERROR_NONE) { 631 event_disable_readwrite(ciphertext_fd); 632 event_request_timer(tlsp_ciphertext_event, (void *) state, 633 state->timeout); 634 state->ssl_last_err = SSL_ERROR_NONE; 635 } 636 return (TLSP_STAT_OK); 637 638 /* 639 * The TLS engine wants to write to the network. Turn on 640 * write/timeout events on the ciphertext stream. 641 */ 642 case SSL_ERROR_WANT_WRITE: 643 if (state->ssl_last_err == SSL_ERROR_WANT_READ) 644 event_disable_readwrite(ciphertext_fd); 645 if (state->ssl_last_err != SSL_ERROR_WANT_WRITE) { 646 event_enable_write(ciphertext_fd, tlsp_ciphertext_event, 647 (void *) state); 648 state->ssl_last_err = SSL_ERROR_WANT_WRITE; 649 } 650 event_request_timer(tlsp_ciphertext_event, (void *) state, 651 state->timeout); 652 return (TLSP_STAT_OK); 653 654 /* 655 * The TLS engine wants to read from the network. Turn on 656 * read/timeout events on the ciphertext stream. 657 */ 658 case SSL_ERROR_WANT_READ: 659 if (state->ssl_last_err == SSL_ERROR_WANT_WRITE) 660 event_disable_readwrite(ciphertext_fd); 661 if (state->ssl_last_err != SSL_ERROR_WANT_READ) { 662 event_enable_read(ciphertext_fd, tlsp_ciphertext_event, 663 (void *) state); 664 state->ssl_last_err = SSL_ERROR_WANT_READ; 665 } 666 event_request_timer(tlsp_ciphertext_event, (void *) state, 667 state->timeout); 668 return (TLSP_STAT_OK); 669 670 /* 671 * Some error. Self-destruct. This automagically cleans up all 672 * pending read/write and timeout event requests, making state a 673 * dangling pointer. 674 */ 675 case SSL_ERROR_SSL: 676 tls_print_errors(); 677 /* FALLTHROUGH */ 678 default: 679 680 /* 681 * Allow buffered-up plaintext output to trickle out. Permanently 682 * disable read/write activity on the ciphertext stream, so that this 683 * function will no longer be called. Keep the ciphertext stream 684 * timer alive as a safety mechanism for the case that the plaintext 685 * pseudothreads get stuck. Return into tlsp_strategy(), which will 686 * enable plaintext write events. 687 */ 688 #define TLSP_CAN_TRICKLE_OUT_PLAINTEXT(buf) \ 689 ((buf) && !NBBIO_ERROR_FLAGS(buf) && NBBIO_WRITE_PEND(buf)) 690 691 if (TLSP_CAN_TRICKLE_OUT_PLAINTEXT(state->plaintext_buf)) { 692 event_disable_readwrite(ciphertext_fd); 693 event_request_timer(tlsp_ciphertext_event, (void *) state, 694 state->timeout); 695 state->flags |= TLSP_FLAG_NO_MORE_CIPHERTEXT_IO; 696 return (TLSP_STAT_OK); 697 } 698 tlsp_state_free(state); 699 return (TLSP_STAT_ERR); 700 } 701 } 702 703 /* tlsp_post_handshake - post-handshake processing */ 704 705 static int tlsp_post_handshake(TLSP_STATE *state) 706 { 707 708 /* 709 * Do not assume that tls_server_post_accept() and 710 * tls_client_post_connect() will always succeed. 711 */ 712 if (state->is_server_role) 713 state->tls_context = tls_server_post_accept(state->tls_context); 714 else 715 state->tls_context = tls_client_post_connect(state->tls_context, 716 state->client_start_props); 717 if (state->tls_context == 0) { 718 tlsp_state_free(state); 719 return (TLSP_STAT_ERR); 720 } 721 722 /* 723 * Report TLS handshake results to the tlsproxy client. 724 * 725 * Security: this sends internal data over the same local plaintext stream 726 * that will also be used for sending decrypted remote content from an 727 * arbitrary remote peer. For this reason we enable decrypted I/O only 728 * after reporting the TLS handshake results. The Postfix attribute 729 * protocol is robust enough that an attacker cannot append content. 730 */ 731 if ((state->req_flags & TLS_PROXY_FLAG_SEND_CONTEXT) != 0 732 && (attr_print(state->plaintext_stream, ATTR_FLAG_NONE, 733 SEND_ATTR_FUNC(tls_proxy_context_print, 734 (void *) state->tls_context), 735 ATTR_TYPE_END) != 0 736 || vstream_fflush(state->plaintext_stream) != 0)) { 737 msg_warn("cannot send TLS context: %m"); 738 tlsp_state_free(state); 739 return (TLSP_STAT_ERR); 740 } 741 742 /* 743 * Initialize plaintext-related session state. Once we have this behind 744 * us, the TLSP_STATE destructor will automagically clean up requests for 745 * plaintext read/write/timeout events, which makes error recovery 746 * easier. 747 */ 748 state->plaintext_buf = 749 nbbio_create(vstream_fileno(state->plaintext_stream), 750 VSTREAM_BUFSIZE, state->server_id, 751 tlsp_plaintext_event, 752 (void *) state); 753 return (TLSP_STAT_OK); 754 } 755 756 /* tlsp_strategy - decide what to read or write next. */ 757 758 static void tlsp_strategy(TLSP_STATE *state) 759 { 760 TLS_SESS_STATE *tls_context = state->tls_context; 761 NBBIO *plaintext_buf; 762 int ssl_stat; 763 int ssl_read_err; 764 int ssl_write_err; 765 int handshake_err; 766 767 /* 768 * This function is called after every ciphertext or plaintext event, to 769 * schedule new ciphertext or plaintext I/O. 770 */ 771 772 /* 773 * Try to make an SSL I/O request. If this fails with SSL_ERROR_WANT_READ 774 * or SSL_ERROR_WANT_WRITE, enable ciphertext read or write events, and 775 * retry the SSL I/O request in a later tlsp_strategy() call. 776 */ 777 if ((state->flags & TLSP_FLAG_NO_MORE_CIPHERTEXT_IO) == 0) { 778 779 /* 780 * Do not enable plain-text I/O before completing the TLS handshake. 781 * Otherwise the remote peer can prepend plaintext to the optional 782 * TLS_SESS_STATE object. 783 */ 784 if (state->flags & TLSP_FLAG_DO_HANDSHAKE) { 785 state->timeout = state->handshake_timeout; 786 if (state->is_server_role) 787 ssl_stat = SSL_accept(tls_context->con); 788 else 789 ssl_stat = SSL_connect(tls_context->con); 790 if (ssl_stat != 1) { 791 handshake_err = SSL_get_error(tls_context->con, ssl_stat); 792 tlsp_eval_tls_error(state, handshake_err); 793 /* At this point, state could be a dangling pointer. */ 794 return; 795 } 796 state->flags &= ~TLSP_FLAG_DO_HANDSHAKE; 797 state->timeout = state->session_timeout; 798 if (tlsp_post_handshake(state) != TLSP_STAT_OK) { 799 /* At this point, state is a dangling pointer. */ 800 return; 801 } 802 } 803 804 /* 805 * Shutdown and self-destruct after NBBIO error. This automagically 806 * cleans up all pending read/write and timeout event requests. 807 * Before shutting down TLS, we stop all plain-text I/O events but 808 * keep the NBBIO error flags. 809 */ 810 plaintext_buf = state->plaintext_buf; 811 if (NBBIO_ERROR_FLAGS(plaintext_buf)) { 812 if (NBBIO_ACTIVE_FLAGS(plaintext_buf)) 813 nbbio_disable_readwrite(state->plaintext_buf); 814 if (!SSL_in_init(tls_context->con) 815 && (ssl_stat = SSL_shutdown(tls_context->con)) < 0) { 816 handshake_err = SSL_get_error(tls_context->con, ssl_stat); 817 tlsp_eval_tls_error(state, handshake_err); 818 /* At this point, state could be a dangling pointer. */ 819 return; 820 } 821 tlsp_state_free(state); 822 return; 823 } 824 825 /* 826 * Try to move data from the plaintext input buffer to the TLS 827 * engine. 828 * 829 * XXX We're supposed to repeat the exact same SSL_write() call 830 * arguments after an SSL_ERROR_WANT_READ or SSL_ERROR_WANT_WRITE 831 * result. Rumor has it that this is because each SSL_write() call 832 * reads from the buffer incrementally, and returns > 0 only after 833 * the final byte is processed. Rumor also has it that setting 834 * SSL_MODE_ENABLE_PARTIAL_WRITE and 835 * SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER voids this requirement, and 836 * that repeating the request with an increased request size is OK. 837 * Unfortunately all this is not or poorly documented, and one has to 838 * rely on statements from OpenSSL developers in public mailing 839 * archives. 840 */ 841 ssl_write_err = SSL_ERROR_NONE; 842 while (NBBIO_READ_PEND(plaintext_buf) > 0) { 843 ssl_stat = SSL_write(tls_context->con, NBBIO_READ_BUF(plaintext_buf), 844 NBBIO_READ_PEND(plaintext_buf)); 845 ssl_write_err = SSL_get_error(tls_context->con, ssl_stat); 846 if (ssl_write_err != SSL_ERROR_NONE) 847 break; 848 /* Allow the plaintext pseudothread to read more data. */ 849 NBBIO_READ_PEND(plaintext_buf) -= ssl_stat; 850 if (NBBIO_READ_PEND(plaintext_buf) > 0) 851 memmove(NBBIO_READ_BUF(plaintext_buf), 852 NBBIO_READ_BUF(plaintext_buf) + ssl_stat, 853 NBBIO_READ_PEND(plaintext_buf)); 854 } 855 856 /* 857 * Try to move data from the TLS engine to the plaintext output 858 * buffer. Note: data may arrive as a side effect of calling 859 * SSL_write(), therefore we call SSL_read() after calling 860 * SSL_write(). 861 * 862 * XXX We're supposed to repeat the exact same SSL_read() call arguments 863 * after an SSL_ERROR_WANT_READ or SSL_ERROR_WANT_WRITE result. This 864 * supposedly means that our plaintext writer must not memmove() the 865 * plaintext output buffer until after the SSL_read() call succeeds. 866 * For now I'll ignore this, because 1) SSL_read() is documented to 867 * return the bytes available, instead of returning > 0 only after 868 * the entire buffer is processed like SSL_write() does; and 2) there 869 * is no "read" equivalent of the SSL_R_BAD_WRITE_RETRY, 870 * SSL_MODE_ENABLE_PARTIAL_WRITE or 871 * SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER features. 872 */ 873 ssl_read_err = SSL_ERROR_NONE; 874 while (NBBIO_WRITE_PEND(state->plaintext_buf) < NBBIO_BUFSIZE(plaintext_buf)) { 875 ssl_stat = SSL_read(tls_context->con, 876 NBBIO_WRITE_BUF(plaintext_buf) 877 + NBBIO_WRITE_PEND(state->plaintext_buf), 878 NBBIO_BUFSIZE(plaintext_buf) 879 - NBBIO_WRITE_PEND(state->plaintext_buf)); 880 ssl_read_err = SSL_get_error(tls_context->con, ssl_stat); 881 if (ssl_read_err != SSL_ERROR_NONE) 882 break; 883 NBBIO_WRITE_PEND(plaintext_buf) += ssl_stat; 884 } 885 886 /* 887 * Try to enable/disable ciphertext read/write events. If SSL_write() 888 * was satisfied, see if SSL_read() wants to do some work. In case of 889 * an unrecoverable error, this automagically destroys the session 890 * state after cleaning up all pending read/write and timeout event 891 * requests. 892 */ 893 if (tlsp_eval_tls_error(state, ssl_write_err != SSL_ERROR_NONE ? 894 ssl_write_err : ssl_read_err) < 0) 895 /* At this point, state is a dangling pointer. */ 896 return; 897 } 898 899 /* 900 * Destroy state when the ciphertext I/O was permanently disabled and we 901 * can no longer trickle out plaintext. 902 */ 903 else { 904 plaintext_buf = state->plaintext_buf; 905 if (!TLSP_CAN_TRICKLE_OUT_PLAINTEXT(plaintext_buf)) { 906 tlsp_state_free(state); 907 return; 908 } 909 } 910 911 /* 912 * Try to enable/disable plaintext read/write events. Basically, if we 913 * have nothing to write to the plaintext stream, see if there is 914 * something to read. If the write buffer is empty and the read buffer is 915 * full, suspend plaintext I/O until conditions change (but keep the 916 * timer active, as a safety mechanism in case ciphertext I/O gets 917 * stuck). 918 * 919 * XXX In theory, if the ciphertext peer keeps writing fast enough then we 920 * would never read from the plaintext stream and cause the latter to 921 * block. In practice, postscreen(8) limits the number of client 922 * commands, and thus postscreen(8)'s output will fit in a kernel buffer. 923 * A remote SMTP server is not supposed to flood the local SMTP client 924 * with massive replies; it it does, then the local SMTP client should 925 * deal with it. 926 */ 927 if (NBBIO_WRITE_PEND(plaintext_buf) > 0) { 928 if (NBBIO_ACTIVE_FLAGS(plaintext_buf) & NBBIO_FLAG_READ) 929 nbbio_disable_readwrite(plaintext_buf); 930 nbbio_enable_write(plaintext_buf, state->timeout); 931 } else if (NBBIO_READ_PEND(plaintext_buf) < NBBIO_BUFSIZE(plaintext_buf)) { 932 if (NBBIO_ACTIVE_FLAGS(plaintext_buf) & NBBIO_FLAG_WRITE) 933 nbbio_disable_readwrite(plaintext_buf); 934 nbbio_enable_read(plaintext_buf, state->timeout); 935 } else { 936 if (NBBIO_ACTIVE_FLAGS(plaintext_buf)) 937 nbbio_slumber(plaintext_buf, state->timeout); 938 } 939 } 940 941 /* tlsp_plaintext_event - plaintext was read/written */ 942 943 static void tlsp_plaintext_event(int event, void *context) 944 { 945 TLSP_STATE *state = (TLSP_STATE *) context; 946 947 /* 948 * Safety alert: the plaintext pseudothreads have "slumbered" for too 949 * long (see code above). This means that the ciphertext pseudothreads 950 * are stuck. 951 */ 952 if ((NBBIO_ERROR_FLAGS(state->plaintext_buf) & NBBIO_FLAG_TIMEOUT) != 0 953 && NBBIO_ACTIVE_FLAGS(state->plaintext_buf) == 0) 954 msg_warn("deadlock on ciphertext stream for %s", state->remote_endpt); 955 956 /* 957 * This is easy, because the NBBIO layer has already done the event 958 * decoding and plaintext I/O for us. All we need to do is decide if we 959 * want to read or write more plaintext. 960 */ 961 tlsp_strategy(state); 962 /* At this point, state could be a dangling pointer. */ 963 } 964 965 /* tlsp_ciphertext_event - ciphertext is ready to read/write */ 966 967 static void tlsp_ciphertext_event(int event, void *context) 968 { 969 TLSP_STATE *state = (TLSP_STATE *) context; 970 971 /* 972 * Without a TLS quivalent of the NBBIO layer, we must decode the events 973 * ourselves and do the ciphertext I/O. Then, we can decide if we want to 974 * read or write more ciphertext. 975 */ 976 if (event == EVENT_READ || event == EVENT_WRITE) { 977 tlsp_strategy(state); 978 /* At this point, state could be a dangling pointer. */ 979 } else { 980 if (event == EVENT_TIME && state->ssl_last_err == SSL_ERROR_NONE) 981 msg_warn("deadlock on plaintext stream for %s", 982 state->remote_endpt); 983 else 984 msg_warn("ciphertext read/write %s for %s", 985 event == EVENT_TIME ? "timeout" : "error", 986 state->remote_endpt); 987 tlsp_state_free(state); 988 } 989 } 990 991 /* tlsp_client_start_pre_handshake - turn on TLS or force disconnect */ 992 993 static int tlsp_client_start_pre_handshake(TLSP_STATE *state) 994 { 995 state->client_start_props->ctx = state->appl_state; 996 state->client_start_props->fd = state->ciphertext_fd; 997 /* These predicates and warning belong inside tls_client_start(). */ 998 if (!TLS_DANE_BASED(state->client_start_props->tls_level) 999 || tls_dane_avail()) 1000 state->tls_context = tls_client_start(state->client_start_props); 1001 else 1002 msg_warn("%s: DANE requested, but not available", 1003 state->client_start_props->namaddr); 1004 if (state->tls_context != 0) 1005 return (TLSP_STAT_OK); 1006 1007 tlsp_state_free(state); 1008 return (TLSP_STAT_ERR); 1009 } 1010 1011 /* tlsp_server_start_pre_handshake - turn on TLS or force disconnect */ 1012 1013 static int tlsp_server_start_pre_handshake(TLSP_STATE *state) 1014 { 1015 TLS_SERVER_START_PROPS props; 1016 static char *cipher_grade; 1017 static VSTRING *cipher_exclusions; 1018 1019 /* 1020 * The code in this routine is pasted literally from smtpd(8). I am not 1021 * going to sanitize this because doing so surely will break things in 1022 * unexpected ways. 1023 */ 1024 1025 /* 1026 * Perform the before-handshake portion of per-session initialization. 1027 * Pass a null VSTREAM to indicate that this program will do the 1028 * ciphertext I/O, not libtls. 1029 * 1030 * The cipher grade and exclusions don't change between sessions. Compute 1031 * just once and cache. 1032 */ 1033 #define ADD_EXCLUDE(vstr, str) \ 1034 do { \ 1035 if (*(str)) \ 1036 vstring_sprintf_append((vstr), "%s%s", \ 1037 VSTRING_LEN(vstr) ? " " : "", (str)); \ 1038 } while (0) 1039 1040 if (cipher_grade == 0) { 1041 cipher_grade = 1042 var_tlsp_enforce_tls ? var_tlsp_tls_mand_ciph : var_tlsp_tls_ciph; 1043 cipher_exclusions = vstring_alloc(10); 1044 ADD_EXCLUDE(cipher_exclusions, var_tlsp_tls_excl_ciph); 1045 if (var_tlsp_enforce_tls) 1046 ADD_EXCLUDE(cipher_exclusions, var_tlsp_tls_mand_excl); 1047 if (ask_client_cert) 1048 ADD_EXCLUDE(cipher_exclusions, "aNULL"); 1049 } 1050 state->tls_context = 1051 TLS_SERVER_START(&props, 1052 ctx = tlsp_server_ctx, 1053 stream = (VSTREAM *) 0,/* unused */ 1054 fd = state->ciphertext_fd, 1055 timeout = 0, /* unused */ 1056 requirecert = (var_tlsp_tls_req_ccert 1057 && var_tlsp_enforce_tls), 1058 serverid = state->server_id, 1059 namaddr = state->remote_endpt, 1060 cipher_grade = cipher_grade, 1061 cipher_exclusions = STR(cipher_exclusions), 1062 mdalg = var_tlsp_tls_fpt_dgst); 1063 1064 if (state->tls_context == 0) { 1065 tlsp_state_free(state); 1066 return (TLSP_STAT_ERR); 1067 } 1068 1069 /* 1070 * XXX Do we care about TLS session rate limits? Good postscreen(8) 1071 * clients will occasionally require the tlsproxy to renew their 1072 * whitelist status, but bad clients hammering the server can suck up 1073 * lots of CPU cycles. Per-client concurrency limits in postscreen(8) 1074 * will divert only naive security "researchers". 1075 */ 1076 return (TLSP_STAT_OK); 1077 } 1078 1079 /* 1080 * From here on down is low-level code that sets up the plumbing before 1081 * passing control to the TLS engine above. 1082 */ 1083 1084 /* tlsp_request_read_event - pre-handshake event boiler plate */ 1085 1086 static void tlsp_request_read_event(int fd, EVENT_NOTIFY_FN handler, 1087 int timeout, void *context) 1088 { 1089 event_enable_read(fd, handler, context); 1090 event_request_timer(handler, context, timeout); 1091 } 1092 1093 /* tlsp_accept_event - pre-handshake event boiler plate */ 1094 1095 static void tlsp_accept_event(int event, EVENT_NOTIFY_FN handler, 1096 void *context) 1097 { 1098 if (event != EVENT_TIME) 1099 event_cancel_timer(handler, context); 1100 else 1101 errno = ETIMEDOUT; 1102 /* tlsp_state_free() disables pre-handshake plaintext I/O events. */ 1103 } 1104 1105 /* tlsp_get_fd_event - receive final connection hand-off information */ 1106 1107 static void tlsp_get_fd_event(int event, void *context) 1108 { 1109 const char *myname = "tlsp_get_fd_event"; 1110 TLSP_STATE *state = (TLSP_STATE *) context; 1111 int plaintext_fd = vstream_fileno(state->plaintext_stream); 1112 int status; 1113 1114 /* 1115 * At this point we still manually manage plaintext read/write/timeout 1116 * events. Disable I/O events on the plaintext stream until the TLS 1117 * handshake is completed. Every code path must either destroy state, or 1118 * request the next event, otherwise we have a file and memory leak. 1119 */ 1120 tlsp_accept_event(event, tlsp_get_fd_event, (void *) state); 1121 event_disable_readwrite(plaintext_fd); 1122 1123 if (event != EVENT_READ 1124 || (state->ciphertext_fd = LOCAL_RECV_FD(plaintext_fd)) < 0) { 1125 msg_warn("%s: receive remote SMTP peer file descriptor: %m", myname); 1126 tlsp_state_free(state); 1127 return; 1128 } 1129 1130 /* 1131 * This is a bit early, to ensure that timer events for this file handle 1132 * are guaranteed to be turned off by the TLSP_STATE destructor. 1133 */ 1134 state->ciphertext_timer = tlsp_ciphertext_event; 1135 non_blocking(state->ciphertext_fd, NON_BLOCKING); 1136 1137 /* 1138 * Perform the TLS layer before-handshake initialization. We perform the 1139 * remainder after the actual TLS handshake completes. 1140 */ 1141 if (state->is_server_role) 1142 status = tlsp_server_start_pre_handshake(state); 1143 else 1144 status = tlsp_client_start_pre_handshake(state); 1145 if (status != TLSP_STAT_OK) 1146 /* At this point, state is a dangling pointer. */ 1147 return; 1148 1149 /* 1150 * Trigger the initial proxy server I/Os. 1151 */ 1152 tlsp_strategy(state); 1153 /* At this point, state could be a dangling pointer. */ 1154 } 1155 1156 /* tlsp_config_diff - report server-client config differences */ 1157 1158 static void tlsp_log_config_diff(const char *server_cfg, const char *client_cfg) 1159 { 1160 VSTRING *diff_summary = vstring_alloc(100); 1161 char *saved_server = mystrdup(server_cfg); 1162 char *saved_client = mystrdup(client_cfg); 1163 char *server_field; 1164 char *client_field; 1165 char *server_next; 1166 char *client_next; 1167 1168 /* 1169 * Not using argv_split(), because it would treat multiple consecutive 1170 * newline characters as one. 1171 */ 1172 for (server_field = saved_server, client_field = saved_client; 1173 server_field && client_field; 1174 server_field = server_next, client_field = client_next) { 1175 server_next = split_at(server_field, '\n'); 1176 client_next = split_at(client_field, '\n'); 1177 if (strcmp(server_field, client_field) != 0) { 1178 if (LEN(diff_summary) > 0) 1179 vstring_sprintf_append(diff_summary, "; "); 1180 vstring_sprintf_append(diff_summary, 1181 "(server) '%s' != (client) '%s'", 1182 server_field, client_field); 1183 } 1184 } 1185 msg_warn("%s", STR(diff_summary)); 1186 1187 vstring_free(diff_summary); 1188 myfree(saved_client); 1189 myfree(saved_server); 1190 } 1191 1192 /* tlsp_client_init - initialize a TLS client engine */ 1193 1194 static TLS_APPL_STATE *tlsp_client_init(TLS_CLIENT_PARAMS *tls_params, 1195 TLS_CLIENT_INIT_PROPS *init_props, 1196 int dane_based) 1197 { 1198 TLS_APPL_STATE *appl_state; 1199 VSTRING *param_buf; 1200 char *param_key; 1201 VSTRING *init_buf; 1202 char *init_key; 1203 VSTRING *init_buf_for_hashing; 1204 char *init_key_for_hashing; 1205 int log_hints = 0; 1206 1207 /* 1208 * Use one TLS_APPL_STATE object for all requests that specify the same 1209 * TLS_CLIENT_INIT_PROPS. Each TLS_APPL_STATE owns an SSL_CTX, which is 1210 * expensive to create. Bug: TLS_CLIENT_PARAMS are not used when creating 1211 * a TLS_APPL_STATE instance. 1212 * 1213 * First, compute the TLS_APPL_STATE cache lookup key. Save a copy of the 1214 * pre-jail request TLS_CLIENT_PARAMS and TLSPROXY_CLIENT_INIT_PROPS 1215 * settings, so that we can detect post-jail requests that do not match. 1216 * 1217 * Workaround: salt the hash-table key with DANE on/off info. This avoids 1218 * cross-talk between DANE and non-DANE sessions. Postfix DANE support 1219 * modifies SSL_CTX to override certificate verification because there is 1220 * no other way to do this before OpenSSL 1.1.0. 1221 */ 1222 param_buf = vstring_alloc(100); 1223 param_key = tls_proxy_client_param_with_names_to_string( 1224 param_buf, tls_params); 1225 init_buf = vstring_alloc(100); 1226 init_key = tls_proxy_client_init_with_names_to_string( 1227 init_buf, init_props); 1228 init_buf_for_hashing = vstring_alloc(100); 1229 init_key_for_hashing = STR(vstring_sprintf(init_buf_for_hashing, "%s%d\n", 1230 init_key, dane_based)); 1231 if (tlsp_pre_jail_done == 0) { 1232 if (tlsp_pre_jail_client_param_key == 0 1233 || tlsp_pre_jail_client_init_key == 0) { 1234 tlsp_pre_jail_client_param_key = mystrdup(param_key); 1235 tlsp_pre_jail_client_init_key = mystrdup(init_key); 1236 } else if (strcmp(tlsp_pre_jail_client_param_key, param_key) != 0 1237 || strcmp(tlsp_pre_jail_client_init_key, init_key) != 0) { 1238 msg_panic("tlsp_client_init: too many pre-jail calls"); 1239 } 1240 } 1241 1242 /* 1243 * Log a warning if a post-jail request uses unexpected TLS_CLIENT_PARAMS 1244 * settings. Bug: TLS_CLIENT_PARAMS settings are not used when creating a 1245 * TLS_APPL_STATE instance; this makes a mismatch of TLS_CLIENT_PARAMS 1246 * settings problematic. 1247 */ 1248 if (tlsp_pre_jail_done 1249 && !been_here_fixed(tlsp_params_mismatch_filter, param_key) 1250 && strcmp(tlsp_pre_jail_client_param_key, param_key) != 0) { 1251 msg_warn("request from tlsproxy client with unexpected settings"); 1252 tlsp_log_config_diff(tlsp_pre_jail_client_param_key, param_key); 1253 log_hints = 1; 1254 } 1255 1256 /* 1257 * Look up the cached TLS_APPL_STATE for this tls_client_init request. 1258 */ 1259 if ((appl_state = (TLS_APPL_STATE *) 1260 htable_find(tlsp_client_app_cache, init_key_for_hashing)) == 0) { 1261 1262 /* 1263 * Before creating a TLS_APPL_STATE instance, log a warning if a 1264 * post-jail request differs from the saved pre-jail request AND the 1265 * post-jail request specifies file/directory pathname arguments. 1266 * Unexpected requests containing pathnames are problematic after 1267 * chroot (pathname resolution) and after dropping privileges (key 1268 * files must be root read-only). Unexpected requests are not a 1269 * problem as long as they contain no pathnames (for example a 1270 * tls_loglevel change). 1271 * 1272 * We could eliminate some of this complication by adding code that 1273 * opens a cert/key lookup table at pre-jail time, and by reading 1274 * cert/key info on-the-fly from that table. But then all requests 1275 * would still have to specify the same table. 1276 */ 1277 #define NOT_EMPTY(x) ((x) && *(x)) 1278 1279 if (tlsp_pre_jail_done 1280 && strcmp(tlsp_pre_jail_client_init_key, init_key) != 0 1281 && (NOT_EMPTY(init_props->chain_files) 1282 || NOT_EMPTY(init_props->cert_file) 1283 || NOT_EMPTY(init_props->key_file) 1284 || NOT_EMPTY(init_props->dcert_file) 1285 || NOT_EMPTY(init_props->dkey_file) 1286 || NOT_EMPTY(init_props->eccert_file) 1287 || NOT_EMPTY(init_props->eckey_file) 1288 || NOT_EMPTY(init_props->CAfile) 1289 || NOT_EMPTY(init_props->CApath))) { 1290 msg_warn("request from tlsproxy client with unexpected settings"); 1291 tlsp_log_config_diff(tlsp_pre_jail_client_init_key, init_key); 1292 log_hints = 1; 1293 } 1294 } 1295 if (log_hints) 1296 msg_warn("to avoid this warning, 1) identify the tlsproxy " 1297 "client that is making this request, 2) configure " 1298 "a custom tlsproxy service with settings that " 1299 "match that tlsproxy client, and 3) configure " 1300 "that tlsproxy client with a tlsproxy_service_name " 1301 "setting that resolves to that custom tlsproxy " 1302 "service"); 1303 1304 /* 1305 * TLS_APPL_STATE creation may fail when a post-jail request specifies 1306 * unexpected cert/key information, but that is OK because we already 1307 * logged a warning with configuration suggestions. 1308 */ 1309 if (appl_state == 0 1310 && (appl_state = tls_client_init(init_props)) != 0) { 1311 (void) htable_enter(tlsp_client_app_cache, init_key_for_hashing, 1312 (void *) appl_state); 1313 1314 /* 1315 * To maintain sanity, allow partial SSL_write() operations, and 1316 * allow SSL_write() buffer pointers to change after a WANT_READ or 1317 * WANT_WRITE result. This is based on OpenSSL developers talking on 1318 * a mailing list, but is not supported by documentation. If this 1319 * code stops working then no-one can be held responsible. 1320 */ 1321 SSL_CTX_set_mode(appl_state->ssl_ctx, 1322 SSL_MODE_ENABLE_PARTIAL_WRITE 1323 | SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER); 1324 } 1325 vstring_free(init_buf_for_hashing); 1326 vstring_free(init_buf); 1327 vstring_free(param_buf); 1328 return (appl_state); 1329 } 1330 1331 /* tlsp_close_event - pre-handshake plaintext-client close event */ 1332 1333 static void tlsp_close_event(int event, void *context) 1334 { 1335 TLSP_STATE *state = (TLSP_STATE *) context; 1336 1337 tlsp_accept_event(event, tlsp_close_event, (void *) state); 1338 tlsp_state_free(state); 1339 } 1340 1341 /* tlsp_get_request_event - receive initial hand-off info */ 1342 1343 static void tlsp_get_request_event(int event, void *context) 1344 { 1345 const char *myname = "tlsp_get_request_event"; 1346 TLSP_STATE *state = (TLSP_STATE *) context; 1347 VSTREAM *plaintext_stream = state->plaintext_stream; 1348 int plaintext_fd = vstream_fileno(plaintext_stream); 1349 static VSTRING *remote_endpt; 1350 static VSTRING *server_id; 1351 int req_flags; 1352 int handshake_timeout; 1353 int session_timeout; 1354 int ready = 0; 1355 1356 /* 1357 * At this point we still manually manage plaintext read/write/timeout 1358 * events. Every code path must either destroy state or request the next 1359 * event, otherwise this pseudo-thread is idle until the client goes 1360 * away. 1361 */ 1362 tlsp_accept_event(event, tlsp_get_request_event, (void *) state); 1363 1364 /* 1365 * One-time initialization. 1366 */ 1367 if (remote_endpt == 0) { 1368 remote_endpt = vstring_alloc(10); 1369 server_id = vstring_alloc(10); 1370 } 1371 1372 /* 1373 * Receive the initial request attributes. Receive the remainder after we 1374 * figure out what role we are expected to play. 1375 */ 1376 if (event != EVENT_READ 1377 || attr_scan(plaintext_stream, ATTR_FLAG_STRICT, 1378 RECV_ATTR_STR(TLS_ATTR_REMOTE_ENDPT, remote_endpt), 1379 RECV_ATTR_INT(TLS_ATTR_FLAGS, &req_flags), 1380 RECV_ATTR_INT(TLS_ATTR_TIMEOUT, &handshake_timeout), 1381 RECV_ATTR_INT(TLS_ATTR_TIMEOUT, &session_timeout), 1382 RECV_ATTR_STR(TLS_ATTR_SERVERID, server_id), 1383 ATTR_TYPE_END) != 5) { 1384 msg_warn("%s: receive request attributes: %m", myname); 1385 tlsp_state_free(state); 1386 return; 1387 } 1388 1389 /* 1390 * XXX We use the same fixed timeout throughout the entire session for 1391 * both plaintext and ciphertext communication. This timeout is just a 1392 * safety feature; the real timeout will be enforced by our plaintext 1393 * peer (except during TLS the handshake, when we intentionally disable 1394 * plaintext I/O). 1395 */ 1396 state->remote_endpt = mystrdup(STR(remote_endpt)); 1397 state->server_id = mystrdup(STR(server_id)); 1398 msg_info("CONNECT %s %s", 1399 (req_flags & TLS_PROXY_FLAG_ROLE_SERVER) ? "from" : 1400 (req_flags & TLS_PROXY_FLAG_ROLE_CLIENT) ? "to" : 1401 "(bogus_direction)", state->remote_endpt); 1402 state->req_flags = req_flags; 1403 /* state->is_server_role is set below. */ 1404 state->handshake_timeout = handshake_timeout; 1405 state->session_timeout = session_timeout + 10; /* XXX */ 1406 1407 /* 1408 * Receive the TLS preferences now, to reduce the number of protocol 1409 * roundtrips. 1410 */ 1411 switch (req_flags & (TLS_PROXY_FLAG_ROLE_CLIENT | TLS_PROXY_FLAG_ROLE_SERVER)) { 1412 case TLS_PROXY_FLAG_ROLE_CLIENT: 1413 state->is_server_role = 0; 1414 if (attr_scan(plaintext_stream, ATTR_FLAG_STRICT, 1415 RECV_ATTR_FUNC(tls_proxy_client_param_scan, 1416 (void *) &state->tls_params), 1417 RECV_ATTR_FUNC(tls_proxy_client_init_scan, 1418 (void *) &state->client_init_props), 1419 RECV_ATTR_FUNC(tls_proxy_client_start_scan, 1420 (void *) &state->client_start_props), 1421 ATTR_TYPE_END) != 3) { 1422 msg_warn("%s: receive client TLS settings: %m", myname); 1423 tlsp_state_free(state); 1424 return; 1425 } 1426 state->appl_state = tlsp_client_init(state->tls_params, 1427 state->client_init_props, 1428 TLS_DANE_BASED(state->client_start_props->tls_level)); 1429 ready = state->appl_state != 0; 1430 break; 1431 case TLS_PROXY_FLAG_ROLE_SERVER: 1432 state->is_server_role = 1; 1433 ready = (tlsp_server_ctx != 0); 1434 break; 1435 default: 1436 state->is_server_role = 0; 1437 msg_warn("%s: bad request flags: 0x%x", myname, req_flags); 1438 ready = 0; 1439 } 1440 1441 /* 1442 * For portability we must send some data, after receiving the request 1443 * attributes and before receiving the remote file descriptor. 1444 * 1445 * If the requested TLS engine is unavailable, hang up after making sure 1446 * that the plaintext peer has received our "sorry" indication. 1447 */ 1448 if (attr_print(plaintext_stream, ATTR_FLAG_NONE, 1449 SEND_ATTR_INT(MAIL_ATTR_STATUS, ready), 1450 ATTR_TYPE_END) != 0 1451 || vstream_fflush(plaintext_stream) != 0 1452 || ready == 0) { 1453 tlsp_request_read_event(plaintext_fd, tlsp_close_event, 1454 TLSP_INIT_TIMEOUT, (void *) state); 1455 return; 1456 } else { 1457 tlsp_request_read_event(plaintext_fd, tlsp_get_fd_event, 1458 TLSP_INIT_TIMEOUT, (void *) state); 1459 return; 1460 } 1461 } 1462 1463 /* tlsp_service - handle new client connection */ 1464 1465 static void tlsp_service(VSTREAM *plaintext_stream, 1466 char *service, 1467 char **argv) 1468 { 1469 TLSP_STATE *state; 1470 int plaintext_fd = vstream_fileno(plaintext_stream); 1471 1472 /* 1473 * Sanity check. This service takes no command-line arguments. 1474 */ 1475 if (argv[0]) 1476 msg_fatal("unexpected command-line argument: %s", argv[0]); 1477 1478 /* 1479 * This program handles multiple connections, so it must not block. We 1480 * use event-driven code for all operations that introduce latency. 1481 * Except that attribute lists are sent/received synchronously, once the 1482 * socket is found to be ready for transmission. 1483 */ 1484 non_blocking(plaintext_fd, NON_BLOCKING); 1485 vstream_control(plaintext_stream, 1486 CA_VSTREAM_CTL_PATH("plaintext"), 1487 CA_VSTREAM_CTL_TIMEOUT(5), 1488 CA_VSTREAM_CTL_END); 1489 1490 /* 1491 * Receive postscreen's remote SMTP client address/port and socket. 1492 */ 1493 state = tlsp_state_create(service, plaintext_stream); 1494 tlsp_request_read_event(plaintext_fd, tlsp_get_request_event, 1495 TLSP_INIT_TIMEOUT, (void *) state); 1496 } 1497 1498 /* pre_jail_init - pre-jail initialization */ 1499 1500 static void pre_jail_init(char *unused_name, char **unused_argv) 1501 { 1502 TLS_SERVER_INIT_PROPS props; 1503 const char *cert_file; 1504 int have_server_cert; 1505 int no_server_cert_ok; 1506 int require_server_cert; 1507 int clnt_use_tls; 1508 1509 /* 1510 * The code in this routine is pasted literally from smtpd(8). I am not 1511 * going to sanitize this because doing so surely will break things in 1512 * unexpected ways. 1513 */ 1514 if (*var_tlsp_tls_level) { 1515 switch (tls_level_lookup(var_tlsp_tls_level)) { 1516 default: 1517 msg_fatal("Invalid TLS level \"%s\"", var_tlsp_tls_level); 1518 /* NOTREACHED */ 1519 break; 1520 case TLS_LEV_SECURE: 1521 case TLS_LEV_VERIFY: 1522 case TLS_LEV_FPRINT: 1523 msg_warn("%s: unsupported TLS level \"%s\", using \"encrypt\"", 1524 VAR_TLSP_TLS_LEVEL, var_tlsp_tls_level); 1525 /* FALLTHROUGH */ 1526 case TLS_LEV_ENCRYPT: 1527 var_tlsp_enforce_tls = var_tlsp_use_tls = 1; 1528 break; 1529 case TLS_LEV_MAY: 1530 var_tlsp_enforce_tls = 0; 1531 var_tlsp_use_tls = 1; 1532 break; 1533 case TLS_LEV_NONE: 1534 var_tlsp_enforce_tls = var_tlsp_use_tls = 0; 1535 break; 1536 } 1537 } 1538 var_tlsp_use_tls = var_tlsp_use_tls || var_tlsp_enforce_tls; 1539 if (!var_tlsp_use_tls) { 1540 msg_warn("TLS service is requested, but disabled with %s or %s", 1541 VAR_TLSP_TLS_LEVEL, VAR_TLSP_USE_TLS); 1542 return; 1543 } 1544 1545 /* 1546 * Load TLS keys before dropping privileges. 1547 * 1548 * Can't use anonymous ciphers if we want client certificates. Must use 1549 * anonymous ciphers if we have no certificates. 1550 */ 1551 ask_client_cert = require_server_cert = 1552 (var_tlsp_tls_ask_ccert 1553 || (var_tlsp_enforce_tls && var_tlsp_tls_req_ccert)); 1554 if (strcasecmp(var_tlsp_tls_cert_file, "none") == 0) { 1555 no_server_cert_ok = 1; 1556 cert_file = ""; 1557 } else { 1558 no_server_cert_ok = 0; 1559 cert_file = var_tlsp_tls_cert_file; 1560 } 1561 have_server_cert = 1562 (*cert_file || *var_tlsp_tls_dcert_file || *var_tlsp_tls_eccert_file); 1563 1564 if (*var_tlsp_tls_chain_files != 0) { 1565 if (!have_server_cert) 1566 have_server_cert = 1; 1567 else 1568 msg_warn("Both %s and one or more of the legacy " 1569 " %s, %s or %s are non-empty; the legacy " 1570 " parameters will be ignored", 1571 VAR_TLSP_TLS_CHAIN_FILES, 1572 VAR_TLSP_TLS_CERT_FILE, 1573 VAR_TLSP_TLS_ECCERT_FILE, 1574 VAR_TLSP_TLS_DCERT_FILE); 1575 } 1576 /* Some TLS configuration errors are not show stoppers. */ 1577 if (!have_server_cert && require_server_cert) 1578 msg_warn("Need a server cert to request client certs"); 1579 if (!var_tlsp_enforce_tls && var_tlsp_tls_req_ccert) 1580 msg_warn("Can't require client certs unless TLS is required"); 1581 /* After a show-stopper error, log a warning. */ 1582 if (have_server_cert || (no_server_cert_ok && !require_server_cert)) { 1583 1584 tls_pre_jail_init(TLS_ROLE_SERVER); 1585 1586 /* 1587 * Large parameter lists are error-prone, so we emulate a language 1588 * feature that C does not have natively: named parameter lists. 1589 */ 1590 tlsp_server_ctx = 1591 TLS_SERVER_INIT(&props, 1592 log_param = VAR_TLSP_TLS_LOGLEVEL, 1593 log_level = var_tlsp_tls_loglevel, 1594 verifydepth = var_tlsp_tls_ccert_vd, 1595 cache_type = TLS_MGR_SCACHE_SMTPD, 1596 set_sessid = var_tlsp_tls_set_sessid, 1597 chain_files = var_tlsp_tls_chain_files, 1598 cert_file = cert_file, 1599 key_file = var_tlsp_tls_key_file, 1600 dcert_file = var_tlsp_tls_dcert_file, 1601 dkey_file = var_tlsp_tls_dkey_file, 1602 eccert_file = var_tlsp_tls_eccert_file, 1603 eckey_file = var_tlsp_tls_eckey_file, 1604 CAfile = var_tlsp_tls_CAfile, 1605 CApath = var_tlsp_tls_CApath, 1606 dh1024_param_file 1607 = var_tlsp_tls_dh1024_param_file, 1608 dh512_param_file 1609 = var_tlsp_tls_dh512_param_file, 1610 eecdh_grade = var_tlsp_tls_eecdh, 1611 protocols = var_tlsp_enforce_tls ? 1612 var_tlsp_tls_mand_proto : 1613 var_tlsp_tls_proto, 1614 ask_ccert = ask_client_cert, 1615 mdalg = var_tlsp_tls_fpt_dgst); 1616 } else { 1617 msg_warn("No server certs available. TLS can't be enabled"); 1618 } 1619 1620 /* 1621 * To maintain sanity, allow partial SSL_write() operations, and allow 1622 * SSL_write() buffer pointers to change after a WANT_READ or WANT_WRITE 1623 * result. This is based on OpenSSL developers talking on a mailing list, 1624 * but is not supported by documentation. If this code stops working then 1625 * no-one can be held responsible. 1626 */ 1627 if (tlsp_server_ctx) 1628 SSL_CTX_set_mode(tlsp_server_ctx->ssl_ctx, 1629 SSL_MODE_ENABLE_PARTIAL_WRITE 1630 | SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER); 1631 1632 /* 1633 * The cache with TLS_APPL_STATE instances for different TLS_CLIENT_INIT 1634 * configurations. 1635 */ 1636 tlsp_client_app_cache = htable_create(10); 1637 1638 /* 1639 * Most sites don't use TLS client certs/keys. In that case, enabling 1640 * tlsproxy-based connection caching is trivial. 1641 * 1642 * But some sites do use TLS client certs/keys, and that is challenging when 1643 * tlsproxy runs in a post-jail environment: chroot breaks pathname 1644 * resolution, and an unprivileged process should not be able to open 1645 * files with secrets. The workaround: assume that most of those sites 1646 * will use a fixed TLS client identity. In that case, tlsproxy can load 1647 * the corresponding certs/keys at pre-jail time, so that secrets can 1648 * remain read-only for root. As long as the tlsproxy pre-jail TLS client 1649 * configuration with cert or key pathnames is the same as the one used 1650 * in the Postfix SMTP client, sites can selectively or globally enable 1651 * tlsproxy-based connection caching without additional TLS 1652 * configuration. 1653 * 1654 * Loading one TLS client configuration at pre-jail time is not sufficient 1655 * for the minority of sites that want to use TLS connection caching with 1656 * multiple TLS client identities. To alert the operator, tlsproxy will 1657 * log a warning when a TLS_CLIENT_INIT message specifies a different 1658 * configuration than the tlsproxy pre-jail client configuration, and 1659 * that different configuration specifies file/directory pathname 1660 * arguments. The workaround is to have one tlsproxy process per TLS 1661 * client identity. 1662 * 1663 * The general solution for single-identity or multi-identity clients is to 1664 * stop loading certs and keys from individual files. Instead, have a 1665 * cert/key map, indexed by client identity, read-only by root. After 1666 * opening the map as root at pre-jail time, tlsproxy can read certs/keys 1667 * on-the-fly as an unprivileged process at post-jail time. This is the 1668 * approach that was already proposed for server-side SNI support, and it 1669 * could be reused here. It would also end the proliferation of RSA 1670 * cert/key parameters, DSA cert/key parameters, EC cert/key parameters, 1671 * and so on. 1672 * 1673 * Horror: In order to create the same pre-jail TLS client context as the 1674 * one used in the Postfix SMTP client, we have to duplicate intricate 1675 * SMTP client code, including a handful configuration parameters that 1676 * tlsproxy does not need. We must duplicate the logic, so that we only 1677 * load certs and keys when the SMTP client would load them. 1678 */ 1679 if (*var_tlsp_clnt_level != 0) 1680 switch (tls_level_lookup(var_tlsp_clnt_level)) { 1681 case TLS_LEV_SECURE: 1682 case TLS_LEV_VERIFY: 1683 case TLS_LEV_DANE_ONLY: 1684 case TLS_LEV_FPRINT: 1685 case TLS_LEV_ENCRYPT: 1686 var_tlsp_clnt_use_tls = var_tlsp_clnt_enforce_tls = 1; 1687 break; 1688 case TLS_LEV_DANE: 1689 case TLS_LEV_MAY: 1690 var_tlsp_clnt_use_tls = 1; 1691 var_tlsp_clnt_enforce_tls = 0; 1692 break; 1693 case TLS_LEV_NONE: 1694 var_tlsp_clnt_use_tls = var_tlsp_clnt_enforce_tls = 0; 1695 break; 1696 default: 1697 /* tls_level_lookup() logs no warning. */ 1698 /* session_tls_init() assumes that var_tlsp_clnt_level is sane. */ 1699 msg_fatal("Invalid TLS level \"%s\"", var_tlsp_clnt_level); 1700 } 1701 clnt_use_tls = (var_tlsp_clnt_use_tls || var_tlsp_clnt_enforce_tls); 1702 1703 /* 1704 * Initialize the TLS data before entering the chroot jail. 1705 */ 1706 if (clnt_use_tls || var_tlsp_clnt_per_site[0] || var_tlsp_clnt_policy[0]) { 1707 TLS_CLIENT_PARAMS tls_params; 1708 TLS_CLIENT_INIT_PROPS init_props; 1709 int dane_based_mode; 1710 1711 tls_pre_jail_init(TLS_ROLE_CLIENT); 1712 1713 /* 1714 * We get stronger type safety and a cleaner interface by combining 1715 * the various parameters into a single tls_client_props structure. 1716 * 1717 * Large parameter lists are error-prone, so we emulate a language 1718 * feature that C does not have natively: named parameter lists. 1719 */ 1720 (void) tls_proxy_client_param_from_config(&tls_params); 1721 (void) TLS_CLIENT_INIT_ARGS(&init_props, 1722 log_param = var_tlsp_clnt_logparam, 1723 log_level = var_tlsp_clnt_loglevel, 1724 verifydepth = var_tlsp_clnt_scert_vd, 1725 cache_type = TLS_MGR_SCACHE_SMTP, 1726 chain_files = var_tlsp_clnt_chain_files, 1727 cert_file = var_tlsp_clnt_cert_file, 1728 key_file = var_tlsp_clnt_key_file, 1729 dcert_file = var_tlsp_clnt_dcert_file, 1730 dkey_file = var_tlsp_clnt_dkey_file, 1731 eccert_file = var_tlsp_clnt_eccert_file, 1732 eckey_file = var_tlsp_clnt_eckey_file, 1733 CAfile = var_tlsp_clnt_CAfile, 1734 CApath = var_tlsp_clnt_CApath, 1735 mdalg = var_tlsp_clnt_fpt_dgst); 1736 for (dane_based_mode = 0; dane_based_mode < 2; dane_based_mode++) { 1737 if (tlsp_client_init(&tls_params, &init_props, 1738 dane_based_mode) == 0) 1739 msg_warn("TLS client initialization failed"); 1740 } 1741 } 1742 1743 /* 1744 * tlsp_client_init() needs to know if it is called pre-jail or 1745 * post-jail. 1746 */ 1747 tlsp_pre_jail_done = 1; 1748 1749 /* 1750 * Bug: TLS_CLIENT_PARAMS attributes are not used when creating a 1751 * TLS_APPL_STATE instance; we can only warn about attribute mismatches. 1752 */ 1753 tlsp_params_mismatch_filter = been_here_init(BH_BOUND_NONE, BH_FLAG_NONE); 1754 } 1755 1756 MAIL_VERSION_STAMP_DECLARE; 1757 1758 /* main - the main program */ 1759 1760 int main(int argc, char **argv) 1761 { 1762 1763 /* 1764 * Each table below initializes the named variables to their implicit 1765 * default value, or to the explicit value in main.cf or master.cf. Here, 1766 * "compat" means that a table initializes a variable "smtpd_blah" or 1767 * "smtp_blah" that provides the implicit default value for variable 1768 * "tlsproxy_blah" which is initialized by a different table. To make 1769 * this work, the variables in a "compat" table must be initialized 1770 * before the variables in the corresponding non-compat table. 1771 */ 1772 static const CONFIG_INT_TABLE compat_int_table[] = { 1773 VAR_SMTPD_TLS_CCERT_VD, DEF_SMTPD_TLS_CCERT_VD, &var_smtpd_tls_ccert_vd, 0, 0, 1774 VAR_SMTP_TLS_SCERT_VD, DEF_SMTP_TLS_SCERT_VD, &var_smtp_tls_scert_vd, 0, 0, 1775 0, 1776 }; 1777 static const CONFIG_NINT_TABLE nint_table[] = { 1778 VAR_TLSP_TLS_CCERT_VD, DEF_TLSP_TLS_CCERT_VD, &var_tlsp_tls_ccert_vd, 0, 0, 1779 VAR_TLSP_CLNT_SCERT_VD, DEF_TLSP_CLNT_SCERT_VD, &var_tlsp_clnt_scert_vd, 0, 0, 1780 0, 1781 }; 1782 static const CONFIG_TIME_TABLE time_table[] = { 1783 VAR_TLSP_WATCHDOG, DEF_TLSP_WATCHDOG, &var_tlsp_watchdog, 10, 0, 1784 0, 1785 }; 1786 static const CONFIG_BOOL_TABLE compat_bool_table[] = { 1787 VAR_SMTPD_USE_TLS, DEF_SMTPD_USE_TLS, &var_smtpd_use_tls, 1788 VAR_SMTPD_ENFORCE_TLS, DEF_SMTPD_ENFORCE_TLS, &var_smtpd_enforce_tls, 1789 VAR_SMTPD_TLS_ACERT, DEF_SMTPD_TLS_ACERT, &var_smtpd_tls_ask_ccert, 1790 VAR_SMTPD_TLS_RCERT, DEF_SMTPD_TLS_RCERT, &var_smtpd_tls_req_ccert, 1791 VAR_SMTPD_TLS_SET_SESSID, DEF_SMTPD_TLS_SET_SESSID, &var_smtpd_tls_set_sessid, 1792 VAR_SMTP_USE_TLS, DEF_SMTP_USE_TLS, &var_smtp_use_tls, 1793 VAR_SMTP_ENFORCE_TLS, DEF_SMTP_ENFORCE_TLS, &var_smtp_enforce_tls, 1794 0, 1795 }; 1796 static const CONFIG_NBOOL_TABLE nbool_table[] = { 1797 VAR_TLSP_USE_TLS, DEF_TLSP_USE_TLS, &var_tlsp_use_tls, 1798 VAR_TLSP_ENFORCE_TLS, DEF_TLSP_ENFORCE_TLS, &var_tlsp_enforce_tls, 1799 VAR_TLSP_TLS_ACERT, DEF_TLSP_TLS_ACERT, &var_tlsp_tls_ask_ccert, 1800 VAR_TLSP_TLS_RCERT, DEF_TLSP_TLS_RCERT, &var_tlsp_tls_req_ccert, 1801 VAR_TLSP_TLS_SET_SESSID, DEF_TLSP_TLS_SET_SESSID, &var_tlsp_tls_set_sessid, 1802 VAR_TLSP_CLNT_USE_TLS, DEF_TLSP_CLNT_USE_TLS, &var_tlsp_clnt_use_tls, 1803 VAR_TLSP_CLNT_ENFORCE_TLS, DEF_TLSP_CLNT_ENFORCE_TLS, &var_tlsp_clnt_enforce_tls, 1804 0, 1805 }; 1806 static const CONFIG_STR_TABLE compat_str_table[] = { 1807 VAR_SMTPD_TLS_CHAIN_FILES, DEF_SMTPD_TLS_CHAIN_FILES, &var_smtpd_tls_chain_files, 0, 0, 1808 VAR_SMTPD_TLS_CERT_FILE, DEF_SMTPD_TLS_CERT_FILE, &var_smtpd_tls_cert_file, 0, 0, 1809 VAR_SMTPD_TLS_KEY_FILE, DEF_SMTPD_TLS_KEY_FILE, &var_smtpd_tls_key_file, 0, 0, 1810 VAR_SMTPD_TLS_DCERT_FILE, DEF_SMTPD_TLS_DCERT_FILE, &var_smtpd_tls_dcert_file, 0, 0, 1811 VAR_SMTPD_TLS_DKEY_FILE, DEF_SMTPD_TLS_DKEY_FILE, &var_smtpd_tls_dkey_file, 0, 0, 1812 VAR_SMTPD_TLS_ECCERT_FILE, DEF_SMTPD_TLS_ECCERT_FILE, &var_smtpd_tls_eccert_file, 0, 0, 1813 VAR_SMTPD_TLS_ECKEY_FILE, DEF_SMTPD_TLS_ECKEY_FILE, &var_smtpd_tls_eckey_file, 0, 0, 1814 VAR_SMTPD_TLS_CA_FILE, DEF_SMTPD_TLS_CA_FILE, &var_smtpd_tls_CAfile, 0, 0, 1815 VAR_SMTPD_TLS_CA_PATH, DEF_SMTPD_TLS_CA_PATH, &var_smtpd_tls_CApath, 0, 0, 1816 VAR_SMTPD_TLS_CIPH, DEF_SMTPD_TLS_CIPH, &var_smtpd_tls_ciph, 1, 0, 1817 VAR_SMTPD_TLS_MAND_CIPH, DEF_SMTPD_TLS_MAND_CIPH, &var_smtpd_tls_mand_ciph, 1, 0, 1818 VAR_SMTPD_TLS_EXCL_CIPH, DEF_SMTPD_TLS_EXCL_CIPH, &var_smtpd_tls_excl_ciph, 0, 0, 1819 VAR_SMTPD_TLS_MAND_EXCL, DEF_SMTPD_TLS_MAND_EXCL, &var_smtpd_tls_mand_excl, 0, 0, 1820 VAR_SMTPD_TLS_PROTO, DEF_SMTPD_TLS_PROTO, &var_smtpd_tls_proto, 0, 0, 1821 VAR_SMTPD_TLS_MAND_PROTO, DEF_SMTPD_TLS_MAND_PROTO, &var_smtpd_tls_mand_proto, 0, 0, 1822 VAR_SMTPD_TLS_512_FILE, DEF_SMTPD_TLS_512_FILE, &var_smtpd_tls_dh512_param_file, 0, 0, 1823 VAR_SMTPD_TLS_1024_FILE, DEF_SMTPD_TLS_1024_FILE, &var_smtpd_tls_dh1024_param_file, 0, 0, 1824 VAR_SMTPD_TLS_EECDH, DEF_SMTPD_TLS_EECDH, &var_smtpd_tls_eecdh, 1, 0, 1825 VAR_SMTPD_TLS_FPT_DGST, DEF_SMTPD_TLS_FPT_DGST, &var_smtpd_tls_fpt_dgst, 1, 0, 1826 VAR_SMTPD_TLS_LOGLEVEL, DEF_SMTPD_TLS_LOGLEVEL, &var_smtpd_tls_loglevel, 0, 0, 1827 VAR_SMTPD_TLS_LEVEL, DEF_SMTPD_TLS_LEVEL, &var_smtpd_tls_level, 0, 0, 1828 VAR_SMTP_TLS_CHAIN_FILES, DEF_SMTP_TLS_CHAIN_FILES, &var_smtp_tls_chain_files, 0, 0, 1829 VAR_SMTP_TLS_CERT_FILE, DEF_SMTP_TLS_CERT_FILE, &var_smtp_tls_cert_file, 0, 0, 1830 VAR_SMTP_TLS_KEY_FILE, DEF_SMTP_TLS_KEY_FILE, &var_smtp_tls_key_file, 0, 0, 1831 VAR_SMTP_TLS_DCERT_FILE, DEF_SMTP_TLS_DCERT_FILE, &var_smtp_tls_dcert_file, 0, 0, 1832 VAR_SMTP_TLS_DKEY_FILE, DEF_SMTP_TLS_DKEY_FILE, &var_smtp_tls_dkey_file, 0, 0, 1833 VAR_SMTP_TLS_CA_FILE, DEF_SMTP_TLS_CA_FILE, &var_smtp_tls_CAfile, 0, 0, 1834 VAR_SMTP_TLS_CA_PATH, DEF_SMTP_TLS_CA_PATH, &var_smtp_tls_CApath, 0, 0, 1835 VAR_SMTP_TLS_FPT_DGST, DEF_SMTP_TLS_FPT_DGST, &var_smtp_tls_fpt_dgst, 1, 0, 1836 VAR_SMTP_TLS_ECCERT_FILE, DEF_SMTP_TLS_ECCERT_FILE, &var_smtp_tls_eccert_file, 0, 0, 1837 VAR_SMTP_TLS_ECKEY_FILE, DEF_SMTP_TLS_ECKEY_FILE, &var_smtp_tls_eckey_file, 0, 0, 1838 VAR_SMTP_TLS_LOGLEVEL, DEF_SMTP_TLS_LOGLEVEL, &var_smtp_tls_loglevel, 0, 0, 1839 VAR_SMTP_TLS_PER_SITE, DEF_SMTP_TLS_PER_SITE, &var_smtp_tls_per_site, 0, 0, 1840 VAR_SMTP_TLS_LEVEL, DEF_SMTP_TLS_LEVEL, &var_smtp_tls_level, 0, 0, 1841 VAR_SMTP_TLS_POLICY, DEF_SMTP_TLS_POLICY, &var_smtp_tls_policy, 0, 0, 1842 0, 1843 }; 1844 static const CONFIG_STR_TABLE str_table[] = { 1845 VAR_TLSP_TLS_CHAIN_FILES, DEF_TLSP_TLS_CHAIN_FILES, &var_tlsp_tls_chain_files, 0, 0, 1846 VAR_TLSP_TLS_CERT_FILE, DEF_TLSP_TLS_CERT_FILE, &var_tlsp_tls_cert_file, 0, 0, 1847 VAR_TLSP_TLS_KEY_FILE, DEF_TLSP_TLS_KEY_FILE, &var_tlsp_tls_key_file, 0, 0, 1848 VAR_TLSP_TLS_DCERT_FILE, DEF_TLSP_TLS_DCERT_FILE, &var_tlsp_tls_dcert_file, 0, 0, 1849 VAR_TLSP_TLS_DKEY_FILE, DEF_TLSP_TLS_DKEY_FILE, &var_tlsp_tls_dkey_file, 0, 0, 1850 VAR_TLSP_TLS_ECCERT_FILE, DEF_TLSP_TLS_ECCERT_FILE, &var_tlsp_tls_eccert_file, 0, 0, 1851 VAR_TLSP_TLS_ECKEY_FILE, DEF_TLSP_TLS_ECKEY_FILE, &var_tlsp_tls_eckey_file, 0, 0, 1852 VAR_TLSP_TLS_CA_FILE, DEF_TLSP_TLS_CA_FILE, &var_tlsp_tls_CAfile, 0, 0, 1853 VAR_TLSP_TLS_CA_PATH, DEF_TLSP_TLS_CA_PATH, &var_tlsp_tls_CApath, 0, 0, 1854 VAR_TLSP_TLS_CIPH, DEF_TLSP_TLS_CIPH, &var_tlsp_tls_ciph, 1, 0, 1855 VAR_TLSP_TLS_MAND_CIPH, DEF_TLSP_TLS_MAND_CIPH, &var_tlsp_tls_mand_ciph, 1, 0, 1856 VAR_TLSP_TLS_EXCL_CIPH, DEF_TLSP_TLS_EXCL_CIPH, &var_tlsp_tls_excl_ciph, 0, 0, 1857 VAR_TLSP_TLS_MAND_EXCL, DEF_TLSP_TLS_MAND_EXCL, &var_tlsp_tls_mand_excl, 0, 0, 1858 VAR_TLSP_TLS_PROTO, DEF_TLSP_TLS_PROTO, &var_tlsp_tls_proto, 0, 0, 1859 VAR_TLSP_TLS_MAND_PROTO, DEF_TLSP_TLS_MAND_PROTO, &var_tlsp_tls_mand_proto, 0, 0, 1860 VAR_TLSP_TLS_512_FILE, DEF_TLSP_TLS_512_FILE, &var_tlsp_tls_dh512_param_file, 0, 0, 1861 VAR_TLSP_TLS_1024_FILE, DEF_TLSP_TLS_1024_FILE, &var_tlsp_tls_dh1024_param_file, 0, 0, 1862 VAR_TLSP_TLS_EECDH, DEF_TLSP_TLS_EECDH, &var_tlsp_tls_eecdh, 1, 0, 1863 VAR_TLSP_TLS_FPT_DGST, DEF_TLSP_TLS_FPT_DGST, &var_tlsp_tls_fpt_dgst, 1, 0, 1864 VAR_TLSP_TLS_LOGLEVEL, DEF_TLSP_TLS_LOGLEVEL, &var_tlsp_tls_loglevel, 0, 0, 1865 VAR_TLSP_TLS_LEVEL, DEF_TLSP_TLS_LEVEL, &var_tlsp_tls_level, 0, 0, 1866 VAR_TLSP_CLNT_LOGLEVEL, DEF_TLSP_CLNT_LOGLEVEL, &var_tlsp_clnt_loglevel, 0, 0, 1867 VAR_TLSP_CLNT_LOGPARAM, DEF_TLSP_CLNT_LOGPARAM, &var_tlsp_clnt_logparam, 0, 0, 1868 VAR_TLSP_CLNT_CHAIN_FILES, DEF_TLSP_CLNT_CHAIN_FILES, &var_tlsp_clnt_chain_files, 0, 0, 1869 VAR_TLSP_CLNT_CERT_FILE, DEF_TLSP_CLNT_CERT_FILE, &var_tlsp_clnt_cert_file, 0, 0, 1870 VAR_TLSP_CLNT_KEY_FILE, DEF_TLSP_CLNT_KEY_FILE, &var_tlsp_clnt_key_file, 0, 0, 1871 VAR_TLSP_CLNT_DCERT_FILE, DEF_TLSP_CLNT_DCERT_FILE, &var_tlsp_clnt_dcert_file, 0, 0, 1872 VAR_TLSP_CLNT_DKEY_FILE, DEF_TLSP_CLNT_DKEY_FILE, &var_tlsp_clnt_dkey_file, 0, 0, 1873 VAR_TLSP_CLNT_ECCERT_FILE, DEF_TLSP_CLNT_ECCERT_FILE, &var_tlsp_clnt_eccert_file, 0, 0, 1874 VAR_TLSP_CLNT_ECKEY_FILE, DEF_TLSP_CLNT_ECKEY_FILE, &var_tlsp_clnt_eckey_file, 0, 0, 1875 VAR_TLSP_CLNT_CAFILE, DEF_TLSP_CLNT_CAFILE, &var_tlsp_clnt_CAfile, 0, 0, 1876 VAR_TLSP_CLNT_CAPATH, DEF_TLSP_CLNT_CAPATH, &var_tlsp_clnt_CApath, 0, 0, 1877 VAR_TLSP_CLNT_FPT_DGST, DEF_TLSP_CLNT_FPT_DGST, &var_tlsp_clnt_fpt_dgst, 1, 0, 1878 VAR_TLSP_CLNT_LEVEL, DEF_TLSP_CLNT_LEVEL, &var_tlsp_clnt_level, 0, 0, 1879 VAR_TLSP_CLNT_PER_SITE, DEF_TLSP_CLNT_PER_SITE, &var_tlsp_clnt_per_site, 0, 0, 1880 VAR_TLSP_CLNT_POLICY, DEF_TLSP_CLNT_POLICY, &var_tlsp_clnt_policy, 0, 0, 1881 0, 1882 }; 1883 1884 /* 1885 * Fingerprint executables and core dumps. 1886 */ 1887 MAIL_VERSION_STAMP_ALLOCATE; 1888 1889 /* 1890 * Pass control to the event-driven service skeleton. 1891 */ 1892 event_server_main(argc, argv, tlsp_service, 1893 CA_MAIL_SERVER_INT_TABLE(compat_int_table), 1894 CA_MAIL_SERVER_NINT_TABLE(nint_table), 1895 CA_MAIL_SERVER_STR_TABLE(compat_str_table), 1896 CA_MAIL_SERVER_STR_TABLE(str_table), 1897 CA_MAIL_SERVER_BOOL_TABLE(compat_bool_table), 1898 CA_MAIL_SERVER_NBOOL_TABLE(nbool_table), 1899 CA_MAIL_SERVER_TIME_TABLE(time_table), 1900 CA_MAIL_SERVER_PRE_INIT(pre_jail_init), 1901 CA_MAIL_SERVER_SLOW_EXIT(tlsp_drain), 1902 CA_MAIL_SERVER_RETIRE_ME, 1903 CA_MAIL_SERVER_WATCHDOG(&var_tlsp_watchdog), 1904 CA_MAIL_SERVER_UNLIMITED, 1905 0); 1906 } 1907 1908 #else 1909 1910 /* tlsp_service - respond to external trigger(s), non-TLS version */ 1911 1912 static void tlsp_service(VSTREAM *stream, char *unused_service, 1913 char **unused_argv) 1914 { 1915 msg_info("TLS support is not compiled in -- exiting"); 1916 event_server_disconnect(stream); 1917 } 1918 1919 /* main - the main program */ 1920 1921 int main(int argc, char **argv) 1922 { 1923 1924 /* 1925 * We can't simply use msg_fatal() here, because the logging hasn't been 1926 * initialized. The text would disappear because stderr is redirected to 1927 * /dev/null. 1928 * 1929 * We invoke event_server_main() to complete program initialization 1930 * (including logging) and then invoke the tlsp_service() routine to log 1931 * the message that says why this program will not run. 1932 */ 1933 event_server_main(argc, argv, tlsp_service, 1934 0); 1935 } 1936 1937 #endif 1938