xref: /openbsd-src/usr.sbin/smtpd/smtpc.c (revision 8e996a8e97c7e612ed9d362e431f1b8d4939e244)
1 /*	$OpenBSD: smtpc.c,v 1.21 2024/05/13 06:48:26 jsg Exp $	*/
2 
3 /*
4  * Copyright (c) 2018 Eric Faurot <eric@openbsd.org>
5  *
6  * Permission to use, copy, modify, and distribute this software for any
7  * purpose with or without fee is hereby granted, provided that the above
8  * copyright notice and this permission notice appear in all copies.
9  *
10  * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
11  * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
12  * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
13  * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
14  * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
15  * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
16  * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
17  */
18 
19 #include <sys/socket.h>
20 
21 #include <event.h>
22 #include <netdb.h>
23 #include <pwd.h>
24 #include <stdio.h>
25 #include <stdlib.h>
26 #include <string.h>
27 #include <syslog.h>
28 #include <tls.h>
29 #include <unistd.h>
30 
31 #include "smtp.h"
32 #include "log.h"
33 
34 static void parse_server(char *);
35 static void parse_message(FILE *);
36 static void resume(void);
37 
38 static int verbose = 1;
39 static int done = 0;
40 static int noaction = 0;
41 static struct addrinfo *res0, *ai;
42 static struct smtp_params params;
43 static struct smtp_mail mail;
44 static const char *servname = NULL;
45 static struct tls_config *tls_config;
46 
47 static int nosni = 0;
48 static const char *cafile = NULL;
49 static const char *protocols = NULL;
50 static const char *ciphers = NULL;
51 
52 static void
usage(void)53 usage(void)
54 {
55 	extern char *__progname;
56 
57 	fprintf(stderr, "usage: %s [-Chnv] [-a authfile] [-F from] [-H helo] "
58 	    "[-s server] [-T params] [recipient ...]\n", __progname);
59 	exit(1);
60 }
61 
62 static void
parse_tls_options(char * opt)63 parse_tls_options(char *opt)
64 {
65 	static char * const tokens[] = {
66 #define CAFILE 0
67 		"cafile",
68 #define CIPHERS 1
69 		"ciphers",
70 #define NOSNI 2
71 		"nosni",
72 #define NOVERIFY 3
73 		"noverify",
74 #define PROTOCOLS 4
75 		"protocols",
76 #define SERVERNAME 5
77 		"servername",
78 		NULL };
79 	char *value;
80 
81 	while (*opt) {
82 		switch (getsubopt(&opt, tokens, &value)) {
83 		case CAFILE:
84 			if (value == NULL)
85 				fatalx("missing value for cafile");
86 			cafile = value;
87 			break;
88 		case CIPHERS:
89 			if (value == NULL)
90 				fatalx("missing value for ciphers");
91 			ciphers = value;
92 			break;
93 		case NOSNI:
94 			if (value != NULL)
95 				fatalx("no value expected for nosni");
96 			nosni = 1;
97 			break;
98 		case NOVERIFY:
99 			if (value != NULL)
100 				fatalx("no value expected for noverify");
101 			params.tls_verify = 0;
102 			break;
103 		case PROTOCOLS:
104 			if (value == NULL)
105 				fatalx("missing value for protocols");
106 			protocols = value;
107 			break;
108 		case SERVERNAME:
109 			if (value == NULL)
110 				fatalx("missing value for servername");
111 			servname = value;
112 			break;
113 		case -1:
114 			if (suboptarg)
115 				fatalx("invalid TLS option \"%s\"", suboptarg);
116 			fatalx("missing TLS option");
117 		}
118 	}
119 }
120 
121 int
main(int argc,char ** argv)122 main(int argc, char **argv)
123 {
124 	char hostname[256];
125 	FILE *authfile;
126 	int ch, i;
127 	uint32_t protos;
128 	char *server = "localhost";
129 	char *authstr = NULL;
130 	size_t alloc = 0;
131 	ssize_t len;
132 	struct passwd *pw;
133 
134 	log_init(1, 0);
135 
136 	if (gethostname(hostname, sizeof(hostname)) == -1)
137 		fatal("gethostname");
138 
139 	if ((pw = getpwuid(getuid())) == NULL)
140 		fatal("getpwuid");
141 
142 	memset(&params, 0, sizeof(params));
143 
144 	params.linemax = 16392;
145 	params.ibufmax = 65536;
146 	params.obufmax = 65536;
147 	params.timeout = 100000;
148 	params.helo = hostname;
149 
150 	params.tls_verify = 1;
151 
152 	memset(&mail, 0, sizeof(mail));
153 	mail.from = pw->pw_name;
154 
155 	while ((ch = getopt(argc, argv, "CF:H:S:T:a:hns:v")) != -1) {
156 		switch (ch) {
157 		case 'C':
158 			params.tls_verify = 0;
159 			break;
160 		case 'F':
161 			mail.from = optarg;
162 			break;
163 		case 'H':
164 			params.helo = optarg;
165 			break;
166 		case 'S':
167 			servname = optarg;
168 			break;
169 		case 'T':
170 			parse_tls_options(optarg);
171 			break;
172 		case 'a':
173 			if ((authfile = fopen(optarg, "r")) == NULL)
174 				fatal("%s: open", optarg);
175 			if ((len = getline(&authstr, &alloc, authfile)) == -1)
176 				fatal("%s: Failed to read username", optarg);
177 			if (authstr[len - 1] == '\n')
178 				authstr[len - 1] = '\0';
179 			params.auth_user = authstr;
180 			authstr = NULL;
181 			len = 0;
182 			if ((len = getline(&authstr, &alloc, authfile)) == -1)
183 				fatal("%s: Failed to read password", optarg);
184 			if (authstr[len - 1] == '\n')
185 				authstr[len - 1] = '\0';
186 			params.auth_pass = authstr;
187 			fclose(authfile);
188 			break;
189 		case 'h':
190 			usage();
191 			break;
192 		case 'n':
193 			noaction = 1;
194 			break;
195 		case 's':
196 			server = optarg;
197 			break;
198 		case 'v':
199 			verbose++;
200 			break;
201 		default:
202 			usage();
203 		}
204 	}
205 
206 	log_setverbose(verbose);
207 
208 	argc -= optind;
209 	argv += optind;
210 
211 	if (argc) {
212 		mail.rcpt = calloc(argc, sizeof(*mail.rcpt));
213 		if (mail.rcpt == NULL)
214 			fatal("calloc");
215 		for (i = 0; i < argc; i++)
216 			mail.rcpt[i].to = argv[i];
217 		mail.rcptcount = argc;
218 	}
219 
220 	event_init();
221 
222 	tls_config = tls_config_new();
223 	if (tls_config == NULL)
224 		fatal("tls_config_new");
225 
226 	if (protocols) {
227 		if (tls_config_parse_protocols(&protos, protocols) == -1)
228 			fatalx("failed to parse protocol '%s'", protocols);
229 		if (tls_config_set_protocols(tls_config, protos) == -1)
230 			fatalx("tls_config_set_protocols: %s",
231 			    tls_config_error(tls_config));
232 	}
233 	if (ciphers && tls_config_set_ciphers(tls_config, ciphers) == -1)
234 		fatalx("tls_config_set_ciphers: %s",
235 		    tls_config_error(tls_config));
236 
237 	if (cafile == NULL)
238 		cafile = tls_default_ca_cert_file();
239 	if (tls_config_set_ca_file(tls_config, cafile) == -1)
240 		fatalx("tls_set_ca_file: %s", tls_config_error(tls_config));
241 	if (!params.tls_verify) {
242 		tls_config_insecure_noverifycert(tls_config);
243 		tls_config_insecure_noverifyname(tls_config);
244 		tls_config_insecure_noverifytime(tls_config);
245 	} else
246 		tls_config_verify(tls_config);
247 
248 	if (pledge("stdio inet dns tmppath", NULL) == -1)
249 		fatal("pledge");
250 
251 	if (!noaction)
252 		parse_message(stdin);
253 
254 	if (pledge("stdio inet dns", NULL) == -1)
255 		fatal("pledge");
256 
257 	parse_server(server);
258 
259 	if (pledge("stdio inet", NULL) == -1)
260 		fatal("pledge");
261 
262 	resume();
263 
264 	log_debug("done...");
265 
266 	return 0;
267 }
268 
269 static void
parse_server(char * server)270 parse_server(char *server)
271 {
272 	struct addrinfo hints;
273 	char *scheme, *creds, *host, *port, *p, *c;
274 	int error;
275 
276 	creds = NULL;
277 	host = NULL;
278 	port = NULL;
279 	scheme = server;
280 
281 	p = strstr(server, "://");
282 	if (p) {
283 		*p = '\0';
284 		p += 3;
285 		/* check for credentials */
286 		c = strrchr(p, '@');
287 		if (c) {
288 			creds = p;
289 			*c = '\0';
290 			host = c + 1;
291 		} else
292 			host = p;
293 	} else {
294 		/* Assume a simple server name */
295 		scheme = "smtp";
296 		host = server;
297 	}
298 
299 	if (host[0] == '[') {
300 		/* IPV6 address? */
301 		p = strchr(host, ']');
302 		if (p) {
303 			if (p[1] == ':' || p[1] == '\0') {
304 				*p++ = '\0';	/* remove ']' */
305 				host++;		/* skip '[' */
306 				if (*p == ':')
307 					port = p + 1;
308 			}
309 		}
310 	}
311 	else {
312 		port = strchr(host, ':');
313 		if (port)
314 			*port++ = '\0';
315 	}
316 
317 	if (port && port[0] == '\0')
318 		port = NULL;
319 
320 	if (creds) {
321 		p = strchr(creds, ':');
322 		if (p == NULL)
323 			fatalx("invalid credentials");
324 		*p = '\0';
325 
326 		params.auth_user = creds;
327 		params.auth_pass = p + 1;
328 	}
329 	params.tls_req = TLS_YES;
330 
331 	if (!strcmp(scheme, "lmtp")) {
332 		params.lmtp = 1;
333 	}
334 	else if (!strcmp(scheme, "lmtp+tls")) {
335 		params.lmtp = 1;
336 		params.tls_req = TLS_FORCE;
337 	}
338 	else if (!strcmp(scheme, "lmtp+notls")) {
339 		params.lmtp = 1;
340 		params.tls_req = TLS_NO;
341 	}
342 	else if (!strcmp(scheme, "smtps")) {
343 		params.tls_req = TLS_SMTPS;
344 		if (port == NULL)
345 			port = "smtps";
346 	}
347 	else if (!strcmp(scheme, "smtp")) {
348 	}
349 	else if (!strcmp(scheme, "smtp+tls")) {
350 		params.tls_req = TLS_FORCE;
351 	}
352 	else if (!strcmp(scheme, "smtp+notls")) {
353 		params.tls_req = TLS_NO;
354 	}
355 	else
356 		fatalx("invalid url scheme %s", scheme);
357 
358 	if (port == NULL)
359 		port = "smtp";
360 
361 	if (servname == NULL)
362 		servname = host;
363 	if (nosni == 0)
364 		params.tls_servname = servname;
365 
366 	memset(&hints, 0, sizeof(hints));
367 	hints.ai_family = AF_UNSPEC;
368 	hints.ai_socktype = SOCK_STREAM;
369 	error = getaddrinfo(host, port, &hints, &res0);
370 	if (error)
371 		fatalx("%s: %s", host, gai_strerror(error));
372 	ai = res0;
373 }
374 
375 void
parse_message(FILE * ifp)376 parse_message(FILE *ifp)
377 {
378 	char *line = NULL;
379 	size_t linesz = 0;
380 	ssize_t len;
381 
382 	if ((mail.fp = tmpfile()) == NULL)
383 		fatal("tmpfile");
384 
385 	for (;;) {
386 		if ((len = getline(&line, &linesz, ifp)) == -1) {
387 			if (feof(ifp))
388 				break;
389 			fatal("getline");
390 		}
391 
392 		if (len >= 2 && line[len - 2] == '\r' && line[len - 1] == '\n')
393 			line[--len - 1] = '\n';
394 
395 		if (fwrite(line, 1, len, mail.fp) != len)
396 			fatal("fwrite");
397 
398 		if (line[len - 1] != '\n' && fputc('\n', mail.fp) == EOF)
399 			fatal("fputc");
400 	}
401 
402 	free(line);
403 	fclose(ifp);
404 	rewind(mail.fp);
405 }
406 
407 void
resume(void)408 resume(void)
409 {
410 	static int started = 0;
411 	char host[256];
412 	char serv[16];
413 
414 	if (done) {
415 		event_loopexit(NULL);
416 		return;
417 	}
418 
419 	if (ai == NULL)
420 		fatalx("no more host");
421 
422 	getnameinfo(ai->ai_addr, ai->ai_addr->sa_len,
423 	    host, sizeof(host), serv, sizeof(serv),
424 	    NI_NUMERICHOST | NI_NUMERICSERV);
425 	log_debug("trying host %s port %s...", host, serv);
426 
427 	params.dst = ai->ai_addr;
428 	if (smtp_connect(&params, NULL) == NULL)
429 		fatal("smtp_connect");
430 
431 	if (started == 0) {
432 		started = 1;
433 		event_loop(0);
434 	}
435 }
436 
437 void
log_trace(int lvl,const char * emsg,...)438 log_trace(int lvl, const char *emsg, ...)
439 {
440 	va_list ap;
441 
442 	if (verbose > lvl) {
443 		va_start(ap, emsg);
444 		vlog(LOG_DEBUG, emsg, ap);
445 		va_end(ap);
446 	}
447 }
448 
449 void
smtp_require_tls(void * tag,struct smtp_client * proto)450 smtp_require_tls(void *tag, struct smtp_client *proto)
451 {
452 	struct tls *tls;
453 
454 	tls = tls_client();
455 	if (tls == NULL)
456 		fatal("tls_client");
457 
458 	if (tls_configure(tls, tls_config) == -1)
459 		fatalx("tls_configure: %s", tls_error(tls));
460 
461 	smtp_set_tls(proto, tls);
462 }
463 
464 void
smtp_ready(void * tag,struct smtp_client * proto)465 smtp_ready(void *tag, struct smtp_client *proto)
466 {
467 	log_debug("connection ready...");
468 
469 	if (done || noaction)
470 		smtp_quit(proto);
471 	else
472 		smtp_sendmail(proto, &mail);
473 }
474 
475 void
smtp_failed(void * tag,struct smtp_client * proto,int failure,const char * detail)476 smtp_failed(void *tag, struct smtp_client *proto, int failure, const char *detail)
477 {
478 	switch (failure) {
479 	case FAIL_INTERNAL:
480 		log_warnx("internal error: %s", detail);
481 		break;
482 	case FAIL_CONN:
483 		log_warnx("connection error: %s", detail);
484 		break;
485 	case FAIL_PROTO:
486 		log_warnx("protocol error: %s", detail);
487 		break;
488 	case FAIL_IMPL:
489 		log_warnx("missing feature: %s", detail);
490 		break;
491 	case FAIL_RESP:
492 		log_warnx("rejected by server: %s", detail);
493 		break;
494 	default:
495 		fatalx("unknown failure %d: %s", failure, detail);
496 	}
497 }
498 
499 void
smtp_status(void * tag,struct smtp_client * proto,struct smtp_status * status)500 smtp_status(void *tag, struct smtp_client *proto, struct smtp_status *status)
501 {
502 	log_info("%s: %s: %s", status->rcpt->to, status->cmd, status->status);
503 }
504 
505 void
smtp_done(void * tag,struct smtp_client * proto,struct smtp_mail * mail)506 smtp_done(void *tag, struct smtp_client *proto, struct smtp_mail *mail)
507 {
508 	int i;
509 
510 	log_debug("mail done...");
511 
512 	if (noaction)
513 		return;
514 
515 	for (i = 0; i < mail->rcptcount; i++)
516 		if (!mail->rcpt[i].done)
517 			return;
518 
519 	done = 1;
520 }
521 
522 void
smtp_closed(void * tag,struct smtp_client * proto)523 smtp_closed(void *tag, struct smtp_client *proto)
524 {
525 	log_debug("connection closed...");
526 
527 	ai = ai->ai_next;
528 	if (noaction && ai == NULL)
529 		done = 1;
530 
531 	resume();
532 }
533