Head

GCC Code Coverage Report

Directory:	./		Exec	Total	Coverage
File:	usr.sbin/smtpd/smtpd/../lka.c	Lines:	0	367	0.0 %
Date:	2017-11-07	Branches:	0	161	0.0 %


/*	$OpenBSD: lka.c,v 1.199 2017/05/17 14:00:06 deraadt Exp $	*/

/*
 * Copyright (c) 2008 Pierre-Yves Ritschard <pyr@openbsd.org>
 * Copyright (c) 2008 Gilles Chehade <gilles@poolp.org>
 * Copyright (c) 2012 Eric Faurot <eric@faurot.net>
 *
 * Permission to use, copy, modify, and distribute this software for any
 * purpose with or without fee is hereby granted, provided that the above
 * copyright notice and this permission notice appear in all copies.
 *
 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 */

#include <sys/types.h>
#include <sys/queue.h>
#include <sys/tree.h>
#include <sys/socket.h>
#include <sys/wait.h>
#include <sys/uio.h>

#include <netinet/in.h>

#include <ctype.h>
#include <err.h>
#include <errno.h>
#include <event.h>
#include <imsg.h>
#include <openssl/err.h>
#include <openssl/ssl.h>
#include <pwd.h>
#include <resolv.h>
#include <limits.h>
#include <signal.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <unistd.h>

#include "smtpd.h"
#include "log.h"
#include "ssl.h"

static void lka_imsg(struct mproc *, struct imsg *);
static void lka_shutdown(void);
static void lka_sig_handler(int, short, void *);
static int lka_authenticate(const char *, const char *, const char *);
static int lka_credentials(const char *, const char *, char *, size_t);
static int lka_userinfo(const char *, const char *, struct userinfo *);
static int lka_addrname(const char *, const struct sockaddr *,
    struct addrname *);
static int lka_mailaddrmap(const char *, const char *, const struct mailaddr *);
static int lka_X509_verify(struct ca_vrfy_req_msg *, const char *, const char *);
static void lka_certificate_verify(enum imsg_type, struct ca_vrfy_req_msg *);
static void lka_certificate_verify_resume(enum imsg_type, struct ca_vrfy_req_msg *);

static void
lka_imsg(struct mproc *p, struct imsg *imsg)
{
	struct table		*table;
	int			 ret;
	struct pki		*pki;
	struct iovec		iov[2];
	static struct ca_vrfy_req_msg	*req_ca_vrfy = NULL;
	struct ca_vrfy_req_msg		*req_ca_vrfy_chain;
	struct ca_cert_req_msg		*req_ca_cert;
	struct ca_cert_resp_msg		 resp_ca_cert;
	struct sockaddr_storage	 ss;
	struct userinfo		 userinfo;
	struct addrname		 addrname;
	struct envelope		 evp;
	struct mailaddr		 maddr;
	struct msg		 m;
	union lookup		 lk;
	char			 buf[LINE_MAX];
	const char		*tablename, *username, *password, *label;
	uint64_t		 reqid;
	int			 v;

	if (imsg == NULL)
		lka_shutdown();

	if (imsg->hdr.type == IMSG_MTA_DNS_HOST ||
	    imsg->hdr.type == IMSG_MTA_DNS_PTR ||
	    imsg->hdr.type == IMSG_SMTP_DNS_PTR ||
	    imsg->hdr.type == IMSG_MTA_DNS_MX ||
	    imsg->hdr.type == IMSG_MTA_DNS_MX_PREFERENCE) {
		dns_imsg(p, imsg);
		return;
	}

	if (p->proc == PROC_PONY) {
		switch (imsg->hdr.type) {
		case IMSG_SMTP_CHECK_SENDER:
			m_msg(&m, imsg);
			m_get_id(&m, &reqid);
			m_get_string(&m, &tablename);
			m_get_string(&m, &username);
			m_get_mailaddr(&m, &maddr);
			m_end(&m);

			ret = lka_mailaddrmap(tablename, username, &maddr);

			m_create(p, IMSG_SMTP_CHECK_SENDER, 0, 0, -1);
			m_add_id(p, reqid);
			m_add_int(p, ret);
			m_close(p);
			return;

		case IMSG_SMTP_EXPAND_RCPT:
			m_msg(&m, imsg);
			m_get_id(&m, &reqid);
			m_get_envelope(&m, &evp);
			m_end(&m);
			lka_session(reqid, &evp);
			return;

		case IMSG_SMTP_LOOKUP_HELO:
			m_msg(&m, imsg);
			m_get_id(&m, &reqid);
			m_get_string(&m, &tablename);
			m_get_sockaddr(&m, (struct sockaddr *)&ss);
			m_end(&m);

			ret = lka_addrname(tablename, (struct sockaddr*)&ss,
			    &addrname);

			m_create(p, IMSG_SMTP_LOOKUP_HELO, 0, 0, -1);
			m_add_id(p, reqid);
			m_add_int(p, ret);
			if (ret == LKA_OK)
				m_add_string(p, addrname.name);
			m_close(p);
			return;

		case IMSG_SMTP_TLS_INIT:
		case IMSG_MTA_TLS_INIT:
			req_ca_cert = imsg->data;
			resp_ca_cert.reqid = req_ca_cert->reqid;

			xlowercase(buf, req_ca_cert->name, sizeof(buf));
			log_debug("debug: lka: looking up pki \"%s\"", buf);
			pki = dict_get(env->sc_pki_dict, buf);
			if (pki == NULL)
				if (req_ca_cert->fallback)
					pki = dict_get(env->sc_pki_dict, "*");
			if (pki == NULL) {
				resp_ca_cert.status = CA_FAIL;
				m_compose(p, imsg->hdr.type, 0, 0, -1, &resp_ca_cert,
				    sizeof(resp_ca_cert));
				return;
			}
			resp_ca_cert.status = CA_OK;
			resp_ca_cert.cert_len = pki->pki_cert_len;
			(void)strlcpy(resp_ca_cert.name, pki->pki_name, sizeof resp_ca_cert.name);
			iov[0].iov_base = &resp_ca_cert;
			iov[0].iov_len = sizeof(resp_ca_cert);
			iov[1].iov_base = pki->pki_cert;
			iov[1].iov_len = pki->pki_cert_len;
			m_composev(p, imsg->hdr.type, 0, 0, -1, iov, nitems(iov));
			return;

		case IMSG_SMTP_TLS_VERIFY_CERT:
		case IMSG_MTA_TLS_VERIFY_CERT:
			req_ca_vrfy = xmemdup(imsg->data, sizeof *req_ca_vrfy, "lka:ca_vrfy");
			req_ca_vrfy->cert = xmemdup((char *)imsg->data +
			    sizeof *req_ca_vrfy, req_ca_vrfy->cert_len, "lka:ca_vrfy");
			req_ca_vrfy->chain_cert = xcalloc(req_ca_vrfy->n_chain,
			    sizeof (unsigned char *), "lka:ca_vrfy");
			req_ca_vrfy->chain_cert_len = xcalloc(req_ca_vrfy->n_chain,
			    sizeof (off_t), "lka:ca_vrfy");
			return;

		case IMSG_SMTP_TLS_VERIFY_CHAIN:
		case IMSG_MTA_TLS_VERIFY_CHAIN:
			if (req_ca_vrfy == NULL)
				fatalx("lka:ca_vrfy: chain without a certificate");
			req_ca_vrfy_chain = imsg->data;
			req_ca_vrfy->chain_cert[req_ca_vrfy->chain_offset] = xmemdup((char *)imsg->data +
			    sizeof *req_ca_vrfy_chain, req_ca_vrfy_chain->cert_len, "lka:ca_vrfy");
			req_ca_vrfy->chain_cert_len[req_ca_vrfy->chain_offset] = req_ca_vrfy_chain->cert_len;
			req_ca_vrfy->chain_offset++;
			return;

		case IMSG_SMTP_TLS_VERIFY:
		case IMSG_MTA_TLS_VERIFY:
			if (req_ca_vrfy == NULL)
				fatalx("lka:ca_vrfy: verify without a certificate");
			lka_certificate_verify(imsg->hdr.type, req_ca_vrfy);
			req_ca_vrfy = NULL;
			return;

		case IMSG_SMTP_AUTHENTICATE:
			m_msg(&m, imsg);
			m_get_id(&m, &reqid);
			m_get_string(&m, &tablename);
			m_get_string(&m, &username);
			m_get_string(&m, &password);
			m_end(&m);

			if (!tablename[0]) {
				m_create(p_parent, IMSG_LKA_AUTHENTICATE,
				    0, 0, -1);
				m_add_id(p_parent, reqid);
				m_add_string(p_parent, username);
				m_add_string(p_parent, password);
				m_close(p_parent);
				return;
			}

			ret = lka_authenticate(tablename, username, password);

			m_create(p, IMSG_SMTP_AUTHENTICATE, 0, 0, -1);
			m_add_id(p, reqid);
			m_add_int(p, ret);
			m_close(p);
			return;
		}
	}

	if (p->proc == PROC_PONY) {
		switch (imsg->hdr.type) {
		case IMSG_MDA_LOOKUP_USERINFO:
			m_msg(&m, imsg);
			m_get_id(&m, &reqid);
			m_get_string(&m, &tablename);
			m_get_string(&m, &username);
			m_end(&m);

			ret = lka_userinfo(tablename, username, &userinfo);

			m_create(p, IMSG_MDA_LOOKUP_USERINFO, 0, 0, -1);
			m_add_id(p, reqid);
			m_add_int(p, ret);
			if (ret == LKA_OK)
				m_add_data(p, &userinfo, sizeof(userinfo));
			m_close(p);
			return;
		}
	}

	if (p->proc == PROC_PONY) {
		switch (imsg->hdr.type) {

		case IMSG_MTA_LOOKUP_CREDENTIALS:
			m_msg(&m, imsg);
			m_get_id(&m, &reqid);
			m_get_string(&m, &tablename);
			m_get_string(&m, &label);
			m_end(&m);

			lka_credentials(tablename, label, buf, sizeof(buf));

			m_create(p, IMSG_MTA_LOOKUP_CREDENTIALS, 0, 0, -1);
			m_add_id(p, reqid);
			m_add_string(p, buf);
			m_close(p);
			return;

		case IMSG_MTA_LOOKUP_SOURCE:
			m_msg(&m, imsg);
			m_get_id(&m, &reqid);
			m_get_string(&m, &tablename);
			m_end(&m);

			table = table_find(tablename, NULL);

			m_create(p, IMSG_MTA_LOOKUP_SOURCE, 0, 0, -1);
			m_add_id(p, reqid);

			if (table == NULL) {
				log_warn("warn: source address table %s missing",
				    tablename);
				m_add_int(p, LKA_TEMPFAIL);
			}
			else {
				ret = table_fetch(table, NULL, K_SOURCE, &lk);
				if (ret == -1)
					m_add_int(p, LKA_TEMPFAIL);
				else if (ret == 0)
					m_add_int(p, LKA_PERMFAIL);
				else {
					m_add_int(p, LKA_OK);
					m_add_sockaddr(p,
					    (struct sockaddr *)&lk.source.addr);
				}
			}
			m_close(p);
			return;

		case IMSG_MTA_LOOKUP_HELO:
			m_msg(&m, imsg);
			m_get_id(&m, &reqid);
			m_get_string(&m, &tablename);
			m_get_sockaddr(&m, (struct sockaddr *)&ss);
			m_end(&m);

			ret = lka_addrname(tablename, (struct sockaddr*)&ss,
			    &addrname);

			m_create(p, IMSG_MTA_LOOKUP_HELO, 0, 0, -1);
			m_add_id(p, reqid);
			m_add_int(p, ret);
			if (ret == LKA_OK)
				m_add_string(p, addrname.name);
			m_close(p);
			return;

		}
	}

	if (p->proc == PROC_PARENT) {
		switch (imsg->hdr.type) {
		case IMSG_CONF_START:
			return;

		case IMSG_CONF_END:
			if (tracing & TRACE_TABLES)
				table_dump_all();

			/* fork & exec tables that need it */
			table_open_all();

			/* revoke proc & exec */
			if (pledge("stdio rpath inet dns getpw recvfd",
				NULL) == -1)
				err(1, "pledge");

			/* Start fulfilling requests */
			mproc_enable(p_pony);
			return;

		case IMSG_LKA_OPEN_FORWARD:
			lka_session_forward_reply(imsg->data, imsg->fd);
			return;

		case IMSG_LKA_AUTHENTICATE:
			imsg->hdr.type = IMSG_SMTP_AUTHENTICATE;
			m_forward(p_pony, imsg);
			return;
		}
	}

	if (p->proc == PROC_CONTROL) {
		switch (imsg->hdr.type) {

		case IMSG_CTL_VERBOSE:
			m_msg(&m, imsg);
			m_get_int(&m, &v);
			m_end(&m);
			log_trace_verbose(v);
			return;

		case IMSG_CTL_PROFILE:
			m_msg(&m, imsg);
			m_get_int(&m, &v);
			m_end(&m);
			profiling = v;
			return;

		case IMSG_CTL_UPDATE_TABLE:
			table = table_find(imsg->data, NULL);
			if (table == NULL) {
				log_warnx("warn: Lookup table not found: "
				    "\"%s\"", (char *)imsg->data);
				return;
			}
			table_update(table);
			return;
		}
	}

	errx(1, "lka_imsg: unexpected %s imsg", imsg_to_str(imsg->hdr.type));
}

static void
lka_sig_handler(int sig, short event, void *p)
{
	int status;
	pid_t pid;

	switch (sig) {
	case SIGCHLD:
		do {
			pid = waitpid(-1, &status, WNOHANG);
		} while (pid > 0 || (pid == -1 && errno == EINTR));
		break;
	default:
		fatalx("lka_sig_handler: unexpected signal");
	}
}

void
lka_shutdown(void)
{
	log_debug("debug: lookup agent exiting");
	_exit(0);
}

int
lka(void)
{
	struct passwd	*pw;
	struct event	 ev_sigchld;

	purge_config(PURGE_LISTENERS);

	if ((pw = getpwnam(SMTPD_USER)) == NULL)
		fatalx("unknown user " SMTPD_USER);

	config_process(PROC_LKA);

	if (initgroups(pw->pw_name, pw->pw_gid) ||
	    setresgid(pw->pw_gid, pw->pw_gid, pw->pw_gid) ||
	    setresuid(pw->pw_uid, pw->pw_uid, pw->pw_uid))
		fatal("lka: cannot drop privileges");

	imsg_callback = lka_imsg;
	event_init();

	signal_set(&ev_sigchld, SIGCHLD, lka_sig_handler, NULL);
	signal_add(&ev_sigchld, NULL);
	signal(SIGINT, SIG_IGN);
	signal(SIGTERM, SIG_IGN);
	signal(SIGPIPE, SIG_IGN);
	signal(SIGHUP, SIG_IGN);

	config_peer(PROC_PARENT);
	config_peer(PROC_QUEUE);
	config_peer(PROC_CONTROL);
	config_peer(PROC_PONY);

	/* Ignore them until we get our config */
	mproc_disable(p_pony);

	/* proc & exec will be revoked before serving requests */
	if (pledge("stdio rpath inet dns getpw recvfd proc exec flock cpath wpath", NULL) == -1)
		err(1, "pledge");

	event_dispatch();
	fatalx("exited event loop");

	return (0);
}

static int
lka_authenticate(const char *tablename, const char *user, const char *password)
{
	struct table		*table;
	char			*cpass;
	union lookup		 lk;

	log_debug("debug: lka: authenticating for %s:%s", tablename, user);
	table = table_find(tablename, NULL);
	if (table == NULL) {
		log_warnx("warn: could not find table %s needed for authentication",
		    tablename);
		return (LKA_TEMPFAIL);
	}

	switch (table_lookup(table, NULL, user, K_CREDENTIALS, &lk)) {
	case -1:
		log_warnx("warn: user credentials lookup fail for %s:%s",
		    tablename, user);
		return (LKA_TEMPFAIL);
	case 0:
		return (LKA_PERMFAIL);
	default:
		cpass = crypt(password, lk.creds.password);
		if (cpass == NULL)
			return (LKA_PERMFAIL);
		if (!strcmp(lk.creds.password, cpass))
			return (LKA_OK);
		return (LKA_PERMFAIL);
	}
}

static int
lka_credentials(const char *tablename, const char *label, char *dst, size_t sz)
{
	struct table		*table;
	union lookup		 lk;
	char			*buf;
	int			 buflen, r;

	table = table_find(tablename, NULL);
	if (table == NULL) {
		log_warnx("warn: credentials table %s missing", tablename);
		return (LKA_TEMPFAIL);
	}

	dst[0] = '\0';

	switch(table_lookup(table, NULL, label, K_CREDENTIALS, &lk)) {
	case -1:
		log_warnx("warn: credentials lookup fail for %s:%s",
		    tablename, label);
		return (LKA_TEMPFAIL);
	case 0:
		log_warnx("warn: credentials not found for %s:%s",
		    tablename, label);
		return (LKA_PERMFAIL);
	default:
		if ((buflen = asprintf(&buf, "%c%s%c%s", '\0',
		    lk.creds.username, '\0', lk.creds.password)) == -1) {
			log_warn("warn");
			return (LKA_TEMPFAIL);
		}

		r = base64_encode((unsigned char *)buf, buflen, dst, sz);
		free(buf);

		if (r == -1) {
			log_warnx("warn: credentials parse error for %s:%s",
			    tablename, label);
			return (LKA_TEMPFAIL);
		}
		return (LKA_OK);
	}
}

static int
lka_userinfo(const char *tablename, const char *username, struct userinfo *res)
{
	struct table	*table;
	union lookup	 lk;

	log_debug("debug: lka: userinfo %s:%s", tablename, username);
	table = table_find(tablename, NULL);
	if (table == NULL) {
		log_warnx("warn: cannot find user table %s", tablename);
		return (LKA_TEMPFAIL);
	}

	switch (table_lookup(table, NULL, username, K_USERINFO, &lk)) {
	case -1:
		log_warnx("warn: failure during userinfo lookup %s:%s",
		    tablename, username);
		return (LKA_TEMPFAIL);
	case 0:
		return (LKA_PERMFAIL);
	default:
		*res = lk.userinfo;
		return (LKA_OK);
	}
}

static int
lka_addrname(const char *tablename, const struct sockaddr *sa,
    struct addrname *res)
{
	struct table	*table;
	union lookup	 lk;
	const char	*source;

	source = sa_to_text(sa);

	log_debug("debug: lka: helo %s:%s", tablename, source);
	table = table_find(tablename, NULL);
	if (table == NULL) {
		log_warnx("warn: cannot find helo table %s", tablename);
		return (LKA_TEMPFAIL);
	}

	switch (table_lookup(table, NULL, source, K_ADDRNAME, &lk)) {
	case -1:
		log_warnx("warn: failure during helo lookup %s:%s",
		    tablename, source);
		return (LKA_TEMPFAIL);
	case 0:
		return (LKA_PERMFAIL);
	default:
		*res = lk.addrname;
		return (LKA_OK);
	}
}

static int
lka_mailaddrmap(const char *tablename, const char *username, const struct mailaddr *maddr)
{
	struct table	       *table;
	struct maddrnode       *mn;
	union lookup		lk;
	int			found;

	log_debug("debug: lka: mailaddrmap %s:%s", tablename, username);
	table = table_find(tablename, NULL);
	if (table == NULL) {
		log_warnx("warn: cannot find mailaddrmap table %s", tablename);
		return (LKA_TEMPFAIL);
	}

	switch (table_lookup(table, NULL, username, K_MAILADDRMAP, &lk)) {
	case -1:
		log_warnx("warn: failure during mailaddrmap lookup %s:%s",
		    tablename, username);
		return (LKA_TEMPFAIL);
	case 0:
		return (LKA_PERMFAIL);
	default:
		found = 0;
		TAILQ_FOREACH(mn, &lk.maddrmap->queue, entries) {
			if (!mailaddr_match(maddr, &mn->mailaddr))
				continue;
			found = 1;
			break;
		}
		maddrmap_free(lk.maddrmap);
		if (found)
			return (LKA_OK);
		return (LKA_PERMFAIL);
	}
	return (LKA_OK);
}

static int
lka_X509_verify(struct ca_vrfy_req_msg *vrfy,
    const char *CAfile, const char *CRLfile)
{
	X509			*x509;
	X509			*x509_tmp;
	STACK_OF(X509)		*x509_chain;
	const unsigned char    	*d2i;
	size_t			i;
	int			ret = 0;
	const char		*errstr;

	x509 = NULL;
	x509_tmp = NULL;
	x509_chain = NULL;

	d2i = vrfy->cert;
	if (d2i_X509(&x509, &d2i, vrfy->cert_len) == NULL) {
		x509 = NULL;
		goto end;
	}

	if (vrfy->n_chain) {
		x509_chain = sk_X509_new_null();
		for (i = 0; i < vrfy->n_chain; ++i) {
			d2i = vrfy->chain_cert[i];
			if (d2i_X509(&x509_tmp, &d2i, vrfy->chain_cert_len[i]) == NULL)
				goto end;
			sk_X509_insert(x509_chain, x509_tmp, i);
			x509_tmp = NULL;
		}
	}
	if (!ca_X509_verify(x509, x509_chain, CAfile, NULL, &errstr))
		log_debug("debug: lka: X509 verify: %s", errstr);
	else
		ret = 1;

end:
	X509_free(x509);
	X509_free(x509_tmp);
	if (x509_chain)
		sk_X509_pop_free(x509_chain, X509_free);

	return ret;
}

static void
lka_certificate_verify(enum imsg_type type, struct ca_vrfy_req_msg *req)
{
	lka_certificate_verify_resume(type, req);
}

static void
lka_certificate_verify_resume(enum imsg_type type, struct ca_vrfy_req_msg *req)
{
	struct ca_vrfy_resp_msg		resp;
	struct ca		       *sca;
	const char		       *cafile;
	size_t				i;

	resp.reqid = req->reqid;
	sca = dict_get(env->sc_ca_dict, req->name);
	if (sca == NULL)
		if (req->fallback)
			sca = dict_get(env->sc_ca_dict, "*");
	cafile = sca ? sca->ca_cert_file : CA_FILE;

	if (sca == NULL && !req->fallback)
		resp.status = CA_FAIL;
	else if (!lka_X509_verify(req, cafile, NULL))
		resp.status = CA_FAIL;
	else
		resp.status = CA_OK;

	m_compose(p_pony, type, 0, 0, -1, &resp,
	    sizeof resp);

	for (i = 0; i < req->n_chain; ++i)
		free(req->chain_cert[i]);
	free(req->chain_cert);
	free(req->chain_cert_len);
	free(req->cert);
	free(req);
}


Generated by: GCOVR (Version 3.3)

Line	Branch	Exec	Source
1			/* $OpenBSD: lka.c,v 1.199 2017/05/17 14:00:06 deraadt Exp $ */
2
3			/*
4			* Copyright (c) 2008 Pierre-Yves Ritschard <pyr@openbsd.org>
5			* Copyright (c) 2008 Gilles Chehade <gilles@poolp.org>
6			* Copyright (c) 2012 Eric Faurot <eric@faurot.net>
7			*
8			* Permission to use, copy, modify, and distribute this software for any
9			* purpose with or without fee is hereby granted, provided that the above
10			* copyright notice and this permission notice appear in all copies.
11			*
12			* THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
13			* WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
14			* MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
15			* ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
16			* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17			* ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
18			* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
19			*/
20
21			#include <sys/types.h>
22			#include <sys/queue.h>
23			#include <sys/tree.h>
24			#include <sys/socket.h>
25			#include <sys/wait.h>
26			#include <sys/uio.h>
27
28			#include <netinet/in.h>
29
30			#include <ctype.h>
31			#include <err.h>
32			#include <errno.h>
33			#include <event.h>
34			#include <imsg.h>
35			#include <openssl/err.h>
36			#include <openssl/ssl.h>
37			#include <pwd.h>
38			#include <resolv.h>
39			#include <limits.h>
40			#include <signal.h>
41			#include <stdio.h>
42			#include <stdlib.h>
43			#include <string.h>
44			#include <unistd.h>
45
46			#include "smtpd.h"
47			#include "log.h"
48			#include "ssl.h"
49
50			static void lka_imsg(struct mproc , struct imsg );
51			static void lka_shutdown(void);
52			static void lka_sig_handler(int, short, void *);
53			static int lka_authenticate(const char , const char , const char *);
54			static int lka_credentials(const char , const char , char *, size_t);
55			static int lka_userinfo(const char , const char , struct userinfo *);
56			static int lka_addrname(const char , const struct sockaddr ,
57			struct addrname *);
58			static int lka_mailaddrmap(const char , const char , const struct mailaddr *);
59			static int lka_X509_verify(struct ca_vrfy_req_msg , const char , const char *);
60			static void lka_certificate_verify(enum imsg_type, struct ca_vrfy_req_msg *);
61			static void lka_certificate_verify_resume(enum imsg_type, struct ca_vrfy_req_msg *);
62
63			static void
64			lka_imsg(struct mproc p, struct imsg imsg)
65			{
66			struct table *table;
67			int ret;
68			struct pki *pki;
69			struct iovec iov[2];
70			static struct ca_vrfy_req_msg *req_ca_vrfy = NULL;
71			struct ca_vrfy_req_msg *req_ca_vrfy_chain;
72			struct ca_cert_req_msg *req_ca_cert;
73			struct ca_cert_resp_msg resp_ca_cert;
74			struct sockaddr_storage ss;
75			struct userinfo userinfo;
76			struct addrname addrname;
77			struct envelope evp;
78			struct mailaddr maddr;
79			struct msg m;
80			union lookup lk;
81			char buf[LINE_MAX];
82			const char tablename, username, password, label;
83			uint64_t reqid;
84			int v;
85
86			if (imsg == NULL)
87			lka_shutdown();
88
89			if (imsg->hdr.type == IMSG_MTA_DNS_HOST \|\|
90			imsg->hdr.type == IMSG_MTA_DNS_PTR \|\|
91			imsg->hdr.type == IMSG_SMTP_DNS_PTR \|\|
92			imsg->hdr.type == IMSG_MTA_DNS_MX \|\|
93			imsg->hdr.type == IMSG_MTA_DNS_MX_PREFERENCE) {
94			dns_imsg(p, imsg);
95			return;
96			}
97
98			if (p->proc == PROC_PONY) {
99			switch (imsg->hdr.type) {
100			case IMSG_SMTP_CHECK_SENDER:
101			m_msg(&m, imsg);
102			m_get_id(&m, &reqid);
103			m_get_string(&m, &tablename);
104			m_get_string(&m, &username);
105			m_get_mailaddr(&m, &maddr);
106			m_end(&m);
107
108			ret = lka_mailaddrmap(tablename, username, &maddr);
109
110			m_create(p, IMSG_SMTP_CHECK_SENDER, 0, 0, -1);
111			m_add_id(p, reqid);
112			m_add_int(p, ret);
113			m_close(p);
114			return;
115
116			case IMSG_SMTP_EXPAND_RCPT:
117			m_msg(&m, imsg);
118			m_get_id(&m, &reqid);
119			m_get_envelope(&m, &evp);
120			m_end(&m);
121			lka_session(reqid, &evp);
122			return;
123
124			case IMSG_SMTP_LOOKUP_HELO:
125			m_msg(&m, imsg);
126			m_get_id(&m, &reqid);
127			m_get_string(&m, &tablename);
128			m_get_sockaddr(&m, (struct sockaddr *)&ss);
129			m_end(&m);
130
131			ret = lka_addrname(tablename, (struct sockaddr*)&ss,
132			&addrname);
133
134			m_create(p, IMSG_SMTP_LOOKUP_HELO, 0, 0, -1);
135			m_add_id(p, reqid);
136			m_add_int(p, ret);
137			if (ret == LKA_OK)
138			m_add_string(p, addrname.name);
139			m_close(p);
140			return;
141
142			case IMSG_SMTP_TLS_INIT:
143			case IMSG_MTA_TLS_INIT:
144			req_ca_cert = imsg->data;
145			resp_ca_cert.reqid = req_ca_cert->reqid;
146
147			xlowercase(buf, req_ca_cert->name, sizeof(buf));
148			log_debug("debug: lka: looking up pki \"%s\"", buf);
149			pki = dict_get(env->sc_pki_dict, buf);
150			if (pki == NULL)
151			if (req_ca_cert->fallback)
152			pki = dict_get(env->sc_pki_dict, "*");
153			if (pki == NULL) {
154			resp_ca_cert.status = CA_FAIL;
155			m_compose(p, imsg->hdr.type, 0, 0, -1, &resp_ca_cert,
156			sizeof(resp_ca_cert));
157			return;
158			}
159			resp_ca_cert.status = CA_OK;
160			resp_ca_cert.cert_len = pki->pki_cert_len;
161			(void)strlcpy(resp_ca_cert.name, pki->pki_name, sizeof resp_ca_cert.name);
162			iov[0].iov_base = &resp_ca_cert;
163			iov[0].iov_len = sizeof(resp_ca_cert);
164			iov[1].iov_base = pki->pki_cert;
165			iov[1].iov_len = pki->pki_cert_len;
166			m_composev(p, imsg->hdr.type, 0, 0, -1, iov, nitems(iov));
167			return;
168
169			case IMSG_SMTP_TLS_VERIFY_CERT:
170			case IMSG_MTA_TLS_VERIFY_CERT:
171			req_ca_vrfy = xmemdup(imsg->data, sizeof *req_ca_vrfy, "lka:ca_vrfy");
172			req_ca_vrfy->cert = xmemdup((char *)imsg->data +
173			sizeof *req_ca_vrfy, req_ca_vrfy->cert_len, "lka:ca_vrfy");
174			req_ca_vrfy->chain_cert = xcalloc(req_ca_vrfy->n_chain,
175			sizeof (unsigned char *), "lka:ca_vrfy");
176			req_ca_vrfy->chain_cert_len = xcalloc(req_ca_vrfy->n_chain,
177			sizeof (off_t), "lka:ca_vrfy");
178			return;
179
180			case IMSG_SMTP_TLS_VERIFY_CHAIN:
181			case IMSG_MTA_TLS_VERIFY_CHAIN:
182			if (req_ca_vrfy == NULL)
183			fatalx("lka:ca_vrfy: chain without a certificate");
184			req_ca_vrfy_chain = imsg->data;
185			req_ca_vrfy->chain_cert[req_ca_vrfy->chain_offset] = xmemdup((char *)imsg->data +
186			sizeof *req_ca_vrfy_chain, req_ca_vrfy_chain->cert_len, "lka:ca_vrfy");
187			req_ca_vrfy->chain_cert_len[req_ca_vrfy->chain_offset] = req_ca_vrfy_chain->cert_len;
188			req_ca_vrfy->chain_offset++;
189			return;
190
191			case IMSG_SMTP_TLS_VERIFY:
192			case IMSG_MTA_TLS_VERIFY:
193			if (req_ca_vrfy == NULL)
194			fatalx("lka:ca_vrfy: verify without a certificate");
195			lka_certificate_verify(imsg->hdr.type, req_ca_vrfy);
196			req_ca_vrfy = NULL;
197			return;
198
199			case IMSG_SMTP_AUTHENTICATE:
200			m_msg(&m, imsg);
201			m_get_id(&m, &reqid);
202			m_get_string(&m, &tablename);
203			m_get_string(&m, &username);
204			m_get_string(&m, &password);
205			m_end(&m);
206
207			if (!tablename[0]) {
208			m_create(p_parent, IMSG_LKA_AUTHENTICATE,
209			0, 0, -1);
210			m_add_id(p_parent, reqid);
211			m_add_string(p_parent, username);
212			m_add_string(p_parent, password);
213			m_close(p_parent);
214			return;
215			}
216
217			ret = lka_authenticate(tablename, username, password);
218
219			m_create(p, IMSG_SMTP_AUTHENTICATE, 0, 0, -1);
220			m_add_id(p, reqid);
221			m_add_int(p, ret);
222			m_close(p);
223			return;
224			}
225			}
226
227			if (p->proc == PROC_PONY) {
228			switch (imsg->hdr.type) {
229			case IMSG_MDA_LOOKUP_USERINFO:
230			m_msg(&m, imsg);
231			m_get_id(&m, &reqid);
232			m_get_string(&m, &tablename);
233			m_get_string(&m, &username);
234			m_end(&m);
235
236			ret = lka_userinfo(tablename, username, &userinfo);
237
238			m_create(p, IMSG_MDA_LOOKUP_USERINFO, 0, 0, -1);
239			m_add_id(p, reqid);
240			m_add_int(p, ret);
241			if (ret == LKA_OK)
242			m_add_data(p, &userinfo, sizeof(userinfo));
243			m_close(p);
244			return;
245			}
246			}
247
248			if (p->proc == PROC_PONY) {
249			switch (imsg->hdr.type) {
250
251			case IMSG_MTA_LOOKUP_CREDENTIALS:
252			m_msg(&m, imsg);
253			m_get_id(&m, &reqid);
254			m_get_string(&m, &tablename);
255			m_get_string(&m, &label);
256			m_end(&m);
257
258			lka_credentials(tablename, label, buf, sizeof(buf));
259
260			m_create(p, IMSG_MTA_LOOKUP_CREDENTIALS, 0, 0, -1);
261			m_add_id(p, reqid);
262			m_add_string(p, buf);
263			m_close(p);
264			return;
265
266			case IMSG_MTA_LOOKUP_SOURCE:
267			m_msg(&m, imsg);
268			m_get_id(&m, &reqid);
269			m_get_string(&m, &tablename);
270			m_end(&m);
271
272			table = table_find(tablename, NULL);
273
274			m_create(p, IMSG_MTA_LOOKUP_SOURCE, 0, 0, -1);
275			m_add_id(p, reqid);
276
277			if (table == NULL) {
278			log_warn("warn: source address table %s missing",
279			tablename);
280			m_add_int(p, LKA_TEMPFAIL);
281			}
282			else {
283			ret = table_fetch(table, NULL, K_SOURCE, &lk);
284			if (ret == -1)
285			m_add_int(p, LKA_TEMPFAIL);
286			else if (ret == 0)
287			m_add_int(p, LKA_PERMFAIL);
288			else {
289			m_add_int(p, LKA_OK);
290			m_add_sockaddr(p,
291			(struct sockaddr *)&lk.source.addr);
292			}
293			}
294			m_close(p);
295			return;
296
297			case IMSG_MTA_LOOKUP_HELO:
298			m_msg(&m, imsg);
299			m_get_id(&m, &reqid);
300			m_get_string(&m, &tablename);
301			m_get_sockaddr(&m, (struct sockaddr *)&ss);
302			m_end(&m);
303
304			ret = lka_addrname(tablename, (struct sockaddr*)&ss,
305			&addrname);
306
307			m_create(p, IMSG_MTA_LOOKUP_HELO, 0, 0, -1);
308			m_add_id(p, reqid);
309			m_add_int(p, ret);
310			if (ret == LKA_OK)
311			m_add_string(p, addrname.name);
312			m_close(p);
313			return;
314
315			}
316			}
317
318			if (p->proc == PROC_PARENT) {
319			switch (imsg->hdr.type) {
320			case IMSG_CONF_START:
321			return;
322
323			case IMSG_CONF_END:
324			if (tracing & TRACE_TABLES)
325			table_dump_all();
326
327			/* fork & exec tables that need it */
328			table_open_all();
329
330			/* revoke proc & exec */
331			if (pledge("stdio rpath inet dns getpw recvfd",
332			NULL) == -1)
333			err(1, "pledge");
334
335			/* Start fulfilling requests */
336			mproc_enable(p_pony);
337			return;
338
339			case IMSG_LKA_OPEN_FORWARD:
340			lka_session_forward_reply(imsg->data, imsg->fd);
341			return;
342
343			case IMSG_LKA_AUTHENTICATE:
344			imsg->hdr.type = IMSG_SMTP_AUTHENTICATE;
345			m_forward(p_pony, imsg);
346			return;
347			}
348			}
349
350			if (p->proc == PROC_CONTROL) {
351			switch (imsg->hdr.type) {
352
353			case IMSG_CTL_VERBOSE:
354			m_msg(&m, imsg);
355			m_get_int(&m, &v);
356			m_end(&m);
357			log_trace_verbose(v);
358			return;
359
360			case IMSG_CTL_PROFILE:
361			m_msg(&m, imsg);
362			m_get_int(&m, &v);
363			m_end(&m);
364			profiling = v;
365			return;
366
367			case IMSG_CTL_UPDATE_TABLE:
368			table = table_find(imsg->data, NULL);
369			if (table == NULL) {
370			log_warnx("warn: Lookup table not found: "
371			"\"%s\"", (char *)imsg->data);
372			return;
373			}
374			table_update(table);
375			return;
376			}
377			}
378
379			errx(1, "lka_imsg: unexpected %s imsg", imsg_to_str(imsg->hdr.type));
380			}
381
382			static void
383			lka_sig_handler(int sig, short event, void *p)
384			{
385			int status;
386			pid_t pid;
387
388			switch (sig) {
389			case SIGCHLD:
390			do {
391			pid = waitpid(-1, &status, WNOHANG);
392			} while (pid > 0 \|\| (pid == -1 && errno == EINTR));
393			break;
394			default:
395			fatalx("lka_sig_handler: unexpected signal");
396			}
397			}
398
399			void
400			lka_shutdown(void)
401			{
402			log_debug("debug: lookup agent exiting");
403			_exit(0);
404			}
405
406			int
407			lka(void)
408			{
409			struct passwd *pw;
410			struct event ev_sigchld;
411
412			purge_config(PURGE_LISTENERS);
413
414			if ((pw = getpwnam(SMTPD_USER)) == NULL)
415			fatalx("unknown user " SMTPD_USER);
416
417			config_process(PROC_LKA);
418
419			if (initgroups(pw->pw_name, pw->pw_gid) \|\|
420			setresgid(pw->pw_gid, pw->pw_gid, pw->pw_gid) \|\|
421			setresuid(pw->pw_uid, pw->pw_uid, pw->pw_uid))
422			fatal("lka: cannot drop privileges");
423
424			imsg_callback = lka_imsg;
425			event_init();
426
427			signal_set(&ev_sigchld, SIGCHLD, lka_sig_handler, NULL);
428			signal_add(&ev_sigchld, NULL);
429			signal(SIGINT, SIG_IGN);
430			signal(SIGTERM, SIG_IGN);
431			signal(SIGPIPE, SIG_IGN);
432			signal(SIGHUP, SIG_IGN);
433
434			config_peer(PROC_PARENT);
435			config_peer(PROC_QUEUE);
436			config_peer(PROC_CONTROL);
437			config_peer(PROC_PONY);
438
439			/* Ignore them until we get our config */
440			mproc_disable(p_pony);
441
442			/* proc & exec will be revoked before serving requests */
443			if (pledge("stdio rpath inet dns getpw recvfd proc exec flock cpath wpath", NULL) == -1)
444			err(1, "pledge");
445
446			event_dispatch();
447			fatalx("exited event loop");
448
449			return (0);
450			}
451
452			static int
453			lka_authenticate(const char tablename, const char user, const char *password)
454			{
455			struct table *table;
456			char *cpass;
457			union lookup lk;
458
459			log_debug("debug: lka: authenticating for %s:%s", tablename, user);
460			table = table_find(tablename, NULL);
461			if (table == NULL) {
462			log_warnx("warn: could not find table %s needed for authentication",
463			tablename);
464			return (LKA_TEMPFAIL);
465			}
466
467			switch (table_lookup(table, NULL, user, K_CREDENTIALS, &lk)) {
468			case -1:
469			log_warnx("warn: user credentials lookup fail for %s:%s",
470			tablename, user);
471			return (LKA_TEMPFAIL);
472			case 0:
473			return (LKA_PERMFAIL);
474			default:
475			cpass = crypt(password, lk.creds.password);
476			if (cpass == NULL)
477			return (LKA_PERMFAIL);
478			if (!strcmp(lk.creds.password, cpass))
479			return (LKA_OK);
480			return (LKA_PERMFAIL);
481			}
482			}
483
484			static int
485			lka_credentials(const char tablename, const char label, char *dst, size_t sz)
486			{
487			struct table *table;
488			union lookup lk;
489			char *buf;
490			int buflen, r;
491
492			table = table_find(tablename, NULL);
493			if (table == NULL) {
494			log_warnx("warn: credentials table %s missing", tablename);
495			return (LKA_TEMPFAIL);
496			}
497
498			dst[0] = '\0';
499
500			switch(table_lookup(table, NULL, label, K_CREDENTIALS, &lk)) {
501			case -1:
502			log_warnx("warn: credentials lookup fail for %s:%s",
503			tablename, label);
504			return (LKA_TEMPFAIL);
505			case 0:
506			log_warnx("warn: credentials not found for %s:%s",
507			tablename, label);
508			return (LKA_PERMFAIL);
509			default:
510			if ((buflen = asprintf(&buf, "%c%s%c%s", '\0',
511			lk.creds.username, '\0', lk.creds.password)) == -1) {
512			log_warn("warn");
513			return (LKA_TEMPFAIL);
514			}
515
516			r = base64_encode((unsigned char *)buf, buflen, dst, sz);
517			free(buf);
518
519			if (r == -1) {
520			log_warnx("warn: credentials parse error for %s:%s",
521			tablename, label);
522			return (LKA_TEMPFAIL);
523			}
524			return (LKA_OK);
525			}
526			}
527
528			static int
529			lka_userinfo(const char tablename, const char username, struct userinfo *res)
530			{
531			struct table *table;
532			union lookup lk;
533
534			log_debug("debug: lka: userinfo %s:%s", tablename, username);
535			table = table_find(tablename, NULL);
536			if (table == NULL) {
537			log_warnx("warn: cannot find user table %s", tablename);
538			return (LKA_TEMPFAIL);
539			}
540
541			switch (table_lookup(table, NULL, username, K_USERINFO, &lk)) {
542			case -1:
543			log_warnx("warn: failure during userinfo lookup %s:%s",
544			tablename, username);
545			return (LKA_TEMPFAIL);
546			case 0:
547			return (LKA_PERMFAIL);
548			default:
549			*res = lk.userinfo;
550			return (LKA_OK);
551			}
552			}
553
554			static int
555			lka_addrname(const char tablename, const struct sockaddr sa,
556			struct addrname *res)
557			{
558			struct table *table;
559			union lookup lk;
560			const char *source;
561
562			source = sa_to_text(sa);
563
564			log_debug("debug: lka: helo %s:%s", tablename, source);
565			table = table_find(tablename, NULL);
566			if (table == NULL) {
567			log_warnx("warn: cannot find helo table %s", tablename);
568			return (LKA_TEMPFAIL);
569			}
570
571			switch (table_lookup(table, NULL, source, K_ADDRNAME, &lk)) {
572			case -1:
573			log_warnx("warn: failure during helo lookup %s:%s",
574			tablename, source);
575			return (LKA_TEMPFAIL);
576			case 0:
577			return (LKA_PERMFAIL);
578			default:
579			*res = lk.addrname;
580			return (LKA_OK);
581			}
582			}
583
584			static int
585			lka_mailaddrmap(const char tablename, const char username, const struct mailaddr *maddr)
586			{
587			struct table *table;
588			struct maddrnode *mn;
589			union lookup lk;
590			int found;
591
592			log_debug("debug: lka: mailaddrmap %s:%s", tablename, username);
593			table = table_find(tablename, NULL);
594			if (table == NULL) {
595			log_warnx("warn: cannot find mailaddrmap table %s", tablename);
596			return (LKA_TEMPFAIL);
597			}
598
599			switch (table_lookup(table, NULL, username, K_MAILADDRMAP, &lk)) {
600			case -1:
601			log_warnx("warn: failure during mailaddrmap lookup %s:%s",
602			tablename, username);
603			return (LKA_TEMPFAIL);
604			case 0:
605			return (LKA_PERMFAIL);
606			default:
607			found = 0;
608			TAILQ_FOREACH(mn, &lk.maddrmap->queue, entries) {
609			if (!mailaddr_match(maddr, &mn->mailaddr))
610			continue;
611			found = 1;
612			break;
613			}
614			maddrmap_free(lk.maddrmap);
615			if (found)
616			return (LKA_OK);
617			return (LKA_PERMFAIL);
618			}
619			return (LKA_OK);
620			}
621
622			static int
623			lka_X509_verify(struct ca_vrfy_req_msg *vrfy,
624			const char CAfile, const char CRLfile)
625			{
626			X509 *x509;
627			X509 *x509_tmp;
628			STACK_OF(X509) *x509_chain;
629			const unsigned char *d2i;
630			size_t i;
631			int ret = 0;
632			const char *errstr;
633
634			x509 = NULL;
635			x509_tmp = NULL;
636			x509_chain = NULL;
637
638			d2i = vrfy->cert;
639			if (d2i_X509(&x509, &d2i, vrfy->cert_len) == NULL) {
640			x509 = NULL;
641			goto end;
642			}
643
644			if (vrfy->n_chain) {
645			x509_chain = sk_X509_new_null();
646			for (i = 0; i < vrfy->n_chain; ++i) {
647			d2i = vrfy->chain_cert[i];
648			if (d2i_X509(&x509_tmp, &d2i, vrfy->chain_cert_len[i]) == NULL)
649			goto end;
650			sk_X509_insert(x509_chain, x509_tmp, i);
651			x509_tmp = NULL;
652			}
653			}
654			if (!ca_X509_verify(x509, x509_chain, CAfile, NULL, &errstr))
655			log_debug("debug: lka: X509 verify: %s", errstr);
656			else
657			ret = 1;
658
659			end:
660			X509_free(x509);
661			X509_free(x509_tmp);
662			if (x509_chain)
663			sk_X509_pop_free(x509_chain, X509_free);
664
665			return ret;
666			}
667
668			static void
669			lka_certificate_verify(enum imsg_type type, struct ca_vrfy_req_msg *req)
670			{
671			lka_certificate_verify_resume(type, req);
672			}
673
674			static void
675			lka_certificate_verify_resume(enum imsg_type type, struct ca_vrfy_req_msg *req)
676			{
677			struct ca_vrfy_resp_msg resp;
678			struct ca *sca;
679			const char *cafile;
680			size_t i;
681
682			resp.reqid = req->reqid;
683			sca = dict_get(env->sc_ca_dict, req->name);
684			if (sca == NULL)
685			if (req->fallback)
686			sca = dict_get(env->sc_ca_dict, "*");
687			cafile = sca ? sca->ca_cert_file : CA_FILE;
688
689			if (sca == NULL && !req->fallback)
690			resp.status = CA_FAIL;
691			else if (!lka_X509_verify(req, cafile, NULL))
692			resp.status = CA_FAIL;
693			else
694			resp.status = CA_OK;
695
696			m_compose(p_pony, type, 0, 0, -1, &resp,
697			sizeof resp);
698
699			for (i = 0; i < req->n_chain; ++i)
700			free(req->chain_cert[i]);
701			free(req->chain_cert);
702			free(req->chain_cert_len);
703			free(req->cert);
704			free(req);
705			}