summaryrefslogtreecommitdiff
path: root/usr.sbin/smtpd
diff options
context:
space:
mode:
authorJacek Masiulaniec <jacekm@cvs.openbsd.org>2009-04-09 19:49:35 +0000
committerJacek Masiulaniec <jacekm@cvs.openbsd.org>2009-04-09 19:49:35 +0000
commit2e2322d056b4c8ba1c9b7af6ee4f9dc822f05066 (patch)
tree56aa10d09172a90bab7e76383c705d9f65a9afd1 /usr.sbin/smtpd
parentfbfd94f72683cc3188d39266ff0dcff9eae8f3f6 (diff)
change syntax of the "listen on" and "relay via" directives:
1) kill the ssmtp keyword in "ssmtp listen on ..."; 2) kill the use keyword in "... use certificate foo"; 3) tls no longer implicit, user must explicitely use the tls or smtps option. 4) for "relay via", move the tls/smtps options to right after the port specification; makes it similar to "listen on". These directives: ssmtp listen on fxp0 use ceritifate "foo" accept for all relay via tls "mx.bar.com" now become: listen on fxp0 smtps certificate "foo" accept for all relay via "mx.bar.com" tls ok gilles@
Diffstat (limited to 'usr.sbin/smtpd')
-rw-r--r--usr.sbin/smtpd/lka.c10
-rw-r--r--usr.sbin/smtpd/mta.c4
-rw-r--r--usr.sbin/smtpd/parse.y99
-rw-r--r--usr.sbin/smtpd/smtp.c10
-rw-r--r--usr.sbin/smtpd/smtp_session.c4
-rw-r--r--usr.sbin/smtpd/smtpd.h6
-rw-r--r--usr.sbin/smtpd/ssl.c6
7 files changed, 69 insertions, 70 deletions
diff --git a/usr.sbin/smtpd/lka.c b/usr.sbin/smtpd/lka.c
index 0bd7ae83579..371abb36594 100644
--- a/usr.sbin/smtpd/lka.c
+++ b/usr.sbin/smtpd/lka.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: lka.c,v 1.39 2009/04/05 16:33:12 gilles Exp $ */
+/* $OpenBSD: lka.c,v 1.40 2009/04/09 19:49:34 jacekm Exp $ */
/*
* Copyright (c) 2008 Pierre-Yves Ritschard <pyr@openbsd.org>
@@ -440,7 +440,7 @@ lka_dispatch_mta(int sig, short event, void *p)
}
switch (mxhost.flags & F_SSL) {
- case F_SSMTP:
+ case F_SMTPS:
ssin->sin_port = htons(465);
mxrep.mxhost = mxhost;
imsg_compose(ibuf, IMSG_LKA_MX, 0, 0, -1, &mxrep,
@@ -455,7 +455,7 @@ lka_dispatch_mta(int sig, short event, void *p)
case F_STARTTLS:
ssin->sin_port = htons(25);
mxrep.mxhost = mxhost;
- mxrep.mxhost.flags &= ~F_SSMTP;
+ mxrep.mxhost.flags &= ~F_SMTPS;
imsg_compose(ibuf, IMSG_LKA_MX, 0, 0, -1, &mxrep,
sizeof(struct mxrep));
break;
@@ -481,7 +481,7 @@ lka_dispatch_mta(int sig, short event, void *p)
}
switch (mxhost.flags & F_SSL) {
- case F_SSMTP:
+ case F_SMTPS:
ssin6->sin6_port = htons(465);
mxrep.mxhost = mxhost;
imsg_compose(ibuf, IMSG_LKA_MX, 0, 0, -1, &mxrep,
@@ -496,7 +496,7 @@ lka_dispatch_mta(int sig, short event, void *p)
case F_STARTTLS:
ssin6->sin6_port = htons(25);
mxrep.mxhost = mxhost;
- mxrep.mxhost.flags &= ~F_SSMTP;
+ mxrep.mxhost.flags &= ~F_SMTPS;
imsg_compose(ibuf, IMSG_LKA_MX, 0, 0, -1, &mxrep,
sizeof(struct mxrep));
break;
diff --git a/usr.sbin/smtpd/mta.c b/usr.sbin/smtpd/mta.c
index 7d9ba336cdb..9abd62d05f9 100644
--- a/usr.sbin/smtpd/mta.c
+++ b/usr.sbin/smtpd/mta.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: mta.c,v 1.39 2009/03/29 14:18:20 jacekm Exp $ */
+/* $OpenBSD: mta.c,v 1.40 2009/04/09 19:49:34 jacekm Exp $ */
/*
* Copyright (c) 2008 Pierre-Yves Ritschard <pyr@openbsd.org>
@@ -624,7 +624,7 @@ mta_write(int s, short event, void *arg)
return;
}
- if (mxhost && mxhost->flags & F_SSMTP) {
+ if (mxhost && mxhost->flags & F_SMTPS) {
ssl_client_init(sessionp);
return;
}
diff --git a/usr.sbin/smtpd/parse.y b/usr.sbin/smtpd/parse.y
index 5021a42cf8f..1e7473bdb77 100644
--- a/usr.sbin/smtpd/parse.y
+++ b/usr.sbin/smtpd/parse.y
@@ -1,4 +1,4 @@
-/* $OpenBSD: parse.y,v 1.30 2009/03/31 21:03:49 tobias Exp $ */
+/* $OpenBSD: parse.y,v 1.31 2009/04/09 19:49:34 jacekm Exp $ */
/*
* Copyright (c) 2008 Gilles Chehade <gilles@openbsd.org>
@@ -113,8 +113,8 @@ typedef struct {
%}
-%token QUEUE INTERVAL LISTEN ON ALL PORT USE
-%token MAP TYPE HASH LIST SINGLE SSL SSMTP CERTIFICATE
+%token QUEUE INTERVAL LISTEN ON ALL PORT
+%token MAP TYPE HASH LIST SINGLE SSL SMTPS CERTIFICATE
%token DNS DB TFILE EXTERNAL DOMAIN CONFIG SOURCE
%token RELAY VIA DELIVER TO MAILDIR MBOX HOSTNAME
%token ACCEPT REJECT INCLUDE NETWORK ERROR MDA FROM FOR
@@ -122,7 +122,7 @@ typedef struct {
%token <v.string> STRING
%token <v.number> NUMBER
%type <v.map> map
-%type <v.number> quantifier decision port ssmtp from auth ssl
+%type <v.number> quantifier decision port from auth ssl
%type <v.cond> condition
%type <v.tv> interval
%type <v.object> mapref
@@ -214,19 +214,15 @@ port : PORT STRING {
}
;
-certname : USE CERTIFICATE STRING {
- if (($$ = strdup($3)) == NULL)
+certname : CERTIFICATE STRING {
+ if (($$ = strdup($2)) == NULL)
fatal(NULL);
- free($3);
+ free($2);
}
| /* empty */ { $$ = NULL; }
;
-ssmtp : SSMTP { $$ = 1; }
- | /* empty */ { $$ = 0; }
- ;
-
-ssl : SSMTP { $$ = F_SSMTP; }
+ssl : SMTPS { $$ = F_SMTPS; }
| TLS { $$ = F_STARTTLS; }
| SSL { $$ = F_SSL; }
| /* empty */ { $$ = 0; }
@@ -238,19 +234,33 @@ auth : ENABLE AUTH { $$ = 1; }
main : QUEUE INTERVAL interval {
conf->sc_qintval = $3;
}
- | ssmtp LISTEN ON STRING port certname auth {
+ | LISTEN ON STRING port ssl certname auth {
char *cert;
u_int8_t flags;
- if ($5 == 0) {
- if ($1)
- $5 = htons(465);
+ if ($5 == F_SSL) {
+ yyerror("syntax error");
+ free($6);
+ free($3);
+ YYERROR;
+ }
+
+ if ($5 == 0 && ($6 != NULL || $7)) {
+ yyerror("error: must specify tls or smtps");
+ free($6);
+ free($3);
+ YYERROR;
+ }
+
+ if ($4 == 0) {
+ if ($5 == F_SMTPS)
+ $4 = htons(465);
else
- $5 = htons(25);
+ $4 = htons(25);
}
- cert = ($6 != NULL) ? $6 : $4;
- flags = 0;
+ cert = ($6 != NULL) ? $6 : $3;
+ flags = $5;
if ($7)
flags |= F_AUTH;
@@ -258,33 +268,27 @@ main : QUEUE INTERVAL interval {
if (ssl_load_certfile(conf, cert) < 0) {
log_warnx("warning: could not load cert: %s, "
"no SSL/TLS/AUTH support", cert);
- if ($1 || $6 != NULL) {
+ if ($5) {
yyerror("cannot load certificate: %s",
cert);
free($6);
- free($4);
+ free($3);
YYERROR;
}
}
- else {
- if ($1)
- flags |= F_SSMTP;
- else
- flags |= F_STARTTLS;
- }
- if (! interface($4, &conf->sc_listeners,
- MAX_LISTEN, $5, flags)) {
- if (host($4, &conf->sc_listeners,
- MAX_LISTEN, $5, flags) <= 0) {
- yyerror("invalid virtual ip or interface: %s", $4);
+ if (! interface($3, &conf->sc_listeners,
+ MAX_LISTEN, $4, flags)) {
+ if (host($3, &conf->sc_listeners,
+ MAX_LISTEN, $4, flags) <= 0) {
+ yyerror("invalid virtual ip or interface: %s", $3);
free($6);
- free($4);
+ free($3);
YYERROR;
}
}
free($6);
- free($4);
+ free($3);
}
| HOSTNAME STRING {
if (strlcpy(conf->sc_hostname, $2,
@@ -732,29 +736,27 @@ action : DELIVER TO MAILDIR STRING {
| RELAY {
rule->r_action = A_RELAY;
}
- | RELAY VIA ssl STRING port auth {
+ | RELAY VIA STRING port ssl auth {
rule->r_action = A_RELAYVIA;
- if ($3)
- rule->r_value.relayhost.flags = $3;
+ if ($5 == 0 && $6) {
+ yyerror("error: auth over insecure channel");
+ free($3);
+ YYERROR;
+ }
- if (strlcpy(rule->r_value.relayhost.hostname, $4,
+ if (strlcpy(rule->r_value.relayhost.hostname, $3,
sizeof(rule->r_value.relayhost.hostname))
>= sizeof(rule->r_value.relayhost.hostname))
fatal("hostname too long");
- if ($5 == 0)
- rule->r_value.relayhost.port = 0;
- else
- rule->r_value.relayhost.port = $5;
+ rule->r_value.relayhost.port = $4;
+ rule->r_value.relayhost.flags |= $5;
- if ($6) {
- if (! $3)
- fatalx("cannot auth over insecure channel");
+ if ($6)
rule->r_value.relayhost.flags |= F_AUTH;
- }
- free($4);
+ free($3);
}
;
@@ -939,13 +941,12 @@ lookup(char *s)
{ "reject", REJECT },
{ "relay", RELAY },
{ "single", SINGLE },
+ { "smtps", SMTPS },
{ "source", SOURCE },
{ "ssl", SSL },
- { "ssmtp", SSMTP },
{ "tls", TLS },
{ "to", TO },
{ "type", TYPE },
- { "use", USE },
{ "via", VIA },
};
const struct keywords *p;
diff --git a/usr.sbin/smtpd/smtp.c b/usr.sbin/smtpd/smtp.c
index 3fbf2f33f96..5d59f809169 100644
--- a/usr.sbin/smtpd/smtp.c
+++ b/usr.sbin/smtpd/smtp.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: smtp.c,v 1.32 2009/03/29 14:18:20 jacekm Exp $ */
+/* $OpenBSD: smtp.c,v 1.33 2009/04/09 19:49:34 jacekm Exp $ */
/*
* Copyright (c) 2008 Gilles Chehade <gilles@openbsd.org>
@@ -144,9 +144,6 @@ smtp_dispatch_parent(int sig, short event, void *p)
if ((l->fd = imsg_get_fd(ibuf, &imsg)) == -1)
fatal("cannot get fd");
- log_debug("smtp_dispatch_parent: "
- "got fd %d for listener: %p", l->fd, l);
-
(void)strlcpy(key.ssl_name, l->ssl_cert_name,
sizeof(key.ssl_name));
@@ -639,8 +636,9 @@ smtp_setup_events(struct smtpd *env)
struct timeval tv;
TAILQ_FOREACH(l, &env->sc_listeners, entry) {
- log_debug("smtp_setup_events: configuring listener: %p%s.",
- l, (l->flags & F_SSL)?" (with ssl)":"");
+ log_debug("smtp_setup_events: listen on %s port %d flags 0x%01x"
+ " cert \"%s\"", ss_to_text(&l->ss), ntohs(l->port),
+ l->flags, l->ssl_cert_name);
session_socket_blockmode(l->fd, BM_NONBLOCK);
if (listen(l->fd, SMTPD_BACKLOG) == -1)
diff --git a/usr.sbin/smtpd/smtp_session.c b/usr.sbin/smtpd/smtp_session.c
index 0e448304811..db558d366bd 100644
--- a/usr.sbin/smtpd/smtp_session.c
+++ b/usr.sbin/smtpd/smtp_session.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: smtp_session.c,v 1.63 2009/03/15 19:32:10 gilles Exp $ */
+/* $OpenBSD: smtp_session.c,v 1.64 2009/04/09 19:49:34 jacekm Exp $ */
/*
* Copyright (c) 2008 Gilles Chehade <gilles@openbsd.org>
@@ -737,7 +737,7 @@ session_init(struct listener *l, struct session *s)
session_error, s)) == NULL)
fatalx("session_init: bufferevent_new failed");
- if (l->flags & F_SSMTP) {
+ if (l->flags & F_SMTPS) {
log_debug("session_init: initializing ssl");
s->s_flags |= F_EVLOCKED;
bufferevent_disable(s->s_bev, EV_READ|EV_WRITE);
diff --git a/usr.sbin/smtpd/smtpd.h b/usr.sbin/smtpd/smtpd.h
index d02d2daa98e..7b249879512 100644
--- a/usr.sbin/smtpd/smtpd.h
+++ b/usr.sbin/smtpd/smtpd.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: smtpd.h,v 1.96 2009/03/22 22:53:47 gilles Exp $ */
+/* $OpenBSD: smtpd.h,v 1.97 2009/04/09 19:49:34 jacekm Exp $ */
/*
* Copyright (c) 2008 Gilles Chehade <gilles@openbsd.org>
@@ -73,9 +73,9 @@
#define SMTP_ANYLINE_MAX SMTP_TEXTLINE_MAX
#define F_STARTTLS 0x01
-#define F_SSMTP 0x02
+#define F_SMTPS 0x02
#define F_AUTH 0x04
-#define F_SSL (F_SSMTP|F_STARTTLS)
+#define F_SSL (F_SMTPS|F_STARTTLS)
struct netaddr {
diff --git a/usr.sbin/smtpd/ssl.c b/usr.sbin/smtpd/ssl.c
index f151a94af75..29f1aff2d2c 100644
--- a/usr.sbin/smtpd/ssl.c
+++ b/usr.sbin/smtpd/ssl.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl.c,v 1.11 2009/03/15 19:32:11 gilles Exp $ */
+/* $OpenBSD: ssl.c,v 1.12 2009/04/09 19:49:34 jacekm Exp $ */
/*
* Copyright (c) 2008 Pierre-Yves Ritschard <pyr@openbsd.org>
@@ -509,7 +509,7 @@ ssl_session_accept(int fd, short event, void *p)
log_info("ssl_session_accept: accepted ssl client");
s->s_flags |= F_SECURE;
- if (s->s_l->flags & F_SSMTP) {
+ if (s->s_l->flags & F_SMTPS) {
s_smtp.ssmtp++;
s_smtp.ssmtp_active++;
}
@@ -601,7 +601,7 @@ ssl_session_destroy(struct session *s)
return;
}
- if (s->s_l->flags & F_SSMTP) {
+ if (s->s_l->flags & F_SMTPS) {
if (s->s_flags & F_SECURE)
s_smtp.ssmtp_active--;
}