summaryrefslogtreecommitdiff
path: root/usr.sbin/smtpd/lka.c
diff options
context:
space:
mode:
Diffstat (limited to 'usr.sbin/smtpd/lka.c')
-rw-r--r--usr.sbin/smtpd/lka.c196
1 files changed, 25 insertions, 171 deletions
diff --git a/usr.sbin/smtpd/lka.c b/usr.sbin/smtpd/lka.c
index c03838a1b59..30205777408 100644
--- a/usr.sbin/smtpd/lka.c
+++ b/usr.sbin/smtpd/lka.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: lka.c,v 1.163 2014/02/04 09:50:31 eric Exp $ */
+/* $OpenBSD: lka.c,v 1.164 2014/02/04 13:44:41 eric Exp $ */
/*
* Copyright (c) 2008 Pierre-Yves Ritschard <pyr@openbsd.org>
@@ -59,16 +59,10 @@ static int lka_X509_verify(struct ca_vrfy_req_msg *, const char *, const char *)
static void
lka_imsg(struct mproc *p, struct imsg *imsg)
{
- struct rule *rule;
struct table *table;
- void *tmp;
int ret;
- const char *key, *val;
- struct ssl *ssl;
+ struct pki *pki;
struct iovec iov[3];
- static struct dict *ssl_dict;
- static struct dict *tables_dict;
- static struct table *table_last;
static struct ca_vrfy_req_msg *req_ca_vrfy_smtp = NULL;
static struct ca_vrfy_req_msg *req_ca_vrfy_mta = NULL;
struct ca_vrfy_req_msg *req_ca_vrfy_chain;
@@ -130,29 +124,27 @@ lka_imsg(struct mproc *p, struct imsg *imsg)
xlowercase(buf, req_ca_cert->name, sizeof(buf));
log_debug("debug: lka: looking up pki \"%s\"", buf);
- ssl = dict_get(env->sc_ssl_dict, buf);
- if (ssl == NULL) {
+ pki = dict_get(env->sc_pki_dict, buf);
+ if (pki == NULL) {
resp_ca_cert.status = CA_FAIL;
m_compose(p, IMSG_LKA_SSL_INIT, 0, 0, -1, &resp_ca_cert,
sizeof(resp_ca_cert));
return;
}
resp_ca_cert.status = CA_OK;
- resp_ca_cert.cert_len = ssl->ssl_cert_len;
- resp_ca_cert.key_len = ssl->ssl_key_len;
+ resp_ca_cert.cert_len = pki->pki_cert_len;
+ resp_ca_cert.key_len = pki->pki_key_len;
iov[0].iov_base = &resp_ca_cert;
iov[0].iov_len = sizeof(resp_ca_cert);
- iov[1].iov_base = ssl->ssl_cert;
- iov[1].iov_len = ssl->ssl_cert_len;
- iov[2].iov_base = ssl->ssl_key;
- iov[2].iov_len = ssl->ssl_key_len;
+ iov[1].iov_base = pki->pki_cert;
+ iov[1].iov_len = pki->pki_cert_len;
+ iov[2].iov_base = pki->pki_key;
+ iov[2].iov_len = pki->pki_key_len;
m_composev(p, IMSG_LKA_SSL_INIT, 0, 0, -1, iov, nitems(iov));
return;
case IMSG_LKA_SSL_VERIFY_CERT:
req_ca_vrfy_smtp = xmemdup(imsg->data, sizeof *req_ca_vrfy_smtp, "lka:ca_vrfy");
- if (req_ca_vrfy_smtp == NULL)
- fatal(NULL);
req_ca_vrfy_smtp->cert = xmemdup((char *)imsg->data +
sizeof *req_ca_vrfy_smtp, req_ca_vrfy_smtp->cert_len, "lka:ca_vrfy");
req_ca_vrfy_smtp->chain_cert = xcalloc(req_ca_vrfy_smtp->n_chain,
@@ -176,10 +168,10 @@ lka_imsg(struct mproc *p, struct imsg *imsg)
fatalx("lka:ca_vrfy: verify without a certificate");
resp_ca_vrfy.reqid = req_ca_vrfy_smtp->reqid;
- ssl = dict_xget(env->sc_ssl_dict, req_ca_vrfy_smtp->pkiname);
+ pki = dict_xget(env->sc_pki_dict, req_ca_vrfy_smtp->pkiname);
cafile = CA_FILE;
- if (ssl->ssl_ca_file)
- cafile = ssl->ssl_ca_file;
+ if (pki->pki_ca_file)
+ cafile = pki->pki_ca_file;
if (! lka_X509_verify(req_ca_vrfy_smtp, cafile, NULL))
resp_ca_vrfy.status = CA_FAIL;
else
@@ -254,29 +246,27 @@ lka_imsg(struct mproc *p, struct imsg *imsg)
xlowercase(buf, req_ca_cert->name, sizeof(buf));
log_debug("debug: lka: looking up pki \"%s\"", buf);
- ssl = dict_get(env->sc_ssl_dict, buf);
- if (ssl == NULL) {
+ pki = dict_get(env->sc_pki_dict, buf);
+ if (pki == NULL) {
resp_ca_cert.status = CA_FAIL;
m_compose(p, IMSG_LKA_SSL_INIT, 0, 0, -1, &resp_ca_cert,
sizeof(resp_ca_cert));
return;
}
resp_ca_cert.status = CA_OK;
- resp_ca_cert.cert_len = ssl->ssl_cert_len;
- resp_ca_cert.key_len = ssl->ssl_key_len;
+ resp_ca_cert.cert_len = pki->pki_cert_len;
+ resp_ca_cert.key_len = pki->pki_key_len;
iov[0].iov_base = &resp_ca_cert;
iov[0].iov_len = sizeof(resp_ca_cert);
- iov[1].iov_base = ssl->ssl_cert;
- iov[1].iov_len = ssl->ssl_cert_len;
- iov[2].iov_base = ssl->ssl_key;
- iov[2].iov_len = ssl->ssl_key_len;
+ iov[1].iov_base = pki->pki_cert;
+ iov[1].iov_len = pki->pki_cert_len;
+ iov[2].iov_base = pki->pki_key;
+ iov[2].iov_len = pki->pki_key_len;
m_composev(p, IMSG_LKA_SSL_INIT, 0, 0, -1, iov, nitems(iov));
return;
case IMSG_LKA_SSL_VERIFY_CERT:
req_ca_vrfy_mta = xmemdup(imsg->data, sizeof *req_ca_vrfy_mta, "lka:ca_vrfy");
- if (req_ca_vrfy_mta == NULL)
- fatal(NULL);
req_ca_vrfy_mta->cert = xmemdup((char *)imsg->data +
sizeof *req_ca_vrfy_mta, req_ca_vrfy_mta->cert_len, "lka:ca_vrfy");
req_ca_vrfy_mta->chain_cert = xcalloc(req_ca_vrfy_mta->n_chain,
@@ -301,11 +291,11 @@ lka_imsg(struct mproc *p, struct imsg *imsg)
fatalx("lka:ca_vrfy: verify without a certificate");
resp_ca_vrfy.reqid = req_ca_vrfy_mta->reqid;
- ssl = dict_get(env->sc_ssl_dict, req_ca_vrfy_mta->pkiname);
+ pki = dict_get(env->sc_pki_dict, req_ca_vrfy_mta->pkiname);
cafile = CA_FILE;
- if (ssl && ssl->ssl_ca_file)
- cafile = ssl->ssl_ca_file;
+ if (pki && pki->pki_ca_file)
+ cafile = pki->pki_ca_file;
if (! lka_X509_verify(req_ca_vrfy_mta, cafile, NULL))
resp_ca_vrfy.status = CA_FAIL;
else
@@ -392,149 +382,13 @@ lka_imsg(struct mproc *p, struct imsg *imsg)
if (p->proc == PROC_PARENT) {
switch (imsg->hdr.type) {
case IMSG_CONF_START:
- env->sc_rules_reload = xcalloc(1,
- sizeof *env->sc_rules, "lka:sc_rules_reload");
- tables_dict = xcalloc(1,
- sizeof *tables_dict, "lka:tables_dict");
-
- ssl_dict = calloc(1, sizeof *ssl_dict);
- if (ssl_dict == NULL)
- fatal(NULL);
- dict_init(ssl_dict);
- dict_init(tables_dict);
- TAILQ_INIT(env->sc_rules_reload);
-
- return;
-
- case IMSG_CONF_SSL:
- ssl = calloc(1, sizeof *ssl);
- if (ssl == NULL)
- fatal(NULL);
- *ssl = *(struct ssl *)imsg->data;
- ssl->ssl_cert = xstrdup((char *)imsg->data +
- sizeof *ssl, "smtp:ssl_cert");
- ssl->ssl_key = xstrdup((char *)imsg->data +
- sizeof *ssl + ssl->ssl_cert_len, "smtp:ssl_key");
- if (ssl->ssl_dhparams_len) {
- ssl->ssl_dhparams = xstrdup((char *)imsg->data
- + sizeof *ssl + ssl->ssl_cert_len +
- ssl->ssl_key_len, "smtp:ssl_dhparams");
- }
- if (ssl->ssl_ca_len) {
- ssl->ssl_ca = xstrdup((char *)imsg->data
- + sizeof *ssl + ssl->ssl_cert_len +
- ssl->ssl_key_len + ssl->ssl_dhparams_len,
- "smtp:ssl_ca");
- }
- dict_set(ssl_dict, ssl->ssl_name, ssl);
- return;
-
- case IMSG_CONF_RULE:
- rule = xmemdup(imsg->data, sizeof *rule, "lka:rule");
- TAILQ_INSERT_TAIL(env->sc_rules_reload, rule, r_entry);
- return;
-
- case IMSG_CONF_TABLE:
- table_last = table = xmemdup(imsg->data, sizeof *table,
- "lka:table");
- dict_init(&table->t_dict);
- dict_set(tables_dict, table->t_name, table);
- return;
-
- case IMSG_CONF_RULE_SOURCE:
- rule = TAILQ_LAST(env->sc_rules_reload, rulelist);
- tmp = env->sc_tables_dict;
- env->sc_tables_dict = tables_dict;
- rule->r_sources = table_find(imsg->data, NULL);
- if (rule->r_sources == NULL)
- fatalx("lka: tables inconsistency");
- env->sc_tables_dict = tmp;
- return;
-
- case IMSG_CONF_RULE_SENDER:
- rule = TAILQ_LAST(env->sc_rules_reload, rulelist);
- tmp = env->sc_tables_dict;
- env->sc_tables_dict = tables_dict;
- rule->r_senders = table_find(imsg->data, NULL);
- if (rule->r_senders == NULL)
- fatalx("lka: tables inconsistency");
- env->sc_tables_dict = tmp;
- return;
-
- case IMSG_CONF_RULE_RECIPIENT:
- rule = TAILQ_LAST(env->sc_rules_reload, rulelist);
- tmp = env->sc_tables_dict;
- env->sc_tables_dict = tables_dict;
- rule->r_recipients = table_find(imsg->data, NULL);
- if (rule->r_recipients == NULL)
- fatalx("lka: tables inconsistency");
- env->sc_tables_dict = tmp;
- return;
-
- case IMSG_CONF_RULE_DESTINATION:
- rule = TAILQ_LAST(env->sc_rules_reload, rulelist);
- tmp = env->sc_tables_dict;
- env->sc_tables_dict = tables_dict;
- rule->r_destination = table_find(imsg->data, NULL);
- if (rule->r_destination == NULL)
- fatalx("lka: tables inconsistency");
- env->sc_tables_dict = tmp;
- return;
-
- case IMSG_CONF_RULE_MAPPING:
- rule = TAILQ_LAST(env->sc_rules_reload, rulelist);
- tmp = env->sc_tables_dict;
- env->sc_tables_dict = tables_dict;
- rule->r_mapping = table_find(imsg->data, NULL);
- if (rule->r_mapping == NULL)
- fatalx("lka: tables inconsistency");
- env->sc_tables_dict = tmp;
- return;
-
- case IMSG_CONF_RULE_USERS:
- rule = TAILQ_LAST(env->sc_rules_reload, rulelist);
- tmp = env->sc_tables_dict;
- env->sc_tables_dict = tables_dict;
- rule->r_userbase = table_find(imsg->data, NULL);
- if (rule->r_userbase == NULL)
- fatalx("lka: tables inconsistency");
- env->sc_tables_dict = tmp;
- return;
-
- case IMSG_CONF_TABLE_CONTENT:
- table = table_last;
- if (table == NULL)
- fatalx("lka: tables inconsistency");
-
- key = imsg->data;
- if (table->t_type == T_HASH)
- val = key + strlen(key) + 1;
- else
- val = NULL;
-
- dict_set(&table->t_dict, key,
- val ? xstrdup(val, "lka:dict_set") : NULL);
return;
case IMSG_CONF_END:
-
- if (env->sc_rules)
- purge_config(PURGE_RULES);
- if (env->sc_tables_dict) {
- table_close_all();
- purge_config(PURGE_TABLES);
- }
- env->sc_rules = env->sc_rules_reload;
- env->sc_ssl_dict = ssl_dict;
- env->sc_tables_dict = tables_dict;
if (verbose & TRACE_TABLES)
table_dump_all();
table_open_all();
- ssl_dict = NULL;
- table_last = NULL;
- tables_dict = NULL;
-
/* Start fulfilling requests */
mproc_enable(p_mda);
mproc_enable(p_mta);
@@ -629,7 +483,7 @@ lka(void)
return (pid);
}
- purge_config(PURGE_EVERYTHING);
+ purge_config(PURGE_LISTENERS);
if ((pw = getpwnam(SMTPD_USER)) == NULL)
fatalx("unknown user " SMTPD_USER);