diff options
author | Nick Hadaway <raker@gentoo.org> | 2002-09-11 19:57:03 +0000 |
---|---|---|
committer | Nick Hadaway <raker@gentoo.org> | 2002-09-11 19:57:03 +0000 |
commit | eec16f13b483cae226489931e7bbae618930d0b8 (patch) | |
tree | 5c22ff1ebc9711b8f1e86435f81800ea5120672b /net-mail/postfix | |
parent | moved tls+ipv6 patch from distfiles to filesdir (diff) | |
download | historical-eec16f13b483cae226489931e7bbae618930d0b8.tar.gz historical-eec16f13b483cae226489931e7bbae618930d0b8.tar.bz2 historical-eec16f13b483cae226489931e7bbae618930d0b8.zip |
bzipped the tls+ipv6 patch and updated the ebuild accordingly
Diffstat (limited to 'net-mail/postfix')
-rw-r--r-- | net-mail/postfix/files/tls+ipv6-1.4-pf-1.1.11-20020822.patch | 10792 | ||||
-rw-r--r-- | net-mail/postfix/files/tls+ipv6-1.4-pf-1.1.11-20020822.patch.bz2 | bin | 0 -> 72042 bytes | |||
-rw-r--r-- | net-mail/postfix/postfix-1.1.11.20020822.ebuild | 4 |
3 files changed, 2 insertions, 10794 deletions
diff --git a/net-mail/postfix/files/tls+ipv6-1.4-pf-1.1.11-20020822.patch b/net-mail/postfix/files/tls+ipv6-1.4-pf-1.1.11-20020822.patch deleted file mode 100644 index f2818e0d455c..000000000000 --- a/net-mail/postfix/files/tls+ipv6-1.4-pf-1.1.11-20020822.patch +++ /dev/null @@ -1,10792 +0,0 @@ -diff -Pur postfix-1.1.11-20020822-orig/IPv6-ChangeLog postfix-1.1.11-20020822/IPv6-ChangeLog ---- postfix-1.1.11-20020822-orig/IPv6-ChangeLog Thu Jan 1 01:00:00 1970 -+++ postfix-1.1.11-20020822/IPv6-ChangeLog Sat Aug 24 00:23:22 2002 -@@ -0,0 +1,61 @@ -+ChangeLog for Dean Strik's IPv6 patch for Postfix. The patch is based on -+PLD's patch, which in turn seems to be based on KAME's. For more information: -+ -+ http://www.ipnet6.org/postfix.html -+ -+--------------------------------------------------------------------- -+ -+Version 1.4 Postfix version 1.1.11-20020822 -+ -+ OpenBSD (>=200003) and FreeBSD release 4 and up now use -+ getifaddrs(). This makes for cleaner code. The old code -+ seems to be bug-ridden anyway. -+ -+ Got rid of some compiler warnings. Should be cleaner on -+ Alpha as well now. Thanks to Sten Spans for providing me -+ access to an Alpha running FreeBSD4. -+ -+ Fixed an old bug in smtpd memory alloation if you compiled -+ without IPv6 support (the wrong buffer size was used. This -+ was harmless for IPv6-enabled compiles since the sizes were -+ equal then). -+ -+ Added ChangeLog to the patch (as IPv6-ChangeLog) (this -+ was absent in 1.3 contrary to docs). -+ -+Version 1.3 Postfix version 1.1.11-20020613 - 1.1.11-20020718 -+ -+ FYI: In postfix version 1.1.11-20020718, DNS lookups for -+ AAAA can be done natively. The code matches the code in -+ the patch (though the #ifdef changed from INET6 to T_AAAA). -+ This change causes the patch for 1.1.11-20020718 to be a -+ bit smaller. -+ -+Version 1.2 Postfix version 1.1.11-20020613 -+ -+ Added IPv6 support for the LMTP client. -+ -+ Added lmtp_bind_address and lmtp_bind_address6 parameters, -+ similar to those for smtp. -+ -+ Added IPv6 support for the QMQP server. -+ -+Version 1.1 Postfix version 1.1.11-20020602 - 1.1.11-20020613 -+ -+ Added parameter smtp_bind_address6. By using this parameter, -+ it is possible to bind to an IPv6 address, independently of -+ IPv4 address binding. -+ -+ Lutz fixed a bug in his TLS patch regarding SASL. Incorporated. -+ -+Version 1.0.x Postfix version 1.1.8-20020505 - 1.1.11-20020602 -+ -+ Patch derived from PLD's IPv6 patch for Postfix, revision 1.10 -+ which applied to early Postfix snapshots 1.1.x. Updated this -+ patch to apply to 1.1.8-20020505. -+ -+ Added compile-time checks for SS_LEN. Some Linux installations, -+ and maybe other systems, do define SA_LEN, but not SS_LEN. -+ -+ Several updates of postfix snapshots. -+ -diff -Pur postfix-1.1.11-20020822-orig/Makefile.in postfix-1.1.11-20020822/Makefile.in ---- postfix-1.1.11-20020822-orig/Makefile.in Sat Jun 8 20:49:42 2002 -+++ postfix-1.1.11-20020822/Makefile.in Sat Aug 24 00:08:58 2002 -@@ -6,7 +6,8 @@ - src/lmtp src/trivial-rewrite src/qmgr src/smtp src/bounce src/pipe \ - src/showq src/postalias src/postcat src/postconf src/postdrop \ - src/postkick src/postlock src/postlog src/postmap src/postqueue \ -- src/postsuper src/nqmgr src/qmqpd src/spawn src/flush src/virtual -+ src/postsuper src/nqmgr src/qmqpd src/spawn src/flush src/virtual \ -+ src/tlsmgr - MANDIRS = proto man html - - default: update -diff -Pur postfix-1.1.11-20020822-orig/conf/master.cf postfix-1.1.11-20020822/conf/master.cf ---- postfix-1.1.11-20020822-orig/conf/master.cf Thu Aug 22 02:18:08 2002 -+++ postfix-1.1.11-20020822/conf/master.cf Sat Aug 24 00:08:58 2002 -@@ -70,11 +70,16 @@ - # (yes) (yes) (yes) (never) (50) - # ========================================================================== - smtp inet n - n - - smtpd -+#smtps inet n - n - - smtpd -+# -o smtpd_tls_wrappermode=yes -o smtpd_sasl_auth_enable=yes -+#submission inet n - n - - smtpd -+# -o smtpd_enforce_tls=yes -o smtpd_sasl_auth_enable=yes - #628 inet n - n - - qmqpd - pickup fifo n - n 60 1 pickup - cleanup unix n - n - 0 cleanup - qmgr fifo n - n 300 1 qmgr - #qmgr fifo n - n 300 1 nqmgr -+#tlsmgr fifo - - n 300 1 tlsmgr - rewrite unix - - n - - trivial-rewrite - bounce unix - - n - 0 bounce - defer unix - - n - 0 bounce -diff -Pur postfix-1.1.11-20020822-orig/conf/postfix-files postfix-1.1.11-20020822/conf/postfix-files ---- postfix-1.1.11-20020822-orig/conf/postfix-files Thu Aug 1 23:41:51 2002 -+++ postfix-1.1.11-20020822/conf/postfix-files Sat Aug 24 00:08:58 2002 -@@ -69,6 +69,7 @@ - $daemon_directory/smtp:f:root:-:755 - $daemon_directory/smtpd:f:root:-:755 - $daemon_directory/spawn:f:root:-:755 -+$daemon_directory/tlsmgr:f:root:-:755 - $daemon_directory/trivial-rewrite:f:root:-:755 - $daemon_directory/virtual:f:root:-:755 - $command_directory/postalias:f:root:-:755 -@@ -139,6 +140,7 @@ - $manpage_directory/man8/smtp.8:f:root:-:644 - $manpage_directory/man8/smtpd.8:f:root:-:644 - $manpage_directory/man8/spawn.8:f:root:-:644 -+$manpage_directory/man8/tlsmgr.8:f:root:-:644 - $manpage_directory/man8/trivial-rewrite.8:f:root:-:644 - $manpage_directory/man8/virtual.8:f:root:-:644 - $sample_directory/sample-aliases.cf:f:root:-:644 -@@ -166,6 +168,7 @@ - $sample_directory/sample-rewrite.cf:f:root:-:644 - $sample_directory/sample-smtp.cf:f:root:-:644 - $sample_directory/sample-smtpd.cf:f:root:-:644 -+$sample_directory/sample-tls.cf:f:root:-:644 - $sample_directory/sample-transport.cf:f:root:-:644 - $sample_directory/sample-virtual.cf:f:root:-:644 - $readme_directory/DB_README:f:root:-:644 -diff -Pur postfix-1.1.11-20020822-orig/conf/sample-auth.cf postfix-1.1.11-20020822/conf/sample-auth.cf ---- postfix-1.1.11-20020822-orig/conf/sample-auth.cf Fri Mar 29 22:36:53 2002 -+++ postfix-1.1.11-20020822/conf/sample-auth.cf Sat Aug 24 00:08:58 2002 -@@ -117,3 +117,15 @@ - # - #smtp_sasl_security_options = - smtp_sasl_security_options = noplaintext -+ -+# Sending AUTH data over an unencrypted channel poses a security risk. When -+# smtpd_tls_enforce_tls is set, AUTH will only be announced and accepted, -+# once the TLS layer has been activated via the STARTTLS protocol. If -+# TLS layer encryption is optional, it may however still be useful to only -+# offer AUTH, when TLS is active. To not break compatiblity with unpatched -+# postfix versions, the default is to accept AUTH without encryption. In -+# order to change this behaviour, set smtpd_tls_auth_only = yes. -+# THIS OPTION ONLY WORKS WITH SSL/TLS SUPPORT COMPILED IN. -+# -+# smtpd_tls_auth_only = no -+ -diff -Pur postfix-1.1.11-20020822-orig/conf/sample-smtp.cf postfix-1.1.11-20020822/conf/sample-smtp.cf ---- postfix-1.1.11-20020822-orig/conf/sample-smtp.cf Wed Jul 17 19:01:08 2002 -+++ postfix-1.1.11-20020822/conf/sample-smtp.cf Sat Aug 24 00:08:58 2002 -@@ -189,6 +189,14 @@ - # - smtp_helo_timeout = 300s - -+# The smtp_starttls_timeout parameter limits the time in seconds to write and -+# read operations during TLS start and stop handhake procedures. -+# -+# In case of problems the client does NOT try the next address on -+# the mail exchanger list. -+# -+# smtp_starttls_timeout = 300s -+ - # The smtp_mail_timeout parameter specifies the SMTP client timeout - # for sending the SMTP MAIL FROM command, and for receiving the server - # response. -diff -Pur postfix-1.1.11-20020822-orig/conf/sample-smtpd.cf postfix-1.1.11-20020822/conf/sample-smtpd.cf ---- postfix-1.1.11-20020822-orig/conf/sample-smtpd.cf Sat Aug 3 22:35:25 2002 -+++ postfix-1.1.11-20020822/conf/sample-smtpd.cf Sat Aug 24 00:08:58 2002 -@@ -116,6 +116,11 @@ - # - strict_rfc821_envelopes = no - -+# The smtpd_starttls_timeout parameter limits the time in seconds to write and -+# read operations during TLS start and stop handhake procedures. -+# -+# smtpd_starttls_timeout = 300s -+ - # - # TARPIT CONTROLS - # -diff -Pur postfix-1.1.11-20020822-orig/conf/sample-tls.cf postfix-1.1.11-20020822/conf/sample-tls.cf ---- postfix-1.1.11-20020822-orig/conf/sample-tls.cf Thu Jan 1 01:00:00 1970 -+++ postfix-1.1.11-20020822/conf/sample-tls.cf Sat Aug 24 00:08:58 2002 -@@ -0,0 +1,497 @@ -+# DO NOT EDIT THIS FILE. EDIT THE MAIN.CF FILE INSTEAD. THE STUFF -+# HERE JUST SERVES AS AN EXAMPLE. -+# -+# This file contains example settings of Postfix configuration -+# parameters that control the behaviour of the TLS extensions. -+# -+# We strictly seperate between server side TLS (smtpd_) and client side -+# TLS (smtp_), as for practical reasons we might choose differently. -+ -+# Section with SMTPD specific settings -+ -+# To use TLS we do need a certificate and a private key. Both must be in -+# "pem" format, the private key must not be encrypted, that does mean: -+# it must be accessable without password. Both parts (certificate and -+# private key) may be in the same file. -+# -+# Both RSA and DSA are certificates are supported. Typically you will only -+# have RSA certificates issued by a commercial CA, also the tools supplied -+# with OpenSSL will by default issue RSA certificates. -+# You can have both at the same time, in this case the cipher used decides, -+# which certificate is presented. For Netscape and OpenSSL clients without -+# special cipher choices, the RSA certificate is preferred. -+# -+# In order to check the certificates, the CA-certificate (in case of a -+# certificate chain, all CA-certificates) must be available. -+# You should add these certificates to the server certificate, the server -+# certificate first, then the issuing CA(s). -+# -+# Example: the certificate for "server.dom.ain" was issued by "intermediate CA" -+# which itself has a certificate of "root CA". Create the server.pem file by -+# 'cat server_cert.pem intemediate_CA.pem root_CA.pem > server.pem' -+# -+# If you want to accept certificates issued by these CAs yourself, you can -+# also add the CA-certificates to the smtpd_tls_CAfile, in which case it is -+# not necessary to have them in the smtpd_tls_[d]cert_file. -+# -+# A certificate supplied here must be useable as SSL server certificate and -+# hence pass the "openssl verify -purpose sslserver ..." test. -+# -+smtpd_tls_cert_file = /etc/postfix/server.pem -+smtpd_tls_key_file = $smtpd_tls_cert_file -+# -+# Its DSA counterparts: -+smtpd_tls_dcert_file = /etc/postfix/server-dsa.pem -+smtpd_tls_dkey_file = $smtpd_tls_dcert_file -+ -+# The certificate was issued by a certification authority (CA), the CA-cert -+# of which must be available, if not in the certificate file. -+# This file may also contain the the CA certificates of other trusted CAs. -+# You must use this file for the list of trusted CAs if you want to use -+# chroot-mode. No default is supplied for this value as of now. -+# -+# smtpd_tls_CAfile = /etc/postfix/CAcert.pem -+ -+# To verify the peer certificate, we need to know the certificates of -+# certification authorities. These certificates in "pem" format are -+# collected in a directory. The same CAs are offered to clients for -+# client verification. Don't forget to create the necessary "hash" -+# links with $OPENSSL_HOME/bin/c_rehash /etc/postfix/certs. A typical -+# place for the CA-certs may also be $OPENSSL_HOME/certs, so there is -+# no default and you explicitly have to set the value here! -+# -+# To use this option in chroot mode, this directory itself or a copy of it -+# must be inside the chroot jail. Please note also, that the CAs in this -+# directory are not listed to the client, so that e.g. Netscape might not -+# offer certificates issued by them. -+# -+# I therefore discourage the use of this option. -+# -+smtpd_tls_CApath = /etc/postfix/certs -+ -+# To get additional information during the TLS setup and negotiations -+# you can increase the loglevel from 0..4: -+# 0: No output about the TLS subsystem -+# 1: Printout startup and certificate information -+# 2: 1 + Printout of levels during negotiation -+# 3: 2 + Hex and ASCII dump of negotiation process -+# 4: 3 + Hex and ASCII dump of complete transmission after STARTTLS -+# Use loglevel 3 only in case of problems. Use of loglevel 4 is strongly -+# discouraged. -+# -+# smtpd_tls_loglevel = 0 -+ -+# To include information about the protocol and cipher used as well as the -+# client and issuer CommonName into the "Received:" header, set the -+# smtpd_tls_received_header variable to true. The default is no, as the -+# information is not necessarily authentic. Only the final destination -+# is reliable, since the headers might have been changed in between. -+# -+#smtpd_tls_received_header = yes -+ -+# By default TLS is disabled, so no difference to plain postfix is visible. -+# Explicitely switch it on using "smtpd_use_tls". (Note: when invoked -+# via "sendmail -bs", STARTTLS is never offered due to insufficient -+# privileges to access the private key. This is intended behaviour.) -+# -+smtpd_use_tls = yes -+ -+# You can ENFORCE the use of TLS, so that no commands (except QUIT of course) -+# are allowed without TLS. According to RFC2487 this MUST NOT be applied -+# in case of a publicly-referenced SMTP server. So this option is off -+# by default and should only seldom be used. Using this option implies -+# smtpd_use_tls = yes. (Note: when invoked via "sendmail -bs", STARTTLS -+# is never offered due to insufficient privileges to access the private key. -+# This is intended behaviour.) -+# -+# smtpd_enforce_tls = no -+ -+# Besides RFC2487 some clients, namely Outlook [Express] prefer to run the -+# non-standard "wrapper" mode, not the STARTTLS enhancement to SMTP. -+# This is true for OE (Win32 < 5.0 and Win32 >=5.0 when run on a port!=25 -+# and OE (5.01 Mac on all ports). -+# It is strictly discouraged to use this mode from main.cf. If you want to -+# support this service, enable a special port in master.cf. Port 465 (smtps) -+# was once chosen for this feature. -+# -+# smtpd_tls_wrappermode = no -+ -+# To receive a client certificate, the server must explicitly ask for one. -+# Hence netscape will either complain if no certificate is available (for -+# the list of CAs in /etc/postfix/certs) or will offer you client certificates -+# to choose from. This might be annoying, so this option is "off" by default. -+# You will however need the certificate if you want to to e.g. certificate -+# based relaying. -+# -+# smtpd_tls_ask_ccert = no -+ -+# You may also decide to REQUIRE a client certificate to allow TLS connections. -+# I don't think it will be necessary often, it is however included here for -+# completeness. This option implies smtpd_tls_ask_ccert = yes -+# -+# Please be aware, that this will inhibit TLS connections without a proper -+# certificate and only makes sense, when normal submission is disabled and -+# TLS is enforced (smtpd_enforce_tls). Otherwise clients may bypass by simply -+# not using STARTTLS at all. When TLS is not enforced, the connection will be -+# handled, as if only smtpd_tls_ask_ccert = yes would be set and an information -+# is logged. -+# -+# smtpd_tls_req_ccert = no -+ -+# The verification depth for client certificates. A depth of 1 is sufficient, -+# if the certificate ist directly issued by a CA listed in the CA locations. -+# The default value (5) should also suffice for longer chains (root CA issues -+# special CA which then issues the actual certificate...) -+# -+# smtpd_tls_ccert_verifydepth = 5 -+ -+# Sending AUTH data over an unencrypted channel poses a security risk. When -+# smtpd_tls_enforce_tls is set, AUTH will only be announced and accepted, -+# once the TLS layer has been activated via the STARTTLS protocol. If -+# TLS layer encryption is optional, it may however still be useful to only -+# offer AUTH, when TLS is active. To not break compatiblity with unpatched -+# postfix versions, the default is to accept AUTH without encryption. In -+# order to change this behaviour, set smtpd_tls_auth_only = yes. -+# -+# smtpd_tls_auth_only = no -+ -+# The server and client negotiate a session, which takes some computer time -+# and network bandwidth. The session is cached only in the smtpd process -+# actually using this session and is lost when the process dies. -+# To share the session information between the smtpd processes, a disc based -+# session cache can be used based on the SDBM databases (routines included -+# in Postfix/TLS). Since concurrent writing must be supported, only SDBM -+# can be used. -+# -+smtpd_tls_session_cache_database = sdbm:/etc/postfix/smtpd_scache -+ -+# The cached sessions time out after a certain amount of time. For Postfix/TLS -+# I do not use the OpenSSL default of 300sec, but a longer time of 3600sec -+# (=1 hour). RFC2246 recommends a maximum of 24 hours. -+# -+# smtpd_tls_session_cache_timeout = 3600s -+ -+# Two additional options has been added for relay control to the UCE rules: -+# permit_tls_clientcerts (a) -+# and -+# permit_tls_all_clientcerts. (b) -+# -+# If one of these options is added to -+# smtpd_recipient_restrictions, -+# postfix will relay if -+# (a) a valid (it passed the verification) client certificate is presented -+# and its fingerprint is listed in the list of client certs -+# (relay_clientcerts), -+# (b) any valid (it passed the verification) client certificate is presented. -+# -+# Option (b) must only be used, if a special CA issues the certificates and -+# only this CA is listed as trusted CA. If other CAs are trusted, any owner -+# of a valid (SSL client)-certificate can relay. Option (b) can be practical -+# for a specically created email relay. It is however recommended to stay with -+# option (a) and list all certificates, as (b) does not permit any control -+# when a certificate must no longer be used (e.g. an employee leaving). -+# -+# smtpd_recipient_restrictions = ... permit_tls_clientcerts ... -+ -+# The list of client certificates for which relaying will be allowed. -+# Unfortunately the routines for lists in postfix use whitespaces as -+# seperators and choke on special chars. So using the certificate -+# X509ONELINES is quite impractical. We will use the fingerprints at -+# this point, as they are difficult to fake but easy to use for lookup. -+# As postmap (when using e.g. db) insists of having a pair of key and value, -+# but we only need the key, the value can be chosen freely, e.g. the name -+# of the user or host: -+# D7:04:2F:A7:0B:8C:A5:21:FA:31:77:E1:41:8A:EE:80 lutzpc.at.home -+# -+# relay_clientcerts = hash:/etc/postfix/relay_clientcerts -+ -+# To influence the cipher selection scheme, you can give cipherlist-string. -+# A detailed description would go to far here, please refer to the openssl -+# documentation. -+# If you don't know what to do with it, simply don't touch it and leave the -+# (openssl-)compiled in default! -+# -+# DO NOT USE " to enclose the string, just the string!!! -+# -+# smtpd_tls_cipherlist = DEFAULT -+ -+# If you want to take advantage of ciphers with EDH, DH parameters are needed. -+# There are built in DH parameters for both 1025bit and 512bit available. It -+# is however better to have "own" parameters, since otherwise it would "pay" -+# for a possible attacker to start a brute force attack against these -+# parameters commonly used by everybody. For this reason, the parameters -+# chosen are already different from those distributed with other TLS packages. -+# -+# To generate your own set of parameters, use -+# openssl gendh -out /etc/postfix/dh_1024.pem -2 -rand /var/run/egd-pool 1024 -+# openssl gendh -out /etc/postfix/dh_512.pem -2 -rand /var/run/egd-pool 512 -+# (your source for "entropy" might vary; on Linux there is /dev/random, on -+# other system, you might consider the "Entropy Gathering Daemon EGD", -+# available at http://www.lothar.com/tech/crypto/. -+# -+smtpd_tls_dh1024_param_file = /etc/postfix/dh_1024.pem -+smtpd_tls_dh512_param_file = /etc/postfix/dh_512.pem -+ -+# The smtpd_starttls_timeout parameter limits the time in seconds to write and -+# read operations during TLS start and stop handhake procedures. -+# -+# smtpd_starttls_timeout = 300s -+ -+# Section with SMTP specific settings -+ -+# During the startup negotiation we might present a certificate to the server. -+# Netscape is rather clever here and lets the user select between only those -+# certs that will match the CAs accepted from the server. As I simply use -+# the integrated "SSL_connect()" from the OpenSSL package, this is not -+# possible by now and we have to chose just one cert. -+# So for now the default is to use _no_ cert and key unless explictly -+# set here. It is possible to use the same key/cert pair as for the server. -+# If a cert is to be presented, it must be in "pem" format, the private key -+# must not be encrypted, that does mean: it must be accessable without -+# password. Both parts (certificate and private key) may be in the -+# same file. -+# -+# In order to check the certificates, the CA-certificate (in case of a -+# certificate chain, all CA-certificates) must be available. -+# You should add these certificates to the server certificate, the server -+# certificate first, then the issuing CA(s). -+# -+# Example: the certificate for "client.dom.ain" was issued by "intermediate CA" -+# which itself has a certificate of "root CA". Create the client.pem file by -+# 'cat client_cert.pem intemediate_CA.pem root_CA.pem > client.pem' -+# -+# If you want to accept certificates issued by these CAs yourself, you can -+# also add the CA-certificates to the smtp_tls_CAfile, in which case it is -+# not necessary to have them in the smtp_tls_[d]cert_file. -+# -+# A certificate supplied here must be useable as SSL client certificate and -+# hence pass the "openssl verify -purpose sslclient ..." test. -+# -+smtp_tls_cert_file = /etc/postfix/client.pem -+smtp_tls_key_file = $smtp_tls_cert_file -+ -+# The certificate was issued by a certification authority (CA), the CA-cert -+# of which must be available, if not in the certificate file. -+# This file may also contain the the CA certificates of other trusted CAs. -+# You must use this file for the list of trusted CAs if you want to use -+# chroot-mode. No default is supplied for this value as of now. -+# -+smtp_tls_CAfile = /etc/postfix/CAcert.pem -+ -+# To verify the peer certificate, we need to know the certificates of -+# certification authorities. These certificates in "pem" format are -+# collected in a directory. Don't forget to create the necessary "hash" -+# links with $OPENSSL_HOME/bin/c_rehash /etc/postfix/certs. A typical -+# place for the CA-certs may also be $OPENSSL_HOME/certs, so there is -+# no default and you explicitly have to set the value here! -+# -+# To use this option in chroot mode, this directory itself or a copy of it -+# must be inside the chroot jail. -+# -+smtp_tls_CApath = /etc/postfix/certs -+ -+# To get additional information during the TLS setup and negotiations -+# you can increase the loglevel from 0..4: -+# 0: No output about the TLS subsystem -+# 1: Printout startup and certificate information -+# 2: 1 + Printout of levels during negotiation -+# 3: 2 + Hex and ASCII dump of negotiation process -+# 4: 3 + Hex and ASCII dump of complete transmission after STARTTLS -+# Use loglevel 3 only in case of problems. Use of loglevel 4 is strongly -+# discouraged. -+# -+smtp_tls_loglevel = 0 -+ -+# The server and client negotiate a session, which takes some computer time -+# and network bandwidth. The session is cached only in the smtpd process -+# actually using this session and is lost when the process dies. -+# To share the session information between the smtp processes, a disc based -+# session cache can be used based on the SDBM databases (routines included -+# in Postfix/TLS). Since concurrent writing must be supported, only SDBM -+# can be used. -+# -+smtp_tls_session_cache_database = sdbm:/etc/postfix/smtp_scache -+ -+# The cached sessions time out after a certain amount of time. For Postfix/TLS -+# I do not use the OpenSSL default of 300sec, but a longer time of 3600sec -+# (=1 hour). RFC2246 recommends a maximum of 24 hours. -+# -+# smtp_tls_session_cache_timeout = 3600s -+ -+# By default TLS is disabled, so no difference to plain postfix is visible. -+# If you enable TLS it will be used when offered by the server. -+# WARNING: I didn't have access to other software (except those explicitely -+# listed) to test the interaction. On corresponding mailing list -+# there was a discussion going on about MS exchange servers offering -+# STARTTLS even if it is not configured, so it might be wise to not -+# use this option on your central mail hub, as you don't know in advance -+# whether you are going to hit such host. Use the recipient/site specific -+# options instead. -+# HINT: I have it switched on on my mailservers and did experience one -+# single failure since client side TLS is implemented. (There was one -+# misconfired MS Exchange server; I contacted ths admin.) Hence, I am happy -+# with it running all the time, but I am interested in testing anyway. -+# You have been warned, however :-) -+# -+# In case of failure, a "4xx" code is issued and the mail stays in the queue. -+# -+# Explicitely switch it on here, if you want it. -+# -+smtp_use_tls = yes -+ -+# You can ENFORCE the use of TLS, so that only connections with TLS will -+# be accepted. Additionally, the hostname of the receiving host is matched -+# against the CommonName in the certificate. Also, the certificate must -+# be verified "Ok", so that a CA trusted by the client must have issued -+# the certificate. If the certificate doesn't verify or the hostname doesn't -+# match, a "4xx" will be issued and the mail stays in the queue. -+# The hostname used in the check is beyond question, as it must be the -+# principle hostname (no CNAME allowed here). -+# The behaviour may be changed with the smtp_tls_enforce_peername option -+# -+# This option is useful only if you are definitely sure that you will only -+# connect to servers supporting RFC2487 _and_ with valid certificates. -+# I use it for my clients which will only send email to one mailhub, which -+# does offer the necessary STARTTLS support. -+# -+# smtp_enforce_tls = no -+ -+# As of RFC2487 the requirements for hostname checking for MTA clients are -+# not set. When in smtp_enforce_tls mode, the option smtp_tls_enforce_peername -+# can be set to "no" to disable strict peername checking. In this case, the -+# mail delivery will be continued, if a TLS connection was established -+# _and_ the peer certificate passed verification _but_ regardless of the -+# CommonName listed in the certificate. This option only applies to the -+# default setting smtp_enforce_tls_mode, special settings in the -+# smtp_tls_per_site table override smtp_tls_enforce_peername. -+# -+# This can make sense in closed environment where special CAs are created. -+# If not used carefully, this option opens the danger of a "man-in-the-middle" -+# attack (the CommonName of this attacker is logged). -+# -+# smtp_tls_enforce_peername = yes -+ -+# As generally trying TLS can be a bad idea (some hosts offer STARTTLS but -+# the negotiation will fail leading to unexplainable failures, it may be -+# a good idea to decide based on the recipient or the mailhub to which you are -+# connecting. -+# -+# Deciding per recipient may be difficult, since a singe email can have -+# several recipients. We use the "nexthop" mechanism inside postfix. -+# When an email is to be delivered, the "nexthop" is obtained. If it matches -+# an entry in the smtp_tls_per_site list, appropriate action is taken. -+# Since entries in the transport table or the use of a relay_host override -+# the nexthop setting, in these cases the relay_host etc must be listed -+# in the table. In any case, the hostname of the peer to be contacted is -+# looked up (that is: the MX or the name of the host, if no MX is given). -+# -+# Special hint for enforcement mode: -+# Since there is no secure mechanism for DNS lookups available, the -+# recommended setup is: put the sensible domains with their mailhost -+# into the transport table (since you can asure security of this table -+# unlike DNS), then set MUST mode for this mailhost. -+# -+# Format of the table: -+# The keys entries are on the left hand side, no wildcards allowed. On the -+# right hand side the keywords NONE (don't use TLS at all), MAY (try to use -+# STARTTLS if offered, no problem if not), MUST (enforce usage of STARTTLS, -+# check server certificate CommonName against server FQDN), MUST_NOPEERMATCH -+# (enforce usage of STARTTLS and verify certificate, but ignore differences -+# between CommonName and server FQDN). -+# dom.ain NONE -+# host.dom.ain MAY -+# important.host MUST -+# some.host.dom.ain MUST_NOPEERMATCH -+# -+# If an entry is not matched, the default policy is applied; if the default -+# policy is "enforce", NONE explicitely switches it off, otherwise the -+# "enforce" mode is used even for MAY entries. -+# -+smtp_tls_per_site = hash:/etc/postfix/tls_per_site -+ -+# The verification depth for server certificates. A depth of 1 is sufficient, -+# if the certificate ist directly issued by a CA listed in the CA locations. -+# The default value (5) should also suffice for longer chains (root CA issues -+# special CA which then issues the actual certificate...) -+# -+# smtp_tls_scert_verifydepth = 5 -+ -+# As we decide on a "per site" basis, wether to use TLS or not, it would be -+# good to have a list of sites, that offered "STARTTLS'. We can collect it -+# ourselves with this option. -+# -+# If activated and TLS is not already enabled for this host, a line is added -+# to the logfile: -+# postfix/smtp[pid]: Host offered STARTTLS: [name.of.host] -+# -+smtp_tls_note_starttls_offer = yes -+ -+# To influence the cipher selection scheme, you can give cipherlist-string. -+# A detailed description would go to far here, please refer to the openssl -+# documentation. -+# If you don't know what to do with it, simply don't touch it and leave the -+# (openssl-)compiled in default! -+# -+# DO NOT USE " to enclose the string, just the string!!! -+# -+# smtp_tls_cipherlist = DEFAULT -+ -+# The smtp_starttls_timeout parameter limits the time in seconds to write and -+# read operations during TLS start and stop handhake procedures. -+# -+# In case of problems the client does NOT try the next address on -+# the mail exchanger list. -+# -+# smtp_starttls_timeout = 300s -+ -+# In order to seed the PRNG Pseude Random Number Generator, random data is -+# needed. The PRNG pool is maintained by the "tlsmgr" daemon and is used -+# (read) by the smtp[d] processes after adding some more entropy by stirring -+# in time and process id. -+# The file, which is from time to time rewritten by the tlsmgr, is created -+# if not existant. A default value is given; the default should probably -+# be on the /var partition but _not_ inside chroot jail. -+# -+# tls_random_exchange_name = /etc/postfix/prng_exch -+ -+# To feed the PRNG pool, entropy is being read from an external source, -+# both at startup and during run. -+# Specify a good entropy source here, like EGD or /dev/urandom; make sure -+# to only use non-blocking sources. -+# In both cases, 32 bytes are read at each re-seeding event (which is an -+# amount of 256bits and hence good enough for 128bit symmetric keys). -+# You must specify the type of source: "dev:" for a device special file -+# or "egd:" for a source with EGD compatible socket interface. A maximum -+# 255 bytes is read from these sources in each step. -+# If you specify a normal file, a larger amount of data can be read. -+# -+# The entropy source is queried again after a certain amount of time. The -+# time is calculated using the PRNG, it is between 0 and the time specified, -+# default is a maximum of 1 hour. -+# -+# tls_random_source = dev:/dev/urandom -+tls_random_source = egd:/var/run/egd-pool -+# tls_random_bytes = 32 -+# tls_random_reseed_period = 3600s -+ -+# The PRNG pool inside tlsmgr is used to re-generate the 1024 byte file -+# being read by smtp[d]. The time, after which the exchange file is -+# rewritten is calculated using the PRNG, it is between 0 and the time -+# specified, default is a maximum of 60 seconds. -+# -+# tls_random_upd_period = 60s -+ -+# If you have a entropy source available, that is not easily drained (like -+# /dev/urandom), the daemons can also load additional entropy on startup from -+# the source specified. By default an amount of 32 bytes is read, the -+# equivalent to 256 bits. This is more than enough to generate a 128bit -+# (or 168bit) session key, but we may have to generate more than one. -+# Usage of this option may drain EGD (consider the case of 50 smtp starting -+# up with a full queue and "postfix start", which will request 1600bytes -+# of entropy). This is however not fatal, as long as "entropy" data could -+# be read from the exchange file. -+# -+# tls_daemon_random_source = dev:/dev/urandom -+tls_daemon_random_source = egd:/var/run/egd-pool -+# tls_daemon_random_bytes = 32 -+ -diff -Pur postfix-1.1.11-20020822-orig/makedefs postfix-1.1.11-20020822/makedefs ---- postfix-1.1.11-20020822-orig/makedefs Mon Jul 29 15:05:05 2002 -+++ postfix-1.1.11-20020822/makedefs Sat Aug 24 00:08:58 2002 -@@ -52,6 +52,21 @@ - SYSTEM=`(uname -s) 2>/dev/null` - RELEASE=`(uname -r) 2>/dev/null` - VERSION=`(uname -v) 2>/dev/null` -+if test -f /usr/include/netinet6/in6.h; then -+ grep __KAME__ /usr/include/netinet6/in6.h 2>&1 >/dev/null -+ if [ $? = 1 ]; then -+ INET6= -+ else -+ if [ -f /usr/local/v6/lib/libinet6.a ]; then -+ INET6=kame -+ else -+ INET6=kame-merged -+ fi -+ fi -+fi -+if [ -z "$INET6" -a -f /usr/include/netinet/ip6.h -a -f /usr/include/linux/icmpv6.h ]; then -+ INET6=linux -+fi - - case "$VERSION" in - dcosx*) SYSTEM=$VERSION;; -@@ -299,6 +314,26 @@ - esac - - : ${CC='gcc $(WARN)'} ${OPT='-O'} ${DEBUG='-g'} ${AWK=awk} -+ -+case "$INET6" in -+kame) -+ CCARGS="$CCARGS -DINET6 -D__ss_family=ss_family -D__ss_len=ss_len" -+ if test -f /usr/local/v6/lib/libinet6.a; then -+ SYSLIBS="$SYSLIBS -L/usr/local/v6/lib -linet6" -+ fi -+ ;; -+kame-merged) -+ CCARGS="$CCARGS -DINET6 -D__ss_family=ss_family -D__ss_len=ss_len" -+ ;; -+linux) -+ CCARGS="$CCARGS -DINET6 -D__ss_family=ss_family" -+ if test -f /usr/include/libinet6/netinet/ip6.h -a \ -+ -f /usr/lib/libinet6.a; then -+ CCARGS="$CCARGS -I/usr/include/libinet6 -DUSAGI_LIBINET6" -+ SYSLIBS="$SYSLIBS -linet6" -+ fi -+ ;; -+esac - - export SYSTYPE AR ARFL RANLIB SYSLIBS CC OPT DEBUG AWK OPTS - -diff -Pur postfix-1.1.11-20020822-orig/man/man8/tlsmgr.8 postfix-1.1.11-20020822/man/man8/tlsmgr.8 ---- postfix-1.1.11-20020822-orig/man/man8/tlsmgr.8 Thu Jan 1 01:00:00 1970 -+++ postfix-1.1.11-20020822/man/man8/tlsmgr.8 Sat Aug 24 00:08:59 2002 -@@ -0,0 +1,130 @@ -+.TH TLSMGR 8 -+.ad -+.fi -+.SH NAME -+tlsmgr -+\- -+Postfix TLS session cache and PRNG handling manager -+.SH SYNOPSIS -+.na -+.nf -+\fBtlsmgr\fR [generic Postfix daemon options] -+.SH DESCRIPTION -+.ad -+.fi -+The tlsmgr process does housekeeping on the session cache database -+files. It runs through the databases and removes expired entries -+and entries written by older (incompatible) versions. -+ -+The tlsmgr is responsible for the PRNG handling. The used internal -+OpenSSL PRNG has a pool size of 8192 bits (= 1024 bytes). The pool -+is initially seeded at startup from an external source (EGD or -+/dev/urandom) and additional seed is obtained later during program -+run at a configurable period. The exact time of seed query is -+using random information and is equally distributed in the range of -+[0-\fBtls_random_reseed_period\fR] with a \fBtls_random_reseed_period\fR -+having a default of 1 hour. -+ -+Tlsmgr can be run chrooted and with dropped privileges, as it will -+connect to the entropy source at startup. -+ -+The PRNG is additionally seeded internally by the data found in the -+session cache and timevalues. -+ -+Tlsmgr reads the old value of the exchange file at startup to keep -+entropy already collected during previous runs. -+ -+From the PRNG random pool a cryptographically strong 1024 byte random -+sequence is written into the PRNG exchange file. The file is updated -+periodically with the time changing randomly from -+[0-\fBtls_random_prng_update_period\fR]. -+.SH STANDARDS -+.na -+.nf -+.SH SECURITY -+.na -+.nf -+.ad -+.fi -+Tlsmgr is not security-sensitive. It only deals with external data -+to be fed into the PRNG, the contents is never trusted. The session -+cache housekeeping will only remove entries if expired and will never -+touch the contents of the cached data. -+.SH DIAGNOSTICS -+.ad -+.fi -+Problems and transactions are logged to the syslog daemon. -+.SH BUGS -+.ad -+.fi -+There is no automatic means to limit the number of entries in the -+session caches and/or the size of the session cache files. -+.SH CONFIGURATION PARAMETERS -+.na -+.nf -+.ad -+.fi -+The following \fBmain.cf\fR parameters are especially relevant to -+this program. See the Postfix \fBmain.cf\fR file for syntax details -+and for default values. Use the \fBpostfix reload\fR command after -+a configuration change. -+.SH Session Cache -+.ad -+.fi -+.IP \fBsmtpd_tls_session_cache_database\fR -+Name of the SDBM file (type sdbm:) containing the SMTP server session -+cache. If the file does not exist, it is created. -+.IP \fBsmtpd_tls_session_cache_timeout\fR -+Expiry time of SMTP server session cache entries in seconds. Entries -+older than this are removed from the session cache. A cleanup-run is -+performed periodically every \fBsmtpd_tls_session_cache_timeout\fR -+seconds. Default is 3600 (= 1 hour). -+.IP \fBsmtp_tls_session_cache_database\fR -+Name of the SDBM file (type sdbm:) containing the SMTP client session -+cache. If the file does not exist, it is created. -+.IP \fBsmtp_tls_session_cache_timeout\fR -+Expiry time of SMTP client session cache entries in seconds. Entries -+older than this are removed from the session cache. A cleanup-run is -+performed periodically every \fBsmtp_tls_session_cache_timeout\fR -+seconds. Default is 3600 (= 1 hour). -+.SH Pseudo Random Number Generator -+.ad -+.fi -+.IP \fBtls_random_source\fR -+Name of the EGD socket or device or regular file to obtain entropy -+from. The type of entropy source must be specified by preceding the -+name with the appropriate type: egd:/path/to/egd_socket, -+dev:/path/to/devicefile, or /path/to/regular/file. -+tlsmgr opens \fBtls_random_source\fR and tries to read -+\fBtls_random_bytes\fR from it. -+.IP \fBtls_random_bytes\fR -+Number of bytes to be read from \fBtls_random_source\fR. -+Default value is 32 bytes. If using EGD, a maximum of 255 bytes is read. -+.IP \fBtls_random_exchange_name\fR -+Name of the file written by tlsmgr and read by smtp and smtpd at -+startup. The length is 1024 bytes. Default value is -+/etc/postfix/prng_exch. -+.IP \fBtls_random_reseed_period\fR -+Time in seconds until the next reseed from external sources is due. -+This is the maximum value. The actual point in time is calculated -+with a random factor equally distributed between 0 and this maximum -+value. Default is 3600 (= 60 minutes). -+.IP \fBtls_random_prng_update_period\fR -+Time in seconds until the PRNG exchange file is updated with new -+pseude random values. This is the maximum value. The actual point -+in time is calculated with a random factor equally distributed -+between 0 and this maximum value. Default is 60 (= 1 minute). -+.SH SEE ALSO -+.na -+.nf -+smtp(8) SMTP client -+smtpd(8) SMTP server -+.SH LICENSE -+.na -+.nf -+.ad -+.fi -+The Secure Mailer license must be distributed with this software. -+.SH AUTHOR(S) -+.na -+.nf -diff -Pur postfix-1.1.11-20020822-orig/src/global/Makefile.in postfix-1.1.11-20020822/src/global/Makefile.in ---- postfix-1.1.11-20020822-orig/src/global/Makefile.in Wed Aug 21 22:24:33 2002 -+++ postfix-1.1.11-20020822/src/global/Makefile.in Sat Aug 24 00:08:59 2002 -@@ -20,7 +20,8 @@ - tok822_resolve.c tok822_rewrite.c tok822_tree.c xtext.c bounce_log.c \ - flush_clnt.c mail_conf_time.c mbox_conf.c mbox_open.c abounce.c \ - verp_sender.c match_parent_style.c mime_state.c header_token.c \ -- strip_addr.c virtual8_maps_find.c hold_message.c -+ strip_addr.c virtual8_maps_find.c hold_message.c pfixtls.c \ -+ wildcard_inet_addr.c - OBJS = been_here.o bounce.o canon_addr.o cleanup_strerror.o clnt_stream.o \ - debug_peer.o debug_process.o defer.o deliver_completed.o \ - deliver_flock.o deliver_pass.o deliver_request.o domain_list.o \ -@@ -42,7 +43,8 @@ - tok822_resolve.o tok822_rewrite.o tok822_tree.o xtext.o bounce_log.o \ - flush_clnt.o mail_conf_time.o mbox_conf.o mbox_open.o abounce.o \ - verp_sender.o match_parent_style.o mime_state.o header_token.o \ -- strip_addr.o virtual8_maps_find.o hold_message.o -+ strip_addr.o virtual8_maps_find.o hold_message.o pfixtls.o \ -+ wildcard_inet_addr.o - HDRS = been_here.h bounce.h canon_addr.h cleanup_user.h clnt_stream.h \ - config.h debug_peer.h debug_process.h defer.h deliver_completed.h \ - deliver_flock.h deliver_pass.h deliver_request.h domain_list.h \ -@@ -60,7 +62,8 @@ - sys_exits.h timed_ipc.h tok822.h xtext.h bounce_log.h flush_clnt.h \ - mbox_conf.h mbox_open.h abounce.h qmqp_proto.h verp_sender.h \ - match_parent_style.h quote_flags.h mime_state.h header_token.h \ -- lex_822.h strip_addr.h virtual8.h hold_message.h -+ lex_822.h strip_addr.h virtual8.h hold_message.h pfixtls.h \ -+ wildcard_inet_addr.h - TESTSRC = rec2stream.c stream2rec.c recdump.c - WARN = -W -Wformat -Wimplicit -Wmissing-prototypes \ - -Wparentheses -Wstrict-prototypes -Wswitch -Wuninitialized \ -@@ -1212,3 +1215,16 @@ - xtext.o: ../../include/vbuf.h - xtext.o: ../../include/vstring.h - xtext.o: xtext.h -+pfixtls.o: pfixtls.c -+pfixtls.o: ../../include/sys_defs.h -+pfixtls.o: ../../include/iostuff.h -+pfixtls.o: ../../include/mymalloc.h -+pfixtls.o: ../../include/vstring.h -+pfixtls.o: ../../include/vstream.h -+pfixtls.o: ../../include/dict.h -+pfixtls.o: ../../include/myflock.h -+pfixtls.o: ../../include/stringops.h -+pfixtls.o: ../../include/msg.h -+pfixtls.o: ../../include/connect.h -+pfixtls.o: mail_params.h -+pfixtls.o: pfixtls.h -diff -Pur postfix-1.1.11-20020822-orig/src/global/mail_params.c postfix-1.1.11-20020822/src/global/mail_params.c ---- postfix-1.1.11-20020822-orig/src/global/mail_params.c Sat Jun 8 20:21:40 2002 -+++ postfix-1.1.11-20020822/src/global/mail_params.c Sat Aug 24 00:08:59 2002 -@@ -223,6 +223,31 @@ - int var_in_flow_delay; - char *var_par_dom_match; - char *var_config_dirs; -+char *var_tls_rand_exch_name; -+char *var_smtpd_tls_cert_file; -+char *var_smtpd_tls_key_file; -+char *var_smtpd_tls_dcert_file; -+char *var_smtpd_tls_dkey_file; -+char *var_smtpd_tls_CAfile; -+char *var_smtpd_tls_CApath; -+char *var_smtpd_tls_cipherlist; -+char *var_smtpd_tls_dh512_param_file; -+char *var_smtpd_tls_dh1024_param_file; -+int var_smtpd_tls_loglevel; -+char *var_smtpd_tls_scache_db; -+int var_smtpd_tls_scache_timeout; -+char *var_smtp_tls_cert_file; -+char *var_smtp_tls_key_file; -+char *var_smtp_tls_dcert_file; -+char *var_smtp_tls_dkey_file; -+char *var_smtp_tls_CAfile; -+char *var_smtp_tls_CApath; -+char *var_smtp_tls_cipherlist; -+int var_smtp_tls_loglevel; -+char *var_smtp_tls_scache_db; -+int var_smtp_tls_scache_timeout; -+char *var_tls_daemon_rand_source; -+int var_tls_daemon_rand_bytes; - - char *var_import_environ; - char *var_export_environ; -@@ -467,6 +492,26 @@ - VAR_SHOWQ_SERVICE, DEF_SHOWQ_SERVICE, &var_showq_service, 1, 0, - VAR_ERROR_SERVICE, DEF_ERROR_SERVICE, &var_error_service, 1, 0, - VAR_FLUSH_SERVICE, DEF_FLUSH_SERVICE, &var_flush_service, 1, 0, -+ VAR_TLS_RAND_EXCH_NAME, DEF_TLS_RAND_EXCH_NAME, &var_tls_rand_exch_name, 0, 0, -+ VAR_SMTPD_TLS_CERT_FILE, DEF_SMTPD_TLS_CERT_FILE, &var_smtpd_tls_cert_file, 0, 0, -+ VAR_SMTPD_TLS_KEY_FILE, DEF_SMTPD_TLS_KEY_FILE, &var_smtpd_tls_key_file, 0, 0, -+ VAR_SMTPD_TLS_DCERT_FILE, DEF_SMTPD_TLS_DCERT_FILE, &var_smtpd_tls_dcert_file, 0, 0, -+ VAR_SMTPD_TLS_DKEY_FILE, DEF_SMTPD_TLS_DKEY_FILE, &var_smtpd_tls_dkey_file, 0, 0, -+ VAR_SMTPD_TLS_CA_FILE, DEF_SMTPD_TLS_CA_FILE, &var_smtpd_tls_CAfile, 0, 0, -+ VAR_SMTPD_TLS_CA_PATH, DEF_SMTPD_TLS_CA_PATH, &var_smtpd_tls_CApath, 0, 0, -+ VAR_SMTPD_TLS_CLIST, DEF_SMTPD_TLS_CLIST, &var_smtpd_tls_cipherlist, 0, 0, -+ VAR_SMTPD_TLS_512_FILE, DEF_SMTPD_TLS_512_FILE, &var_smtpd_tls_dh512_param_file, 0, 0, -+ VAR_SMTPD_TLS_1024_FILE, DEF_SMTPD_TLS_1024_FILE, &var_smtpd_tls_dh1024_param_file, 0, 0, -+ VAR_SMTPD_TLS_SCACHE_DB, DEF_SMTPD_TLS_SCACHE_DB, &var_smtpd_tls_scache_db, 0, 0, -+ VAR_SMTP_TLS_CERT_FILE, DEF_SMTP_TLS_CERT_FILE, &var_smtp_tls_cert_file, 0, 0, -+ VAR_SMTP_TLS_KEY_FILE, DEF_SMTP_TLS_KEY_FILE, &var_smtp_tls_key_file, 0, 0, -+ VAR_SMTP_TLS_DCERT_FILE, DEF_SMTP_TLS_DCERT_FILE, &var_smtp_tls_dcert_file, 0, 0, -+ VAR_SMTP_TLS_DKEY_FILE, DEF_SMTP_TLS_DKEY_FILE, &var_smtp_tls_dkey_file, 0, 0, -+ VAR_SMTP_TLS_CA_FILE, DEF_SMTP_TLS_CA_FILE, &var_smtp_tls_CAfile, 0, 0, -+ VAR_SMTP_TLS_CA_PATH, DEF_SMTP_TLS_CA_PATH, &var_smtp_tls_CApath, 0, 0, -+ VAR_SMTP_TLS_CLIST, DEF_SMTP_TLS_CLIST, &var_smtp_tls_cipherlist, 0, 0, -+ VAR_SMTP_TLS_SCACHE_DB, DEF_SMTP_TLS_SCACHE_DB, &var_smtp_tls_scache_db, 0, 0, -+ VAR_TLS_DAEMON_RAND_SOURCE, DEF_TLS_DAEMON_RAND_SOURCE, &var_tls_daemon_rand_source, 0, 0, - 0, - }; - static CONFIG_STR_FN_TABLE function_str_defaults_2[] = { -@@ -489,6 +534,9 @@ - VAR_TOKEN_LIMIT, DEF_TOKEN_LIMIT, &var_token_limit, 1, 0, - VAR_MIME_MAXDEPTH, DEF_MIME_MAXDEPTH, &var_mime_maxdepth, 1, 0, - VAR_MIME_BOUND_LEN, DEF_MIME_BOUND_LEN, &var_mime_bound_len, 1, 0, -+ VAR_SMTPD_TLS_LOGLEVEL, DEF_SMTPD_TLS_LOGLEVEL, &var_smtpd_tls_loglevel, 0, 0, -+ VAR_SMTP_TLS_LOGLEVEL, DEF_SMTP_TLS_LOGLEVEL, &var_smtp_tls_loglevel, 0, 0, -+ VAR_TLS_DAEMON_RAND_BYTES, DEF_TLS_DAEMON_RAND_BYTES, &var_tls_daemon_rand_bytes, 0, 0, - 0, - }; - static CONFIG_TIME_TABLE time_defaults[] = { -@@ -499,6 +547,8 @@ - VAR_FORK_DELAY, DEF_FORK_DELAY, &var_fork_delay, 1, 0, - VAR_FLOCK_DELAY, DEF_FLOCK_DELAY, &var_flock_delay, 1, 0, - VAR_FLOCK_STALE, DEF_FLOCK_STALE, &var_flock_stale, 1, 0, -+ VAR_SMTPD_TLS_SCACHTIME, DEF_SMTPD_TLS_SCACHTIME, &var_smtpd_tls_scache_timeout, 0, 0, -+ VAR_SMTP_TLS_SCACHTIME, DEF_SMTP_TLS_SCACHTIME, &var_smtp_tls_scache_timeout, 0, 0, - VAR_DAEMON_TIMEOUT, DEF_DAEMON_TIMEOUT, &var_daemon_timeout, 1, 0, - VAR_IN_FLOW_DELAY, DEF_IN_FLOW_DELAY, &var_in_flow_delay, 0, 10, - 0, -diff -Pur postfix-1.1.11-20020822-orig/src/global/mail_params.h postfix-1.1.11-20020822/src/global/mail_params.h ---- postfix-1.1.11-20020822-orig/src/global/mail_params.h Tue Aug 20 18:40:14 2002 -+++ postfix-1.1.11-20020822/src/global/mail_params.h Sat Aug 24 00:08:59 2002 -@@ -458,6 +458,34 @@ - #define DEF_DUP_FILTER_LIMIT 1000 - extern int var_dup_filter_limit; - -+#define VAR_TLS_RAND_EXCH_NAME "tls_random_exchange_name" -+#define DEF_TLS_RAND_EXCH_NAME "${config_directory}/prng_exch" -+extern char *var_tls_rand_exch_name; -+ -+#define VAR_TLS_RAND_SOURCE "tls_random_source" -+#define DEF_TLS_RAND_SOURCE "" -+extern char *var_tls_rand_source; -+ -+#define VAR_TLS_RAND_BYTES "tls_random_bytes" -+#define DEF_TLS_RAND_BYTES 32 -+extern int var_tls_rand_bytes; -+ -+#define VAR_TLS_DAEMON_RAND_SOURCE "tls_daemon_random_source" -+#define DEF_TLS_DAEMON_RAND_SOURCE "" -+extern char *var_tls_daemon_rand_source; -+ -+#define VAR_TLS_DAEMON_RAND_BYTES "tls_daemon_random_bytes" -+#define DEF_TLS_DAEMON_RAND_BYTES 32 -+extern int var_tls_daemon_rand_bytes; -+ -+#define VAR_TLS_RESEED_PERIOD "tls_random_reseed_period" -+#define DEF_TLS_RESEED_PERIOD "3600s" -+extern int var_tls_reseed_period; -+ -+#define VAR_TLS_PRNG_UPD_PERIOD "tls_random_prng_update_period" -+#define DEF_TLS_PRNG_UPD_PERIOD "60s" -+extern int var_tls_prng_upd_period; -+ - /* - * Queue manager: relocated databases. - */ -@@ -682,6 +710,10 @@ - #define DEF_SMTP_HELO_TMOUT "300s" - extern int var_smtp_helo_tmout; - -+#define VAR_SMTP_STARTTLS_TMOUT "smtp_starttls_timeout" -+#define DEF_SMTP_STARTTLS_TMOUT "300s" -+extern int var_smtp_starttls_tmout; -+ - #define VAR_SMTP_MAIL_TMOUT "smtp_mail_timeout" - #define DEF_SMTP_MAIL_TMOUT "300s" - extern int var_smtp_mail_tmout; -@@ -738,6 +770,12 @@ - #define DEF_SMTP_BIND_ADDR "" - extern char *var_smtp_bind_addr; - -+#ifdef INET6 -+#define VAR_SMTP_BIND_ADDR6 "smtp_bind_address6" -+#define DEF_SMTP_BIND_ADDR6 "" -+extern char *var_smtp_bind_addr6; -+#endif -+ - #define VAR_SMTP_HELO_NAME "smtp_helo_name" - #define DEF_SMTP_HELO_NAME "$myhostname" - extern char *var_smtp_helo_name; -@@ -771,6 +809,10 @@ - #define DEF_SMTPD_TMOUT "300s" - extern int var_smtpd_tmout; - -+#define VAR_SMTPD_STARTTLS_TMOUT "smtpd_starttls_timeout" -+#define DEF_SMTPD_STARTTLS_TMOUT "300s" -+extern int var_smtpd_starttls_tmout; -+ - #define VAR_SMTPD_RCPT_LIMIT "smtpd_recipient_limit" - #define DEF_SMTPD_RCPT_LIMIT 1000 - extern int var_smtpd_rcpt_limit; -@@ -799,6 +841,150 @@ - #define DEF_SMTPD_NOOP_CMDS "" - extern char *var_smtpd_noop_cmds; - -+#define VAR_SMTPD_TLS_WRAPPER "smtpd_tls_wrappermode" -+#define DEF_SMTPD_TLS_WRAPPER 0 -+extern bool var_smtpd_tls_wrappermode; -+ -+#define VAR_SMTPD_USE_TLS "smtpd_use_tls" -+#define DEF_SMTPD_USE_TLS 0 -+extern bool var_smtpd_use_tls; -+ -+#define VAR_SMTPD_ENFORCE_TLS "smtpd_enforce_tls" -+#define DEF_SMTPD_ENFORCE_TLS 0 -+extern bool var_smtpd_enforce_tls; -+ -+#define VAR_SMTPD_TLS_AUTH_ONLY "smtpd_tls_auth_only" -+#define DEF_SMTPD_TLS_AUTH_ONLY 0 -+extern bool var_smtpd_tls_auth_only; -+ -+#define VAR_SMTPD_TLS_ACERT "smtpd_tls_ask_ccert" -+#define DEF_SMTPD_TLS_ACERT 0 -+extern bool var_smtpd_tls_ask_ccert; -+ -+#define VAR_SMTPD_TLS_RCERT "smtpd_tls_req_ccert" -+#define DEF_SMTPD_TLS_RCERT 0 -+extern bool var_smtpd_tls_req_ccert; -+ -+#define VAR_SMTPD_TLS_CCERT_VD "smtpd_tls_ccert_verifydepth" -+#define DEF_SMTPD_TLS_CCERT_VD 5 -+extern int var_smtpd_tls_ccert_vd; -+ -+#define VAR_SMTPD_TLS_CERT_FILE "smtpd_tls_cert_file" -+#define DEF_SMTPD_TLS_CERT_FILE "" -+extern char *var_smtpd_tls_cert_file; -+ -+#define VAR_SMTPD_TLS_KEY_FILE "smtpd_tls_key_file" -+#define DEF_SMTPD_TLS_KEY_FILE "$smtpd_tls_cert_file" -+extern char *var_smtpd_tls_key_file; -+ -+#define VAR_SMTPD_TLS_DCERT_FILE "smtpd_tls_dcert_file" -+#define DEF_SMTPD_TLS_DCERT_FILE "" -+extern char *var_smtpd_tls_dcert_file; -+ -+#define VAR_SMTPD_TLS_DKEY_FILE "smtpd_tls_dkey_file" -+#define DEF_SMTPD_TLS_DKEY_FILE "$smtpd_tls_dcert_file" -+extern char *var_smtpd_tls_dkey_file; -+ -+#define VAR_SMTPD_TLS_CA_FILE "smtpd_tls_CAfile" -+#define DEF_SMTPD_TLS_CA_FILE "" -+extern char *var_smtpd_tls_CAfile; -+ -+#define VAR_SMTPD_TLS_CA_PATH "smtpd_tls_CApath" -+#define DEF_SMTPD_TLS_CA_PATH "" -+extern char *var_smtpd_tls_CApath; -+ -+#define VAR_SMTPD_TLS_CLIST "smtpd_tls_cipherlist" -+#define DEF_SMTPD_TLS_CLIST "" -+extern char *var_smtpd_tls_cipherlist; -+ -+#define VAR_SMTPD_TLS_512_FILE "smtpd_tls_dh512_param_file" -+#define DEF_SMTPD_TLS_512_FILE "" -+extern char *var_smtpd_tls_dh512_param_file; -+ -+#define VAR_SMTPD_TLS_1024_FILE "smtpd_tls_dh1024_param_file" -+#define DEF_SMTPD_TLS_1024_FILE "" -+extern char *var_smtpd_tls_dh1024_param_file; -+ -+#define VAR_SMTPD_TLS_LOGLEVEL "smtpd_tls_loglevel" -+#define DEF_SMTPD_TLS_LOGLEVEL 0 -+extern int var_smtpd_tls_loglevel; -+ -+#define VAR_SMTPD_TLS_RECHEAD "smtpd_tls_received_header" -+#define DEF_SMTPD_TLS_RECHEAD 0 -+extern bool var_smtpd_tls_received_header; -+ -+#define VAR_SMTPD_TLS_SCACHE_DB "smtpd_tls_session_cache_database" -+#define DEF_SMTPD_TLS_SCACHE_DB "" -+extern char *var_smtpd_tls_scache_db; -+ -+#define VAR_SMTPD_TLS_SCACHTIME "smtpd_tls_session_cache_timeout" -+#define DEF_SMTPD_TLS_SCACHTIME "3600s" -+extern int var_smtpd_tls_scache_timeout; -+ -+#define VAR_SMTP_TLS_PER_SITE "smtp_tls_per_site" -+#define DEF_SMTP_TLS_PER_SITE "" -+extern char *var_smtp_tls_per_site; -+ -+#define VAR_SMTP_USE_TLS "smtp_use_tls" -+#define DEF_SMTP_USE_TLS 0 -+extern bool var_smtp_use_tls; -+ -+#define VAR_SMTP_ENFORCE_TLS "smtp_enforce_tls" -+#define DEF_SMTP_ENFORCE_TLS 0 -+extern bool var_smtp_enforce_tls; -+ -+#define VAR_SMTP_TLS_ENFORCE_PN "smtp_tls_enforce_peername" -+#define DEF_SMTP_TLS_ENFORCE_PN 1 -+extern bool var_smtp_tls_enforce_peername; -+ -+#define VAR_SMTP_TLS_SCERT_VD "smtp_tls_scert_verifydepth" -+#define DEF_SMTP_TLS_SCERT_VD 5 -+extern int var_smtp_tls_scert_vd; -+ -+#define VAR_SMTP_TLS_CERT_FILE "smtp_tls_cert_file" -+#define DEF_SMTP_TLS_CERT_FILE "" -+extern char *var_smtp_tls_cert_file; -+ -+#define VAR_SMTP_TLS_KEY_FILE "smtp_tls_key_file" -+#define DEF_SMTP_TLS_KEY_FILE "$smtp_tls_cert_file" -+extern char *var_smtp_tls_key_file; -+ -+#define VAR_SMTP_TLS_DCERT_FILE "smtp_tls_dcert_file" -+#define DEF_SMTP_TLS_DCERT_FILE "" -+extern char *var_smtp_tls_dcert_file; -+ -+#define VAR_SMTP_TLS_DKEY_FILE "smtp_tls_dkey_file" -+#define DEF_SMTP_TLS_DKEY_FILE "$smtp_tls_dcert_file" -+extern char *var_smtp_tls_dkey_file; -+ -+#define VAR_SMTP_TLS_CA_FILE "smtp_tls_CAfile" -+#define DEF_SMTP_TLS_CA_FILE "" -+extern char *var_smtp_tls_CAfile; -+ -+#define VAR_SMTP_TLS_CA_PATH "smtp_tls_CApath" -+#define DEF_SMTP_TLS_CA_PATH "" -+extern char *var_smtp_tls_CApath; -+ -+#define VAR_SMTP_TLS_CLIST "smtp_tls_cipherlist" -+#define DEF_SMTP_TLS_CLIST "" -+extern char *var_smtp_tls_cipherlist; -+ -+#define VAR_SMTP_TLS_LOGLEVEL "smtp_tls_loglevel" -+#define DEF_SMTP_TLS_LOGLEVEL 0 -+extern int var_smtp_tls_loglevel; -+ -+#define VAR_SMTP_TLS_NOTEOFFER "smtp_tls_note_starttls_offer" -+#define DEF_SMTP_TLS_NOTEOFFER 0 -+extern bool var_smtp_tls_note_starttls_offer; -+ -+#define VAR_SMTP_TLS_SCACHE_DB "smtp_tls_session_cache_database" -+#define DEF_SMTP_TLS_SCACHE_DB "" -+extern char *var_smtp_tls_scache_db; -+ -+#define VAR_SMTP_TLS_SCACHTIME "smtp_tls_session_cache_timeout" -+#define DEF_SMTP_TLS_SCACHTIME "3600s" -+extern int var_smtp_tls_scache_timeout; -+ - /* - * SASL authentication support, SMTP server side. - */ -@@ -957,6 +1143,16 @@ - #define DEF_LMTP_QUIT_TMOUT "300s" - extern int var_lmtp_quit_tmout; - -+#define VAR_LMTP_BIND_ADDR "lmtp_bind_address" -+#define DEF_LMTP_BIND_ADDR "" -+extern char *var_lmtp_bind_addr; -+ -+#ifdef INET6 -+#define VAR_LMTP_BIND_ADDR6 "lmtp_bind_address6" -+#define DEF_LMTP_BIND_ADDR6 "" -+extern char *var_lmtp_bind_addr6; -+#endif -+ - /* - * Cleanup service. Header info that exceeds $header_size_limit bytes forces - * the start of the message body. -@@ -1092,6 +1288,10 @@ - #define DEF_RELAY_DOMAINS "$mydestination" - extern char *var_relay_domains; - -+#define VAR_RELAY_CCERTS "relay_clientcerts" -+#define DEF_RELAY_CCERTS "" -+extern char *var_relay_ccerts; -+ - #define VAR_CLIENT_CHECKS "smtpd_client_restrictions" - #define DEF_CLIENT_CHECKS "" - extern char *var_client_checks; -@@ -1176,6 +1376,8 @@ - #define PERMIT_AUTH_DEST "permit_auth_destination" - #define REJECT_UNAUTH_DEST "reject_unauth_destination" - #define CHECK_RELAY_DOMAINS "check_relay_domains" -+#define PERMIT_TLS_CLIENTCERTS "permit_tls_clientcerts" -+#define PERMIT_TLS_ALL_CLIENTCERTS "permit_tls_all_clientcerts" - #define VAR_RELAY_CODE "relay_domains_reject_code" - #define DEF_RELAY_CODE 554 - extern int var_relay_code; -diff -Pur postfix-1.1.11-20020822-orig/src/global/mail_proto.h postfix-1.1.11-20020822/src/global/mail_proto.h ---- postfix-1.1.11-20020822-orig/src/global/mail_proto.h Thu Aug 22 15:06:04 2002 -+++ postfix-1.1.11-20020822/src/global/mail_proto.h Sat Aug 24 00:08:59 2002 -@@ -34,6 +34,7 @@ - #define MAIL_SERVICE_LOCAL "local" - #define MAIL_SERVICE_PICKUP "pickup" - #define MAIL_SERVICE_QUEUE "qmgr" -+#define MAIL_SERVICE_TLSMGR "tlsmgr" - #define MAIL_SERVICE_RESOLVE "resolve" - #define MAIL_SERVICE_REWRITE "rewrite" - #define MAIL_SERVICE_VIRTUAL "virtual" -diff -Pur postfix-1.1.11-20020822-orig/src/global/mynetworks.c postfix-1.1.11-20020822/src/global/mynetworks.c ---- postfix-1.1.11-20020822-orig/src/global/mynetworks.c Sun Feb 25 02:46:07 2001 -+++ postfix-1.1.11-20020822/src/global/mynetworks.c Sat Aug 24 00:08:59 2002 -@@ -50,6 +50,11 @@ - #include <vstring.h> - #include <inet_addr_list.h> - #include <name_mask.h> -+#ifdef INET6 -+#include <sys/socket.h> -+#include <netinet/in.h> -+#include <netdb.h> -+#endif - - /* Global library. */ - -@@ -75,6 +80,9 @@ - const char *mynetworks(void) - { - static VSTRING *result; -+#ifdef INET6 -+ char hbuf[NI_MAXHOST]; -+#endif - - if (result == 0) { - char *myname = "mynetworks"; -@@ -87,6 +95,9 @@ - int junk; - int i; - int mask_style; -+#ifdef INET6 -+ struct sockaddr *sa; -+#endif - - mask_style = name_mask("mynetworks mask style", mask_styles, - var_mynetworks_style); -@@ -96,8 +107,19 @@ - my_mask_list = own_inet_mask_list(); - - for (i = 0; i < my_addr_list->used; i++) { -+#ifdef INET6 -+ sa = (struct sockaddr *)&my_addr_list->addrs[i]; -+ if (sa->sa_family != AF_INET) { -+ if (sa->sa_family == AF_INET6) -+ vstring_sprintf_append(result, "XAATODOmynetworks "); -+ continue; -+ } -+ addr = ntohl(((struct sockaddr_in *)sa)->sin_addr.s_addr); -+ mask = ntohl(((struct sockaddr_in *)&my_mask_list->addrs[i])->sin_addr.s_addr); -+#else - addr = ntohl(my_addr_list->addrs[i].s_addr); - mask = ntohl(my_mask_list->addrs[i].s_addr); -+#endif - - switch (mask_style) { - -@@ -119,8 +141,15 @@ - mask = IN_CLASSD_NET; - shift = IN_CLASSD_NSHIFT; - } else { -+#ifdef INET6 -+ if (getnameinfo(sa, SA_LEN(sa), hbuf, sizeof(hbuf), NULL, 0, -+ NI_NUMERICHOST)) -+ strncpy(hbuf, "???", sizeof(hbuf)); -+ msg_fatal("%s: bad address class: %s", myname, hbuf); -+#else - msg_fatal("%s: bad address class: %s", - myname, inet_ntoa(my_addr_list->addrs[i])); -+#endif - } - break; - -diff -Pur postfix-1.1.11-20020822-orig/src/global/own_inet_addr.c postfix-1.1.11-20020822/src/global/own_inet_addr.c ---- postfix-1.1.11-20020822-orig/src/global/own_inet_addr.c Tue Jul 31 20:38:29 2001 -+++ postfix-1.1.11-20020822/src/global/own_inet_addr.c Sat Aug 24 00:08:59 2002 -@@ -39,6 +39,10 @@ - #include <netinet/in.h> - #include <arpa/inet.h> - #include <string.h> -+#ifdef INET6 -+#include <sys/socket.h> -+#include <netdb.h> -+#endif - - #ifdef STRCASECMP_IN_STRINGS_H - #include <strings.h> -@@ -101,10 +105,11 @@ - */ - else { - bufp = hosts = mystrdup(var_inet_interfaces); -- while ((host = mystrtok(&bufp, sep)) != 0) -+ while ((host = mystrtok(&bufp, sep)) != 0) { - if (inet_addr_host(addr_list, host) == 0) - msg_fatal("config variable %s: host not found: %s", - VAR_INET_INTERFACES, host); -+ } - myfree(hosts); - - /* -@@ -121,15 +126,39 @@ - msg_fatal("could not find any active network interfaces"); - for (nvirtual = 0; nvirtual < addr_list->used; nvirtual++) { - for (nlocal = 0; /* see below */ ; nlocal++) { -- if (nlocal >= local_addrs.used) -+ if (nlocal >= local_addrs.used) { -+#ifdef INET6 -+ char hbuf[NI_MAXHOST]; -+ if (getnameinfo((struct sockaddr *)&addr_list->addrs[nvirtual], -+ SS_LEN(addr_list->addrs[nvirtual]), hbuf, -+ sizeof(hbuf), NULL, 0, NI_NUMERICHOST) != 0) -+ strncpy(hbuf, "???", sizeof(hbuf)); -+ msg_fatal("parameter %s: no local interface found for %s", -+ VAR_INET_INTERFACES, hbuf); -+#else - msg_fatal("parameter %s: no local interface found for %s", - VAR_INET_INTERFACES, - inet_ntoa(addr_list->addrs[nvirtual])); -+#endif -+ } -+#ifdef INET6 -+ if (addr_list->addrs[nvirtual].ss_family == -+ local_addrs.addrs[nlocal].ss_family && -+ SS_LEN(addr_list->addrs[nvirtual]) == -+ SS_LEN(local_addrs.addrs[nlocal]) && -+ memcmp(&addr_list->addrs[nvirtual], -+ &local_addrs.addrs[nlocal], -+ SS_LEN(local_addrs.addrs[nlocal])) == 0) { -+ inet_addr_list_append(mask_list, (struct sockaddr *)&local_masks.addrs[nlocal]); -+ break; -+ } -+#else - if (addr_list->addrs[nvirtual].s_addr - == local_addrs.addrs[nlocal].s_addr) { - inet_addr_list_append(mask_list, &local_masks.addrs[nlocal]); - break; - } -+#endif - } - } - inet_addr_list_free(&local_addrs); -@@ -139,6 +168,42 @@ - - /* own_inet_addr - is this my own internet address */ - -+#ifdef INET6 -+int own_inet_addr(struct sockaddr * addr) -+{ -+ int i; -+ char *p, *q; -+ int l; -+ struct sockaddr *sa; -+ -+ if (addr_list.used == 0) -+ own_inet_addr_init(&addr_list, &mask_list); -+ -+ for (i = 0; i < addr_list.used; i++) { -+ sa = (struct sockaddr *)&addr_list.addrs[i]; -+ if (addr->sa_family != sa->sa_family) -+ continue; -+ switch (addr->sa_family) { -+ case AF_INET: -+ p = (char *)&((struct sockaddr_in *)addr)->sin_addr; -+ q = (char *)&((struct sockaddr_in *)&addr_list.addrs[i])->sin_addr; -+ l = sizeof(struct in_addr); -+ break; -+ case AF_INET6: -+ /* XXX scope */ -+ p = (char *)&((struct sockaddr_in6 *)addr)->sin6_addr; -+ q = (char *)&((struct sockaddr_in6 *)&addr_list.addrs[i])->sin6_addr; -+ l = sizeof(struct in6_addr); -+ break; -+ default: -+ continue; -+ } -+ if (memcmp(p, q, l) == 0) -+ return (1); -+ } -+ return (0); -+} -+#else - int own_inet_addr(struct in_addr * addr) - { - int i; -@@ -149,8 +214,8 @@ - for (i = 0; i < addr_list.used; i++) - if (addr->s_addr == addr_list.addrs[i].s_addr) - return (1); -- return (0); - } -+#endif - - /* own_inet_addr_list - return list of addresses */ - -diff -Pur postfix-1.1.11-20020822-orig/src/global/own_inet_addr.h postfix-1.1.11-20020822/src/global/own_inet_addr.h ---- postfix-1.1.11-20020822-orig/src/global/own_inet_addr.h Sat Feb 24 02:25:32 2001 -+++ postfix-1.1.11-20020822/src/global/own_inet_addr.h Sat Aug 24 00:08:59 2002 -@@ -15,11 +15,18 @@ - * System library. - */ - #include <netinet/in.h> -+#ifdef INET6 -+#include <sys/socket.h> -+#endif - - /* - * External interface. - */ -+#ifdef INET6 -+extern int own_inet_addr(struct sockaddr *); -+#else - extern int own_inet_addr(struct in_addr *); -+#endif - extern struct INET_ADDR_LIST *own_inet_addr_list(void); - extern struct INET_ADDR_LIST *own_inet_mask_list(void); - -diff -Pur postfix-1.1.11-20020822-orig/src/global/peer_name.c postfix-1.1.11-20020822/src/global/peer_name.c ---- postfix-1.1.11-20020822-orig/src/global/peer_name.c Sun Jan 28 16:23:02 2001 -+++ postfix-1.1.11-20020822/src/global/peer_name.c Sat Aug 24 00:08:59 2002 -@@ -69,12 +69,32 @@ - PEER_NAME *peer_name(int sock) - { - static PEER_NAME peer; -- struct sockaddr_in sin; -- SOCKADDR_SIZE len = sizeof(sin); -+ union sockunion { -+ struct { -+ u_char si_len; -+ u_char si_family; -+ u_short si_port; -+ } su_si; -+ struct sockaddr peer_un; -+ struct sockaddr_in peer_un4; -+#ifdef INET6 -+ struct sockaddr_in6 peer_un6; -+#endif -+ } p_un; -+#define sun p_un.peer_un -+#define sin p_un.peer_un4 -+#ifdef INET6 -+#define sin6 p_un.peer_un6 -+ static char hbuf[NI_MAXHOST]; -+ static char abuf[NI_MAXHOST]; -+#else - struct hostent *hp; -+#endif -+ SOCKADDR_SIZE len = sizeof(p_un); - -- if (getpeername(sock, (struct sockaddr *) & sin, &len) == 0) { -- switch (sin.sin_family) { -+ if (getpeername(sock, (struct sockaddr *)&p_un, &len) == 0) { -+ switch (p_un.peer_un.sa_family) { -+#ifndef INET6 - case AF_INET: - peer.type = PEER_TYPE_INET; - hp = gethostbyaddr((char *) &(sin.sin_addr), -@@ -83,6 +103,24 @@ - hp->h_name : "unknown"); - peer.addr = inet_ntoa(sin.sin_addr); - return (&peer); -+#else -+ case AF_INET: -+ peer.type = PEER_TYPE_INET; -+ if (getnameinfo(&sun, len, hbuf, sizeof(hbuf), NULL, 0, NI_NAMEREQD) != 0) -+ peer.name = "unknown"; -+ else -+ peer.name = hbuf; -+ peer.addr = abuf; -+ return (&peer); -+ case AF_INET6: -+ peer.type = PEER_TYPE_INET6; -+ if (getnameinfo(&sun, len, hbuf, sizeof(hbuf), NULL, 0, NI_NAMEREQD) != 0) -+ peer.name = "unknown"; -+ else -+ peer.name = hbuf; -+ peer.addr = abuf; -+ return (&peer); -+#endif - case AF_UNSPEC: - case AF_UNIX: - peer.type = PEER_TYPE_LOCAL; -diff -Pur postfix-1.1.11-20020822-orig/src/global/peer_name.h postfix-1.1.11-20020822/src/global/peer_name.h ---- postfix-1.1.11-20020822-orig/src/global/peer_name.h Fri Dec 11 19:55:32 1998 -+++ postfix-1.1.11-20020822/src/global/peer_name.h Sat Aug 24 00:08:59 2002 -@@ -22,6 +22,9 @@ - #define PEER_TYPE_UNKNOWN 0 - #define PEER_TYPE_INET 1 - #define PEER_TYPE_LOCAL 2 -+#ifdef INET6 -+#define PEER_TYPE_INET6 3 -+#endif - - extern PEER_NAME *peer_name(int); - -diff -Pur postfix-1.1.11-20020822-orig/src/global/pfixtls.c postfix-1.1.11-20020822/src/global/pfixtls.c ---- postfix-1.1.11-20020822-orig/src/global/pfixtls.c Thu Jan 1 01:00:00 1970 -+++ postfix-1.1.11-20020822/src/global/pfixtls.c Sat Aug 24 00:08:59 2002 -@@ -0,0 +1,2742 @@ -+/*++ -+/* NAME -+/* pfixtls -+/* SUMMARY -+/* interface to openssl routines -+/* SYNOPSIS -+/* #include <pfixtls.h> -+/* -+/* const long scache_db_version; -+/* const long openssl_version; -+/* -+/* int pfixtls_serverengine; -+/* -+/* int pfixtls_clientengine; -+/* -+/* int pfixtls_timed_read(fd, buf, len, timeout, unused_context) -+/* int fd; -+/* void *buf; -+/* unsigned len; -+/* int timeout; -+/* void *context; -+/* -+/* int pfixtls_timed_write(fd, buf, len, timeout, unused_context); -+/* int fd; -+/* void *buf; -+/* unsigned len; -+/* int timeout; -+/* void *context; -+/* -+/* int pfixtls_init_serverengine(verifydepth, askcert); -+/* int verifydepth; -+/* int askcert; -+/* -+/* int pfixtls_start_servertls(stream, timeout, peername, peeraddr, -+/* tls_info, requirecert); -+/* VSTREAM *stream; -+/* int timeout; -+/* const char *peername; -+/* const char *peeraddr; -+/* tls_info_t *tls_info; -+/* int requirecert; -+/* -+/* int pfixtls_stop_servertls(stream, failure, tls_info); -+/* VSTREAM *stream; -+/* int failure; -+/* tls_info_t *tls_info; -+/* -+/* int pfixtls_init_clientengine(verifydepth); -+/* int verifydepth; -+/* -+/* int pfixtls_start_clienttls(stream, timeout, peername, peeraddr, -+/* tls_info); -+/* VSTREAM *stream; -+/* int timeout; -+/* const char *peername; -+/* const char *peeraddr; -+/* tls_info_t *tls_info; -+/* -+/* int pfixtls_stop_clienttls(stream, failure, tls_info); -+/* VSTREAM *stream; -+/* int failure; -+/* tls_info_t *tls_info; -+/* -+/* DESCRIPTION -+/* This module is the interface between Postfix and the OpenSSL library. -+/* -+/* pfixtls_timed_read() reads the requested number of bytes calling -+/* SSL_read(). pfixtls_time_read() will only be called indirect -+/* as a VSTREAM_FN function. -+/* pfixtls_timed_write() is the corresponding write function. -+/* -+/* pfixtls_init_serverengine() is called once when smtpd is started -+/* in order to initialize as much of the TLS stuff as possible. -+/* The certificate handling is also decided during the setup phase, -+/* so that a peer specific handling is not possible. -+/* -+/* pfixtls_init_clientengine() is the corresponding function called -+/* in smtp. Here we take the peer's (server's) certificate in any -+/* case. -+/* -+/* pfixtls_start_servertls() activates the TLS feature for the VSTREAM -+/* passed as argument. We expect that all buffers are flushed and the -+/* TLS handshake can begin immediately. Information about the peer -+/* is stored into the tls_info structure passed as argument. -+/* -+/* pfixtls_stop_servertls() sends the "close notify" alert via -+/* SSL_shutdown() to the peer and resets all connection specific -+/* TLS data. As RFC2487 does not specify a seperate shutdown, it -+/* is supposed that the underlying TCP connection is shut down -+/* immediately afterwards, so we don't care about additional data -+/* coming through the channel. -+/* If the failure flag is set, the session is cleared from the cache. -+/* -+/* pfixtls_start_clienttls() and pfixtls_stop_clienttls() are the -+/* corresponding functions for smtp. -+/* -+/* Once the TLS connection is initiated, information about the TLS -+/* state is available via the tls_info structure: -+/* protocol holds the protocol name (SSLv2, SSLv3, TLSv1), -+/* tls_info->cipher_name the cipher name (e.g. RC4/MD5), -+/* tls_info->cipher_usebits the number of bits actually used (e.g. 40), -+/* tls_info->cipher_algbits the number of bits the algorithm is based on -+/* (e.g. 128). -+/* The last two values may be different when talking to a crippled -+/* - ahem - export controled peer (e.g. 40/128). -+/* -+/* The status of the peer certificate verification is available in -+/* pfixtls_peer_verified. It is set to 1, when the certificate could -+/* be verified. -+/* If the peer offered a certifcate, part of the certificate data are -+/* available as: -+/* tls_info->peer_subject X509v3-oneline with the DN of the peer -+/* tls_info->peer_CN extracted CommonName of the peer -+/* tls_info->peer_issuer X509v3-oneline with the DN of the issuer -+/* tls_info->peer_CN extracted CommonName of the issuer -+/* tls_info->PEER_FINGERPRINT fingerprint of the certificate -+/* -+/* DESCRIPTION (SESSION CACHING) -+/* In order to achieve high performance when using a lot of connections -+/* with TLS, session caching is implemented. It reduces both the CPU load -+/* (less cryptograpic operations) and the network load (the amount of -+/* certificate data exchanged is reduced). -+/* Since postfix uses a setup of independent processes for receiving -+/* and sending email, the processes must exchange the session information. -+/* Several connections at the same time between the identical peers can -+/* occur, so uniqueness and race conditions have to be taken into -+/* account. -+/* I have checked both Apache-SSL (Ben Laurie), using a seperate "gcache" -+/* process and Apache mod_ssl (Ralf S. Engelshall), using shared memory -+/* between several identical processes spawned from one parent. -+/* -+/* Postfix/TLS uses a database approach based on the internal "dict" -+/* interface. Since the session cache information is approximately -+/* 1300 bytes binary data, it will not fit into the dbm/ndbm model. -+/* It also needs write access to the database, ruling out most other -+/* interface, leaving Berkeley DB, which however cannot handle concurrent -+/* access by several processes. Hence a modified SDBM (public domain DBM) -+/* with enhanced buffer size is used and concurrent write capability -+/* is used. SDBM is part of Postfix/TLS. -+/* -+/* Realization: -+/* Both (client and server) session cache are realized by individual -+/* cache databases. A common database would not make sense, since the -+/* key criteria are different (session ID for server, peername for -+/* client). -+/* -+/* Server side: -+/* Session created by OpenSSL have a 32 byte session id, yielding a -+/* 64 char file name. I consider these sessions to be unique. If they -+/* are not, the last session will win, overwriting the older one in -+/* the database. Remember: everything that is lost is a temporary -+/* information and not more than a renegotiation will happen. -+/* Originating from the same client host, several sessions can come -+/* in (e.g. from several users sending mail with Netscape at the same -+/* time), so the session id is the correct identifier; the hostname -+/* is of no importance, here. -+/* -+/* Client side: -+/* We cannot recall sessions based on their session id, because we would -+/* have to check every session on disk for a matching server name, so -+/* the lookup has to be done based on the FQDN of the peer (receiving -+/* host). -+/* With regard to uniqueness, we might experience several open connections -+/* to the same server at the same time. This is even very likely to -+/* happen, since we might have several mails for the same destination -+/* in the queue, when a queue run is started. So several smtp's might -+/* negotiate sessions at the same time. We can however only save one -+/* session for one host. -+/* Like on the server side, the "last write" wins. The reason is -+/* quite simple. If we don't want to overwrite old sessions, an old -+/* session file will just stay in place until it is expired. In the -+/* meantime we would lose "fresh" session however. So we will keep the -+/* fresh one instead to avoid unnecessary renegotiations. -+/* -+/* Session lifetime: -+/* RFC2246 recommends a session lifetime of less than 24 hours. The -+/* default is 300 seconds (5 minutes) for OpenSSL and is also used -+/* this way in e.g. mod_ssl. The typical usage for emails might be -+/* humans typing in emails and sending them, which might take just -+/* a while, so I think 3600 seconds (1 hour) is a good compromise. -+/* If the environment is save (the cached session contains secret -+/* key data), one might even consider using a longer timeout. Anyway, -+/* since everlasting sessions must be avoided, the session timeout -+/* is done based on the creation date of the session and so each -+/* session will timeout eventually. -+/* -+/* Connection failures: -+/* RFC2246 requires us to remove sessions if something went wrong. -+/* Since the in-memory session cache of other smtp[d] processes cannot -+/* be controlled by simple means, we completely rely on the disc -+/* based session caching and remove all sessions from memory after -+/* connection closure. -+/* -+/* Cache cleanup: -+/* Since old entries have to be removed from the session cache, a -+/* cleanup process is needed that runs through the collected session -+/* files on regular basis. The task is performed by tlsmgr based on -+/* the timestamp created by pfixtls and included in the saved session, -+/* so that tlsmgr has not to care about the SSL_SESSION internal data. -+/* -+/* BUGS -+/* The memory allocation policy of the OpenSSL library is not well -+/* documented, especially when loading sessions from disc. Hence there -+/* might be memory leaks. -+/* -+/* LICENSE -+/* AUTHOR(S) -+/* Lutz Jaenicke -+/* BTU Cottbus -+/* Allgemeine Elektrotechnik -+/* Universitaetsplatz 3-4 -+/* D-03044 Cottbus, Germany -+/*--*/ -+ -+/* System library. */ -+ -+#include <sys_defs.h> -+#include <sys/types.h> -+#include <sys/stat.h> -+#include <sys/time.h> /* gettimeofday, not in POSIX */ -+#include <unistd.h> -+#include <stdio.h> -+#include <string.h> -+#include <errno.h> -+#include <ctype.h> -+ -+/* Utility library. */ -+ -+#include <iostuff.h> -+#include <mymalloc.h> -+#include <vstring.h> -+#include <vstream.h> -+#include <dict.h> -+#include <myflock.h> -+#include <stringops.h> -+#include <msg.h> -+#include <connect.h> -+ -+/* Application-specific. */ -+ -+#include "mail_params.h" -+#include "pfixtls.h" -+ -+#define STR vstring_str -+ -+const tls_info_t tls_info_zero = { -+ 0, NULL, NULL, NULL, NULL, NULL, NULL, NULL, 0, 0 -+}; -+ -+#ifdef HAS_SSL -+ -+/* OpenSSL library. */ -+ -+#include <openssl/lhash.h> -+#include <openssl/bn.h> -+#include <openssl/err.h> -+#include <openssl/pem.h> -+#include <openssl/x509.h> -+#include <openssl/rand.h> -+#include <openssl/ssl.h> -+ -+/* We must keep some of the info available */ -+static const char hexcodes[] = "0123456789ABCDEF"; -+ -+/* -+ * When saving sessions, we want to make sure, that the lenght of the key -+ * is somehow limited. When saving client sessions, the hostname is used -+ * as key. According to HP-UX 10.20, MAXHOSTNAMELEN=64. Maybe new standards -+ * will increase this value, but as this will break compatiblity with existing -+ * implementations, we won't see this for long. We therefore choose a limit -+ * of 64 bytes. -+ * The length of the (TLS) session id can be up to 32 bytes according to -+ * RFC2246, so it fits well into the 64bytes limit. -+ */ -+#define ID_MAXLENGTH 64 /* Max ID length in bytes */ -+ -+/* -+ * The session_id_context is set, such that the client knows which services -+ * on a host share the same session information (on the postfix host may -+ * as well run a TLS-enabled webserver. -+ */ -+static char server_session_id_context[] = "Postfix/TLS"; /* anything will do */ -+static int TLScontext_index = -1; -+static int TLSpeername_index = -1; -+static int do_dump = 0; -+static DH *dh_512 = NULL, *dh_1024 = NULL; -+static SSL_CTX *ctx = NULL; -+ -+static int rand_exch_fd = -1; -+ -+static DICT *scache_db = NULL; -+const long scache_db_version = 0x00000003L; -+const long openssl_version = OPENSSL_VERSION_NUMBER; -+ -+ -+int pfixtls_serverengine = 0; -+static int pfixtls_serveractive = 0; /* available or not */ -+ -+int pfixtls_clientengine = 0; -+static int pfixtls_clientactive = 0; /* available or not */ -+ -+/* -+ * Define a maxlength for certificate onelines. The length is checked by -+ * all routines when copying. -+ */ -+#define CCERT_BUFSIZ 256 -+ -+typedef struct { -+ SSL *con; -+ BIO *internal_bio; /* postfix/TLS side of pair */ -+ BIO *network_bio; /* netsork side of pair */ -+ char peer_subject[CCERT_BUFSIZ]; -+ char peer_issuer[CCERT_BUFSIZ]; -+ char peer_CN[CCERT_BUFSIZ]; -+ char issuer_CN[CCERT_BUFSIZ]; -+ unsigned char md[EVP_MAX_MD_SIZE]; -+ char fingerprint[EVP_MAX_MD_SIZE * 3]; -+ char peername_save[129]; -+ int enforce_verify_errors; -+ int enforce_CN; -+} TLScontext_t; -+ -+typedef struct { -+ int pid; -+ struct timeval tv; -+} randseed_t; -+ -+static randseed_t randseed; -+ -+/* -+ * Finally some "backup" DH-Parameters to be loaded, if no parameters are -+ * explicitely loaded from file. -+ */ -+static unsigned char dh512_p[] = { -+ 0x88, 0x3F, 0x00, 0xAF, 0xFC, 0x0C, 0x8A, 0xB8, 0x35, 0xCD, 0xE5, 0xC2, -+ 0x0F, 0x55, 0xDF, 0x06, 0x3F, 0x16, 0x07, 0xBF, 0xCE, 0x13, 0x35, 0xE4, -+ 0x1C, 0x1E, 0x03, 0xF3, 0xAB, 0x17, 0xF6, 0x63, 0x50, 0x63, 0x67, 0x3E, -+ 0x10, 0xD7, 0x3E, 0xB4, 0xEB, 0x46, 0x8C, 0x40, 0x50, 0xE6, 0x91, 0xA5, -+ 0x6E, 0x01, 0x45, 0xDE, 0xC9, 0xB1, 0x1F, 0x64, 0x54, 0xFA, 0xD9, 0xAB, -+ 0x4F, 0x70, 0xBA, 0x5B, -+}; -+ -+static unsigned char dh512_g[] = { -+ 0x02, -+}; -+ -+static unsigned char dh1024_p[] = { -+ 0xB0, 0xFE, 0xB4, 0xCF, 0xD4, 0x55, 0x07, 0xE7, 0xCC, 0x88, 0x59, 0x0D, -+ 0x17, 0x26, 0xC5, 0x0C, 0xA5, 0x4A, 0x92, 0x23, 0x81, 0x78, 0xDA, 0x88, -+ 0xAA, 0x4C, 0x13, 0x06, 0xBF, 0x5D, 0x2F, 0x9E, 0xBC, 0x96, 0xB8, 0x51, -+ 0x00, 0x9D, 0x0C, 0x0D, 0x75, 0xAD, 0xFD, 0x3B, 0xB1, 0x7E, 0x71, 0x4F, -+ 0x3F, 0x91, 0x54, 0x14, 0x44, 0xB8, 0x30, 0x25, 0x1C, 0xEB, 0xDF, 0x72, -+ 0x9C, 0x4C, 0xF1, 0x89, 0x0D, 0x68, 0x3F, 0x94, 0x8E, 0xA4, 0xFB, 0x76, -+ 0x89, 0x18, 0xB2, 0x91, 0x16, 0x90, 0x01, 0x99, 0x66, 0x8C, 0x53, 0x81, -+ 0x4E, 0x27, 0x3D, 0x99, 0xE7, 0x5A, 0x7A, 0xAF, 0xD5, 0xEC, 0xE2, 0x7E, -+ 0xFA, 0xED, 0x01, 0x18, 0xC2, 0x78, 0x25, 0x59, 0x06, 0x5C, 0x39, 0xF6, -+ 0xCD, 0x49, 0x54, 0xAF, 0xC1, 0xB1, 0xEA, 0x4A, 0xF9, 0x53, 0xD0, 0xDF, -+ 0x6D, 0xAF, 0xD4, 0x93, 0xE7, 0xBA, 0xAE, 0x9B, -+}; -+ -+static unsigned char dh1024_g[] = { -+ 0x02, -+}; -+ -+/* -+ * DESCRIPTION: Keeping control of the network interface using BIO-pairs. -+ * -+ * When the TLS layer is active, all input/output must be filtered through -+ * it. On the other hand to handle timeout conditions, full control over -+ * the network socket must be kept. This rules out the "normal way" of -+ * connecting the TLS layer directly to the socket. -+ * The TLS layer is realized with a BIO-pair: -+ * -+ * postfix | TLS-engine -+ * | | -+ * +--------> SSL_operations() -+ * | /\ || -+ * | || \/ -+ * | BIO-pair (internal_bio) -+ * +--------< BIO-pair (network_bio) -+ * | | -+ * socket | -+ * -+ * The normal postfix operations connect to the SSL operations to send -+ * and retrieve (cleartext) data. Inside the TLS-engine the data are converted -+ * to/from TLS protocol. The TLS functionality itself is only connected to -+ * the internal_bio and hence only has status information about this internal -+ * interface. -+ * Thus, if the SSL_operations() return successfully (SSL_ERROR_NONE) or want -+ * to read (SSL_ERROR_WANT_READ) there may as well be data inside the buffering -+ * BIO-pair. So whenever an SSL_operation() returns without a fatal error, -+ * the BIO-pair internal buffer must be flushed to the network. -+ * NOTE: This is especially true in the SSL_ERROR_WANT_READ case: the TLS-layer -+ * might want to read handshake data, that will never come since its own -+ * written data will only reach the peer after flushing the buffer! -+ * -+ * The BIO-pair buffer size has been set to 8192 bytes, this is an arbitrary -+ * value that can hold more data than the typical PMTU, so that it does -+ * not force the generation of packets smaller than necessary. -+ * It is also larger than the default VSTREAM_BUFSIZE (4096, see vstream.h), -+ * so that large write operations could be handled within one call. -+ * The internal buffer in the network/network_bio handling layer has been -+ * set to the same value, since this seems to be reasonable. The code is -+ * however able to handle arbitrary values smaller or larger than the -+ * buffer size in the BIO-pair. -+ */ -+ -+const ssize_t BIO_bufsiz = 8192; -+ -+/* -+ * The interface layer between network and BIO-pair. The BIO-pair buffers -+ * the data to/from the TLS layer. Hence, at any time, there may be data -+ * in the buffer that must be written to the network. This writing has -+ * highest priority because the handshake might fail otherwise. -+ * Only then a read_request can be satisfied. -+ */ -+static int network_biopair_interop(int fd, int timeout, BIO *network_bio) -+{ -+ int want_write; -+ int num_write; -+ int write_pos; -+ int from_bio; -+ int want_read; -+ int num_read; -+ int to_bio; -+#define NETLAYER_BUFFERSIZE 8192 -+ char buffer[8192]; -+ -+ while ((want_write = BIO_ctrl_pending(network_bio)) > 0) { -+ if (want_write > NETLAYER_BUFFERSIZE) -+ want_write = NETLAYER_BUFFERSIZE; -+ from_bio = BIO_read(network_bio, buffer, want_write); -+ -+ /* -+ * Write the complete contents of the buffer. Since TLS performs -+ * underlying handshaking, we cannot afford to leave the buffer -+ * unflushed, as we could run into a deadlock trap (the peer -+ * waiting for a final byte and we already waiting for his reply -+ * in read position). -+ */ -+ write_pos = 0; -+ do { -+ if (timeout > 0 && write_wait(fd, timeout) < 0) -+ return (-1); -+ num_write = write(fd, buffer + write_pos, from_bio - write_pos); -+ if (num_write <= 0) -+ return (-1); /* something happened to the socket */ -+ write_pos += num_write; -+ } while (write_pos < from_bio); -+ } -+ -+ while ((want_read = BIO_ctrl_get_read_request(network_bio)) > 0) { -+ if (want_read > NETLAYER_BUFFERSIZE) -+ want_read = NETLAYER_BUFFERSIZE; -+ if (timeout > 0 && read_wait(fd, timeout) < 0) -+ return (-1); -+ num_read = read(fd, buffer, want_read); -+ if (num_read <= 0) -+ return (-1); /* something happened to the socket */ -+ to_bio = BIO_write(network_bio, buffer, num_read); -+ if (to_bio != num_read) -+ msg_fatal("to_bio != num_read"); -+ } -+ -+ return (0); -+} -+ -+static void pfixtls_print_errors(void); -+ -+ /* -+ * Function to perform the handshake for SSL_accept(), SSL_connect(), -+ * and SSL_shutdown() and perform the SSL_read(), SSL_write() operations. -+ * Call the underlying network_biopair_interop-layer to make sure the -+ * write buffer is flushed after every operation (that did not fail with -+ * a fatal error). -+ */ -+static int do_tls_operation(int fd, int timeout, TLScontext_t *TLScontext, -+ int (*hsfunc)(SSL *), -+ int (*rfunc)(SSL *, void *, int), -+ int (*wfunc)(SSL *, const void *, int), -+ char *buf, int num) -+{ -+ int status; -+ int err; -+ int retval = 0; -+ int biop_retval; -+ int done = 0; -+ -+ while (!done) { -+ if (hsfunc) -+ status = hsfunc(TLScontext->con); -+ else if (rfunc) -+ status = rfunc(TLScontext->con, buf, num); -+ else -+ status = wfunc(TLScontext->con, (const char *)buf, num); -+ err = SSL_get_error(TLScontext->con, status); -+ -+#if (OPENSSL_VERSION_NUMBER <= 0x0090581fL) -+ /* -+ * There is a bug up to and including OpenSSL-0.9.5a: if an error -+ * occurs while checking the peers certificate due to some certificate -+ * error (e.g. as happend with a RSA-padding error), the error is put -+ * onto the error stack. If verification is not enforced, this error -+ * should be ignored, but the error-queue is not cleared, so we -+ * can find this error here. The bug has been fixed on May 28, 2000. -+ * -+ * This bug so far has only manifested as -+ * 4800:error:0407006A:rsa routines:RSA_padding_check_PKCS1_type_1:block type is not 01:rsa_pk1.c:100: -+ * 4800:error:04067072:rsa routines:RSA_EAY_PUBLIC_DECRYPT:padding check failed:rsa_eay.c:396: -+ * 4800:error:0D079006:asn1 encoding routines:ASN1_verify:bad get asn1 object call:a_verify.c:109: -+ * so that we specifically test for this error. We print the errors -+ * to the logfile and automatically clear the error queue. Then we -+ * retry to get another error code. We cannot do better, since we -+ * can only retrieve the last entry of the error-queue without -+ * actually cleaning it on the way. -+ * -+ * This workaround is secure, as verify_result is set to "failed" -+ * anyway. -+ */ -+ if (err == SSL_ERROR_SSL) { -+ if (ERR_peek_error() == 0x0407006AL) { -+ pfixtls_print_errors(); /* Keep information for the logfile */ -+ msg_info("OpenSSL <= 0.9.5a workaround called: certificate errors ignored"); -+ err = SSL_get_error(TLScontext->con, status); -+ } -+ } -+#endif -+ -+ switch (err) { -+ case SSL_ERROR_NONE: /* success */ -+ retval = status; -+ done = 1; /* no break, flush buffer before */ -+ /* leaving */ -+ case SSL_ERROR_WANT_WRITE: -+ case SSL_ERROR_WANT_READ: -+ biop_retval = network_biopair_interop(fd, timeout, -+ TLScontext->network_bio); -+ if (biop_retval < 0) -+ return (-1); /* fatal network error */ -+ break; -+ case SSL_ERROR_ZERO_RETURN: /* connection was closed cleanly */ -+ case SSL_ERROR_SYSCALL: -+ case SSL_ERROR_SSL: -+ default: -+ retval = status; -+ done = 1; -+ ; -+ } -+ }; -+ return retval; -+} -+ -+int pfixtls_timed_read(int fd, void *buf, unsigned buf_len, int timeout, -+ void *context) -+{ -+ int i; -+ int ret; -+ char mybuf[40]; -+ char *mybuf2; -+ TLScontext_t *TLScontext; -+ -+ TLScontext = (TLScontext_t *)context; -+ if (!TLScontext) -+ msg_fatal("Called tls_timed_read() without TLS-context"); -+ -+ ret = do_tls_operation(fd, timeout, TLScontext, NULL, SSL_read, NULL, -+ (char *)buf, buf_len); -+ if ((pfixtls_serveractive && var_smtpd_tls_loglevel >= 4) || -+ (pfixtls_clientactive && var_smtp_tls_loglevel >= 4)) { -+ mybuf2 = (char *) buf; -+ if (ret > 0) { -+ i = 0; -+ while ((i < 39) && (i < ret) && (mybuf2[i] != 0)) { -+ mybuf[i] = mybuf2[i]; -+ i++; -+ } -+ mybuf[i] = '\0'; -+ msg_info("Read %d chars: %s", ret, mybuf); -+ } -+ } -+ return (ret); -+} -+ -+int pfixtls_timed_write(int fd, void *buf, unsigned len, int timeout, -+ void *context) -+{ -+ int i; -+ char mybuf[40]; -+ char *mybuf2; -+ TLScontext_t *TLScontext; -+ -+ TLScontext = (TLScontext_t *)context; -+ if (!TLScontext) -+ msg_fatal("Called tls_timed_write() without TLS-context"); -+ -+ if ((pfixtls_serveractive && var_smtpd_tls_loglevel >= 4) || -+ (pfixtls_clientactive && var_smtp_tls_loglevel >= 4)) { -+ mybuf2 = (char *) buf; -+ if (len > 0) { -+ i = 0; -+ while ((i < 39) && (i < len) && (mybuf2[i] != 0)) { -+ mybuf[i] = mybuf2[i]; -+ i++; -+ } -+ mybuf[i] = '\0'; -+ msg_info("Write %d chars: %s", len, mybuf); -+ } -+ } -+ return (do_tls_operation(fd, timeout, TLScontext, NULL, NULL, SSL_write, -+ buf, len)); -+} -+ -+/* Add some more entropy to the pool by adding the actual time */ -+ -+static void pfixtls_stir_seed(void) -+{ -+ GETTIMEOFDAY(&randseed.tv); -+ RAND_seed(&randseed, sizeof(randseed_t)); -+} -+ -+/* -+ * Skeleton taken from OpenSSL crypto/err/err_prn.c. -+ * Query the error stack and print the error string into the logging facility. -+ * Clear the error stack on the way. -+ */ -+ -+static void pfixtls_print_errors(void) -+{ -+ unsigned long l; -+ char buf[256]; -+ const char *file; -+ const char *data; -+ int line; -+ int flags; -+ unsigned long es; -+ -+ es = CRYPTO_thread_id(); -+ while ((l = ERR_get_error_line_data(&file, &line, &data, &flags)) != 0) { -+ if (flags & ERR_TXT_STRING) -+ msg_info("%lu:%s:%s:%d:%s:", es, ERR_error_string(l, buf), -+ file, line, data); -+ else -+ msg_info("%lu:%s:%s:%d:", es, ERR_error_string(l, buf), -+ file, line); -+ } -+} -+ -+ /* -+ * Set up the cert things on the server side. We do need both the -+ * private key (in key_file) and the cert (in cert_file). -+ * Both files may be identical. -+ * -+ * This function is taken from OpenSSL apps/s_cb.c -+ */ -+ -+static int set_cert_stuff(SSL_CTX * ctx, char *cert_file, char *key_file) -+{ -+ if (cert_file != NULL) { -+ if (SSL_CTX_use_certificate_chain_file(ctx, cert_file) <= 0) { -+ msg_info("unable to get certificate from '%s'", cert_file); -+ pfixtls_print_errors(); -+ return (0); -+ } -+ if (key_file == NULL) -+ key_file = cert_file; -+ if (SSL_CTX_use_PrivateKey_file(ctx, key_file, -+ SSL_FILETYPE_PEM) <= 0) { -+ msg_info("unable to get private key from '%s'", key_file); -+ pfixtls_print_errors(); -+ return (0); -+ } -+ /* Now we know that a key and cert have been set against -+ * the SSL context */ -+ if (!SSL_CTX_check_private_key(ctx)) { -+ msg_info("Private key does not match the certificate public key"); -+ return (0); -+ } -+ } -+ return (1); -+} -+ -+/* taken from OpenSSL apps/s_cb.c */ -+ -+static RSA *tmp_rsa_cb(SSL * s, int export, int keylength) -+{ -+ static RSA *rsa_tmp = NULL; -+ -+ if (rsa_tmp == NULL) { -+ rsa_tmp = RSA_generate_key(keylength, RSA_F4, NULL, NULL); -+ } -+ return (rsa_tmp); -+} -+ -+ -+static DH *get_dh512(void) -+{ -+ DH *dh; -+ -+ if (dh_512 == NULL) { -+ /* No parameter file loaded, use the compiled in parameters */ -+ if ((dh = DH_new()) == NULL) return(NULL); -+ dh->p = BN_bin2bn(dh512_p, sizeof(dh512_p), NULL); -+ dh->g = BN_bin2bn(dh512_g, sizeof(dh512_g), NULL); -+ if ((dh->p == NULL) || (dh->g == NULL)) -+ return(NULL); -+ else -+ dh_512 = dh; -+ } -+ return (dh_512); -+} -+ -+static DH *get_dh1024(void) -+{ -+ DH *dh; -+ -+ if (dh_1024 == NULL) { -+ /* No parameter file loaded, use the compiled in parameters */ -+ if ((dh = DH_new()) == NULL) return(NULL); -+ dh->p = BN_bin2bn(dh1024_p, sizeof(dh1024_p), NULL); -+ dh->g = BN_bin2bn(dh1024_g, sizeof(dh1024_g), NULL); -+ if ((dh->p == NULL) || (dh->g == NULL)) -+ return(NULL); -+ else -+ dh_1024 = dh; -+ } -+ return (dh_1024); -+} -+ -+/* partly inspired by mod_ssl */ -+ -+static DH *tmp_dh_cb(SSL *s, int export, int keylength) -+{ -+ DH *dh_tmp = NULL; -+ -+ if (export) { -+ if (keylength == 512) -+ dh_tmp = get_dh512(); /* export cipher */ -+ else if (keylength == 1024) -+ dh_tmp = get_dh1024(); /* normal */ -+ else -+ dh_tmp = get_dh1024(); /* not on-the-fly (too expensive) */ -+ /* so use the 1024bit instead */ -+ } -+ else { -+ dh_tmp = get_dh1024(); /* sign-only certificate */ -+ } -+ return (dh_tmp); -+} -+ -+ -+/* -+ * Skeleton taken from OpenSSL apps/s_cb.c -+ * -+ * The verify_callback is called several times (directly or indirectly) from -+ * crypto/x509/x509_vfy.c. It is called as a last check for several issues, -+ * so this verify_callback() has the famous "last word". If it does return "0", -+ * the handshake is immediately shut down and the connection fails. -+ * -+ * Postfix/TLS has two modes, the "use" mode and the "enforce" mode: -+ * -+ * In the "use" mode we never want the connection to fail just because there is -+ * something wrong with the certificate (as we would have sent happily without -+ * TLS). Therefore the return value is always "1". -+ * -+ * In the "enforce" mode we can shut down the connection as soon as possible. -+ * In server mode TLS itself may be enforced (e.g. to protect passwords), -+ * but certificates are optional. In this case the handshake must not fail -+ * if we are unhappy with the certificate and return "1" in any case. -+ * Only if a certificate is required the certificate must pass the verification -+ * and failure to do so will result in immediate termination (return 0). -+ * In the client mode the decision is made with respect to the peername -+ * enforcement. If we strictly enforce the matching of the expected peername -+ * the verification must fail immediatly on verification errors. We can also -+ * immediatly check the expected peername, as it is the CommonName at level 0. -+ * In all other cases, the problem is logged, so the SSL_get_verify_result() -+ * will inform about the verification failure, but the handshake (and SMTP -+ * connection will continue). -+ * -+ * The only error condition not handled inside the OpenSSL-Library is the -+ * case of a too-long certificate chain, so we check inside verify_callback(). -+ * We only take care of this problem, if "ok = 1", because otherwise the -+ * verification already failed because of another problem and we don't want -+ * to overwrite the other error message. And if the verification failed, -+ * there is no such thing as "more failed", "most failed"... :-) -+ */ -+ -+static int verify_callback(int ok, X509_STORE_CTX * ctx) -+{ -+ char buf[256]; -+ char *CN_lowercase; -+ char *peername_left; -+ X509 *err_cert; -+ int err; -+ int depth; -+ int verify_depth; -+ int hostname_matched; -+ SSL *con; -+ TLScontext_t *TLScontext; -+ -+ err_cert = X509_STORE_CTX_get_current_cert(ctx); -+ err = X509_STORE_CTX_get_error(ctx); -+ depth = X509_STORE_CTX_get_error_depth(ctx); -+ -+ con = X509_STORE_CTX_get_ex_data(ctx, SSL_get_ex_data_X509_STORE_CTX_idx()); -+ TLScontext = SSL_get_ex_data(con, TLScontext_index); -+ -+ X509_NAME_oneline(X509_get_subject_name(err_cert), buf, 256); -+ if (((pfixtls_serverengine) && (var_smtpd_tls_loglevel >= 2)) || -+ ((pfixtls_clientengine) && (var_smtp_tls_loglevel >= 2))) -+ msg_info("Peer cert verify depth=%d %s", depth, buf); -+ -+ verify_depth = SSL_get_verify_depth(con); -+ if (ok && (verify_depth >= 0) && (depth > verify_depth)) { -+ ok = 0; -+ err = X509_V_ERR_CERT_CHAIN_TOO_LONG; -+ X509_STORE_CTX_set_error(ctx, err); -+ } -+ if (!ok) { -+ msg_info("verify error:num=%d:%s", err, -+ X509_verify_cert_error_string(err)); -+ } -+ -+ if (ok && (depth == 0) && pfixtls_clientengine) { -+ /* -+ * Check out the name certified against the hostname expected. -+ * In case it does not match, print an information about the result. -+ * If a matching is enforced, bump out with a verification error -+ * immediately. -+ */ -+ buf[0] = '\0'; -+ if (!X509_NAME_get_text_by_NID(X509_get_subject_name(err_cert), -+ NID_commonName, buf, 256)) { -+ msg_info("Could not parse server's subject CN"); -+ pfixtls_print_errors(); -+ } -+ CN_lowercase = lowercase(buf); -+ hostname_matched = 0; -+ if (!strcmp(TLScontext->peername_save, CN_lowercase)) -+ hostname_matched = 1; -+ else if ((strlen(CN_lowercase) > 2) && -+ (CN_lowercase[0] == '*') && (CN_lowercase[1] == '.')) { -+ /* -+ * Allow wildcard certificate matching. The proposed rules in -+ * RFCs (2818: HTTP/TLS, 2830: LDAP/TLS) are different, RFC2874 -+ * does not specify a rule, so here the strict rule is applied. -+ * An asterisk '*' is allowed as the leftmost component and may -+ * replace the left most part of the hostname. Matching is done -+ * by removing '*.' from the wildcard name and the `name.` from -+ * the peername and compare what is left. -+ */ -+ peername_left = strchr(TLScontext->peername_save, '.'); -+ if (peername_left) { -+ if (!strcmp(peername_left + 1, CN_lowercase + 2)) -+ hostname_matched = 1; -+ } -+ } -+ -+ if (!hostname_matched) { -+ msg_info("Peer verification: CommonName in certificate does not match: %s != %s", CN_lowercase, TLScontext->peername_save); -+ if (TLScontext->enforce_verify_errors && TLScontext->enforce_CN) { -+ err = X509_V_ERR_CERT_REJECTED; -+ X509_STORE_CTX_set_error(ctx, err); -+ msg_info("Verify failure: Hostname mismatch"); -+ ok = 0; -+ } -+ } -+ } -+ -+ switch (ctx->error) { -+ case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT: -+ X509_NAME_oneline(X509_get_issuer_name(ctx->current_cert), buf, 256); -+ msg_info("issuer= %s", buf); -+ break; -+ case X509_V_ERR_CERT_NOT_YET_VALID: -+ case X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD: -+ msg_info("cert not yet valid"); -+ break; -+ case X509_V_ERR_CERT_HAS_EXPIRED: -+ case X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD: -+ msg_info("cert has expired"); -+ break; -+ } -+ if (((pfixtls_serverengine) && (var_smtpd_tls_loglevel >= 2)) || -+ ((pfixtls_clientengine) && (var_smtp_tls_loglevel >= 2))) -+ msg_info("verify return:%d", ok); -+ -+ if (TLScontext->enforce_verify_errors) -+ return (ok); -+ else -+ return (1); -+} -+ -+/* taken from OpenSSL apps/s_cb.c */ -+ -+static void apps_ssl_info_callback(SSL * s, int where, int ret) -+{ -+ char *str; -+ int w; -+ -+ w = where & ~SSL_ST_MASK; -+ -+ if (w & SSL_ST_CONNECT) -+ str = "SSL_connect"; -+ else if (w & SSL_ST_ACCEPT) -+ str = "SSL_accept"; -+ else -+ str = "undefined"; -+ -+ if (where & SSL_CB_LOOP) { -+ msg_info("%s:%s", str, SSL_state_string_long(s)); -+ } else if (where & SSL_CB_ALERT) { -+ str = (where & SSL_CB_READ) ? "read" : "write"; -+ if ((ret & 0xff) != SSL3_AD_CLOSE_NOTIFY) -+ msg_info("SSL3 alert %s:%s:%s", str, -+ SSL_alert_type_string_long(ret), -+ SSL_alert_desc_string_long(ret)); -+ } else if (where & SSL_CB_EXIT) { -+ if (ret == 0) -+ msg_info("%s:failed in %s", -+ str, SSL_state_string_long(s)); -+ else if (ret < 0) { -+ msg_info("%s:error in %s", -+ str, SSL_state_string_long(s)); -+ } -+ } -+} -+ -+/* -+ * taken from OpenSSL crypto/bio/b_dump.c, modified to save a lot of strcpy -+ * and strcat by Matti Aarnio. -+ */ -+ -+#define TRUNCATE -+#define DUMP_WIDTH 16 -+ -+static int pfixtls_dump(const char *s, int len) -+{ -+ int ret = 0; -+ char buf[160 + 1]; -+ char *ss; -+ int i; -+ int j; -+ int rows; -+ int trunc; -+ unsigned char ch; -+ -+ trunc = 0; -+ -+#ifdef TRUNCATE -+ for (; (len > 0) && ((s[len - 1] == ' ') || (s[len - 1] == '\0')); len--) -+ trunc++; -+#endif -+ -+ rows = (len / DUMP_WIDTH); -+ if ((rows * DUMP_WIDTH) < len) -+ rows++; -+ -+ for (i = 0; i < rows; i++) { -+ buf[0] = '\0'; /* start with empty string */ -+ ss = buf; -+ -+ sprintf(ss, "%04x ", i * DUMP_WIDTH); -+ ss += strlen(ss); -+ for (j = 0; j < DUMP_WIDTH; j++) { -+ if (((i * DUMP_WIDTH) + j) >= len) { -+ strcpy(ss, " "); -+ } else { -+ ch = ((unsigned char) *((char *) (s) + i * DUMP_WIDTH + j)) -+ & 0xff; -+ sprintf(ss, "%02x%c", ch, j == 7 ? '|' : ' '); -+ ss += 3; -+ } -+ } -+ ss += strlen(ss); -+ *ss++ = ' '; -+ for (j = 0; j < DUMP_WIDTH; j++) { -+ if (((i * DUMP_WIDTH) + j) >= len) -+ break; -+ ch = ((unsigned char) *((char *) (s) + i * DUMP_WIDTH + j)) & 0xff; -+ *ss++ = (((ch >= ' ') && (ch <= '~')) ? ch : '.'); -+ if (j == 7) *ss++ = ' '; -+ } -+ *ss = 0; -+ /* -+ * if this is the last call then update the ddt_dump thing so that -+ * we will move the selection point in the debug window -+ */ -+ msg_info("%s", buf); -+ ret += strlen(buf); -+ } -+#ifdef TRUNCATE -+ if (trunc > 0) { -+ sprintf(buf, "%04x - <SPACES/NULS>\n", len + trunc); -+ msg_info("%s", buf); -+ ret += strlen(buf); -+ } -+#endif -+ return (ret); -+} -+ -+ -+ -+/* taken from OpenSSL apps/s_cb.c */ -+ -+static long bio_dump_cb(BIO * bio, int cmd, const char *argp, int argi, -+ long argl, long ret) -+{ -+ if (!do_dump) -+ return (ret); -+ -+ if (cmd == (BIO_CB_READ | BIO_CB_RETURN)) { -+ msg_info("read from %08X [%08lX] (%d bytes => %ld (0x%X))", -+ (unsigned int)bio, (unsigned long)argp, argi, -+ ret, (unsigned int)ret); -+ pfixtls_dump(argp, (int) ret); -+ return (ret); -+ } else if (cmd == (BIO_CB_WRITE | BIO_CB_RETURN)) { -+ msg_info("write to %08X [%08lX] (%d bytes => %ld (0x%X))", -+ (unsigned int)bio, (unsigned long)argp, argi, -+ ret, (unsigned int)ret); -+ pfixtls_dump(argp, (int) ret); -+ } -+ return (ret); -+} -+ -+ -+ /* -+ * Callback to retrieve a session from the external session cache. -+ */ -+static SSL_SESSION *get_session_cb(SSL *ssl, unsigned char *SessionID, -+ int length, int *copy) -+{ -+ SSL_SESSION *session; -+ char idstring[2 * ID_MAXLENGTH + 1]; -+ int n; -+ int uselength; -+ int hex_length; -+ const char *session_hex; -+ pfixtls_scache_info_t scache_info; -+ unsigned char nibble, *data, *sess_data; -+ -+ if (length > ID_MAXLENGTH) -+ uselength = ID_MAXLENGTH; /* Limit length of ID */ -+ else -+ uselength = length; -+ -+ for(n=0 ; n < uselength ; n++) -+ sprintf(idstring + 2 * n, "%02x", SessionID[n]); -+ if (var_smtpd_tls_loglevel >= 3) -+ msg_info("Trying to reload Session from disc: %s", idstring); -+ -+ session = NULL; -+ -+ session_hex = dict_get(scache_db, idstring); -+ if (session_hex) { -+ hex_length = strlen(session_hex); -+ data = (unsigned char *)mymalloc(hex_length / 2); -+ if (!data) { -+ msg_info("could not allocate memory for session reload"); -+ return(NULL); -+ } -+ -+ memset(data, 0, hex_length / 2); -+ for (n = 0; n < hex_length; n++) { -+ if ((session_hex[n] >= '0') && (session_hex[n] <= '9')) -+ nibble = session_hex[n] - '0'; -+ else -+ nibble = session_hex[n] - 'A' + 10; -+ if (n % 2) -+ data[n / 2] |= nibble; -+ else -+ data[n / 2] |= (nibble << 4); -+ } -+ -+ /* -+ * First check the version numbers, since wrong session data might -+ * hit us hard (SEGFAULT). We also have to check for expiry. -+ */ -+ memcpy(&scache_info, data, sizeof(pfixtls_scache_info_t)); -+ if ((scache_info.scache_db_version != scache_db_version) || -+ (scache_info.openssl_version != openssl_version) || -+ (scache_info.timestamp + var_smtpd_tls_scache_timeout < time(NULL))) -+ dict_del(scache_db, idstring); -+ else { -+ sess_data = data + sizeof(pfixtls_scache_info_t); -+ session = d2i_SSL_SESSION(NULL, &sess_data, -+ hex_length / 2 - sizeof(pfixtls_scache_info_t)); -+ if (!session) -+ pfixtls_print_errors(); -+ } -+ myfree((char *)data); -+ } -+ -+ if (session && (var_smtpd_tls_loglevel >= 3)) -+ msg_info("Successfully reloaded session from disc"); -+ -+ return (session); -+} -+ -+ -+static SSL_SESSION *load_clnt_session(const char *hostname, -+ int enforce_peername) -+{ -+ SSL_SESSION *session = NULL; -+ char idstring[ID_MAXLENGTH + 1]; -+ int n; -+ int uselength; -+ int length; -+ int hex_length; -+ const char *session_hex; -+ pfixtls_scache_info_t scache_info; -+ unsigned char nibble, *data, *sess_data; -+ -+ length = strlen(hostname); -+ if (length > ID_MAXLENGTH) -+ uselength = ID_MAXLENGTH; /* Limit length of ID */ -+ else -+ uselength = length; -+ -+ for(n=0 ; n < uselength ; n++) -+ idstring[n] = tolower(hostname[n]); -+ idstring[uselength] = '\0'; -+ if (var_smtp_tls_loglevel >= 3) -+ msg_info("Trying to reload Session from disc: %s", idstring); -+ -+ session_hex = dict_get(scache_db, idstring); -+ if (session_hex) { -+ hex_length = strlen(session_hex); -+ data = (unsigned char *)mymalloc(hex_length / 2); -+ if (!data) { -+ msg_info("could not allocate memory for session reload"); -+ return(NULL); -+ } -+ -+ memset(data, 0, hex_length / 2); -+ for (n = 0; n < hex_length; n++) { -+ if ((session_hex[n] >= '0') && (session_hex[n] <= '9')) -+ nibble = session_hex[n] - '0'; -+ else -+ nibble = session_hex[n] - 'A' + 10; -+ if (n % 2) -+ data[n / 2] |= nibble; -+ else -+ data[n / 2] |= (nibble << 4); -+ } -+ -+ /* -+ * First check the version numbers, since wrong session data might -+ * hit us hard (SEGFAULT). We also have to check for expiry. -+ * When we enforce_peername, we may find an old session, that was -+ * saved when enforcement was not set. In this case the session will -+ * be removed and a fresh session will be negotiated. -+ */ -+ memcpy(&scache_info, data, sizeof(pfixtls_scache_info_t)); -+ if ((scache_info.scache_db_version != scache_db_version) || -+ (scache_info.openssl_version != openssl_version) || -+ (scache_info.timestamp + var_smtpd_tls_scache_timeout < time(NULL))) -+ dict_del(scache_db, idstring); -+ else if (enforce_peername && (!scache_info.enforce_peername)) -+ dict_del(scache_db, idstring); -+ else { -+ sess_data = data + sizeof(pfixtls_scache_info_t); -+ session = d2i_SSL_SESSION(NULL, &sess_data, -+ hex_length / 2 - sizeof(time_t)); -+ strncpy(SSL_SESSION_get_ex_data(session, TLSpeername_index), -+ idstring, ID_MAXLENGTH + 1); -+ if (!session) -+ pfixtls_print_errors(); -+ } -+ myfree((char *)data); -+ } -+ -+ if (session && (var_smtp_tls_loglevel >= 3)) -+ msg_info("Successfully reloaded session from disc"); -+ -+ return (session); -+} -+ -+ -+static void create_client_lookup_id(char *idstring, char *hostname) -+{ -+ int n, len, uselength; -+ -+ len = strlen(hostname); -+ if (len > ID_MAXLENGTH) -+ uselength = ID_MAXLENGTH; /* Limit length of ID */ -+ else -+ uselength = len; -+ -+ for (n = 0 ; n < uselength ; n++) -+ idstring[n] = tolower(hostname[n]); -+ idstring[uselength] = '\0'; -+} -+ -+ -+static void create_server_lookup_id(char *idstring, SSL_SESSION *session) -+{ -+ int n, uselength; -+ -+ if (session->session_id_length > ID_MAXLENGTH) -+ uselength = ID_MAXLENGTH; /* Limit length of ID */ -+ else -+ uselength = session->session_id_length; -+ -+ for(n = 0; n < uselength ; n++) -+ sprintf(idstring + 2 * n, "%02x", session->session_id[n]); -+} -+ -+ -+static void remove_session_cb(SSL_CTX *ctx, SSL_SESSION *session) -+{ -+ char idstring[2 * ID_MAXLENGTH + 1]; -+ char *hostname; -+ -+ if (pfixtls_clientengine) { -+ hostname = SSL_SESSION_get_ex_data(session, TLSpeername_index); -+ create_client_lookup_id(idstring, hostname); -+ if (var_smtp_tls_loglevel >= 3) -+ msg_info("Trying to remove session from disc: %s", idstring); -+ } -+ else { -+ create_server_lookup_id(idstring, session); -+ if (var_smtpd_tls_loglevel >= 3) -+ msg_info("Trying to remove session from disc: %s", idstring); -+ } -+ -+ if (scache_db) -+ dict_del(scache_db, idstring); -+} -+ -+ -+/* -+ * We need space to save the peername into the SSL_SESSION, as we must -+ * look up the external database for client sessions by peername, not -+ * by session id. We therefore allocate place for the peername string, -+ * when a new SSL_SESSION is generated. It is filled later. -+ */ -+static int new_peername_func(void *parent, void *ptr, CRYPTO_EX_DATA *ad, -+ int idx, long argl, void *argp) -+{ -+ char *peername; -+ -+ peername = (char *)mymalloc(ID_MAXLENGTH + 1); -+ if (!peername) -+ return 0; -+ peername[0] = '\0'; /* initialize */ -+ return CRYPTO_set_ex_data(ad, idx, peername); -+} -+ -+/* -+ * When the SSL_SESSION is removed again, we must free the memory to avoid -+ * leaks. -+ */ -+static void free_peername_func(void *parent, void *ptr, CRYPTO_EX_DATA *ad, -+ int idx, long argl, void *argp) -+{ -+ myfree(CRYPTO_get_ex_data(ad, idx)); -+} -+ -+/* -+ * Duplicate application data, when a SSL_SESSION is duplicated -+ */ -+static int dup_peername_func(CRYPTO_EX_DATA *to, CRYPTO_EX_DATA *from, -+ void *from_d, int idx, long argl, void *argp) -+{ -+ char *peername_old, *peername_new; -+ -+ peername_old = CRYPTO_get_ex_data(from, idx); -+ peername_new = CRYPTO_get_ex_data(to, idx); -+ if (!peername_old || !peername_new) -+ return 0; -+ memcpy(peername_new, peername_old, ID_MAXLENGTH + 1); -+ return 1; -+} -+ -+ -+ /* -+ * Save a new session to the external cache -+ */ -+static int new_session_cb(SSL *ssl, SSL_SESSION *session) -+{ -+ char idstring[2 * ID_MAXLENGTH + 1]; -+ int n; -+ int dsize; -+ int len; -+ unsigned char *data, *sess_data; -+ pfixtls_scache_info_t scache_info; -+ char *hexdata, *hostname; -+ TLScontext_t *TLScontext; -+ -+ if (pfixtls_clientengine) { -+ TLScontext = SSL_get_ex_data(ssl, TLScontext_index); -+ hostname = TLScontext->peername_save; -+ create_client_lookup_id(idstring, hostname); -+ strncpy(SSL_SESSION_get_ex_data(session, TLSpeername_index), -+ hostname, ID_MAXLENGTH + 1); -+ /* -+ * Remember, whether peername matching was enforced when the session -+ * was created. If later enforce mode is enabled, we do not want to -+ * reuse a session that was not sufficiently checked. -+ */ -+ scache_info.enforce_peername = -+ (TLScontext->enforce_verify_errors && TLScontext->enforce_CN); -+ -+ if (var_smtp_tls_loglevel >= 3) -+ msg_info("Trying to save session for hostID to disc: %s", idstring); -+ -+#if (OPENSSL_VERSION_NUMBER < 0x00906011L) || (OPENSSL_VERSION_NUMBER == 0x00907000L) -+ /* -+ * Ugly Hack: OpenSSL before 0.9.6a does not store the verify -+ * result in sessions for the client side. -+ * We modify the session directly which is version specific, -+ * but this bug is version specific, too. -+ * -+ * READ: 0-09-06-01-1 = 0-9-6-a-beta1: all versions before -+ * beta1 have this bug, it has been fixed during development -+ * of 0.9.6a. The development version of 0.9.7 can have this -+ * bug, too. It has been fixed on 2000/11/29. -+ */ -+ session->verify_result = SSL_get_verify_result(TLScontext->con); -+#endif -+ -+ } -+ else { -+ create_server_lookup_id(idstring, session); -+ if (var_smtpd_tls_loglevel >= 3) -+ msg_info("Trying to save Session to disc: %s", idstring); -+ } -+ -+ -+ /* -+ * Get the session and convert it into some "database" useable form. -+ * First, get the length of the session to allocate the memory. -+ */ -+ dsize = i2d_SSL_SESSION(session, NULL); -+ if (dsize < 0) { -+ msg_info("Could not access session"); -+ return 0; -+ } -+ data = (unsigned char *)mymalloc(dsize + sizeof(pfixtls_scache_info_t)); -+ if (!data) { -+ msg_info("could not allocate memory for SSL session"); -+ return 0; -+ } -+ -+ /* -+ * OpenSSL is not robust against wrong session data (might SEGFAULT), -+ * so we secure it against version ids (session cache structure as well -+ * as OpenSSL version). -+ */ -+ scache_info.scache_db_version = scache_db_version; -+ scache_info.openssl_version = openssl_version; -+ -+ /* -+ * Put a timestamp, so that expiration can be checked without -+ * analyzing the session data itself. (We would need OpenSSL funtions, -+ * since the SSL_SESSION is a private structure.) -+ */ -+ scache_info.timestamp = time(NULL); -+ -+ memcpy(data, &scache_info, sizeof(pfixtls_scache_info_t)); -+ sess_data = data + sizeof(pfixtls_scache_info_t); -+ -+ /* -+ * Now, obtain the session. Unfortunately, it is binary and dict_update -+ * cannot handle binary data (it could contain '\0' in it) directly. -+ * To save memory we could use base64 encoding. To make handling easier, -+ * we simply use hex format. -+ */ -+ len = i2d_SSL_SESSION(session, &sess_data); -+ len += sizeof(pfixtls_scache_info_t); -+ -+ hexdata = (char *)mymalloc(2 * len + 1); -+ -+ if (!hexdata) { -+ msg_info("could not allocate memory for SSL session (HEX)"); -+ myfree((char *)data); -+ return 0; -+ } -+ for (n = 0; n < len; n++) { -+ hexdata[n * 2] = hexcodes[(data[n] & 0xf0) >> 4]; -+ hexdata[(n * 2) + 1] = hexcodes[(data[n] & 0x0f)]; -+ } -+ hexdata[len * 2] = '\0'; -+ -+ /* -+ * The session id is a hex string, all uppercase. We are using SDBM as -+ * compiled into Postfix with 8kB maximum entry size, so we set a limit -+ * when caching. If the session is not cached, we have to renegotiate, -+ * not more, not less. For a real session, this limit should never be -+ * met -+ */ -+ if (strlen(idstring) + strlen(hexdata) < 8000) -+ dict_put(scache_db, idstring, hexdata); -+ -+ myfree(hexdata); -+ myfree((char *)data); -+ return (1); -+} -+ -+ -+ /* -+ * pfixtls_exchange_seed: read bytes from the seed exchange-file (expect -+ * 1024 bytes)and immediately write back random bytes. Do so with EXCLUSIVE -+ * lock, so * that each process will find a completely different (and -+ * reseeded) file. -+ */ -+static void pfixtls_exchange_seed(void) -+{ -+ unsigned char buffer[1024]; -+ -+ if (rand_exch_fd == -1) -+ return; -+ -+ if (myflock(rand_exch_fd, INTERNAL_LOCK, MYFLOCK_OP_EXCLUSIVE) != 0) -+ msg_info("Could not lock random exchange file: %s", -+ strerror(errno)); -+ -+ lseek(rand_exch_fd, 0, SEEK_SET); -+ if (read(rand_exch_fd, buffer, 1024) < 0) -+ msg_fatal("reading exchange file failed"); -+ RAND_seed(buffer, 1024); -+ -+ RAND_bytes(buffer, 1024); -+ lseek(rand_exch_fd, 0, SEEK_SET); -+ if (write(rand_exch_fd, buffer, 1024) != 1024) -+ msg_fatal("Writing exchange file failed"); -+ -+ if (myflock(rand_exch_fd, INTERNAL_LOCK, MYFLOCK_OP_NONE) != 0) -+ msg_fatal("Could not unlock random exchange file: %s", -+ strerror(errno)); -+} -+ -+ /* -+ * This is the setup routine for the SSL server. As smtpd might be called -+ * more than once, we only want to do the initialization one time. -+ * -+ * The skeleton of this function is taken from OpenSSL apps/s_server.c. -+ */ -+ -+int pfixtls_init_serverengine(int verifydepth, int askcert) -+{ -+ int off = 0; -+ int verify_flags = SSL_VERIFY_NONE; -+ int rand_bytes; -+ int rand_source_dev_fd; -+ int rand_source_socket_fd; -+ unsigned char buffer[255]; -+ char *CApath; -+ char *CAfile; -+ char *s_cert_file; -+ char *s_key_file; -+ char *s_dcert_file; -+ char *s_dkey_file; -+ FILE *paramfile; -+ -+ if (pfixtls_serverengine) -+ return (0); /* already running */ -+ -+ if (var_smtpd_tls_loglevel >= 2) -+ msg_info("starting TLS engine"); -+ -+ /* -+ * Initialize the OpenSSL library by the book! -+ * To start with, we must initialize the algorithms. -+ * We want cleartext error messages instead of just error codes, so we -+ * load the error_strings. -+ */ -+ SSL_load_error_strings(); -+ OpenSSL_add_ssl_algorithms(); -+ -+ /* -+ * Side effect, call a non-existing function to disable TLS usage with an -+ * outdated OpenSSL version. There is a security reason (verify_result -+ * is not stored with the session data). -+ */ -+#if (OPENSSL_VERSION_NUMBER < 0x00905100L) -+ needs_openssl_095_or_later(); -+#endif -+ -+ /* -+ * Initialize the PRNG Pseudo Random Number Generator with some seed. -+ */ -+ randseed.pid = getpid(); -+ GETTIMEOFDAY(&randseed.tv); -+ RAND_seed(&randseed, sizeof(randseed_t)); -+ -+ /* -+ * Access the external sources for random seed. We will only query them -+ * once, this should be sufficient and we will stir our entropy by using -+ * the prng-exchange file anyway. -+ * For reliability, we don't consider failure to access the additional -+ * source fatal, as we can run happily without it (considering that we -+ * still have the exchange-file). We also don't care how much entropy -+ * we get back, as we must run anyway. We simply stir in the buffer -+ * regardless how many bytes are actually in it. -+ */ -+ if (*var_tls_daemon_rand_source) { -+ if (!strncmp(var_tls_daemon_rand_source, "dev:", 4)) { -+ /* -+ * Source is a random device -+ */ -+ rand_source_dev_fd = open(var_tls_daemon_rand_source + 4, 0, 0); -+ if (rand_source_dev_fd == -1) -+ msg_info("Could not open entropy device %s", -+ var_tls_daemon_rand_source); -+ else { -+ if (var_tls_daemon_rand_bytes > 255) -+ var_tls_daemon_rand_bytes = 255; -+ read(rand_source_dev_fd, buffer, var_tls_daemon_rand_bytes); -+ RAND_seed(buffer, var_tls_daemon_rand_bytes); -+ close(rand_source_dev_fd); -+ } -+ } else if (!strncmp(var_tls_daemon_rand_source, "egd:", 4)) { -+ /* -+ * Source is a EGD compatible socket -+ */ -+ rand_source_socket_fd = unix_connect(var_tls_daemon_rand_source +4, -+ BLOCKING, 10); -+ if (rand_source_socket_fd == -1) -+ msg_info("Could not connect to %s", var_tls_daemon_rand_source); -+ else { -+ if (var_tls_daemon_rand_bytes > 255) -+ var_tls_daemon_rand_bytes = 255; -+ buffer[0] = 1; -+ buffer[1] = var_tls_daemon_rand_bytes; -+ if (write(rand_source_socket_fd, buffer, 2) != 2) -+ msg_info("Could not talk to %s", -+ var_tls_daemon_rand_source); -+ else if (read(rand_source_socket_fd, buffer, 1) != 1) -+ msg_info("Could not read info from %s", -+ var_tls_daemon_rand_source); -+ else { -+ rand_bytes = buffer[0]; -+ read(rand_source_socket_fd, buffer, rand_bytes); -+ RAND_seed(buffer, rand_bytes); -+ } -+ close(rand_source_socket_fd); -+ } -+ } else { -+ RAND_load_file(var_tls_daemon_rand_source, -+ var_tls_daemon_rand_bytes); -+ } -+ } -+ -+ if (*var_tls_rand_exch_name) { -+ rand_exch_fd = open(var_tls_rand_exch_name, O_RDWR | O_CREAT, 0600); -+ if (rand_exch_fd != -1) -+ pfixtls_exchange_seed(); -+ } -+ -+ randseed.pid = getpid(); -+ GETTIMEOFDAY(&randseed.tv); -+ RAND_seed(&randseed, sizeof(randseed_t)); -+ -+ /* -+ * The SSL/TLS speficications require the client to send a message in -+ * the oldest specification it understands with the highest level it -+ * understands in the message. -+ * Netscape communicator can still communicate with SSLv2 servers, so it -+ * sends out a SSLv2 client hello. To deal with it, our server must be -+ * SSLv2 aware (even if we don't like SSLv2), so we need to have the -+ * SSLv23 server here. If we want to limit the protocol level, we can -+ * add an option to not use SSLv2/v3/TLSv1 later. -+ */ -+ ctx = SSL_CTX_new(SSLv23_server_method()); -+ if (ctx == NULL) { -+ pfixtls_print_errors(); -+ return (-1); -+ }; -+ -+ /* -+ * Here we might set SSL_OP_NO_SSLv2, SSL_OP_NO_SSLv3, SSL_OP_NO_TLSv1. -+ * Of course, the last one would not make sense, since RFC2487 is only -+ * defined for TLS, but we also want to accept Netscape communicator -+ * requests, and it only supports SSLv3. -+ */ -+ off |= SSL_OP_ALL; /* Work around all known bugs */ -+ SSL_CTX_set_options(ctx, off); -+ -+ /* -+ * Set the info_callback, that will print out messages during -+ * communication on demand. -+ */ -+ if (var_smtpd_tls_loglevel >= 2) -+ SSL_CTX_set_info_callback(ctx, apps_ssl_info_callback); -+ -+ /* -+ * Set the list of ciphers, if explicitely given; otherwise the -+ * (reasonable) default list is kept. -+ */ -+ if (strlen(var_smtpd_tls_cipherlist) != 0) -+ if (SSL_CTX_set_cipher_list(ctx, var_smtpd_tls_cipherlist) == 0) { -+ pfixtls_print_errors(); -+ return (-1); -+ } -+ -+ /* -+ * Now we must add the necessary certificate stuff: A server key, a -+ * server certificate, and the CA certificates for both the server -+ * cert and the verification of client certificates. -+ * As provided by OpenSSL we support two types of CA certificate handling: -+ * One possibility is to add all CA certificates to one large CAfile, -+ * the other possibility is a directory pointed to by CApath, containing -+ * seperate files for each CA pointed on by softlinks named by the hash -+ * values of the certificate. -+ * The first alternative has the advantage, that the file is opened and -+ * read at startup time, so that you don't have the hassle to maintain -+ * another copy of the CApath directory for chroot-jail. On the other -+ * hand, the file is not really readable. -+ */ -+ if (strlen(var_smtpd_tls_CAfile) == 0) -+ CAfile = NULL; -+ else -+ CAfile = var_smtpd_tls_CAfile; -+ if (strlen(var_smtpd_tls_CApath) == 0) -+ CApath = NULL; -+ else -+ CApath = var_smtpd_tls_CApath; -+ -+ if (CAfile || CApath) { -+ if (!SSL_CTX_load_verify_locations(ctx, CAfile, CApath)) { -+ msg_info("TLS engine: cannot load CA data"); -+ pfixtls_print_errors(); -+ return (-1); -+ } -+ if (!SSL_CTX_set_default_verify_paths(ctx)) { -+ msg_info("TLS engine: cannot set verify paths"); -+ pfixtls_print_errors(); -+ return (-1); -+ } -+ } -+ -+ /* -+ * Now we load the certificate and key from the files and check, -+ * whether the cert matches the key (internally done by set_cert_stuff(). -+ * We cannot run without (we do not support ADH anonymous Diffie-Hellman -+ * ciphers as of now). -+ * We can use RSA certificates ("cert") and DSA certificates ("dcert"), -+ * both can be made available at the same time. The CA certificates for -+ * both are handled in the same setup already finished. -+ * Which one is used depends on the cipher negotiated (that is: the first -+ * cipher listed by the client which does match the server). A client with -+ * RSA only (e.g. Netscape) will use the RSA certificate only. -+ * A client with openssl-library will use RSA first if not especially -+ * changed in the cipher setup. -+ */ -+ if (strlen(var_smtpd_tls_cert_file) == 0) -+ s_cert_file = NULL; -+ else -+ s_cert_file = var_smtpd_tls_cert_file; -+ if (strlen(var_smtpd_tls_key_file) == 0) -+ s_key_file = NULL; -+ else -+ s_key_file = var_smtpd_tls_key_file; -+ -+ if (strlen(var_smtpd_tls_dcert_file) == 0) -+ s_dcert_file = NULL; -+ else -+ s_dcert_file = var_smtpd_tls_dcert_file; -+ if (strlen(var_smtpd_tls_dkey_file) == 0) -+ s_dkey_file = NULL; -+ else -+ s_dkey_file = var_smtpd_tls_dkey_file; -+ -+ if (s_cert_file) { -+ if (!set_cert_stuff(ctx, s_cert_file, s_key_file)) { -+ msg_info("TLS engine: cannot load RSA cert/key data"); -+ pfixtls_print_errors(); -+ return (-1); -+ } -+ } -+ if (s_dcert_file) { -+ if (!set_cert_stuff(ctx, s_dcert_file, s_dkey_file)) { -+ msg_info("TLS engine: cannot load DSA cert/key data"); -+ pfixtls_print_errors(); -+ return (-1); -+ } -+ } -+ if (!s_cert_file && !s_dcert_file) { -+ msg_info("TLS engine: do need at least RSA _or_ DSA cert/key data"); -+ return (-1); -+ } -+ -+ /* -+ * Sometimes a temporary RSA key might be needed by the OpenSSL -+ * library. The OpenSSL doc indicates, that this might happen when -+ * export ciphers are in use. We have to provide one, so well, we -+ * just do it. -+ */ -+ SSL_CTX_set_tmp_rsa_callback(ctx, tmp_rsa_cb); -+ -+ /* -+ * We might also need dh parameters, which can either be loaded from -+ * file (preferred) or we simply take the compiled in values. -+ * First, set the callback that will select the values when requested, -+ * then load the (possibly) available DH parameters from files. -+ * We are generous with the error handling, since we do have default -+ * values compiled in, so we will not abort but just log the error message. -+ */ -+ SSL_CTX_set_tmp_dh_callback(ctx, tmp_dh_cb); -+ if (strlen(var_smtpd_tls_dh1024_param_file) != 0) { -+ if ((paramfile = fopen(var_smtpd_tls_dh1024_param_file, "r")) != NULL) { -+ dh_1024 = PEM_read_DHparams(paramfile, NULL, NULL, NULL); -+ if (dh_1024 == NULL) { -+ msg_info("TLS engine: cannot load 1024bit DH parameters"); -+ pfixtls_print_errors(); -+ } -+ } -+ else { -+ msg_info("TLS engine: cannot load 1024bit DH parameters: %s: %s", -+ var_smtpd_tls_dh1024_param_file, strerror(errno)); -+ } -+ } -+ if (strlen(var_smtpd_tls_dh512_param_file) != 0) { -+ if ((paramfile = fopen(var_smtpd_tls_dh512_param_file, "r")) != NULL) { -+ dh_512 = PEM_read_DHparams(paramfile, NULL, NULL, NULL); -+ if (dh_512 == NULL) { -+ msg_info("TLS engine: cannot load 512bit DH parameters"); -+ pfixtls_print_errors(); -+ } -+ } -+ else { -+ msg_info("TLS engine: cannot load 512bit DH parameters: %s: %s", -+ var_smtpd_tls_dh512_param_file, strerror(errno)); -+ } -+ } -+ -+ /* -+ * If we want to check client certificates, we have to indicate it -+ * in advance. By now we only allow to decide on a global basis. -+ * If we want to allow certificate based relaying, we must ask the -+ * client to provide one with SSL_VERIFY_PEER. The client now can -+ * decide, whether it provides one or not. We can enforce a failure -+ * of the negotiation with SSL_VERIFY_FAIL_IF_NO_PEER_CERT, if we -+ * do not allow a connection without one. -+ * In the "server hello" following the initialization by the "client hello" -+ * the server must provide a list of CAs it is willing to accept. -+ * Some clever clients will then select one from the list of available -+ * certificates matching these CAs. Netscape Communicator will present -+ * the list of certificates for selecting the one to be sent, or it will -+ * issue a warning, if there is no certificate matching the available -+ * CAs. -+ * -+ * With regard to the purpose of the certificate for relaying, we might -+ * like a later negotiation, maybe relaying would already be allowed -+ * for other reasons, but this would involve severe changes in the -+ * internal postfix logic, so we have to live with it the way it is. -+ */ -+ if (askcert) -+ verify_flags = SSL_VERIFY_PEER | SSL_VERIFY_CLIENT_ONCE; -+ SSL_CTX_set_verify(ctx, verify_flags, verify_callback); -+ SSL_CTX_set_client_CA_list(ctx, SSL_load_client_CA_file(CAfile)); -+ -+ /* -+ * Initialize the session cache. We only want external caching to -+ * synchronize between server sessions, so we set it to a minimum value -+ * of 1. If the external cache is disabled, we won't cache at all. -+ * The recall of old sessions "get" and save to disk of just created -+ * sessions "new" is handled by the appropriate callback functions. -+ * -+ * We must not forget to set a session id context to identify to which -+ * kind of server process the session was related. In our case, the -+ * context is just the name of the patchkit: "Postfix/TLS". -+ */ -+ SSL_CTX_sess_set_cache_size(ctx, 1); -+ SSL_CTX_set_timeout(ctx, var_smtpd_tls_scache_timeout); -+ SSL_CTX_set_session_id_context(ctx, (void*)&server_session_id_context, -+ sizeof(server_session_id_context)); -+ -+ /* -+ * The session cache is realized by an external database file, that -+ * must be opened before going to chroot jail. Since the session cache -+ * data can become quite large, "[n]dbm" cannot be used as it has a -+ * size limit that is by far to small. -+ */ -+ if (*var_smtpd_tls_scache_db) { -+ /* -+ * Insert a test against other dbms here, otherwise while writing -+ * a session (content to large), we will receive a fatal error! -+ */ -+ if (strncmp(var_smtpd_tls_scache_db, "sdbm:", 5)) -+ msg_warn("Only sdbm: type allowed for %s", -+ var_smtpd_tls_scache_db); -+ else -+ scache_db = dict_open(var_smtpd_tls_scache_db, O_RDWR, -+ DICT_FLAG_DUP_REPLACE | DICT_FLAG_LOCK | DICT_FLAG_SYNC_UPDATE); -+ if (scache_db) { -+ SSL_CTX_set_session_cache_mode(ctx, -+ SSL_SESS_CACHE_SERVER|SSL_SESS_CACHE_NO_AUTO_CLEAR); -+ SSL_CTX_sess_set_get_cb(ctx, get_session_cb); -+ SSL_CTX_sess_set_new_cb(ctx, new_session_cb); -+ SSL_CTX_sess_set_remove_cb(ctx, remove_session_cb); -+ } -+ else -+ msg_warn("Could not open session cache %s", -+ var_smtpd_tls_scache_db); -+ } -+ -+ /* -+ * Finally create the global index to access TLScontext information -+ * inside verify_callback. -+ */ -+ TLScontext_index = SSL_get_ex_new_index(0, "TLScontext ex_data index", -+ NULL, NULL, NULL); -+ -+ pfixtls_serverengine = 1; -+ return (0); -+} -+ -+ /* -+ * This is the actual startup routine for the connection. We expect -+ * that the buffers are flushed and the "220 Ready to start TLS" was -+ * send to the client, so that we can immediately can start the TLS -+ * handshake process. -+ */ -+int pfixtls_start_servertls(VSTREAM *stream, int timeout, -+ const char *peername, const char *peeraddr, -+ tls_info_t *tls_info, int requirecert) -+{ -+ int sts; -+ int j; -+ int verify_flags; -+ unsigned int n; -+ TLScontext_t *TLScontext; -+ SSL_SESSION *session; -+ SSL_CIPHER *cipher; -+ X509 *peer; -+ -+ if (!pfixtls_serverengine) { /* should never happen */ -+ msg_info("tls_engine not running"); -+ return (-1); -+ } -+ if (var_smtpd_tls_loglevel >= 1) -+ msg_info("setting up TLS connection from %s[%s]", peername, peeraddr); -+ -+ /* -+ * Allocate a new TLScontext for the new connection and get an SSL -+ * structure. Add the location of TLScontext to the SSL to later -+ * retrieve the information inside the verify_callback(). -+ */ -+ TLScontext = (TLScontext_t *)mymalloc(sizeof(TLScontext_t)); -+ if (!TLScontext) { -+ msg_fatal("Could not allocate 'TLScontext' with mymalloc"); -+ } -+ if ((TLScontext->con = (SSL *) SSL_new(ctx)) == NULL) { -+ msg_info("Could not allocate 'TLScontext->con' with SSL_new()"); -+ pfixtls_print_errors(); -+ myfree((char *)TLScontext); -+ return (-1); -+ } -+ if (!SSL_set_ex_data(TLScontext->con, TLScontext_index, TLScontext)) { -+ msg_info("Could not set application data for 'TLScontext->con'"); -+ pfixtls_print_errors(); -+ SSL_free(TLScontext->con); -+ myfree((char *)TLScontext); -+ return (-1); -+ } -+ -+ /* -+ * Set the verification parameters to be checked in verify_callback(). -+ */ -+ if (requirecert) { -+ verify_flags = SSL_VERIFY_PEER | SSL_VERIFY_CLIENT_ONCE; -+ verify_flags |= SSL_VERIFY_FAIL_IF_NO_PEER_CERT; -+ TLScontext->enforce_verify_errors = 1; -+ SSL_set_verify(TLScontext->con, verify_flags, verify_callback); -+ } -+ else { -+ TLScontext->enforce_verify_errors = 0; -+ } -+ TLScontext->enforce_CN = 0; -+ -+ /* -+ * The TLS connection is realized by a BIO_pair, so obtain the pair. -+ */ -+ if (!BIO_new_bio_pair(&TLScontext->internal_bio, BIO_bufsiz, -+ &TLScontext->network_bio, BIO_bufsiz)) { -+ msg_info("Could not obtain BIO_pair"); -+ pfixtls_print_errors(); -+ SSL_free(TLScontext->con); -+ myfree((char *)TLScontext); -+ return (-1); -+ } -+ -+ /* -+ * Before really starting anything, try to seed the PRNG a little bit -+ * more. -+ */ -+ pfixtls_stir_seed(); -+ pfixtls_exchange_seed(); -+ -+ /* -+ * Initialize the SSL connection to accept state. This should not be -+ * necessary anymore since 0.9.3, but the call is still in the library -+ * and maintaining compatibility never hurts. -+ */ -+ SSL_set_accept_state(TLScontext->con); -+ -+ /* -+ * Connect the SSL-connection with the postfix side of the BIO-pair for -+ * reading and writing. -+ */ -+ SSL_set_bio(TLScontext->con, TLScontext->internal_bio, -+ TLScontext->internal_bio); -+ -+ /* -+ * If the debug level selected is high enough, all of the data is -+ * dumped: 3 will dump the SSL negotiation, 4 will dump everything. -+ * -+ * We do have an SSL_set_fd() and now suddenly a BIO_ routine is called? -+ * Well there is a BIO below the SSL routines that is automatically -+ * created for us, so we can use it for debugging purposes. -+ */ -+ if (var_smtpd_tls_loglevel >= 3) -+ BIO_set_callback(SSL_get_rbio(TLScontext->con), bio_dump_cb); -+ -+ -+ /* Dump the negotiation for loglevels 3 and 4 */ -+ if (var_smtpd_tls_loglevel >= 3) -+ do_dump = 1; -+ -+ /* -+ * Now we expect the negotiation to begin. This whole process is like a -+ * black box for us. We totally have to rely on the routines build into -+ * the OpenSSL library. The only thing we can do we already have done -+ * by choosing our own callbacks for session caching and certificate -+ * verification. -+ * -+ * Error handling: -+ * If the SSL handhake fails, we print out an error message and remove -+ * everything that might be there. A session has to be removed anyway, -+ * because RFC2246 requires it. -+ */ -+ sts = do_tls_operation(vstream_fileno(stream), timeout, TLScontext, -+ SSL_accept, NULL, NULL, NULL, 0); -+ if (sts <= 0) { -+ msg_info("SSL_accept error from %s[%s]: %d", peername, peeraddr, sts); -+ pfixtls_print_errors(); -+ SSL_free(TLScontext->con); -+ myfree((char *)TLScontext); -+ return (-1); -+ } -+ -+ /* Only loglevel==4 dumps everything */ -+ if (var_smtpd_tls_loglevel < 4) -+ do_dump = 0; -+ -+ /* -+ * Lets see, whether a peer certificate is available and what is -+ * the actual information. We want to save it for later use. -+ */ -+ peer = SSL_get_peer_certificate(TLScontext->con); -+ if (peer != NULL) { -+ if (SSL_get_verify_result(TLScontext->con) == X509_V_OK) -+ tls_info->peer_verified = 1; -+ -+ X509_NAME_oneline(X509_get_subject_name(peer), -+ TLScontext->peer_subject, CCERT_BUFSIZ); -+ if (var_smtpd_tls_loglevel >= 2) -+ msg_info("subject=%s", TLScontext->peer_subject); -+ tls_info->peer_subject = TLScontext->peer_subject; -+ X509_NAME_oneline(X509_get_issuer_name(peer), -+ TLScontext->peer_issuer, CCERT_BUFSIZ); -+ if (var_smtpd_tls_loglevel >= 2) -+ msg_info("issuer=%s", TLScontext->peer_issuer); -+ tls_info->peer_issuer = TLScontext->peer_issuer; -+ if (X509_digest(peer, EVP_md5(), TLScontext->md, &n)) { -+ for (j = 0; j < (int) n; j++) { -+ TLScontext->fingerprint[j * 3] = -+ hexcodes[(TLScontext->md[j] & 0xf0) >> 4]; -+ TLScontext->fingerprint[(j * 3) + 1] = -+ hexcodes[(TLScontext->md[j] & 0x0f)]; -+ if (j + 1 != (int) n) -+ TLScontext->fingerprint[(j * 3) + 2] = ':'; -+ else -+ TLScontext->fingerprint[(j * 3) + 2] = '\0'; -+ } -+ if (var_smtpd_tls_loglevel >= 1) -+ msg_info("fingerprint=%s", TLScontext->fingerprint); -+ tls_info->peer_fingerprint = TLScontext->fingerprint; -+ } -+ -+ TLScontext->peer_CN[0] = '\0'; -+ if (!X509_NAME_get_text_by_NID(X509_get_subject_name(peer), -+ NID_commonName, TLScontext->peer_CN, CCERT_BUFSIZ)) { -+ msg_info("Could not parse client's subject CN"); -+ pfixtls_print_errors(); -+ } -+ tls_info->peer_CN = TLScontext->peer_CN; -+ -+ TLScontext->issuer_CN[0] = '\0'; -+ if (!X509_NAME_get_text_by_NID(X509_get_issuer_name(peer), -+ NID_commonName, TLScontext->issuer_CN, CCERT_BUFSIZ)) { -+ msg_info("Could not parse client's issuer CN"); -+ pfixtls_print_errors(); -+ } -+ if (!TLScontext->issuer_CN[0]) { -+ /* No issuer CN field, use Organization instead */ -+ if (!X509_NAME_get_text_by_NID(X509_get_issuer_name(peer), -+ NID_organizationName, TLScontext->issuer_CN, CCERT_BUFSIZ)) { -+ msg_info("Could not parse client's issuer Organization"); -+ pfixtls_print_errors(); -+ } -+ } -+ tls_info->issuer_CN = TLScontext->issuer_CN; -+ -+ if (var_smtpd_tls_loglevel >= 1) { -+ if (tls_info->peer_verified) -+ msg_info("Verified: subject_CN=%s, issuer=%s", -+ TLScontext->peer_CN, TLScontext->issuer_CN); -+ else -+ msg_info("Unverified: subject_CN=%s, issuer=%s", -+ TLScontext->peer_CN, TLScontext->issuer_CN); -+ } -+ -+ X509_free(peer); -+ } -+ -+ /* -+ * At this point we should have a certificate when required. -+ * We may however have a cached session, so the callback would never -+ * be called. We therefore double-check to make sure and remove the -+ * session, if applicable. -+ */ -+ if (requirecert) { -+ if (!tls_info->peer_verified || !tls_info->peer_CN) { -+ msg_info("Re-used session without peer certificate removed"); -+ session = SSL_get_session(TLScontext->con); -+ SSL_CTX_remove_session(ctx, session); -+ return (-1); -+ } -+ } -+ -+ /* -+ * Finally, collect information about protocol and cipher for logging -+ */ -+ tls_info->protocol = SSL_get_version(TLScontext->con); -+ cipher = SSL_get_current_cipher(TLScontext->con); -+ tls_info->cipher_name = SSL_CIPHER_get_name(cipher); -+ tls_info->cipher_usebits = SSL_CIPHER_get_bits(cipher, -+ &(tls_info->cipher_algbits)); -+ -+ pfixtls_serveractive = 1; -+ -+ /* -+ * The TLS engine is active, switch to the pfixtls_timed_read/write() -+ * functions and store the context. -+ */ -+ vstream_control(stream, -+ VSTREAM_CTL_READ_FN, pfixtls_timed_read, -+ VSTREAM_CTL_WRITE_FN, pfixtls_timed_write, -+ VSTREAM_CTL_CONTEXT, (void *)TLScontext, -+ VSTREAM_CTL_END); -+ -+ msg_info("TLS connection established from %s[%s]: %s with cipher %s (%d/%d bits)", -+ peername, peeraddr, -+ tls_info->protocol, tls_info->cipher_name, -+ tls_info->cipher_usebits, tls_info->cipher_algbits); -+ pfixtls_stir_seed(); -+ -+ return (0); -+} -+ -+ /* -+ * Shut down the TLS connection, that does mean: remove all the information -+ * and reset the flags! This is needed if the actual running smtpd is to -+ * be restarted. We do not give back any value, as there is nothing to -+ * be reported. -+ * Since our session cache is external, we will remove the session from -+ * memory in any case. The SSL_CTX_flush_sessions might be redundant here, -+ * I however want to make sure nothing is left. -+ * RFC2246 requires us to remove sessions if something went wrong, as -+ * indicated by the "failure" value, so we remove it from the external -+ * cache, too. -+ */ -+int pfixtls_stop_servertls(VSTREAM *stream, int timeout, int failure, -+ tls_info_t *tls_info) -+{ -+ TLScontext_t *TLScontext; -+ int retval; -+ -+ if (pfixtls_serveractive) { -+ TLScontext = (TLScontext_t *)vstream_context(stream); -+ /* -+ * Perform SSL_shutdown() twice, as the first attempt may return -+ * to early: it will only send out the shutdown alert but it will -+ * not wait for the peer's shutdown alert. Therefore, when we are -+ * the first party to send the alert, we must call SSL_shutdown() -+ * again. -+ * On failure we don't want to resume the session, so we will not -+ * perform SSL_shutdown() and the session will be removed as being -+ * bad. -+ */ -+ if (!failure) { -+ retval = do_tls_operation(vstream_fileno(stream), timeout, -+ TLScontext, SSL_shutdown, NULL, NULL, NULL, 0); -+ if (retval == 0) -+ do_tls_operation(vstream_fileno(stream), timeout, TLScontext, -+ SSL_shutdown, NULL, NULL, NULL, 0); -+ } -+ /* -+ * Free the SSL structure and the BIOs. Warning: the internal_bio is -+ * connected to the SSL structure and is automatically freed with -+ * it. Do not free it again (core dump)!! -+ * Only free the network_bio. -+ */ -+ SSL_free(TLScontext->con); -+ BIO_free(TLScontext->network_bio); -+ myfree((char *)TLScontext); -+ vstream_control(stream, -+ VSTREAM_CTL_READ_FN, (VSTREAM_FN) NULL, -+ VSTREAM_CTL_WRITE_FN, (VSTREAM_FN) NULL, -+ VSTREAM_CTL_CONTEXT, (void *) NULL, -+ VSTREAM_CTL_END); -+ SSL_CTX_flush_sessions(ctx, time(NULL)); -+ -+ pfixtls_stir_seed(); -+ pfixtls_exchange_seed(); -+ -+ *tls_info = tls_info_zero; -+ pfixtls_serveractive = 0; -+ -+ } -+ -+ return (0); -+} -+ -+ -+ /* -+ * This is the setup routine for the SSL client. As smtpd might be called -+ * more than once, we only want to do the initialization one time. -+ * -+ * The skeleton of this function is taken from OpenSSL apps/s_client.c. -+ */ -+ -+int pfixtls_init_clientengine(int verifydepth) -+{ -+ int off = 0; -+ int verify_flags = SSL_VERIFY_NONE; -+ int rand_bytes; -+ int rand_source_dev_fd; -+ int rand_source_socket_fd; -+ unsigned char buffer[255]; -+ char *CApath; -+ char *CAfile; -+ char *c_cert_file; -+ char *c_key_file; -+ -+ -+ if (pfixtls_clientengine) -+ return (0); /* already running */ -+ -+ if (var_smtp_tls_loglevel >= 2) -+ msg_info("starting TLS engine"); -+ -+ /* -+ * Initialize the OpenSSL library by the book! -+ * To start with, we must initialize the algorithms. -+ * We want cleartext error messages instead of just error codes, so we -+ * load the error_strings. -+ */ -+ SSL_load_error_strings(); -+ OpenSSL_add_ssl_algorithms(); -+ -+ /* -+ * Side effect, call a non-existing function to disable TLS usage with an -+ * outdated OpenSSL version. There is a security reason (verify_result -+ * is not stored with the session data). -+ */ -+#if (OPENSSL_VERSION_NUMBER < 0x00905100L) -+ needs_openssl_095_or_later(); -+#endif -+ -+ /* -+ * Initialize the PRNG Pseudo Random Number Generator with some seed. -+ */ -+ randseed.pid = getpid(); -+ GETTIMEOFDAY(&randseed.tv); -+ RAND_seed(&randseed, sizeof(randseed_t)); -+ -+ /* -+ * Access the external sources for random seed. We will only query them -+ * once, this should be sufficient and we will stir our entropy by using -+ * the prng-exchange file anyway. -+ * For reliability, we don't consider failure to access the additional -+ * source fatal, as we can run happily without it (considering that we -+ * still have the exchange-file). We also don't care how much entropy -+ * we get back, as we must run anyway. We simply stir in the buffer -+ * regardless how many bytes are actually in it. -+ */ -+ if (*var_tls_daemon_rand_source) { -+ if (!strncmp(var_tls_daemon_rand_source, "dev:", 4)) { -+ /* -+ * Source is a random device -+ */ -+ rand_source_dev_fd = open(var_tls_daemon_rand_source + 4, 0, 0); -+ if (rand_source_dev_fd == -1) -+ msg_info("Could not open entropy device %s", -+ var_tls_daemon_rand_source); -+ else { -+ if (var_tls_daemon_rand_bytes > 255) -+ var_tls_daemon_rand_bytes = 255; -+ read(rand_source_dev_fd, buffer, var_tls_daemon_rand_bytes); -+ RAND_seed(buffer, var_tls_daemon_rand_bytes); -+ close(rand_source_dev_fd); -+ } -+ } else if (!strncmp(var_tls_daemon_rand_source, "egd:", 4)) { -+ /* -+ * Source is a EGD compatible socket -+ */ -+ rand_source_socket_fd = unix_connect(var_tls_daemon_rand_source +4, -+ BLOCKING, 10); -+ if (rand_source_socket_fd == -1) -+ msg_info("Could not connect to %s", var_tls_daemon_rand_source); -+ else { -+ if (var_tls_daemon_rand_bytes > 255) -+ var_tls_daemon_rand_bytes = 255; -+ buffer[0] = 1; -+ buffer[1] = var_tls_daemon_rand_bytes; -+ if (write(rand_source_socket_fd, buffer, 2) != 2) -+ msg_info("Could not talk to %s", -+ var_tls_daemon_rand_source); -+ else if (read(rand_source_socket_fd, buffer, 1) != 1) -+ msg_info("Could not read info from %s", -+ var_tls_daemon_rand_source); -+ else { -+ rand_bytes = buffer[0]; -+ read(rand_source_socket_fd, buffer, rand_bytes); -+ RAND_seed(buffer, rand_bytes); -+ } -+ close(rand_source_socket_fd); -+ } -+ } else { -+ RAND_load_file(var_tls_daemon_rand_source, -+ var_tls_daemon_rand_bytes); -+ } -+ } -+ -+ if (*var_tls_rand_exch_name) { -+ rand_exch_fd = open(var_tls_rand_exch_name, O_RDWR | O_CREAT, 0600); -+ if (rand_exch_fd != -1) -+ pfixtls_exchange_seed(); -+ } -+ -+ randseed.pid = getpid(); -+ GETTIMEOFDAY(&randseed.tv); -+ RAND_seed(&randseed, sizeof(randseed_t)); -+ -+ /* -+ * The SSL/TLS speficications require the client to send a message in -+ * the oldest specification it understands with the highest level it -+ * understands in the message. -+ * RFC2487 is only specified for TLSv1, but we want to be as compatible -+ * as possible, so we will start off with a SSLv2 greeting allowing -+ * the best we can offer: TLSv1. -+ * We can restrict this with the options setting later, anyhow. -+ */ -+ ctx = SSL_CTX_new(SSLv23_client_method()); -+ if (ctx == NULL) { -+ pfixtls_print_errors(); -+ return (-1); -+ }; -+ -+ /* -+ * Here we might set SSL_OP_NO_SSLv2, SSL_OP_NO_SSLv3, SSL_OP_NO_TLSv1. -+ * Of course, the last one would not make sense, since RFC2487 is only -+ * defined for TLS, but we don't know what is out there. So leave things -+ * completely open, as of today. -+ */ -+ off |= SSL_OP_ALL; /* Work around all known bugs */ -+ SSL_CTX_set_options(ctx, off); -+ -+ /* -+ * Set the info_callback, that will print out messages during -+ * communication on demand. -+ */ -+ if (var_smtp_tls_loglevel >= 2) -+ SSL_CTX_set_info_callback(ctx, apps_ssl_info_callback); -+ -+ /* -+ * Set the list of ciphers, if explicitely given; otherwise the -+ * (reasonable) default list is kept. -+ */ -+ if (strlen(var_smtp_tls_cipherlist) != 0) -+ if (SSL_CTX_set_cipher_list(ctx, var_smtp_tls_cipherlist) == 0) { -+ pfixtls_print_errors(); -+ return (-1); -+ } -+ -+ /* -+ * Now we must add the necessary certificate stuff: A client key, a -+ * client certificate, and the CA certificates for both the client -+ * cert and the verification of server certificates. -+ * In fact, we do not need a client certificate, so the certificates -+ * are only loaded (and checked), if supplied. A clever client would -+ * handle multiple client certificates and decide based on the list -+ * of acceptable CAs, sent by the server, which certificate to submit. -+ * OpenSSL does however not do this and also has no callback hoods to -+ * easily realize it. -+ * -+ * As provided by OpenSSL we support two types of CA certificate handling: -+ * One possibility is to add all CA certificates to one large CAfile, -+ * the other possibility is a directory pointed to by CApath, containing -+ * seperate files for each CA pointed on by softlinks named by the hash -+ * values of the certificate. -+ * The first alternative has the advantage, that the file is opened and -+ * read at startup time, so that you don't have the hassle to maintain -+ * another copy of the CApath directory for chroot-jail. On the other -+ * hand, the file is not really readable. -+ */ -+ if (strlen(var_smtp_tls_CAfile) == 0) -+ CAfile = NULL; -+ else -+ CAfile = var_smtp_tls_CAfile; -+ if (strlen(var_smtp_tls_CApath) == 0) -+ CApath = NULL; -+ else -+ CApath = var_smtp_tls_CApath; -+ if (CAfile || CApath) { -+ if (!SSL_CTX_load_verify_locations(ctx, CAfile, CApath)) { -+ msg_info("TLS engine: cannot load CA data"); -+ pfixtls_print_errors(); -+ return (-1); -+ } -+ if (!SSL_CTX_set_default_verify_paths(ctx)) { -+ msg_info("TLS engine: cannot set verify paths"); -+ pfixtls_print_errors(); -+ return (-1); -+ } -+ } -+ -+ if (strlen(var_smtp_tls_cert_file) == 0) -+ c_cert_file = NULL; -+ else -+ c_cert_file = var_smtp_tls_cert_file; -+ if (strlen(var_smtp_tls_key_file) == 0) -+ c_key_file = NULL; -+ else -+ c_key_file = var_smtp_tls_key_file; -+ if (c_cert_file || c_key_file) -+ if (!set_cert_stuff(ctx, c_cert_file, c_key_file)) { -+ msg_info("TLS engine: cannot load cert/key data"); -+ pfixtls_print_errors(); -+ return (-1); -+ } -+ -+ /* -+ * Sometimes a temporary RSA key might be needed by the OpenSSL -+ * library. The OpenSSL doc indicates, that this might happen when -+ * export ciphers are in use. We have to provide one, so well, we -+ * just do it. -+ */ -+ SSL_CTX_set_tmp_rsa_callback(ctx, tmp_rsa_cb); -+ -+ /* -+ * Finally, the setup for the server certificate checking, done -+ * "by the book". -+ */ -+ SSL_CTX_set_verify(ctx, verify_flags, verify_callback); -+ -+ /* -+ * Initialize the session cache. We only want external caching to -+ * synchronize between server sessions, so we set it to a minimum value -+ * of 1. If the external cache is disabled, we won't cache at all. -+ * -+ * In case of the client, there is no callback used in OpenSSL, so -+ * we must call the session cache functions manually during the process. -+ */ -+ SSL_CTX_sess_set_cache_size(ctx, 1); -+ SSL_CTX_set_timeout(ctx, var_smtp_tls_scache_timeout); -+ -+ /* -+ * The session cache is realized by an external database file, that -+ * must be opened before going to chroot jail. Since the session cache -+ * data can become quite large, "[n]dbm" cannot be used as it has a -+ * size limit that is by far to small. -+ */ -+ if (*var_smtp_tls_scache_db) { -+ /* -+ * Insert a test against other dbms here, otherwise while writing -+ * a session (content to large), we will receive a fatal error! -+ */ -+ if (strncmp(var_smtp_tls_scache_db, "sdbm:", 5)) -+ msg_warn("Only sdbm: type allowed for %s", -+ var_smtp_tls_scache_db); -+ else -+ scache_db = dict_open(var_smtp_tls_scache_db, O_RDWR, -+ DICT_FLAG_DUP_REPLACE | DICT_FLAG_LOCK | DICT_FLAG_SYNC_UPDATE); -+ if (!scache_db) -+ msg_warn("Could not open session cache %s", -+ var_smtp_tls_scache_db); -+ /* -+ * It is practical to have OpenSSL automatically save newly created -+ * sessions for us by callback. Therefore we have to enable the -+ * internal session cache for the client side. Disable automatic -+ * clearing, as smtp has limited lifetime anyway and we can call -+ * the cleanup routine at will. -+ */ -+ SSL_CTX_set_session_cache_mode(ctx, -+ SSL_SESS_CACHE_CLIENT|SSL_SESS_CACHE_NO_AUTO_CLEAR); -+ SSL_CTX_sess_set_new_cb(ctx, new_session_cb); -+ } -+ -+ /* -+ * Finally create the global index to access TLScontext information -+ * inside verify_callback. -+ */ -+ TLScontext_index = SSL_get_ex_new_index(0, "TLScontext ex_data index", -+ NULL, NULL, NULL); -+ TLSpeername_index = SSL_SESSION_get_ex_new_index(0, -+ "TLSpeername ex_data index", -+ new_peername_func, -+ dup_peername_func, -+ free_peername_func); -+ -+ pfixtls_clientengine = 1; -+ return (0); -+} -+ -+ /* -+ * This is the actual startup routine for the connection. We expect -+ * that the buffers are flushed and the "220 Ready to start TLS" was -+ * received by us, so that we can immediately can start the TLS -+ * handshake process. -+ */ -+int pfixtls_start_clienttls(VSTREAM *stream, int timeout, -+ int enforce_peername, -+ const char *peername, -+ tls_info_t *tls_info) -+{ -+ int sts; -+ SSL_SESSION *session, *old_session; -+ SSL_CIPHER *cipher; -+ X509 *peer; -+ int verify_flags; -+ TLScontext_t *TLScontext; -+ -+ if (!pfixtls_clientengine) { /* should never happen */ -+ msg_info("tls_engine not running"); -+ return (-1); -+ } -+ if (var_smtpd_tls_loglevel >= 1) -+ msg_info("setting up TLS connection to %s", peername); -+ -+ /* -+ * Allocate a new TLScontext for the new connection and get an SSL -+ * structure. Add the location of TLScontext to the SSL to later -+ * retrieve the information inside the verify_callback(). -+ */ -+ TLScontext = (TLScontext_t *)mymalloc(sizeof(TLScontext_t)); -+ if (!TLScontext) { -+ msg_fatal("Could not allocate 'TLScontext' with mymalloc"); -+ } -+ if ((TLScontext->con = (SSL *) SSL_new(ctx)) == NULL) { -+ msg_info("Could not allocate 'TLScontext->con' with SSL_new()"); -+ pfixtls_print_errors(); -+ myfree((char *)TLScontext); -+ return (-1); -+ } -+ if (!SSL_set_ex_data(TLScontext->con, TLScontext_index, TLScontext)) { -+ msg_info("Could not set application data for 'TLScontext->con'"); -+ pfixtls_print_errors(); -+ SSL_free(TLScontext->con); -+ myfree((char *)TLScontext); -+ return (-1); -+ } -+ -+ /* -+ * Set the verification parameters to be checked in verify_callback(). -+ */ -+ if (enforce_peername) { -+ verify_flags = SSL_VERIFY_PEER; -+ TLScontext->enforce_verify_errors = 1; -+ TLScontext->enforce_CN = 1; -+ SSL_set_verify(TLScontext->con, verify_flags, verify_callback); -+ } -+ else { -+ TLScontext->enforce_verify_errors = 0; -+ TLScontext->enforce_CN = 0; -+ } -+ -+ /* -+ * The TLS connection is realized by a BIO_pair, so obtain the pair. -+ */ -+ if (!BIO_new_bio_pair(&TLScontext->internal_bio, BIO_bufsiz, -+ &TLScontext->network_bio, BIO_bufsiz)) { -+ msg_info("Could not obtain BIO_pair"); -+ pfixtls_print_errors(); -+ SSL_free(TLScontext->con); -+ myfree((char *)TLScontext); -+ return (-1); -+ } -+ -+ old_session = NULL; -+ -+ /* -+ * Find out the hashed HostID for the client cache and try to -+ * load the session from the cache. -+ */ -+ strncpy(TLScontext->peername_save, peername, ID_MAXLENGTH + 1); -+ TLScontext->peername_save[ID_MAXLENGTH] = '\0'; /* just in case */ -+ (void)lowercase(TLScontext->peername_save); -+ if (scache_db) { -+ old_session = load_clnt_session(peername, enforce_peername); -+ if (old_session) { -+ SSL_set_session(TLScontext->con, old_session); -+#if (OPENSSL_VERSION_NUMBER < 0x00906011L) || (OPENSSL_VERSION_NUMBER == 0x00907000L) -+ /* -+ * Ugly Hack: OpenSSL before 0.9.6a does not store the verify -+ * result in sessions for the client side. -+ * We modify the session directly which is version specific, -+ * but this bug is version specific, too. -+ * -+ * READ: 0-09-06-01-1 = 0-9-6-a-beta1: all versions before -+ * beta1 have this bug, it has been fixed during development -+ * of 0.9.6a. The development version of 0.9.7 can have this -+ * bug, too. It has been fixed on 2000/11/29. -+ */ -+ SSL_set_verify_result(TLScontext->con, old_session->verify_result); -+#endif -+ -+ } -+ } -+ -+ /* -+ * Before really starting anything, try to seed the PRNG a little bit -+ * more. -+ */ -+ pfixtls_stir_seed(); -+ pfixtls_exchange_seed(); -+ -+ /* -+ * Initialize the SSL connection to connect state. This should not be -+ * necessary anymore since 0.9.3, but the call is still in the library -+ * and maintaining compatibility never hurts. -+ */ -+ SSL_set_connect_state(TLScontext->con); -+ -+ /* -+ * Connect the SSL-connection with the postfix side of the BIO-pair for -+ * reading and writing. -+ */ -+ SSL_set_bio(TLScontext->con, TLScontext->internal_bio, -+ TLScontext->internal_bio); -+ -+ /* -+ * If the debug level selected is high enough, all of the data is -+ * dumped: 3 will dump the SSL negotiation, 4 will dump everything. -+ * -+ * We do have an SSL_set_fd() and now suddenly a BIO_ routine is called? -+ * Well there is a BIO below the SSL routines that is automatically -+ * created for us, so we can use it for debugging purposes. -+ */ -+ if (var_smtp_tls_loglevel >= 3) -+ BIO_set_callback(SSL_get_rbio(TLScontext->con), bio_dump_cb); -+ -+ -+ /* Dump the negotiation for loglevels 3 and 4 */ -+ if (var_smtp_tls_loglevel >= 3) -+ do_dump = 1; -+ -+ /* -+ * Now we expect the negotiation to begin. This whole process is like a -+ * black box for us. We totally have to rely on the routines build into -+ * the OpenSSL library. The only thing we can do we already have done -+ * by choosing our own callback certificate verification. -+ * -+ * Error handling: -+ * If the SSL handhake fails, we print out an error message and remove -+ * everything that might be there. A session has to be removed anyway, -+ * because RFC2246 requires it. -+ */ -+ sts = do_tls_operation(vstream_fileno(stream), timeout, TLScontext, -+ SSL_connect, NULL, NULL, NULL, 0); -+ if (sts <= 0) { -+ msg_info("SSL_connect error to %s: %d", peername, sts); -+ pfixtls_print_errors(); -+ session = SSL_get_session(TLScontext->con); -+ if (session) { -+ SSL_CTX_remove_session(ctx, session); -+ if (var_smtp_tls_loglevel >= 2) -+ msg_info("SSL session removed"); -+ } -+ if ((old_session) && (!SSL_session_reused(TLScontext->con))) -+ SSL_SESSION_free(old_session); /* Must also be removed */ -+ SSL_free(TLScontext->con); -+ myfree((char *)TLScontext); -+ return (-1); -+ } -+ -+ if (!SSL_session_reused(TLScontext->con)) { -+ SSL_SESSION_free(old_session); /* Remove unused session */ -+ } -+ else if (var_smtp_tls_loglevel >= 3) -+ msg_info("Reusing old session"); -+ -+ /* Only loglevel==4 dumps everything */ -+ if (var_smtp_tls_loglevel < 4) -+ do_dump = 0; -+ -+ /* -+ * Lets see, whether a peer certificate is available and what is -+ * the actual information. We want to save it for later use. -+ */ -+ peer = SSL_get_peer_certificate(TLScontext->con); -+ if (peer != NULL) { -+ if (SSL_get_verify_result(TLScontext->con) == X509_V_OK) -+ tls_info->peer_verified = 1; -+ -+ TLScontext->peer_CN[0] = '\0'; -+ if (!X509_NAME_get_text_by_NID(X509_get_subject_name(peer), -+ NID_commonName, TLScontext->peer_CN, CCERT_BUFSIZ)) { -+ msg_info("Could not parse server's subject CN"); -+ pfixtls_print_errors(); -+ } -+ tls_info->peer_CN = TLScontext->peer_CN; -+ -+ TLScontext->issuer_CN[0] = '\0'; -+ if (!X509_NAME_get_text_by_NID(X509_get_issuer_name(peer), -+ NID_commonName, TLScontext->issuer_CN, CCERT_BUFSIZ)) { -+ msg_info("Could not parse server's issuer CN"); -+ pfixtls_print_errors(); -+ } -+ if (!TLScontext->issuer_CN[0]) { -+ /* No issuer CN field, use Organization instead */ -+ if (!X509_NAME_get_text_by_NID(X509_get_issuer_name(peer), -+ NID_organizationName, TLScontext->issuer_CN, CCERT_BUFSIZ)) { -+ msg_info("Could not parse server's issuer Organization"); -+ pfixtls_print_errors(); -+ } -+ } -+ tls_info->issuer_CN = TLScontext->issuer_CN; -+ -+ if (var_smtp_tls_loglevel >= 1) { -+ if (tls_info->peer_verified) -+ msg_info("Verified: subject_CN=%s, issuer=%s", -+ TLScontext->peer_CN, TLScontext->issuer_CN); -+ else -+ msg_info("Unverified: subject_CN=%s, issuer=%s", -+ TLScontext->peer_CN, TLScontext->issuer_CN); -+ } -+ X509_free(peer); -+ } -+ -+ /* -+ * Finally, collect information about protocol and cipher for logging -+ */ -+ tls_info->protocol = SSL_get_version(TLScontext->con); -+ cipher = SSL_get_current_cipher(TLScontext->con); -+ tls_info->cipher_name = SSL_CIPHER_get_name(cipher); -+ tls_info->cipher_usebits = SSL_CIPHER_get_bits(cipher, -+ &(tls_info->cipher_algbits)); -+ -+ pfixtls_clientactive = 1; -+ -+ /* -+ * The TLS engine is active, switch to the pfixtls_timed_read/write() -+ * functions. -+ */ -+ vstream_control(stream, -+ VSTREAM_CTL_READ_FN, pfixtls_timed_read, -+ VSTREAM_CTL_WRITE_FN, pfixtls_timed_write, -+ VSTREAM_CTL_CONTEXT, (void *)TLScontext, -+ VSTREAM_CTL_END); -+ -+ msg_info("TLS connection established to %s: %s with cipher %s (%d/%d bits)", -+ peername, -+ tls_info->protocol, tls_info->cipher_name, -+ tls_info->cipher_usebits, tls_info->cipher_algbits); -+ -+ pfixtls_stir_seed(); -+ -+ return (0); -+} -+ -+ /* -+ * Shut down the TLS connection, that does mean: remove all the information -+ * and reset the flags! This is needed if the actual running smtp is to -+ * be restarted. We do not give back any value, as there is nothing to -+ * be reported. -+ * Since our session cache is external, we will remove the session from -+ * memory in any case. The SSL_CTX_flush_sessions might be redundant here, -+ * I however want to make sure nothing is left. -+ * RFC2246 requires us to remove sessions if something went wrong, as -+ * indicated by the "failure" value,so we remove it from the external -+ * cache, too. -+ */ -+int pfixtls_stop_clienttls(VSTREAM *stream, int timeout, int failure, -+ tls_info_t *tls_info) -+{ -+ TLScontext_t *TLScontext; -+ int retval; -+ -+ if (pfixtls_clientactive) { -+ TLScontext = (TLScontext_t *)vstream_context(stream); -+ /* -+ * Perform SSL_shutdown() twice, as the first attempt may return -+ * to early: it will only send out the shutdown alert but it will -+ * not wait for the peer's shutdown alert. Therefore, when we are -+ * the first party to send the alert, we must call SSL_shutdown() -+ * again. -+ * On failure we don't want to resume the session, so we will not -+ * perform SSL_shutdown() and the session will be removed as being -+ * bad. -+ */ -+ if (!failure) { -+ retval = do_tls_operation(vstream_fileno(stream), timeout, -+ TLScontext, SSL_shutdown, NULL, NULL, NULL, 0); -+ if (retval == 0) -+ do_tls_operation(vstream_fileno(stream), timeout, TLScontext, -+ SSL_shutdown, NULL, NULL, NULL, 0); -+ } -+ /* -+ * Free the SSL structure and the BIOs. Warning: the internal_bio is -+ * connected to the SSL structure and is automatically freed with -+ * it. Do not free it again (core dump)!! -+ * Only free the network_bio. -+ */ -+ SSL_free(TLScontext->con); -+ BIO_free(TLScontext->network_bio); -+ myfree((char *)TLScontext); -+ vstream_control(stream, -+ VSTREAM_CTL_READ_FN, (VSTREAM_FN) NULL, -+ VSTREAM_CTL_WRITE_FN, (VSTREAM_FN) NULL, -+ VSTREAM_CTL_CONTEXT, (void *) NULL, -+ VSTREAM_CTL_END); -+ SSL_CTX_flush_sessions(ctx, time(NULL)); -+ -+ pfixtls_stir_seed(); -+ pfixtls_exchange_seed(); -+ -+ *tls_info = tls_info_zero; -+ pfixtls_clientactive = 0; -+ -+ } -+ -+ return (0); -+} -+ -+ -+#endif /* HAS_SSL */ -diff -Pur postfix-1.1.11-20020822-orig/src/global/pfixtls.h postfix-1.1.11-20020822/src/global/pfixtls.h ---- postfix-1.1.11-20020822-orig/src/global/pfixtls.h Thu Jan 1 01:00:00 1970 -+++ postfix-1.1.11-20020822/src/global/pfixtls.h Sat Aug 24 00:09:00 2002 -@@ -0,0 +1,76 @@ -+/*++ -+/* NAME -+/* pfixtls 3h -+/* SUMMARY -+/* TLS routines -+/* SYNOPSIS -+/* include "pfixtls.h" -+/* DESCRIPTION -+/* .nf -+/*--*/ -+ -+#ifndef PFIXTLS_H_INCLUDED -+#define PFIXTLS_H_INCLUDED -+ -+typedef struct { -+ int peer_verified; -+ char *peer_subject; -+ char *peer_issuer; -+ char *peer_fingerprint; -+ char *peer_CN; -+ char *issuer_CN; -+ const char *protocol; -+ const char *cipher_name; -+ int cipher_usebits; -+ int cipher_algbits; -+} tls_info_t; -+ -+extern const tls_info_t tls_info_zero; -+ -+#ifdef HAS_SSL -+ -+typedef struct { -+ long scache_db_version; -+ long openssl_version; -+ time_t timestamp; /* We could add other info here... */ -+ int enforce_peername; -+} pfixtls_scache_info_t; -+ -+extern const long scache_db_version; -+extern const long openssl_version; -+ -+int pfixtls_timed_read(int fd, void *buf, unsigned len, int timout, -+ void *unused_timeout); -+int pfixtls_timed_write(int fd, void *buf, unsigned len, int timeout, -+ void *unused_timeout); -+ -+extern int pfixtls_serverengine; -+int pfixtls_init_serverengine(int verifydepth, int askcert); -+int pfixtls_start_servertls(VSTREAM *stream, int timeout, -+ const char *peername, const char *peeraddr, -+ tls_info_t *tls_info, int require_cert); -+int pfixtls_stop_servertls(VSTREAM *stream, int timeout, int failure, -+ tls_info_t *tls_info); -+ -+extern int pfixtls_clientengine; -+int pfixtls_init_clientengine(int verifydepth); -+int pfixtls_start_clienttls(VSTREAM *stream, int timeout, -+ int enforce_peername, -+ const char *peername, -+ tls_info_t *tls_info); -+int pfixtls_stop_clienttls(VSTREAM *stream, int timeout, int failure, -+ tls_info_t *tls_info); -+ -+#endif /* PFIXTLS_H_INCLUDED */ -+#endif -+ -+/* LICENSE -+/* .ad -+/* .fi -+/* AUTHOR(S) -+/* Lutz Jaenicke -+/* BTU Cottbus -+/* Allgemeine Elektrotechnik -+/* Universitaetsplatz 3-4 -+/* D-03044 Cottbus, Germany -+/*--*/ -diff -Pur postfix-1.1.11-20020822-orig/src/global/resolve_local.c postfix-1.1.11-20020822/src/global/resolve_local.c ---- postfix-1.1.11-20020822-orig/src/global/resolve_local.c Wed Jul 17 19:12:29 2002 -+++ postfix-1.1.11-20020822/src/global/resolve_local.c Sat Aug 24 00:09:00 2002 -@@ -42,6 +42,7 @@ - #include <netinet/in.h> - #include <arpa/inet.h> - #include <string.h> -+#include <netdb.h> - - #ifndef INADDR_NONE - #define INADDR_NONE 0xffffffff -@@ -79,7 +80,12 @@ - { - char *saved_addr = mystrdup(addr); - char *dest; -+#ifdef INET6 -+ struct addrinfo hints, *res, *res0; -+ int error; -+#else - struct in_addr ipaddr; -+#endif - int len; - - #define RETURN(x) { myfree(saved_addr); return(x); } -@@ -117,9 +123,25 @@ - if (*dest == '[' && dest[len - 1] == ']') { - dest++; - dest[len -= 2] = 0; -+#ifdef INET6 -+ memset(&hints, 0, sizeof(hints)); -+ hints.ai_family = PF_UNSPEC; -+ hints.ai_socktype = SOCK_DGRAM; -+ error = getaddrinfo(dest, NULL, &hints, &res0); -+ if (!error) { -+ for (res = res0; res; res = res->ai_next) { -+ if (own_inet_addr(res->ai_addr)) { -+ freeaddrinfo(res0); -+ RETURN(1); -+ } -+ } -+ freeaddrinfo(res0); -+ } -+#else - if ((ipaddr.s_addr = inet_addr(dest)) != INADDR_NONE - && own_inet_addr(&ipaddr)) - RETURN(1); -+#endif - } - - /* -diff -Pur postfix-1.1.11-20020822-orig/src/global/wildcard_inet_addr.c postfix-1.1.11-20020822/src/global/wildcard_inet_addr.c ---- postfix-1.1.11-20020822-orig/src/global/wildcard_inet_addr.c Thu Jan 1 01:00:00 1970 -+++ postfix-1.1.11-20020822/src/global/wildcard_inet_addr.c Sat Aug 24 00:09:00 2002 -@@ -0,0 +1,82 @@ -+/* System library. */ -+ -+#include <sys_defs.h> -+#include <netinet/in.h> -+#include <arpa/inet.h> -+#include <string.h> -+#ifdef INET6 -+#include <sys/socket.h> -+#endif -+#include <netdb.h> -+ -+#ifdef STRCASECMP_IN_STRINGS_H -+#include <strings.h> -+#endif -+ -+/* Utility library. */ -+ -+#include <msg.h> -+#include <mymalloc.h> -+#include <inet_addr_list.h> -+#include <inet_addr_local.h> -+#include <inet_addr_host.h> -+#include <stringops.h> -+ -+/* Global library. */ -+ -+#include <mail_params.h> -+#include <wildcard_inet_addr.h> -+ -+/* Application-specific. */ -+static INET_ADDR_LIST addr_list; -+ -+/* wildcard_inet_addr_init - initialize my own address list */ -+ -+static void wildcard_inet_addr_init(INET_ADDR_LIST *addr_list) -+{ -+#ifdef INET6 -+ struct addrinfo hints, *res, *res0; -+ char hbuf[NI_MAXHOST]; -+ int error; -+#ifdef NI_WITHSCOPEID -+ const int niflags = NI_NUMERICHOST | NI_WITHSCOPEID; -+#else -+ const int niflags = NI_NUMERICHOST; -+#endif -+ -+ inet_addr_list_init(addr_list); -+ -+ memset(&hints, 0, sizeof(hints)); -+ hints.ai_family = PF_UNSPEC; -+ hints.ai_socktype = SOCK_STREAM; -+ hints.ai_flags = AI_PASSIVE; -+ error = getaddrinfo(NULL, "0", &hints, &res0); -+ if (error) -+ msg_fatal("could not get list of wildcard addresses"); -+ for (res = res0; res; res = res->ai_next) { -+ if (res->ai_family != AF_INET && res->ai_family != AF_INET6) -+ continue; -+ if (getnameinfo(res->ai_addr, res->ai_addrlen, hbuf, sizeof(hbuf), -+ NULL, 0, niflags) != 0) -+ continue; -+ if (inet_addr_host(addr_list, hbuf) == 0) -+ continue; /* msg_fatal("config variable %s: host not found: %s", -+ VAR_INET_INTERFACES, hbuf); */ -+ } -+ freeaddrinfo(res0); -+#else -+ if (inet_addr_host(addr_list, "0.0.0.0") == 0) -+ msg_fatal("config variable %s: host not found: %s", -+ VAR_INET_INTERFACES, "0.0.0.0"); -+#endif -+} -+ -+/* wildcard_inet_addr_list - return list of addresses */ -+ -+INET_ADDR_LIST *wildcard_inet_addr_list(void) -+{ -+ if (addr_list.used == 0) -+ wildcard_inet_addr_init(&addr_list); -+ -+ return (&addr_list); -+} -diff -Pur postfix-1.1.11-20020822-orig/src/global/wildcard_inet_addr.h postfix-1.1.11-20020822/src/global/wildcard_inet_addr.h ---- postfix-1.1.11-20020822-orig/src/global/wildcard_inet_addr.h Thu Jan 1 01:00:00 1970 -+++ postfix-1.1.11-20020822/src/global/wildcard_inet_addr.h Sat Aug 24 00:09:00 2002 -@@ -0,0 +1,36 @@ -+#ifndef _WILDCARD_INET_ADDR_H_INCLUDED_ -+#define _WILDCARD_INET_ADDR_H_INCLUDED_ -+ -+/*++ -+/* NAME -+/* wildcard_inet_addr_list 3h -+/* SUMMARY -+/* grab the list of wildcard IP addresses. -+/* SYNOPSIS -+/* #include <own_inet_addr.h> -+/* DESCRIPTION -+/* .nf -+/*--*/ -+ -+ /* -+ * System library. -+ */ -+#include <netinet/in.h> -+#ifdef INET6 -+#include <sys/socket.h> -+#endif -+ -+ /* -+ * External interface. -+ */ -+extern struct INET_ADDR_LIST *wildcard_inet_addr_list(void); -+ -+/* LICENSE -+/* .ad -+/* .fi -+/* foo -+/* AUTHOR(S) -+/* Jun-ichiro itojun Hagino -+/*--*/ -+ -+#endif -diff -Pur postfix-1.1.11-20020822-orig/src/lmtp/lmtp.c postfix-1.1.11-20020822/src/lmtp/lmtp.c ---- postfix-1.1.11-20020822-orig/src/lmtp/lmtp.c Sat May 11 02:07:05 2002 -+++ postfix-1.1.11-20020822/src/lmtp/lmtp.c Sat Aug 24 00:09:00 2002 -@@ -190,6 +190,12 @@ - /* .IP \fBlmtp_quit_timeout\fR - /* Timeout for sending the \fBQUIT\fR command, and for - /* receiving the server response. -+/* .IP \fBlmtp_bind_address\fR -+/* Numerical source network address (IPv4) to bind to when making -+/* a connection. -+/* .IP \fBlmtp_bind_address6\fR -+/* Numerical source network address (IPv6) to bind to when making -+/* a connection. - /* SEE ALSO - /* bounce(8) non-delivery status reports - /* local(8) local mail delivery -@@ -276,6 +282,8 @@ - char *var_lmtp_sasl_opts; - char *var_lmtp_sasl_passwd; - bool var_lmtp_sasl_enable; -+char *var_lmtp_bind_addr; -+char *var_lmtp_bind_addr6; - - /* - * Global variables. -@@ -514,6 +522,10 @@ - VAR_ERROR_RCPT, DEF_ERROR_RCPT, &var_error_rcpt, 1, 0, - VAR_LMTP_SASL_PASSWD, DEF_LMTP_SASL_PASSWD, &var_lmtp_sasl_passwd, 0, 0, - VAR_LMTP_SASL_OPTS, DEF_LMTP_SASL_OPTS, &var_lmtp_sasl_opts, 0, 0, -+ VAR_LMTP_BIND_ADDR, DEF_LMTP_BIND_ADDR, &var_lmtp_bind_addr, 0, 0, -+#ifdef INET6 -+ VAR_LMTP_BIND_ADDR6, DEF_LMTP_BIND_ADDR6, &var_lmtp_bind_addr6, 0, 0, -+#endif - 0, - }; - static CONFIG_INT_TABLE int_table[] = { -diff -Pur postfix-1.1.11-20020822-orig/src/lmtp/lmtp_connect.c postfix-1.1.11-20020822/src/lmtp/lmtp_connect.c ---- postfix-1.1.11-20020822-orig/src/lmtp/lmtp_connect.c Thu Mar 22 02:01:46 2001 -+++ postfix-1.1.11-20020822/src/lmtp/lmtp_connect.c Sat Aug 24 00:09:00 2002 -@@ -92,11 +92,13 @@ - #include <iostuff.h> - #include <timed_connect.h> - #include <stringops.h> -+#include <inet_addr_list.h> - - /* Global library. */ - - #include <mail_params.h> - #include <mail_proto.h> -+#include <own_inet_addr.h> - - /* DNS library. */ - -@@ -166,13 +168,42 @@ - const char *destination, VSTRING *why) - { - char *myname = "lmtp_connect_addr"; -- struct sockaddr_in sin; -- int sock; -+#ifdef INET6 -+ struct sockaddr_storage ss; -+#else -+ struct sockaddr ss; -+#endif -+ struct sockaddr *sa; -+ struct sockaddr_in *sin; -+#ifdef INET6 -+ struct sockaddr_in6 *sin6; -+#endif -+ SOCKADDR_SIZE salen; -+#ifdef INET6 -+ char hbuf[NI_MAXHOST]; -+#else -+ char hbuf[sizeof("255.255.255.255") + 1]; -+#endif -+ int sock = -1; -+ INET_ADDR_LIST *addr_list; -+ char *bind_addr; -+ -+ sa = (struct sockaddr *)&ss; -+ sin = (struct sockaddr_in *)&ss; -+#ifdef INET6 -+ sin6 = (struct sockaddr_in6 *)&ss; -+#endif - - /* - * Sanity checks. - */ -- if (addr->data_len > sizeof(sin.sin_addr)) { -+#ifdef INET6 -+ if (((addr->type==T_A) && (addr->data_len > sizeof(sin->sin_addr))) || -+ ((addr->type==T_AAAA) && (addr->data_len > sizeof(sin6->sin6_addr)))) -+#else -+ if (addr->data_len > sizeof(sin->sin_addr)) -+#endif -+ { - msg_warn("%s: skip address with length %d", myname, addr->data_len); - lmtp_errno = LMTP_RETRY; - return (0); -@@ -181,25 +212,168 @@ - /* - * Initialize. - */ -- memset((char *) &sin, 0, sizeof(sin)); -- sin.sin_family = AF_INET; -+ switch (addr->type) { -+#ifdef INET6 -+ case T_AAAA: -+ bind_addr = var_lmtp_bind_addr6; -+ memset(sin6, 0, sizeof(*sin6)); -+ sin6->sin6_family = AF_INET6; -+ salen = sizeof(*sin6); -+ break; -+#endif -+ default: /* T_A: */ -+ bind_addr = var_lmtp_bind_addr; -+ memset(sin, 0, sizeof(*sin)); -+ sin->sin_family = AF_INET; -+ salen = sizeof(*sin); -+ break; -+ }; -+#ifdef HAS_SALEN -+ sa->sa_len = salen; -+#endif - -- if ((sock = socket(sin.sin_family, SOCK_STREAM, 0)) < 0) -+ if ((sock = socket(sa->sa_family, SOCK_STREAM, 0)) < 0) - msg_fatal("%s: socket: %m", myname); - - /* -+ * Allow the sysadmin to specify the source address -+ */ -+ -+ if (*bind_addr) { -+#ifndef INET6 -+ struct sockaddr_in sin; -+ -+ memset(&sin, 0, sizeof(sin)); -+ sin.sin_family = AF_INET; -+#ifdef HAS_SA_LEN -+ sin.sin_len = sizeof(sin); -+#endif -+ sin.sin_addr.s_addr = inet_addr(bind_addr); -+ if (sin.sin_addr.s_addr == INADDR_NONE) -+ msg_fatal("%s: bad %s parameter: %s", -+ myname, VAR_LMTP_BIND_ADDR, var_smtp_bind_addr); -+ if (bind(sock, (struct sockaddr *) &sin, sizeof(sin)) < 0) -+ msg_warn("%s: bind %s: %m", myname, inet_ntoa(sin.sin_addr)); -+ if (msg_verbose) -+ msg_info("%s: bind %s", myname, inet_ntoa(sin.sin_addr)); -+#else -+ char hbufl[NI_MAXHOST]; -+ struct addrinfo hints, *res; -+ -+ memset(&hints, 0, sizeof(hints)); -+ hints.ai_family = sa->sa_family; -+ hints.ai_socktype = SOCK_STREAM; -+ hints.ai_flags = AI_PASSIVE|AI_NUMERICHOST; -+ snprintf(hbufl, sizeof(hbufl)-1, "%s", bind_addr); -+ if (getaddrinfo(hbufl, NULL, &hints, &res) == 0) { -+ (void)getnameinfo(res->ai_addr, res->ai_addrlen, hbufl, -+ sizeof(hbufl), NULL, 0, NI_NUMERICHOST); -+ if (bind(sock, res->ai_addr, res->ai_addrlen) < 0) -+ msg_warn("%s: bind %s: %m", myname, hbufl); -+ freeaddrinfo(res); -+ if (msg_verbose) -+ msg_info("%s: bind %s", myname, hbufl); -+ } -+#endif -+ } -+ -+ /* -+ * If running on a virtual host, start connections from the -+ * right address. -+ */ -+ -+ else if ((addr_list = own_inet_addr_list())->used == 1) { -+#ifndef INET6 -+ struct sockaddr_in sin; -+ unsigned long inaddr; /* XXX BAD!*/ -+ -+ memset(&sin, 0, sizeof(sin)); -+ sin.sin_family = AF_INET; -+#ifdef HAS_SA_LEN -+ sin.sin_len = sizeof(sin); -+#endif -+ memcpy((char *)&sin.sin_addr, addr_list->addrs, sizeof(sin.sin_addr)); -+ inaddr = (unsigned long)ntohl(sin.sin_addr.s_addr); -+ if (!IN_CLASSA(inaddr) -+ /* XXX Are the two following lines correct? */ -+ || !(((inaddr & IN_CLASSA_NET) >> IN_CLASSA_NSHIFT) == -+ IN_LOOPBACKNET)) { -+ if (bind(sock, (struct sockaddr *)&sin, sizeof(sin)) < 0) -+ msg_warn("%s: bind %s: %m", myname, inet_ntoa(sin.sin_addr)); -+ if (msg_verbose) -+ msg_info("%s: bind %s", myname, inet_ntoa(sin.sin_addr)); -+ } -+#else -+ char hbufl[NI_MAXHOST]; -+ struct addrinfo hints, *res = NULL, *loopback = NULL; -+ -+ memset(&hints, 0, sizeof(hints)); -+ hints.ai_family = sa->sa_family; -+ hints.ai_socktype = SOCK_STREAM; -+ if (getaddrinfo(NULL, "0", &hints, &loopback) != 0) -+ loopback = NULL; -+ -+ /* -+ * getnameinfo -> getaddrinfo loop is here so that we can -+ * get rid of port -+ */ -+ (void)getnameinfo((struct sockaddr *)addr_list->addrs, -+ SA_LEN((struct sockaddr *)addr_list->addrs), -+ hbufl, sizeof(hbufl), NULL, 0, NI_NUMERICHOST); -+ hbufl[sizeof(hbufl) - 1] = 0; -+ memset(&hints, 0, sizeof(hints)); -+ hints.ai_family = sa->sa_family; -+ hints.ai_socktype = SOCK_STREAM; -+ hints.ai_flags = AI_PASSIVE|AI_NUMERICHOST; -+ if (getaddrinfo(hbufl, NULL, &hints, &res) == 0 && -+ !(res->ai_addrlen == loopback->ai_addrlen && -+ memcmp(res->ai_addr, loopback->ai_addr, res->ai_addrlen) == 0)) { -+ if (bind(sock, res->ai_addr, res->ai_addrlen) < 0) -+ msg_warn("%s: bind %s: %m", myname, hbufl); -+ if (msg_verbose) -+ msg_info("%s: bind %s", myname, hbufl); -+ } -+ if (res) -+ freeaddrinfo(res); -+ if (loopback) -+ freeaddrinfo(loopback); -+#endif -+ } -+ -+ /* - * Connect to the LMTP server. - */ -- sin.sin_port = port; -- memcpy((char *) &sin.sin_addr, addr->data, sizeof(sin.sin_addr)); -+ switch (addr->type) { -+#ifdef INET6 -+ case T_AAAA: -+ /* XXX scope-unfriendly */ -+ memset(sin6, 0, sizeof(*sin6)); -+ sin6->sin6_port = port; -+ sin6->sin6_family = AF_INET6; -+ salen = sizeof(*sin6); -+ memcpy(&sin6->sin6_addr, addr->data, sizeof(sin6->sin6_addr)); -+ inet_ntop(AF_INET6, &sin6->sin6_addr, hbuf, sizeof(hbuf)); -+ break; -+#endif -+ default: /* T_A: */ -+ memset(sin, 0, sizeof(*sin)); -+ sin->sin_port = port; -+ sin->sin_family = AF_INET; -+ salen = sizeof(*sin6); -+ memcpy(&sin->sin_addr, addr->data, sizeof(sin->sin_addr)); -+ inet_ntop(AF_INET, &sin->sin_addr, hbuf, sizeof(hbuf)); -+ break; -+ } -+#ifdef HAS_SA_LEN -+ sa->sa_len = salen; -+#endif - - if (msg_verbose) - msg_info("%s: trying: %s[%s] port %d...", -- myname, addr->name, inet_ntoa(sin.sin_addr), ntohs(port)); -+ myname, addr->name, hbuf, ntohs(port)); - -- return (lmtp_connect_sock(sock, (struct sockaddr *) & sin, sizeof(sin), -- addr->name, inet_ntoa(sin.sin_addr), -- destination, why)); -+ return (lmtp_connect_sock(sock, (struct sockaddr *)sa, salen, -+ addr->name, hbuf, destination, why)); - } - - /* lmtp_connect_sock - connect a socket over some transport */ -diff -Pur postfix-1.1.11-20020822-orig/src/master/mail_flow.c postfix-1.1.11-20020822/src/master/mail_flow.c ---- postfix-1.1.11-20020822-orig/src/master/mail_flow.c Fri Jan 11 16:21:01 2002 -+++ postfix-1.1.11-20020822/src/master/mail_flow.c Sat Aug 24 00:27:46 2002 -@@ -47,6 +47,7 @@ - #include <sys/stat.h> - #include <unistd.h> - #include <stdlib.h> -+#include <string.h> - - /* Utility library. */ - -diff -Pur postfix-1.1.11-20020822-orig/src/master/master_ent.c postfix-1.1.11-20020822/src/master/master_ent.c ---- postfix-1.1.11-20020822-orig/src/master/master_ent.c Sun Dec 23 20:08:58 2001 -+++ postfix-1.1.11-20020822/src/master/master_ent.c Sat Aug 24 00:27:46 2002 -@@ -86,6 +86,9 @@ - #include <inet_addr_list.h> - #include <inet_util.h> - #include <inet_addr_host.h> -+#ifdef INET6 -+#include <wildcard_inet_addr.h> -+#endif - - /* Global library. */ - -@@ -284,8 +287,13 @@ - inet_addr_host(MASTER_INET_ADDRLIST(serv), host); - serv->listen_fd_count = MASTER_INET_ADDRLIST(serv)->used; - } else if (strcasecmp(var_inet_interfaces, DEF_INET_INTERFACES) == 0) { -+#ifdef INET6 -+ MASTER_INET_ADDRLIST(serv) = wildcard_inet_addr_list(); -+ serv->listen_fd_count = MASTER_INET_ADDRLIST(serv)->used; -+#else - MASTER_INET_ADDRLIST(serv) = 0; /* wild-card */ - serv->listen_fd_count = 1; -+#endif - } else { - MASTER_INET_ADDRLIST(serv) = own_inet_addr_list(); /* virtual */ - serv->listen_fd_count = MASTER_INET_ADDRLIST(serv)->used; -diff -Pur postfix-1.1.11-20020822-orig/src/master/master_listen.c postfix-1.1.11-20020822/src/master/master_listen.c ---- postfix-1.1.11-20020822-orig/src/master/master_listen.c Tue May 1 00:47:57 2001 -+++ postfix-1.1.11-20020822/src/master/master_listen.c Sat Aug 24 00:09:00 2002 -@@ -64,13 +64,22 @@ - - #include "master.h" - -+#ifdef INET6 -+#include <netdb.h> -+#include <stdio.h> -+#endif -+ - /* master_listen_init - enable connection requests */ - - void master_listen_init(MASTER_SERV *serv) - { - char *myname = "master_listen_init"; - char *end_point; -- int n; -+ int n,m,tmpfd; -+#ifdef INET6 -+ char hbuf[NI_MAXHOST]; -+ SOCKADDR_SIZE salen; -+#endif - - /* - * Find out what transport we should use, then create one or more -@@ -111,18 +120,31 @@ - serv->listen_fd[0] = - inet_listen(MASTER_INET_PORT(serv), - serv->max_proc > var_proc_limit ? -- serv->max_proc : var_proc_limit, NON_BLOCKING); -+ serv->max_proc : var_proc_limit, NON_BLOCKING, 1); - close_on_exec(serv->listen_fd[0], CLOSE_ON_EXEC); - } else { /* virtual or host:port */ -- for (n = 0; n < serv->listen_fd_count; n++) { -+ for (m = n = 0; n < serv->listen_fd_count; n++) { -+#ifdef INET6 -+ if (getnameinfo((struct sockaddr *)&MASTER_INET_ADDRLIST(serv)->addrs[n], -+ SA_LEN((struct sockaddr *)&MASTER_INET_ADDRLIST(serv)->addrs[n]), -+ hbuf, sizeof(hbuf), NULL, 0, NI_NUMERICHOST)) { -+ strncpy(hbuf, "?????", sizeof(hbuf)); -+ } -+ end_point = concatenate(hbuf, ":", MASTER_INET_PORT(serv), (char *) 0); -+#else - end_point = concatenate(inet_ntoa(MASTER_INET_ADDRLIST(serv)->addrs[n]), - ":", MASTER_INET_PORT(serv), (char *) 0); -- serv->listen_fd[n] -+#endif -+ tmpfd - = inet_listen(end_point, serv->max_proc > var_proc_limit ? -- serv->max_proc : var_proc_limit, NON_BLOCKING); -- close_on_exec(serv->listen_fd[n], CLOSE_ON_EXEC); -+ serv->max_proc : var_proc_limit, NON_BLOCKING, 0); -+ if (tmpfd >= 0) { -+ serv->listen_fd[m] = tmpfd; -+ close_on_exec(serv->listen_fd[m++], CLOSE_ON_EXEC); -+ } - myfree(end_point); - } -+ serv->listen_fd_count=m; - } - break; - default: -diff -Pur postfix-1.1.11-20020822-orig/src/qmgr/qmgr_message.c postfix-1.1.11-20020822/src/qmgr/qmgr_message.c ---- postfix-1.1.11-20020822-orig/src/qmgr/qmgr_message.c Sun Aug 18 19:00:43 2002 -+++ postfix-1.1.11-20020822/src/qmgr/qmgr_message.c Sat Aug 24 00:09:01 2002 -@@ -507,7 +507,11 @@ - * every front-ent program. - */ - if ((at = strrchr(recipient->address, '@')) != 0 -+#ifdef INET6 -+ && (at + 1)[strspn(at + 1, "[]0123456789.:abcdef")] != 0 -+#else - && (at + 1)[strspn(at + 1, "[]0123456789.")] != 0 -+#endif - && valid_hostname(at + 1, DONT_GRIPE) == 0) { - qmgr_bounce_recipient(message, recipient, - "bad host/domain syntax: \"%s\"", at + 1); -diff -Pur postfix-1.1.11-20020822-orig/src/qmqpd/qmqpd_peer.c postfix-1.1.11-20020822/src/qmqpd/qmqpd_peer.c ---- postfix-1.1.11-20020822-orig/src/qmqpd/qmqpd_peer.c Thu Jul 5 22:09:35 2001 -+++ postfix-1.1.11-20020822/src/qmqpd/qmqpd_peer.c Sat Aug 24 00:09:01 2002 -@@ -70,6 +70,11 @@ - ) - #endif - -+#ifdef INET6 -+#define GAI_STRERROR(error) \ -+ ((error = EAI_SYSTEM) ? gai_strerror(error) : strerror(errno)) -+#endif -+ - /* Utility library. */ - - #include <msg.h> -@@ -79,7 +84,6 @@ - - /* Global library. */ - -- - /* Application-specific. */ - - #include "qmqpd.h" -@@ -88,16 +92,23 @@ - - void qmqpd_peer_init(QMQPD_STATE *state) - { -- struct sockaddr_in sin; -- SOCKADDR_SIZE len = sizeof(sin); -+#ifdef INET6 -+ struct sockaddr_storage ss; -+#else -+ struct sockaddr ss; -+ struct in_addr *in; - struct hostent *hp; -- int i; -+#endif -+ struct sockaddr *sa; -+ SOCKADDR_SIZE len; -+ -+ sa = (struct sockaddr *)&ss; -+ len = sizeof(ss); - - /* - * Look up the peer address information. - */ -- if (getpeername(vstream_fileno(state->client), -- (struct sockaddr *) & sin, &len) >= 0) { -+ if (getpeername(vstream_fileno(state->client), sa, &len) >= 0) { - errno = 0; - } - -@@ -112,16 +123,50 @@ - /* - * Look up and "verify" the client hostname. - */ -- else if (errno == 0 && sin.sin_family == AF_INET) { -- state->addr = mystrdup(inet_ntoa(sin.sin_addr)); -- hp = gethostbyaddr((char *) &(sin.sin_addr), -- sizeof(sin.sin_addr), AF_INET); -- if (hp == 0) { -+ else if (errno == 0 && (sa->sa_family == AF_INET -+#ifdef INET6 -+ || sa->sa_family == AF_INET6 -+#endif -+ )) { -+#ifdef INET6 -+ char hbuf[NI_MAXHOST]; -+ char abuf[NI_MAXHOST]; -+ struct addrinfo hints, *rnull = NULL; -+#else -+ char abuf[sizeof("255.255.255.255") + 1]; -+ char *hbuf; -+#endif -+ int error = -1; -+ -+#ifdef INET6 -+ (void)getnameinfo(sa, len, abuf, sizeof(abuf), NULL, 0, -+ NI_NUMERICHOST); -+#else -+ in = &((struct sockaddr_in *)sa)->sin_addr; -+ inet_ntop(AF_INET, in, abuf, sizeof(abuf)); -+#endif -+ -+ state->addr = mystrdup(abuf); -+#ifdef INET6 -+ error = getnameinfo(sa, len, hbuf, sizeof(hbuf), NULL, 0, -+ NI_NAMEREQD); -+#else -+ hbuf = NULL; -+ hp = gethostbyaddr((char *)in, sizeof(*in), AF_INET); -+ if (hp) { -+ error = 0; -+ hbuf = mystrdup(hp->h_name); -+ state->name = mystrdup("unknown"); -+ } else { -+ error = 1; -+ } -+#endif -+ if (error) { - state->name = mystrdup("unknown"); -- } else if (!valid_hostname(hp->h_name, DONT_GRIPE)) { -+ } else if (!valid_hostname(hbuf, DONT_GRIPE)) { - state->name = mystrdup("unknown"); - } else { -- state->name = mystrdup(hp->h_name); /* hp->name is clobbered!! */ -+ state->name = mystrdup(hbuf); /* hp->name is clobbered!! */ - - /* - * Reject the hostname if it does not list the peer address. -@@ -131,16 +176,31 @@ - state->name = mystrdup("unknown"); \ - } - -+#ifdef INET6 -+ memset(&hints, 0, sizeof(hints)); -+ hints.ai_family = AF_UNSPEC; -+ hints.ai_socktype = SOCK_STREAM; -+ error = getaddrinfo(state->name, NULL, &hints, &rnull); -+ if (error) { -+ msg_warn("%s: hostname %s verification failed: %s", -+ state->addr, state->name, GAI_STRERROR(error)); -+ REJECT_PEER_NAME(state); -+ } -+ /* memcmp() isn't needed if we use getaddrinfo */ -+ if (rnull) -+ freeaddrinfo(rnull); -+#else - hp = gethostbyname(state->name); /* clobbers hp->name!! */ - if (hp == 0) { - msg_warn("%s: hostname %s verification failed: %s", - state->addr, state->name, HSTRERROR(h_errno)); - REJECT_PEER_NAME(state); -- } else if (hp->h_length != sizeof(sin.sin_addr)) { -+ } else if (hp->h_length != sizeof(*in)) { - msg_warn("%s: hostname %s verification failed: bad address size %d", - state->addr, state->name, hp->h_length); - REJECT_PEER_NAME(state); - } else { -+ int i; - for (i = 0; /* void */ ; i++) { - if (hp->h_addr_list[i] == 0) { - msg_warn("%s: address not listed for hostname %s", -@@ -148,12 +208,12 @@ - REJECT_PEER_NAME(state); - break; - } -- if (memcmp(hp->h_addr_list[i], -- (char *) &sin.sin_addr, -- sizeof(sin.sin_addr)) == 0) -+ if (memcmp(hp->h_addr_list[i], (char *)in, -+ sizeof(*in)) == 0) - break; /* keep peer name */ - } - } -+#endif - } - } - -diff -Pur postfix-1.1.11-20020822-orig/src/smtp/Makefile.in postfix-1.1.11-20020822/src/smtp/Makefile.in ---- postfix-1.1.11-20020822-orig/src/smtp/Makefile.in Wed Aug 21 22:25:43 2002 -+++ postfix-1.1.11-20020822/src/smtp/Makefile.in Sat Aug 24 00:09:01 2002 -@@ -84,6 +84,7 @@ - smtp.o: ../../include/iostuff.h - smtp.o: ../../include/attr.h - smtp.o: ../../include/mail_server.h -+smtp.o: ../../include/pfixtls.h - smtp.o: smtp.h - smtp.o: smtp_sasl.h - smtp_addr.o: smtp_addr.c -@@ -103,6 +104,7 @@ - smtp_addr.o: ../../include/argv.h - smtp_addr.o: ../../include/deliver_request.h - smtp_addr.o: ../../include/recipient_list.h -+smtp_addr.o: ../../include/pfixtls.h - smtp_addr.o: smtp_addr.h - smtp_chat.o: smtp_chat.c - smtp_chat.o: ../../include/sys_defs.h -@@ -123,6 +125,7 @@ - smtp_chat.o: ../../include/cleanup_user.h - smtp_chat.o: ../../include/mail_error.h - smtp_chat.o: ../../include/name_mask.h -+smtp_chat.o: ../../include/pfixtls.h - smtp_chat.o: smtp.h - smtp_connect.o: smtp_connect.c - smtp_connect.o: ../../include/sys_defs.h -@@ -139,10 +142,12 @@ - smtp_connect.o: ../../include/mail_params.h - smtp_connect.o: ../../include/own_inet_addr.h - smtp_connect.o: ../../include/dns.h -+smtp_connect.o: ../../include/get_port.h - smtp_connect.o: smtp.h - smtp_connect.o: ../../include/argv.h - smtp_connect.o: ../../include/deliver_request.h - smtp_connect.o: ../../include/recipient_list.h -+smtp_connetc.o: ../../include/pfixtls.h - smtp_connect.o: smtp_addr.h - smtp_proto.o: smtp_proto.c - smtp_proto.o: ../../include/sys_defs.h -@@ -174,6 +179,7 @@ - smtp_proto.o: ../../include/attr.h - smtp_proto.o: ../../include/mime_state.h - smtp_proto.o: ../../include/header_opts.h -+smtp_proto.o: ../../include/pfixtls.h - smtp_proto.o: smtp.h - smtp_proto.o: ../../include/argv.h - smtp_proto.o: smtp_sasl.h -@@ -219,9 +225,12 @@ - smtp_session.o: ../../include/stringops.h - smtp_session.o: ../../include/vstring.h - smtp_session.o: smtp.h -+smtp_session.o: ../../include/mail_params.h -+smtp_session.o: ../../include/pfixtls.h - smtp_session.o: ../../include/argv.h - smtp_session.o: ../../include/deliver_request.h - smtp_session.o: ../../include/recipient_list.h -+smtp_session.o: ../../include/maps.h - smtp_state.o: smtp_state.c - smtp_state.o: ../../include/sys_defs.h - smtp_state.o: ../../include/mymalloc.h -@@ -235,6 +244,7 @@ - smtp_state.o: ../../include/argv.h - smtp_state.o: ../../include/deliver_request.h - smtp_state.o: ../../include/recipient_list.h -+smtp_state.o: ../../include/pfixtls.h - smtp_state.o: smtp_sasl.h - smtp_trouble.o: smtp_trouble.c - smtp_trouble.o: ../../include/sys_defs.h -@@ -254,6 +264,7 @@ - smtp_trouble.o: ../../include/name_mask.h - smtp_trouble.o: smtp.h - smtp_trouble.o: ../../include/argv.h -+smtp_trouble.o: ../../include/pfixtls.h - smtp_unalias.o: smtp_unalias.c - smtp_unalias.o: ../../include/sys_defs.h - smtp_unalias.o: ../../include/htable.h -@@ -266,3 +277,4 @@ - smtp_unalias.o: ../../include/argv.h - smtp_unalias.o: ../../include/deliver_request.h - smtp_unalias.o: ../../include/recipient_list.h -+smtp_unalias.o: ../../include/pfixtls.h -diff -Pur postfix-1.1.11-20020822-orig/src/smtp/sasl_problem_diff postfix-1.1.11-20020822/src/smtp/sasl_problem_diff ---- postfix-1.1.11-20020822-orig/src/smtp/sasl_problem_diff Thu Jan 1 01:00:00 1970 -+++ postfix-1.1.11-20020822/src/smtp/sasl_problem_diff Sat Aug 24 00:09:01 2002 -@@ -0,0 +1,17 @@ -+--- smtp_proto.c.old Wed May 15 14:01:56 2002 -++++ smtp_proto.c Fri May 24 21:13:50 2002 -+@@ -372,8 +372,13 @@ -+ else if (strcasecmp(word, "STARTTLS") == 0) -+ state->features |= SMTP_FEATURE_STARTTLS; -+ #ifdef USE_SASL_AUTH -+- else if (var_smtp_sasl_enable && strcasecmp(word, "AUTH") == 0) -++ else if (var_smtp_sasl_enable && strcasecmp(word, "AUTH") == 0) { -++ if (state->sasl_mechanism_list) { -++ myfree(state->sasl_mechanism_list); -++ state->sasl_mechanism_list = 0; -++ } -+ smtp_sasl_helo_auth(state, words); -++ } -+ #endif -+ } -+ } -diff -Pur postfix-1.1.11-20020822-orig/src/smtp/smtp.c postfix-1.1.11-20020822/src/smtp/smtp.c ---- postfix-1.1.11-20020822-orig/src/smtp/smtp.c Mon May 27 01:07:04 2002 -+++ postfix-1.1.11-20020822/src/smtp/smtp.c Sat Aug 24 00:09:01 2002 -@@ -100,7 +100,11 @@ - /* .IP \fBsmtp_never_send_ehlo\fR - /* Never send EHLO at the start of a connection. - /* .IP \fBsmtp_bind_address\fR --/* Numerical source network address to bind to when making a connection. -+/* Numerical source network address (IPv4) to bind to when making -+/* a connection. -+/* .IP \fBsmtp_bind_address6\fR -+/* Numerical source network address (IPv6) to bind to when making -+/* a connection. - /* .IP \fBsmtp_line_length_limit\fR - /* Length limit for SMTP message content lines. Zero means no limit. - /* Some SMTP servers misbehave on long lines. -@@ -240,6 +244,7 @@ - #include <debug_peer.h> - #include <mail_error.h> - #include <deliver_pass.h> -+#include <pfixtls.h> - - /* Single server skeleton. */ - -@@ -256,6 +261,7 @@ - */ - int var_smtp_conn_tmout; - int var_smtp_helo_tmout; -+int var_smtp_starttls_tmout; - int var_smtp_mail_tmout; - int var_smtp_rcpt_tmout; - int var_smtp_data0_tmout; -@@ -277,11 +283,20 @@ - char *var_smtp_sasl_passwd; - bool var_smtp_sasl_enable; - char *var_smtp_bind_addr; -+#ifdef INET6 -+char *var_smtp_bind_addr6; -+#endif - bool var_smtp_rand_addr; - int var_smtp_pix_thresh; - int var_smtp_pix_delay; - int var_smtp_line_limit; - char *var_smtp_helo_name; -+int var_smtp_use_tls; -+int var_smtp_enforce_tls; -+int var_smtp_tls_enforce_peername; -+char *var_smtp_tls_per_site; -+int var_smtp_tls_scert_vd; -+int var_smtp_tls_note_starttls_offer; - - /* - * Global variables. smtp_errno is set by the address lookup routines and by -@@ -391,6 +406,7 @@ - - static void pre_init(char *unused_name, char **unused_argv) - { -+ - debug_peer_init(); - - if (var_smtp_sasl_enable) -@@ -400,6 +416,14 @@ - msg_warn("%s is true, but SASL support is not compiled in", - VAR_SMTP_SASL_ENABLE); - #endif -+ /* -+ * Initialize the TLS data before entering the chroot jail -+ */ -+#ifdef HAS_SSL -+ if (var_smtp_use_tls || var_smtp_enforce_tls || var_smtp_tls_per_site[0]) -+ pfixtls_init_clientengine(var_smtp_tls_scert_vd); -+ smtp_tls_list_init(); -+#endif - } - - /* pre_accept - see if tables have changed */ -@@ -434,7 +458,11 @@ - VAR_SMTP_SASL_PASSWD, DEF_SMTP_SASL_PASSWD, &var_smtp_sasl_passwd, 0, 0, - VAR_SMTP_SASL_OPTS, DEF_SMTP_SASL_OPTS, &var_smtp_sasl_opts, 0, 0, - VAR_SMTP_BIND_ADDR, DEF_SMTP_BIND_ADDR, &var_smtp_bind_addr, 0, 0, -+#ifdef INET6 -+ VAR_SMTP_BIND_ADDR6, DEF_SMTP_BIND_ADDR6, &var_smtp_bind_addr6, 0, 0, -+#endif - VAR_SMTP_HELO_NAME, DEF_SMTP_HELO_NAME, &var_smtp_helo_name, 1, 0, -+ VAR_SMTP_TLS_PER_SITE, DEF_SMTP_TLS_PER_SITE, &var_smtp_tls_per_site, 0, 0, - 0, - }; - static CONFIG_TIME_TABLE time_table[] = { -@@ -448,6 +476,7 @@ - VAR_SMTP_QUIT_TMOUT, DEF_SMTP_QUIT_TMOUT, &var_smtp_quit_tmout, 1, 0, - VAR_SMTP_PIX_THRESH, DEF_SMTP_PIX_THRESH, &var_smtp_pix_thresh, 0, 0, - VAR_SMTP_PIX_DELAY, DEF_SMTP_PIX_DELAY, &var_smtp_pix_delay, 1, 0, -+ VAR_SMTP_STARTTLS_TMOUT, DEF_SMTP_STARTTLS_TMOUT, &var_smtp_starttls_tmout, 1, 0, - 0, - }; - static CONFIG_INT_TABLE int_table[] = { -@@ -463,6 +492,10 @@ - VAR_SMTP_NEVER_EHLO, DEF_SMTP_NEVER_EHLO, &var_smtp_never_ehlo, - VAR_SMTP_SASL_ENABLE, DEF_SMTP_SASL_ENABLE, &var_smtp_sasl_enable, - VAR_SMTP_RAND_ADDR, DEF_SMTP_RAND_ADDR, &var_smtp_rand_addr, -+ VAR_SMTP_USE_TLS, DEF_SMTP_USE_TLS, &var_smtp_use_tls, -+ VAR_SMTP_ENFORCE_TLS, DEF_SMTP_ENFORCE_TLS, &var_smtp_enforce_tls, -+ VAR_SMTP_TLS_ENFORCE_PN, DEF_SMTP_TLS_ENFORCE_PN, &var_smtp_tls_enforce_peername, -+ VAR_SMTP_TLS_NOTEOFFER, DEF_SMTP_TLS_NOTEOFFER, &var_smtp_tls_note_starttls_offer, - 0, - }; - -diff -Pur postfix-1.1.11-20020822-orig/src/smtp/smtp.h postfix-1.1.11-20020822/src/smtp/smtp.h ---- postfix-1.1.11-20020822-orig/src/smtp/smtp.h Thu May 23 21:18:02 2002 -+++ postfix-1.1.11-20020822/src/smtp/smtp.h Sat Aug 24 00:09:01 2002 -@@ -27,6 +27,7 @@ - * Global library. - */ - #include <deliver_request.h> -+#include <pfixtls.h> - - /* - * State information associated with each SMTP delivery. We're bundling the -@@ -79,9 +80,14 @@ - char *addr; /* mail exchanger */ - char *namaddr; /* mail exchanger */ - int best; /* most preferred host */ -+ int tls_use_tls; /* can do TLS */ -+ int tls_enforce_tls; /* must do TLS */ -+ int tls_enforce_peername; /* cert must match */ -+ tls_info_t tls_info; /* TLS connection state */ - } SMTP_SESSION; - --extern SMTP_SESSION *smtp_session_alloc(VSTREAM *, char *, char *); -+extern void smtp_tls_list_init(void); -+extern SMTP_SESSION *smtp_session_alloc(char *, VSTREAM *, char *, char *); - extern void smtp_session_free(SMTP_SESSION *); - - /* -diff -Pur postfix-1.1.11-20020822-orig/src/smtp/smtp_addr.c postfix-1.1.11-20020822/src/smtp/smtp_addr.c ---- postfix-1.1.11-20020822-orig/src/smtp/smtp_addr.c Sun Jul 8 17:05:26 2001 -+++ postfix-1.1.11-20020822/src/smtp/smtp_addr.c Sat Aug 24 00:09:01 2002 -@@ -134,18 +134,68 @@ - static void smtp_print_addr(char *what, DNS_RR *addr_list) - { - DNS_RR *addr; -- struct in_addr in_addr; -+#ifdef INET6 -+ struct sockaddr_storage ss; -+#else -+ struct sockaddr ss; -+#endif -+ struct sockaddr_in *sin; -+#ifdef INET6 -+ struct sockaddr_in6 *sin6; -+ char hbuf[NI_MAXHOST]; -+#else -+ char hbuf[sizeof("255.255.255.255") + 1]; -+#endif - - msg_info("begin %s address list", what); - for (addr = addr_list; addr; addr = addr->next) { -- if (addr->data_len > sizeof(addr)) { -- msg_warn("skipping address length %d", addr->data_len); -- } else { -- memcpy((char *) &in_addr, addr->data, sizeof(in_addr)); -- msg_info("pref %4d host %s/%s", -- addr->pref, addr->name, -- inet_ntoa(in_addr)); -+ if (addr->class != C_IN) { -+ msg_warn("skipping unsupported address (class=%u)", addr->class); -+ continue; - } -+ switch (addr->type) { -+ case T_A: -+ if (addr->data_len != sizeof(sin->sin_addr)) { -+ msg_warn("skipping invalid address (AAAA, len=%u)", -+ addr->data_len); -+ continue; -+ } -+ sin = (struct sockaddr_in *)&ss; -+ memset(sin, 0, sizeof(*sin)); -+ sin->sin_family = AF_INET; -+#ifdef HAS_SA_LEN -+ sin->sin_len = sizeof(*sin); -+#endif -+ memcpy(&sin->sin_addr, addr->data, sizeof(sin->sin_addr)); -+ break; -+#ifdef INET6 -+ case T_AAAA: -+ if (addr->data_len != sizeof(sin6->sin6_addr)) { -+ msg_warn("skipping invalid address (AAAA, len=%u)", -+ addr->data_len); -+ continue; -+ } -+ sin6 = (struct sockaddr_in6 *)&ss; -+ memset(sin6, 0, sizeof(*sin6)); -+ sin6->sin6_family = AF_INET6; -+#ifdef HAS_SA_LEN -+ sin6->sin6_len = sizeof(*sin6); -+#endif -+ memcpy(&sin6->sin6_addr, addr->data, sizeof(sin6->sin6_addr)); -+ break; -+#endif -+ default: -+ msg_warn("skipping unsupported address (type=%u)", addr->type); -+ continue; -+ } -+ -+#ifdef INET6 -+ (void)getnameinfo((struct sockaddr *)&ss, SS_LEN(ss), -+ hbuf, sizeof(hbuf), NULL, 0, NI_NUMERICHOST); -+#else -+ (void)inet_ntop(AF_INET, &sin->sin_addr, hbuf, sizeof(hbuf)); -+#endif -+ msg_info("pref %4d host %s/%s", addr->pref, addr->name, hbuf); - } - msg_info("end %s address list", what); - } -@@ -155,15 +205,23 @@ - static DNS_RR *smtp_addr_one(DNS_RR *addr_list, char *host, unsigned pref, VSTRING *why) - { - char *myname = "smtp_addr_one"; -+#ifndef INET6 - struct in_addr inaddr; -- DNS_FIXED fixed; - DNS_RR *addr = 0; - DNS_RR *rr; - struct hostent *hp; -+#else -+ struct addrinfo hints, *res0, *res; -+ int error = -1; -+ char *addr; -+ size_t addrlen; -+#endif -+ DNS_FIXED fixed; - - if (msg_verbose) - msg_info("%s: host %s", myname, host); - -+#ifndef INET6 - /* - * Interpret a numerical name as an address. - */ -@@ -216,6 +274,48 @@ - smtp_errno = SMTP_FAIL; - break; - } -+#else -+ memset(&hints, 0, sizeof(hints)); -+ hints.ai_family = PF_UNSPEC; -+ hints.ai_socktype = SOCK_STREAM; -+ error = getaddrinfo(host, NULL, &hints, &res0); -+ if (error) { -+ switch (error) { -+ case EAI_AGAIN: -+ smtp_errno = SMTP_RETRY; -+ break; -+ default: -+ vstring_sprintf(why, "[%s]: %s",host,gai_strerror(error)); -+ smtp_errno = SMTP_FAIL; -+ break; -+ } -+ return (addr_list); -+ } -+ for (res = res0; res; res = res->ai_next) { -+ memset((char *) &fixed, 0, sizeof(fixed)); -+ switch(res->ai_family) { -+ case AF_INET6: -+ /* XXX not scope friendly */ -+ fixed.type = T_AAAA; -+ addr = (char *)&((struct sockaddr_in6 *)res->ai_addr)->sin6_addr; -+ addrlen = sizeof(struct in6_addr); -+ break; -+ case AF_INET: -+ fixed.type = T_A; -+ addr = (char *)&((struct sockaddr_in *)res->ai_addr)->sin_addr; -+ addrlen = sizeof(struct in_addr); -+ break; -+ default: -+ msg_warn("%s: unknown address family %d for %s", -+ myname, res->ai_family, host); -+ continue; -+ } -+ addr_list = dns_rr_append(addr_list, -+ dns_rr_create(host, &fixed, pref, addr, addrlen)); -+ } -+ if (res0) -+ freeaddrinfo(res0); -+#endif - return (addr_list); - } - -@@ -251,6 +351,9 @@ - INET_ADDR_LIST *self; - DNS_RR *addr; - int i; -+#ifdef INET6 -+ struct sockaddr *sa; -+#endif - - /* - * Find the first address that lists any address that this mail system is -@@ -260,12 +363,36 @@ - - self = own_inet_addr_list(); - for (addr = addr_list; addr; addr = addr->next) { -- for (i = 0; i < self->used; i++) -+ for (i = 0; i < self->used; i++) { -+#ifdef INET6 -+ sa = (struct sockaddr *)&self->addrs[i]; -+ switch(addr->type) { -+ case T_AAAA: -+ /* XXX scope */ -+ if (sa->sa_family != AF_INET6) -+ break; -+ if (memcmp(&((struct sockaddr_in6 *)sa)->sin6_addr, -+ addr->data, sizeof(struct in6_addr)) == 0) { -+ return(addr); -+ } -+ break; -+ case T_A: -+ if (sa->sa_family != AF_INET) -+ break; -+ if (memcmp(&((struct sockaddr_in *)sa)->sin_addr, -+ addr->data, sizeof(struct in_addr)) == 0) { -+ return(addr); -+ } -+ break; -+ } -+#else - if (INADDRP(addr->data)->s_addr == self->addrs[i].s_addr) { - if (msg_verbose) - msg_info("%s: found at pref %d", myname, addr->pref); - return (addr); - } -+#endif -+ } - } - - /* -diff -Pur postfix-1.1.11-20020822-orig/src/smtp/smtp_connect.c postfix-1.1.11-20020822/src/smtp/smtp_connect.c ---- postfix-1.1.11-20020822-orig/src/smtp/smtp_connect.c Sun Jul 8 21:40:03 2001 -+++ postfix-1.1.11-20020822/src/smtp/smtp_connect.c Sat Aug 24 00:09:01 2002 -@@ -81,6 +81,7 @@ - /* System library. */ - - #include <sys_defs.h> -+#include <stdlib.h> - #include <sys/socket.h> - #include <netinet/in.h> - #include <arpa/inet.h> -@@ -110,12 +111,14 @@ - #include <inet_addr_list.h> - #include <iostuff.h> - #include <timed_connect.h> -+#include <get_port.h> - #include <stringops.h> - - /* Global library. */ - - #include <mail_params.h> - #include <own_inet_addr.h> -+#include <pfixtls.h> - - /* DNS library. */ - -@@ -128,23 +131,50 @@ - - /* smtp_connect_addr - connect to explicit address */ - --static SMTP_SESSION *smtp_connect_addr(DNS_RR *addr, unsigned port, -+static SMTP_SESSION *smtp_connect_addr(char *dest, DNS_RR *addr, unsigned port, - VSTRING *why) - { - char *myname = "smtp_connect_addr"; -- struct sockaddr_in sin; -- int sock; -+#ifdef INET6 -+ struct sockaddr_storage ss; -+#else -+ struct sockaddr ss; -+#endif -+ struct sockaddr *sa; -+ struct sockaddr_in *sin; -+#ifdef INET6 -+ struct sockaddr_in6 *sin6; -+#endif -+ SOCKADDR_SIZE salen; -+#ifdef INET6 -+ char hbuf[NI_MAXHOST]; -+#else -+ char hbuf[sizeof("255.255.255.255") + 1]; -+#endif -+ int sock = -1; - INET_ADDR_LIST *addr_list; - int conn_stat; - int saved_errno; - VSTREAM *stream; - int ch; -- unsigned long inaddr; -+ char *bind_addr; -+ -+ sa = (struct sockaddr *)&ss; -+ sin = (struct sockaddr_in *)&ss; -+#ifdef INET6 -+ sin6 = (struct sockaddr_in6 *)&ss; -+#endif - - /* - * Sanity checks. - */ -- if (addr->data_len > sizeof(sin.sin_addr)) { -+#ifdef INET6 -+ if (((addr->type==T_A) && (addr->data_len > sizeof(sin->sin_addr))) || -+ ((addr->type==T_AAAA) && (addr->data_len > sizeof(sin6->sin6_addr)))) -+#else -+ if (addr->data_len > sizeof(sin->sin_addr)) -+#endif -+ { - msg_warn("%s: skip address with length %d", myname, addr->data_len); - smtp_errno = SMTP_RETRY; - return (0); -@@ -153,18 +183,42 @@ - /* - * Initialize. - */ -- memset((char *) &sin, 0, sizeof(sin)); -- sin.sin_family = AF_INET; -- -- if ((sock = socket(sin.sin_family, SOCK_STREAM, 0)) < 0) -- msg_fatal("%s: socket: %m", myname); -- -+ switch (addr->type) { -+#ifdef INET6 -+ case T_AAAA: -+ bind_addr = var_smtp_bind_addr6; -+ memset(sin6, 0, sizeof(*sin6)); -+ sin6->sin6_family = AF_INET6; -+ salen = sizeof(*sin6); -+ break; -+#endif -+ default: /* T_A: */ -+ bind_addr = var_smtp_bind_addr; -+ memset(sin, 0, sizeof(*sin)); -+ sin->sin_family = AF_INET; -+ salen = sizeof(*sin); -+ break; -+ } -+#ifdef HAS_SA_LEN -+ sa->sa_len = salen; -+#endif -+ if ((sock = socket(sa->sa_family, SOCK_STREAM, 0)) < 0) -+ msg_warn("%s: socket: %m", myname); -+ - /* - * Allow the sysadmin to specify the source address, for example, as "-o - * smtp_bind_address=x.x.x.x" in the master.cf file. - */ -- if (*var_smtp_bind_addr) { -- sin.sin_addr.s_addr = inet_addr(var_smtp_bind_addr); -+ if (*bind_addr) { -+#ifndef INET6 -+ struct sockaddr_in sin; -+ -+ memset(&sin, 0, sizeof(sin)); -+ sin.sin_family = AF_INET; -+#ifdef HAS_SA_LEN -+ sin.sin_len = sizeof(sin); -+#endif -+ sin.sin_addr.s_addr = inet_addr(bind_addr); - if (sin.sin_addr.s_addr == INADDR_NONE) - msg_fatal("%s: bad %s parameter: %s", - myname, VAR_SMTP_BIND_ADDR, var_smtp_bind_addr); -@@ -172,6 +226,25 @@ - msg_warn("%s: bind %s: %m", myname, inet_ntoa(sin.sin_addr)); - if (msg_verbose) - msg_info("%s: bind %s", myname, inet_ntoa(sin.sin_addr)); -+#else -+ char hbufl[NI_MAXHOST]; -+ struct addrinfo hints, *res; -+ -+ memset(&hints, 0, sizeof(hints)); -+ hints.ai_family = sa->sa_family; -+ hints.ai_socktype = SOCK_STREAM; -+ hints.ai_flags = AI_PASSIVE|AI_NUMERICHOST; -+ snprintf(hbufl, sizeof(hbufl)-1, "%s", bind_addr); -+ if (getaddrinfo(hbufl, NULL, &hints, &res) == 0) { -+ (void)getnameinfo(res->ai_addr, res->ai_addrlen, hbufl, -+ sizeof(hbufl), NULL, 0, NI_NUMERICHOST); -+ if (bind(sock, res->ai_addr, res->ai_addrlen) < 0) -+ msg_warn("%s: bind %s: %m", myname, hbufl); -+ freeaddrinfo(res); -+ if (msg_verbose) -+ msg_info("%s: bind %s", myname, hbufl); -+ } -+#endif - } - - /* -@@ -179,8 +252,17 @@ - * the mail appears to come from the "right" machine address. - */ - else if ((addr_list = own_inet_addr_list())->used == 1) { -+#ifndef INET6 -+ struct sockaddr_in sin; -+ unsigned long inaddr; /*XXX BAD!*/ -+ -+ memset(&sin, 0, sizeof(sin)); -+ sin.sin_family = AF_INET; -+#ifdef HAS_SA_LEN -+ sin.sin_len = sizeof(sin); -+#endif - memcpy((char *) &sin.sin_addr, addr_list->addrs, sizeof(sin.sin_addr)); -- inaddr = ntohl(sin.sin_addr.s_addr); -+ inaddr = (unsigned long)ntohl(sin.sin_addr.s_addr); - if (!IN_CLASSA(inaddr) - || !(((inaddr & IN_CLASSA_NET) >> IN_CLASSA_NSHIFT) == IN_LOOPBACKNET)) { - if (bind(sock, (struct sockaddr *) & sin, sizeof(sin)) < 0) -@@ -188,30 +270,85 @@ - if (msg_verbose) - msg_info("%s: bind %s", myname, inet_ntoa(sin.sin_addr)); - } -+#else -+ char hbufl[NI_MAXHOST]; -+ struct addrinfo hints, *res = NULL, *loopback = NULL; -+ -+ memset(&hints, 0, sizeof(hints)); -+ hints.ai_family = sa->sa_family; -+ hints.ai_socktype = SOCK_STREAM; -+ if (getaddrinfo(NULL, "0", &hints, &loopback) != 0) -+ loopback = NULL; -+ -+ /* -+ * getnameinfo -> getaddrinfo loop is here so that we can -+ * get rid of port. -+ */ -+ (void)getnameinfo((struct sockaddr *)addr_list->addrs, SA_LEN((struct sockaddr *)addr_list->addrs), -+ hbufl, sizeof(hbufl), NULL, 0, NI_NUMERICHOST); -+ hbufl[sizeof(hbufl)-1] = 0; -+ memset(&hints, 0, sizeof(hints)); -+ hints.ai_family = sa->sa_family; -+ hints.ai_socktype = SOCK_STREAM; -+ hints.ai_flags = AI_PASSIVE|AI_NUMERICHOST; -+ if (getaddrinfo(hbufl, NULL, &hints, &res) == 0 && -+ !(res->ai_addrlen == loopback->ai_addrlen && -+ memcmp(res->ai_addr, loopback->ai_addr, res->ai_addrlen) == 0)) { -+ if (bind(sock, res->ai_addr, res->ai_addrlen) < 0) -+ msg_warn("%s: bind %s: %m", myname, hbufl); -+ if (msg_verbose) -+ msg_info("%s: bind %s", myname, hbufl); -+ } -+ if (res) -+ freeaddrinfo(res); -+ if (loopback) -+ freeaddrinfo(loopback); -+#endif - } - - /* - * Connect to the SMTP server. - */ -- sin.sin_port = port; -- memcpy((char *) &sin.sin_addr, addr->data, sizeof(sin.sin_addr)); -+ switch (addr->type) { -+#ifdef INET6 -+ case T_AAAA: -+ /* XXX scope unfriendly */ -+ memset(sin6, 0, sizeof(*sin6)); -+ sin6->sin6_port = port; -+ sin6->sin6_family = AF_INET6; -+ salen = sizeof(*sin6); -+ memcpy(&sin6->sin6_addr, addr->data, sizeof(sin6->sin6_addr)); -+ inet_ntop(AF_INET6, &sin6->sin6_addr, hbuf, sizeof(hbuf)); -+ break; -+#endif -+ default: /* T_A */ -+ memset(sin, 0, sizeof(*sin)); -+ sin->sin_port = port; -+ sin->sin_family = AF_INET; -+ salen = sizeof(*sin); -+ memcpy(&sin->sin_addr, addr->data, sizeof(sin->sin_addr)); -+ inet_ntop(AF_INET, &sin->sin_addr, hbuf, sizeof(hbuf)); -+ break; -+ } -+#ifdef HAS_SA_LEN -+ sa->sa_len = salen; -+#endif - - if (msg_verbose) - msg_info("%s: trying: %s[%s] port %d...", -- myname, addr->name, inet_ntoa(sin.sin_addr), ntohs(port)); -+ myname, addr->name, hbuf, ntohs(port)); - if (var_smtp_conn_tmout > 0) { - non_blocking(sock, NON_BLOCKING); -- conn_stat = timed_connect(sock, (struct sockaddr *) & sin, -- sizeof(sin), var_smtp_conn_tmout); -+ conn_stat = timed_connect(sock, sa, salen, var_smtp_conn_tmout); - saved_errno = errno; - non_blocking(sock, BLOCKING); - errno = saved_errno; - } else { -- conn_stat = connect(sock, (struct sockaddr *) & sin, sizeof(sin)); -+ conn_stat = connect(sock, sa, salen); - } - if (conn_stat < 0) { - vstring_sprintf(why, "connect to %s[%s]: %m", -- addr->name, inet_ntoa(sin.sin_addr)); -+ addr->name, hbuf); - smtp_errno = SMTP_RETRY; - close(sock); - return (0); -@@ -221,8 +358,8 @@ - * Skip this host if it takes no action within some time limit. - */ - if (read_wait(sock, var_smtp_helo_tmout) < 0) { -- vstring_sprintf(why, "connect to %s[%s]: read timeout", -- addr->name, inet_ntoa(sin.sin_addr)); -+ vstring_sprintf(why, "connect to %s [%s]: read timeout", -+ addr->name, hbuf); - smtp_errno = SMTP_RETRY; - close(sock); - return (0); -@@ -233,8 +370,8 @@ - */ - stream = vstream_fdopen(sock, O_RDWR); - if ((ch = VSTREAM_GETC(stream)) == VSTREAM_EOF) { -- vstring_sprintf(why, "connect to %s[%s]: server dropped connection", -- addr->name, inet_ntoa(sin.sin_addr)); -+ vstring_sprintf(why, "connect to %s [%s]: server dropped connection", -+ addr->name, hbuf); - smtp_errno = SMTP_RETRY; - vstream_fclose(stream); - return (0); -@@ -246,7 +383,7 @@ - */ - if (ch == '4' && var_smtp_skip_4xx_greeting) { - vstring_sprintf(why, "connect to %s[%s]: server refused mail service", -- addr->name, inet_ntoa(sin.sin_addr)); -+ addr->name, hbuf); - smtp_errno = SMTP_RETRY; - vstream_fclose(stream); - return (0); -@@ -257,12 +394,12 @@ - */ - if (ch == '5' && var_smtp_skip_5xx_greeting) { - vstring_sprintf(why, "connect to %s[%s]: server refused mail service", -- addr->name, inet_ntoa(sin.sin_addr)); -+ addr->name, hbuf); - smtp_errno = SMTP_RETRY; - vstream_fclose(stream); - return (0); - } -- return (smtp_session_alloc(stream, addr->name, inet_ntoa(sin.sin_addr))); -+ return (smtp_session_alloc(dest, stream, addr->name, hbuf)); - } - - /* smtp_connect_host - direct connection to host */ -@@ -272,7 +409,7 @@ - SMTP_SESSION *session = 0; - DNS_RR *addr_list; - DNS_RR *addr; -- -+ - /* - * Try each address in the specified order until we find one that works. - * The addresses belong to the same A record, so we have no information -@@ -280,7 +417,7 @@ - */ - addr_list = smtp_host_addr(host, why); - for (addr = addr_list; addr; addr = addr->next) { -- if ((session = smtp_connect_addr(addr, port, why)) != 0) { -+ if ((session = smtp_connect_addr(host, addr, port, why)) != 0) { - session->best = 1; - break; - } -@@ -309,7 +446,7 @@ - */ - addr_list = smtp_domain_addr(name, why, found_myself); - for (addr = addr_list; addr; addr = addr->next) { -- if ((session = smtp_connect_addr(addr, port, why)) != 0) { -+ if ((session = smtp_connect_addr(name, addr, port, why)) != 0) { - session->best = (addr->pref == addr_list->pref); - break; - } -@@ -379,6 +516,7 @@ - msg_fatal("unknown service: %s/%s", service, protocol); - *portp = sp->s_port; - } -+ - return (buf); - } - -diff -Pur postfix-1.1.11-20020822-orig/src/smtp/smtp_proto.c postfix-1.1.11-20020822/src/smtp/smtp_proto.c ---- postfix-1.1.11-20020822-orig/src/smtp/smtp_proto.c Fri Aug 9 20:19:10 2002 -+++ postfix-1.1.11-20020822/src/smtp/smtp_proto.c Sat Aug 24 00:09:01 2002 -@@ -103,6 +103,7 @@ - #include <quote_821_local.h> - #include <mail_proto.h> - #include <mime_state.h> -+#include <pfixtls.h> - - /* Application-specific. */ - -@@ -170,6 +171,8 @@ - char *words; - char *word; - int n; -+ int oldfeatures; -+ int rval; - - /* - * Prepare for disaster. -@@ -232,7 +235,8 @@ - translit(resp->str, "\n", " "))); - return (0); - } -- -+ if (var_smtp_always_ehlo) -+ state->features |= SMTP_FEATURE_ESMTP; - /* - * Pick up some useful features offered by the SMTP server. XXX Until we - * have a portable routine to convert from string to off_t with proper -@@ -244,6 +248,7 @@ - * MicroSoft implemented AUTH based on an old draft. - */ - lines = resp->str; -+ oldfeatures = state->features; /* remember */ - while ((words = mystrtok(&lines, "\n")) != 0) { - if (mystrtok(&words, "- ") && (word = mystrtok(&words, " \t=")) != 0) { - if (strcasecmp(word, "8BITMIME") == 0) -@@ -260,6 +265,8 @@ - state->size_limit = off_cvt_string(word); - } - } -+ else if (strcasecmp(word, "STARTTLS") == 0) -+ state->features |= SMTP_FEATURE_STARTTLS; - #ifdef USE_SASL_AUTH - else if (var_smtp_sasl_enable && strcasecmp(word, "AUTH") == 0) - smtp_sasl_helo_auth(state, words); -@@ -277,6 +284,128 @@ - msg_info("server features: 0x%x size %.0f", - state->features, (double) state->size_limit); - -+#ifdef HAS_SSL -+ if ((state->features & SMTP_FEATURE_STARTTLS) && -+ (var_smtp_tls_note_starttls_offer) && -+ (!(session->tls_enforce_tls || session->tls_use_tls))) -+ msg_info("Host offered STARTTLS: [%s]", session->host); -+ if ((session->tls_enforce_tls) && -+ !(state->features & SMTP_FEATURE_STARTTLS)) -+ { -+ /* -+ * We are enforced to use TLS but it is not offered, so we will give -+ * up on this host. We won't even try STARTTLS, because we could -+ * receive a "500 command unrecognized" which would bounce the -+ * message. We instead want to delay until STARTTLS becomes -+ * available. -+ */ -+ return (smtp_site_fail(state, 450, "Could not start TLS: not offered")); -+ } -+ if ((session->tls_enforce_tls) && !pfixtls_clientengine) { -+ /* -+ * We would like to start client TLS, but our own TLS-engine is -+ * not running. -+ */ -+ return (smtp_site_fail(state, 450, -+ "Could not start TLS: our TLS-engine not running")); -+ } -+ if ((state->features & SMTP_FEATURE_STARTTLS) && -+ ((session->tls_use_tls && pfixtls_clientengine) || -+ (session->tls_enforce_tls))) { -+ /* -+ * Try to use the TLS feature -+ */ -+ smtp_chat_cmd(state, "STARTTLS"); -+ if ((resp = smtp_chat_resp(state))->code / 100 != 2) { -+ state->features &= ~SMTP_FEATURE_STARTTLS; -+ /* -+ * At this point a political decision is necessary. If we -+ * enforce usage of tls, we have to close the connection -+ * now. -+ */ -+ if (session->tls_enforce_tls) -+ return (smtp_site_fail(state, resp->code, -+ "host %s refused to start TLS: %s", -+ session->host, -+ translit(resp->str, "\n", " "))); -+ } else { -+ if (rval = pfixtls_start_clienttls(session->stream, -+ var_smtp_starttls_tmout, -+ session->tls_enforce_peername, -+ session->host, -+ &(session->tls_info))) -+ return (smtp_site_fail(state, 450, -+ "Could not start TLS: client failure")); -+ -+ -+ /* -+ * Now the connection is established and maybe we do have a -+ * validated cert with a CommonName in it. -+ * In enforce_peername state, the handshake would already have -+ * been terminated so the check here is for logging only! -+ */ -+ if (session->tls_info.peer_CN != NULL) { -+ if (!session->tls_info.peer_verified) { -+ msg_info("Peer certficate could not be verified"); -+ if (session->tls_enforce_tls) { -+ pfixtls_stop_clienttls(session->stream, -+ var_smtp_starttls_tmout, 1, -+ &(session->tls_info)); -+ return(smtp_site_fail(state, 450, "TLS-failure: Could not verify certificate")); -+ } -+ } -+ } else if (session->tls_enforce_tls) { -+ pfixtls_stop_clienttls(session->stream, -+ var_smtp_starttls_tmout, 1, -+ &(session->tls_info)); -+ return (smtp_site_fail(state, 450, "TLS-failure: Cannot verify hostname")); -+ } -+ -+ /* -+ * At this point we have to re-negotiate the "EHLO" to reget -+ * the feature-list -+ */ -+ state->features = oldfeatures; -+#ifdef USE_SASL_AUTH -+ if (state->sasl_mechanism_list) { -+ myfree(state->sasl_mechanism_list); -+ state->sasl_mechanism_list = 0; -+ } -+#endif -+ if (state->features & SMTP_FEATURE_ESMTP) { -+ smtp_chat_cmd(state, "EHLO %s", var_myhostname); -+ if ((resp = smtp_chat_resp(state))->code / 100 != 2) -+ state->features &= ~SMTP_FEATURE_ESMTP; -+ } -+ lines = resp->str; -+ (void) mystrtok(&lines, "\n"); -+ while ((words = mystrtok(&lines, "\n")) != 0) { -+ if (mystrtok(&words, "- ") && -+ (word = mystrtok(&words, " \t=")) != 0) { -+ if (strcasecmp(word, "8BITMIME") == 0) -+ state->features |= SMTP_FEATURE_8BITMIME; -+ else if (strcasecmp(word, "PIPELINING") == 0) -+ state->features |= SMTP_FEATURE_PIPELINING; -+ else if (strcasecmp(word, "SIZE") == 0) -+ state->features |= SMTP_FEATURE_SIZE; -+ else if (strcasecmp(word, "STARTTLS") == 0) -+ state->features |= SMTP_FEATURE_STARTTLS; -+#ifdef USE_SASL_AUTH -+ else if (var_smtp_sasl_enable && -+ strcasecmp(word, "AUTH") == 0) -+ smtp_sasl_helo_auth(state, words); -+#endif -+ } -+ } -+ /* -+ * Actually, at this point STARTTLS should not be offered -+ * anymore, so we could check for a protocol violation, but -+ * what should we do then? -+ */ -+ -+ } -+ } -+#endif - #ifdef USE_SASL_AUTH - if (var_smtp_sasl_enable && (state->features & SMTP_FEATURE_AUTH)) - return (smtp_sasl_helo_login(state)); -diff -Pur postfix-1.1.11-20020822-orig/src/smtp/smtp_session.c postfix-1.1.11-20020822/src/smtp/smtp_session.c ---- postfix-1.1.11-20020822-orig/src/smtp/smtp_session.c Mon Nov 20 19:06:05 2000 -+++ postfix-1.1.11-20020822/src/smtp/smtp_session.c Sat Aug 24 00:09:01 2002 -@@ -42,15 +42,42 @@ - #include <vstream.h> - #include <stringops.h> - -+#include <mail_params.h> -+#include <maps.h> -+#include <pfixtls.h> -+ - /* Application-specific. */ - - #include "smtp.h" - -+#ifdef HAS_SSL -+/* static lists */ -+static MAPS *tls_per_site; -+ -+/* smtp_tls_list_init - initialize lists */ -+ -+void smtp_tls_list_init(void) -+{ -+ tls_per_site = maps_create(VAR_SMTP_TLS_PER_SITE, var_smtp_tls_per_site, -+ DICT_FLAG_LOCK); -+} -+#endif -+ - /* smtp_session_alloc - allocate and initialize SMTP_SESSION structure */ - --SMTP_SESSION *smtp_session_alloc(VSTREAM *stream, char *host, char *addr) -+SMTP_SESSION *smtp_session_alloc(char *dest, VSTREAM *stream, char *host, char *addr) - { - SMTP_SESSION *session; -+ const char *lookup; -+ char *lookup_key; -+ int host_dont_use = 0; -+ int host_use = 0; -+ int host_enforce = 0; -+ int host_enforce_peername = 0; -+ int recipient_dont_use = 0; -+ int recipient_use = 0; -+ int recipient_enforce = 0; -+ int recipient_enforce_peername = 0; - - session = (SMTP_SESSION *) mymalloc(sizeof(*session)); - session->stream = stream; -@@ -58,6 +85,61 @@ - session->addr = mystrdup(addr); - session->namaddr = concatenate(host, "[", addr, "]", (char *) 0); - session->best = 1; -+ session->tls_use_tls = session->tls_enforce_tls = 0; -+ session->tls_enforce_peername = 0; -+#ifdef HAS_SSL -+ lookup_key = lowercase(mystrdup(host)); -+ if (lookup = maps_find(tls_per_site, lookup_key, 0)) { -+ if (!strcasecmp(lookup, "NONE")) -+ host_dont_use = 1; -+ else if (!strcasecmp(lookup, "MAY")) -+ host_use = 1; -+ else if (!strcasecmp(lookup, "MUST")) -+ host_enforce = host_enforce_peername = 1; -+ else if (!strcasecmp(lookup, "MUST_NOPEERMATCH")) -+ host_enforce = 1; -+ else -+ msg_warn("Unknown TLS state for receiving host %s: '%s', using default policy", session->host, lookup); -+ } -+ myfree(lookup_key); -+ lookup_key = lowercase(mystrdup(dest)); -+ if (lookup = maps_find(tls_per_site, dest, 0)) { -+ if (!strcasecmp(lookup, "NONE")) -+ recipient_dont_use = 1; -+ else if (!strcasecmp(lookup, "MAY")) -+ recipient_use = 1; -+ else if (!strcasecmp(lookup, "MUST")) -+ recipient_enforce = recipient_enforce_peername = 1; -+ else if (!strcasecmp(lookup, "MUST_NOPEERMATCH")) -+ recipient_enforce = 1; -+ else -+ msg_warn("Unknown TLS state for recipient domain %s: '%s', using default policy", dest, lookup); -+ } -+ myfree(lookup_key); -+ -+ if ((var_smtp_enforce_tls && !host_dont_use && !recipient_dont_use) || host_enforce || -+ recipient_enforce) -+ session->tls_enforce_tls = session->tls_use_tls = 1; -+ -+ /* -+ * Set up peername checking. We want to make sure that a MUST* entry in -+ * the tls_per_site table always has precedence. MUST always must lead to -+ * a peername check, MUST_NOPEERMATCH must always disable it. Only when -+ * no explicit setting has been found, the default will be used. -+ * There is the case left, that both "host" and "recipient" settings -+ * conflict. In this case, the "host" setting wins. -+ */ -+ if (host_enforce && host_enforce_peername) -+ session->tls_enforce_peername = 1; -+ else if (recipient_enforce && recipient_enforce_peername) -+ session->tls_enforce_peername = 1; -+ else if (var_smtp_enforce_tls && var_smtp_tls_enforce_peername) -+ session->tls_enforce_peername = 1; -+ -+ else if ((var_smtp_use_tls && !host_dont_use && !recipient_dont_use) || host_use || recipient_use) -+ session->tls_use_tls = 1; -+#endif -+ session->tls_info = tls_info_zero; - return (session); - } - -@@ -65,6 +147,11 @@ - - void smtp_session_free(SMTP_SESSION *session) - { -+#ifdef HAS_SSL -+ vstream_fflush(session->stream); -+ pfixtls_stop_clienttls(session->stream, var_smtp_starttls_tmout, 0, -+ &(session->tls_info)); -+#endif - vstream_fclose(session->stream); - myfree(session->host); - myfree(session->addr); -diff -Pur postfix-1.1.11-20020822-orig/src/smtp/smtp_unalias.c postfix-1.1.11-20020822/src/smtp/smtp_unalias.c ---- postfix-1.1.11-20020822-orig/src/smtp/smtp_unalias.c Thu Sep 28 19:06:09 2000 -+++ postfix-1.1.11-20020822/src/smtp/smtp_unalias.c Sat Aug 24 00:09:01 2002 -@@ -86,7 +86,11 @@ - if ((result = htable_find(cache, name)) == 0) { - fqdn = vstring_alloc(10); - if (dns_lookup_types(name, smtp_unalias_flags, (DNS_RR **) 0, -- fqdn, (VSTRING *) 0, T_MX, T_A, 0) != DNS_OK) -+ fqdn, (VSTRING *) 0, T_MX, T_A, -+#ifdef INET6 -+ T_AAAA, -+#endif -+ 0) != DNS_OK) - vstring_strcpy(fqdn, name); - htable_enter(cache, name, result = vstring_export(fqdn)); - } -diff -Pur postfix-1.1.11-20020822-orig/src/smtpd/Makefile.in postfix-1.1.11-20020822/src/smtpd/Makefile.in ---- postfix-1.1.11-20020822-orig/src/smtpd/Makefile.in Wed Aug 21 22:25:20 2002 -+++ postfix-1.1.11-20020822/src/smtpd/Makefile.in Sat Aug 24 00:09:56 2002 -@@ -134,6 +134,7 @@ - smtpd.o: ../../include/quote_flags.h - smtpd.o: ../../include/lex_822.h - smtpd.o: ../../include/mail_server.h -+smtpd.o: ../../include/pfixtls.h - smtpd.o: smtpd_token.h - smtpd.o: smtpd.h - smtpd.o: smtpd_check.h -@@ -162,6 +163,7 @@ - smtpd_chat.o: ../../include/cleanup_user.h - smtpd_chat.o: ../../include/mail_error.h - smtpd_chat.o: ../../include/name_mask.h -+smtpd_chat.o: ../../include/pfixtls.h - smtpd_chat.o: smtpd.h - smtpd_chat.o: ../../include/mail_stream.h - smtpd_chat.o: smtpd_chat.h -@@ -201,6 +203,7 @@ - smtpd_check.o: ../../include/cleanup_user.h - smtpd_check.o: ../../include/record.h - smtpd_check.o: ../../include/rec_type.h -+smtpd_check.o: ../../include/pfixtls.h - smtpd_check.o: smtpd.h - smtpd_check.o: ../../include/mail_stream.h - smtpd_check.o: smtpd_sasl_glue.h -@@ -217,6 +220,7 @@ - smtpd_peer.o: ../../include/vstream.h - smtpd_peer.o: ../../include/argv.h - smtpd_peer.o: ../../include/mail_stream.h -+smtpd_peer.o: ../../include/pfixtls.h - smtpd_sasl_glue.o: smtpd_sasl_glue.c - smtpd_sasl_glue.o: ../../include/sys_defs.h - smtpd_sasl_glue.o: ../../include/msg.h -@@ -270,6 +274,7 @@ - smtpd_state.o: ../../include/vstring.h - smtpd_state.o: ../../include/argv.h - smtpd_state.o: ../../include/mail_stream.h -+smtpd_state.o: ../../include/pfixtls.h - smtpd_state.o: smtpd_chat.h - smtpd_state.o: smtpd_sasl_glue.h - smtpd_token.o: smtpd_token.c -@@ -279,3 +284,4 @@ - smtpd_token.o: smtpd_token.h - smtpd_token.o: ../../include/vstring.h - smtpd_token.o: ../../include/vbuf.h -+smtpd_token.o: ../../include/pfixtls.h -diff -Pur postfix-1.1.11-20020822-orig/src/smtpd/smtpd.c postfix-1.1.11-20020822/src/smtpd/smtpd.c ---- postfix-1.1.11-20020822-orig/src/smtpd/smtpd.c Thu Aug 22 15:11:09 2002 -+++ postfix-1.1.11-20020822/src/smtpd/smtpd.c Sat Aug 24 00:09:02 2002 -@@ -316,6 +316,7 @@ - #include <string_list.h> - #include <quote_822_local.h> - #include <lex_822.h> -+#include <pfixtls.h> - - /* Single-threaded server skeleton. */ - -@@ -340,6 +341,7 @@ - */ - int var_smtpd_rcpt_limit; - int var_smtpd_tmout; -+char *var_relay_ccerts; - int var_smtpd_soft_erlim; - int var_smtpd_hard_erlim; - int var_queue_minfree; /* XXX use off_t */ -@@ -388,6 +390,15 @@ - char *var_smtpd_noop_cmds; - char *var_smtpd_null_key; - int var_smtpd_hist_thrsh; -+int var_smtpd_starttls_tmout; -+int var_smtpd_tls_wrappermode; -+int var_smtpd_use_tls; -+int var_smtpd_enforce_tls; -+int var_smtpd_tls_auth_only; -+int var_smtpd_tls_ask_ccert; -+int var_smtpd_tls_req_ccert; -+int var_smtpd_tls_ccert_vd; -+int var_smtpd_tls_received_header; - - /* - * Silly little macros. -@@ -492,11 +503,21 @@ - if (var_disable_vrfy_cmd == 0) - smtpd_chat_reply(state, "250-VRFY"); - smtpd_chat_reply(state, "250-ETRN"); -+#ifdef HAS_SSL -+ if ((state->tls_use_tls || state->tls_enforce_tls) && (!state->tls_active)) -+ smtpd_chat_reply(state, "250-STARTTLS"); -+#endif - #ifdef USE_SASL_AUTH - if (var_smtpd_sasl_enable) { -+#ifdef HAS_SSL -+ if (!state->tls_auth_only || state->tls_active) { -+#endif - smtpd_chat_reply(state, "250-AUTH %s", state->sasl_mechanism_list); - if (var_broken_auth_clients) - smtpd_chat_reply(state, "250-AUTH=%s", state->sasl_mechanism_list); -+#ifdef HAS_SSL -+ } -+#endif - } - #endif - smtpd_chat_reply(state, "250-%s", VERP_CMD); -@@ -921,11 +942,76 @@ - state->rcpt_count = 0; - } - -+/* CN_sanitize - make sure, the CN-string is well behaved */ -+ -+static void CN_sanitize(char *CNstring) -+{ -+ int i; -+ int len; -+ int parencount; -+ -+ /* -+ * The information included in the CN (CommonName) of the peer and its -+ * issuer can be included into the Received: header line. The characters -+ * allowed as well as comment nesting are limited by RFC822. -+ */ -+ -+ len = strlen(CNstring); -+ /* -+ * The Received: header can only contain characters. Make sure that only -+ * acceptable characters are printed. Maybe we could allow more, but -+ * not everything makes sense inside a CommonName. -+ */ -+ for (i = 0; i < len; i++) -+ if (!((CNstring[i] >= 'A') && (CNstring[i] <='Z')) && -+ !((CNstring[i] >= 'a') && (CNstring[i] <='z')) && -+ !((CNstring[i] >= '0') && (CNstring[i] <='9')) && -+ (CNstring[i] != '(') && (CNstring[i] != ')') && -+ (CNstring[i] != '[') && (CNstring[i] != ']') && -+ (CNstring[i] != '{') && (CNstring[i] != '}') && -+ (CNstring[i] != '<') && (CNstring[i] != '>') && -+ (CNstring[i] != '?') && (CNstring[i] != '!') && -+ (CNstring[i] != ';') && (CNstring[i] != ':') && -+ (CNstring[i] != '"') && (CNstring[i] != '\'') && -+ (CNstring[i] != '/') && (CNstring[i] != '|') && -+ (CNstring[i] != '+') && (CNstring[i] != '&') && -+ (CNstring[i] != '~') && (CNstring[i] != '@') && -+ (CNstring[i] != '#') && (CNstring[i] != '$') && -+ (CNstring[i] != '%') && (CNstring[i] != '&') && -+ (CNstring[i] != '^') && (CNstring[i] != '*') && -+ (CNstring[i] != '_') && (CNstring[i] != '-') && -+ (CNstring[i] != '.') && (CNstring[i] != ' ')) -+ CNstring[i] = '?'; -+ -+ /* -+ * This information will go into the Received: header inside a comment. -+ * Since comments can be nested, parentheses '(' and ')' must match. -+ */ -+ parencount = 0; -+ for (i = 0; i < len; i++) { -+ if (CNstring[i] == '(') -+ parencount++; -+ else if (CNstring[i] == ')') -+ parencount--; -+ } -+ /* -+ * The necessary condition is violated. Do YOU know, where to correct? -+ * I don't know, so I will practically remove all parentheses. -+ */ -+ if (parencount != 0) { -+ for (i = 0; i < len; i++) -+ if ((CNstring[i] == '(') || (CNstring[i] == ')')) -+ CNstring[i] = '/'; -+ } -+} -+ - /* data_cmd - process DATA command */ - - static int data_cmd(SMTPD_STATE *state, int argc, SMTPD_TOKEN *unused_argv) - { - char *start; -+ char *peer_CN; -+ char *issuer_CN; - int len; - int curr_rec_type; - int prev_rec_type; -@@ -964,6 +1050,35 @@ - "Received: from %s (%s [%s])", - state->helo_name ? state->helo_name : state->name, - state->name, state->addr); -+ if (var_smtpd_tls_received_header && state->tls_active) { -+ rec_fprintf(state->cleanup, REC_TYPE_NORM, -+ "\t(using %s with cipher %s (%d/%d bits))", -+ state->tls_info.protocol, state->tls_info.cipher_name, -+ state->tls_info.cipher_usebits, -+ state->tls_info.cipher_algbits); -+ if (state->tls_info.peer_CN) { -+ peer_CN = mystrdup(state->tls_info.peer_CN); -+ CN_sanitize(peer_CN); -+ issuer_CN = mystrdup(state->tls_info.issuer_CN); -+ CN_sanitize(issuer_CN); -+ if (state->tls_info.peer_verified) -+ rec_fprintf(state->cleanup, REC_TYPE_NORM, -+ "\t(Client CN \"%s\", Issuer \"%s\" (verified OK))", -+ peer_CN, issuer_CN); -+ else -+ rec_fprintf(state->cleanup, REC_TYPE_NORM, -+ "\t(Client CN \"%s\", Issuer \"%s\" (not verified))", -+ peer_CN, issuer_CN); -+ myfree(issuer_CN); -+ myfree(peer_CN); -+ } -+ else if (var_smtpd_tls_ask_ccert) -+ rec_fprintf(state->cleanup, REC_TYPE_NORM, -+ "\t(Client did not present a certificate)"); -+ else -+ rec_fprintf(state->cleanup, REC_TYPE_NORM, -+ "\t(No client certificate requested)"); -+ } - if (state->rcpt_count == 1 && state->recipient) { - rec_fprintf(state->cleanup, REC_TYPE_NORM, - "\tby %s (%s) with %s id %s", -@@ -1313,6 +1428,77 @@ - } - } - -+static int starttls_cmd(SMTPD_STATE *state, int argc, SMTPD_TOKEN *argv) -+{ -+ char *err; -+ -+#ifdef HAS_SSL -+ if (argc != 1) { -+ state->error_mask |= MAIL_ERROR_PROTOCOL; -+ smtpd_chat_reply(state, "501 Syntax: STARTTLS"); -+ return (-1); -+ } -+ if (state->tls_active != 0) { -+ state->error_mask |= MAIL_ERROR_PROTOCOL; -+ smtpd_chat_reply(state, "554 Error: TLS already active"); -+ return (-1); -+ } -+ if (state->tls_use_tls == 0) { -+ state->error_mask |= MAIL_ERROR_PROTOCOL; -+ smtpd_chat_reply(state, "502 Error: command not implemented"); -+ return (-1); -+ } -+ if (!pfixtls_serverengine) { -+ smtpd_chat_reply(state, "454 TLS not available due to temporary reason"); -+ return (0); -+ } -+ smtpd_chat_reply(state, "220 Ready to start TLS"); -+ vstream_fflush(state->client); -+ /* -+ * When deciding about continuing the handshake, we will stop when a -+ * client certificate was _required_ and none was presented or the -+ * verification failed. This however does only make sense when TLS is -+ * enforced. Otherwise we would happily perform perform the SMTP -+ * transaction without any STARTTLS at all! So only have the handshake -+ * fail when TLS is also enforced. -+ */ -+ if (pfixtls_start_servertls(state->client, var_smtpd_starttls_tmout, -+ state->name, state->addr, &(state->tls_info), -+ (var_smtpd_tls_req_ccert && state->tls_enforce_tls))) { -+ /* -+ * Typically the connection is hanging at this point, so -+ * we should try to shut it down by force! Unfortunately this -+ * problem is not addressed in postfix! -+ */ -+ return (-1); -+ } -+ state->tls_active = 1; -+ helo_reset(state); -+ mail_reset(state); -+ rcpt_reset(state); -+ return (0); -+#else -+ state->error_mask |= MAIL_ERROR_PROTOCOL; -+ smtpd_chat_reply(state, "502 Error: command not implemented"); -+ return (-1); -+#endif -+} -+ -+static void tls_reset(SMTPD_STATE *state) -+{ -+ int failure = 0; -+ -+ if (state->reason && state->where && strcmp(state->where, SMTPD_AFTER_DOT)) -+ failure = 1; -+#ifdef HAS_SSL -+ vstream_fflush(state->client); -+ if (state->tls_active) -+ pfixtls_stop_servertls(state->client, var_smtpd_starttls_tmout, -+ failure, &(state->tls_info)); -+#endif -+ state->tls_active = 0; -+} -+ - /* - * The table of all SMTP commands that we know. Set the junk limit flag on - * any command that can be repeated an arbitrary number of times without -@@ -1331,6 +1517,10 @@ - "HELO", helo_cmd, SMTPD_CMD_FLAG_LIMIT, - "EHLO", ehlo_cmd, SMTPD_CMD_FLAG_LIMIT, - -+#ifdef HAS_SSL -+ "STARTTLS", starttls_cmd, 0, -+#endif -+ - #ifdef USE_SASL_AUTH - "AUTH", smtpd_sasl_auth_cmd, 0, - #endif -@@ -1441,9 +1631,28 @@ - state->error_count++; - continue; - } -+ if (state->tls_enforce_tls && -+ !state->tls_active && -+ cmdp->action != starttls_cmd && -+ cmdp->action != noop_cmd && -+ cmdp->action != ehlo_cmd && -+ cmdp->action != quit_cmd) { -+ smtpd_chat_reply(state, -+ "530 Must issue a STARTTLS command first"); -+ state->error_count++; -+ continue; -+ } - state->where = cmdp->name; -- if (cmdp->action(state, argc, argv) != 0) -+ if (cmdp->action(state, argc, argv) != 0) { - state->error_count++; -+ /* -+ * Die after TLS negotiation failure, as there is no -+ * stable way to recover from a possible mixture of -+ * TLS and SMTP protocol from the client. -+ */ -+ if (cmdp->action == starttls_cmd) -+ break; -+ } - if ((cmdp->flags & SMTPD_CMD_FLAG_LIMIT) - && state->junk_cmds++ > var_smtpd_junk_cmd_limit) - state->error_count++; -@@ -1467,6 +1676,7 @@ - * Cleanup whatever information the client gave us during the SMTP - * dialog. - */ -+ tls_reset(state); - helo_reset(state); - #ifdef USE_SASL_AUTH - if (var_smtpd_sasl_enable) -@@ -1499,6 +1709,46 @@ - * machines. - */ - smtpd_state_init(&state, stream); -+#ifdef HAS_SSL -+ if (SMTPD_STAND_ALONE((&state))) { -+ state.tls_use_tls = 0; -+ state.tls_enforce_tls = 0; -+ state.tls_auth_only = 0; -+ } -+ else { -+ state.tls_use_tls = var_smtpd_use_tls | var_smtpd_enforce_tls; -+ state.tls_enforce_tls = var_smtpd_enforce_tls; -+ if (var_smtpd_tls_wrappermode) { -+ /* -+ * TLS has been set to wrapper mode, meaning that we run on a -+ * seperate port and we must switch to TLS layer before actually -+ * performing the SMTP protocol. This implies enforce-mode. -+ */ -+ state.tls_use_tls = state.tls_enforce_tls = 1; -+ if (pfixtls_start_servertls(state.client, var_smtpd_starttls_tmout, -+ state.name, state.addr, &state.tls_info, -+ var_smtpd_tls_req_ccert)) { -+ /* -+ * Typically the connection is hanging at this point, so -+ * we should try to shut it down by force! Unfortunately this -+ * problem is not addressed in postfix! -+ */ -+ return; -+ } -+ state.tls_active = 1; -+ } -+ if (var_smtpd_tls_auth_only || state.tls_enforce_tls) -+ state.tls_auth_only = 1; -+ } -+#else -+ state.tls_use_tls = 0; -+ state.tls_enforce_tls = 0; -+ state.tls_auth_only = 0; -+#endif -+ -+ /* -+ * Provide the SMTP service. -+ */ - - /* - * See if we need to turn on verbose logging for this client. -@@ -1516,10 +1766,6 @@ - smtpd_chat_reply(&state, "220 %s", var_smtpd_banner); - msg_info("connect from %s[%s]", state.name, state.addr); - } -- -- /* -- * Provide the SMTP service. -- */ - smtpd_proto(&state); - - /* -@@ -1545,7 +1791,6 @@ - - static void pre_jail_init(char *unused_name, char **unused_argv) - { -- - /* - * Initialize blacklist/etc. patterns before entering the chroot jail, in - * case they specify a filename pattern. -@@ -1561,6 +1806,12 @@ - msg_warn("%s is true, but SASL support is not compiled in", - VAR_SMTPD_SASL_ENABLE); - #endif -+ -+#ifdef HAS_SSL -+ if (var_smtpd_use_tls || var_smtpd_enforce_tls || var_smtpd_tls_wrappermode) -+ pfixtls_init_serverengine(var_smtpd_tls_ccert_vd, -+ var_smtpd_tls_ask_ccert); -+#endif - } - - /* main - the main program */ -@@ -1584,6 +1835,7 @@ - VAR_NON_FQDN_CODE, DEF_NON_FQDN_CODE, &var_non_fqdn_code, 0, 0, - VAR_SMTPD_JUNK_CMD, DEF_SMTPD_JUNK_CMD, &var_smtpd_junk_cmd_limit, 1, 0, - VAR_SMTPD_HIST_THRSH, DEF_SMTPD_HIST_THRSH, &var_smtpd_hist_thrsh, 1, 0, -+ VAR_SMTPD_TLS_CCERT_VD, DEF_SMTPD_TLS_CCERT_VD, &var_smtpd_tls_ccert_vd, 0, 0, - 0, - }; - static CONFIG_TIME_TABLE time_table[] = { -@@ -1599,6 +1851,13 @@ - VAR_ALLOW_UNTRUST_ROUTE, DEF_ALLOW_UNTRUST_ROUTE, &var_allow_untrust_route, - VAR_SMTPD_SASL_ENABLE, DEF_SMTPD_SASL_ENABLE, &var_smtpd_sasl_enable, - VAR_BROKEN_AUTH_CLNTS, DEF_BROKEN_AUTH_CLNTS, &var_broken_auth_clients, -+ VAR_SMTPD_TLS_WRAPPER, DEF_SMTPD_TLS_WRAPPER, &var_smtpd_tls_wrappermode, -+ VAR_SMTPD_USE_TLS, DEF_SMTPD_USE_TLS, &var_smtpd_use_tls, -+ VAR_SMTPD_ENFORCE_TLS, DEF_SMTPD_ENFORCE_TLS, &var_smtpd_enforce_tls, -+ VAR_SMTPD_TLS_AUTH_ONLY, DEF_SMTPD_TLS_AUTH_ONLY, &var_smtpd_tls_auth_only, -+ VAR_SMTPD_TLS_ACERT, DEF_SMTPD_TLS_ACERT, &var_smtpd_tls_ask_ccert, -+ VAR_SMTPD_TLS_RCERT, DEF_SMTPD_TLS_RCERT, &var_smtpd_tls_req_ccert, -+ VAR_SMTPD_TLS_RECHEAD, DEF_SMTPD_TLS_RECHEAD, &var_smtpd_tls_received_header, - 0, - }; - static CONFIG_STR_TABLE str_table[] = { -@@ -1627,6 +1886,7 @@ - VAR_SMTPD_SND_AUTH_MAPS, DEF_SMTPD_SND_AUTH_MAPS, &var_smtpd_snd_auth_maps, 0, 0, - VAR_SMTPD_NOOP_CMDS, DEF_SMTPD_NOOP_CMDS, &var_smtpd_noop_cmds, 0, 0, - VAR_SMTPD_NULL_KEY, DEF_SMTPD_NULL_KEY, &var_smtpd_null_key, 0, 0, -+ VAR_RELAY_CCERTS, DEF_RELAY_CCERTS, &var_relay_ccerts, 0, 0, - 0, - }; - -@@ -1642,3 +1902,4 @@ - MAIL_SERVER_PRE_ACCEPT, pre_accept, - 0); - } -+ -diff -Pur postfix-1.1.11-20020822-orig/src/smtpd/smtpd.h postfix-1.1.11-20020822/src/smtpd/smtpd.h ---- postfix-1.1.11-20020822-orig/src/smtpd/smtpd.h Mon Aug 19 23:14:23 2002 -+++ postfix-1.1.11-20020822/src/smtpd/smtpd.h Sat Aug 24 00:09:02 2002 -@@ -32,6 +32,7 @@ - * Global library. - */ - #include <mail_stream.h> -+#include <pfixtls.h> - - /* - * Variables that keep track of conversation state. There is only one SMTP -@@ -81,6 +82,11 @@ - VSTRING *sasl_decoded; - #endif - int warn_if_reject; -+ int tls_active; -+ int tls_use_tls; -+ int tls_enforce_tls; -+ int tls_auth_only; -+ tls_info_t tls_info; - } SMTPD_STATE; - - extern void smtpd_state_init(SMTPD_STATE *, VSTREAM *); -diff -Pur postfix-1.1.11-20020822-orig/src/smtpd/smtpd_check.c postfix-1.1.11-20020822/src/smtpd/smtpd_check.c ---- postfix-1.1.11-20020822-orig/src/smtpd/smtpd_check.c Thu Aug 22 19:32:22 2002 -+++ postfix-1.1.11-20020822/src/smtpd/smtpd_check.c Sat Aug 24 00:09:02 2002 -@@ -281,6 +281,7 @@ - - #include <namadr_list.h> - #include <domain_list.h> -+#include <string_list.h> - #include <mail_params.h> - #include <canon_addr.h> - #include <resolve_clnt.h> -@@ -350,6 +351,9 @@ - static DOMAIN_LIST *relay_domains; - static NAMADR_LIST *mynetworks; - static NAMADR_LIST *perm_mx_networks; -+#ifdef HAS_SSL -+static MAPS *relay_ccerts; -+#endif - - /* - * How to do parent domain wildcard matching, if any. -@@ -536,6 +540,10 @@ - perm_mx_networks = - namadr_list_init(match_parent_style(VAR_PERM_MX_NETWORKS), - var_perm_mx_networks); -+#ifdef HAS_SSL -+ relay_ccerts = maps_create(VAR_RELAY_CCERTS, var_relay_ccerts, -+ DICT_FLAG_LOCK); -+#endif - - /* - * Pre-parse and pre-open the recipient maps. -@@ -1013,6 +1021,36 @@ - - static int permit_auth_destination(SMTPD_STATE *state, char *recipient); - -+/* permit_tls_clientcerts - OK/DUNNO for message relaying */ -+ -+#ifdef HAS_SSL -+static int permit_tls_clientcerts(SMTPD_STATE *state, int permit_all_certs) -+{ -+ char *low_name; -+ const char *found; -+ -+ if (state->tls_info.peer_verified && permit_all_certs) { -+ if (msg_verbose) -+ msg_info("Relaying allowed for all verified client certificates"); -+ return(SMTPD_CHECK_OK); -+ } -+ -+ if (state->tls_info.peer_verified && state->tls_info.peer_fingerprint) { -+ low_name = lowercase(mystrdup(state->tls_info.peer_fingerprint)); -+ found = maps_find(relay_ccerts, low_name, DICT_FLAG_FIXED); -+ myfree(low_name); -+ if (found) { -+ if (msg_verbose) -+ msg_info("Relaying allowed for certified client: %s", found); -+ return (SMTPD_CHECK_OK); -+ } else if (msg_verbose) -+ msg_info("relay_clientcerts: No match for fingerprint '%s'", -+ state->tls_info.peer_fingerprint); -+ } -+ return (SMTPD_CHECK_DUNNO); -+} -+#endif -+ - /* check_relay_domains - OK/FAIL for message relaying */ - - static int check_relay_domains(SMTPD_STATE *state, char *recipient, -@@ -1192,6 +1230,49 @@ - - static int has_my_addr(const char *host) - { -+#ifdef INET6 -+ char *myname = "has_my_addr"; -+ struct addrinfo hints, *res, *res0; -+ int error; -+ char hbuf[NI_MAXHOST]; -+ -+ if (msg_verbose) -+ msg_info("%s: host %s", myname, host); -+ -+ /* -+ * If we can't lookup the host, play safe and assume it is OK. -+ */ -+#define YUP 1 -+#define NOPE 0 -+ -+ memset(&hints, 0, sizeof(hints)); -+ hints.ai_family = PF_UNSPEC; -+ hints.ai_socktype = SOCK_DGRAM; -+ error = getaddrinfo(host, NULL, &hints, &res0); -+ if (error) { -+ if (msg_verbose) -+ msg_info("%s: host %s: %s", myname, host, gai_strerror(error)); -+ return (YUP); -+ } -+ for (res = res0; res; res = res->ai_next) { -+ if (msg_verbose) { -+ if (getnameinfo(res->ai_addr, res->ai_addrlen, hbuf, sizeof(hbuf), -+ NULL, 0, NI_NUMERICHOST)) { -+ strncpy(hbuf, "???", sizeof(hbuf)); -+ } -+ msg_info("%s: addr %s", myname, hbuf); -+ } -+ if (own_inet_addr(res->ai_addr)) { -+ freeaddrinfo(res0); -+ return (YUP); -+ } -+ } -+ freeaddrinfo(res0); -+ if (msg_verbose) -+ msg_info("%s: host %s: no match", myname, host); -+ -+ return (NOPE); -+#else - char *myname = "has_my_addr"; - struct in_addr addr; - char **cpp; -@@ -1227,6 +1308,7 @@ - msg_info("%s: host %s: no match", myname, host); - - return (NOPE); -+#endif - } - - /* i_am_mx - is this machine listed as MX relay */ -@@ -1913,7 +1995,7 @@ - static int reject_maps_rbl(SMTPD_STATE *state) - { - char *myname = "reject_maps_rbl"; -- ARGV *octets = argv_split(state->addr, "."); -+ ARGV *octets; - VSTRING *query = vstring_alloc(100); - char *saved_domains = mystrdup(var_maps_rbl_domains); - char *bp = saved_domains; -@@ -1925,17 +2007,29 @@ - int dns_status = DNS_FAIL; - int i; - int result; -+ struct in_addr a; - VSTRING *why; - - if (msg_verbose) - msg_info("%s: %s", myname, state->addr); - -- /* -- * IPv4 only for now -- */ --#ifdef INET6 -+#ifndef INET6 -+ /* IPv4 only for now */ - if (inet_pton(AF_INET, state->addr, &a) != 1) - return SMTPD_CHECK_DUNNO; -+ octets = argv_split(state->addr, "."); -+#else -+ /* IPv4 and IPv6-mapped IPv4 only for now */ -+ if (inet_pton(AF_INET, state->addr, &a) == 1) -+ octets = argv_split(state->addr, "."); -+ else { -+ struct in6_addr a6; -+ if (inet_pton(AF_INET6, state->addr, &a6) != 1) -+ return SMTPD_CHECK_DUNNO; -+ if (!IN6_IS_ADDR_V4MAPPED(&a6) || (strrchr(state->addr,':') == NULL)) -+ return SMTPD_CHECK_DUNNO; -+ octets = argv_split(strrchr(state->addr,':')+1, "."); -+ } - #endif - - /* -@@ -2242,6 +2336,12 @@ - #else - msg_warn("restriction `%s' ignored: no SASL support", name); - #endif -+#ifdef HAS_SSL -+ } else if (strcasecmp(name, PERMIT_TLS_ALL_CLIENTCERTS) == 0) { -+ status = permit_tls_clientcerts(state, 1); -+ } else if (strcasecmp(name, PERMIT_TLS_CLIENTCERTS) == 0) { -+ status = permit_tls_clientcerts(state, 0); -+#endif - } else if (strcasecmp(name, REJECT_UNKNOWN_RCPTDOM) == 0) { - if (state->recipient) - status = reject_unknown_address(state, state->recipient, -@@ -2679,6 +2779,7 @@ - char *var_rcpt_checks = ""; - char *var_etrn_checks = ""; - char *var_relay_domains = ""; -+char *var_relay_ccerts = ""; - char *var_mynetworks = ""; - char *var_notify_classes = ""; - -diff -Pur postfix-1.1.11-20020822-orig/src/smtpd/smtpd_peer.c postfix-1.1.11-20020822/src/smtpd/smtpd_peer.c ---- postfix-1.1.11-20020822-orig/src/smtpd/smtpd_peer.c Thu Aug 22 19:50:51 2002 -+++ postfix-1.1.11-20020822/src/smtpd/smtpd_peer.c Sat Aug 24 00:21:51 2002 -@@ -63,6 +63,15 @@ - #include <netdb.h> - #include <string.h> - -+/* Utility library. */ -+ -+#include <msg.h> -+#include <mymalloc.h> -+#include <valid_hostname.h> -+#include <stringops.h> -+ -+/* Global library. */ -+ - /* - * Older systems don't have h_errno. Even modern systems don't have - * hstrerror(). -@@ -84,16 +93,11 @@ - ) - #endif - --/* Utility library. */ -- --#include <msg.h> --#include <mymalloc.h> --#include <valid_hostname.h> --#include <stringops.h> -- --/* Global library. */ -- -- -+#ifdef INET6 -+#define GAI_STRERROR(error) \ -+ ((error = EAI_SYSTEM) ? gai_strerror(error) : strerror(errno)) -+#endif -+ - /* Application-specific. */ - - #include "smtpd.h" -@@ -102,21 +106,23 @@ - - void smtpd_peer_init(SMTPD_STATE *state) - { -- struct sockaddr_in sin; -- SOCKADDR_SIZE len = sizeof(sin); -+#ifdef INET6 -+ struct sockaddr_storage ss; -+#else -+ struct sockaddr ss; -+ struct in_addr *in; - struct hostent *hp; -- int i; -+#endif -+ struct sockaddr *sa; -+ SOCKADDR_SIZE len; - -- /* -- * Avoid suprious complaints from Purify on Solaris. -- */ -- memset((char *) &sin, 0, len); -+ sa = (struct sockaddr *)&ss; -+ len = sizeof(ss); - - /* - * Look up the peer address information. - */ -- if (getpeername(vstream_fileno(state->client), -- (struct sockaddr *) & sin, &len) >= 0) { -+ if (getpeername(vstream_fileno(state->client), sa, &len) >= 0) { - errno = 0; - } - -@@ -132,23 +138,56 @@ - /* - * Look up and "verify" the client hostname. - */ -- else if (errno == 0 && sin.sin_family == AF_INET) { -- state->addr = mystrdup(inet_ntoa(sin.sin_addr)); -- hp = gethostbyaddr((char *) &(sin.sin_addr), -- sizeof(sin.sin_addr), AF_INET); -- if (hp == 0) { -+ else if (errno == 0 && (sa->sa_family == AF_INET -+#ifdef INET6 -+ || sa->sa_family == AF_INET6 -+#endif -+ )) { -+#ifdef INET6 -+ char hbuf[NI_MAXHOST]; -+ char abuf[NI_MAXHOST]; -+ struct addrinfo hints, *rnull = NULL; -+#else -+ char abuf[sizeof("255.255.255.255") + 1]; -+ char *hbuf; -+#endif -+ int error = -1; -+ -+#ifdef INET6 -+ (void)getnameinfo(sa, len, abuf, sizeof(abuf), NULL, 0, NI_NUMERICHOST); -+#else -+ in = &((struct sockaddr_in *)sa)->sin_addr; -+ inet_ntop(AF_INET, in, abuf, sizeof(abuf)); -+#endif -+ state->addr = mystrdup(abuf); -+#ifdef INET6 -+ error = getnameinfo(sa, len, hbuf, sizeof(hbuf), NULL, 0, NI_NAMEREQD); -+#else -+ hbuf = NULL; -+ hp = gethostbyaddr((char *)in, sizeof(*in), AF_INET); -+ if (hp) { -+ error = 0; -+ hbuf = mystrdup(hp->h_name); -+ } else -+ error = 1; -+#endif -+ if (error) { - state->name = mystrdup("unknown"); -+#ifdef INET6 -+ state->peer_code = (error == EAI_AGAIN ? 4 : 5); -+#else - state->peer_code = (h_errno == TRY_AGAIN ? 4 : 5); -- } else if (valid_hostaddr(hp->h_name, DONT_GRIPE)) { -+#endif -+ } else if (valid_hostaddr(hbuf, DONT_GRIPE)) { - msg_warn("numeric result %s in address->name lookup for %s", -- hp->h_name, state->addr); -+ hbuf, state->addr); - state->name = mystrdup("unknown"); - state->peer_code = 5; -- } else if (!valid_hostname(hp->h_name, DONT_GRIPE)) { -+ } else if (!valid_hostname(hbuf, DONT_GRIPE)) { - state->name = mystrdup("unknown"); - state->peer_code = 5; - } else { -- state->name = mystrdup(hp->h_name); /* hp->name is clobbered!! */ -+ state->name = mystrdup(hbuf); /* hp->name is clobbered!! */ - state->peer_code = 2; - - /* -@@ -160,16 +199,31 @@ - state->peer_code = code; \ - } - -+#ifdef INET6 -+ memset(&hints, 0, sizeof(hints)); -+ hints.ai_family = AF_UNSPEC; -+ hints.ai_socktype = SOCK_STREAM; -+ error = getaddrinfo(state->name, NULL, &hints, &rnull); -+ if (error) { -+ msg_warn("%s: hostname %s verification failed: %s", -+ state->addr, state->name, GAI_STRERROR(error)); -+ REJECT_PEER_NAME(state, (error == EAI_AGAIN ? 4 : 5)); -+ } -+ /* memcmp() isn't needed if we use getaddrinfo */ -+ if (rnull) -+ freeaddrinfo(rnull); -+#else - hp = gethostbyname(state->name); /* clobbers hp->name!! */ - if (hp == 0) { - msg_warn("%s: hostname %s verification failed: %s", - state->addr, state->name, HSTRERROR(h_errno)); - REJECT_PEER_NAME(state, (h_errno == TRY_AGAIN ? 4 : 5)); -- } else if (hp->h_length != sizeof(sin.sin_addr)) { -+ } else if (hp->h_length != sizeof(*in)) { - msg_warn("%s: hostname %s verification failed: bad address size %d", - state->addr, state->name, hp->h_length); - REJECT_PEER_NAME(state, 5); - } else { -+ int i; - for (i = 0; /* void */ ; i++) { - if (hp->h_addr_list[i] == 0) { - msg_warn("%s: address not listed for hostname %s", -@@ -177,12 +231,11 @@ - REJECT_PEER_NAME(state, 5); - break; - } -- if (memcmp(hp->h_addr_list[i], -- (char *) &sin.sin_addr, -- sizeof(sin.sin_addr)) == 0) -+ if (memcmp(hp->h_addr_list[i], (char *)in, sizeof(*in)) == 0) - break; /* keep peer name */ - } - } -+#endif - } - } - -diff -Pur postfix-1.1.11-20020822-orig/src/smtpd/smtpd_sasl_proto.c postfix-1.1.11-20020822/src/smtpd/smtpd_sasl_proto.c ---- postfix-1.1.11-20020822-orig/src/smtpd/smtpd_sasl_proto.c Tue Sep 12 00:45:40 2000 -+++ postfix-1.1.11-20020822/src/smtpd/smtpd_sasl_proto.c Sat Aug 24 00:09:02 2002 -@@ -128,6 +128,13 @@ - smtpd_chat_reply(state, "503 Error: authentication not enabled"); - return (-1); - } -+#ifdef HAS_SSL -+ if (state->tls_auth_only && !state->tls_active) { -+ state->error_mask |= MAIL_ERROR_PROTOCOL; -+ smtpd_chat_reply(state, "538 Encryption required for requested authentication mechanism"); -+ return (-1); -+ } -+#endif - if (state->sasl_username) { - state->error_mask |= MAIL_ERROR_PROTOCOL; - smtpd_chat_reply(state, "503 Error: already authenticated"); -diff -Pur postfix-1.1.11-20020822-orig/src/smtpd/smtpd_state.c postfix-1.1.11-20020822/src/smtpd/smtpd_state.c ---- postfix-1.1.11-20020822-orig/src/smtpd/smtpd_state.c Mon Aug 19 23:14:15 2002 -+++ postfix-1.1.11-20020822/src/smtpd/smtpd_state.c Sat Aug 24 00:09:02 2002 -@@ -92,6 +92,11 @@ - state->msg_size = 0; - state->junk_cmds = 0; - state->warn_if_reject = 0; -+ state->tls_active = 0; -+ state->tls_use_tls = 0; -+ state->tls_enforce_tls = 0; -+ state->tls_info = tls_info_zero; -+ state->tls_auth_only = 0; - - #ifdef USE_SASL_AUTH - if (SMTPD_STAND_ALONE(state)) -diff -Pur postfix-1.1.11-20020822-orig/src/smtpstone/smtp-sink.c postfix-1.1.11-20020822/src/smtpstone/smtp-sink.c ---- postfix-1.1.11-20020822-orig/src/smtpstone/smtp-sink.c Fri Aug 16 17:05:25 2002 -+++ postfix-1.1.11-20020822/src/smtpstone/smtp-sink.c Sat Aug 24 00:09:02 2002 -@@ -606,7 +606,7 @@ - } else { - if (strncmp(argv[optind], "inet:", 5) == 0) - argv[optind] += 5; -- sock = inet_listen(argv[optind], backlog, BLOCKING); -+ sock = inet_listen(argv[optind], backlog, BLOCKING, 1); - } - - /* -diff -Pur postfix-1.1.11-20020822-orig/src/tlsmgr/Makefile.in postfix-1.1.11-20020822/src/tlsmgr/Makefile.in ---- postfix-1.1.11-20020822-orig/src/tlsmgr/Makefile.in Thu Jan 1 01:00:00 1970 -+++ postfix-1.1.11-20020822/src/tlsmgr/Makefile.in Sat Aug 24 00:09:02 2002 -@@ -0,0 +1,75 @@ -+SHELL = /bin/sh -+SRCS = tlsmgr.c -+OBJS = tlsmgr.o -+HDRS = -+TESTSRC = -+WARN = -W -Wformat -Wimplicit -Wmissing-prototypes \ -+ -Wparentheses -Wstrict-prototypes -Wswitch -Wuninitialized \ -+ -Wunused -+DEFS = -I. -I$(INC_DIR) -D$(SYSTYPE) -+CFLAGS = $(DEBUG) $(OPT) $(DEFS) -+TESTPROG= -+PROG = tlsmgr -+INC_DIR = ../../include -+LIBS = ../../lib/libmaster.a ../../lib/libglobal.a ../../lib/libutil.a -+ -+.c.o:; $(CC) $(CFLAGS) -c $*.c -+ -+$(PROG): $(OBJS) $(LIBS) -+ $(CC) $(CFLAGS) -o $@ $(OBJS) $(LIBS) $(SYSLIBS) -+ -+Makefile: Makefile.in -+ (set -e; echo "# DO NOT EDIT"; $(OPTS) $(SHELL) ../../makedefs; cat $?) >$@ -+ -+test: $(TESTPROG) -+ -+update: ../../libexec/$(PROG) -+ -+../../libexec/$(PROG): $(PROG) -+ cp $(PROG) ../../libexec -+ -+printfck: $(OBJS) $(PROG) -+ rm -rf printfck -+ mkdir printfck -+ cp *.h printfck -+ sed '1,/^# do not edit/!d' Makefile >printfck/Makefile -+ set -e; for i in *.c; do printfck -f .printfck $$i >printfck/$$i; done -+ cd printfck; make "INC_DIR=../../../../include" `cd ../..; ls *.o` -+ -+lint: -+ lint $(DEFS) $(SRCS) $(LINTFIX) -+ -+clean: -+ rm -f *.o *core $(PROG) $(TESTPROG) junk -+ rm -rf printfck -+ -+tidy: clean -+ -+depend: $(MAKES) -+ (sed '1,/^# do not edit/!d' Makefile.in; \ -+ set -e; for i in [a-z][a-z0-9]*.c; do \ -+ $(CC) -E $(DEFS) $(INCL) $$i | sed -n -e '/^# *1 *"\([^"]*\)".*/{' \ -+ -e 's//'`echo $$i|sed 's/c$$/o/'`': \1/' -e 'p' -e '}'; \ -+ done) | grep -v '[.][o][:][ ][/]' >$$$$ && mv $$$$ Makefile.in -+ @make -f Makefile.in Makefile -+ -+# do not edit below this line - it is generated by 'make depend' -+tlsmgr.o: tlsmgr.c -+tlsmgr.o: ../../include/sys_defs.h -+tlsmgr.o: ../../include/msg.h -+tlsmgr.o: ../../include/events.h -+tlsmgr.o: ../../include/vstream.h -+tlsmgr.o: ../../include/vbuf.h -+tlsmgr.o: ../../include/dict.h -+tlsmgr.o: ../../include/argv.h -+tlsmgr.o: ../../include/vstring.h -+tlsmgr.o: ../../include/stringops.h -+tlsmgr.o: ../../include/mymalloc.h -+tlsmgr.o: ../../include/connect.h -+tlsmgr.o: ../../include/myflock.h -+tlsmgr.o: ../../include/mail_conf.h -+tlsmgr.o: ../../include/mail_params.h -+tlsmgr.o: ../../include/iostuff.h -+tlsmgr.o: ../../include/master_proto.h -+tlsmgr.o: ../../include/mail_server.h -+tlsmgr.o: ../../include/pfixtls.h -diff -Pur postfix-1.1.11-20020822-orig/src/tlsmgr/tlsmgr.c postfix-1.1.11-20020822/src/tlsmgr/tlsmgr.c ---- postfix-1.1.11-20020822-orig/src/tlsmgr/tlsmgr.c Thu Jan 1 01:00:00 1970 -+++ postfix-1.1.11-20020822/src/tlsmgr/tlsmgr.c Sat Aug 24 00:09:02 2002 -@@ -0,0 +1,598 @@ -+/*++ -+/* NAME -+/* tlsmgr 8 -+/* SUMMARY -+/* Postfix TLS session cache and PRNG handling manager -+/* SYNOPSIS -+/* \fBtlsmgr\fR [generic Postfix daemon options] -+/* DESCRIPTION -+/* The tlsmgr process does housekeeping on the session cache database -+/* files. It runs through the databases and removes expired entries -+/* and entries written by older (incompatible) versions. -+/* -+/* The tlsmgr is responsible for the PRNG handling. The used internal -+/* OpenSSL PRNG has a pool size of 8192 bits (= 1024 bytes). The pool -+/* is initially seeded at startup from an external source (EGD or -+/* /dev/urandom) and additional seed is obtained later during program -+/* run at a configurable period. The exact time of seed query is -+/* using random information and is equally distributed in the range of -+/* [0-\fBtls_random_reseed_period\fR] with a \fBtls_random_reseed_period\fR -+/* having a default of 1 hour. -+/* -+/* Tlsmgr can be run chrooted and with dropped privileges, as it will -+/* connect to the entropy source at startup. -+/* -+/* The PRNG is additionally seeded internally by the data found in the -+/* session cache and timevalues. -+/* -+/* Tlsmgr reads the old value of the exchange file at startup to keep -+/* entropy already collected during previous runs. -+/* -+/* From the PRNG random pool a cryptographically strong 1024 byte random -+/* sequence is written into the PRNG exchange file. The file is updated -+/* periodically with the time changing randomly from -+/* [0-\fBtls_random_prng_update_period\fR]. -+/* STANDARDS -+/* SECURITY -+/* .ad -+/* .fi -+/* Tlsmgr is not security-sensitive. It only deals with external data -+/* to be fed into the PRNG, the contents is never trusted. The session -+/* cache housekeeping will only remove entries if expired and will never -+/* touch the contents of the cached data. -+/* DIAGNOSTICS -+/* Problems and transactions are logged to the syslog daemon. -+/* BUGS -+/* There is no automatic means to limit the number of entries in the -+/* session caches and/or the size of the session cache files. -+/* CONFIGURATION PARAMETERS -+/* .ad -+/* .fi -+/* The following \fBmain.cf\fR parameters are especially relevant to -+/* this program. See the Postfix \fBmain.cf\fR file for syntax details -+/* and for default values. Use the \fBpostfix reload\fR command after -+/* a configuration change. -+/* .SH Session Cache -+/* .ad -+/* .fi -+/* .IP \fBsmtpd_tls_session_cache_database\fR -+/* Name of the SDBM file (type sdbm:) containing the SMTP server session -+/* cache. If the file does not exist, it is created. -+/* .IP \fBsmtpd_tls_session_cache_timeout\fR -+/* Expiry time of SMTP server session cache entries in seconds. Entries -+/* older than this are removed from the session cache. A cleanup-run is -+/* performed periodically every \fBsmtpd_tls_session_cache_timeout\fR -+/* seconds. Default is 3600 (= 1 hour). -+/* .IP \fBsmtp_tls_session_cache_database\fR -+/* Name of the SDBM file (type sdbm:) containing the SMTP client session -+/* cache. If the file does not exist, it is created. -+/* .IP \fBsmtp_tls_session_cache_timeout\fR -+/* Expiry time of SMTP client session cache entries in seconds. Entries -+/* older than this are removed from the session cache. A cleanup-run is -+/* performed periodically every \fBsmtp_tls_session_cache_timeout\fR -+/* seconds. Default is 3600 (= 1 hour). -+/* .SH Pseudo Random Number Generator -+/* .ad -+/* .fi -+/* .IP \fBtls_random_source\fR -+/* Name of the EGD socket or device or regular file to obtain entropy -+/* from. The type of entropy source must be specified by preceding the -+/* name with the appropriate type: egd:/path/to/egd_socket, -+/* dev:/path/to/devicefile, or /path/to/regular/file. -+/* tlsmgr opens \fBtls_random_source\fR and tries to read -+/* \fBtls_random_bytes\fR from it. -+/* .IP \fBtls_random_bytes\fR -+/* Number of bytes to be read from \fBtls_random_source\fR. -+/* Default value is 32 bytes. If using EGD, a maximum of 255 bytes is read. -+/* .IP \fBtls_random_exchange_name\fR -+/* Name of the file written by tlsmgr and read by smtp and smtpd at -+/* startup. The length is 1024 bytes. Default value is -+/* /etc/postfix/prng_exch. -+/* .IP \fBtls_random_reseed_period\fR -+/* Time in seconds until the next reseed from external sources is due. -+/* This is the maximum value. The actual point in time is calculated -+/* with a random factor equally distributed between 0 and this maximum -+/* value. Default is 3600 (= 60 minutes). -+/* .IP \fBtls_random_prng_update_period\fR -+/* Time in seconds until the PRNG exchange file is updated with new -+/* pseude random values. This is the maximum value. The actual point -+/* in time is calculated with a random factor equally distributed -+/* between 0 and this maximum value. Default is 60 (= 1 minute). -+/* SEE ALSO -+/* smtp(8) SMTP client -+/* smtpd(8) SMTP server -+/* LICENSE -+/* .ad -+/* .fi -+/* The Secure Mailer license must be distributed with this software. -+/* AUTHOR(S) -+/*--*/ -+ -+/* System library. */ -+ -+#include <sys_defs.h> -+#include <stdlib.h> -+#include <unistd.h> -+#include <ctype.h> -+#include <errno.h> -+#include <string.h> -+#include <sys/time.h> /* gettimeofday, not POSIX */ -+ -+/* OpenSSL library. */ -+#ifdef HAS_SSL -+#include <openssl/rand.h> /* For the PRNG */ -+#endif -+ -+/* Utility library. */ -+ -+#include <msg.h> -+#include <events.h> -+#include <dict.h> -+#include <stringops.h> -+#include <mymalloc.h> -+#include <connect.h> -+#include <myflock.h> -+ -+/* Global library. */ -+ -+#include <mail_conf.h> -+#include <mail_params.h> -+#include <pfixtls.h> -+ -+/* Master process interface */ -+ -+#include <master_proto.h> -+#include <mail_server.h> -+ -+/* Application-specific. */ -+ -+ /* -+ * Tunables. -+ */ -+char *var_tls_rand_source; -+int var_tls_rand_bytes; -+int var_tls_reseed_period; -+int var_tls_prng_upd_period; -+ -+static int rand_exch_fd; -+static int rand_source_dev_fd = -1; -+static int rand_source_socket_fd = -1; -+static int srvr_scache_db_active; -+static int clnt_scache_db_active; -+static DICT *srvr_scache_db = NULL; -+static DICT *clnt_scache_db = NULL; -+ -+static void tlsmgr_prng_upd_event(int unused_event, char *dummy) -+{ -+ struct timeval tv; -+ unsigned char buffer[1024]; -+ int next_period; -+ -+#ifdef HAS_SSL -+ /* -+ * It is time to update the PRNG exchange file. Since other processes might -+ * have added entropy, we do this in a read_stir-back_write cycle. -+ */ -+ GETTIMEOFDAY(&tv); -+ RAND_seed(&tv, sizeof(struct timeval)); -+ -+ if (myflock(rand_exch_fd, INTERNAL_LOCK, MYFLOCK_OP_EXCLUSIVE) != 0) -+ msg_fatal("Could not lock random exchange file: %s", -+ strerror(errno)); -+ -+ lseek(rand_exch_fd, 0, SEEK_SET); -+ if (read(rand_exch_fd, buffer, 1024) < 0) -+ msg_fatal("reading exchange file failed"); -+ RAND_seed(buffer, 1024); -+ -+ RAND_bytes(buffer, 1024); -+ lseek(rand_exch_fd, 0, SEEK_SET); -+ if (write(rand_exch_fd, buffer, 1024) != 1024) -+ msg_fatal("Writing exchange file failed"); -+ -+ if (myflock(rand_exch_fd, INTERNAL_LOCK, MYFLOCK_OP_NONE) != 0) -+ msg_fatal("Could not unlock random exchange file: %s", -+ strerror(errno)); -+ -+ /* -+ * Make prediction difficult for outsiders and calculate the time for the -+ * next execution randomly. -+ */ -+ next_period = (var_tls_prng_upd_period * buffer[0]) / 255; -+ event_request_timer(tlsmgr_prng_upd_event, dummy, next_period); -+#endif -+} -+ -+ -+static void tlsmgr_reseed_event(int unused_event, char *dummy) -+{ -+ int egd_success; -+ int next_period; -+ int rand_bytes; -+ char buffer[255]; -+ struct timeval tv; -+ unsigned char randbyte; -+ -+#ifdef HAS_SSL -+ /* -+ * It is time to reseed the PRNG. -+ */ -+ -+ GETTIMEOFDAY(&tv); -+ RAND_seed(&tv, sizeof(struct timeval)); -+ if (rand_source_dev_fd != -1) { -+ rand_bytes = read(rand_source_dev_fd, buffer, var_tls_rand_bytes); -+ if (rand_bytes > 0) -+ RAND_seed(buffer, rand_bytes); -+ else if (rand_bytes < 0) { -+ msg_fatal("Read from entropy device %s failed", -+ var_tls_rand_source); -+ } -+ } else if (rand_source_socket_fd != -1) { -+ egd_success = 0; -+ buffer[0] = 1; -+ buffer[1] = var_tls_rand_bytes; -+ if (write(rand_source_socket_fd, buffer, 2) != 2) -+ msg_info("Could not talk to %s", var_tls_rand_source); -+ else if (read(rand_source_socket_fd, buffer, 1) != 1) -+ msg_info("Could not read info from %s", var_tls_rand_source); -+ else { -+ rand_bytes = buffer[0]; -+ if (read(rand_source_socket_fd, buffer, rand_bytes) != rand_bytes) -+ msg_info("Could not read data from %s", var_tls_rand_source); -+ else { -+ egd_success = 1; -+ RAND_seed(buffer, rand_bytes); -+ } -+ } -+ if (!egd_success) { -+ msg_info("Lost connection to EGD-device, exiting to reconnect."); -+ exit(0); -+ } -+ } else if (*var_tls_rand_source) { -+ rand_bytes = RAND_load_file(var_tls_rand_source, var_tls_rand_bytes); -+ } -+ -+ /* -+ * Make prediction difficult for outsiders and calculate the time for the -+ * next execution randomly. -+ */ -+ RAND_bytes(&randbyte, 1); -+ next_period = (var_tls_reseed_period * randbyte) / 255; -+ event_request_timer(tlsmgr_reseed_event, dummy, next_period); -+#endif -+} -+ -+ -+static int tlsmgr_do_scache_check(DICT *scache_db, int scache_timeout, -+ int start) -+{ -+#ifdef HAS_SSL -+ int func; -+ int len; -+ int n; -+ int delete = 0; -+ int result; -+ struct timeval tv; -+ const char *member; -+ const char *value; -+ char *member_copy; -+ unsigned char nibble, *data; -+ pfixtls_scache_info_t scache_info; -+ -+ GETTIMEOFDAY(&tv); -+ RAND_seed(&tv, sizeof(struct timeval)); -+ -+ /* -+ * Run through the given dictionary and check the stored sessions. -+ * If "start" is set to 1, a new run is initiated, otherwise the next -+ * item is accessed. The state is internally kept in the DICT. -+ */ -+ if (start) -+ func = DICT_SEQ_FUN_FIRST; -+ else -+ func = DICT_SEQ_FUN_NEXT; -+ result = dict_seq(scache_db, func, &member, &value); -+ -+ if (result > 0) -+ return 0; /* End of list reached */ -+ else if (result < 0) -+ msg_fatal("Database fault, should already be caught."); -+ else { -+ member_copy = mystrdup(member); -+ len = strlen(value); -+ RAND_seed(value, len); /* Use it to increase entropy */ -+ if (len < 2 * sizeof(pfixtls_scache_info_t)) -+ delete = 1; /* Messed up, delete */ -+ else if (len > 2 * sizeof(pfixtls_scache_info_t)) -+ len = 2 * sizeof(pfixtls_scache_info_t); -+ if (!delete) { -+ data = (unsigned char *)(&scache_info); -+ memset(data, 0, len / 2); -+ for (n = 0; n < len; n++) { -+ if ((value[n] >= '0') && (value[n] <= '9')) -+ nibble = value[n] - '0'; -+ else -+ nibble = value[n] - 'A' + 10; -+ if (n % 2) -+ data[n / 2] |= nibble; -+ else -+ data[n / 2] |= (nibble << 4); -+ } -+ -+ if ((scache_info.scache_db_version != scache_db_version) || -+ (scache_info.openssl_version != openssl_version) || -+ (scache_info.timestamp + scache_timeout < time(NULL))) -+ delete = 1; -+ } -+ if (delete) -+ result = dict_del(scache_db, member_copy); -+ myfree(member_copy); -+ } -+ -+ if (delete && result) -+ msg_info("Could not delete %s", member); -+ return 1; -+ -+#else -+ return 0; -+#endif -+} -+ -+static void tlsmgr_clnt_cache_run_event(int unused_event, char *dummy) -+{ -+ -+ /* -+ * This routine runs when it is time for another tls session cache scan. -+ * Make sure this routine gets called again in the future. -+ */ -+ clnt_scache_db_active = tlsmgr_do_scache_check(clnt_scache_db, -+ var_smtp_tls_scache_timeout, 1); -+ event_request_timer(tlsmgr_clnt_cache_run_event, dummy, -+ var_smtp_tls_scache_timeout); -+} -+ -+ -+static void tlsmgr_srvr_cache_run_event(int unused_event, char *dummy) -+{ -+ -+ /* -+ * This routine runs when it is time for another tls session cache scan. -+ * Make sure this routine gets called again in the future. -+ */ -+ srvr_scache_db_active = tlsmgr_do_scache_check(srvr_scache_db, -+ var_smtpd_tls_scache_timeout, 1); -+ event_request_timer(tlsmgr_srvr_cache_run_event, dummy, -+ var_smtpd_tls_scache_timeout); -+} -+ -+ -+static DICT *tlsmgr_cache_open(const char *dbname) -+{ -+ DICT *retval; -+ char *dbpagname; -+ char *dbdirname; -+ -+ /* -+ * First, try to find out the real name of the database file, so that -+ * it can be removed. -+ */ -+ if (!strncmp(dbname, "sdbm:", 5)) { -+ dbpagname = concatenate(dbname + 5, ".pag", NULL); -+ REMOVE(dbpagname); -+ myfree(dbpagname); -+ dbdirname = concatenate(dbname + 5, ".dir", NULL); -+ REMOVE(dbdirname); -+ myfree(dbdirname); -+ } -+ else { -+ msg_warn("Only type sdbm: supported: %s", dbname); -+ return NULL; -+ } -+ -+ /* -+ * Now open the dictionary. Do it with O_EXCL, so that we only open a -+ * fresh file. If we cannot open it with a fresh file, then we won't -+ * touch it. -+ */ -+ retval = dict_open(dbname, O_RDWR | O_CREAT | O_EXCL, -+ DICT_FLAG_DUP_REPLACE | DICT_FLAG_LOCK | DICT_FLAG_SYNC_UPDATE); -+ if (!retval) -+ msg_warn("Could not create dictionary %s", dbname); -+ return retval; -+} -+ -+/* tlsmgr_trigger_event - respond to external trigger(s) */ -+ -+static void tlsmgr_trigger_event(char *buf, int len, -+ char *unused_service, char **argv) -+{ -+ /* -+ * Sanity check. This service takes no command-line arguments. -+ */ -+ if (argv[0]) -+ msg_fatal("unexpected command-line argument: %s", argv[0]); -+ -+} -+ -+/* tlsmgr_loop - queue manager main loop */ -+ -+static int tlsmgr_loop(char *unused_name, char **unused_argv) -+{ -+ /* -+ * This routine runs as part of the event handling loop, after the event -+ * manager has delivered a timer or I/O event (including the completion -+ * of a connection to a delivery process), or after it has waited for a -+ * specified amount of time. The result value of qmgr_loop() specifies -+ * how long the event manager should wait for the next event. -+ */ -+#define DONT_WAIT 0 -+#define WAIT_FOR_EVENT (-1) -+ -+ if (clnt_scache_db_active) -+ clnt_scache_db_active = tlsmgr_do_scache_check(clnt_scache_db, -+ var_smtp_tls_scache_timeout, 0); -+ if (srvr_scache_db_active) -+ srvr_scache_db_active = tlsmgr_do_scache_check(srvr_scache_db, -+ var_smtpd_tls_scache_timeout, 0); -+ if (clnt_scache_db_active || srvr_scache_db_active) -+ return (DONT_WAIT); -+ return (WAIT_FOR_EVENT); -+} -+ -+/* pre_accept - see if tables have changed */ -+ -+static void pre_accept(char *unused_name, char **unused_argv) -+{ -+ if (dict_changed()) { -+ msg_info("table has changed -- exiting"); -+ exit(0); -+ } -+} -+ -+/* tlsmgr_pre_init - pre-jail initialization */ -+ -+static void tlsmgr_pre_init(char *unused_name, char **unused_argv) -+{ -+ int rand_bytes; -+ unsigned char buffer[255]; -+ -+#ifdef HAS_SSL -+ /* -+ * Access the external sources for random seed. We may not be able to -+ * access them again if we are sent to chroot jail, so we must leave -+ * dev: and egd: type sources open. -+ */ -+ if (*var_tls_rand_source) { -+ if (!strncmp(var_tls_rand_source, "dev:", 4)) { -+ /* -+ * Source is a random device -+ */ -+ rand_source_dev_fd = open(var_tls_rand_source + 4, 0, 0); -+ if (rand_source_dev_fd == -1) -+ msg_fatal("Could not open entropy device %s", -+ var_tls_rand_source); -+ if (var_tls_rand_bytes > 255) -+ var_tls_rand_bytes = 255; -+ rand_bytes = read(rand_source_dev_fd, buffer, var_tls_rand_bytes); -+ RAND_seed(buffer, rand_bytes); -+ } else if (!strncmp(var_tls_rand_source, "egd:", 4)) { -+ /* -+ * Source is a EGD compatible socket -+ */ -+ rand_source_socket_fd = unix_connect(var_tls_rand_source +4, -+ BLOCKING, 10); -+ if (rand_source_socket_fd == -1) -+ msg_fatal("Could not connect to %s", var_tls_rand_source); -+ if (var_tls_rand_bytes > 255) -+ var_tls_rand_bytes = 255; -+ buffer[0] = 1; -+ buffer[1] = var_tls_rand_bytes; -+ if (write(rand_source_socket_fd, buffer, 2) != 2) -+ msg_fatal("Could not talk to %s", var_tls_rand_source); -+ if (read(rand_source_socket_fd, buffer, 1) != 1) -+ msg_fatal("Could not read info from %s", var_tls_rand_source); -+ rand_bytes = buffer[0]; -+ if (read(rand_source_socket_fd, buffer, rand_bytes) != rand_bytes) -+ msg_fatal("Could not read data from %s", var_tls_rand_source); -+ RAND_seed(buffer, rand_bytes); -+ } else { -+ rand_bytes = RAND_load_file(var_tls_rand_source, -+ var_tls_rand_bytes); -+ } -+ } -+#endif -+ -+ /* -+ * Now open the PRNG exchange file -+ */ -+ if (*var_tls_rand_exch_name) { -+ rand_exch_fd = open(var_tls_rand_exch_name, O_RDWR | O_CREAT, 0600); -+ } -+ -+ /* -+ * Finally, open the session cache files. Remove old files, if still there. -+ * If we could not remove the old files, something is pretty wrong and we -+ * won't touch it!! -+ */ -+ if (*var_smtp_tls_scache_db) -+ clnt_scache_db = tlsmgr_cache_open(var_smtp_tls_scache_db); -+ if (*var_smtpd_tls_scache_db) -+ srvr_scache_db = tlsmgr_cache_open(var_smtpd_tls_scache_db); -+} -+ -+/* qmgr_post_init - post-jail initialization */ -+ -+static void tlsmgr_post_init(char *unused_name, char **unused_argv) -+{ -+ unsigned char buffer[1024]; -+ -+ /* -+ * This routine runs after the skeleton code has entered the chroot jail. -+ * Prevent automatic process suicide after a limited number of client -+ * requests or after a limited amount of idle time. -+ */ -+ var_use_limit = 0; -+ var_idle_limit = 0; -+ -+#ifdef HAS_SSL -+ /* -+ * Complete thie initialization by reading the additional seed from the -+ * PRNG exchange file. Don't care how many bytes were actually read, just -+ * seed buffer into the PRNG, regardless of its contents. -+ */ -+ if (rand_exch_fd >= 0) { -+ if (myflock(rand_exch_fd, INTERNAL_LOCK, MYFLOCK_OP_SHARED) == -1) -+ msg_fatal("Could not lock random exchange file: %s", -+ strerror(errno)); -+ read(rand_exch_fd, buffer, 1024); -+ if (myflock(rand_exch_fd, INTERNAL_LOCK, MYFLOCK_OP_NONE) == -1) -+ msg_fatal("Could not unlock random exchange file: %s", -+ strerror(errno)); -+ RAND_seed(buffer, 1024); -+ tlsmgr_prng_upd_event(0, (char *) 0); -+ tlsmgr_reseed_event(0, (char *) 0); -+ } -+#endif -+ -+ clnt_scache_db_active = 0; -+ srvr_scache_db_active = 0; -+ if (clnt_scache_db) -+ tlsmgr_clnt_cache_run_event(0, (char *) 0); -+ if (srvr_scache_db) -+ tlsmgr_srvr_cache_run_event(0, (char *) 0); -+} -+ -+/* main - the main program */ -+ -+int main(int argc, char **argv) -+{ -+ static CONFIG_STR_TABLE str_table[] = { -+ VAR_TLS_RAND_SOURCE, DEF_TLS_RAND_SOURCE, &var_tls_rand_source, 0, 0, -+ 0, -+ }; -+ static CONFIG_TIME_TABLE time_table[] = { -+ VAR_TLS_RESEED_PERIOD, DEF_TLS_RESEED_PERIOD, &var_tls_reseed_period, 0, 0, -+ VAR_TLS_PRNG_UPD_PERIOD, DEF_TLS_PRNG_UPD_PERIOD, &var_tls_prng_upd_period, 0, 0, -+ 0, -+ }; -+ static CONFIG_INT_TABLE int_table[] = { -+ VAR_TLS_RAND_BYTES, DEF_TLS_RAND_BYTES, &var_tls_rand_bytes, 0, 0, -+ 0, -+ }; -+ -+ /* -+ * Use the trigger service skeleton, because no-one else should be -+ * monitoring our service port while this process runs, and because we do -+ * not talk back to the client. -+ */ -+ trigger_server_main(argc, argv, tlsmgr_trigger_event, -+ MAIL_SERVER_TIME_TABLE, time_table, -+ MAIL_SERVER_INT_TABLE, int_table, -+ MAIL_SERVER_STR_TABLE, str_table, -+ MAIL_SERVER_PRE_INIT, tlsmgr_pre_init, -+ MAIL_SERVER_POST_INIT, tlsmgr_post_init, -+ MAIL_SERVER_LOOP, tlsmgr_loop, -+ MAIL_SERVER_PRE_ACCEPT, pre_accept, -+ 0); -+} -diff -Pur postfix-1.1.11-20020822-orig/src/util/Makefile.in postfix-1.1.11-20020822/src/util/Makefile.in ---- postfix-1.1.11-20020822-orig/src/util/Makefile.in Wed Aug 21 22:23:56 2002 -+++ postfix-1.1.11-20020822/src/util/Makefile.in Sat Aug 24 00:09:02 2002 -@@ -8,7 +8,7 @@ - dict_tcp.c dict_unix.c dir_forest.c doze.c duplex_pipe.c \ - environ.c events.c exec_command.c fifo_listen.c fifo_trigger.c \ - file_limit.c find_inet.c fsspace.c fullname.c get_domainname.c \ -- get_hostname.c hex_quote.c htable.c inet_addr_host.c \ -+ get_hostname.c get_port.c hex_quote.c htable.c inet_addr_host.c \ - inet_addr_list.c inet_addr_local.c inet_connect.c inet_listen.c \ - inet_trigger.c inet_util.c intv.c line_wrap.c lowercase.c \ - lstat_as.c mac_expand.c mac_parse.c make_dirs.c match_list.c \ -@@ -26,7 +26,7 @@ - unix_connect.c unix_listen.c unix_trigger.c unsafe.c username.c \ - valid_hostname.c vbuf.c vbuf_print.c vstream.c vstream_popen.c \ - vstring.c vstring_vstream.c watchdog.c writable.c write_buf.c \ -- write_wait.c strcasecmp.c nvtable.c -+ write_wait.c strcasecmp.c nvtable.c dict_sdbm.c sdbm.c - OBJS = alldig.o argv.o argv_split.o attr_print0.o attr_print64.o \ - attr_scan0.o attr_scan64.o base64_code.o basename.o binhash.o \ - chroot_uid.o clean_env.o close_on_exec.o concatenate.o ctable.o \ -@@ -36,7 +36,7 @@ - dict_tcp.o dict_unix.o dir_forest.o doze.o duplex_pipe.o \ - environ.o events.o exec_command.o fifo_listen.o fifo_trigger.o \ - file_limit.o find_inet.o fsspace.o fullname.o get_domainname.o \ -- get_hostname.o hex_quote.o htable.o inet_addr_host.o \ -+ get_hostname.o get_port.o hex_quote.o htable.o inet_addr_host.o \ - inet_addr_list.o inet_addr_local.o inet_connect.o inet_listen.o \ - inet_trigger.o inet_util.o intv.o line_wrap.o lowercase.o \ - lstat_as.o mac_expand.o mac_parse.o make_dirs.o match_list.o \ -@@ -54,13 +54,13 @@ - unix_connect.o unix_listen.o unix_trigger.o unsafe.o username.o \ - valid_hostname.o vbuf.o vbuf_print.o vstream.o vstream_popen.o \ - vstring.o vstring_vstream.o watchdog.o writable.o write_buf.o \ -- write_wait.o nvtable.o $(STRCASE) -+ write_wait.o nvtable.o $(STRCASE) dict_sdbm.o sdbm.o - HDRS = argv.h attr.h base64_code.h binhash.h chroot_uid.h clean_env.h \ - connect.h ctable.h dict.h dict_db.h dict_dbm.h dict_env.h \ - dict_ht.h dict_ldap.h dict_mysql.h dict_ni.h dict_nis.h \ - dict_nisplus.h dict_pcre.h dict_regexp.h dict_static.h dict_tcp.h \ - dict_unix.h dir_forest.h events.h exec_command.h find_inet.h \ -- fsspace.h fullname.h get_domainname.h get_hostname.h hex_quote.h \ -+ fsspace.h fullname.h get_domainname.h get_hostname.h get_port.h hex_quote.h \ - htable.h inet_addr_host.h inet_addr_list.h inet_addr_local.h \ - inet_util.h intv.h iostuff.h line_wrap.h listen.h lstat_as.h \ - mac_expand.h mac_parse.h make_dirs.h match_list.h match_ops.h \ -@@ -72,7 +72,7 @@ - split_at.h stat_as.h stringops.h sys_defs.h timed_connect.h \ - timed_wait.h trigger.h username.h valid_hostname.h vbuf.h \ - vbuf_print.h vstream.h vstring.h vstring_vstream.h watchdog.h \ -- nvtable.h -+ nvtable.h dict_sdbm.h sdbm.h - TESTSRC = fifo_open.c fifo_rdwr_bug.c fifo_rdonly_bug.c select_bug.c \ - stream_test.c dup2_pass_on_exec.c - WARN = -W -Wformat -Wimplicit -Wmissing-prototypes \ -@@ -589,6 +589,7 @@ - dict_open.o: dict_unix.h - dict_open.o: dict_tcp.h - dict_open.o: dict_dbm.h -+dict_open.o: dict_sdbm.h - dict_open.o: dict_db.h - dict_open.o: dict_nis.h - dict_open.o: dict_nisplus.h -@@ -723,6 +724,7 @@ - get_domainname.o: mymalloc.h - get_domainname.o: get_hostname.h - get_domainname.o: get_domainname.h -+get_port.o: sys_defs.h - get_hostname.o: get_hostname.c - get_hostname.o: sys_defs.h - get_hostname.o: mymalloc.h -@@ -839,6 +841,7 @@ - match_list.o: stringops.h - match_list.o: argv.h - match_list.o: dict.h -+match_list.o: inet_util.h - match_list.o: match_ops.h - match_list.o: match_list.h - match_ops.o: match_ops.c -@@ -1223,3 +1226,9 @@ - write_wait.o: sys_defs.h - write_wait.o: msg.h - write_wait.o: iostuff.h -+sdbm.o: sdbm.c -+sdbm.o: sdbm.h -+dict_sdbm.o: sdbm.h -+dict_sdbm.o: dict_sdbm.c -+dict_sdbm.o: dict_sdbm.h -+dict_sdbm.o: sys_defs.h -diff -Pur postfix-1.1.11-20020822-orig/src/util/dict_open.c postfix-1.1.11-20020822/src/util/dict_open.c ---- postfix-1.1.11-20020822-orig/src/util/dict_open.c Fri Dec 21 23:18:07 2001 -+++ postfix-1.1.11-20020822/src/util/dict_open.c Sat Aug 24 00:09:02 2002 -@@ -159,6 +159,7 @@ - #include <dict_env.h> - #include <dict_unix.h> - #include <dict_tcp.h> -+#include <dict_sdbm.h> - #include <dict_dbm.h> - #include <dict_db.h> - #include <dict_nis.h> -@@ -187,6 +188,7 @@ - #if 0 - DICT_TYPE_TCP, dict_tcp_open, - #endif -+ "sdbm", dict_sdbm_open, - #ifdef HAS_DBM - DICT_TYPE_DBM, dict_dbm_open, - #endif -diff -Pur postfix-1.1.11-20020822-orig/src/util/dict_sdbm.c postfix-1.1.11-20020822/src/util/dict_sdbm.c ---- postfix-1.1.11-20020822-orig/src/util/dict_sdbm.c Thu Jan 1 01:00:00 1970 -+++ postfix-1.1.11-20020822/src/util/dict_sdbm.c Sat Aug 24 00:09:03 2002 -@@ -0,0 +1,408 @@ -+/*++ -+/* NAME -+/* dict_sdbm 3 -+/* SUMMARY -+/* dictionary manager interface to SDBM files -+/* SYNOPSIS -+/* #include <dict_sdbm.h> -+/* -+/* DICT *dict_sdbm_open(path, open_flags, dict_flags) -+/* const char *name; -+/* const char *path; -+/* int open_flags; -+/* int dict_flags; -+/* DESCRIPTION -+/* dict_sdbm_open() opens the named SDBM database and makes it available -+/* via the generic interface described in dict_open(3). -+/* DIAGNOSTICS -+/* Fatal errors: cannot open file, file write error, out of memory. -+/* SEE ALSO -+/* dict(3) generic dictionary manager -+/* sdbm(3) data base subroutines -+/* LICENSE -+/* .ad -+/* .fi -+/* The Secure Mailer license must be distributed with this software. -+/* AUTHOR(S) -+/* Wietse Venema -+/* IBM T.J. Watson Research -+/* P.O. Box 704 -+/* Yorktown Heights, NY 10598, USA -+/*--*/ -+ -+#include "sys_defs.h" -+ -+/* System library. */ -+ -+#include <sys/stat.h> -+#include <string.h> -+#include <unistd.h> -+ -+/* Utility library. */ -+ -+#include "msg.h" -+#include "mymalloc.h" -+#include "htable.h" -+#include "iostuff.h" -+#include "vstring.h" -+#include "myflock.h" -+#include "stringops.h" -+#include "dict.h" -+#include "dict_sdbm.h" -+#include "sdbm.h" -+ -+/* Application-specific. */ -+ -+typedef struct { -+ DICT dict; /* generic members */ -+ SDBM *dbm; /* open database */ -+ char *path; /* pathname */ -+} DICT_SDBM; -+ -+/* dict_sdbm_lookup - find database entry */ -+ -+static const char *dict_sdbm_lookup(DICT *dict, const char *name) -+{ -+ DICT_SDBM *dict_sdbm = (DICT_SDBM *) dict; -+ datum dbm_key; -+ datum dbm_value; -+ static VSTRING *buf; -+ const char *result = 0; -+ -+ dict_errno = 0; -+ -+ /* -+ * Acquire an exclusive lock. -+ */ -+ if ((dict->flags & DICT_FLAG_LOCK) -+ && myflock(dict->lock_fd, INTERNAL_LOCK, MYFLOCK_OP_SHARED) < 0) -+ msg_fatal("%s: lock dictionary: %m", dict_sdbm->path); -+ -+ /* -+ * See if this DBM file was written with one null byte appended to key -+ * and value. -+ */ -+ if (dict->flags & DICT_FLAG_TRY1NULL) { -+ dbm_key.dptr = (void *) name; -+ dbm_key.dsize = strlen(name) + 1; -+ dbm_value = sdbm_fetch(dict_sdbm->dbm, dbm_key); -+ if (dbm_value.dptr != 0) { -+ dict->flags &= ~DICT_FLAG_TRY0NULL; -+ result = dbm_value.dptr; -+ } -+ } -+ -+ /* -+ * See if this DBM file was written with no null byte appended to key and -+ * value. -+ */ -+ if (result == 0 && (dict->flags & DICT_FLAG_TRY0NULL)) { -+ dbm_key.dptr = (void *) name; -+ dbm_key.dsize = strlen(name); -+ dbm_value = sdbm_fetch(dict_sdbm->dbm, dbm_key); -+ if (dbm_value.dptr != 0) { -+ if (buf == 0) -+ buf = vstring_alloc(10); -+ vstring_strncpy(buf, dbm_value.dptr, dbm_value.dsize); -+ dict->flags &= ~DICT_FLAG_TRY1NULL; -+ result = vstring_str(buf); -+ } -+ } -+ -+ /* -+ * Release the exclusive lock. -+ */ -+ if ((dict->flags & DICT_FLAG_LOCK) -+ && myflock(dict->lock_fd, INTERNAL_LOCK, MYFLOCK_OP_NONE) < 0) -+ msg_fatal("%s: unlock dictionary: %m", dict_sdbm->path); -+ -+ return (result); -+} -+ -+/* dict_sdbm_update - add or update database entry */ -+ -+static void dict_sdbm_update(DICT *dict, const char *name, const char *value) -+{ -+ DICT_SDBM *dict_sdbm = (DICT_SDBM *) dict; -+ datum dbm_key; -+ datum dbm_value; -+ int status; -+ -+ dbm_key.dptr = (void *) name; -+ dbm_value.dptr = (void *) value; -+ dbm_key.dsize = strlen(name); -+ dbm_value.dsize = strlen(value); -+ -+ /* -+ * If undecided about appending a null byte to key and value, choose a -+ * default depending on the platform. -+ */ -+ if ((dict->flags & DICT_FLAG_TRY1NULL) -+ && (dict->flags & DICT_FLAG_TRY0NULL)) { -+#ifdef DBM_NO_TRAILING_NULL -+ dict->flags &= ~DICT_FLAG_TRY1NULL; -+#else -+ dict->flags &= ~DICT_FLAG_TRY0NULL; -+#endif -+ } -+ -+ /* -+ * Optionally append a null byte to key and value. -+ */ -+ if (dict->flags & DICT_FLAG_TRY1NULL) { -+ dbm_key.dsize++; -+ dbm_value.dsize++; -+ } -+ -+ /* -+ * Acquire an exclusive lock. -+ */ -+ if ((dict->flags & DICT_FLAG_LOCK) -+ && myflock(dict->lock_fd, INTERNAL_LOCK, MYFLOCK_OP_EXCLUSIVE) < 0) -+ msg_fatal("%s: lock dictionary: %m", dict_sdbm->path); -+ -+ /* -+ * Do the update. -+ */ -+ if ((status = sdbm_store(dict_sdbm->dbm, dbm_key, dbm_value, -+ (dict->flags & DICT_FLAG_DUP_REPLACE) ? DBM_REPLACE : DBM_INSERT)) < 0) -+ msg_fatal("error writing SDBM database %s: %m", dict_sdbm->path); -+ if (status) { -+ if (dict->flags & DICT_FLAG_DUP_IGNORE) -+ /* void */ ; -+ else if (dict->flags & DICT_FLAG_DUP_WARN) -+ msg_warn("%s: duplicate entry: \"%s\"", dict_sdbm->path, name); -+ else -+ msg_fatal("%s: duplicate entry: \"%s\"", dict_sdbm->path, name); -+ } -+ -+ /* -+ * Release the exclusive lock. -+ */ -+ if ((dict->flags & DICT_FLAG_LOCK) -+ && myflock(dict->lock_fd, INTERNAL_LOCK, MYFLOCK_OP_NONE) < 0) -+ msg_fatal("%s: unlock dictionary: %m", dict_sdbm->path); -+} -+ -+ -+/* dict_sdbm_delete - delete one entry from the dictionary */ -+ -+static int dict_sdbm_delete(DICT *dict, const char *name) -+{ -+ DICT_SDBM *dict_sdbm = (DICT_SDBM *) dict; -+ datum dbm_key; -+ int status = 1; -+ int flags = 0; -+ -+ /* -+ * Acquire an exclusive lock. -+ */ -+ if ((dict->flags & DICT_FLAG_LOCK) -+ && myflock(dict->lock_fd, INTERNAL_LOCK, MYFLOCK_OP_EXCLUSIVE) < 0) -+ msg_fatal("%s: lock dictionary: %m", dict_sdbm->path); -+ -+ /* -+ * See if this DBM file was written with one null byte appended to key -+ * and value. -+ */ -+ if (dict->flags & DICT_FLAG_TRY1NULL) { -+ dbm_key.dptr = (void *) name; -+ dbm_key.dsize = strlen(name) + 1; -+ sdbm_clearerr(dict_sdbm->dbm); -+ if ((status = sdbm_delete(dict_sdbm->dbm, dbm_key)) < 0) { -+ if (sdbm_error(dict_sdbm->dbm) != 0) /* fatal error */ -+ msg_fatal("error deleting from %s: %m", dict_sdbm->path); -+ status = 1; /* not found */ -+ } else { -+ dict->flags &= ~DICT_FLAG_TRY0NULL; /* found */ -+ } -+ } -+ -+ /* -+ * See if this DBM file was written with no null byte appended to key and -+ * value. -+ */ -+ if (status > 0 && (dict->flags & DICT_FLAG_TRY0NULL)) { -+ dbm_key.dptr = (void *) name; -+ dbm_key.dsize = strlen(name); -+ sdbm_clearerr(dict_sdbm->dbm); -+ if ((status = sdbm_delete(dict_sdbm->dbm, dbm_key)) < 0) { -+ if (sdbm_error(dict_sdbm->dbm) != 0) /* fatal error */ -+ msg_fatal("error deleting from %s: %m", dict_sdbm->path); -+ status = 1; /* not found */ -+ } else { -+ dict->flags &= ~DICT_FLAG_TRY1NULL; /* found */ -+ } -+ } -+ -+ /* -+ * Release the exclusive lock. -+ */ -+ if ((dict->flags & DICT_FLAG_LOCK) -+ && myflock(dict->lock_fd, INTERNAL_LOCK, MYFLOCK_OP_NONE) < 0) -+ msg_fatal("%s: unlock dictionary: %m", dict_sdbm->path); -+ -+ return (status); -+} -+ -+/* traverse the dictionary */ -+ -+static int dict_sdbm_sequence(DICT *dict, const int function, -+ const char **key, const char **value) -+{ -+ char *myname = "dict_sdbm_sequence"; -+ DICT_SDBM *dict_sdbm = (DICT_SDBM *) dict; -+ datum dbm_key; -+ datum dbm_value; -+ int status = 0; -+ static VSTRING *key_buf; -+ static VSTRING *value_buf; -+ -+ /* -+ * Acquire an exclusive lock. -+ */ -+ if ((dict->flags & DICT_FLAG_LOCK) -+ && myflock(dict->lock_fd, INTERNAL_LOCK, MYFLOCK_OP_EXCLUSIVE) < 0) -+ msg_fatal("%s: lock dictionary: %m", dict_sdbm->path); -+ -+ /* -+ * Determine and execute the seek function. It returns the key. -+ */ -+ switch (function) { -+ case DICT_SEQ_FUN_FIRST: -+ dbm_key = sdbm_firstkey(dict_sdbm->dbm); -+ break; -+ case DICT_SEQ_FUN_NEXT: -+ dbm_key = sdbm_nextkey(dict_sdbm->dbm); -+ break; -+ default: -+ msg_panic("%s: invalid function: %d", myname, function); -+ } -+ -+ /* -+ * Release the exclusive lock. -+ */ -+ if ((dict->flags & DICT_FLAG_LOCK) -+ && myflock(dict->lock_fd, INTERNAL_LOCK, MYFLOCK_OP_NONE) < 0) -+ msg_fatal("%s: unlock dictionary: %m", dict_sdbm->path); -+ -+ if (dbm_key.dptr != 0 && dbm_key.dsize > 0) { -+ -+ /* -+ * See if this DB file was written with one null byte appended to key -+ * an d value or not. If necessary, copy the key. -+ */ -+ if (((char *) dbm_key.dptr)[dbm_key.dsize - 1] == 0) { -+ *key = dbm_key.dptr; -+ } else { -+ if (key_buf == 0) -+ key_buf = vstring_alloc(10); -+ vstring_strncpy(key_buf, dbm_key.dptr, dbm_key.dsize); -+ *key = vstring_str(key_buf); -+ } -+ -+ /* -+ * Fetch the corresponding value. -+ */ -+ dbm_value = sdbm_fetch(dict_sdbm->dbm, dbm_key); -+ -+ if (dbm_value.dptr != 0 && dbm_value.dsize > 0) { -+ -+ /* -+ * See if this DB file was written with one null byte appended to -+ * key and value or not. If necessary, copy the key. -+ */ -+ if (((char *) dbm_value.dptr)[dbm_value.dsize - 1] == 0) { -+ *value = dbm_value.dptr; -+ } else { -+ if (value_buf == 0) -+ value_buf = vstring_alloc(10); -+ vstring_strncpy(value_buf, dbm_value.dptr, dbm_value.dsize); -+ *value = vstring_str(value_buf); -+ } -+ } else { -+ -+ /* -+ * Determine if we have hit the last record or an error -+ * condition. -+ */ -+ if (sdbm_error(dict_sdbm->dbm)) -+ msg_fatal("error seeking %s: %m", dict_sdbm->path); -+ return (1); /* no error: eof/not found -+ * (should not happen!) */ -+ } -+ } else { -+ -+ /* -+ * Determine if we have hit the last record or an error condition. -+ */ -+ if (sdbm_error(dict_sdbm->dbm)) -+ msg_fatal("error seeking %s: %m", dict_sdbm->path); -+ return (1); /* no error: eof/not found */ -+ } -+ return (0); -+} -+ -+/* dict_sdbm_close - disassociate from data base */ -+ -+static void dict_sdbm_close(DICT *dict) -+{ -+ DICT_SDBM *dict_sdbm = (DICT_SDBM *) dict; -+ -+ sdbm_close(dict_sdbm->dbm); -+ myfree(dict_sdbm->path); -+ myfree((char *) dict_sdbm); -+} -+ -+/* dict_sdbm_open - open SDBM data base */ -+ -+DICT *dict_sdbm_open(const char *path, int open_flags, int dict_flags) -+{ -+ DICT_SDBM *dict_sdbm; -+ struct stat st; -+ SDBM *dbm; -+ char *dbm_path; -+ int lock_fd; -+ -+ if (dict_flags & DICT_FLAG_LOCK) { -+ dbm_path = concatenate(path, ".pag", (char *) 0); -+ if ((lock_fd = open(dbm_path, open_flags, 0644)) < 0) -+ msg_fatal("open database %s: %m", dbm_path); -+ if (myflock(lock_fd, INTERNAL_LOCK, MYFLOCK_OP_SHARED) < 0) -+ msg_fatal("shared-lock database %s for open: %m", dbm_path); -+ } -+ -+ /* -+ * XXX SunOS 5.x has no const in dbm_open() prototype. -+ */ -+ if ((dbm = sdbm_open((char *) path, open_flags, 0644)) == 0) -+ msg_fatal("open database %s.{dir,pag}: %m", path); -+ -+ if (dict_flags & DICT_FLAG_LOCK) { -+ if (myflock(lock_fd, INTERNAL_LOCK, MYFLOCK_OP_NONE) < 0) -+ msg_fatal("unlock database %s for open: %m", dbm_path); -+ if (close(lock_fd) < 0) -+ msg_fatal("close database %s: %m", dbm_path); -+ myfree(dbm_path); -+ } -+ dict_sdbm = (DICT_SDBM *) mymalloc(sizeof(*dict_sdbm)); -+ dict_sdbm->dict.lookup = dict_sdbm_lookup; -+ dict_sdbm->dict.update = dict_sdbm_update; -+ dict_sdbm->dict.delete = dict_sdbm_delete; -+ dict_sdbm->dict.sequence = dict_sdbm_sequence; -+ dict_sdbm->dict.close = dict_sdbm_close; -+ dict_sdbm->dict.lock_fd = sdbm_dirfno(dbm); -+ dict_sdbm->dict.stat_fd = sdbm_pagfno(dbm); -+ if (fstat(dict_sdbm->dict.stat_fd, &st) < 0) -+ msg_fatal("dict_sdbm_open: fstat: %m"); -+ dict_sdbm->dict.mtime = st.st_mtime; -+ close_on_exec(sdbm_pagfno(dbm), CLOSE_ON_EXEC); -+ close_on_exec(sdbm_dirfno(dbm), CLOSE_ON_EXEC); -+ dict_sdbm->dict.flags = dict_flags | DICT_FLAG_FIXED; -+ if ((dict_flags & (DICT_FLAG_TRY0NULL | DICT_FLAG_TRY1NULL)) == 0) -+ dict_sdbm->dict.flags |= (DICT_FLAG_TRY0NULL | DICT_FLAG_TRY1NULL); -+ dict_sdbm->dbm = dbm; -+ dict_sdbm->path = mystrdup(path); -+ -+ return (&dict_sdbm->dict); -+} -diff -Pur postfix-1.1.11-20020822-orig/src/util/dict_sdbm.h postfix-1.1.11-20020822/src/util/dict_sdbm.h ---- postfix-1.1.11-20020822-orig/src/util/dict_sdbm.h Thu Jan 1 01:00:00 1970 -+++ postfix-1.1.11-20020822/src/util/dict_sdbm.h Sat Aug 24 00:09:03 2002 -@@ -0,0 +1,35 @@ -+#ifndef _DICT_SDBM_H_INCLUDED_ -+#define _DICT_SDBM_H_INCLUDED_ -+ -+/*++ -+/* NAME -+/* dict_dbm 3h -+/* SUMMARY -+/* dictionary manager interface to DBM files -+/* SYNOPSIS -+/* #include <dict_dbm.h> -+/* DESCRIPTION -+/* .nf -+ -+ /* -+ * Utility library. -+ */ -+#include <dict.h> -+ -+ /* -+ * External interface. -+ */ -+extern DICT *dict_sdbm_open(const char *, int, int); -+ -+/* LICENSE -+/* .ad -+/* .fi -+/* The Secure Mailer license must be distributed with this software. -+/* AUTHOR(S) -+/* Wietse Venema -+/* IBM T.J. Watson Research -+/* P.O. Box 704 -+/* Yorktown Heights, NY 10598, USA -+/*--*/ -+ -+#endif -diff -Pur postfix-1.1.11-20020822-orig/src/util/get_port.c postfix-1.1.11-20020822/src/util/get_port.c ---- postfix-1.1.11-20020822-orig/src/util/get_port.c Thu Jan 1 01:00:00 1970 -+++ postfix-1.1.11-20020822/src/util/get_port.c Sat Aug 24 00:09:03 2002 -@@ -0,0 +1,65 @@ -+/*++ -+/* NAME -+/* get_port 3 -+/* SUMMARY -+/* trivial host and port extracter -+/* SYNOPSIS -+/* #include <get_port.h> -+/* -+/* char *get_port(data) -+/* char *data; -+/* -+/* DESCRIPTION -+/* get_port() extract host name or ip address from -+/* strings such as [3ffe:902:12::10]:25, [::1] -+/* or 192.168.0.1:25, and null-terminates the -+/* \fIdata\fR at the first occurrence of port separator. -+/* DIAGNOSTICS -+/* If port not found return null pointer. -+/* LICENSE -+/* .ad -+/* .fi -+/* BSD Style (or BSD like) license. -+/* AUTHOR(S) -+/* Arkadiusz Mi¶kiewicz <misiek@pld.org.pl> -+/* Wroclaw, POLAND -+/*--*/ -+ -+/* System libraries */ -+ -+#include <sys_defs.h> -+#include <string.h> -+ -+/* Utility library. */ -+ -+#include "get_port.h" -+ -+/* get_port - extract port number from string */ -+ -+char *get_port(char *data) -+{ -+ const char *escl=strchr(data,'['); -+ const char *sepl=strchr(data,':'); -+ char *escr=strrchr(data,']'); -+ char *sepr=strrchr(data,':'); -+ -+ /* extract from "[address]:port" or "[address]"*/ -+ if (escl && escr) -+ { -+ memmove(data, data + 1, strlen(data) - strlen(escr)); -+ data[strlen(data) - strlen(escr) - 1] = 0; -+ *escr++ = 0; -+ if (*escr == ':') -+ escr++; -+ return (*escr ? escr : NULL); -+ } -+ /* extract from "address:port" or "address" */ -+ if ((sepl == sepr) && sepr && sepl) -+ { -+ *sepr++ = 0; -+ return sepr; -+ } -+ -+ /* return empty string */ -+ return NULL; -+} -diff -Pur postfix-1.1.11-20020822-orig/src/util/get_port.h postfix-1.1.11-20020822/src/util/get_port.h ---- postfix-1.1.11-20020822-orig/src/util/get_port.h Thu Jan 1 01:00:00 1970 -+++ postfix-1.1.11-20020822/src/util/get_port.h Sat Aug 24 00:09:03 2002 -@@ -0,0 +1,28 @@ -+#ifndef _GET_PORT_H_INCLUDED_ -+#define _GET_PORT_H_INCLUDED_ -+ -+/*++ -+/* NAME -+/* get_port 3h -+/* SUMMARY -+/* trivial host and port extracter -+/* SYNOPSIS -+/* #include <get_port.h> -+/* DESCRIPTION -+/* .nf -+ -+ /* External interface. */ -+ -+extern char *get_port(char *); -+ -+ -+/* LICENSE -+/* .ad -+/* .fi -+/* BSD Style (or BSD like) license. -+/* AUTHOR(S) -+/* Arkadiusz Mi¶kiewicz <misiek@pld.org.pl> -+/* Wroclaw, POLAND -+/*--*/ -+ -+#endif -diff -Pur postfix-1.1.11-20020822-orig/src/util/inet_addr_host.c postfix-1.1.11-20020822/src/util/inet_addr_host.c ---- postfix-1.1.11-20020822-orig/src/util/inet_addr_host.c Fri Dec 11 19:55:35 1998 -+++ postfix-1.1.11-20020822/src/util/inet_addr_host.c Sat Aug 24 00:09:03 2002 -@@ -38,7 +38,10 @@ - #include <sys_defs.h> - #include <netinet/in.h> - #include <arpa/inet.h> -+#include <sys/socket.h> - #include <netdb.h> -+#include <stdlib.h> -+#include <string.h> - - #ifndef INADDR_NONE - #define INADDR_NONE 0xffffffff -@@ -48,15 +51,47 @@ - - #include <inet_addr_list.h> - #include <inet_addr_host.h> -+#ifdef TEST -+#include <msg.h> -+#endif - - /* inet_addr_host - look up address list for host */ - - int inet_addr_host(INET_ADDR_LIST *addr_list, const char *hostname) - { -+#ifdef INET6 -+ int s; -+ struct addrinfo hints, *res0, *res; -+#ifdef TEST -+ char buforhosta[1024]; -+#endif -+ int error; -+#else - struct hostent *hp; - struct in_addr addr; -+#endif - int initial_count = addr_list->used; - -+#ifdef INET6 -+ memset(&hints, 0, sizeof(hints)); -+ hints.ai_family = PF_UNSPEC; -+ hints.ai_socktype = SOCK_DGRAM; -+ error = getaddrinfo(hostname, NULL, &hints, &res0); -+ if (error == 0) { -+ for (res = res0; res; res = res->ai_next) { -+ if(res->ai_family != AF_INET && res->ai_family != AF_INET6) -+ continue; -+ /* filter out address families that are not supported */ -+ s = socket(res->ai_family, SOCK_DGRAM, 0); -+ if (s < 0) -+ continue; -+ close(s); -+ -+ inet_addr_list_append(addr_list, res->ai_addr); -+ } -+ freeaddrinfo(res0); -+ } -+#else - if ((addr.s_addr = inet_addr(hostname)) != INADDR_NONE) { - inet_addr_list_append(addr_list, &addr); - } else { -@@ -65,9 +100,12 @@ - inet_addr_list_append(addr_list, - (struct in_addr *) * hp->h_addr_list++); - } -+#endif -+ - return (addr_list->used - initial_count); - } - -+ - #ifdef TEST - - #include <msg.h> -@@ -78,6 +116,8 @@ - { - INET_ADDR_LIST addr_list; - int i; -+ struct sockaddr *sa; -+ char hbuf[NI_MAXHOST]; - - msg_vstream_init(argv[0], VSTREAM_ERR); - -@@ -89,8 +129,12 @@ - if (inet_addr_host(&addr_list, *argv) == 0) - msg_fatal("not found: %s", *argv); - -- for (i = 0; i < addr_list.used; i++) -- vstream_printf("%s\n", inet_ntoa(addr_list.addrs[i])); -+ for (i = 0; i < addr_list.used; i++) { -+ sa = (struct sockaddr *)&addr_list.addrs[i]; -+ getnameinfo(sa, SA_LEN(sa), hbuf, sizeof(hbuf), NULL, 0, -+ NI_NUMERICHOST); -+ vstream_printf("%s\n", hbuf); -+ } - vstream_fflush(VSTREAM_OUT); - } - inet_addr_list_free(&addr_list); -diff -Pur postfix-1.1.11-20020822-orig/src/util/inet_addr_list.c postfix-1.1.11-20020822/src/util/inet_addr_list.c ---- postfix-1.1.11-20020822-orig/src/util/inet_addr_list.c Tue Jul 31 20:13:41 2001 -+++ postfix-1.1.11-20020822/src/util/inet_addr_list.c Sat Aug 24 00:09:03 2002 -@@ -51,6 +51,13 @@ - #include <arpa/inet.h> - #include <stdlib.h> - -+#include <netdb.h> -+ -+#ifdef INET6 -+#include <string.h> -+#include <sys/socket.h> -+#endif -+ - /* Utility library. */ - - #include <msg.h> -@@ -63,12 +70,39 @@ - { - list->used = 0; - list->size = 2; -+#ifdef INET6 -+ list->addrs = (struct sockaddr_storage *) -+#else - list->addrs = (struct in_addr *) -+#endif - mymalloc(sizeof(*list->addrs) * list->size); - } - - /* inet_addr_list_append - append address to internet address list */ - -+#ifdef INET6 -+void inet_addr_list_append(INET_ADDR_LIST *list, -+ struct sockaddr * addr) -+{ -+ char *myname = "inet_addr_list_append"; -+ char hbuf[NI_MAXHOST]; -+ -+ if (msg_verbose > 1) { -+ if (getnameinfo(addr, SA_LEN(addr), hbuf, sizeof(hbuf), NULL, 0, -+ NI_NUMERICHOST)) { -+ strncpy(hbuf, "??????", sizeof(hbuf)); -+ } -+ msg_info("%s: %s", myname, hbuf); -+ } -+ -+ if (list->used >= list->size) -+ list->size *= 2; -+ list->addrs = (struct sockaddr_storage *) -+ myrealloc((char *) list->addrs, -+ sizeof(*list->addrs) * list->size); -+ memcpy(&list->addrs[list->used++], addr, SA_LEN(addr)); -+} -+#else - void inet_addr_list_append(INET_ADDR_LIST *list, struct in_addr * addr) - { - char *myname = "inet_addr_list_append"; -@@ -83,15 +117,22 @@ - sizeof(*list->addrs) * list->size); - list->addrs[list->used++] = *addr; - } -+#endif - - /* inet_addr_list_comp - compare addresses */ - - static int inet_addr_list_comp(const void *a, const void *b) - { -+#ifdef INET6 -+ if(((struct sockaddr*)a)->sa_family != ((struct sockaddr*)b)->sa_family) -+ return ( ((struct sockaddr*)a)->sa_family - ((struct sockaddr*)b)->sa_family ); -+ return memcmp(a,b,SA_LEN((struct sockaddr*)a)); -+#else - const struct in_addr *a_addr = (const struct in_addr *) a; - const struct in_addr *b_addr = (const struct in_addr *) b; - - return (a_addr->s_addr - b_addr->s_addr); -+#endif - } - - /* inet_addr_list_uniq - weed out duplicates */ -diff -Pur postfix-1.1.11-20020822-orig/src/util/inet_addr_list.h postfix-1.1.11-20020822/src/util/inet_addr_list.h ---- postfix-1.1.11-20020822-orig/src/util/inet_addr_list.h Tue Jul 31 19:56:47 2001 -+++ postfix-1.1.11-20020822/src/util/inet_addr_list.h Sat Aug 24 00:09:03 2002 -@@ -16,19 +16,42 @@ - */ - #include <netinet/in.h> - -+#ifndef SA_LEN -+# ifndef HAS_SA_LEN -+# define SA_LEN(x) (((x)->sa_family == AF_INET6) ? sizeof(struct sockaddr_in6) : sizeof(struct sockaddr_in)) -+# define SS_LEN(x) (((x).ss_family == AF_INET6) ? sizeof(struct sockaddr_in6) : sizeof(struct sockaddr_in)) -+# else -+# define SA_LEN(x) ((x)->sa_len) -+# define SS_LEN(x) ((x).ss_len) -+# endif -+#else -+# ifndef SS_LEN -+# define SS_LEN(x) (((x).ss_family == AF_INET6) ? sizeof(struct sockaddr_in6) : sizeof(struct sockaddr_in)) -+# endif -+#endif -+ - /* - * External interface. - */ - typedef struct INET_ADDR_LIST { - int used; /* nr of elements in use */ - int size; /* actual list size */ -+#ifdef INET6 -+ struct sockaddr_storage *addrs; /* payload */ -+#else - struct in_addr *addrs; /* payload */ -+#endif - } INET_ADDR_LIST; - - extern void inet_addr_list_init(INET_ADDR_LIST *); - extern void inet_addr_list_free(INET_ADDR_LIST *); - extern void inet_addr_list_uniq(INET_ADDR_LIST *); -+#ifdef INET6 -+struct sockaddr; -+extern void inet_addr_list_append(INET_ADDR_LIST *, struct sockaddr *); -+#else - extern void inet_addr_list_append(INET_ADDR_LIST *, struct in_addr *); -+#endif - - /* LICENSE - /* .ad -diff -Pur postfix-1.1.11-20020822-orig/src/util/inet_addr_local.c postfix-1.1.11-20020822/src/util/inet_addr_local.c ---- postfix-1.1.11-20020822-orig/src/util/inet_addr_local.c Sun Feb 25 19:20:19 2001 -+++ postfix-1.1.11-20020822/src/util/inet_addr_local.c Sat Aug 24 00:27:46 2002 -@@ -47,6 +47,13 @@ - #endif - #include <errno.h> - #include <string.h> -+#if defined(INET6) && (defined (LINUX) || defined (LINUX2)) -+#include <netdb.h> -+#include <stdio.h> -+#endif -+#ifdef HAVE_GETIFADDRS -+#include <ifaddrs.h> -+#endif - - /* Utility library. */ - -@@ -78,18 +85,104 @@ - - int inet_addr_local(INET_ADDR_LIST *addr_list, INET_ADDR_LIST *mask_list) - { -+#ifdef HAVE_GETIFADDRS -+ char *myname = "inet_addr_local"; -+ struct ifaddrs *ifap, *ifa; -+ int initial_count = addr_list->used; -+ struct sockaddr *sa, *sam; -+#ifdef INET6 -+#ifdef __KAME__ -+ struct sockaddr_in6 addr6; -+#endif -+#else -+ void *addr,*addrm; -+#endif -+ -+ if (getifaddrs(&ifap) < 0) -+ msg_fatal("%s: getifaddrs: %m", myname); -+ -+ for (ifa = ifap; ifa; ifa = ifa->ifa_next) { -+ if (! (ifa->ifa_flags & IFF_RUNNING) || ifa->ifa_addr==NULL) -+ continue; -+ sa = ifa->ifa_addr; -+ sam = ifa->ifa_netmask; -+ switch (ifa->ifa_addr->sa_family) { -+ case AF_INET: -+#ifndef INET6 -+ addr = (void *)&((struct sockaddr_in *)ifa->ifa_addr)->sin_addr; -+ addrm = (void *)&((struct sockaddr_in *)ifa->ifa_netmask)->sin_addr; -+#endif -+ break; -+#ifdef INET6 -+ case AF_INET6: -+#ifdef __KAME__ -+ memcpy(&addr6, ifa->ifa_addr, ifa->ifa_addr->sa_len); -+ /* decode scoped address notation */ -+ if ((IN6_IS_ADDR_LINKLOCAL(&addr6.sin6_addr) || -+ IN6_IS_ADDR_SITELOCAL(&addr6.sin6_addr)) && -+ addr6.sin6_scope_id == 0) { -+ addr6.sin6_scope_id = ntohs(addr6.sin6_addr.s6_addr[3] | -+ (unsigned int)addr6.sin6_addr.s6_addr[2] << 8); -+ addr6.sin6_addr.s6_addr[2] = addr6.sin6_addr.s6_addr[3] = 0; -+ sa = (struct sockaddr *)&addr6; -+ } -+#endif -+ break; -+#endif -+ default: -+ continue; -+ } -+ -+#ifdef INET6 -+ inet_addr_list_append(addr_list, sa); -+ if (mask_list != NULL) -+ inet_addr_list_append(mask_list, sam); -+#else -+ inet_addr_list_append(addr_list, (struct in_addr *)addr); -+ if (mask_list != NULL) -+ inet_addr_list_append(mask_list, (struct in_addr *)addrm); -+#endif -+ } -+ -+ freeifaddrs(ifap); -+ return (addr_list->used - initial_count); -+#else - char *myname = "inet_addr_local"; - struct ifconf ifc; - struct ifreq *ifr; - struct ifreq *the_end; - int sock; -- VSTRING *buf = vstring_alloc(1024); -+ VSTRING *buf; - int initial_count = addr_list->used; - struct in_addr addr; - struct ifreq *ifr_mask; -+ int af = AF_INET; -+#ifdef INET6 -+#if defined (LINUX) || defined (LINUX2) -+#define _PATH_PROCNET_IFINET6 "/proc/net/if_inet6" -+ FILE *f; -+ char addr6p[8][5], addr6res[40], devname[20]; -+ int plen, scope, dad_status, if_idx, gaierror; -+ struct addrinfo hints, *res, *res0; -+#endif -+ struct sockaddr_in6 addr6; - -- if ((sock = socket(PF_INET, SOCK_DGRAM, 0)) < 0) -+other_socket_type: -+#endif -+ buf = vstring_alloc(1024); -+ -+ if ((sock = socket(af, SOCK_DGRAM, 0)) < 0) { -+#ifdef INET6 -+ if (af == AF_INET6) -+ { -+ if (msg_verbose) -+ msg_warn("%s: socket: %m", myname); -+ goto end; -+ } -+ else -+#endif - msg_fatal("%s: socket: %m", myname); -+ } - - /* - * Get the network interface list. XXX The socket API appears to have no -@@ -126,26 +219,90 @@ - */ - the_end = (struct ifreq *) (ifc.ifc_buf + ifc.ifc_len); - for (ifr = ifc.ifc_req; ifr < the_end;) { -- if (ifr->ifr_addr.sa_family == AF_INET) { /* IP interface */ -+ if ((ifr->ifr_addr.sa_family == AF_INET) && -+ (ifr->ifr_addr.sa_family == af)) { /* IP interface */ - addr = ((struct sockaddr_in *) & ifr->ifr_addr)->sin_addr; - if (addr.s_addr != INADDR_ANY) { /* has IP address */ -+#ifdef INET6 -+ inet_addr_list_append(addr_list, &ifr->ifr_addr); -+#else - inet_addr_list_append(addr_list, &addr); -+#endif - if (mask_list) { - ifr_mask = (struct ifreq *) mymalloc(IFREQ_SIZE(ifr)); - memcpy((char *) ifr_mask, (char *) ifr, IFREQ_SIZE(ifr)); - if (ioctl(sock, SIOCGIFNETMASK, ifr_mask) < 0) - msg_fatal("%s: ioctl SIOCGIFNETMASK: %m", myname); - addr = ((struct sockaddr_in *) & ifr_mask->ifr_addr)->sin_addr; -+#ifdef INET6 -+ inet_addr_list_append(mask_list, (struct sockaddr *)&addr); -+#else - inet_addr_list_append(mask_list, &addr); -+#endif - myfree((char *) ifr_mask); - } - } - } -+#ifdef INET6 -+ else if ((ifr->ifr_addr.sa_family == AF_INET6) && -+ (ifr->ifr_addr.sa_family == af)) { /* IPv6 interface */ -+#ifdef DNTEST -+ memcpy((char *)addr6, (char *)&ifr->ifr_addr, sizeof(ifr->ifr_addr)); -+#else -+ /* This isn't clean on alpha --dcs */ -+ addr6 = *((struct sockaddr_in6 *) & ifr->ifr_addr); -+#endif -+#ifdef __KAME__ -+ /* decode scoped address notation */ -+ if ((IN6_IS_ADDR_LINKLOCAL(&addr6.sin6_addr) || -+ IN6_IS_ADDR_SITELOCAL(&addr6.sin6_addr)) && -+ addr6.sin6_scope_id == 0) { -+ addr6.sin6_scope_id = ntohs(addr6.sin6_addr.s6_addr[3] | -+ (unsigned int)addr6.sin6_addr.s6_addr[2] << 8); -+ addr6.sin6_addr.s6_addr[2] = addr6.sin6_addr.s6_addr[3] = 0; -+ } -+#endif -+ if (!(IN6_IS_ADDR_UNSPECIFIED(&addr6.sin6_addr))) -+ inet_addr_list_append(addr_list, (struct sockaddr *)&addr6); -+ } -+#endif - ifr = NEXT_INTERFACE(ifr); - } - vstring_free(buf); - (void) close(sock); -+#ifdef INET6 -+end: -+ if (af != AF_INET6) { -+ af = AF_INET6; -+ goto other_socket_type; -+ } -+#if defined (LINUX) || defined (LINUX2) -+ if ((f = fopen(_PATH_PROCNET_IFINET6, "r")) != NULL) { -+ while (fscanf(f, "%4s%4s%4s%4s%4s%4s%4s%4s %02x %02x %02x %02x %20s\n", -+ addr6p[0], addr6p[1], addr6p[2], addr6p[3], addr6p[4], -+ addr6p[5], addr6p[6], addr6p[7], -+ &if_idx, &plen, &scope, &dad_status, devname) != EOF) { -+ sprintf(addr6res, "%s:%s:%s:%s:%s:%s:%s:%s", -+ addr6p[0], addr6p[1], addr6p[2], addr6p[3], -+ addr6p[4], addr6p[5], addr6p[6], addr6p[7]); -+ addr6res[sizeof(addr6res) - 1] = 0; -+ memset(&hints, 0, sizeof(hints)); -+ hints.ai_flags = AI_NUMERICHOST; -+ hints.ai_family = AF_UNSPEC; -+ hints.ai_socktype = SOCK_DGRAM; -+ gaierror = getaddrinfo(addr6res, NULL, &hints, &res0); -+ if (!gaierror) { -+ for (res = res0; res; res = res->ai_next) { -+ inet_addr_list_append(addr_list, res->ai_addr); -+ } -+ freeaddrinfo(res0); -+ } -+ } -+ } -+#endif /* linux */ -+#endif - return (addr_list->used - initial_count); -+#endif - } - - #ifdef TEST -@@ -158,6 +315,8 @@ - INET_ADDR_LIST addr_list; - INET_ADDR_LIST mask_list; - int i; -+ char abuf[NI_MAXHOST], mbuf[NI_MAXHOST]; -+ struct sockaddr *sa; - - msg_vstream_init(argv[0], VSTREAM_ERR); - -@@ -172,8 +331,17 @@ - msg_warn("found only one active network interface"); - - for (i = 0; i < addr_list.used; i++) { -- vstream_printf("%s/", inet_ntoa(addr_list.addrs[i])); -- vstream_printf("%s\n", inet_ntoa(mask_list.addrs[i])); -+ sa = (struct sockaddr *)&addr_list.addrs[i]; -+ if (getnameinfo(sa, SA_LEN(sa), abuf, sizeof(abuf), NULL, 0, -+ NI_NUMERICHOST)) { -+ strncpy(abuf, "???", sizeof(abuf)); -+ } -+ sa = (struct sockaddr *)&mask_list.addrs[i]; -+ if (getnameinfo(sa, SA_LEN(sa), mbuf, sizeof(mbuf), NULL, 0, -+ NI_NUMERICHOST)) { -+ strncpy(mbuf, "???", sizeof(mbuf)); -+ } -+ vstream_printf("%s/%s\n", abuf, mbuf); - } - vstream_fflush(VSTREAM_OUT); - inet_addr_list_free(&addr_list); -diff -Pur postfix-1.1.11-20020822-orig/src/util/inet_connect.c postfix-1.1.11-20020822/src/util/inet_connect.c ---- postfix-1.1.11-20020822-orig/src/util/inet_connect.c Mon Nov 20 19:06:31 2000 -+++ postfix-1.1.11-20020822/src/util/inet_connect.c Sat Aug 24 00:09:03 2002 -@@ -55,6 +55,9 @@ - #include <string.h> - #include <unistd.h> - #include <errno.h> -+#ifdef INET6 -+#include <netdb.h> -+#endif - - /* Utility library. */ - -@@ -73,7 +76,12 @@ - char *buf; - char *host; - char *port; -+#ifdef INET6 -+ struct addrinfo hints, *res, *res0; -+ int error; -+#else - struct sockaddr_in sin; -+#endif - int sock; - - /* -@@ -81,14 +89,58 @@ - * the local host. - */ - buf = inet_parse(addr, &host, &port); -+#ifdef INET6 -+ if (*host == 0) -+ host = NULL; -+ memset(&hints, 0, sizeof(hints)); -+ hints.ai_family = PF_UNSPEC; -+ hints.ai_socktype = SOCK_STREAM; -+ hints.ai_flags = AI_NUMERICHOST; /* find_inet_addr is numeric only */ -+ if (getaddrinfo(host, port, &hints, &res0)) -+ msg_fatal("host not found: %s", host); -+#else - if (*host == 0) - host = "localhost"; - memset((char *) &sin, 0, sizeof(sin)); - sin.sin_family = AF_INET; - sin.sin_addr.s_addr = find_inet_addr(host); - sin.sin_port = find_inet_port(port, "tcp"); -+#endif - myfree(buf); - -+#ifdef INET6 -+ sock = -1; -+ for (res = res0; res; res = res->ai_next) { -+ if ((res->ai_family != AF_INET) && (res->ai_family != AF_INET6)) -+ continue; -+ -+ sock = socket(res->ai_family, res->ai_socktype, res->ai_protocol); -+ if (sock < 0) -+ continue; -+ if (timeout > 0) { -+ non_blocking(sock, NON_BLOCKING); -+ if (timed_connect(sock, res->ai_addr, res->ai_addrlen, timeout) < 0) { -+ close(sock); -+ sock = -1; -+ continue; -+ } -+ if (block_mode != NON_BLOCKING) -+ non_blocking(sock, block_mode); -+ break; -+ } else { -+ non_blocking(sock, block_mode); -+ if (connect(sock, res->ai_addr, res->ai_addrlen) < 0 -+ && errno != EINPROGRESS) { -+ close(sock); -+ sock = -1; -+ continue; -+ } -+ break; -+ } -+ } -+ freeaddrinfo(res0); -+ return sock; -+#else - /* - * Create a client socket. - */ -@@ -121,4 +173,5 @@ - } - return (sock); - } -+#endif - } -diff -Pur postfix-1.1.11-20020822-orig/src/util/inet_listen.c postfix-1.1.11-20020822/src/util/inet_listen.c ---- postfix-1.1.11-20020822-orig/src/util/inet_listen.c Mon Nov 20 19:06:32 2000 -+++ postfix-1.1.11-20020822/src/util/inet_listen.c Sat Aug 24 00:09:03 2002 -@@ -6,7 +6,7 @@ - /* SYNOPSIS - /* #include <listen.h> - /* --/* int inet_listen(addr, backlog, block_mode) -+/* int inet_listen(addr, backlog, block_mode, addinuse_fatal) - /* const char *addr; - /* int backlog; - /* int block_mode; -@@ -51,11 +51,17 @@ - #include <sys_defs.h> - #include <sys/socket.h> - #include <netinet/in.h> -+#ifdef INET6 -+#if (! __GLIBC__ >= 2 && __GLIBC_MINOR__ >=1 ) -+#include <netinet6/in6.h> -+#endif -+#endif - #include <arpa/inet.h> - #include <netdb.h> - #ifndef MAXHOSTNAMELEN - #include <sys/param.h> - #endif -+#include <errno.h> - #include <string.h> - #include <unistd.h> - -@@ -77,35 +83,116 @@ - - /* inet_listen - create inet-domain listener */ - --int inet_listen(const char *addr, int backlog, int block_mode) -+int inet_listen(const char *addr, int backlog, int block_mode, int addrinuse_fatal) - { -+#ifdef INET6 -+ struct addrinfo *res, *res0, hints; -+ int error; -+#else -+ struct ai { -+ int ai_family; -+ int ai_socktype; -+ int ai_protocol; -+ struct sockaddr *ai_addr; -+ SOCKADDR_SIZE ai_addrlen; -+ struct ai *ai_next; -+ } *res, *res0, resbody; - struct sockaddr_in sin; -+#endif - int sock; - int t = 1; -+ int addrinuse = 0; - char *buf; - char *host; - char *port; -+#ifdef INET6 -+ char hbuf[NI_MAXHOST], pbuf[NI_MAXSERV]; -+#else -+ char hbuf[sizeof("255.255.255.255") + 1]; -+ char pbuf[sizeof("255.255.255.255") + 1]; -+#endif -+ char *cause = "unknown"; - - /* - * Translate address information to internal form. - */ - buf = inet_parse(addr, &host, &port); -- memset((char *) &sin, 0, sizeof(sin)); -+#ifdef INET6 -+ memset(&hints, 0, sizeof(hints)); -+ hints.ai_flags = AI_PASSIVE; -+ hints.ai_family = AF_UNSPEC; -+ hints.ai_socktype = SOCK_STREAM; -+ error = getaddrinfo(*host ? host : NULL, *port ? port : "0", &hints, &res0); -+ if (error) { -+ msg_fatal("getaddrinfo: %s", gai_strerror(error)); -+ } -+ myfree(buf); -+#else -+ memset(&sin, 0, sizeof(sin)); - sin.sin_family = AF_INET; -+#ifdef HAS_SA_LEN -+ sin.sin_len = sizeof(sin); -+#endif - sin.sin_port = find_inet_port(port, "tcp"); - sin.sin_addr.s_addr = (*host ? find_inet_addr(host) : INADDR_ANY); -- myfree(buf); - -- /* -- * Create a listener socket. -- */ -- if ((sock = socket(AF_INET, SOCK_STREAM, 0)) < 0) -- msg_fatal("socket: %m"); -- if (setsockopt(sock, SOL_SOCKET, SO_REUSEADDR, (char *) &t, sizeof(t)) < 0) -- msg_fatal("setsockopt: %m"); -- if (bind(sock, (struct sockaddr *) & sin, sizeof(sin)) < 0) -- msg_fatal("bind %s port %d: %m", sin.sin_addr.s_addr == INADDR_ANY ? -- "INADDR_ANY" : inet_ntoa(sin.sin_addr), ntohs(sin.sin_port)); -+ memset(&resbody, 0, sizeof(resbody)); -+ resbody.ai_socktype = SOCK_STREAM; -+ resbody.ai_family = AF_INET; -+ resbody.ai_addr = (struct sockaddr *)&sin; -+ resbody.ai_addrlen = sizeof(sin); -+ -+ res0 = &resbody; -+#endif -+ -+ sock = -1; -+ for (res = res0; res; res = res->ai_next) { -+ if ((res->ai_family != AF_INET) && (res->ai_family != AF_INET6)) -+ continue; -+ -+ /* -+ * Create a listener socket. -+ */ -+ if ((sock = socket(res->ai_family, res->ai_socktype, 0)) < 0) { -+ cause = "socket"; -+ continue; -+ } -+#ifdef IPV6_V6ONLY -+ if (res->ai_family == AF_INET6 && -+ setsockopt(sock, IPPROTO_IPV6, IPV6_V6ONLY, (char *) &t, sizeof(t)) < 0) { -+ /* if kernel/libc don't support this simple ignore it -+ cause = "setsockopt(IPV6_V6ONLY)"; -+ close(sock); -+ sock = -1; -+ continue; -+ */ -+ ; -+ } -+#endif -+ if (setsockopt(sock, SOL_SOCKET, SO_REUSEADDR, (char *) &t, sizeof(t)) < 0) { -+ cause = "setsockopt(SO_REUSEADDR)"; -+ close(sock); -+ sock = -1; -+ continue; -+ } -+ -+ if (bind(sock, res->ai_addr, res->ai_addrlen) < 0) { -+ cause = "bind"; -+ if (errno == EADDRINUSE) -+ addrinuse = 1; -+ close(sock); -+ sock = -1; -+ continue; -+ } -+ break; -+ } -+ if (sock < 0 && (addrinuse_fatal || !addrinuse)) -+ msg_fatal("%s: %m", cause); -+#ifdef INET6 -+ freeaddrinfo(res0); -+#endif -+ if (sock < 0) -+ return -1; - non_blocking(sock, block_mode); - if (listen(sock, backlog) < 0) - msg_fatal("listen: %m"); -diff -Pur postfix-1.1.11-20020822-orig/src/util/listen.h postfix-1.1.11-20020822/src/util/listen.h ---- postfix-1.1.11-20020822-orig/src/util/listen.h Mon Mar 22 02:57:11 1999 -+++ postfix-1.1.11-20020822/src/util/listen.h Sat Aug 24 00:09:03 2002 -@@ -20,7 +20,7 @@ - * Listener external interface. - */ - extern int unix_listen(const char *, int, int); --extern int inet_listen(const char *, int, int); -+extern int inet_listen(const char *, int, int, int); - extern int fifo_listen(const char *, int, int); - extern int stream_listen(const char *, int, int); - -diff -Pur postfix-1.1.11-20020822-orig/src/util/match_list.c postfix-1.1.11-20020822/src/util/match_list.c ---- postfix-1.1.11-20020822-orig/src/util/match_list.c Tue Nov 20 21:07:15 2001 -+++ postfix-1.1.11-20020822/src/util/match_list.c Sat Aug 24 00:09:03 2002 -@@ -118,7 +118,7 @@ - list = match_list_parse(list, vstring_str(buf)); - if (vstream_fclose(fp)) - msg_fatal("%s: read file %s: %m", myname, pattern); -- } else if (strchr(pattern, ':') != 0) { /* type:table */ -+ } else if ((strchr(pattern, ']') == 0) && (strchr(pattern, ':') != 0)) { /* type:table */ - for (cp = pattern; *cp == '!'; cp++) - /* void */ ; - if (dict_handle(pattern) == 0) -diff -Pur postfix-1.1.11-20020822-orig/src/util/match_ops.c postfix-1.1.11-20020822/src/util/match_ops.c ---- postfix-1.1.11-20020822-orig/src/util/match_ops.c Tue Nov 20 21:16:10 2001 -+++ postfix-1.1.11-20020822/src/util/match_ops.c Sat Aug 24 00:09:03 2002 -@@ -81,6 +81,307 @@ - #include <match_ops.h> - #include <stringops.h> - -+#ifdef INET6 -+/* -+ * $Id: tls+ipv6-1.4-pf-1.1.11-20020822.patch,v 1.1 2002/09/11 19:52:15 raker Exp $ -+ * -+ * This program is free software; you can redistribute it and/or -+ * modify it under the terms of the GNU General Public License -+ * as published by the Free Software Foundation; either version -+ * 2 of the License, or (at your option) any later version. -+ * -+ * Authors: Alexey Kuznetsov, <kuznet@ms2.inr.ac.ru> -+ * -+ * Modifications: -+ * Artur Frysiak <wiget@pld.org.pl> -+ * Arkadiusz Mi¶kiewicz <misiek@pld.org.pl> -+ */ -+ -+#include <stdio.h> -+#include <stdlib.h> -+#include <unistd.h> -+#include <syslog.h> -+#include <fcntl.h> -+#include <sys/socket.h> -+#include <netinet/in.h> -+#include <string.h> -+#include <netdb.h> -+#include <arpa/inet.h> -+#include <resolv.h> -+ -+#ifndef AF_DECnet -+#define AF_DECnet 12 -+#endif -+ -+#ifndef PF_PACKET -+#define PF_PACKET 17 -+#endif -+ -+typedef struct -+{ -+ unsigned char family; -+ unsigned char bytelen; -+ signed short bitlen; -+ unsigned int data[4]; -+} inet_prefix; -+ -+/* prototypes */ -+int masked_match(char *, char *, char *); -+int get_integer(int *, char *, int); -+int get_addr_1(inet_prefix *, char *, int); -+int get_prefix_1(inet_prefix *, char *, int); -+int get_addr(inet_prefix *, char *, int); -+int get_prefix(inet_prefix *, char *, int); -+unsigned int get_addr32(char *); -+int matches(char *, char *); -+int inet_addr_match(inet_prefix *, inet_prefix *, int); -+int mask_match(char *, char *, char *); -+ -+int get_integer(int *val, char *arg, int base) -+{ -+ long res; -+ char *ptr; -+ -+ if (!arg || !*arg) -+ return -1; -+ res = strtol(arg, &ptr, base); -+ if (!ptr || ptr == arg || *ptr || res > INT_MAX || res < INT_MIN) -+ return -1; -+ *val = res; -+ return 0; -+} -+ -+int get_addr_1(inet_prefix *addr, char *name, int family) -+{ -+ char *cp; -+ unsigned char *ap = (unsigned char*)addr->data; -+ int i; -+ -+ memset(addr, 0, sizeof(*addr)); -+ -+ if (strcmp(name, "default") == 0 || strcmp(name, "any") == 0) { -+ if (family == AF_DECnet) -+ return -1; -+ addr->family = family; -+ addr->bytelen = (family == AF_INET6 ? 16 : 4); -+ addr->bitlen = -1; -+ return 0; -+ } -+ -+ if (strchr(name, ':')) { -+ addr->family = AF_INET6; -+ if (family != AF_UNSPEC && family != AF_INET6) -+ return -1; -+ if (inet_pton(AF_INET6, name, addr->data) <= 0) -+ return -1; -+ addr->bytelen = 16; -+ addr->bitlen = -1; -+ return 0; -+ } -+ addr->family = AF_INET; -+ if (family != AF_UNSPEC && family != AF_INET) -+ return -1; -+ addr->bytelen = 4; -+ addr->bitlen = -1; -+ for (cp = name, i = 0; *cp; cp++) { -+ if (*cp <= '9' && *cp >= '0') { -+ ap[i] = 10*ap[i] + (*cp-'0'); -+ continue; -+ } -+ if (*cp == '.' && ++i <= 3) -+ continue; -+ return -1; -+ } -+ return 0; -+} -+ -+int get_prefix_1(inet_prefix *dst, char *arg, int family) -+{ -+ int err; -+ unsigned plen; -+ char *slash; -+ -+ memset(dst, 0, sizeof(*dst)); -+ -+ if (strcmp(arg, "default") == 0 || strcmp(arg, "any") == 0) { -+ if (family == AF_DECnet) -+ return -1; -+ dst->family = family; -+ dst->bytelen = 0; -+ dst->bitlen = 0; -+ return 0; -+ } -+ -+ slash = strchr(arg, '/'); -+ if (slash) -+ *slash = 0; -+ err = get_addr_1(dst, arg, family); -+ if (err == 0) { -+ switch(dst->family) { -+ case AF_INET6: -+ dst->bitlen = 128; -+ break; -+ case AF_DECnet: -+ dst->bitlen = 16; -+ break; -+ default: -+ case AF_INET: -+ dst->bitlen = 32; -+ } -+ if (slash) { -+ if (get_integer(&plen, slash+1, 0) || plen > dst->bitlen) { -+ err = -1; -+ goto done; -+ } -+ dst->bitlen = plen; -+ } -+ } -+done: -+ if (slash) -+ *slash = '/'; -+ return err; -+} -+ -+int get_addr(inet_prefix *dst, char *arg, int family) -+{ -+#ifdef AF_PACKET -+ if (family == AF_PACKET) -+ return -1; -+#endif -+ if (get_addr_1(dst, arg, family)) -+ return -1; -+ return 0; -+} -+ -+int get_prefix(inet_prefix *dst, char *arg, int family) -+{ -+#ifdef AF_PACKET -+ if (family == AF_PACKET) -+ return -1; -+#endif -+ if (get_prefix_1(dst, arg, family)) -+ return -1; -+ return 0; -+} -+ -+unsigned int get_addr32(char *name) -+{ -+ inet_prefix addr; -+ if (get_addr_1(&addr, name, AF_INET)) -+ return -1; -+ return addr.data[0]; -+} -+ -+int matches(char *cmd, char *pattern) -+{ -+ int len = strlen(cmd); -+ if (len > strlen(pattern)) -+ return -1; -+ return memcmp(pattern, cmd, len); -+} -+ -+int inet_addr_match(inet_prefix *a, inet_prefix *b, int bits) -+{ -+ unsigned int *a1 = a->data; -+ unsigned int *a2 = b->data; -+ int words = bits >> 0x05; -+ -+ bits &= 0x1f; -+ -+ if (words) -+ if (memcmp(a1, a2, words << 2)) -+ return -1; -+ -+ if (bits) { -+ unsigned int w1, w2; -+ unsigned int mask; -+ -+ w1 = a1[words]; -+ w2 = a2[words]; -+ -+ mask = htonl((0xffffffff) << (0x20 - bits)); -+ -+ if ((w1 ^ w2) & mask) -+ return 1; -+ } -+ -+ return 0; -+} -+ -+/* zero if matches */ -+int mask_match(char *network, char *cprefix, char *address) -+{ -+ inet_prefix *inetwork; -+ inet_prefix *iaddress; -+ int ret, prefix; -+ -+ if (!(network && address && cprefix)) -+ return -1; -+ prefix = strtol(cprefix, (char **)NULL, 10); -+ if ((prefix < 0) || (prefix > 128)) -+ return -1; -+ if ((strlen(network) == 0) || (strlen(address) == 0)) -+ return -1; -+ -+ inetwork = malloc(sizeof(inet_prefix)); -+ iaddress = malloc(sizeof(inet_prefix)); -+ -+ if ((get_addr(iaddress, address, AF_UNSPEC) >= 0) -+ && (get_addr(inetwork, network, AF_UNSPEC) >= 0)) -+ ret = inet_addr_match(inetwork, iaddress, prefix); -+ else -+ ret = -1; -+ free(inetwork); -+ free(iaddress); -+ -+ /* 1 if matches */ -+ /* return (!ret); */ -+ /* 0 if matches */ -+ return ret; -+} -+ -+/* -+ * masked_match() - universal for IPv4 and IPv6 - 1 if matches -+ */ -+int masked_match(net_tok, mask_tok, string) -+char *net_tok; -+char *mask_tok; -+char *string; -+{ -+#ifdef INET6 -+ struct in6_addr in6[2]; -+ char v4addr[2][INET_ADDRSTRLEN]; -+ char newmask[6]; -+ int plen; -+#endif -+ -+ /* Check for NULL */ -+ if (!(net_tok && mask_tok && string)) -+ return 0; /* doesn't match!!! */ -+ -+ /* If IPv6 mapped convert to native-IPv4 */ -+#ifdef INET6 -+ if (inet_pton(AF_INET6, net_tok, &in6[0]) == 1 && -+ inet_pton(AF_INET6, string, &in6[1]) == 1 && -+ IN6_IS_ADDR_V4MAPPED(&in6[0]) && IN6_IS_ADDR_V4MAPPED(&in6[1])) { -+ plen = atoi(mask_tok); -+ if (32 < plen && plen < 129) { -+ sprintf(newmask, "%d", plen - 96); -+ mask_tok = newmask; -+ } -+ -+ (void)inet_ntop(AF_INET, &in6[0].s6_addr[12], v4addr[0], -+ sizeof(v4addr[0])); -+ net_tok = v4addr[0]; -+ (void)inet_ntop(AF_INET, &in6[1].s6_addr[12], v4addr[1], -+ sizeof(v4addr[1])); -+ string = v4addr[1]; -+ } -+#endif -+ return (!mask_match(net_tok, mask_tok, string)); -+} -+#endif -+ - /* match_string - match a string literal */ - - int match_string(int unused_flags, const char *string, const char *pattern) -@@ -177,6 +478,7 @@ - return (0); - } - -+#ifndef INET6 - /* match_parse_mask - parse net/mask pattern */ - - static int match_parse_mask(const char *pattern, unsigned long *net_bits, -@@ -198,27 +500,55 @@ - return (mask != 0); - } - -+#endif -+ - /* match_hostaddr - match host by address */ - - int match_hostaddr(int unused_flags, const char *addr, const char *pattern) - { - char *myname = "match_hostaddr"; -+#ifdef INET6 -+ char *network, *mask, *escl, *escr, *patternx; -+ struct in6_addr in6; -+ char v4addr[INET_ADDRSTRLEN]; -+#else - int mask_shift; - unsigned long mask_bits; - unsigned long net_bits; - unsigned long addr_bits; -+#endif - - if (msg_verbose) - msg_info("%s: %s ~? %s", myname, addr, pattern); - -+#ifdef INET6 -+ if (addr[strspn(addr, "01234567890./:abcdef")] != 0) -+#else - if (addr[strspn(addr, "01234567890./:")] != 0) -+#endif - return (0); - -+#ifdef INET6 -+ patternx = mystrdup(pattern); -+ escl = strchr(patternx,'['); -+ escr = strrchr(patternx,']'); -+ if (escl && escr) { -+ *escr = 0; -+ sprintf(patternx, "%s%s", escl + 1, escr + 1); -+ pattern = patternx; -+ } -+#endif -+ - /* - * Try dictionary lookup. This can be case insensitive. XXX Probably - * should also try again after stripping least significant octets. - */ -- if (strchr(pattern, ':') != 0) { -+#ifdef INET6 -+ if (!(escl && escr) && strchr(pattern, ':') != 0) -+#else -+ if (strchr(pattern, ':') != 0) -+#endif -+ { - if (dict_lookup(pattern, addr) != 0) - return (1); - if (dict_errno != 0) -@@ -229,6 +559,12 @@ - /* - * Try an exact match with the host address. - */ -+#ifdef INET6 -+ if (inet_pton(AF_INET6, addr, &in6) == 1 && IN6_IS_ADDR_V4MAPPED(&in6)) { -+ (void)inet_ntop(AF_INET, &in6.s6_addr[12], v4addr, sizeof(v4addr)); -+ addr = v4addr; -+ } -+#endif - if (strcasecmp(addr, pattern) == 0) { - return (1); - } -@@ -237,6 +573,20 @@ - * In a net/mask pattern, the mask is specified as the number of bits of - * the network part. - */ -+#ifdef INET6 -+ network = mystrdup(patternx); -+ mask = split_at(network, '/'); -+ -+ if (masked_match(network, mask, (char *)addr)) { -+ myfree(network); -+ myfree(patternx); -+ return (1); -+ } else { -+ myfree(network); -+ myfree(patternx); -+ } -+#else -+ - if (match_parse_mask(pattern, &net_bits, &mask_shift)) { - addr_bits = inet_addr(addr); - if (addr_bits == INADDR_NONE) -@@ -244,5 +594,6 @@ - mask_bits = htonl((0xffffffff) << (BITS_PER_ADDR - mask_shift)); - return ((addr_bits & mask_bits) == (net_bits & mask_bits)); - } -+#endif - return (0); - } -diff -Pur postfix-1.1.11-20020822-orig/src/util/sdbm.c postfix-1.1.11-20020822/src/util/sdbm.c ---- postfix-1.1.11-20020822-orig/src/util/sdbm.c Thu Jan 1 01:00:00 1970 -+++ postfix-1.1.11-20020822/src/util/sdbm.c Sat Aug 24 00:27:46 2002 -@@ -0,0 +1,973 @@ -+/*++ -+/* NAME -+/* sdbm 3h -+/* SUMMARY -+/* SDBM Simple DBM: ndbm work-alike hashed database library -+/* SYNOPSIS -+/* include "sdbm.h" -+/* DESCRIPTION -+/* This file includes the public domain SDBM (ndbm work-alike hashed -+/* database library), based on Per-Aake Larson's Dynamic Hashing -+/* algorithms. BIT 18 (1978). -+/* author: oz@nexus.yorku.ca -+/* status: public domain -+/* The file has been patched following the advice of Uwe Ohse -+/* <uwe@ohse.de>: -+/* -------------------------------------------------------------- -+/* this patch fixes a problem with sdbms .dir file, which arrises when -+/* a second .dir block is needed for the first time. read() returns 0 -+/* in that case, and the library forgot to initialize that new block. -+/* -+/* A related problem is that the calculation of db->maxbno is wrong. -+/* It just appends 4096*BYTESIZ bits, which is not enough except for -+/* small databases (.dir basically doubles everytime it's too small). -+/* -------------------------------------------------------------- -+/* According to Uwe Ohse, the patch has also been submitted to the -+/* author of SDBM. (The 4096*BYTESIZ bits comment may apply with a -+/* different size for Postfix/TLS, as the patch was sent against the -+/* original SDBM distributiona and for Postfix/TLS I have changed the -+/* default sizes. -+/* .nf -+/*--*/ -+ -+/* -+ * sdbm - ndbm work-alike hashed database library -+ * based on Per-Aake Larson's Dynamic Hashing algorithms. BIT 18 (1978). -+ * author: oz@nexus.yorku.ca -+ * status: public domain. -+ * -+ * core routines -+ */ -+ -+#include <stdio.h> -+#include <stdlib.h> -+#ifdef WIN32 -+#include <io.h> -+#include <errno.h> -+#else -+#include <unistd.h> -+#endif -+#include <sys/types.h> -+#include <sys/stat.h> -+#include <fcntl.h> -+#include <errno.h> -+#include <string.h> -+#ifdef __STDC__ -+#include <stddef.h> -+#endif -+ -+#include <sdbm.h> -+ -+#include "mymalloc.h" -+ -+/* -+ * useful macros -+ */ -+#define bad(x) ((x).dptr == NULL || (x).dsize <= 0) -+#define exhash(item) sdbm_hash((item).dptr, (item).dsize) -+#define ioerr(db) ((db)->flags |= DBM_IOERR) -+ -+#define OFF_PAG(off) (long) (off) * PBLKSIZ -+#define OFF_DIR(off) (long) (off) * DBLKSIZ -+ -+static long masks[] = -+{ -+ 000000000000, 000000000001, 000000000003, 000000000007, -+ 000000000017, 000000000037, 000000000077, 000000000177, -+ 000000000377, 000000000777, 000000001777, 000000003777, -+ 000000007777, 000000017777, 000000037777, 000000077777, -+ 000000177777, 000000377777, 000000777777, 000001777777, -+ 000003777777, 000007777777, 000017777777, 000037777777, -+ 000077777777, 000177777777, 000377777777, 000777777777, -+ 001777777777, 003777777777, 007777777777, 017777777777 -+}; -+ -+datum nullitem = -+{NULL, 0}; -+ -+typedef struct -+{ -+ int dirf; /* directory file descriptor */ -+ int pagf; /* page file descriptor */ -+ int flags; /* status/error flags, see below */ -+ long maxbno; /* size of dirfile in bits */ -+ long curbit; /* current bit number */ -+ long hmask; /* current hash mask */ -+ long blkptr; /* current block for nextkey */ -+ int keyptr; /* current key for nextkey */ -+ long blkno; /* current page to read/write */ -+ long pagbno; /* current page in pagbuf */ -+ char *pagbuf; /* page file block buffer */ -+ long dirbno; /* current block in dirbuf */ -+ char *dirbuf; /* directory file block buffer */ -+} DBM; -+ -+ -+/* ************************* */ -+ -+/* -+ * sdbm - ndbm work-alike hashed database library -+ * based on Per-Aake Larson's Dynamic Hashing algorithms. BIT 18 (1978). -+ * author: oz@nexus.yorku.ca -+ * status: public domain. keep it that way. -+ * -+ * hashing routine -+ */ -+ -+/* -+ * polynomial conversion ignoring overflows -+ * [this seems to work remarkably well, in fact better -+ * then the ndbm hash function. Replace at your own risk] -+ * use: 65599 nice. -+ * 65587 even better. -+ */ -+static long sdbm_hash (char *str, int len) -+{ -+ unsigned long n = 0; -+ -+#ifdef DUFF -+#define HASHC n = *str++ + 65599 * n -+ if (len > 0) -+ { -+ int loop = (len + 8 - 1) >> 3; -+ -+ switch (len & (8 - 1)) -+ { -+ case 0: -+ do -+ { -+ HASHC; -+ case 7: -+ HASHC; -+ case 6: -+ HASHC; -+ case 5: -+ HASHC; -+ case 4: -+ HASHC; -+ case 3: -+ HASHC; -+ case 2: -+ HASHC; -+ case 1: -+ HASHC; -+ } -+ while (--loop); -+ } -+ -+ } -+#else -+ while (len--) -+ n = *str++ + 65599 * n; -+#endif -+ return n; -+} -+ -+/* -+ * check page sanity: -+ * number of entries should be something -+ * reasonable, and all offsets in the index should be in order. -+ * this could be made more rigorous. -+ */ -+static int chkpage (char *pag) -+{ -+ int n; -+ int off; -+ short *ino = (short *) pag; -+ -+ if ((n = ino[0]) < 0 || n > PBLKSIZ / sizeof (short)) -+ return 0; -+ -+ if (n > 0) -+ { -+ off = PBLKSIZ; -+ for (ino++; n > 0; ino += 2) -+ { -+ if (ino[0] > off || ino[1] > off || -+ ino[1] > ino[0]) -+ return 0; -+ off = ino[1]; -+ n -= 2; -+ } -+ } -+ return 1; -+} -+ -+/* -+ * search for the key in the page. -+ * return offset index in the range 0 < i < n. -+ * return 0 if not found. -+ */ -+static int seepair (char *pag, int n, char *key, int siz) -+{ -+ int i; -+ int off = PBLKSIZ; -+ short *ino = (short *) pag; -+ -+ for (i = 1; i < n; i += 2) -+ { -+ if (siz == off - ino[i] && -+ memcmp (key, pag + ino[i], siz) == 0) -+ return i; -+ off = ino[i + 1]; -+ } -+ return 0; -+} -+ -+#ifdef SEEDUPS -+static int duppair (char *pag, datum key) -+{ -+ short *ino = (short *) pag; -+ -+ return ino[0] > 0 && seepair (pag, ino[0], key.dptr, key.dsize) > 0; -+} -+ -+#endif -+ -+/* ************************* */ -+ -+/* -+ * sdbm - ndbm work-alike hashed database library -+ * based on Per-Aake Larson's Dynamic Hashing algorithms. BIT 18 (1978). -+ * author: oz@nexus.yorku.ca -+ * status: public domain. -+ * -+ * page-level routines -+ */ -+ -+/* -+ * page format: -+ * +------------------------------+ -+ * ino | n | keyoff | datoff | keyoff | -+ * +------------+--------+--------+ -+ * | datoff | - - - ----> | -+ * +--------+---------------------+ -+ * | F R E E A R E A | -+ * +--------------+---------------+ -+ * | <---- - - - | data | -+ * +--------+-----+----+----------+ -+ * | key | data | key | -+ * +--------+----------+----------+ -+ * -+ * calculating the offsets for free area: if the number -+ * of entries (ino[0]) is zero, the offset to the END of -+ * the free area is the block size. Otherwise, it is the -+ * nth (ino[ino[0]]) entry's offset. -+ */ -+ -+static int fitpair (char *pag, int need) -+{ -+ int n; -+ int off; -+ int avail; -+ short *ino = (short *) pag; -+ -+ off = ((n = ino[0]) > 0) ? ino[n] : PBLKSIZ; -+ avail = off - (n + 1) * sizeof (short); -+ need += 2 * sizeof (short); -+ -+ return need <= avail; -+} -+ -+static void putpair (char *pag, datum key, datum val) -+{ -+ int n; -+ int off; -+ short *ino = (short *) pag; -+ -+ off = ((n = ino[0]) > 0) ? ino[n] : PBLKSIZ; -+/* -+ * enter the key first -+ */ -+ off -= key.dsize; -+ (void) memcpy (pag + off, key.dptr, key.dsize); -+ ino[n + 1] = off; -+/* -+ * now the data -+ */ -+ off -= val.dsize; -+ (void) memcpy (pag + off, val.dptr, val.dsize); -+ ino[n + 2] = off; -+/* -+ * adjust item count -+ */ -+ ino[0] += 2; -+} -+ -+static datum getpair (char *pag, datum key) -+{ -+ int i; -+ int n; -+ datum val; -+ short *ino = (short *) pag; -+ -+ if ((n = ino[0]) == 0) -+ return nullitem; -+ -+ if ((i = seepair (pag, n, key.dptr, key.dsize)) == 0) -+ return nullitem; -+ -+ val.dptr = pag + ino[i + 1]; -+ val.dsize = ino[i] - ino[i + 1]; -+ return val; -+} -+ -+static datum getnkey (char *pag, int num) -+{ -+ datum key; -+ int off; -+ short *ino = (short *) pag; -+ -+ num = num * 2 - 1; -+ if (ino[0] == 0 || num > ino[0]) -+ return nullitem; -+ -+ off = (num > 1) ? ino[num - 1] : PBLKSIZ; -+ -+ key.dptr = pag + ino[num]; -+ key.dsize = off - ino[num]; -+ -+ return key; -+} -+ -+static int delpair (char *pag, datum key) -+{ -+ int n; -+ int i; -+ short *ino = (short *) pag; -+ -+ if ((n = ino[0]) == 0) -+ return 0; -+ -+ if ((i = seepair (pag, n, key.dptr, key.dsize)) == 0) -+ return 0; -+/* -+ * found the key. if it is the last entry -+ * [i.e. i == n - 1] we just adjust the entry count. -+ * hard case: move all data down onto the deleted pair, -+ * shift offsets onto deleted offsets, and adjust them. -+ * [note: 0 < i < n] -+ */ -+ if (i < n - 1) -+ { -+ int m; -+ char *dst = pag + (i == 1 ? PBLKSIZ : ino[i - 1]); -+ char *src = pag + ino[i + 1]; -+ int zoo = dst - src; -+ -+/* -+ * shift data/keys down -+ */ -+ m = ino[i + 1] - ino[n]; -+#ifdef DUFF -+#define MOVB *--dst = *--src -+ if (m > 0) -+ { -+ int loop = (m + 8 - 1) >> 3; -+ -+ switch (m & (8 - 1)) -+ { -+ case 0: -+ do -+ { -+ MOVB; -+ case 7: -+ MOVB; -+ case 6: -+ MOVB; -+ case 5: -+ MOVB; -+ case 4: -+ MOVB; -+ case 3: -+ MOVB; -+ case 2: -+ MOVB; -+ case 1: -+ MOVB; -+ } -+ while (--loop); -+ } -+ } -+#else -+ dst -= m; -+ src -= m; -+ memmove (dst, src, m); -+#endif -+/* -+ * adjust offset index up -+ */ -+ while (i < n - 1) -+ { -+ ino[i] = ino[i + 2] + zoo; -+ i++; -+ } -+ } -+ ino[0] -= 2; -+ return 1; -+} -+ -+static void splpage (char *pag, char *new, long sbit) -+{ -+ datum key; -+ datum val; -+ -+ int n; -+ int off = PBLKSIZ; -+ char cur[PBLKSIZ]; -+ short *ino = (short *) cur; -+ -+ (void) memcpy (cur, pag, PBLKSIZ); -+ (void) memset (pag, 0, PBLKSIZ); -+ (void) memset (new, 0, PBLKSIZ); -+ -+ n = ino[0]; -+ for (ino++; n > 0; ino += 2) -+ { -+ key.dptr = cur + ino[0]; -+ key.dsize = off - ino[0]; -+ val.dptr = cur + ino[1]; -+ val.dsize = ino[0] - ino[1]; -+/* -+ * select the page pointer (by looking at sbit) and insert -+ */ -+ (void) putpair ((exhash (key) & sbit) ? new : pag, key, val); -+ -+ off = ino[1]; -+ n -= 2; -+ } -+} -+ -+static int getdbit (DBM * db, long dbit) -+{ -+ long c; -+ long dirb; -+ -+ c = dbit / BYTESIZ; -+ dirb = c / DBLKSIZ; -+ -+ if (dirb != db->dirbno) -+ { -+ int got; -+ if (lseek (db->dirf, OFF_DIR (dirb), SEEK_SET) < 0 -+ || (got = read(db->dirf, db->dirbuf, DBLKSIZ)) < 0) -+ return 0; -+ if (got==0) -+ memset(db->dirbuf,0,DBLKSIZ); -+ db->dirbno = dirb; -+ } -+ -+ return db->dirbuf[c % DBLKSIZ] & (1 << dbit % BYTESIZ); -+} -+ -+static int setdbit (DBM * db, long dbit) -+{ -+ long c; -+ long dirb; -+ -+ c = dbit / BYTESIZ; -+ dirb = c / DBLKSIZ; -+ -+ if (dirb != db->dirbno) -+ { -+ int got; -+ if (lseek (db->dirf, OFF_DIR (dirb), SEEK_SET) < 0 -+ || (got = read(db->dirf, db->dirbuf, DBLKSIZ)) < 0) -+ return 0; -+ if (got==0) -+ memset(db->dirbuf,0,DBLKSIZ); -+ db->dirbno = dirb; -+ } -+ -+ db->dirbuf[c % DBLKSIZ] |= (1 << dbit % BYTESIZ); -+ -+#if 0 -+ if (dbit >= db->maxbno) -+ db->maxbno += DBLKSIZ * BYTESIZ; -+#else -+ if (OFF_DIR((dirb+1))*BYTESIZ > db->maxbno) -+ db->maxbno=OFF_DIR((dirb+1))*BYTESIZ; -+#endif -+ -+ if (lseek (db->dirf, OFF_DIR (dirb), SEEK_SET) < 0 -+ || write (db->dirf, db->dirbuf, DBLKSIZ) < 0) -+ return 0; -+ -+ return 1; -+} -+ -+/* -+ * getnext - get the next key in the page, and if done with -+ * the page, try the next page in sequence -+ */ -+static datum getnext (DBM * db) -+{ -+ datum key; -+ -+ for (;;) -+ { -+ db->keyptr++; -+ key = getnkey (db->pagbuf, db->keyptr); -+ if (key.dptr != NULL) -+ return key; -+/* -+ * we either run out, or there is nothing on this page.. -+ * try the next one... If we lost our position on the -+ * file, we will have to seek. -+ */ -+ db->keyptr = 0; -+ if (db->pagbno != db->blkptr++) -+ if (lseek (db->pagf, OFF_PAG (db->blkptr), SEEK_SET) < 0) -+ break; -+ db->pagbno = db->blkptr; -+ if (read (db->pagf, db->pagbuf, PBLKSIZ) <= 0) -+ break; -+ if (!chkpage (db->pagbuf)) -+ break; -+ } -+ -+ return ioerr (db), nullitem; -+} -+ -+/* -+ * all important binary trie traversal -+ */ -+static int getpage (DBM * db, long hash) -+{ -+ int hbit; -+ long dbit; -+ long pagb; -+ -+ dbit = 0; -+ hbit = 0; -+ while (dbit < db->maxbno && getdbit (db, dbit)) -+ dbit = 2 * dbit + ((hash & (1 << hbit++)) ? 2 : 1); -+ -+ db->curbit = dbit; -+ db->hmask = masks[hbit]; -+ -+ pagb = hash & db->hmask; -+/* -+ * see if the block we need is already in memory. -+ * note: this lookaside cache has about 10% hit rate. -+ */ -+ if (pagb != db->pagbno) -+ { -+/* -+ * note: here, we assume a "hole" is read as 0s. -+ * if not, must zero pagbuf first. -+ */ -+ if (lseek (db->pagf, OFF_PAG (pagb), SEEK_SET) < 0 -+ || read (db->pagf, db->pagbuf, PBLKSIZ) < 0) -+ return 0; -+ if (!chkpage (db->pagbuf)) -+ return 0; -+ db->pagbno = pagb; -+ } -+ return 1; -+} -+ -+/* -+ * makroom - make room by splitting the overfull page -+ * this routine will attempt to make room for SPLTMAX times before -+ * giving up. -+ */ -+static int makroom (DBM * db, long hash, int need) -+{ -+ long newp; -+ char twin[PBLKSIZ]; -+ char *pag = db->pagbuf; -+ char *new = twin; -+ int smax = SPLTMAX; -+ -+ do -+ { -+/* -+ * split the current page -+ */ -+ (void) splpage (pag, new, db->hmask + 1); -+/* -+ * address of the new page -+ */ -+ newp = (hash & db->hmask) | (db->hmask + 1); -+ -+/* -+ * write delay, read avoidence/cache shuffle: -+ * select the page for incoming pair: if key is to go to the new page, -+ * write out the previous one, and copy the new one over, thus making -+ * it the current page. If not, simply write the new page, and we are -+ * still looking at the page of interest. current page is not updated -+ * here, as sdbm_store will do so, after it inserts the incoming pair. -+ */ -+ if (hash & (db->hmask + 1)) -+ { -+ if (lseek (db->pagf, OFF_PAG (db->pagbno), SEEK_SET) < 0 -+ || write (db->pagf, db->pagbuf, PBLKSIZ) < 0) -+ return 0; -+ db->pagbno = newp; -+ (void) memcpy (pag, new, PBLKSIZ); -+ } -+ else if (lseek (db->pagf, OFF_PAG (newp), SEEK_SET) < 0 -+ || write (db->pagf, new, PBLKSIZ) < 0) -+ return 0; -+ -+ if (!setdbit (db, db->curbit)) -+ return 0; -+/* -+ * see if we have enough room now -+ */ -+ if (fitpair (pag, need)) -+ return 1; -+/* -+ * try again... update curbit and hmask as getpage would have -+ * done. because of our update of the current page, we do not -+ * need to read in anything. BUT we have to write the current -+ * [deferred] page out, as the window of failure is too great. -+ */ -+ db->curbit = 2 * db->curbit + -+ ((hash & (db->hmask + 1)) ? 2 : 1); -+ db->hmask |= db->hmask + 1; -+ -+ if (lseek (db->pagf, OFF_PAG (db->pagbno), SEEK_SET) < 0 -+ || write (db->pagf, db->pagbuf, PBLKSIZ) < 0) -+ return 0; -+ -+ } -+ while (--smax); -+/* -+ * if we are here, this is real bad news. After SPLTMAX splits, -+ * we still cannot fit the key. say goodnight. -+ */ -+#ifdef BADMESS -+ (void) write (2, "sdbm: cannot insert after SPLTMAX attempts.\n", 44); -+#endif -+ return 0; -+ -+} -+ -+static SDBM *sdbm_prep (char *dirname, char *pagname, int flags, int mode) -+{ -+ SDBM *db; -+ struct stat dstat; -+ -+ if ((db = (SDBM *) mymalloc (sizeof (SDBM))) == NULL) -+ return errno = ENOMEM, (SDBM *) NULL; -+ -+ db->flags = 0; -+ db->blkptr = 0; -+ db->keyptr = 0; -+/* -+ * adjust user flags so that WRONLY becomes RDWR, -+ * as required by this package. Also set our internal -+ * flag for RDONLY if needed. -+ */ -+ if (flags & O_WRONLY) -+ flags = (flags & ~O_WRONLY) | O_RDWR; -+ else if ((flags & 03) == O_RDONLY) -+ db->flags = DBM_RDONLY; -+#if defined(OS2) || defined(MSDOS) || defined(WIN32) -+ flags |= O_BINARY; -+#endif -+ -+/* -+ * Make sure to ignore the O_EXCL option, as the file might exist due -+ * to the locking. -+ */ -+ flags &= ~O_EXCL; -+ -+/* -+ * open the files in sequence, and stat the dirfile. -+ * If we fail anywhere, undo everything, return NULL. -+ */ -+ -+ if ((db->pagf = open (pagname, flags, mode)) > -1) -+ { -+ if ((db->dirf = open (dirname, flags, mode)) > -1) -+ { -+/* -+ * need the dirfile size to establish max bit number. -+ */ -+ if (fstat (db->dirf, &dstat) == 0) -+ { -+ /* -+ * success -+ */ -+ return db; -+ } -+ msg_info ("closing dirf"); -+ (void) close (db->dirf); -+ } -+ msg_info ("closing pagf"); -+ (void) close (db->pagf); -+ } -+ myfree ((char *) db); -+ return (SDBM *) NULL; -+} -+ -+static DBM *sdbm_internal_open (SDBM * sdbm) -+{ -+ DBM *db; -+ struct stat dstat; -+ -+ if ((db = (DBM *) mymalloc (sizeof (DBM))) == NULL) -+ return errno = ENOMEM, (DBM *) NULL; -+ -+ db->flags = sdbm->flags; -+ db->hmask = 0; -+ db->blkptr = sdbm->blkptr; -+ db->keyptr = sdbm->keyptr; -+ db->pagf = sdbm->pagf; -+ db->dirf = sdbm->dirf; -+ db->pagbuf = sdbm->pagbuf; -+ db->dirbuf = sdbm->dirbuf; -+ -+/* -+ * need the dirfile size to establish max bit number. -+ */ -+ if (fstat (db->dirf, &dstat) == 0) -+ { -+/* -+ * zero size: either a fresh database, or one with a single, -+ * unsplit data page: dirpage is all zeros. -+ */ -+ db->dirbno = (!dstat.st_size) ? 0 : -1; -+ db->pagbno = -1; -+ db->maxbno = dstat.st_size * BYTESIZ; -+ -+ (void) memset (db->pagbuf, 0, PBLKSIZ); -+ (void) memset (db->dirbuf, 0, DBLKSIZ); -+ return db; -+ } -+ myfree ((char *) db); -+ return (DBM *) NULL; -+} -+ -+static void sdbm_internal_close (DBM * db) -+{ -+ if (db == NULL) -+ errno = EINVAL; -+ else -+ { -+ myfree ((char *) db); -+ } -+} -+ -+datum sdbm_fetch (SDBM * sdb, datum key) -+{ -+ datum retval; -+ DBM *db; -+ -+ if (sdb == NULL || bad (key)) -+ return errno = EINVAL, nullitem; -+ -+ if (!(db = sdbm_internal_open (sdb))) -+ return errno = EINVAL, nullitem; -+ -+ if (getpage (db, exhash (key))) -+ { -+ retval = getpair (db->pagbuf, key); -+ sdbm_internal_close (db); -+ return retval; -+ } -+ -+ sdbm_internal_close (db); -+ -+ return ioerr (sdb), nullitem; -+} -+ -+int sdbm_delete (SDBM * sdb, datum key) -+{ -+ int retval; -+ DBM *db; -+ -+ if (sdb == NULL || bad (key)) -+ return errno = EINVAL, -1; -+ if (sdbm_rdonly (sdb)) -+ return errno = EPERM, -1; -+ -+ if (!(db = sdbm_internal_open (sdb))) -+ return errno = EINVAL, -1; -+ -+ if (getpage (db, exhash (key))) -+ { -+ if (!delpair (db->pagbuf, key)) -+ retval = -1; -+/* -+ * update the page file -+ */ -+ else if (lseek (db->pagf, OFF_PAG (db->pagbno), SEEK_SET) < 0 -+ || write (db->pagf, db->pagbuf, PBLKSIZ) < 0) -+ retval = ioerr (sdb), -1; -+ else -+ retval = 0; -+ } -+ else -+ retval = ioerr (sdb), -1; -+ -+ sdbm_internal_close (db); -+ -+ return retval; -+} -+ -+int sdbm_store (SDBM * sdb, datum key, datum val, int flags) -+{ -+ int need; -+ int retval; -+ long hash; -+ DBM *db; -+ -+ if (sdb == NULL || bad (key)) -+ return errno = EINVAL, -1; -+ if (sdbm_rdonly (sdb)) -+ return errno = EPERM, -1; -+ -+ need = key.dsize + val.dsize; -+/* -+ * is the pair too big (or too small) for this database ?? -+ */ -+ if (need < 0 || need > PAIRMAX) -+ return errno = EINVAL, -1; -+ -+ if (!(db = sdbm_internal_open (sdb))) -+ return errno = EINVAL, -1; -+ -+ if (getpage (db, (hash = exhash (key)))) -+ { -+/* -+ * if we need to replace, delete the key/data pair -+ * first. If it is not there, ignore. -+ */ -+ if (flags == DBM_REPLACE) -+ (void) delpair (db->pagbuf, key); -+#ifdef SEEDUPS -+ else if (duppair (db->pagbuf, key)) -+ { -+ sdbm_internal_close (db); -+ return 1; -+ } -+#endif -+/* -+ * if we do not have enough room, we have to split. -+ */ -+ if (!fitpair (db->pagbuf, need)) -+ if (!makroom (db, hash, need)) -+ { -+ sdbm_internal_close (db); -+ return ioerr (db), -1; -+ } -+/* -+ * we have enough room or split is successful. insert the key, -+ * and update the page file. -+ */ -+ (void) putpair (db->pagbuf, key, val); -+ -+ if (lseek (db->pagf, OFF_PAG (db->pagbno), SEEK_SET) < 0 -+ || write (db->pagf, db->pagbuf, PBLKSIZ) < 0) -+ { -+ sdbm_internal_close (db); -+ return ioerr (db), -1; -+ } -+ /* -+ * success -+ */ -+ sdbm_internal_close (db); -+ return 0; -+ } -+ -+ sdbm_internal_close (db); -+ return ioerr (sdb), -1; -+} -+ -+/* -+ * the following two routines will break if -+ * deletions aren't taken into account. (ndbm bug) -+ */ -+datum sdbm_firstkey (SDBM * sdb) -+{ -+ datum retval; -+ DBM *db; -+ -+ if (sdb == NULL) -+ return errno = EINVAL, nullitem; -+ -+ if (!(db = sdbm_internal_open (sdb))) -+ return errno = EINVAL, nullitem; -+ -+/* -+ * start at page 0 -+ */ -+ if (lseek (db->pagf, OFF_PAG (0), SEEK_SET) < 0 -+ || read (db->pagf, db->pagbuf, PBLKSIZ) < 0) -+ { -+ sdbm_internal_close (db); -+ return ioerr (sdb), nullitem; -+ } -+ db->pagbno = 0; -+ db->blkptr = 0; -+ db->keyptr = 0; -+ -+ retval = getnext (db); -+ sdb->blkptr = db->blkptr; -+ sdb->keyptr = db->keyptr; -+ sdbm_internal_close (db); -+ return retval; -+} -+ -+datum sdbm_nextkey (SDBM * sdb) -+{ -+ datum retval; -+ DBM *db; -+ -+ if (sdb == NULL) -+ return errno = EINVAL, nullitem; -+ -+ if (!(db = sdbm_internal_open (sdb))) -+ return errno = EINVAL, nullitem; -+ -+ retval = getnext (db); -+ sdb->blkptr = db->blkptr; -+ sdb->keyptr = db->keyptr; -+ sdbm_internal_close (db); -+ return retval; -+} -+ -+void sdbm_close (SDBM * db) -+{ -+ if (db == NULL) -+ errno = EINVAL; -+ else -+ { -+ (void) close (db->dirf); -+ (void) close (db->pagf); -+ myfree ((char *) db); -+ } -+} -+ -+SDBM *sdbm_open (char *file, int flags, int mode) -+{ -+ SDBM *db; -+ char *dirname; -+ char *pagname; -+ int n; -+ -+ if (file == NULL || !*file) -+ return errno = EINVAL, (SDBM *) NULL; -+/* -+ * need space for two seperate filenames -+ */ -+ n = strlen (file) * 2 + strlen (DIRFEXT) + strlen (PAGFEXT) + 2; -+ -+ if ((dirname = (char *) mymalloc ((unsigned) n)) == NULL) -+ return errno = ENOMEM, (SDBM *) NULL; -+/* -+ * build the file names -+ */ -+ dirname = strcat (strcpy (dirname, file), DIRFEXT); -+ pagname = strcpy (dirname + strlen (dirname) + 1, file); -+ pagname = strcat (pagname, PAGFEXT); -+ -+ db = sdbm_prep (dirname, pagname, flags, mode); -+ myfree ((char *) dirname); -+ return db; -+} -+ -diff -Pur postfix-1.1.11-20020822-orig/src/util/sdbm.h postfix-1.1.11-20020822/src/util/sdbm.h ---- postfix-1.1.11-20020822-orig/src/util/sdbm.h Thu Jan 1 01:00:00 1970 -+++ postfix-1.1.11-20020822/src/util/sdbm.h Sat Aug 24 00:09:03 2002 -@@ -0,0 +1,97 @@ -+/*++ -+/* NAME -+/* sdbm 3h -+/* SUMMARY -+/* SDBM Simple DBM: ndbm work-alike hashed database library -+/* SYNOPSIS -+/* include "sdbm.h" -+/* DESCRIPTION -+/* .nf -+/*--*/ -+ -+#ifndef UTIL_SDBM_H -+#define UTIL_SDBM_H -+ -+/* -+ * sdbm - ndbm work-alike hashed database library -+ * based on Per-Ake Larson's Dynamic Hashing algorithms. BIT 18 (1978). -+ * author: oz@nexus.yorku.ca -+ * status: public domain. -+ */ -+ -+#define DUFF /* go ahead and use the loop-unrolled version */ -+ -+#include <stdio.h> -+ -+#define DBLKSIZ 16384 /* SSL cert chains require more */ -+#define PBLKSIZ 8192 /* SSL cert chains require more */ -+#define PAIRMAX 8008 /* arbitrary on PBLKSIZ-N */ -+#define SPLTMAX 10 /* maximum allowed splits */ -+ /* for a single insertion */ -+#define DIRFEXT ".dir" -+#define PAGFEXT ".pag" -+ -+typedef struct { -+ int dirf; /* directory file descriptor */ -+ int pagf; /* page file descriptor */ -+ int flags; /* status/error flags, see below */ -+ long blkptr; /* current block for nextkey */ -+ int keyptr; /* current key for nextkey */ -+ char pagbuf[PBLKSIZ]; /* page file block buffer */ -+ char dirbuf[DBLKSIZ]; /* directory file block buffer */ -+} SDBM; -+ -+#define DBM_RDONLY 0x1 /* data base open read-only */ -+#define DBM_IOERR 0x2 /* data base I/O error */ -+ -+/* -+ * utility macros -+ */ -+#define sdbm_rdonly(db) ((db)->flags & DBM_RDONLY) -+#define sdbm_error(db) ((db)->flags & DBM_IOERR) -+ -+#define sdbm_clearerr(db) ((db)->flags &= ~DBM_IOERR) /* ouch */ -+ -+#define sdbm_dirfno(db) ((db)->dirf) -+#define sdbm_pagfno(db) ((db)->pagf) -+ -+typedef struct { -+ char *dptr; -+ int dsize; -+} datum; -+ -+extern datum nullitem; -+ -+/* -+ * flags to sdbm_store -+ */ -+#define DBM_INSERT 0 -+#define DBM_REPLACE 1 -+ -+/* -+ * ndbm interface -+ */ -+extern SDBM *sdbm_open(char *, int, int); -+extern void sdbm_close(SDBM *); -+extern datum sdbm_fetch(SDBM *, datum); -+extern int sdbm_delete(SDBM *, datum); -+extern int sdbm_store(SDBM *, datum, datum, int); -+extern datum sdbm_firstkey(SDBM *); -+extern datum sdbm_nextkey(SDBM *); -+ -+/* -+ * sdbm - ndbm work-alike hashed database library -+ * tuning and portability constructs [not nearly enough] -+ * author: oz@nexus.yorku.ca -+ */ -+ -+#define BYTESIZ 8 -+ -+/* -+ * important tuning parms (hah) -+ */ -+ -+#define SEEDUPS /* always detect duplicates */ -+#define BADMESS /* generate a message for worst case: -+ cannot make room after SPLTMAX splits */ -+#endif /* UTIL_SDBM_H */ -diff -Pur postfix-1.1.11-20020822-orig/src/util/sys_defs.h postfix-1.1.11-20020822/src/util/sys_defs.h ---- postfix-1.1.11-20020822-orig/src/util/sys_defs.h Mon Jul 29 15:14:23 2002 -+++ postfix-1.1.11-20020822/src/util/sys_defs.h Sat Aug 24 00:27:46 2002 -@@ -73,6 +73,14 @@ - #define DEF_MAILBOX_LOCK "flock, dotlock" - #endif - -+#if !defined(NOGETIFADDRS) && ( \ -+ (defined(__NetBSD_Version__) && __NetBSD_Version__ >= 105000000) \ -+ || (defined(__FreeBSD__) && __FreeBSD__ >= 4) \ -+ || (defined(OpenBSD) && OpenBSD >= 200003) \ -+ || defined(USAGI_LIBINET6)) -+#define HAVE_GETIFADDRS -+#endif -+ - /* - * UNIX on MAC. - */ -diff -Pur postfix-1.1.11-20020822-orig/src/util/valid_hostname.c postfix-1.1.11-20020822/src/util/valid_hostname.c ---- postfix-1.1.11-20020822-orig/src/util/valid_hostname.c Sun Jan 28 15:10:18 2001 -+++ postfix-1.1.11-20020822/src/util/valid_hostname.c Sat Aug 24 00:09:03 2002 -@@ -47,6 +47,13 @@ - #include <string.h> - #include <ctype.h> - -+#ifdef INET6 -+#include <netinet/in.h> -+#include <sys/socket.h> -+#include <arpa/inet.h> -+#include <netdb.h> -+#endif -+ - /* Utility library. */ - - #include "msg.h" -@@ -103,7 +110,23 @@ - msg_warn("%s: misplaced hyphen: %.100s", myname, name); - return (0); - } -- } else { -+ } -+#ifdef INET6 -+ else if (ch == ':') { -+ struct addrinfo hints, *res; -+ -+ memset(&hints, 0, sizeof(hints)); -+ hints.ai_family = AF_INET6; -+ hints.ai_socktype = SOCK_STREAM; /*dummy*/ -+ hints.ai_flags = AI_NUMERICHOST; -+ if (getaddrinfo(name, "0", &hints, &res) == 0) { -+ freeaddrinfo(res); -+ return 1; -+ } else -+ return 0; -+ } -+#endif -+ else { - if (gripe) - msg_warn("%s: invalid character %d(decimal): %.100s", - myname, ch, name); -@@ -135,6 +158,9 @@ - int byte_count = 0; - int byte_val = 0; - int ch; -+#ifdef INET6 -+ struct addrinfo hints, *res; -+#endif - - #define BYTES_NEEDED 4 - -@@ -146,6 +172,17 @@ - msg_warn("%s: empty address", myname); - return (0); - } -+ -+#ifdef INET6 -+ memset(&hints, 0, sizeof(hints)); -+ hints.ai_family = AF_INET6; -+ hints.ai_socktype = SOCK_STREAM; /*dummy*/ -+ hints.ai_flags = AI_NUMERICHOST; -+ if (getaddrinfo(addr, "0", &hints, &res) == 0) { -+ freeaddrinfo(res); -+ return 1; -+ } -+#endif - - /* - * Scary code to avoid sscanf() overflow nasties. diff --git a/net-mail/postfix/files/tls+ipv6-1.4-pf-1.1.11-20020822.patch.bz2 b/net-mail/postfix/files/tls+ipv6-1.4-pf-1.1.11-20020822.patch.bz2 Binary files differnew file mode 100644 index 000000000000..ff87843c55cf --- /dev/null +++ b/net-mail/postfix/files/tls+ipv6-1.4-pf-1.1.11-20020822.patch.bz2 diff --git a/net-mail/postfix/postfix-1.1.11.20020822.ebuild b/net-mail/postfix/postfix-1.1.11.20020822.ebuild index d4a8f7d24069..94d9e662bbd6 100644 --- a/net-mail/postfix/postfix-1.1.11.20020822.ebuild +++ b/net-mail/postfix/postfix-1.1.11.20020822.ebuild @@ -1,6 +1,6 @@ # Copyright 1999-2002 Gentoo Technologies, Inc. # Distributed under the terms of the GNU General Public License, v2 or later -# $Header: /var/cvsroot/gentoo-x86/net-mail/postfix/postfix-1.1.11.20020822.ebuild,v 1.2 2002/09/11 19:52:15 raker Exp $ +# $Header: /var/cvsroot/gentoo-x86/net-mail/postfix/postfix-1.1.11.20020822.ebuild,v 1.3 2002/09/11 19:57:03 raker Exp $ PF_PV=1.1.11-20020822 PF_P=postfix-${PF_PV} @@ -49,7 +49,7 @@ src_unpack() { if [ `use ssl` ] && [ `use ipv6` ] then cd ${S} - patch -p1 < ${FILESDIR}/${IPV6_P}.patch || die "patch failed" + bzcat ${FILESDIR}/${IPV6_P}.patch.bz2 | patch -p1 || die "patch failed" CCARGS="${CCARGS} -DHAS_SSL" AUXLIBS="${AUXLIBS} -lssl -lcrypto" elif [ `use ssl` ] |