1 /* 2 * Copyright (c) 1999-2004, 2006-2008 Sendmail, Inc. and its suppliers. 3 * All rights reserved. 4 * 5 * By using this file, you agree to the terms and conditions set 6 * forth in the LICENSE file which can be found at the top level of 7 * the sendmail distribution. 8 * 9 */ 10 11 #include <sm/gen.h> 12 SM_RCSID("@(#)$Id: engine.c,v 8.166 2009/11/06 00:57:07 ca Exp $") 13 14 #include "libmilter.h" 15 16 #if NETINET || NETINET6 17 # include <arpa/inet.h> 18 #endif /* NETINET || NETINET6 */ 19 20 /* generic argument for functions in the command table */ 21 struct arg_struct 22 { 23 size_t a_len; /* length of buffer */ 24 char *a_buf; /* argument string */ 25 int a_idx; /* index for macro array */ 26 SMFICTX_PTR a_ctx; /* context */ 27 }; 28 29 typedef struct arg_struct genarg; 30 31 /* structure for commands received from MTA */ 32 struct cmdfct_t 33 { 34 char cm_cmd; /* command */ 35 int cm_argt; /* type of arguments expected */ 36 int cm_next; /* next state */ 37 int cm_todo; /* what to do next */ 38 int cm_macros; /* index for macros */ 39 int (*cm_fct) __P((genarg *)); /* function to execute */ 40 }; 41 42 typedef struct cmdfct_t cmdfct; 43 44 /* possible values for cm_argt */ 45 #define CM_ARG0 0 /* no args */ 46 #define CM_ARG1 1 /* one arg (string) */ 47 #define CM_ARG2 2 /* two args (strings) */ 48 #define CM_ARGA 4 /* one string and _SOCK_ADDR */ 49 #define CM_ARGO 5 /* two integers */ 50 #define CM_ARGV 8 /* \0 separated list of args, NULL-terminated */ 51 #define CM_ARGN 9 /* \0 separated list of args (strings) */ 52 53 /* possible values for cm_todo */ 54 #define CT_CONT 0x0000 /* continue reading commands */ 55 #define CT_IGNO 0x0001 /* continue even when error */ 56 57 /* not needed right now, done via return code instead */ 58 #define CT_KEEP 0x0004 /* keep buffer (contains symbols) */ 59 #define CT_END 0x0008 /* last command of session, stop replying */ 60 61 /* index in macro array: macros only for these commands */ 62 #define CI_NONE (-1) 63 #define CI_CONN 0 64 #define CI_HELO 1 65 #define CI_MAIL 2 66 #define CI_RCPT 3 67 #define CI_DATA 4 68 #define CI_EOM 5 69 #define CI_EOH 6 70 #define CI_LAST CI_EOH 71 #if CI_LAST < CI_DATA 72 ERROR: do not compile with CI_LAST < CI_DATA 73 #endif 74 #if CI_LAST < CI_EOM 75 ERROR: do not compile with CI_LAST < CI_EOM 76 #endif 77 #if CI_LAST < CI_EOH 78 ERROR: do not compile with CI_LAST < CI_EOH 79 #endif 80 #if CI_LAST < CI_ENVRCPT 81 ERROR: do not compile with CI_LAST < CI_ENVRCPT 82 #endif 83 #if CI_LAST < CI_ENVFROM 84 ERROR: do not compile with CI_LAST < CI_ENVFROM 85 #endif 86 #if CI_LAST < CI_HELO 87 ERROR: do not compile with CI_LAST < CI_HELO 88 #endif 89 #if CI_LAST < CI_CONNECT 90 ERROR: do not compile with CI_LAST < CI_CONNECT 91 #endif 92 #if CI_LAST >= MAX_MACROS_ENTRIES 93 ERROR: do not compile with CI_LAST >= MAX_MACROS_ENTRIES 94 #endif 95 96 /* function prototypes */ 97 static int st_abortfct __P((genarg *)); 98 static int st_macros __P((genarg *)); 99 static int st_optionneg __P((genarg *)); 100 static int st_bodychunk __P((genarg *)); 101 static int st_connectinfo __P((genarg *)); 102 static int st_bodyend __P((genarg *)); 103 static int st_helo __P((genarg *)); 104 static int st_header __P((genarg *)); 105 static int st_sender __P((genarg *)); 106 static int st_rcpt __P((genarg *)); 107 static int st_unknown __P((genarg *)); 108 static int st_data __P((genarg *)); 109 static int st_eoh __P((genarg *)); 110 static int st_quit __P((genarg *)); 111 static int sendreply __P((sfsistat, socket_t, struct timeval *, SMFICTX_PTR)); 112 static void fix_stm __P((SMFICTX_PTR)); 113 static bool trans_ok __P((int, int)); 114 static char **dec_argv __P((char *, size_t)); 115 static int dec_arg2 __P((char *, size_t, char **, char **)); 116 static void mi_clr_symlist __P((SMFICTX_PTR)); 117 118 #if _FFR_WORKERS_POOL 119 static bool mi_rd_socket_ready __P((int)); 120 #endif /* _FFR_WORKERS_POOL */ 121 122 /* states */ 123 #define ST_NONE (-1) 124 #define ST_INIT 0 /* initial state */ 125 #define ST_OPTS 1 /* option negotiation */ 126 #define ST_CONN 2 /* connection info */ 127 #define ST_HELO 3 /* helo */ 128 #define ST_MAIL 4 /* mail from */ 129 #define ST_RCPT 5 /* rcpt to */ 130 #define ST_DATA 6 /* data */ 131 #define ST_HDRS 7 /* headers */ 132 #define ST_EOHS 8 /* end of headers */ 133 #define ST_BODY 9 /* body */ 134 #define ST_ENDM 10 /* end of message */ 135 #define ST_QUIT 11 /* quit */ 136 #define ST_ABRT 12 /* abort */ 137 #define ST_UNKN 13 /* unknown SMTP command */ 138 #define ST_Q_NC 14 /* quit, new connection follows */ 139 #define ST_LAST ST_Q_NC /* last valid state */ 140 #define ST_SKIP 16 /* not a state but required for the state table */ 141 142 /* in a mail transaction? must be before eom according to spec. */ 143 #define ST_IN_MAIL(st) ((st) >= ST_MAIL && (st) < ST_ENDM) 144 145 /* 146 ** set of next states 147 ** each state (ST_*) corresponds to bit in an int value (1 << state) 148 ** each state has a set of allowed transitions ('or' of bits of states) 149 ** so a state transition is valid if the mask of the next state 150 ** is set in the NX_* value 151 ** this function is coded in trans_ok(), see below. 152 */ 153 154 #define MI_MASK(x) (0x0001 << (x)) /* generate a bit "mask" for a state */ 155 #define NX_INIT (MI_MASK(ST_OPTS)) 156 #define NX_OPTS (MI_MASK(ST_CONN) | MI_MASK(ST_UNKN)) 157 #define NX_CONN (MI_MASK(ST_HELO) | MI_MASK(ST_MAIL) | MI_MASK(ST_UNKN)) 158 #define NX_HELO (MI_MASK(ST_HELO) | MI_MASK(ST_MAIL) | MI_MASK(ST_UNKN)) 159 #define NX_MAIL (MI_MASK(ST_RCPT) | MI_MASK(ST_ABRT) | MI_MASK(ST_UNKN)) 160 #define NX_RCPT (MI_MASK(ST_HDRS) | MI_MASK(ST_EOHS) | MI_MASK(ST_DATA) | \ 161 MI_MASK(ST_BODY) | MI_MASK(ST_ENDM) | \ 162 MI_MASK(ST_RCPT) | MI_MASK(ST_ABRT) | MI_MASK(ST_UNKN)) 163 #define NX_DATA (MI_MASK(ST_EOHS) | MI_MASK(ST_HDRS) | MI_MASK(ST_ABRT)) 164 #define NX_HDRS (MI_MASK(ST_EOHS) | MI_MASK(ST_HDRS) | MI_MASK(ST_ABRT)) 165 #define NX_EOHS (MI_MASK(ST_BODY) | MI_MASK(ST_ENDM) | MI_MASK(ST_ABRT)) 166 #define NX_BODY (MI_MASK(ST_ENDM) | MI_MASK(ST_BODY) | MI_MASK(ST_ABRT)) 167 #define NX_ENDM (MI_MASK(ST_QUIT) | MI_MASK(ST_MAIL) | MI_MASK(ST_UNKN) | \ 168 MI_MASK(ST_Q_NC)) 169 #define NX_QUIT 0 170 #define NX_ABRT 0 171 #define NX_UNKN (MI_MASK(ST_HELO) | MI_MASK(ST_MAIL) | \ 172 MI_MASK(ST_RCPT) | MI_MASK(ST_ABRT) | \ 173 MI_MASK(ST_DATA) | \ 174 MI_MASK(ST_BODY) | MI_MASK(ST_UNKN) | \ 175 MI_MASK(ST_ABRT) | MI_MASK(ST_QUIT) | MI_MASK(ST_Q_NC)) 176 #define NX_Q_NC (MI_MASK(ST_CONN) | MI_MASK(ST_UNKN)) 177 #define NX_SKIP MI_MASK(ST_SKIP) 178 179 static int next_states[] = 180 { 181 NX_INIT 182 , NX_OPTS 183 , NX_CONN 184 , NX_HELO 185 , NX_MAIL 186 , NX_RCPT 187 , NX_DATA 188 , NX_HDRS 189 , NX_EOHS 190 , NX_BODY 191 , NX_ENDM 192 , NX_QUIT 193 , NX_ABRT 194 , NX_UNKN 195 , NX_Q_NC 196 }; 197 198 #define SIZE_NEXT_STATES (sizeof(next_states) / sizeof(next_states[0])) 199 200 /* commands received by milter */ 201 static cmdfct cmds[] = 202 { 203 {SMFIC_ABORT, CM_ARG0, ST_ABRT, CT_CONT, CI_NONE, st_abortfct } 204 , {SMFIC_MACRO, CM_ARGV, ST_NONE, CT_KEEP, CI_NONE, st_macros } 205 , {SMFIC_BODY, CM_ARG1, ST_BODY, CT_CONT, CI_NONE, st_bodychunk } 206 , {SMFIC_CONNECT, CM_ARG2, ST_CONN, CT_CONT, CI_CONN, st_connectinfo } 207 , {SMFIC_BODYEOB, CM_ARG1, ST_ENDM, CT_CONT, CI_EOM, st_bodyend } 208 , {SMFIC_HELO, CM_ARG1, ST_HELO, CT_CONT, CI_HELO, st_helo } 209 , {SMFIC_HEADER, CM_ARG2, ST_HDRS, CT_CONT, CI_NONE, st_header } 210 , {SMFIC_MAIL, CM_ARGV, ST_MAIL, CT_CONT, CI_MAIL, st_sender } 211 , {SMFIC_OPTNEG, CM_ARGO, ST_OPTS, CT_CONT, CI_NONE, st_optionneg } 212 , {SMFIC_EOH, CM_ARG0, ST_EOHS, CT_CONT, CI_EOH, st_eoh } 213 , {SMFIC_QUIT, CM_ARG0, ST_QUIT, CT_END, CI_NONE, st_quit } 214 , {SMFIC_DATA, CM_ARG0, ST_DATA, CT_CONT, CI_DATA, st_data } 215 , {SMFIC_RCPT, CM_ARGV, ST_RCPT, CT_IGNO, CI_RCPT, st_rcpt } 216 , {SMFIC_UNKNOWN, CM_ARG1, ST_UNKN, CT_IGNO, CI_NONE, st_unknown } 217 , {SMFIC_QUIT_NC, CM_ARG0, ST_Q_NC, CT_CONT, CI_NONE, st_quit } 218 }; 219 220 /* 221 ** Additional (internal) reply codes; 222 ** must be coordinated wit libmilter/mfapi.h 223 */ 224 225 #define _SMFIS_KEEP 20 226 #define _SMFIS_ABORT 21 227 #define _SMFIS_OPTIONS 22 228 #define _SMFIS_NOREPLY SMFIS_NOREPLY 229 #define _SMFIS_FAIL (-1) 230 #define _SMFIS_NONE (-2) 231 232 /* 233 ** MI_ENGINE -- receive commands and process them 234 ** 235 ** Parameters: 236 ** ctx -- context structure 237 ** 238 ** Returns: 239 ** MI_FAILURE/MI_SUCCESS 240 */ 241 242 int 243 mi_engine(ctx) 244 SMFICTX_PTR ctx; 245 { 246 size_t len; 247 int i; 248 socket_t sd; 249 int ret = MI_SUCCESS; 250 int ncmds = sizeof(cmds) / sizeof(cmdfct); 251 int curstate = ST_INIT; 252 int newstate; 253 bool call_abort; 254 sfsistat r; 255 char cmd; 256 char *buf = NULL; 257 genarg arg; 258 struct timeval timeout; 259 int (*f) __P((genarg *)); 260 sfsistat (*fi_abort) __P((SMFICTX *)); 261 sfsistat (*fi_close) __P((SMFICTX *)); 262 263 arg.a_ctx = ctx; 264 sd = ctx->ctx_sd; 265 fi_abort = ctx->ctx_smfi->xxfi_abort; 266 #if _FFR_WORKERS_POOL 267 curstate = ctx->ctx_state; 268 if (curstate == ST_INIT) 269 { 270 mi_clr_macros(ctx, 0); 271 fix_stm(ctx); 272 } 273 #else /* _FFR_WORKERS_POOL */ 274 mi_clr_macros(ctx, 0); 275 fix_stm(ctx); 276 #endif /* _FFR_WORKERS_POOL */ 277 r = _SMFIS_NONE; 278 do 279 { 280 /* call abort only if in a mail transaction */ 281 call_abort = ST_IN_MAIL(curstate); 282 timeout.tv_sec = ctx->ctx_timeout; 283 timeout.tv_usec = 0; 284 if (mi_stop() == MILTER_ABRT) 285 { 286 if (ctx->ctx_dbg > 3) 287 sm_dprintf("[%ld] milter_abort\n", 288 (long) ctx->ctx_id); 289 ret = MI_FAILURE; 290 break; 291 } 292 293 /* 294 ** Notice: buf is allocated by mi_rd_cmd() and it will 295 ** usually be free()d after it has been used in f(). 296 ** However, if the function returns _SMFIS_KEEP then buf 297 ** contains macros and will not be free()d. 298 ** Hence r must be set to _SMFIS_NONE if a new buf is 299 ** allocated to avoid problem with housekeeping, esp. 300 ** if the code "break"s out of the loop. 301 */ 302 303 #if _FFR_WORKERS_POOL 304 /* Is the socket ready to be read ??? */ 305 if (!mi_rd_socket_ready(sd)) 306 { 307 ret = MI_CONTINUE; 308 break; 309 } 310 #endif /* _FFR_WORKERS_POOL */ 311 312 r = _SMFIS_NONE; 313 if ((buf = mi_rd_cmd(sd, &timeout, &cmd, &len, 314 ctx->ctx_smfi->xxfi_name)) == NULL && 315 cmd < SMFIC_VALIDCMD) 316 { 317 if (ctx->ctx_dbg > 5) 318 sm_dprintf("[%ld] mi_engine: mi_rd_cmd error (%x)\n", 319 (long) ctx->ctx_id, (int) cmd); 320 321 /* 322 ** eof is currently treated as failure -> 323 ** abort() instead of close(), otherwise use: 324 ** if (cmd != SMFIC_EOF) 325 */ 326 327 ret = MI_FAILURE; 328 break; 329 } 330 if (ctx->ctx_dbg > 4) 331 sm_dprintf("[%ld] got cmd '%c' len %d\n", 332 (long) ctx->ctx_id, cmd, (int) len); 333 for (i = 0; i < ncmds; i++) 334 { 335 if (cmd == cmds[i].cm_cmd) 336 break; 337 } 338 if (i >= ncmds) 339 { 340 /* unknown command */ 341 if (ctx->ctx_dbg > 1) 342 sm_dprintf("[%ld] cmd '%c' unknown\n", 343 (long) ctx->ctx_id, cmd); 344 ret = MI_FAILURE; 345 break; 346 } 347 if ((f = cmds[i].cm_fct) == NULL) 348 { 349 /* stop for now */ 350 if (ctx->ctx_dbg > 1) 351 sm_dprintf("[%ld] cmd '%c' not impl\n", 352 (long) ctx->ctx_id, cmd); 353 ret = MI_FAILURE; 354 break; 355 } 356 357 /* is new state ok? */ 358 newstate = cmds[i].cm_next; 359 if (ctx->ctx_dbg > 5) 360 sm_dprintf("[%ld] cur %x new %x nextmask %x\n", 361 (long) ctx->ctx_id, 362 curstate, newstate, next_states[curstate]); 363 364 if (newstate != ST_NONE && !trans_ok(curstate, newstate)) 365 { 366 if (ctx->ctx_dbg > 1) 367 sm_dprintf("[%ld] abort: cur %d (%x) new %d (%x) next %x\n", 368 (long) ctx->ctx_id, 369 curstate, MI_MASK(curstate), 370 newstate, MI_MASK(newstate), 371 next_states[curstate]); 372 373 /* call abort only if in a mail transaction */ 374 if (fi_abort != NULL && call_abort) 375 (void) (*fi_abort)(ctx); 376 377 /* 378 ** try to reach the new state from HELO 379 ** if it can't be reached, ignore the command. 380 */ 381 382 curstate = ST_HELO; 383 if (!trans_ok(curstate, newstate)) 384 { 385 if (buf != NULL) 386 { 387 free(buf); 388 buf = NULL; 389 } 390 continue; 391 } 392 } 393 arg.a_len = len; 394 arg.a_buf = buf; 395 if (newstate != ST_NONE) 396 { 397 curstate = newstate; 398 ctx->ctx_state = curstate; 399 } 400 arg.a_idx = cmds[i].cm_macros; 401 call_abort = ST_IN_MAIL(curstate); 402 403 /* call function to deal with command */ 404 MI_MONITOR_BEGIN(ctx, cmd); 405 r = (*f)(&arg); 406 MI_MONITOR_END(ctx, cmd); 407 if (r != _SMFIS_KEEP && buf != NULL) 408 { 409 free(buf); 410 buf = NULL; 411 } 412 if (sendreply(r, sd, &timeout, ctx) != MI_SUCCESS) 413 { 414 ret = MI_FAILURE; 415 break; 416 } 417 418 if (r == SMFIS_ACCEPT) 419 { 420 /* accept mail, no further actions taken */ 421 curstate = ST_HELO; 422 } 423 else if (r == SMFIS_REJECT || r == SMFIS_DISCARD || 424 r == SMFIS_TEMPFAIL) 425 { 426 /* 427 ** further actions depend on current state 428 ** if the IGNO bit is set: "ignore" the error, 429 ** i.e., stay in the current state 430 */ 431 if (!bitset(CT_IGNO, cmds[i].cm_todo)) 432 curstate = ST_HELO; 433 } 434 else if (r == _SMFIS_ABORT) 435 { 436 if (ctx->ctx_dbg > 5) 437 sm_dprintf("[%ld] function returned abort\n", 438 (long) ctx->ctx_id); 439 ret = MI_FAILURE; 440 break; 441 } 442 } while (!bitset(CT_END, cmds[i].cm_todo)); 443 444 ctx->ctx_state = curstate; 445 446 if (ret == MI_FAILURE) 447 { 448 /* call abort only if in a mail transaction */ 449 if (fi_abort != NULL && call_abort) 450 (void) (*fi_abort)(ctx); 451 } 452 453 /* has close been called? */ 454 if (ctx->ctx_state != ST_QUIT 455 #if _FFR_WORKERS_POOL 456 && ret != MI_CONTINUE 457 #endif /* _FFR_WORKERS_POOL */ 458 ) 459 { 460 if ((fi_close = ctx->ctx_smfi->xxfi_close) != NULL) 461 (void) (*fi_close)(ctx); 462 } 463 if (r != _SMFIS_KEEP && buf != NULL) 464 free(buf); 465 #if !_FFR_WORKERS_POOL 466 mi_clr_macros(ctx, 0); 467 #endif /* _FFR_WORKERS_POOL */ 468 return ret; 469 } 470 471 static size_t milter_addsymlist __P((SMFICTX_PTR, char *, char **)); 472 473 static size_t 474 milter_addsymlist(ctx, buf, newbuf) 475 SMFICTX_PTR ctx; 476 char *buf; 477 char **newbuf; 478 { 479 size_t len; 480 int i; 481 mi_int32 v; 482 char *buffer; 483 484 SM_ASSERT(ctx != NULL); 485 SM_ASSERT(buf != NULL); 486 SM_ASSERT(newbuf != NULL); 487 len = 0; 488 for (i = 0; i < MAX_MACROS_ENTRIES; i++) 489 { 490 if (ctx->ctx_mac_list[i] != NULL) 491 { 492 len += strlen(ctx->ctx_mac_list[i]) + 1 + 493 MILTER_LEN_BYTES; 494 } 495 } 496 if (len > 0) 497 { 498 size_t offset; 499 500 SM_ASSERT(len + MILTER_OPTLEN > len); 501 len += MILTER_OPTLEN; 502 buffer = malloc(len); 503 if (buffer != NULL) 504 { 505 (void) memcpy(buffer, buf, MILTER_OPTLEN); 506 offset = MILTER_OPTLEN; 507 for (i = 0; i < MAX_MACROS_ENTRIES; i++) 508 { 509 size_t l; 510 511 if (ctx->ctx_mac_list[i] == NULL) 512 continue; 513 514 SM_ASSERT(offset + MILTER_LEN_BYTES < len); 515 v = htonl(i); 516 (void) memcpy(buffer + offset, (void *) &v, 517 MILTER_LEN_BYTES); 518 offset += MILTER_LEN_BYTES; 519 l = strlen(ctx->ctx_mac_list[i]) + 1; 520 SM_ASSERT(offset + l <= len); 521 (void) memcpy(buffer + offset, 522 ctx->ctx_mac_list[i], l); 523 offset += l; 524 } 525 } 526 else 527 { 528 /* oops ... */ 529 } 530 } 531 else 532 { 533 len = MILTER_OPTLEN; 534 buffer = buf; 535 } 536 *newbuf = buffer; 537 return len; 538 } 539 540 /* 541 ** GET_NR_BIT -- get "no reply" bit matching state 542 ** 543 ** Parameters: 544 ** state -- current protocol stage 545 ** 546 ** Returns: 547 ** 0: no matching bit 548 ** >0: the matching "no reply" bit 549 */ 550 551 static unsigned long get_nr_bit __P((int)); 552 553 static unsigned long 554 get_nr_bit(state) 555 int state; 556 { 557 unsigned long bit; 558 559 switch (state) 560 { 561 case ST_CONN: 562 bit = SMFIP_NR_CONN; 563 break; 564 case ST_HELO: 565 bit = SMFIP_NR_HELO; 566 break; 567 case ST_MAIL: 568 bit = SMFIP_NR_MAIL; 569 break; 570 case ST_RCPT: 571 bit = SMFIP_NR_RCPT; 572 break; 573 case ST_DATA: 574 bit = SMFIP_NR_DATA; 575 break; 576 case ST_UNKN: 577 bit = SMFIP_NR_UNKN; 578 break; 579 case ST_HDRS: 580 bit = SMFIP_NR_HDR; 581 break; 582 case ST_EOHS: 583 bit = SMFIP_NR_EOH; 584 break; 585 case ST_BODY: 586 bit = SMFIP_NR_BODY; 587 break; 588 default: 589 bit = 0; 590 break; 591 } 592 return bit; 593 } 594 595 /* 596 ** SENDREPLY -- send a reply to the MTA 597 ** 598 ** Parameters: 599 ** r -- reply code 600 ** sd -- socket descriptor 601 ** timeout_ptr -- (ptr to) timeout to use for sending 602 ** ctx -- context structure 603 ** 604 ** Returns: 605 ** MI_SUCCESS/MI_FAILURE 606 */ 607 608 static int 609 sendreply(r, sd, timeout_ptr, ctx) 610 sfsistat r; 611 socket_t sd; 612 struct timeval *timeout_ptr; 613 SMFICTX_PTR ctx; 614 { 615 int ret; 616 unsigned long bit; 617 618 ret = MI_SUCCESS; 619 620 bit = get_nr_bit(ctx->ctx_state); 621 if (bit != 0 && (ctx->ctx_pflags & bit) != 0 && r != SMFIS_NOREPLY) 622 { 623 if (r >= SMFIS_CONTINUE && r < _SMFIS_KEEP) 624 { 625 /* milter said it wouldn't reply, but it lied... */ 626 smi_log(SMI_LOG_ERR, 627 "%s: milter claimed not to reply in state %d but did anyway %d\n", 628 ctx->ctx_smfi->xxfi_name, 629 ctx->ctx_state, r); 630 631 } 632 633 /* 634 ** Force specified behavior, otherwise libmilter 635 ** and MTA will fail to communicate properly. 636 */ 637 638 switch (r) 639 { 640 case SMFIS_CONTINUE: 641 case SMFIS_TEMPFAIL: 642 case SMFIS_REJECT: 643 case SMFIS_DISCARD: 644 case SMFIS_ACCEPT: 645 case SMFIS_SKIP: 646 case _SMFIS_OPTIONS: 647 r = SMFIS_NOREPLY; 648 break; 649 } 650 } 651 652 switch (r) 653 { 654 case SMFIS_CONTINUE: 655 ret = mi_wr_cmd(sd, timeout_ptr, SMFIR_CONTINUE, NULL, 0); 656 break; 657 case SMFIS_TEMPFAIL: 658 case SMFIS_REJECT: 659 if (ctx->ctx_reply != NULL && 660 ((r == SMFIS_TEMPFAIL && *ctx->ctx_reply == '4') || 661 (r == SMFIS_REJECT && *ctx->ctx_reply == '5'))) 662 { 663 ret = mi_wr_cmd(sd, timeout_ptr, SMFIR_REPLYCODE, 664 ctx->ctx_reply, 665 strlen(ctx->ctx_reply) + 1); 666 free(ctx->ctx_reply); 667 ctx->ctx_reply = NULL; 668 } 669 else 670 { 671 ret = mi_wr_cmd(sd, timeout_ptr, r == SMFIS_REJECT ? 672 SMFIR_REJECT : SMFIR_TEMPFAIL, NULL, 0); 673 } 674 break; 675 case SMFIS_DISCARD: 676 ret = mi_wr_cmd(sd, timeout_ptr, SMFIR_DISCARD, NULL, 0); 677 break; 678 case SMFIS_ACCEPT: 679 ret = mi_wr_cmd(sd, timeout_ptr, SMFIR_ACCEPT, NULL, 0); 680 break; 681 case SMFIS_SKIP: 682 ret = mi_wr_cmd(sd, timeout_ptr, SMFIR_SKIP, NULL, 0); 683 break; 684 case _SMFIS_OPTIONS: 685 { 686 mi_int32 v; 687 size_t len; 688 char *buffer; 689 char buf[MILTER_OPTLEN]; 690 691 v = htonl(ctx->ctx_prot_vers2mta); 692 (void) memcpy(&(buf[0]), (void *) &v, 693 MILTER_LEN_BYTES); 694 v = htonl(ctx->ctx_aflags); 695 (void) memcpy(&(buf[MILTER_LEN_BYTES]), (void *) &v, 696 MILTER_LEN_BYTES); 697 v = htonl(ctx->ctx_pflags2mta); 698 (void) memcpy(&(buf[MILTER_LEN_BYTES * 2]), 699 (void *) &v, MILTER_LEN_BYTES); 700 len = milter_addsymlist(ctx, buf, &buffer); 701 if (buffer != NULL) 702 ret = mi_wr_cmd(sd, timeout_ptr, SMFIC_OPTNEG, 703 buffer, len); 704 else 705 ret = MI_FAILURE; 706 } 707 break; 708 case SMFIS_NOREPLY: 709 if (bit != 0 && 710 (ctx->ctx_pflags & bit) != 0 && 711 (ctx->ctx_mta_pflags & bit) == 0) 712 { 713 /* 714 ** milter doesn't want to send a reply, 715 ** but the MTA doesn't have that feature: fake it. 716 */ 717 718 ret = mi_wr_cmd(sd, timeout_ptr, SMFIR_CONTINUE, NULL, 719 0); 720 } 721 break; 722 default: /* don't send a reply */ 723 break; 724 } 725 return ret; 726 } 727 728 /* 729 ** CLR_MACROS -- clear set of macros starting from a given index 730 ** 731 ** Parameters: 732 ** ctx -- context structure 733 ** m -- index from which to clear all macros 734 ** 735 ** Returns: 736 ** None. 737 */ 738 739 void 740 mi_clr_macros(ctx, m) 741 SMFICTX_PTR ctx; 742 int m; 743 { 744 int i; 745 746 for (i = m; i < MAX_MACROS_ENTRIES; i++) 747 { 748 if (ctx->ctx_mac_ptr[i] != NULL) 749 { 750 free(ctx->ctx_mac_ptr[i]); 751 ctx->ctx_mac_ptr[i] = NULL; 752 } 753 if (ctx->ctx_mac_buf[i] != NULL) 754 { 755 free(ctx->ctx_mac_buf[i]); 756 ctx->ctx_mac_buf[i] = NULL; 757 } 758 } 759 } 760 761 /* 762 ** MI_CLR_SYMLIST -- clear list of macros 763 ** 764 ** Parameters: 765 ** ctx -- context structure 766 ** 767 ** Returns: 768 ** None. 769 */ 770 771 static void 772 mi_clr_symlist(ctx) 773 SMFICTX *ctx; 774 { 775 int i; 776 777 SM_ASSERT(ctx != NULL); 778 for (i = SMFIM_FIRST; i <= SMFIM_LAST; i++) 779 { 780 if (ctx->ctx_mac_list[i] != NULL) 781 { 782 free(ctx->ctx_mac_list[i]); 783 ctx->ctx_mac_list[i] = NULL; 784 } 785 } 786 } 787 788 /* 789 ** MI_CLR_CTX -- clear context 790 ** 791 ** Parameters: 792 ** ctx -- context structure 793 ** 794 ** Returns: 795 ** None. 796 */ 797 798 void 799 mi_clr_ctx(ctx) 800 SMFICTX *ctx; 801 { 802 SM_ASSERT(ctx != NULL); 803 if (ValidSocket(ctx->ctx_sd)) 804 { 805 (void) closesocket(ctx->ctx_sd); 806 ctx->ctx_sd = INVALID_SOCKET; 807 } 808 if (ctx->ctx_reply != NULL) 809 { 810 free(ctx->ctx_reply); 811 ctx->ctx_reply = NULL; 812 } 813 if (ctx->ctx_privdata != NULL) 814 { 815 smi_log(SMI_LOG_WARN, 816 "%s: private data not NULL", 817 ctx->ctx_smfi->xxfi_name); 818 } 819 mi_clr_macros(ctx, 0); 820 mi_clr_symlist(ctx); 821 free(ctx); 822 } 823 824 /* 825 ** ST_OPTIONNEG -- negotiate options 826 ** 827 ** Parameters: 828 ** g -- generic argument structure 829 ** 830 ** Returns: 831 ** abort/send options/continue 832 */ 833 834 static int 835 st_optionneg(g) 836 genarg *g; 837 { 838 mi_int32 i, v, fake_pflags, internal_pflags; 839 SMFICTX_PTR ctx; 840 #if _FFR_MILTER_CHECK 841 bool testmode = false; 842 #endif /* _FFR_MILTER_CHECK */ 843 int (*fi_negotiate) __P((SMFICTX *, 844 unsigned long, unsigned long, 845 unsigned long, unsigned long, 846 unsigned long *, unsigned long *, 847 unsigned long *, unsigned long *)); 848 849 if (g == NULL || g->a_ctx->ctx_smfi == NULL) 850 return SMFIS_CONTINUE; 851 ctx = g->a_ctx; 852 mi_clr_macros(ctx, g->a_idx + 1); 853 ctx->ctx_prot_vers = SMFI_PROT_VERSION; 854 855 /* check for minimum length */ 856 if (g->a_len < MILTER_OPTLEN) 857 { 858 smi_log(SMI_LOG_ERR, 859 "%s: st_optionneg[%ld]: len too short %d < %d", 860 ctx->ctx_smfi->xxfi_name, 861 (long) ctx->ctx_id, (int) g->a_len, 862 MILTER_OPTLEN); 863 return _SMFIS_ABORT; 864 } 865 866 /* protocol version */ 867 (void) memcpy((void *) &i, (void *) &(g->a_buf[0]), MILTER_LEN_BYTES); 868 v = ntohl(i); 869 870 #define SMFI_PROT_VERSION_MIN 2 871 872 /* check for minimum version */ 873 if (v < SMFI_PROT_VERSION_MIN) 874 { 875 smi_log(SMI_LOG_ERR, 876 "%s: st_optionneg[%ld]: protocol version too old %d < %d", 877 ctx->ctx_smfi->xxfi_name, 878 (long) ctx->ctx_id, v, SMFI_PROT_VERSION_MIN); 879 return _SMFIS_ABORT; 880 } 881 ctx->ctx_mta_prot_vers = v; 882 if (ctx->ctx_prot_vers < ctx->ctx_mta_prot_vers) 883 ctx->ctx_prot_vers2mta = ctx->ctx_prot_vers; 884 else 885 ctx->ctx_prot_vers2mta = ctx->ctx_mta_prot_vers; 886 887 (void) memcpy((void *) &i, (void *) &(g->a_buf[MILTER_LEN_BYTES]), 888 MILTER_LEN_BYTES); 889 v = ntohl(i); 890 891 /* no flags? set to default value for V1 actions */ 892 if (v == 0) 893 v = SMFI_V1_ACTS; 894 ctx->ctx_mta_aflags = v; /* MTA action flags */ 895 896 internal_pflags = 0; 897 (void) memcpy((void *) &i, (void *) &(g->a_buf[MILTER_LEN_BYTES * 2]), 898 MILTER_LEN_BYTES); 899 v = ntohl(i); 900 901 /* no flags? set to default value for V1 protocol */ 902 if (v == 0) 903 v = SMFI_V1_PROT; 904 #if _FFR_MDS_NEGOTIATE 905 else if (ctx->ctx_smfi->xxfi_version >= SMFI_VERSION_MDS) 906 { 907 /* 908 ** Allow changing the size only if milter is compiled 909 ** against a version that supports this. 910 ** If a milter is dynamically linked against a newer 911 ** libmilter version, we don't want to "surprise" 912 ** it with a larger buffer as it may rely on it 913 ** even though it is not documented as a limit. 914 */ 915 916 if (bitset(SMFIP_MDS_1M, v)) 917 { 918 internal_pflags |= SMFIP_MDS_1M; 919 (void) smfi_setmaxdatasize(MILTER_MDS_1M); 920 } 921 else if (bitset(SMFIP_MDS_256K, v)) 922 { 923 internal_pflags |= SMFIP_MDS_256K; 924 (void) smfi_setmaxdatasize(MILTER_MDS_256K); 925 } 926 } 927 # if 0 928 /* don't log this for now... */ 929 else if (ctx->ctx_smfi->xxfi_version < SMFI_VERSION_MDS && 930 bitset(SMFIP_MDS_1M|SMFIP_MDS_256K, v)) 931 { 932 smi_log(SMI_LOG_WARN, 933 "%s: st_optionneg[%ld]: milter version=%X, trying flags=%X", 934 ctx->ctx_smfi->xxfi_name, 935 (long) ctx->ctx_id, ctx->ctx_smfi->xxfi_version, v); 936 } 937 # endif /* 0 */ 938 #endif /* _FFR_MDS_NEGOTIATE */ 939 940 /* 941 ** MTA protocol flags. 942 ** We pass the internal flags to the milter as "read only", 943 ** i.e., a milter can read them so it knows which size 944 ** will be used, but any changes by a milter will be ignored 945 ** (see below, search for SMFI_INTERNAL). 946 */ 947 948 ctx->ctx_mta_pflags = (v & ~SMFI_INTERNAL) | internal_pflags; 949 950 /* 951 ** Copy flags from milter struct into libmilter context; 952 ** this variable will be used later on to check whether 953 ** the MTA "actions" can fulfill the milter requirements, 954 ** but it may be overwritten by the negotiate callback. 955 */ 956 957 ctx->ctx_aflags = ctx->ctx_smfi->xxfi_flags; 958 fake_pflags = SMFIP_NR_CONN 959 |SMFIP_NR_HELO 960 |SMFIP_NR_MAIL 961 |SMFIP_NR_RCPT 962 |SMFIP_NR_DATA 963 |SMFIP_NR_UNKN 964 |SMFIP_NR_HDR 965 |SMFIP_NR_EOH 966 |SMFIP_NR_BODY 967 ; 968 969 if (g->a_ctx->ctx_smfi != NULL && 970 g->a_ctx->ctx_smfi->xxfi_version > 4 && 971 (fi_negotiate = g->a_ctx->ctx_smfi->xxfi_negotiate) != NULL) 972 { 973 int r; 974 unsigned long m_aflags, m_pflags, m_f2, m_f3; 975 976 /* 977 ** let milter decide whether the features offered by the 978 ** MTA are "good enough". 979 ** Notes: 980 ** - libmilter can "fake" some features (e.g., SMFIP_NR_HDR) 981 ** - m_f2, m_f3 are for future extensions 982 */ 983 984 m_f2 = m_f3 = 0; 985 m_aflags = ctx->ctx_mta_aflags; 986 m_pflags = ctx->ctx_pflags; 987 if ((SMFIP_SKIP & ctx->ctx_mta_pflags) != 0) 988 m_pflags |= SMFIP_SKIP; 989 r = fi_negotiate(g->a_ctx, 990 ctx->ctx_mta_aflags, 991 ctx->ctx_mta_pflags|fake_pflags, 992 0, 0, 993 &m_aflags, &m_pflags, &m_f2, &m_f3); 994 995 #if _FFR_MILTER_CHECK 996 testmode = bitset(SMFIP_TEST, m_pflags); 997 if (testmode) 998 m_pflags &= ~SMFIP_TEST; 999 #endif /* _FFR_MILTER_CHECK */ 1000 1001 /* 1002 ** Types of protocol flags (pflags): 1003 ** 1. do NOT send protocol step X 1004 ** 2. MTA can do/understand something extra (SKIP, 1005 ** send unknown RCPTs) 1006 ** 3. MTA can deal with "no reply" for various protocol steps 1007 ** Note: this mean that it isn't possible to simply set all 1008 ** flags to get "everything": 1009 ** setting a flag of type 1 turns off a step 1010 ** (it should be the other way around: 1011 ** a flag means a protocol step can be sent) 1012 ** setting a flag of type 3 requires that milter 1013 ** never sends a reply for the corresponding step. 1014 ** Summary: the "negation" of protocol flags is causing 1015 ** problems, but at least for type 3 there is no simple 1016 ** solution. 1017 ** 1018 ** What should "all options" mean? 1019 ** send all protocol steps _except_ those for which there is 1020 ** no callback (currently registered in ctx_pflags) 1021 ** expect SKIP as return code? Yes 1022 ** send unknown RCPTs? No, 1023 ** must be explicitly requested? 1024 ** "no reply" for some protocol steps? No, 1025 ** must be explicitly requested. 1026 */ 1027 1028 if (SMFIS_ALL_OPTS == r) 1029 { 1030 ctx->ctx_aflags = ctx->ctx_mta_aflags; 1031 ctx->ctx_pflags2mta = ctx->ctx_pflags; 1032 if ((SMFIP_SKIP & ctx->ctx_mta_pflags) != 0) 1033 ctx->ctx_pflags2mta |= SMFIP_SKIP; 1034 } 1035 else if (r != SMFIS_CONTINUE) 1036 { 1037 smi_log(SMI_LOG_ERR, 1038 "%s: st_optionneg[%ld]: xxfi_negotiate returned %d (protocol options=0x%lx, actions=0x%lx)", 1039 ctx->ctx_smfi->xxfi_name, 1040 (long) ctx->ctx_id, r, ctx->ctx_mta_pflags, 1041 ctx->ctx_mta_aflags); 1042 return _SMFIS_ABORT; 1043 } 1044 else 1045 { 1046 ctx->ctx_aflags = m_aflags; 1047 ctx->ctx_pflags = m_pflags; 1048 ctx->ctx_pflags2mta = m_pflags; 1049 } 1050 1051 /* check whether some flags need to be "faked" */ 1052 i = ctx->ctx_pflags2mta; 1053 if ((ctx->ctx_mta_pflags & i) != i) 1054 { 1055 unsigned int idx; 1056 unsigned long b; 1057 1058 /* 1059 ** If some behavior can be faked (set in fake_pflags), 1060 ** but the MTA doesn't support it, then unset 1061 ** that flag in the value that is sent to the MTA. 1062 */ 1063 1064 for (idx = 0; idx < 32; idx++) 1065 { 1066 b = 1 << idx; 1067 if ((ctx->ctx_mta_pflags & b) != b && 1068 (fake_pflags & b) == b) 1069 ctx->ctx_pflags2mta &= ~b; 1070 } 1071 } 1072 } 1073 else 1074 { 1075 /* 1076 ** Set the protocol flags based on the values determined 1077 ** in mi_listener() which checked the defined callbacks. 1078 */ 1079 1080 ctx->ctx_pflags2mta = ctx->ctx_pflags; 1081 } 1082 1083 /* check whether actions and protocol requirements can be satisfied */ 1084 i = ctx->ctx_aflags; 1085 if ((i & ctx->ctx_mta_aflags) != i) 1086 { 1087 smi_log(SMI_LOG_ERR, 1088 "%s: st_optionneg[%ld]: 0x%lx does not fulfill action requirements 0x%x", 1089 ctx->ctx_smfi->xxfi_name, 1090 (long) ctx->ctx_id, ctx->ctx_mta_aflags, i); 1091 return _SMFIS_ABORT; 1092 } 1093 1094 i = ctx->ctx_pflags2mta; 1095 if ((ctx->ctx_mta_pflags & i) != i) 1096 { 1097 /* 1098 ** Older MTAs do not support some protocol steps. 1099 ** As this protocol is a bit "wierd" (it asks for steps 1100 ** NOT to be taken/sent) we have to check whether we 1101 ** should turn off those "negative" requests. 1102 ** Currently these are only SMFIP_NODATA and SMFIP_NOUNKNOWN. 1103 */ 1104 1105 if (bitset(SMFIP_NODATA, ctx->ctx_pflags2mta) && 1106 !bitset(SMFIP_NODATA, ctx->ctx_mta_pflags)) 1107 ctx->ctx_pflags2mta &= ~SMFIP_NODATA; 1108 if (bitset(SMFIP_NOUNKNOWN, ctx->ctx_pflags2mta) && 1109 !bitset(SMFIP_NOUNKNOWN, ctx->ctx_mta_pflags)) 1110 ctx->ctx_pflags2mta &= ~SMFIP_NOUNKNOWN; 1111 i = ctx->ctx_pflags2mta; 1112 } 1113 1114 if ((ctx->ctx_mta_pflags & i) != i) 1115 { 1116 smi_log(SMI_LOG_ERR, 1117 "%s: st_optionneg[%ld]: 0x%lx does not fulfill protocol requirements 0x%x", 1118 ctx->ctx_smfi->xxfi_name, 1119 (long) ctx->ctx_id, ctx->ctx_mta_pflags, i); 1120 return _SMFIS_ABORT; 1121 } 1122 fix_stm(ctx); 1123 1124 if (ctx->ctx_dbg > 3) 1125 sm_dprintf("[%ld] milter_negotiate:" 1126 " mta_actions=0x%lx, mta_flags=0x%lx" 1127 " actions=0x%lx, flags=0x%lx\n" 1128 , (long) ctx->ctx_id 1129 , ctx->ctx_mta_aflags, ctx->ctx_mta_pflags 1130 , ctx->ctx_aflags, ctx->ctx_pflags); 1131 1132 #if _FFR_MILTER_CHECK 1133 if (ctx->ctx_dbg > 3) 1134 sm_dprintf("[%ld] milter_negotiate:" 1135 " testmode=%d, pflags2mta=%X, internal_pflags=%X\n" 1136 , (long) ctx->ctx_id, testmode 1137 , ctx->ctx_pflags2mta, internal_pflags); 1138 1139 /* in test mode: take flags without further modifications */ 1140 if (!testmode) 1141 /* Warning: check statement below! */ 1142 #endif /* _FFR_MILTER_CHECK */ 1143 1144 /* 1145 ** Remove the internal flags that might have been set by a milter 1146 ** and set only those determined above. 1147 */ 1148 1149 ctx->ctx_pflags2mta = (ctx->ctx_pflags2mta & ~SMFI_INTERNAL) 1150 | internal_pflags; 1151 return _SMFIS_OPTIONS; 1152 } 1153 1154 /* 1155 ** ST_CONNECTINFO -- receive connection information 1156 ** 1157 ** Parameters: 1158 ** g -- generic argument structure 1159 ** 1160 ** Returns: 1161 ** continue or filter-specified value 1162 */ 1163 1164 static int 1165 st_connectinfo(g) 1166 genarg *g; 1167 { 1168 size_t l; 1169 size_t i; 1170 char *s, family; 1171 unsigned short port = 0; 1172 _SOCK_ADDR sockaddr; 1173 sfsistat (*fi_connect) __P((SMFICTX *, char *, _SOCK_ADDR *)); 1174 1175 if (g == NULL) 1176 return _SMFIS_ABORT; 1177 mi_clr_macros(g->a_ctx, g->a_idx + 1); 1178 if (g->a_ctx->ctx_smfi == NULL || 1179 (fi_connect = g->a_ctx->ctx_smfi->xxfi_connect) == NULL) 1180 return SMFIS_CONTINUE; 1181 1182 s = g->a_buf; 1183 i = 0; 1184 l = g->a_len; 1185 while (s[i] != '\0' && i <= l) 1186 ++i; 1187 if (i + 1 >= l) 1188 return _SMFIS_ABORT; 1189 1190 /* Move past trailing \0 in host string */ 1191 i++; 1192 family = s[i++]; 1193 (void) memset(&sockaddr, '\0', sizeof sockaddr); 1194 if (family != SMFIA_UNKNOWN) 1195 { 1196 if (i + sizeof port >= l) 1197 { 1198 smi_log(SMI_LOG_ERR, 1199 "%s: connect[%ld]: wrong len %d >= %d", 1200 g->a_ctx->ctx_smfi->xxfi_name, 1201 (long) g->a_ctx->ctx_id, (int) i, (int) l); 1202 return _SMFIS_ABORT; 1203 } 1204 (void) memcpy((void *) &port, (void *) (s + i), 1205 sizeof port); 1206 i += sizeof port; 1207 1208 /* make sure string is terminated */ 1209 if (s[l - 1] != '\0') 1210 return _SMFIS_ABORT; 1211 # if NETINET 1212 if (family == SMFIA_INET) 1213 { 1214 if (inet_aton(s + i, (struct in_addr *) &sockaddr.sin.sin_addr) 1215 != 1) 1216 { 1217 smi_log(SMI_LOG_ERR, 1218 "%s: connect[%ld]: inet_aton failed", 1219 g->a_ctx->ctx_smfi->xxfi_name, 1220 (long) g->a_ctx->ctx_id); 1221 return _SMFIS_ABORT; 1222 } 1223 sockaddr.sa.sa_family = AF_INET; 1224 if (port > 0) 1225 sockaddr.sin.sin_port = port; 1226 } 1227 else 1228 # endif /* NETINET */ 1229 # if NETINET6 1230 if (family == SMFIA_INET6) 1231 { 1232 if (mi_inet_pton(AF_INET6, s + i, 1233 &sockaddr.sin6.sin6_addr) != 1) 1234 { 1235 smi_log(SMI_LOG_ERR, 1236 "%s: connect[%ld]: mi_inet_pton failed", 1237 g->a_ctx->ctx_smfi->xxfi_name, 1238 (long) g->a_ctx->ctx_id); 1239 return _SMFIS_ABORT; 1240 } 1241 sockaddr.sa.sa_family = AF_INET6; 1242 if (port > 0) 1243 sockaddr.sin6.sin6_port = port; 1244 } 1245 else 1246 # endif /* NETINET6 */ 1247 # if NETUNIX 1248 if (family == SMFIA_UNIX) 1249 { 1250 if (sm_strlcpy(sockaddr.sunix.sun_path, s + i, 1251 sizeof sockaddr.sunix.sun_path) >= 1252 sizeof sockaddr.sunix.sun_path) 1253 { 1254 smi_log(SMI_LOG_ERR, 1255 "%s: connect[%ld]: path too long", 1256 g->a_ctx->ctx_smfi->xxfi_name, 1257 (long) g->a_ctx->ctx_id); 1258 return _SMFIS_ABORT; 1259 } 1260 sockaddr.sunix.sun_family = AF_UNIX; 1261 } 1262 else 1263 # endif /* NETUNIX */ 1264 { 1265 smi_log(SMI_LOG_ERR, 1266 "%s: connect[%ld]: unknown family %d", 1267 g->a_ctx->ctx_smfi->xxfi_name, 1268 (long) g->a_ctx->ctx_id, family); 1269 return _SMFIS_ABORT; 1270 } 1271 } 1272 return (*fi_connect)(g->a_ctx, g->a_buf, 1273 family != SMFIA_UNKNOWN ? &sockaddr : NULL); 1274 } 1275 1276 /* 1277 ** ST_EOH -- end of headers 1278 ** 1279 ** Parameters: 1280 ** g -- generic argument structure 1281 ** 1282 ** Returns: 1283 ** continue or filter-specified value 1284 */ 1285 1286 static int 1287 st_eoh(g) 1288 genarg *g; 1289 { 1290 sfsistat (*fi_eoh) __P((SMFICTX *)); 1291 1292 if (g == NULL) 1293 return _SMFIS_ABORT; 1294 if (g->a_ctx->ctx_smfi != NULL && 1295 (fi_eoh = g->a_ctx->ctx_smfi->xxfi_eoh) != NULL) 1296 return (*fi_eoh)(g->a_ctx); 1297 return SMFIS_CONTINUE; 1298 } 1299 1300 /* 1301 ** ST_DATA -- DATA command 1302 ** 1303 ** Parameters: 1304 ** g -- generic argument structure 1305 ** 1306 ** Returns: 1307 ** continue or filter-specified value 1308 */ 1309 1310 static int 1311 st_data(g) 1312 genarg *g; 1313 { 1314 sfsistat (*fi_data) __P((SMFICTX *)); 1315 1316 if (g == NULL) 1317 return _SMFIS_ABORT; 1318 if (g->a_ctx->ctx_smfi != NULL && 1319 g->a_ctx->ctx_smfi->xxfi_version > 3 && 1320 (fi_data = g->a_ctx->ctx_smfi->xxfi_data) != NULL) 1321 return (*fi_data)(g->a_ctx); 1322 return SMFIS_CONTINUE; 1323 } 1324 1325 /* 1326 ** ST_HELO -- helo/ehlo command 1327 ** 1328 ** Parameters: 1329 ** g -- generic argument structure 1330 ** 1331 ** Returns: 1332 ** continue or filter-specified value 1333 */ 1334 1335 static int 1336 st_helo(g) 1337 genarg *g; 1338 { 1339 sfsistat (*fi_helo) __P((SMFICTX *, char *)); 1340 1341 if (g == NULL) 1342 return _SMFIS_ABORT; 1343 mi_clr_macros(g->a_ctx, g->a_idx + 1); 1344 if (g->a_ctx->ctx_smfi != NULL && 1345 (fi_helo = g->a_ctx->ctx_smfi->xxfi_helo) != NULL) 1346 { 1347 /* paranoia: check for terminating '\0' */ 1348 if (g->a_len == 0 || g->a_buf[g->a_len - 1] != '\0') 1349 return MI_FAILURE; 1350 return (*fi_helo)(g->a_ctx, g->a_buf); 1351 } 1352 return SMFIS_CONTINUE; 1353 } 1354 1355 /* 1356 ** ST_HEADER -- header line 1357 ** 1358 ** Parameters: 1359 ** g -- generic argument structure 1360 ** 1361 ** Returns: 1362 ** continue or filter-specified value 1363 */ 1364 1365 static int 1366 st_header(g) 1367 genarg *g; 1368 { 1369 char *hf, *hv; 1370 sfsistat (*fi_header) __P((SMFICTX *, char *, char *)); 1371 1372 if (g == NULL) 1373 return _SMFIS_ABORT; 1374 if (g->a_ctx->ctx_smfi == NULL || 1375 (fi_header = g->a_ctx->ctx_smfi->xxfi_header) == NULL) 1376 return SMFIS_CONTINUE; 1377 if (dec_arg2(g->a_buf, g->a_len, &hf, &hv) == MI_SUCCESS) 1378 return (*fi_header)(g->a_ctx, hf, hv); 1379 else 1380 return _SMFIS_ABORT; 1381 } 1382 1383 #define ARGV_FCT(lf, rf, idx) \ 1384 char **argv; \ 1385 sfsistat (*lf) __P((SMFICTX *, char **)); \ 1386 int r; \ 1387 \ 1388 if (g == NULL) \ 1389 return _SMFIS_ABORT; \ 1390 mi_clr_macros(g->a_ctx, g->a_idx + 1); \ 1391 if (g->a_ctx->ctx_smfi == NULL || \ 1392 (lf = g->a_ctx->ctx_smfi->rf) == NULL) \ 1393 return SMFIS_CONTINUE; \ 1394 if ((argv = dec_argv(g->a_buf, g->a_len)) == NULL) \ 1395 return _SMFIS_ABORT; \ 1396 r = (*lf)(g->a_ctx, argv); \ 1397 free(argv); \ 1398 return r; 1399 1400 /* 1401 ** ST_SENDER -- MAIL FROM command 1402 ** 1403 ** Parameters: 1404 ** g -- generic argument structure 1405 ** 1406 ** Returns: 1407 ** continue or filter-specified value 1408 */ 1409 1410 static int 1411 st_sender(g) 1412 genarg *g; 1413 { 1414 ARGV_FCT(fi_envfrom, xxfi_envfrom, CI_MAIL) 1415 } 1416 1417 /* 1418 ** ST_RCPT -- RCPT TO command 1419 ** 1420 ** Parameters: 1421 ** g -- generic argument structure 1422 ** 1423 ** Returns: 1424 ** continue or filter-specified value 1425 */ 1426 1427 static int 1428 st_rcpt(g) 1429 genarg *g; 1430 { 1431 ARGV_FCT(fi_envrcpt, xxfi_envrcpt, CI_RCPT) 1432 } 1433 1434 /* 1435 ** ST_UNKNOWN -- unrecognized or unimplemented command 1436 ** 1437 ** Parameters: 1438 ** g -- generic argument structure 1439 ** 1440 ** Returns: 1441 ** continue or filter-specified value 1442 */ 1443 1444 static int 1445 st_unknown(g) 1446 genarg *g; 1447 { 1448 sfsistat (*fi_unknown) __P((SMFICTX *, const char *)); 1449 1450 if (g == NULL) 1451 return _SMFIS_ABORT; 1452 if (g->a_ctx->ctx_smfi != NULL && 1453 g->a_ctx->ctx_smfi->xxfi_version > 2 && 1454 (fi_unknown = g->a_ctx->ctx_smfi->xxfi_unknown) != NULL) 1455 return (*fi_unknown)(g->a_ctx, (const char *) g->a_buf); 1456 return SMFIS_CONTINUE; 1457 } 1458 1459 /* 1460 ** ST_MACROS -- deal with macros received from the MTA 1461 ** 1462 ** Parameters: 1463 ** g -- generic argument structure 1464 ** 1465 ** Returns: 1466 ** continue/keep 1467 ** 1468 ** Side effects: 1469 ** set pointer in macro array to current values. 1470 */ 1471 1472 static int 1473 st_macros(g) 1474 genarg *g; 1475 { 1476 int i; 1477 char **argv; 1478 1479 if (g == NULL || g->a_len < 1) 1480 return _SMFIS_FAIL; 1481 if ((argv = dec_argv(g->a_buf + 1, g->a_len - 1)) == NULL) 1482 return _SMFIS_FAIL; 1483 switch (g->a_buf[0]) 1484 { 1485 case SMFIC_CONNECT: 1486 i = CI_CONN; 1487 break; 1488 case SMFIC_HELO: 1489 i = CI_HELO; 1490 break; 1491 case SMFIC_MAIL: 1492 i = CI_MAIL; 1493 break; 1494 case SMFIC_RCPT: 1495 i = CI_RCPT; 1496 break; 1497 case SMFIC_DATA: 1498 i = CI_DATA; 1499 break; 1500 case SMFIC_BODYEOB: 1501 i = CI_EOM; 1502 break; 1503 case SMFIC_EOH: 1504 i = CI_EOH; 1505 break; 1506 default: 1507 free(argv); 1508 return _SMFIS_FAIL; 1509 } 1510 if (g->a_ctx->ctx_mac_ptr[i] != NULL) 1511 free(g->a_ctx->ctx_mac_ptr[i]); 1512 if (g->a_ctx->ctx_mac_buf[i] != NULL) 1513 free(g->a_ctx->ctx_mac_buf[i]); 1514 g->a_ctx->ctx_mac_ptr[i] = argv; 1515 g->a_ctx->ctx_mac_buf[i] = g->a_buf; 1516 return _SMFIS_KEEP; 1517 } 1518 1519 /* 1520 ** ST_QUIT -- quit command 1521 ** 1522 ** Parameters: 1523 ** g -- generic argument structure 1524 ** 1525 ** Returns: 1526 ** noreply 1527 */ 1528 1529 /* ARGSUSED */ 1530 static int 1531 st_quit(g) 1532 genarg *g; 1533 { 1534 sfsistat (*fi_close) __P((SMFICTX *)); 1535 1536 if (g == NULL) 1537 return _SMFIS_ABORT; 1538 if (g->a_ctx->ctx_smfi != NULL && 1539 (fi_close = g->a_ctx->ctx_smfi->xxfi_close) != NULL) 1540 (void) (*fi_close)(g->a_ctx); 1541 mi_clr_macros(g->a_ctx, 0); 1542 return _SMFIS_NOREPLY; 1543 } 1544 1545 /* 1546 ** ST_BODYCHUNK -- deal with a piece of the mail body 1547 ** 1548 ** Parameters: 1549 ** g -- generic argument structure 1550 ** 1551 ** Returns: 1552 ** continue or filter-specified value 1553 */ 1554 1555 static int 1556 st_bodychunk(g) 1557 genarg *g; 1558 { 1559 sfsistat (*fi_body) __P((SMFICTX *, unsigned char *, size_t)); 1560 1561 if (g == NULL) 1562 return _SMFIS_ABORT; 1563 if (g->a_ctx->ctx_smfi != NULL && 1564 (fi_body = g->a_ctx->ctx_smfi->xxfi_body) != NULL) 1565 return (*fi_body)(g->a_ctx, (unsigned char *)g->a_buf, 1566 g->a_len); 1567 return SMFIS_CONTINUE; 1568 } 1569 1570 /* 1571 ** ST_BODYEND -- deal with the last piece of the mail body 1572 ** 1573 ** Parameters: 1574 ** g -- generic argument structure 1575 ** 1576 ** Returns: 1577 ** continue or filter-specified value 1578 ** 1579 ** Side effects: 1580 ** sends a reply for the body part (if non-empty). 1581 */ 1582 1583 static int 1584 st_bodyend(g) 1585 genarg *g; 1586 { 1587 sfsistat r; 1588 sfsistat (*fi_body) __P((SMFICTX *, unsigned char *, size_t)); 1589 sfsistat (*fi_eom) __P((SMFICTX *)); 1590 1591 if (g == NULL) 1592 return _SMFIS_ABORT; 1593 r = SMFIS_CONTINUE; 1594 if (g->a_ctx->ctx_smfi != NULL) 1595 { 1596 if ((fi_body = g->a_ctx->ctx_smfi->xxfi_body) != NULL && 1597 g->a_len > 0) 1598 { 1599 socket_t sd; 1600 struct timeval timeout; 1601 1602 timeout.tv_sec = g->a_ctx->ctx_timeout; 1603 timeout.tv_usec = 0; 1604 sd = g->a_ctx->ctx_sd; 1605 r = (*fi_body)(g->a_ctx, (unsigned char *)g->a_buf, 1606 g->a_len); 1607 if (r != SMFIS_CONTINUE && 1608 sendreply(r, sd, &timeout, g->a_ctx) != MI_SUCCESS) 1609 return _SMFIS_ABORT; 1610 } 1611 } 1612 if (r == SMFIS_CONTINUE && 1613 (fi_eom = g->a_ctx->ctx_smfi->xxfi_eom) != NULL) 1614 return (*fi_eom)(g->a_ctx); 1615 return r; 1616 } 1617 1618 /* 1619 ** ST_ABORTFCT -- deal with aborts 1620 ** 1621 ** Parameters: 1622 ** g -- generic argument structure 1623 ** 1624 ** Returns: 1625 ** abort or filter-specified value 1626 */ 1627 1628 static int 1629 st_abortfct(g) 1630 genarg *g; 1631 { 1632 sfsistat (*fi_abort) __P((SMFICTX *)); 1633 1634 if (g == NULL) 1635 return _SMFIS_ABORT; 1636 if (g != NULL && g->a_ctx->ctx_smfi != NULL && 1637 (fi_abort = g->a_ctx->ctx_smfi->xxfi_abort) != NULL) 1638 (void) (*fi_abort)(g->a_ctx); 1639 return _SMFIS_NOREPLY; 1640 } 1641 1642 /* 1643 ** TRANS_OK -- is the state transition ok? 1644 ** 1645 ** Parameters: 1646 ** old -- old state 1647 ** new -- new state 1648 ** 1649 ** Returns: 1650 ** state transition ok 1651 */ 1652 1653 static bool 1654 trans_ok(old, new) 1655 int old, new; 1656 { 1657 int s, n; 1658 1659 s = old; 1660 if (s >= SIZE_NEXT_STATES) 1661 return false; 1662 do 1663 { 1664 /* is this state transition allowed? */ 1665 if ((MI_MASK(new) & next_states[s]) != 0) 1666 return true; 1667 1668 /* 1669 ** no: try next state; 1670 ** this works since the relevant states are ordered 1671 ** strict sequentially 1672 */ 1673 1674 n = s + 1; 1675 if (n >= SIZE_NEXT_STATES) 1676 return false; 1677 1678 /* 1679 ** can we actually "skip" this state? 1680 ** see fix_stm() which sets this bit for those 1681 ** states which the filter program is not interested in 1682 */ 1683 1684 if (bitset(NX_SKIP, next_states[n])) 1685 s = n; 1686 else 1687 return false; 1688 } while (s < SIZE_NEXT_STATES); 1689 return false; 1690 } 1691 1692 /* 1693 ** FIX_STM -- add "skip" bits to the state transition table 1694 ** 1695 ** Parameters: 1696 ** ctx -- context structure 1697 ** 1698 ** Returns: 1699 ** None. 1700 ** 1701 ** Side effects: 1702 ** may change state transition table. 1703 */ 1704 1705 static void 1706 fix_stm(ctx) 1707 SMFICTX_PTR ctx; 1708 { 1709 unsigned long fl; 1710 1711 if (ctx == NULL || ctx->ctx_smfi == NULL) 1712 return; 1713 fl = ctx->ctx_pflags; 1714 if (bitset(SMFIP_NOCONNECT, fl)) 1715 next_states[ST_CONN] |= NX_SKIP; 1716 if (bitset(SMFIP_NOHELO, fl)) 1717 next_states[ST_HELO] |= NX_SKIP; 1718 if (bitset(SMFIP_NOMAIL, fl)) 1719 next_states[ST_MAIL] |= NX_SKIP; 1720 if (bitset(SMFIP_NORCPT, fl)) 1721 next_states[ST_RCPT] |= NX_SKIP; 1722 if (bitset(SMFIP_NOHDRS, fl)) 1723 next_states[ST_HDRS] |= NX_SKIP; 1724 if (bitset(SMFIP_NOEOH, fl)) 1725 next_states[ST_EOHS] |= NX_SKIP; 1726 if (bitset(SMFIP_NOBODY, fl)) 1727 next_states[ST_BODY] |= NX_SKIP; 1728 if (bitset(SMFIP_NODATA, fl)) 1729 next_states[ST_DATA] |= NX_SKIP; 1730 if (bitset(SMFIP_NOUNKNOWN, fl)) 1731 next_states[ST_UNKN] |= NX_SKIP; 1732 } 1733 1734 /* 1735 ** DEC_ARGV -- split a buffer into a list of strings, NULL terminated 1736 ** 1737 ** Parameters: 1738 ** buf -- buffer with several strings 1739 ** len -- length of buffer 1740 ** 1741 ** Returns: 1742 ** array of pointers to the individual strings 1743 */ 1744 1745 static char ** 1746 dec_argv(buf, len) 1747 char *buf; 1748 size_t len; 1749 { 1750 char **s; 1751 size_t i; 1752 int elem, nelem; 1753 1754 nelem = 0; 1755 for (i = 0; i < len; i++) 1756 { 1757 if (buf[i] == '\0') 1758 ++nelem; 1759 } 1760 if (nelem == 0) 1761 return NULL; 1762 1763 /* last entry is only for the name */ 1764 s = (char **)malloc((nelem + 1) * (sizeof *s)); 1765 if (s == NULL) 1766 return NULL; 1767 s[0] = buf; 1768 for (i = 0, elem = 0; i < len && elem < nelem; i++) 1769 { 1770 if (buf[i] == '\0') 1771 { 1772 ++elem; 1773 if (i + 1 >= len) 1774 s[elem] = NULL; 1775 else 1776 s[elem] = &(buf[i + 1]); 1777 } 1778 } 1779 1780 /* overwrite last entry (already done above, just paranoia) */ 1781 s[elem] = NULL; 1782 return s; 1783 } 1784 1785 /* 1786 ** DEC_ARG2 -- split a buffer into two strings 1787 ** 1788 ** Parameters: 1789 ** buf -- buffer with two strings 1790 ** len -- length of buffer 1791 ** s1,s2 -- pointer to result strings 1792 ** 1793 ** Returns: 1794 ** MI_FAILURE/MI_SUCCESS 1795 */ 1796 1797 static int 1798 dec_arg2(buf, len, s1, s2) 1799 char *buf; 1800 size_t len; 1801 char **s1; 1802 char **s2; 1803 { 1804 size_t i; 1805 1806 /* paranoia: check for terminating '\0' */ 1807 if (len == 0 || buf[len - 1] != '\0') 1808 return MI_FAILURE; 1809 *s1 = buf; 1810 for (i = 1; i < len && buf[i] != '\0'; i++) 1811 continue; 1812 if (i >= len - 1) 1813 return MI_FAILURE; 1814 *s2 = buf + i + 1; 1815 return MI_SUCCESS; 1816 } 1817 1818 /* 1819 ** SENDOK -- is it ok for the filter to send stuff to the MTA? 1820 ** 1821 ** Parameters: 1822 ** ctx -- context structure 1823 ** flag -- flag to check 1824 ** 1825 ** Returns: 1826 ** sending allowed (in current state) 1827 */ 1828 1829 bool 1830 mi_sendok(ctx, flag) 1831 SMFICTX_PTR ctx; 1832 int flag; 1833 { 1834 if (ctx == NULL || ctx->ctx_smfi == NULL) 1835 return false; 1836 1837 /* did the milter request this operation? */ 1838 if (flag != 0 && !bitset(flag, ctx->ctx_aflags)) 1839 return false; 1840 1841 /* are we in the correct state? It must be "End of Message". */ 1842 return ctx->ctx_state == ST_ENDM; 1843 } 1844 1845 #if _FFR_WORKERS_POOL 1846 /* 1847 ** MI_RD_SOCKET_READY - checks if the socket is ready for read(2) 1848 ** 1849 ** Parameters: 1850 ** sd -- socket_t 1851 ** 1852 ** Returns: 1853 ** true iff socket is ready for read(2) 1854 */ 1855 1856 #define MI_RD_CMD_TO 1 1857 #define MI_RD_MAX_ERR 16 1858 1859 static bool 1860 mi_rd_socket_ready (sd) 1861 socket_t sd; 1862 { 1863 int n; 1864 int nerr = 0; 1865 #if SM_CONF_POLL 1866 struct pollfd pfd; 1867 #else /* SM_CONF_POLL */ 1868 fd_set rd_set, exc_set; 1869 #endif /* SM_CONF_POLL */ 1870 1871 do 1872 { 1873 #if SM_CONF_POLL 1874 pfd.fd = sd; 1875 pfd.events = POLLIN; 1876 pfd.revents = 0; 1877 1878 n = poll(&pfd, 1, MI_RD_CMD_TO); 1879 #else /* SM_CONF_POLL */ 1880 struct timeval timeout; 1881 1882 FD_ZERO(&rd_set); 1883 FD_ZERO(&exc_set); 1884 FD_SET(sd, &rd_set); 1885 FD_SET(sd, &exc_set); 1886 1887 timeout.tv_sec = MI_RD_CMD_TO / 1000; 1888 timeout.tv_usec = 0; 1889 n = select(sd + 1, &rd_set, NULL, &exc_set, &timeout); 1890 #endif /* SM_CONF_POLL */ 1891 1892 if (n < 0) 1893 { 1894 if (errno == EINTR) 1895 { 1896 nerr++; 1897 continue; 1898 } 1899 return true; 1900 } 1901 1902 if (n == 0) 1903 return false; 1904 break; 1905 } while (nerr < MI_RD_MAX_ERR); 1906 if (nerr >= MI_RD_MAX_ERR) 1907 return false; 1908 1909 #if SM_CONF_POLL 1910 return (pfd.revents != 0); 1911 #else /* SM_CONF_POLL */ 1912 return FD_ISSET(sd, &rd_set) || FD_ISSET(sd, &exc_set); 1913 #endif /* SM_CONF_POLL */ 1914 } 1915 #endif /* _FFR_WORKERS_POOL */ 1916