Martijn's public repositories

Blob

Date:: Mon May 19 19:17:45 2025 UTC
Message:: Adjust for new libopensmtpd changes
Actions:: History | Blame | Raw File
1 /*
2  * Copyright (c) 2019 Martijn van Duren <martijn@openbsd.org>
3  *
4  * Permission to use, copy, modify, and distribute this software for any
5  * purpose with or without fee is hereby granted, provided that the above
6  * copyright notice and this permission notice appear in all copies.
7  *
8  * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
9  * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
10  * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
11  * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
12  * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
13  * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
14  * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
15  */
16 
17 #include <errno.h>
18 #include <inttypes.h>
19 #include <stdio.h>
20 #include <stdlib.h>
21 #include <string.h>
22 #include <time.h>
23 #include <unistd.h>
24 
25 #include "openbsd-compat.h"
26 #include "opensmtpd.h"
27 #include "mheader.h"
28 
29 struct admd_message {
30 	int foundmatch;
31 	int inheader;
32 	int parsing_headers;
33 	char **cache;
34 	size_t cachelen;
35 	size_t headerlen;
36 };
37 
38 void usage(void);
39 void admd_conf(const char *, const char *);
40 void *admd_message_new(struct osmtpd_ctx *);
41 void admd_message_free(struct osmtpd_ctx *, void *);
42 int admd_dataline(struct osmtpd_ctx *, const char *);
43 int admd_commit(struct osmtpd_ctx *);
44 void admd_cache(struct admd_message *, const char *);
45 const char *admd_authservid(struct admd_message *);
46 void admd_freecache(struct admd_message *);
47 
48 char *authservid;
49 int reject = 0;
50 int verbose = 0;
51 
52 int
53 main(int argc, char *argv[])
54 {
55 	int ch;
56 
57 	if (pledge("stdio", NULL) == -1)
58 		osmtpd_err(1, "pledge");
59 
60 	while ((ch = getopt(argc, argv, "rv")) != -1) {
61 		switch (ch) {
62 		case 'r':
63 			reject = 1;
64 			break;
65 		case 'v':
66 			verbose++;
67 			break;
68 		default:
69 			usage();
70 		}
71 	}
72 	argc -= optind;
73 	argv += optind;
74 	if (argc > 1)
75 		osmtpd_errx(1, "invalid authservid count");
76 	if (argc == 1)
77 		authservid = argv[0];
78 
79 	osmtpd_local_message(admd_message_new, admd_message_free);
80 	osmtpd_register_filter_dataline(admd_dataline);
81 	osmtpd_register_filter_commit(admd_commit);
82 	osmtpd_register_conf(admd_conf);
83 	osmtpd_run();
84 
85 	return 0;
86 }
87 
88 void
89 admd_conf(const char *key, const char *value)
90 {
91 	if (key == NULL) {
92 		if (authservid == NULL)
93 			osmtpd_errx(1, "Didn't receive admd config option");
94 		return;
95 	}
96 	if (strcmp(key, "admd") == 0 && authservid == NULL) {
97 		if ((authservid = strdup(value)) == NULL)
98 			osmtpd_err(1, "malloc");
99 	}
100 }
101 
102 void *
103 admd_message_new(struct osmtpd_ctx *ctx)
104 {
105 	struct admd_message *msg;
106 
107 	if ((msg = malloc(sizeof(*msg))) == NULL)
108 		osmtpd_err(1, "malloc");
109 
110 	msg->foundmatch = 0;
111 	msg->inheader = 0;
112 	msg->parsing_headers = 1;
113 	msg->cache = NULL;
114 	msg->cachelen = 0;
115 	msg->headerlen = 0;
116 
117 	return msg;
118 }
119 
120 void
121 admd_message_free(struct osmtpd_ctx *ctx, void *data)
122 {
123 	struct admd_message *msg = data;
124 
125 	admd_freecache(msg);
126 	free(msg);
127 }
128 
129 int
130 admd_dataline(struct osmtpd_ctx *ctx, const char *orig)
131 {
132 	struct admd_message *msg = ctx->local_message;
133 	const char *line = orig;
134 	const char *msgauthid;
135 	size_t i;
136 
137 	if (line[0] == '\0')
138 		msg->parsing_headers = 0;
139 	if (line[0] == '.')
140 		line++;
141 	if (msg->parsing_headers) {
142 		if (line[0] != ' ' && line[0] != '\t') {
143 			if (msg->inheader) {
144 				msgauthid = admd_authservid(msg);
145 				if (msgauthid == NULL && errno != EINVAL)
146 					return 0;
147 				if (msgauthid != NULL &&
148 				    strcmp(msgauthid, authservid) == 0)
149 					msg->foundmatch = 1;
150 				else {
151 					for (i = 0; i < msg->cachelen; i++)
152 						osmtpd_filter_dataline(ctx,
153 						    "%s", msg->cache[i]);
154 				}
155 				admd_freecache(msg);
156 			}
157 			msg->inheader = 0;
158 		}
159 		if (strncasecmp(line, "Authentication-Results", 22) == 0) {
160 			line += 22;
161 			while (line[0] == ' ' || line[0] == '\t')
162 				line++;
163 			if (line++[0] == ':') {
164 				msg->inheader = 1;
165 				admd_cache(msg, orig);
166 				return 0;
167 			}
168 		} else if (msg->inheader &&
169 		    (line[0] == ' ' || line[0] == '\t')) {
170 			admd_cache(msg, orig);
171 			return 0;
172 		}
173 	}
174 
175 	osmtpd_filter_dataline(ctx, "%s", orig);
176 	return 0;
177 }
178 
179 int
180 admd_commit(struct osmtpd_ctx *ctx)
181 {
182 	struct admd_message *msg = ctx->local_message;
183 
184 	if (reject && msg->foundmatch) {
185 		osmtpd_filter_disconnect(ctx, "Message contains "
186 		    "Authentication-Results header for authserv-id '%s'",
187 		    authservid);
188 		fprintf(stderr, "%016"PRIx64" Message contains "
189 		    "Authentication-Results header for authserv-id '%s': "
190 		    "rejected\n", ctx->reqid, authservid);
191 		return 0;
192 	}
193 
194 	osmtpd_filter_proceed(ctx);
195 	if (msg->foundmatch) {
196 		fprintf(stderr, "%016"PRIx64" Message contains "
197 		    "Authentication-Results header for authserv-id '%s': "
198 		    "filtered\n", ctx->reqid, authservid);
199 	} else if (verbose)
200 		fprintf(stderr, "%016"PRIx64" Message contains no "
201 		   "Authentication-Results header for authserv-id '%s'\n",
202 		    ctx->reqid, authservid);
203 
204 	return 0;
205 }
206 
207 void
208 admd_cache(struct admd_message *msg, const char *line)
209 {
210 	char **tcache;
211 
212 	if ((tcache = reallocarray(msg->cache, msg->cachelen + 1,
213 	    sizeof(*(msg->cache)))) == NULL) {
214 		admd_freecache(msg);
215 		osmtpd_err(1, "malloc");
216 	}
217 	msg->cache = tcache;
218 	msg->cache[msg->cachelen] = strdup(line);
219 	if (msg->cache[msg->cachelen] == NULL) {
220 		admd_freecache(msg);
221 		osmtpd_err(1, "strdup");
222 	}
223 	msg->cachelen++;
224 	msg->headerlen += strlen(line[0] == '.' ? line + 1 : line);
225 }
226 
227 const char *
228 admd_authservid(struct admd_message *msg)
229 {
230 	char *header0, *header, *line, *end;
231 	size_t headerlen;
232 	size_t i = 0;
233 	
234 	headerlen = msg->headerlen + (msg->cachelen * 2) + 1;
235 	header0 = header = malloc(headerlen);
236 	if (header == NULL) {
237 		osmtpd_err(1, "malloc");
238 		return NULL;
239 	}
240 	header[0] = '\0';
241 	for (i = 0; i < msg->cachelen; i++) {
242 		line = msg->cache[i];
243 		if (line[0] == '.')
244 			line++;
245 		if (strlcat(header, line, headerlen) >= headerlen ||
246 		    strlcat(header, "\r\n", headerlen) >= headerlen) {
247 			osmtpd_errx(1, "miscalculated header\n");
248 			exit(1);
249 		}
250 	}
251 
252 	/* Skip key */
253 	header += 22;
254 	while (header[0] == ' ' || header[0] == '\t')
255 		header++;
256 	/* : */
257 	header++;
258 
259 	header = osmtpd_mheader_skip_cfws(header, 1);
260 
261 	if ((end = osmtpd_mheader_skip_value(header, 0)) == NULL) {
262 		errno = EINVAL;
263 		free(header0);
264 		return NULL;
265 	}
266 	memmove(header0, header, end - header);
267 	header0[end - header] = '\0';
268 
269 	return header0;
270 }
271 
272 void
273 admd_freecache(struct admd_message *msg)
274 {
275 	while (msg->cachelen > 0) {
276 		msg->cachelen--;
277 		free(msg->cache[msg->cachelen]);
278 	}
279 	free(msg->cache);
280 	msg->cache = NULL;
281 	msg->cachelen = 0;
282 	msg->headerlen = 0;
283 }
284 
285 __dead void
286 usage(void)
287 {
288 	fprintf(stderr, "usage: filter-admdscrub [-rv] [-a authserv-id]\n");
289 	exit(1);
290 }