search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
NYD: maildir.c
[s-mailx.git] / ssl.c
bloba87888e1ae54ab698612c32726e8cfb76311f87d
1 /*@ S-nail - a mail user agent derived from Berkeley Mail.
2 *@ Generic SSL / SMIME commands.
3 *
4 * Copyright (c) 2000-2004 Gunnar Ritter, Freiburg i. Br., Germany.
5 * Copyright (c) 2012 - 2014 Steffen "Daode" Nurpmeso <sdaoden@users.sf.net>.
6 */
7 /*
8 * Copyright (c) 2002
9 * Gunnar Ritter. All rights reserved.
10 *
11 * Redistribution and use in source and binary forms, with or without
12 * modification, are permitted provided that the following conditions
13 * are met:
14 * 1. Redistributions of source code must retain the above copyright
15 * notice, this list of conditions and the following disclaimer.
16 * 2. Redistributions in binary form must reproduce the above copyright
17 * notice, this list of conditions and the following disclaimer in the
18 * documentation and/or other materials provided with the distribution.
19 * 3. All advertising materials mentioning features or use of this software
20 * must display the following acknowledgement:
21 * This product includes software developed by Gunnar Ritter
22 * and his contributors.
23 * 4. Neither the name of Gunnar Ritter nor the names of his contributors
24 * may be used to endorse or promote products derived from this software
25 * without specific prior written permission.
26 *
27 * THIS SOFTWARE IS PROVIDED BY GUNNAR RITTER AND CONTRIBUTORS ``AS IS'' AND
28 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
29 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
30 * ARE DISCLAIMED. IN NO EVENT SHALL GUNNAR RITTER OR CONTRIBUTORS BE LIABLE
31 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
32 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
33 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
34 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
35 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
36 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
37 * SUCH DAMAGE.
38 */
39
40 #ifndef HAVE_AMALGAMATION
41 # include "nail.h"
42 #endif
43
44 EMPTY_FILE(ssl)
45 #ifdef HAVE_SSL
46 FL void
47 ssl_set_vrfy_level(const char *uhp)
48 {
49 size_t l;
50 char *cp, *vrvar;
51
52 ssl_vrfy_level = VRFY_ASK;
53 l = strlen(uhp);
54 vrvar = ac_alloc(l + 12);
55 memcpy(vrvar, "ssl-verify-", 11);
56 memcpy(vrvar + 11, uhp, l + 1);
57
58 if ((cp = vok_vlook(vrvar)) == NULL)
59 cp = ok_vlook(ssl_verify);
60 ac_free(vrvar);
61 if (cp != NULL) {
62 if (strcmp(cp, "strict") == 0)
63 ssl_vrfy_level = VRFY_STRICT;
64 else if (strcmp(cp, "ask") == 0)
65 ssl_vrfy_level = VRFY_ASK;
66 else if (strcmp(cp, "warn") == 0)
67 ssl_vrfy_level = VRFY_WARN;
68 else if (strcmp(cp, "ignore") == 0)
69 ssl_vrfy_level = VRFY_IGNORE;
70 else
71 fprintf(stderr, tr(265,
72 "invalid value of ssl-verify: %s\n"), cp);
73 }
74 }
75
76 FL enum okay
77 ssl_vrfy_decide(void)
78 {
79 enum okay ok = STOP;
80
81 switch (ssl_vrfy_level) {
82 case VRFY_STRICT:
83 ok = STOP;
84 break;
85 case VRFY_ASK:
86 {
87 char *line = NULL;
88 size_t linesize = 0;
89
90 fprintf(stderr, tr(264, "Continue (y/n)? "));
91 if (readline_restart(stdin, &line, &linesize, 0) > 0 &&
92 *line == 'y')
93 ok = OKAY;
94 else
95 ok = STOP;
96 if (line)
97 free(line);
98 }
99 break;
100 case VRFY_WARN:
101 case VRFY_IGNORE:
102 ok = OKAY;
103 }
104 return ok;
105 }
106
107 FL char *
108 ssl_method_string(const char *uhp)
109 {
110 size_t l;
111 char *cp, *mtvar;
112
113 l = strlen(uhp);
114 mtvar = ac_alloc(l + 12);
115 memcpy(mtvar, "ssl-method-", 11);
116 memcpy(mtvar + 11, uhp, l + 1);
117 if ((cp = vok_vlook(mtvar)) == NULL)
118 cp = ok_vlook(ssl_method);
119 ac_free(mtvar);
120 return cp;
121 }
122
123 FL enum okay
124 smime_split(FILE *ip, FILE **hp, FILE **bp, long xcount, int keep)
125 {
126 /* TODO like i said quite often now, the entire SSL stuff really needs
127 * TODO a review ASAP; also in respect to correct resource release, and
128 * TODO especially in case of errors; S-nail is a program that REALLY
129 * TODO may run for a week or longer!!! */
130 char *buf, *hn, *bn;
131 char *savedfields = NULL;
132 size_t bufsize, buflen, cnt, savedsize = 0;
133 int c;
134
135 if ((*hp = Ftemp(&hn, "Rh", "w+", 0600, 1)) == NULL)
136 goto jetmp;
137 rm(hn);
138 Ftfree(&hn);
139 if ((*bp = Ftemp(&bn, "Rb", "w+", 0600, 1)) == NULL) {
140 jetmp:
141 perror("tempfile");
142 return STOP;
143 }
144 rm(bn);
145 Ftfree(&bn);
146
147 buf = smalloc(bufsize = LINESIZE);
148 savedfields = smalloc(savedsize = 1);
149 *savedfields = '\0';
150 if (xcount < 0)
151 cnt = fsize(ip);
152 else
153 cnt = xcount;
154
155 while (fgetline(&buf, &bufsize, &cnt, &buflen, ip, 0) != NULL &&
156 *buf != '\n') {
157 if (ascncasecmp(buf, "content-", 8) == 0) {
158 if (keep)
159 fputs("X-Encoded-", *hp);
160 for (;;) {
161 savedsize += buflen;
162 savedfields = srealloc(savedfields, savedsize);
163 strcat(savedfields, buf);
164 if (keep)
165 fwrite(buf, sizeof *buf, buflen, *hp);
166 c = getc(ip);
167 ungetc(c, ip);
168 if (!blankchar(c))
169 break;
170 fgetline(&buf, &bufsize, &cnt, &buflen,
171 ip, 0);
172 }
173 continue;
174 }
175 fwrite(buf, sizeof *buf, buflen, *hp);
176 }
177 fflush(*hp);
178 rewind(*hp);
179
180 fputs(savedfields, *bp);
181 putc('\n', *bp);
182 while (fgetline(&buf, &bufsize, &cnt, &buflen, ip, 0) != NULL)
183 fwrite(buf, sizeof *buf, buflen, *bp);
184 fflush(*bp);
185 rewind(*bp);
186
187 free(savedfields);
188 free(buf);
189 return OKAY;
190 }
191
192 FL FILE *
193 smime_sign_assemble(FILE *hp, FILE *bp, FILE *sp)
194 {
195 char *boundary, *cp;
196 FILE *op;
197 int c, lastc = EOF;
198
199 if ((op = Ftemp(&cp, "Rs", "w+", 0600, 1)) == NULL) {
200 perror("tempfile");
201 return NULL;
202 }
203 rm(cp);
204 Ftfree(&cp);
205 boundary = mime_create_boundary();
206 while ((c = getc(hp)) != EOF) {
207 if (c == '\n' && lastc == '\n')
208 break;
209 putc(c, op);
210 lastc = c;
211 }
212 fprintf(op, "Content-Type: multipart/signed;\n"
213 " protocol=\"application/x-pkcs7-signature\"; micalg=sha1;\n"
214 " boundary=\"%s\"\n\n", boundary);
215 fprintf(op, "This is an S/MIME signed message.\n\n--%s\n",
216 boundary);
217 while ((c = getc(bp)) != EOF)
218 putc(c, op);
219 fprintf(op, "\n--%s\n", boundary);
220 fputs("Content-Type: application/x-pkcs7-signature; "
221 "name=\"smime.p7s\"\n"
222 "Content-Transfer-Encoding: base64\n"
223 "Content-Disposition: attachment; filename=\"smime.p7s\"\n\n",
224 op);
225 while ((c = getc(sp)) != EOF) {
226 if (c == '-') {
227 while ((c = getc(sp)) != EOF && c != '\n');
228 continue;
229 }
230 putc(c, op);
231 }
232 fprintf(op, "\n--%s--\n", boundary);
233 Fclose(hp);
234 Fclose(bp);
235 Fclose(sp);
236 fflush(op);
237 if (ferror(op)) {
238 perror("signed output data");
239 Fclose(op);
240 return NULL;
241 }
242 rewind(op);
243 return op;
244 }
245
246 FL FILE *
247 smime_encrypt_assemble(FILE *hp, FILE *yp)
248 {
249 char *cp;
250 FILE *op;
251 int c, lastc = EOF;
252
253 if ((op = Ftemp(&cp, "Rs", "w+", 0600, 1)) == NULL) {
254 perror("tempfile");
255 return NULL;
256 }
257 rm(cp);
258 Ftfree(&cp);
259 while ((c = getc(hp)) != EOF) {
260 if (c == '\n' && lastc == '\n')
261 break;
262 putc(c, op);
263 lastc = c;
264 }
265 fprintf(op, "Content-Type: application/x-pkcs7-mime; "
266 "name=\"smime.p7m\"\n"
267 "Content-Transfer-Encoding: base64\n"
268 "Content-Disposition: attachment; "
269 "filename=\"smime.p7m\"\n\n");
270 while ((c = getc(yp)) != EOF) {
271 if (c == '-') {
272 while ((c = getc(yp)) != EOF && c != '\n');
273 continue;
274 }
275 putc(c, op);
276 }
277 Fclose(hp);
278 Fclose(yp);
279 fflush(op);
280 if (ferror(op)) {
281 perror("encrypted output data");
282 Fclose(op);
283 return NULL;
284 }
285 rewind(op);
286 return op;
287 }
288
289 FL struct message *
290 smime_decrypt_assemble(struct message *m, FILE *hp, FILE *bp)
291 {
292 ui32_t lastnl = 0;
293 int binary = 0;
294 char *buf = NULL;
295 size_t bufsize = 0, buflen, cnt;
296 long lines = 0, octets = 0;
297 struct message *x;
298 off_t offset;
299
300 x = salloc(sizeof *x);
301 *x = *m;
302 fflush(mb.mb_otf);
303 fseek(mb.mb_otf, 0L, SEEK_END);
304 offset = ftell(mb.mb_otf);
305 cnt = fsize(hp);
306 while (fgetline(&buf, &bufsize, &cnt, &buflen, hp, 0) != NULL) {
307 char const *cp;
308 if (buf[0] == '\n')
309 break;
310 if ((cp = thisfield(buf, "content-transfer-encoding")) != NULL)
311 if (ascncasecmp(cp, "binary", 7) == 0)
312 binary = 1;
313 fwrite(buf, sizeof *buf, buflen, mb.mb_otf);
314 octets += buflen;
315 lines++;
316 }
317 octets += mkdate(mb.mb_otf, "X-Decoding-Date");
318 lines++;
319 cnt = fsize(bp);
320 while (fgetline(&buf, &bufsize, &cnt, &buflen, bp, 0) != NULL) {
321 lines++;
322 if (!binary && buf[buflen-1] == '\n' && buf[buflen-2] == '\r')
323 buf[--buflen-1] = '\n';
324 fwrite(buf, sizeof *buf, buflen, mb.mb_otf);
325 octets += buflen;
326 if (buf[0] == '\n')
327 lastnl++;
328 else if (buf[buflen-1] == '\n')
329 lastnl = 1;
330 else
331 lastnl = 0;
332 }
333 while (!binary && lastnl < 2) {
334 putc('\n', mb.mb_otf);
335 lines++;
336 octets++;
337 lastnl++;
338 }
339 Fclose(hp);
340 Fclose(bp);
341 free(buf);
342 fflush(mb.mb_otf);
343 if (ferror(mb.mb_otf)) {
344 perror("decrypted output data");
345 return NULL;
346 }
347 x->m_size = x->m_xsize = octets;
348 x->m_lines = x->m_xlines = lines;
349 x->m_block = mailx_blockof(offset);
350 x->m_offset = mailx_offsetof(offset);
351 return x;
352 }
353
354 FL int
355 ccertsave(void *v)
356 {
357 int *ip;
358 int *msgvec;
359 char *file = NULL, *str = v;
360 int val = 0;
361 FILE *fp;
362 bool_t f;
363
364 msgvec = salloc((msgCount + 2) * sizeof *msgvec);
365 if ((file = laststring(str, &f, 1)) == NULL) {
366 fprintf(stderr, "No file to save certificate given.\n");
367 return 1;
368 }
369 if (!f) {
370 *msgvec = first(0, MMNORM);
371 if (*msgvec == 0) {
372 if (inhook)
373 return 0;
374 fprintf(stderr,
375 "No messages to get certificates from.\n");
376 return 1;
377 }
378 msgvec[1] = 0;
379 } else if (getmsglist(str, msgvec, 0) < 0)
380 return 1;
381 if (*msgvec == 0) {
382 if (inhook)
383 return 0;
384 fprintf(stderr, "No applicable messages.\n");
385 return 1;
386 }
387 if ((fp = Fopen(file, "a")) == NULL) {
388 perror(file);
389 return 1;
390 }
391 for (ip = msgvec; *ip && ip-msgvec < msgCount; ip++)
392 if (smime_certsave(&message[*ip-1], *ip, fp) != OKAY)
393 val = 1;
394 Fclose(fp);
395 if (val == 0)
396 printf("Certificate(s) saved.\n");
397 return val;
398 }
399
400 FL enum okay
401 rfc2595_hostname_match(const char *host, const char *pattern)
402 {
403 if (pattern[0] == '*' && pattern[1] == '.') {
404 pattern++;
405 while (*host && *host != '.')
406 host++;
407 }
408 return asccasecmp(host, pattern) == 0 ? OKAY : STOP;
409 }
410 #endif /* HAVE_SSL */
A mail processing system intended to provide the functionality of the POSIX mailx(1) command