src/src/tls.c

   1 /*************************************************
   2 *     Exim - an Internet mail transport agent    *
   3 *************************************************/
   4
   5 /* Copyright (c) University of Cambridge 1995 - 2018 */
   6 /* See the file NOTICE for conditions of use and distribution. */
   7
   8 /* This module provides TLS (aka SSL) support for Exim. The code for OpenSSL is
   9 based on a patch that was originally contributed by Steve Haslam. It was
  10 adapted from stunnel, a GPL program by Michal Trojnara. The code for GNU TLS is
  11 based on a patch contributed by Nikos Mavrogiannopoulos. Because these packages
  12 are so very different, the functions for each are kept in separate files. The
  13 relevant file is #included as required, after any any common functions.
  14
  15 No cryptographic code is included in Exim. All this module does is to call
  16 functions from the OpenSSL or GNU TLS libraries. */
  17
  18
  19 #include "exim.h"
  20 #include "transports/smtp.h"
  21
  22 #if !defined(DISABLE_TLS) && !defined(USE_OPENSSL) && !defined(USE_GNUTLS)
  23 # error One of USE_OPENSSL or USE_GNUTLS must be defined for a TLS build
  24 #endif
  25
  26
  27 #if defined(MACRO_PREDEF) && !defined(DISABLE_TLS)
  28 # include "macro_predef.h"
  29 # ifdef USE_GNUTLS
  30 #  include "tls-gnu.c"
  31 # else
  32 #  include "tls-openssl.c"
  33 # endif
  34 #endif
  35
  36 #ifndef MACRO_PREDEF
  37
  38 /* This module is compiled only when it is specifically requested in the
  39 build-time configuration. However, some compilers don't like compiling empty
  40 modules, so keep them happy with a dummy when skipping the rest. Make it
  41 reference itself to stop picky compilers complaining that it is unused, and put
  42 in a dummy argument to stop even pickier compilers complaining about infinite
  43 loops. */
  44
  45 #ifdef DISABLE_TLS
  46 static void dummy(int x) { dummy(x-1); }
  47 #else
  48
  49 /* Static variables that are used for buffering data by both sets of
  50 functions and the common functions below.
  51
  52 We're moving away from this; GnuTLS is already using a state, which
  53 can switch, so we can do TLS callouts during ACLs. */
  54
  55 static const int ssl_xfer_buffer_size = 4096;
  56 #ifdef USE_OPENSSL
  57 static uschar *ssl_xfer_buffer = NULL;
  58 static int ssl_xfer_buffer_lwm = 0;
  59 static int ssl_xfer_buffer_hwm = 0;
  60 static int ssl_xfer_eof = FALSE;
  61 static BOOL ssl_xfer_error = FALSE;
  62 #endif
  63
  64 uschar *tls_channelbinding_b64 = NULL;
  65
  66
  67 /*************************************************
  68 *       Expand string; give error on failure     *
  69 *************************************************/
  70
  71 /* If expansion is forced to fail, set the result NULL and return TRUE.
  72 Other failures return FALSE. For a server, an SMTP response is given.
  73
  74 Arguments:
  75   s         the string to expand; if NULL just return TRUE
  76   name      name of string being expanded (for error)
  77   result    where to put the result
  78
  79 Returns:    TRUE if OK; result may still be NULL after forced failure
  80 */
  81
  82 static BOOL
  83 expand_check(const uschar *s, const uschar *name, uschar **result, uschar ** errstr)
  84 {
  85 if (!s)
  86   *result = NULL;
  87 else if (  !(*result = expand_string(US s)) /* need to clean up const more */
  88         && !f.expand_string_forcedfail
  89         )
  90   {
  91   *errstr = US"Internal error";
  92   log_write(0, LOG_MAIN|LOG_PANIC, "expansion of %s failed: %s", name,
  93     expand_string_message);
  94   return FALSE;
  95   }
  96 return TRUE;
  97 }
  98
  99
 100 /*************************************************
 101 *        Timezone environment flipping           *
 102 *************************************************/
 103
 104 static uschar *
 105 to_tz(uschar * tz)
 106 {
 107 uschar * old = US getenv("TZ");
 108 (void) setenv("TZ", CCS tz, 1);
 109 tzset();
 110 return old;
 111 }
 112
 113 static void
 114 restore_tz(uschar * tz)
 115 {
 116 if (tz)
 117   (void) setenv("TZ", CCS tz, 1);
 118 else
 119   (void) os_unsetenv(US"TZ");
 120 tzset();
 121 }
 122
 123 /*************************************************
 124 *        Many functions are package-specific     *
 125 *************************************************/
 126
 127 #ifdef USE_GNUTLS
 128 # include "tls-gnu.c"
 129 # include "tlscert-gnu.c"
 130 # define ssl_xfer_buffer (state_server.xfer_buffer)
 131 # define ssl_xfer_buffer_lwm (state_server.xfer_buffer_lwm)
 132 # define ssl_xfer_buffer_hwm (state_server.xfer_buffer_hwm)
 133 # define ssl_xfer_eof (state_server.xfer_eof)
 134 # define ssl_xfer_error (state_server.xfer_error)
 135 #endif
 136
 137 #ifdef USE_OPENSSL
 138 # include "tls-openssl.c"
 139 # include "tlscert-openssl.c"
 140 #endif
 141
 142
 143
 144 /*************************************************
 145 *           TLS version of ungetc                *
 146 *************************************************/
 147
 148 /* Puts a character back in the input buffer. Only ever
 149 called once.
 150 Only used by the server-side TLS.
 151
 152 Arguments:
 153   ch           the character
 154
 155 Returns:       the character
 156 */
 157
 158 int
 159 tls_ungetc(int ch)
 160 {
 161 ssl_xfer_buffer[--ssl_xfer_buffer_lwm] = ch;
 162 return ch;
 163 }
 164
 165
 166
 167 /*************************************************
 168 *           TLS version of feof                  *
 169 *************************************************/
 170
 171 /* Tests for a previous EOF
 172 Only used by the server-side TLS.
 173
 174 Arguments:     none
 175 Returns:       non-zero if the eof flag is set
 176 */
 177
 178 int
 179 tls_feof(void)
 180 {
 181 return (int)ssl_xfer_eof;
 182 }
 183
 184
 185
 186 /*************************************************
 187 *              TLS version of ferror             *
 188 *************************************************/
 189
 190 /* Tests for a previous read error, and returns with errno
 191 restored to what it was when the error was detected.
 192 Only used by the server-side TLS.
 193
 194 >>>>> Hmm. Errno not handled yet. Where do we get it from?  >>>>>
 195
 196 Arguments:     none
 197 Returns:       non-zero if the error flag is set
 198 */
 199
 200 int
 201 tls_ferror(void)
 202 {
 203 return (int)ssl_xfer_error;
 204 }
 205
 206
 207 /*************************************************
 208 *           TLS version of smtp_buffered         *
 209 *************************************************/
 210
 211 /* Tests for unused chars in the TLS input buffer.
 212 Only used by the server-side TLS.
 213
 214 Arguments:     none
 215 Returns:       TRUE/FALSE
 216 */
 217
 218 BOOL
 219 tls_smtp_buffered(void)
 220 {
 221 return ssl_xfer_buffer_lwm < ssl_xfer_buffer_hwm;
 222 }
 223
 224
 225 #endif  /*DISABLE_TLS*/
 226
 227 void
 228 tls_modify_variables(tls_support * dest_tsp)
 229 {
 230 modify_variable(US"tls_bits",                 &dest_tsp->bits);
 231 modify_variable(US"tls_certificate_verified", &dest_tsp->certificate_verified);
 232 modify_variable(US"tls_cipher",               &dest_tsp->cipher);
 233 modify_variable(US"tls_peerdn",               &dest_tsp->peerdn);
 234 #ifdef USE_OPENSSL
 235 modify_variable(US"tls_sni",                  &dest_tsp->sni);
 236 #endif
 237 }
 238
 239
 240 #ifndef DISABLE_TLS
 241 /************************************************
 242 *       TLS certificate name operations         *
 243 ************************************************/
 244
 245 /* Convert an rfc4514 DN to an exim comma-sep list.
 246 Backslashed commas need to be replaced by doublecomma
 247 for Exim's list quoting.  We modify the given string
 248 inplace.
 249 */
 250
 251 static void
 252 dn_to_list(uschar * dn)
 253 {
 254 for (uschar * cp = dn; *cp; cp++)
 255   if (cp[0] == '\\' && cp[1] == ',')
 256     *cp++ = ',';
 257 }
 258
 259
 260 /* Extract fields of a given type from an RFC4514-
 261 format Distinguished Name.  Return an Exim list.
 262 NOTE: We modify the supplied dn string during operation.
 263
 264 Arguments:
 265         dn      Distinguished Name string
 266         mod     list containing optional output list-sep and
 267                 field selector match, comma-separated
 268 Return:
 269         allocated string with list of matching fields,
 270         field type stripped
 271 */
 272
 273 uschar *
 274 tls_field_from_dn(uschar * dn, const uschar * mod)
 275 {
 276 int insep = ',';
 277 uschar outsep = '\n';
 278 uschar * ele;
 279 uschar * match = NULL;
 280 int len;
 281 gstring * list = NULL;
 282
 283 while ((ele = string_nextinlist(&mod, &insep, NULL, 0)))
 284   if (ele[0] != '>')
 285     match = ele;        /* field tag to match */
 286   else if (ele[1])
 287     outsep = ele[1];    /* nondefault output separator */
 288
 289 dn_to_list(dn);
 290 insep = ',';
 291 len = match ? Ustrlen(match) : -1;
 292 while ((ele = string_nextinlist(CUSS &dn, &insep, NULL, 0)))
 293   if (  !match
 294      || Ustrncmp(ele, match, len) == 0 && ele[len] == '='
 295      )
 296     list = string_append_listele(list, outsep, ele+len+1);
 297 return string_from_gstring(list);
 298 }
 299
 300
 301 /* Compare a domain name with a possibly-wildcarded name. Wildcards
 302 are restricted to a single one, as the first element of patterns
 303 having at least three dot-separated elements.  Case-independent.
 304 Return TRUE for a match
 305 */
 306 static BOOL
 307 is_name_match(const uschar * name, const uschar * pat)
 308 {
 309 uschar * cp;
 310 return *pat == '*'              /* possible wildcard match */
 311   ?    *++pat == '.'            /* starts star, dot              */
 312     && !Ustrchr(++pat, '*')     /* has no more stars             */
 313     && Ustrchr(pat, '.')        /* and has another dot.          */
 314     && (cp = Ustrchr(name, '.'))/* The name has at least one dot */
 315     && strcmpic(++cp, pat) == 0 /* and we only compare after it. */
 316   :    !Ustrchr(pat+1, '*')
 317     && strcmpic(name, pat) == 0;
 318 }
 319
 320 /* Compare a list of names with the dnsname elements
 321 of the Subject Alternate Name, if any, and the
 322 Subject otherwise.
 323
 324 Arguments:
 325         namelist names to compare
 326         cert     certificate
 327
 328 Returns:
 329         TRUE/FALSE
 330 */
 331
 332 BOOL
 333 tls_is_name_for_cert(const uschar * namelist, void * cert)
 334 {
 335 uschar * altnames = tls_cert_subject_altname(cert, US"dns");
 336 uschar * subjdn;
 337 uschar * certname;
 338 int cmp_sep = 0;
 339 uschar * cmpname;
 340
 341 if ((altnames = tls_cert_subject_altname(cert, US"dns")))
 342   {
 343   int alt_sep = '\n';
 344   while ((cmpname = string_nextinlist(&namelist, &cmp_sep, NULL, 0)))
 345     {
 346     const uschar * an = altnames;
 347     while ((certname = string_nextinlist(&an, &alt_sep, NULL, 0)))
 348       if (is_name_match(cmpname, certname))
 349         return TRUE;
 350     }
 351   }
 352
 353 else if ((subjdn = tls_cert_subject(cert, NULL)))
 354   {
 355   int sn_sep = ',';
 356
 357   dn_to_list(subjdn);
 358   while ((cmpname = string_nextinlist(&namelist, &cmp_sep, NULL, 0)))
 359     {
 360     const uschar * sn = subjdn;
 361     while ((certname = string_nextinlist(&sn, &sn_sep, NULL, 0)))
 362       if (  *certname++ == 'C'
 363          && *certname++ == 'N'
 364          && *certname++ == '='
 365          && is_name_match(cmpname, certname)
 366          )
 367         return TRUE;
 368     }
 369   }
 370 return FALSE;
 371 }
 372 #endif  /*!DISABLE_TLS*/
 373 #endif  /*!MACRO_PREDEF*/
 374
 375 /* vi: aw ai sw=2
 376 */
 377 /* End of tls.c */