#include <sys_defs.h>
#include <mymalloc.h>
#include <vstream.h>
#include <stringops.h>
#include <mail_params.h>
#include <maps.h>
#include <pfixtls.h>
#include "smtp.h"
#ifdef HAS_SSL
static MAPS *tls_per_site;
void smtp_tls_list_init(void)
{
tls_per_site = maps_create(VAR_SMTP_TLS_PER_SITE, var_smtp_tls_per_site,
DICT_FLAG_LOCK);
}
#endif
SMTP_SESSION *smtp_session_alloc(char *dest, VSTREAM *stream, char *host, char *addr)
{
SMTP_SESSION *session;
const char *lookup;
char *lookup_key;
int host_dont_use = 0;
int host_use = 0;
int host_enforce = 0;
int host_enforce_peername = 0;
int recipient_dont_use = 0;
int recipient_use = 0;
int recipient_enforce = 0;
int recipient_enforce_peername = 0;
session = (SMTP_SESSION *) mymalloc(sizeof(*session));
session->stream = stream;
session->host = mystrdup(host);
session->addr = mystrdup(addr);
session->namaddr = concatenate(host, "[", addr, "]", (char *) 0);
session->best = 1;
session->tls_use_tls = session->tls_enforce_tls = 0;
session->tls_enforce_peername = 0;
#ifdef HAS_SSL
lookup_key = lowercase(mystrdup(host));
if (lookup = maps_find(tls_per_site, lookup_key, 0)) {
if (!strcasecmp(lookup, "NONE"))
host_dont_use = 1;
else if (!strcasecmp(lookup, "MAY"))
host_use = 1;
else if (!strcasecmp(lookup, "MUST"))
host_enforce = host_enforce_peername = 1;
else if (!strcasecmp(lookup, "MUST_NOPEERMATCH"))
host_enforce = 1;
else
msg_warn("Unknown TLS state for receiving host %s: '%s', using default policy", session->host, lookup);
}
myfree(lookup_key);
lookup_key = lowercase(mystrdup(dest));
if (lookup = maps_find(tls_per_site, dest, 0)) {
if (!strcasecmp(lookup, "NONE"))
recipient_dont_use = 1;
else if (!strcasecmp(lookup, "MAY"))
recipient_use = 1;
else if (!strcasecmp(lookup, "MUST"))
recipient_enforce = recipient_enforce_peername = 1;
else if (!strcasecmp(lookup, "MUST_NOPEERMATCH"))
recipient_enforce = 1;
else
msg_warn("Unknown TLS state for recipient domain %s: '%s', using default policy", dest, lookup);
}
myfree(lookup_key);
if ((var_smtp_enforce_tls && !host_dont_use && !recipient_dont_use) || host_enforce ||
recipient_enforce)
session->tls_enforce_tls = session->tls_use_tls = 1;
if (host_enforce && host_enforce_peername)
session->tls_enforce_peername = 1;
else if (recipient_enforce && recipient_enforce_peername)
session->tls_enforce_peername = 1;
else if (var_smtp_enforce_tls && var_smtp_tls_enforce_peername)
session->tls_enforce_peername = 1;
else if ((var_smtp_use_tls && !host_dont_use && !recipient_dont_use) || host_use || recipient_use)
session->tls_use_tls = 1;
#endif
session->tls_info = tls_info_zero;
return (session);
}
void smtp_session_free(SMTP_SESSION *session)
{
#ifdef HAS_SSL
vstream_fflush(session->stream);
pfixtls_stop_clienttls(session->stream, var_smtp_starttls_tmout, 0,
&(session->tls_info));
#endif
vstream_fclose(session->stream);
myfree(session->host);
myfree(session->addr);
myfree(session->namaddr);
myfree((char *) session);
}