diff options
author | Sergey Poznyakoff <gray@gnu.org> | 2021-08-25 08:57:09 +0300 |
---|---|---|
committer | Sergey Poznyakoff <gray@gnu.org> | 2021-08-25 09:27:01 +0300 |
commit | 35fbbaf08f523e6bbe49af4a1cdbe53626e69e29 (patch) | |
tree | c6d46b28bf351516bd641e77a1e7430b6ff6b532 | |
parent | b9e2329f22c65e88c804e4e7c942381239d64bc6 (diff) | |
download | mailutils-35fbbaf08f523e6bbe49af4a1cdbe53626e69e29.tar.gz mailutils-35fbbaf08f523e6bbe49af4a1cdbe53626e69e29.tar.bz2 |
New function mu_tlsfd_stream2_convert
* libmu_auth/tlsfdstr.c (mu_tlsfd_stream_create): Remove last argument.
All uses changed.
(mu_tlsfd_stream2_convert): New function.
* include/mailutils/tls.h (mu_tlsfd_stream_create): Change signature
(flags removed).
(mu_tlsfd_stream2_convert): New proto.
(mu_tlsfd_stream_convert): New inline function.
* libmailutils/diag/errors (MU_ERR_TRANSPORT_GET)
(MU_ERR_TRANSPORT_SET): New error codes.
* imap4d/io.c (imap4d_init_tls_server): Use mu_tlsfd_stream2_convert.
* pop3d/extra.c (pop3d_init_tls_server): Use mu_tlsfd_stream2_convert.
-rw-r--r-- | imap4d/io.c | 77 | ||||
-rw-r--r-- | include/mailutils/tls.h | 15 | ||||
-rw-r--r-- | libmailutils/diag/errors | 4 | ||||
-rw-r--r-- | libmu_auth/tlsfdstr.c | 72 | ||||
-rw-r--r-- | pop3d/extra.c | 78 |
5 files changed, 125 insertions, 121 deletions
diff --git a/imap4d/io.c b/imap4d/io.c index 238c1a4b8..7076eb03e 100644 --- a/imap4d/io.c +++ b/imap4d/io.c @@ -62,7 +62,7 @@ io_setio (int ifd, int ofd, struct mu_tls_config *tls_conf) if (tls_conf) { - rc = mu_tlsfd_stream_create (&str, ifd, ofd, tls_conf, MU_TLS_SERVER, 0); + rc = mu_tlsfd_stream_create (&str, ifd, ofd, tls_conf, MU_TLS_SERVER); if (rc) { mu_error (_("failed to create TLS stream: %s"), mu_strerror (rc)); @@ -127,64 +127,10 @@ int imap4d_init_tls_server (struct mu_tls_config *tls_conf) { mu_stream_t tlsstream, stream[2], tstr, istr; - mu_transport_t t[2]; - int ifd, ofd; int rc; - - rc = mu_stream_ioctl (iostream, MU_IOCTL_SUBSTREAM, MU_IOCTL_OP_GET, stream); - if (rc) - { - mu_error (_("%s failed: %s"), "MU_IOCTL_SUBSTREAM", - mu_stream_strerror (iostream, rc)); - return 1; - } - - rc = mu_stream_ioctl (stream[MU_TRANSPORT_INPUT], MU_IOCTL_TRANSPORT, - MU_IOCTL_OP_GET, t); - if (rc) - { - mu_error (_("%s failed: %s"), "MU_IOCTL_TRANSPORT", - mu_stream_strerror (iostream, rc)); - return 1; - } - ifd = (int) (intptr_t) t[0]; - - rc = mu_stream_ioctl (stream[MU_TRANSPORT_OUTPUT], MU_IOCTL_TRANSPORT, - MU_IOCTL_OP_GET, t); - if (rc) - { - mu_error (_("%s failed: %s"), "MU_IOCTL_TRANSPORT", - mu_stream_strerror (iostream, rc)); - return 1; - } - ofd = (int) (intptr_t) t[0]; - - rc = mu_tlsfd_stream_create (&tlsstream, ifd, ofd, - tls_conf, - MU_TLS_SERVER, - 0); - - if (rc) - { - mu_diag_output (MU_DIAG_ERROR, _("cannot open TLS stream: %s"), - mu_strerror (rc)); - return 1; - } - - log_cipher (tlsstream); - - t[0] = (mu_transport_t) -1; - mu_stream_ioctl (stream[MU_TRANSPORT_INPUT], MU_IOCTL_TRANSPORT, - MU_IOCTL_OP_SET, t); - t[0] = (mu_transport_t) -1; - mu_stream_ioctl (stream[MU_TRANSPORT_OUTPUT], MU_IOCTL_TRANSPORT, - MU_IOCTL_OP_SET, t); - mu_stream_unref (stream[0]); - mu_stream_unref (stream[1]); - /* - * Find the iostream and replace it with the TLS stream. + * Find the iostream. * Unless transcript is enabled the iostream variable refers to a * CRLF filter, and its sub-stream is the iostream object. If transcript * is enabled, the treanscript stream is added on top and iostream refers @@ -215,7 +161,21 @@ imap4d_init_tls_server (struct mu_tls_config *tls_conf) mu_stream_unref (stream[0]); mu_stream_unref (stream[1]); - + + rc = mu_tlsfd_stream2_convert (&tlsstream, stream[0], stream[1], + tls_conf, MU_TLS_SERVER); + if (rc) + { + mu_error(_("cannot open TLS stream: %s"), mu_strerror (rc)); + if (rc == MU_ERR_TRANSPORT_SET) + { + mu_stream_destroy (&tlsstream); + /* iostream is unusable now */ + exit (EX_UNAVAILABLE); + } + return rc; + } + stream[0] = tlsstream; stream[1] = NULL; rc = mu_stream_ioctl (tstr, MU_IOCTL_TOPSTREAM, MU_IOCTL_OP_SET, stream); @@ -223,9 +183,10 @@ imap4d_init_tls_server (struct mu_tls_config *tls_conf) { mu_error (_("INTERNAL ERROR: failed to install TLS stream: %s"), mu_strerror (rc)); - return 1; + exit (EX_UNAVAILABLE); } mu_stream_unref (tlsstream); + log_cipher (tlsstream); return 0; } diff --git a/include/mailutils/tls.h b/include/mailutils/tls.h index 752598d67..d189f7723 100644 --- a/include/mailutils/tls.h +++ b/include/mailutils/tls.h @@ -63,8 +63,19 @@ void mu_tls_cfg_init (void); int mu_tlsfd_stream_create (mu_stream_t *pstream, int ifd, int ofd, struct mu_tls_config const *conf, - enum mu_tls_type type, - int flags); + enum mu_tls_type type); +int mu_tlsfd_stream2_convert (mu_stream_t *pstream, + mu_stream_t istr, mu_stream_t ostr, + struct mu_tls_config const *conf, + enum mu_tls_type type); +static inline int +mu_tlsfd_stream_convert (mu_stream_t *pstream, mu_stream_t tstr, + struct mu_tls_config const *conf, + enum mu_tls_type type) +{ + return mu_tlsfd_stream2_convert (pstream, tstr, NULL, conf, type); +} + int mu_tls_stream_create (mu_stream_t *pstream, mu_stream_t strin, mu_stream_t strout, struct mu_tls_config const *conf, diff --git a/libmailutils/diag/errors b/libmailutils/diag/errors index 54df0b0f1..1777efe29 100644 --- a/libmailutils/diag/errors +++ b/libmailutils/diag/errors @@ -146,4 +146,8 @@ MU_ERR_TIMEOUT _("timed out") MU_ERR_SET_TIMEOUT _("error setting timeout") MU_ERR_WRITE _("write error") + MU_ERR_TLS _("TLS error") + +MU_ERR_TRANSPORT_GET _("can't get transport desciptor") +MU_ERR_TRANSPORT_SET _("can't set transport desciptor") diff --git a/libmu_auth/tlsfdstr.c b/libmu_auth/tlsfdstr.c index be369a3e9..abf756615 100644 --- a/libmu_auth/tlsfdstr.c +++ b/libmu_auth/tlsfdstr.c @@ -601,8 +601,7 @@ _tlsfd_error_string (struct _mu_stream *stream, int rc) int mu_tlsfd_stream_create (mu_stream_t *pstream, int ifd, int ofd, struct mu_tls_config const *conf, - enum mu_tls_type type, - int flags) + enum mu_tls_type type) { struct _mu_tlsfd_stream *sp; int rc; @@ -685,3 +684,72 @@ mu_tlsfd_stream_create (mu_stream_t *pstream, int ifd, int ofd, *pstream = stream; return rc; } + +int +mu_tlsfd_stream2_convert (mu_stream_t *pstream, + mu_stream_t istr, mu_stream_t ostr, + struct mu_tls_config const *conf, + enum mu_tls_type type) +{ + mu_transport_t t[2]; + int ifd, ofd; + int rc; + + rc = mu_stream_ioctl (istr, MU_IOCTL_TRANSPORT, MU_IOCTL_OP_GET, t); + if (rc) + { + mu_debug (MU_DEBCAT_TLS, MU_DEBUG_ERROR, + ("ioctl(istr, MU_IOCTL_TRANSPORT, MU_IOCTL_OP_GET): %s", + mu_stream_strerror (istr, rc))); + return MU_ERR_TRANSPORT_GET; + } + ifd = (int) (intptr_t) t[0]; + + if (ostr) + { + rc = mu_stream_ioctl (ostr, MU_IOCTL_TRANSPORT, MU_IOCTL_OP_GET, t); + if (rc) + { + mu_debug (MU_DEBCAT_TLS, MU_DEBUG_ERROR, + ("ioctl(ostr, MU_IOCTL_TRANSPORT, MU_IOCTL_OP_GET): %s", + mu_stream_strerror (ostr, rc))); + return MU_ERR_TRANSPORT_GET; + } + ofd = (int) (intptr_t) t[0]; + } + else + ofd = ifd; + + rc = mu_tlsfd_stream_create (pstream, ifd, ofd, conf, type); + if (rc) + { + mu_debug (MU_DEBCAT_TLS, MU_DEBUG_ERROR, + ("mu_tlsfd_stream_create: %s", mu_strerror (rc))); + return rc; + } + + t[0] = (mu_transport_t) -1; + t[1] = NULL; + rc = mu_stream_ioctl (istr, MU_IOCTL_TRANSPORT, MU_IOCTL_OP_SET, t); + if (rc) + { + mu_debug (MU_DEBCAT_TLS, MU_DEBUG_ERROR, + ("ioctl(istr, MU_IOCTL_TRANSPORT, MU_IOCTL_OP_SET): %s", + mu_stream_strerror (istr, rc))); + return MU_ERR_TRANSPORT_SET; + } + if (ostr) + { + t[0] = NULL; + t[1] = (mu_transport_t) -1; + rc = mu_stream_ioctl (ostr, MU_IOCTL_TRANSPORT, MU_IOCTL_OP_SET, t); + if (rc) + { + mu_debug (MU_DEBCAT_TLS, MU_DEBUG_ERROR, + ("ioctl(ostr, MU_IOCTL_TRANSPORT, MU_IOCTL_OP_SET): %s", + mu_stream_strerror (ostr, rc))); + return MU_ERR_TRANSPORT_SET; + } + } + return 0; +} diff --git a/pop3d/extra.c b/pop3d/extra.c index 4c175f388..a21785a5a 100644 --- a/pop3d/extra.c +++ b/pop3d/extra.c @@ -169,7 +169,7 @@ pop3d_setio (int ifd, int ofd, struct mu_tls_config *tls_conf) if (tls_conf) { - rc = mu_tlsfd_stream_create (&str, ifd, ofd, tls_conf, MU_TLS_SERVER, 0); + rc = mu_tlsfd_stream_create (&str, ifd, ofd, tls_conf, MU_TLS_SERVER); if (rc) { mu_error (_("failed to create TLS stream: %s"), mu_strerror (rc)); @@ -234,64 +234,10 @@ int pop3d_init_tls_server (struct mu_tls_config *tls_conf) { mu_stream_t tlsstream, stream[2], tstr, istr; - mu_transport_t t[2]; - int ifd, ofd; int rc; - - rc = mu_stream_ioctl (iostream, MU_IOCTL_SUBSTREAM, MU_IOCTL_OP_GET, stream); - if (rc) - { - mu_error (_("%s failed: %s"), "MU_IOCTL_SUBSTREAM", - mu_stream_strerror (iostream, rc)); - return 1; - } - rc = mu_stream_ioctl (stream[MU_TRANSPORT_INPUT], MU_IOCTL_TRANSPORT, - MU_IOCTL_OP_GET, t); - if (rc) - { - mu_error (_("%s failed: %s"), "MU_IOCTL_TRANSPORT", - mu_stream_strerror (iostream, rc)); - return 1; - } - ifd = (int) (intptr_t) t[0]; - - rc = mu_stream_ioctl (stream[MU_TRANSPORT_OUTPUT], MU_IOCTL_TRANSPORT, - MU_IOCTL_OP_GET, t); - if (rc) - { - mu_error (_("%s failed: %s"), "MU_IOCTL_TRANSPORT", - mu_stream_strerror (iostream, rc)); - return 1; - } - ofd = (int) (intptr_t) t[0]; - - rc = mu_tlsfd_stream_create (&tlsstream, ifd, ofd, - tls_conf, - MU_TLS_SERVER, - 0); - - if (rc) - { - mu_diag_output (MU_DIAG_ERROR, _("cannot open TLS stream: %s"), - mu_strerror (rc)); - return 1; - } - - log_cipher (tlsstream); - - t[0] = (mu_transport_t) -1; - mu_stream_ioctl (stream[MU_TRANSPORT_INPUT], MU_IOCTL_TRANSPORT, - MU_IOCTL_OP_SET, t); - t[0] = (mu_transport_t) -1; - mu_stream_ioctl (stream[MU_TRANSPORT_OUTPUT], MU_IOCTL_TRANSPORT, - MU_IOCTL_OP_SET, t); - - mu_stream_unref (stream[0]); - mu_stream_unref (stream[1]); - /* - * Find the iostream and replace it with the TLS stream. + * Find the iostream. * Unless transcript is enabled the iostream variable refers to a * CRLF filter, and its sub-stream is the iostream object. If transcript * is enabled, the treanscript stream is added on top and iostream refers @@ -322,7 +268,21 @@ pop3d_init_tls_server (struct mu_tls_config *tls_conf) mu_stream_unref (stream[0]); mu_stream_unref (stream[1]); - + + rc = mu_tlsfd_stream2_convert (&tlsstream, stream[0], stream[1], + tls_conf, MU_TLS_SERVER); + if (rc) + { + mu_error(_("cannot open TLS stream: %s"), mu_strerror (rc)); + if (rc == MU_ERR_TRANSPORT_SET) + { + mu_stream_destroy (&tlsstream); + /* iostream is unusable now */ + exit (EX_UNAVAILABLE); + } + return rc; + } + stream[0] = tlsstream; stream[1] = NULL; rc = mu_stream_ioctl (tstr, MU_IOCTL_TOPSTREAM, MU_IOCTL_OP_SET, stream); @@ -330,10 +290,10 @@ pop3d_init_tls_server (struct mu_tls_config *tls_conf) { mu_error (_("INTERNAL ERROR: failed to install TLS stream: %s"), mu_strerror (rc)); - return 1; + exit (EX_UNAVAILABLE); } mu_stream_unref (tlsstream); - + log_cipher (tlsstream); return 0; } |