diff options
author | Sergey Poznyakoff <gray@gnu.org> | 2021-08-25 14:05:53 +0300 |
---|---|---|
committer | Sergey Poznyakoff <gray@gnu.org> | 2021-08-25 14:36:44 +0300 |
commit | fcf34684375b037c92b5012da3fb219b5ea657f3 (patch) | |
tree | 3cd02ee44373b52d79bacb27529a18c53ec55aea | |
parent | 35fbbaf08f523e6bbe49af4a1cdbe53626e69e29 (diff) | |
download | mailutils-fcf34684375b037c92b5012da3fb219b5ea657f3.tar.gz mailutils-fcf34684375b037c92b5012da3fb219b5ea657f3.tar.bz2 |
New function: mu_starttls
* libmu_auth/tlsfdstr.c (mu_tlsfd_stream_create): Accept conf==NULL.
(mu_starttls): New function.
* include/mailutils/tls.h (mu_starttls): New proto.
* include/mailutils/imapio.h (mu_imapio_get_transport)
(mu_imapio_set_transport): New functions.
* libmailutils/imapio/transport.c (mu_imapio_get_transport)
(mu_imapio_set_transport): New functions.
* libmailutils/stream/iostream.c (mu_iostream_create): Accept
NULL out stream.
* libmailutils/stream/tcp.c: Support MU_IOCTL_FD
(_tcp_instance): New member fd_borrowed.
(_tcp_close): Don't close fd if fd_borrowed is set.
(_tcp_ioctl): Handle MU_IOCTL_FD.
* libmailutils/stream/xscript-stream.c (_xscript_ctl): Accept
pstr[1] == NULL.
* libmu_auth/notls.c (mu_tlsfd_stream_create)
(mu_tlsfd_stream2_convert)
(mu_starttls): New placeholders.
* libproto/imap/folder.c (_mu_imap_folder_open): Use
mu_tlsfd_stream_convert.
Fix stream leak.
* libproto/imap/starttls.c (mu_imap_starttls): Use mu_starttls.
* libproto/mailer/smtp.c (smtp_open): Use mu_tlsfd_stream_convert.
* libproto/mailer/smtp_starttls.c (mu_smtp_starttls): Use mu_starttls.
* libproto/pop/pop3_stls.c (mu_pop3_stls): Likewise.
* libproto/pop/mailbox.c (pop_open): Use mu_tlsfd_stream_convert.
Fix stream leak.
* mu/libexec/imap.c (com_connect): Use mu_tlsfd_stream_convert.
Fix stream leak.
* mu/libexec/pop.c: Likewise.
* mu/libexec/smtp.c: Likewise.
* imap4d/io.c (imap4d_init_tls_server): Use mu_starttls.
* pop3d/extra.c: Likewise.
-rw-r--r-- | imap4d/io.c | 63 | ||||
-rw-r--r-- | include/mailutils/imapio.h | 3 | ||||
-rw-r--r-- | include/mailutils/tls.h | 4 | ||||
-rw-r--r-- | libmailutils/imapio/transport.c | 21 | ||||
-rw-r--r-- | libmailutils/stream/iostream.c | 2 | ||||
-rw-r--r-- | libmailutils/stream/tcp.c | 30 | ||||
-rw-r--r-- | libmailutils/stream/xscript-stream.c | 16 | ||||
-rw-r--r-- | libmu_auth/notls.c | 24 | ||||
-rw-r--r-- | libmu_auth/tlsfdstr.c | 140 | ||||
-rw-r--r-- | libproto/imap/folder.c | 13 | ||||
-rw-r--r-- | libproto/imap/starttls.c | 18 | ||||
-rw-r--r-- | libproto/mailer/smtp.c | 19 | ||||
-rw-r--r-- | libproto/mailer/smtp_starttls.c | 15 | ||||
-rw-r--r-- | libproto/pop/mailbox.c | 18 | ||||
-rw-r--r-- | libproto/pop/pop3_stls.c | 62 | ||||
-rw-r--r-- | mu/libexec/imap.c | 12 | ||||
-rw-r--r-- | mu/libexec/pop.c | 8 | ||||
-rw-r--r-- | mu/libexec/smtp.c | 8 | ||||
-rw-r--r-- | pop3d/extra.c | 64 |
19 files changed, 290 insertions, 250 deletions
diff --git a/imap4d/io.c b/imap4d/io.c index 7076eb03e..72cea2685 100644 --- a/imap4d/io.c +++ b/imap4d/io.c @@ -126,69 +126,18 @@ io_setio (int ifd, int ofd, struct mu_tls_config *tls_conf) int imap4d_init_tls_server (struct mu_tls_config *tls_conf) { - mu_stream_t tlsstream, stream[2], tstr, istr; int rc; - /* - * Find the iostream. - * Unless transcript is enabled the iostream variable refers to a - * CRLF filter, and its sub-stream is the iostream object. If transcript - * is enabled, the treanscript stream is added on top and iostream refers - * to it. - * - * The loop below uses the fact that iostream is the only stream in - * mailutils that returns *both* transport streams on MU_IOCTL_TOPSTREAM/ - * MU_IOCTL_OP_GET ioctl. Rest of streams that support MU_IOCTL_TOPSTREAM, - * return the transport stream in stream[0] and NULL in stream[1]. - */ - tstr = NULL; - istr = iostream; - while ((rc = mu_stream_ioctl (istr, - MU_IOCTL_TOPSTREAM, MU_IOCTL_OP_GET, - stream)) == 0 - && stream[1] == NULL) - { - tstr = istr; - istr = stream[0]; - mu_stream_unref (istr); - } - - if (rc) - { - mu_error ("%s", _("INTERNAL ERROR: cannot locate iostream")); - return 1; - } - - mu_stream_unref (stream[0]); - mu_stream_unref (stream[1]); - - rc = mu_tlsfd_stream2_convert (&tlsstream, stream[0], stream[1], - tls_conf, MU_TLS_SERVER); + rc = mu_starttls (&iostream, tls_conf, MU_TLS_SERVER); if (rc) + log_cipher (iostream); + else { - mu_error(_("cannot open TLS stream: %s"), mu_strerror (rc)); + mu_diag_funcall (MU_DIAG_ERROR, "mu_starttls", NULL, rc); if (rc == MU_ERR_TRANSPORT_SET) - { - mu_stream_destroy (&tlsstream); - /* iostream is unusable now */ - exit (EX_UNAVAILABLE); - } - return rc; - } - - stream[0] = tlsstream; - stream[1] = NULL; - rc = mu_stream_ioctl (tstr, MU_IOCTL_TOPSTREAM, MU_IOCTL_OP_SET, stream); - if (rc) - { - mu_error (_("INTERNAL ERROR: failed to install TLS stream: %s"), - mu_strerror (rc)); - exit (EX_UNAVAILABLE); + imap4d_bye (ERR_NO_IFILE); } - mu_stream_unref (tlsstream); - log_cipher (tlsstream); - - return 0; + return rc; } /* Status Code to String. */ diff --git a/include/mailutils/imapio.h b/include/mailutils/imapio.h index f2e163082..c9e9c822b 100644 --- a/include/mailutils/imapio.h +++ b/include/mailutils/imapio.h @@ -66,6 +66,9 @@ int mu_imapio_get_trace_payload (mu_imapio_t io); int mu_imapio_get_streams (mu_imapio_t io, mu_stream_t *streams); int mu_imapio_set_streams (mu_imapio_t io, mu_stream_t *streams); + +int mu_imapio_get_transport (mu_imapio_t io, mu_stream_t *pstream); +int mu_imapio_set_transport (mu_imapio_t io, mu_stream_t stream); int mu_imapio_getbuf (mu_imapio_t io, char **pptr, size_t *psize); diff --git a/include/mailutils/tls.h b/include/mailutils/tls.h index d189f7723..f5366aee3 100644 --- a/include/mailutils/tls.h +++ b/include/mailutils/tls.h @@ -76,6 +76,10 @@ mu_tlsfd_stream_convert (mu_stream_t *pstream, mu_stream_t tstr, return mu_tlsfd_stream2_convert (pstream, tstr, NULL, conf, type); } +int mu_starttls (mu_stream_t *pstream, struct mu_tls_config *conf, + enum mu_tls_type type); + + int mu_tls_stream_create (mu_stream_t *pstream, mu_stream_t strin, mu_stream_t strout, struct mu_tls_config const *conf, diff --git a/libmailutils/imapio/transport.c b/libmailutils/imapio/transport.c index 2df72f3bb..c6df4bc32 100644 --- a/libmailutils/imapio/transport.c +++ b/libmailutils/imapio/transport.c @@ -23,6 +23,27 @@ #include <mailutils/sys/imapio.h> int +mu_imapio_get_transport (struct _mu_imapio *io, mu_stream_t *pstream) +{ + if (!io) + return EINVAL; + if (io->_imap_stream) + mu_stream_ref (io->_imap_stream); + *pstream = io->_imap_stream; + return 0; +} + +int +mu_imapio_set_transport (mu_imapio_t io, mu_stream_t stream) +{ + if (!io) + return EINVAL; + io->_imap_stream = stream; + mu_stream_ref (stream); + return 0; +} + +int mu_imapio_get_streams (struct _mu_imapio *io, mu_stream_t *streams) { int rc; diff --git a/libmailutils/stream/iostream.c b/libmailutils/stream/iostream.c index 7b9eb50ed..9a3b7ca7d 100644 --- a/libmailutils/stream/iostream.c +++ b/libmailutils/stream/iostream.c @@ -405,6 +405,8 @@ mu_iostream_create (mu_stream_t *pref, mu_stream_t in, mu_stream_t out) mu_stream_ref (in); sp->transport[_MU_STREAM_INPUT] = in; + if (!out) + out = in; mu_stream_ref (out); sp->transport[_MU_STREAM_OUTPUT] = out; diff --git a/libmailutils/stream/tcp.c b/libmailutils/stream/tcp.c index 526a35bd1..621f39f87 100644 --- a/libmailutils/stream/tcp.c +++ b/libmailutils/stream/tcp.c @@ -50,8 +50,9 @@ struct _tcp_instance { struct _mu_stream stream; - int fd; - int state; + int fd; + int state; + int fd_borrowed; struct mu_sockaddr *remote_addr; struct mu_sockaddr *source_addr; }; @@ -62,7 +63,7 @@ _tcp_close (mu_stream_t stream) struct _tcp_instance *tcp = (struct _tcp_instance *)stream; int err = 0; - if (tcp->fd != -1) + if (tcp->fd != -1 && tcp->fd_borrowed) { if (close (tcp->fd) != 0) { @@ -169,14 +170,35 @@ _tcp_ioctl (mu_stream_t stream, int code, int opcode, void *ptr) ptrans[0] = (mu_transport_t) (intptr_t) tcp->fd; ptrans[1] = NULL; break; + case MU_IOCTL_OP_SET: - return ENOSYS; + tcp->fd = (int) (intptr_t) ptrans[0]; + break; + default: return EINVAL; } } break; + case MU_IOCTL_FD: + if (!ptr) + return EINVAL; + switch (opcode) + { + case MU_IOCTL_FD_GET_BORROW: + *(int*) ptr = tcp->fd_borrowed; + break; + + case MU_IOCTL_FD_SET_BORROW: + tcp->fd_borrowed = *(int*)ptr; + break; + + default: + return EINVAL; + } + break; + case MU_IOCTL_TCPSTREAM: switch (opcode) { diff --git a/libmailutils/stream/xscript-stream.c b/libmailutils/stream/xscript-stream.c index e4a98395d..08b1867f5 100644 --- a/libmailutils/stream/xscript-stream.c +++ b/libmailutils/stream/xscript-stream.c @@ -442,19 +442,25 @@ _xscript_ctl (struct _mu_stream *str, int code, int opcode, void *arg) mu_stream_t *pstr = arg; mu_stream_t tmp; - if (pstr[0] != pstr[1]) + if (pstr[1] == NULL) { - status = mu_iostream_create (&tmp, pstr[0], pstr[1]); - if (status) - return status; + tmp = pstr[0]; + mu_stream_ref (tmp); + status = 0; } - else + else if (pstr[0] == pstr[1]) { tmp = pstr[0]; mu_stream_ref (tmp); mu_stream_ref (tmp); status = 0; } + else + { + status = mu_iostream_create (&tmp, pstr[0], pstr[1]); + if (status) + return status; + } mu_stream_unref (sp->transport); sp->transport = tmp; diff --git a/libmu_auth/notls.c b/libmu_auth/notls.c index 273ed2bfa..0b2810eaf 100644 --- a/libmu_auth/notls.c +++ b/libmu_auth/notls.c @@ -15,6 +15,30 @@ mu_tls_stream_create (mu_stream_t *pstream, return ENOSYS; } +int +mu_tlsfd_stream_create (mu_stream_t *pstream, int ifd, int ofd, + struct mu_tls_config const *conf, + enum mu_tls_type type) +{ + return ENOSYS; +} + +int +mu_tlsfd_stream2_convert (mu_stream_t *pstream, + mu_stream_t istr, mu_stream_t ostr, + struct mu_tls_config const *conf, + enum mu_tls_type type) +{ + return ENOSYS; +} + +int +mu_starttls (mu_stream_t *pstream, struct mu_tls_config *conf, + enum mu_tls_type type) +{ + return ENOSYS; +} + void mu_deinit_tls_libs (void) { diff --git a/libmu_auth/tlsfdstr.c b/libmu_auth/tlsfdstr.c index abf756615..f9c0a19aa 100644 --- a/libmu_auth/tlsfdstr.c +++ b/libmu_auth/tlsfdstr.c @@ -7,6 +7,7 @@ #include <sys/types.h> #include <sys/select.h> #include <gnutls/gnutls.h> +#include <mailutils/nls.h> #include <mailutils/stream.h> #include <mailutils/errno.h> #include <mailutils/property.h> @@ -607,11 +608,14 @@ mu_tlsfd_stream_create (mu_stream_t *pstream, int ifd, int ofd, int rc; mu_stream_t stream; int session_type; + static struct mu_tls_config default_conf = { .handshake_timeout = 60 }; if (!pstream) return MU_ERR_OUT_PTR_NULL; if (!conf) - return EINVAL; + { + conf = &default_conf; + } if (!mu_init_tls_libs ()) return ENOSYS; @@ -685,6 +689,33 @@ mu_tlsfd_stream_create (mu_stream_t *pstream, int ifd, int ofd, return rc; } +static int +stream_reset_transport (mu_stream_t str) +{ + mu_transport_t t[2]; + int rc; + + t[0] = (mu_transport_t) -1; + t[1] = NULL; + rc = mu_stream_ioctl (str, MU_IOCTL_TRANSPORT, MU_IOCTL_OP_SET, t); + if (rc) + { + int b = 1; + mu_debug (MU_DEBCAT_TLS, MU_DEBUG_ERROR, + ("ioctl(str, MU_IOCTL_TRANSPORT, MU_IOCTL_OP_SET): %s", + mu_stream_strerror (str, rc))); + rc = mu_stream_ioctl (str, MU_IOCTL_FD, MU_IOCTL_FD_SET_BORROW, &b); + if (rc) + { + mu_debug (MU_DEBCAT_TLS, MU_DEBUG_ERROR, + ("ioctl(str, MU_IOCTL_FD, MU_IOCTL_FD_SET_BORROW): %s", + mu_stream_strerror (str, rc))); + return MU_ERR_TRANSPORT_SET; + } + } + return 0; +} + int mu_tlsfd_stream2_convert (mu_stream_t *pstream, mu_stream_t istr, mu_stream_t ostr, @@ -728,28 +759,109 @@ mu_tlsfd_stream2_convert (mu_stream_t *pstream, return rc; } - t[0] = (mu_transport_t) -1; - t[1] = NULL; - rc = mu_stream_ioctl (istr, MU_IOCTL_TRANSPORT, MU_IOCTL_OP_SET, t); + if (stream_reset_transport (istr)) + return MU_ERR_TRANSPORT_SET; + if (ostr) + { + if (stream_reset_transport (ostr)) + return MU_ERR_TRANSPORT_SET; + } + return 0; +} + +int +mu_starttls (mu_stream_t *pstream, struct mu_tls_config *conf, + enum mu_tls_type type) +{ + mu_stream_t transport; + mu_stream_t tlsstream, stream[2], tstr, istr; + int rc; + + if (!pstream || !*pstream) + return EINVAL; + + transport = *pstream; + mu_stream_flush (transport); + + /* + * Find the iostream. + * Unless transcript is enabled the iostream variable refers to a + * CRLF filter, and its sub-stream is the iostream object. If transcript + * is enabled, the transcript stream is added on top and iostream refers + * to it. + * + * The loop below uses the fact that iostream is the only stream in + * mailutils that returns *both* transport streams on MU_IOCTL_TOPSTREAM/ + * MU_IOCTL_OP_GET ioctl. Rest of streams that support MU_IOCTL_TOPSTREAM, + * return the transport stream in stream[0] and NULL in stream[1]. + */ + tstr = istr = transport; + while ((rc = mu_stream_ioctl (istr, + MU_IOCTL_TOPSTREAM, MU_IOCTL_OP_GET, + stream)) == 0 + && stream[1] == NULL) + { + tstr = istr; + istr = stream[0]; + mu_stream_unref (istr); + } + + switch (rc) + { + case 0: + /* OK */ + mu_stream_unref (stream[0]); + mu_stream_unref (stream[1]); + break; + + case ENOSYS: + /* There's no underlying stream. */ + tstr = NULL; + stream[0] = transport; + stream[1] = NULL; + break; + + default: + /* Error */ + mu_debug (MU_DEBCAT_TLS, MU_DEBUG_ERROR, + ("%s", _("INTERNAL ERROR: cannot locate I/O stream"))); + return MU_ERR_TRANSPORT_GET; + } + + rc = mu_tlsfd_stream2_convert (&tlsstream, stream[0], stream[1], conf, type); if (rc) { mu_debug (MU_DEBCAT_TLS, MU_DEBUG_ERROR, - ("ioctl(istr, MU_IOCTL_TRANSPORT, MU_IOCTL_OP_SET): %s", - mu_stream_strerror (istr, rc))); - return MU_ERR_TRANSPORT_SET; + (_("cannot open TLS stream: %s"), mu_strerror (rc))); + if (rc == MU_ERR_TRANSPORT_SET) + { + stream_reset_transport (tlsstream); + mu_stream_destroy (&tlsstream); + /* NOTE: iostream is unusable now */ + return MU_ERR_FAILURE; + } + return rc; } - if (ostr) + + if (tstr) { - t[0] = NULL; - t[1] = (mu_transport_t) -1; - rc = mu_stream_ioctl (ostr, MU_IOCTL_TRANSPORT, MU_IOCTL_OP_SET, t); + stream[0] = tlsstream; + stream[1] = NULL; + rc = mu_stream_ioctl (tstr, MU_IOCTL_TOPSTREAM, MU_IOCTL_OP_SET, stream); if (rc) { mu_debug (MU_DEBCAT_TLS, MU_DEBUG_ERROR, - ("ioctl(ostr, MU_IOCTL_TRANSPORT, MU_IOCTL_OP_SET): %s", - mu_stream_strerror (ostr, rc))); - return MU_ERR_TRANSPORT_SET; + (_("INTERNAL ERROR: failed to install TLS stream: %s"), + mu_strerror (rc))); + return MU_ERR_FAILURE; } + mu_stream_unref (tlsstream); } + else + { + mu_stream_destroy (&transport); + *pstream = tlsstream; + } + return 0; } diff --git a/libproto/imap/folder.c b/libproto/imap/folder.c index d99b5bc65..8df52b94f 100644 --- a/libproto/imap/folder.c +++ b/libproto/imap/folder.c @@ -138,14 +138,16 @@ _mu_imap_folder_open (mu_folder_t folder, int flags) if (tls) { mu_stream_t tlsstream; - - rc = mu_tls_client_stream_create (&tlsstream, transport, transport, 0); + + rc = mu_tlsfd_stream_convert (&tlsstream, transport, NULL, + MU_TLS_CLIENT); mu_stream_unref (transport); if (rc) { + if (rc == MU_ERR_TRANSPORT_SET) + mu_stream_destroy (&tlsstream); mu_debug (MU_DEBCAT_FOLDER, MU_DEBUG_ERROR, - (_("cannot create TLS stream: %s"), - mu_strerror (rc))); + ("cannot create TLS stream: %s", mu_strerror (rc))); return rc; } transport = tlsstream; @@ -153,7 +155,8 @@ _mu_imap_folder_open (mu_folder_t folder, int flags) #endif mu_imap_set_carrier (imap, transport); - + mu_stream_unref (transport); + if (mu_debug_level_p (MU_DEBCAT_FOLDER, MU_DEBUG_PROT) || mu_debug_level_p (MU_DEBCAT_MAILBOX, MU_DEBUG_PROT)) mu_imap_trace (imap, MU_IMAP_TRACE_SET); diff --git a/libproto/imap/starttls.c b/libproto/imap/starttls.c index 330c4e780..fcfa72896 100644 --- a/libproto/imap/starttls.c +++ b/libproto/imap/starttls.c @@ -32,7 +32,7 @@ mu_imap_starttls (mu_imap_t imap) { #ifdef WITH_TLS int status; - mu_stream_t tlsstream, streams[2]; + mu_stream_t transport; if (imap == NULL) return EINVAL; @@ -63,17 +63,15 @@ mu_imap_starttls (mu_imap_t imap) switch (imap->response) { case MU_IMAP_OK: - status = mu_imapio_get_streams (imap->io, streams); + status = mu_imapio_get_transport (imap->io, &transport); MU_IMAP_CHECK_EAGAIN (imap, status); - status = mu_tls_client_stream_create (&tlsstream, - streams[0], streams[1], 0); - mu_stream_unref (streams[0]); - mu_stream_unref (streams[1]); + mu_stream_unref (transport); + + status = mu_starttls (&transport, NULL, MU_TLS_CLIENT); MU_IMAP_CHECK_EAGAIN (imap, status); - streams[0] = streams[1] = tlsstream; - status = mu_imapio_set_streams (imap->io, streams); - mu_stream_unref (streams[0]); - mu_stream_unref (streams[1]); + + status = mu_imapio_set_transport (imap->io, transport); + mu_stream_unref (transport); MU_IMAP_CHECK_EAGAIN (imap, status); /* Invalidate the capability list */ mu_list_destroy (&imap->capa); diff --git a/libproto/mailer/smtp.c b/libproto/mailer/smtp.c index cb9ac0a6b..783ed5b9b 100644 --- a/libproto/mailer/smtp.c +++ b/libproto/mailer/smtp.c @@ -251,20 +251,23 @@ smtp_open (mu_mailer_t mailer, int flags) if (smtp_mailer->tls == MAILER_TLS_ALWAYS) { mu_stream_t tlsstream; - - rc = mu_tls_client_stream_create (&tlsstream, transport, transport, 0); + + rc = mu_tlsfd_stream_convert (&tlsstream, transport, NULL, + MU_TLS_CLIENT); mu_stream_unref (transport); if (rc) { - mu_debug (MU_DEBCAT_MAILER, MU_DEBUG_ERROR, - (_("cannot create TLS stream: %s"), - mu_strerror (rc))); - mu_sockaddr_free (sa); + if (rc == MU_ERR_TRANSPORT_SET) + { + mu_stream_destroy (&tlsstream); + mu_tls_enable = 0; + } + mu_debug (MU_DEBCAT_FOLDER, MU_DEBUG_ERROR, + ("cannot create TLS stream: %s", mu_strerror (rc))); if (mu_tls_enable) return rc; } - else - transport = tlsstream; + transport = tlsstream; } #endif mu_stream_set_buffer (transport, mu_buffer_line, 0); diff --git a/libproto/mailer/smtp_starttls.c b/libproto/mailer/smtp_starttls.c index 4db88be10..f31c16270 100644 --- a/libproto/mailer/smtp_starttls.c +++ b/libproto/mailer/smtp_starttls.c @@ -81,7 +81,6 @@ mu_smtp_starttls (mu_smtp_t smtp) { #ifdef WITH_TLS int status; - mu_stream_t tlsstream, streams[2]; if (!smtp) return EINVAL; @@ -101,19 +100,7 @@ mu_smtp_starttls (mu_smtp_t smtp) else if (smtp->replcode[0] != '2') return MU_ERR_FAILURE; - mu_stream_flush (smtp->carrier); - status = _mu_smtp_get_streams (smtp, streams); - MU_SMTP_CHECK_ERROR (smtp, status); - - status = mu_tls_client_stream_create (&tlsstream, - streams[0], streams[1], 0); - mu_stream_unref (streams[0]); - mu_stream_unref (streams[1]); - MU_SMTP_CHECK_ERROR (smtp, status); - streams[0] = streams[1] = tlsstream; - status = _mu_smtp_set_streams (smtp, streams); - mu_stream_unref (streams[0]); - mu_stream_unref (streams[1]); + status = mu_starttls (&smtp->carrier, NULL, MU_TLS_CLIENT); MU_SMTP_CHECK_ERROR (smtp, status); /* Invalidate the capability list */ mu_list_destroy (&smtp->capa); diff --git a/libproto/pop/mailbox.c b/libproto/pop/mailbox.c index 2f7f1028e..8ad38e3a4 100644 --- a/libproto/pop/mailbox.c +++ b/libproto/pop/mailbox.c @@ -140,17 +140,20 @@ pop_open (mu_mailbox_t mbox, int flags) #ifdef WITH_TLS if (mpd->pops) { - mu_stream_t newstr; - - status = mu_tls_client_stream_create (&newstr, stream, stream, 0); + mu_stream_t tlsstream; + + status = mu_tlsfd_stream_convert (&tlsstream, stream, NULL, + MU_TLS_CLIENT); mu_stream_unref (stream); if (status) { - mu_error ("pop_open: mu_tls_client_stream_create: %s", - mu_strerror (status)); + if (status == MU_ERR_TRANSPORT_SET) + mu_stream_destroy (&tlsstream); + mu_debug (MU_DEBCAT_FOLDER, MU_DEBUG_ERROR, + ("cannot create TLS stream: %s", mu_strerror (status))); return status; } - stream = newstr; + stream = tlsstream; } #endif /* WITH_TLS */ @@ -164,7 +167,8 @@ pop_open (mu_mailbox_t mbox, int flags) return status; } mu_pop3_set_carrier (mpd->pop3, stream); - + mu_stream_unref (stream); + if (mu_debug_level_p (MU_DEBCAT_MAILBOX, MU_DEBUG_PROT)) mu_pop3_trace (mpd->pop3, MU_POP3_TRACE_SET); if (mu_debug_level_p (MU_DEBCAT_MAILBOX, MU_DEBUG_TRACE6)) diff --git a/libproto/pop/pop3_stls.c b/libproto/pop/pop3_stls.c index a5a292776..d4653ca25 100644 --- a/libproto/pop/pop3_stls.c +++ b/libproto/pop/pop3_stls.c @@ -28,55 +28,6 @@ #include <mailutils/tls.h> #include <mailutils/list.h> -static int -pop3_get_streams (mu_pop3_t pop3, mu_stream_t *streams) -{ - int rc; - - if (MU_POP3_FISSET (pop3, MU_POP3_TRACE)) - rc = mu_stream_ioctl (pop3->carrier, MU_IOCTL_SUBSTREAM, - MU_IOCTL_OP_GET, streams); - else - { - streams[0] = pop3->carrier; - mu_stream_ref (streams[0]); - streams[1] = pop3->carrier; - mu_stream_ref (streams[1]); - rc = 0; - } - return rc; -} - -static int -pop3_set_streams (mu_pop3_t pop3, mu_stream_t *streams) -{ - int rc; - - if (MU_POP3_FISSET (pop3, MU_POP3_TRACE)) - rc = mu_stream_ioctl (pop3->carrier, MU_IOCTL_SUBSTREAM, - MU_IOCTL_OP_SET, streams); - else - { - mu_stream_t tmp; - - if (streams[0] == streams[1]) - { - tmp = streams[0]; - mu_stream_ref (tmp); - mu_stream_ref (tmp); - rc = 0; - } - else - rc = mu_iostream_create (&tmp, streams[0], streams[1]); - if (rc == 0) - { - mu_stream_unref (pop3->carrier); - pop3->carrier = tmp; - } - } - return rc; -} - /* * STLS * We have to assume that the caller check the CAPA and TLS was supported. @@ -86,7 +37,6 @@ mu_pop3_stls (mu_pop3_t pop3) { #ifdef WITH_TLS int status; - mu_stream_t tlsstream, streams[2]; /* Sanity checks. */ if (pop3 == NULL) @@ -107,17 +57,7 @@ mu_pop3_stls (mu_pop3_t pop3) pop3->state = MU_POP3_STLS_CONNECT; case MU_POP3_STLS_CONNECT: - status = pop3_get_streams (pop3, streams); - MU_POP3_CHECK_EAGAIN (pop3, status); - status = mu_tls_client_stream_create (&tlsstream, - streams[0], streams[1], 0); - mu_stream_unref (streams[0]); - mu_stream_unref (streams[1]); - MU_POP3_CHECK_EAGAIN (pop3, status); - streams[0] = streams[1] = tlsstream; - status = pop3_set_streams (pop3, streams); - mu_stream_unref (streams[0]); - mu_stream_unref (streams[1]); + status = mu_starttls (&pop3->carrier, NULL, MU_TLS_CLIENT); MU_POP3_CHECK_EAGAIN (pop3, status); /* Invalidate the capability list */ mu_list_destroy (&pop3->capa); diff --git a/mu/libexec/imap.c b/mu/libexec/imap.c index 7d4b75a84..d7289dd03 100644 --- a/mu/libexec/imap.c +++ b/mu/libexec/imap.c @@ -521,12 +521,15 @@ com_connect (int argc, char **argv) if (tls) { mu_stream_t tlsstream; - - status = mu_tls_client_stream_create (&tlsstream, tcp, tcp, 0); + + status = mu_tlsfd_stream_convert (&tlsstream, tcp, NULL, + MU_TLS_CLIENT); mu_stream_unref (tcp); if (status) { - mu_error (_("cannot create TLS stream: %s"), + if (status == MU_ERR_TRANSPORT_SET) + mu_stream_destroy (&tlsstream); + mu_error ("cannot create TLS stream: %s", mu_strerror (status)); return 0; } @@ -534,7 +537,8 @@ com_connect (int argc, char **argv) } #endif mu_imap_set_carrier (imap, tcp); - + mu_stream_unref (tcp); + if (QRY_VERBOSE ()) { imap_set_verbose (); diff --git a/mu/libexec/pop.c b/mu/libexec/pop.c index 625096aac..ffcf85443 100644 --- a/mu/libexec/pop.c +++ b/mu/libexec/pop.c @@ -476,11 +476,14 @@ com_connect (int argc, char **argv) if (tls) { mu_stream_t tlsstream; - - status = mu_tls_client_stream_create (&tlsstream, tcp, tcp, 0); + + status = mu_tlsfd_stream_convert (&tlsstream, tcp, NULL, + MU_TLS_CLIENT); mu_stream_unref (tcp); if (status) { + if (status == MU_ERR_TRANSPORT_SET) + mu_stream_destroy (&tlsstream); mu_error ("cannot create TLS stream: %s", mu_strerror (status)); return 0; @@ -490,6 +493,7 @@ com_connect (int argc, char **argv) #endif mu_pop3_set_carrier (pop3, tcp); status = mu_pop3_connect (pop3); + mu_stream_unref (tcp); } else { diff --git a/mu/libexec/smtp.c b/mu/libexec/smtp.c index 0091bdd67..824cfdc39 100644 --- a/mu/libexec/smtp.c +++ b/mu/libexec/smtp.c @@ -211,11 +211,14 @@ com_connect (int argc, char **argv) if (tls) { mu_stream_t tlsstream; - - status = mu_tls_client_stream_create (&tlsstream, tcp, tcp, 0); + + status = mu_tlsfd_stream_convert (&tlsstream, tcp, NULL, + MU_TLS_CLIENT); mu_stream_unref (tcp); if (status) { + if (status == MU_ERR_TRANSPORT_SET) + mu_stream_destroy (&tlsstream); mu_error ("cannot create TLS stream: %s", mu_strerror (status)); return 0; @@ -224,6 +227,7 @@ com_connect (int argc, char **argv) } #endif mu_smtp_set_carrier (smtp, tcp); + mu_stream_unref (tcp); status = smtp_error_handler (mu_smtp_open (smtp)); } else diff --git a/pop3d/extra.c b/pop3d/extra.c index a21785a5a..526364a8d 100644 --- a/pop3d/extra.c +++ b/pop3d/extra.c @@ -233,72 +233,22 @@ pop3d_setio (int ifd, int ofd, struct mu_tls_config *tls_conf) int pop3d_init_tls_server (struct mu_tls_config *tls_conf) { - mu_stream_t tlsstream, stream[2], tstr, istr; int rc; - /* - * Find the iostream. - * Unless transcript is enabled the iostream variable refers to a - * CRLF filter, and its sub-stream is the iostream object. If transcript - * is enabled, the treanscript stream is added on top and iostream refers - * to it. - * - * The loop below uses the fact that iostream is the only stream in - * mailutils that returns *both* transport streams on MU_IOCTL_TOPSTREAM/ - * MU_IOCTL_OP_GET ioctl. Rest of streams that support MU_IOCTL_TOPSTREAM, - * return the transport stream in stream[0] and NULL in stream[1]. - */ - tstr = NULL; - istr = iostream; - while ((rc = mu_stream_ioctl (istr, - MU_IOCTL_TOPSTREAM, MU_IOCTL_OP_GET, - stream)) == 0 - && stream[1] == NULL) - { - tstr = istr; - istr = stream[0]; - mu_stream_unref (istr); - } - - if (rc) - { - mu_error ("%s", _("INTERNAL ERROR: cannot locate iostream")); - return 1; - } - - mu_stream_unref (stream[0]); - mu_stream_unref (stream[1]); - - rc = mu_tlsfd_stream2_convert (&tlsstream, stream[0], stream[1], - tls_conf, MU_TLS_SERVER); + rc = mu_starttls (&iostream, tls_conf, MU_TLS_SERVER); if (rc) + log_cipher (iostream); + else { - mu_error(_("cannot open TLS stream: %s"), mu_strerror (rc)); + mu_diag_funcall (MU_DIAG_ERROR, "mu_starttls", NULL, rc); if (rc == MU_ERR_TRANSPORT_SET) - { - mu_stream_destroy (&tlsstream); - /* iostream is unusable now */ - exit (EX_UNAVAILABLE); - } - return rc; - } - - stream[0] = tlsstream; - stream[1] = NULL; - rc = mu_stream_ioctl (tstr, MU_IOCTL_TOPSTREAM, MU_IOCTL_OP_SET, stream); - if (rc) - { - mu_error (_("INTERNAL ERROR: failed to install TLS stream: %s"), - mu_strerror (rc)); - exit (EX_UNAVAILABLE); + pop3d_abquit (ERR_FILE); } - mu_stream_unref (tlsstream); - log_cipher (tlsstream); - return 0; + return rc; } void -pop3d_bye () +pop3d_bye (void) { mu_stream_close (iostream); mu_stream_destroy (&iostream); |