/*
* piler-smtp.c
*/
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <unistd.h>
#include <fcntl.h>
#include <sys/types.h>
#include <sys/socket.h>
#include <arpa/inet.h>
#include <netdb.h>
#include <pwd.h>
#include <sys/ioctl.h>
#include <signal.h>
#include <sys/epoll.h>
#include <netinet/in.h>
#include <locale.h>
#include <errno.h>
#include <sys/time.h>
#include <time.h>
#include <syslog.h>
#include <openssl/ssl.h>
#include <openssl/err.h>
#include <piler.h>
#define PROGNAME "piler-smtp"
extern char *optarg;
extern int optind;
struct epoll_event event, *events=NULL;
int timeout = 20; // checking for timeout this often [sec]
int num_connections = 0;
int listenerfd = -1;
char *configfile = CONFIG_FILE;
struct __config cfg;
struct passwd *pwd;
struct smtp_session *session, **sessions=NULL;
void handle_data(struct smtp_session *session, char *readbuf, int readlen){
char *p, puf[MAXBUFSIZE];
int result;
// process BDAT stuff
if(session->protocol_state == SMTP_STATE_BDAT){
if(session->bad == 1){
// something bad happened in the BDAT processing
return;
}
process_bdat(session, readbuf, readlen);
}
// process DATA
else if(session->protocol_state == SMTP_STATE_DATA){
process_data(session, readbuf, readlen);
}
// process other SMTP commands
else {
//printf("len=%d, buf=*%s*\n\n\n", readlen, readbuf);
if(session->buflen > 0){
snprintf(puf, sizeof(puf)-1, "%s%s", session->buf, readbuf);
snprintf(readbuf, BIGBUFSIZE-1, "%s", puf);
session->buflen = 0;
memset(session->buf, 0, SMALLBUFSIZE);
}
p = readbuf;
do {
memset(puf, 0, sizeof(puf));
p = split(p, '\n', puf, sizeof(puf)-1, &result);
if(puf[0] == '\0') continue;
if(result == 1){
process_smtp_command(session, puf);
// if chunking is enabled and we have data after BDAT <len>
// then process the rest
if(session->cfg->enable_chunking == 1 && p && session->protocol_state == SMTP_STATE_BDAT){
process_bdat(session, p, strlen(p));
break;
}
}
else {
snprintf(session->buf, SMALLBUFSIZE-1, "%s", puf);
session->buflen = strlen(puf);
}
} while(p);
}
}
void init_smtp_session(struct smtp_session *session, int slot, int sd){
session->slot = slot;
session->socket = sd;
session->buflen = 0;
session->protocol_state = SMTP_STATE_INIT;
session->cfg = &cfg;
session->use_ssl = 0; // use SSL/TLS
session->starttls = 0; // SSL/TLS communication is active (1) or not (0)
session->ctx = NULL;
session->ssl = NULL;
memset(session->buf, 0, SMALLBUFSIZE);
memset(session->remote_host, 0, INET6_ADDRSTRLEN);
reset_bdat_counters(session);
time(&(session->lasttime));
}
void free_smtp_session(struct smtp_session *session){
if(session){
if(session->use_ssl == 1){
SSL_shutdown(session->ssl);
SSL_free(session->ssl);
}
if(session->ctx) SSL_CTX_free(session->ctx);
free(session);
}
}
void p_clean_exit(){
int i;
if(listenerfd != -1) close(listenerfd);
for(i=0; i<cfg.max_connections; i++){
if(sessions[i]) free_smtp_session(sessions[i]);
}
if(sessions) free(sessions);
if(events) free(events);
syslog(LOG_PRIORITY, "%s has been terminated", PROGNAME);
//unlink(cfg.pidfile);
ERR_free_strings();
exit(1);
}
void fatal(char *s){
syslog(LOG_PRIORITY, "%s", s);
p_clean_exit();
}
int get_session_slot(){
int i;
for(i=0; i<cfg.max_connections; i++){
if(sessions[i] == NULL) return i;
}
return -1;
}
struct smtp_session *get_session_by_socket(int socket){
int i;
for(i=0; i<cfg.max_connections; i++){
if(sessions[i] && sessions[i]->socket == socket) return sessions[i];
}
return NULL;
}
void tear_down_client(int slot){
syslog(LOG_PRIORITY, "disconnected from %s", sessions[slot]->remote_host);
close(sessions[slot]->socket);
free_smtp_session(sessions[slot]);
sessions[slot] = NULL;
num_connections--;
}
void check_for_client_timeout(){
time_t now;
int i;
if(num_connections > 0){
time(&now);
for(i=0; i<cfg.max_connections; i++){
if(sessions[i] && now - sessions[i]->lasttime >= cfg.smtp_timeout){
syslog(LOG_PRIORITY, "client %s timeout", sessions[i]->remote_host);
tear_down_client(sessions[i]->slot);
}
}
}
alarm(timeout);
}
#ifdef HAVE_LIBWRAP
int is_blocked_by_tcp_wrappers(int sd){
struct request_info req;
request_init(&req, RQ_DAEMON, PROGNAME, RQ_FILE, sd, 0);
fromhost(&req);
if(!hosts_access(&req)){
send(sd, SMTP_RESP_550_ERR_YOU_ARE_BANNED_BY_LOCAL_POLICY, strlen(SMTP_RESP_550_ERR_YOU_ARE_BANNED_BY_LOCAL_POLICY), 0);
syslog(LOG_PRIORITY, "denied connection from %s by tcp_wrappers", eval_client(&req));
return 1;
}
return 0;
}
#endif
int start_new_session(int socket){
char smtp_banner[SMALLBUFSIZE];
int slot;
// Uh-oh! We have enough connections to serve already
if(num_connections >= cfg.max_connections){
syslog(LOG_PRIORITY, "too many connections (%d), cannot accept socket %d", num_connections, socket);
send(socket, SMTP_RESP_421_ERR_ALL_PORTS_ARE_BUSY, strlen(SMTP_RESP_421_ERR_ALL_PORTS_ARE_BUSY), 0);
close(socket);
return -1;
}
#ifdef HAVE_LIBWRAP
if(is_blocked_by_tcp_wrappers(socket) == 1){
close(socket);
return -1;
}
#endif
slot = get_session_slot();
syslog(LOG_PRIORITY, "INFO: found slot: %d", slot);
if(slot >= 0 && sessions[slot] == NULL){
sessions[slot] = malloc(sizeof(struct smtp_session));
if(sessions[slot]){
init_smtp_session(sessions[slot], slot, socket);
snprintf(smtp_banner, sizeof(smtp_banner)-1, SMTP_RESP_220_BANNER, cfg.hostid);
send(socket, smtp_banner, strlen(smtp_banner), 0);
num_connections++;
return 0;
}
else {
syslog(LOG_PRIORITY, "ERROR: malloc() in start_new_session()");
}
}
else {
syslog(LOG_PRIORITY, "ERROR: couldn't find a slot for the connection");
}
send(socket, SMTP_RESP_421_ERR_TMP, strlen(SMTP_RESP_421_ERR_TMP), 0);
close(socket);
return -1;
}
void initialise_configuration(){
cfg = read_config(configfile);
if(strlen(cfg.username) > 1){
pwd = getpwnam(cfg.username);
if(!pwd) fatal(ERR_NON_EXISTENT_USER);
}
if(getuid() == 0 && pwd){
check_and_create_directories(&cfg, pwd->pw_uid, pwd->pw_gid);
}
if(chdir(cfg.workdir)){
syslog(LOG_PRIORITY, "workdir: *%s*", cfg.workdir);
fatal(ERR_CHDIR);
}
setlocale(LC_MESSAGES, cfg.locale);
setlocale(LC_CTYPE, cfg.locale);
syslog(LOG_PRIORITY, "reloaded config: %s", configfile);
}
int main(int argc, char **argv){
int listenerfd, client_sockfd;
int i, n, daemonise=0;
int client_len = sizeof(struct sockaddr_storage);
struct sockaddr_storage client_address;
char hbuf[NI_MAXHOST], sbuf[NI_MAXSERV];
char readbuf[BIGBUFSIZE];
int efd;
while((i = getopt(argc, argv, "c:dvVh")) > 0){
switch(i){
case 'c' :
configfile = optarg;
break;
case 'd' :
daemonise = 1;
break;
case 'v' :
case 'V' :
printf("%s build %d\n", VERSION, get_build());
return 0;
case 'h' :
default :
__fatal("usage: ...");
}
}
(void) openlog(PROGNAME, LOG_PID, LOG_MAIL);
initialise_configuration();
listenerfd = create_and_bind(cfg.listen_addr, cfg.listen_port);
if(listenerfd == -1){
exit(1);
}
if(make_socket_non_blocking(listenerfd) == -1){
fatal("make_socket_non_blocking()");
}
if(listen(listenerfd, cfg.backlog) == -1){
fatal("ERROR: listen()");
}
if(drop_privileges(pwd)) fatal(ERR_SETUID);
efd = epoll_create1(0);
if(efd == -1){
fatal("ERROR: epoll_create()");
}
event.data.fd = listenerfd;
event.events = EPOLLIN | EPOLLET;
if(epoll_ctl(efd, EPOLL_CTL_ADD, listenerfd, &event) == -1){
fatal("ERROR: epoll_ctl() on efd");
}
set_signal_handler(SIGINT, p_clean_exit);
set_signal_handler(SIGTERM, p_clean_exit);
set_signal_handler(SIGALRM, check_for_client_timeout);
set_signal_handler(SIGHUP, initialise_configuration);
alarm(timeout);
// calloc() initialitizes the allocated memory
sessions = calloc(cfg.max_connections, sizeof(struct smtp_session));
events = calloc(cfg.max_connections, sizeof(struct epoll_event));
if(!sessions || !events) fatal("ERROR: calloc()");
SSL_library_init();
SSL_load_error_strings();
srand(getpid());
syslog(LOG_PRIORITY, "%s %s, build %d starting", PROGNAME, VERSION, get_build());
#if HAVE_DAEMON == 1
if(daemonise == 1 && daemon(1, 0) == -1) fatal(ERR_DAEMON);
#endif
for(;;){
n = epoll_wait(efd, events, cfg.max_connections, -1);
for(i=0; i<n; i++){
if((events[i].events & EPOLLERR) || (events[i].events & EPOLLHUP) || (!(events[i].events & EPOLLIN))){
syslog(LOG_PRIORITY, "ERROR: epoll error");
close(events[i].data.fd);
// we have to tear_down_client as well if not the listening socket?
continue;
}
// We have 1 or more incoming connections to process
else if(listenerfd == events[i].data.fd){
while(1){
client_sockfd = accept(listenerfd, (struct sockaddr *)&client_address, (socklen_t *)&client_len);
if(client_sockfd == -1){
if((errno == EAGAIN) || (errno == EWOULDBLOCK)){
// We have processed all incoming connections
break;
}
else {
syslog(LOG_PRIORITY, "ERROR: accept()");
break;
}
}
if(getnameinfo((struct sockaddr *)&client_address, client_len, hbuf, sizeof(hbuf), sbuf, sizeof(sbuf), NI_NUMERICHOST | NI_NUMERICSERV) == 0){
syslog(LOG_PRIORITY, "connected from %s:%s on descriptor %d", hbuf, sbuf, client_sockfd);
}
if(make_socket_non_blocking(client_sockfd) == -1){
syslog(LOG_PRIORITY, "ERROR: cannot make the socket non blocking");
break;
}
event.data.fd = client_sockfd;
event.events = EPOLLIN | EPOLLET;
if(epoll_ctl(efd, EPOLL_CTL_ADD, client_sockfd, &event) == -1){
syslog(LOG_PRIORITY, "ERROR: epoll_ctl() on client_sockfd");
break;
}
start_new_session(client_sockfd);
}
continue;
}
// handle data from an existing connection
else {
int done = 0;
ssize_t count;
// should the following work here as well?
// ioctl(events[i].data.fd, FIONREAD, &bytes_to_read);
session = get_session_by_socket(events[i].data.fd);
if(session == NULL){
syslog(LOG_PRIORITY, "ERROR: cannot find session for this socket: %d", events[i].data.fd);
close(events[i].data.fd);
continue;
}
time(&(session->lasttime));
while(1){
memset(readbuf, 0, sizeof(readbuf));
if(session->use_ssl == 1)
count = SSL_read(session->ssl, (char*)&readbuf[0], sizeof(readbuf)-1);
else
count = read(events[i].data.fd, (char*)&readbuf[0], sizeof(readbuf)-1);
if(cfg.verbosity >= _LOG_DEBUG) syslog(LOG_PRIORITY, "got %ld bytes to read", count);
if(count == -1){
/* If errno == EAGAIN, that means we have read all data. So go back to the main loop. */
if(errno != EAGAIN){
syslog(LOG_PRIORITY, "read");
done = 1;
}
break;
}
else if(count == 0){
/* End of file. The remote has closed the connection. */
done = 1;
break;
}
handle_data(session, &readbuf[0], count);
if(session->protocol_state == SMTP_STATE_BDAT && session->bad == 1){
tear_down_client(session->slot);
done = 0; // to prevent the repeated tear down of connection
break;
}
}
if(done){
printf("Closed connection on descriptor %d\n", events[i].data.fd);
/* Closing the descriptor will make epoll remove it from the set of descriptors which are monitored. */
//close(events[i].data.fd);
tear_down_client(session->slot);
}
}
}
}
return 0;
}
