milterfrom.c 7.4 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273
  1. /*
  2. * Argument parser
  3. *
  4. * Copyright (c) 2017, Max von Buelow
  5. * All rights reserved.
  6. * Contact: https://maxvonbuelow.de
  7. *
  8. * This file is part of the MilterFrom project.
  9. * https://github.com/magcks/milterfrom
  10. *
  11. * Redistribution and use in source and binary forms, with or without
  12. * modification, are permitted provided that the following conditions are met:
  13. * * Redistributions of source code must retain the above copyright
  14. * notice, this list of conditions and the following disclaimer.
  15. * * Redistributions in binary form must reproduce the above copyright
  16. * notice, this list of conditions and the following disclaimer in the
  17. * documentation and/or other materials provided with the distribution.
  18. * * Neither the name of the copyright holder nor the
  19. * names of its contributors may be used to endorse or promote products
  20. * derived from this software without specific prior written permission.
  21. *
  22. * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
  23. * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
  24. * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
  25. * DISCLAIMED. IN NO EVENT SHALL <COPYRIGHT HOLDER> BE LIABLE FOR ANY
  26. * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
  27. * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
  28. * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
  29. * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
  30. * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
  31. * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  32. */
  33. #include <sys/types.h>
  34. #include <sys/stat.h>
  35. #include <stdio.h>
  36. #include <stdlib.h>
  37. #include <string.h>
  38. #include <sysexits.h>
  39. #include <unistd.h>
  40. #include <errno.h>
  41. #include <pwd.h>
  42. #include <grp.h>
  43. #include "libmilter/mfapi.h"
  44. #include "libmilter/mfdef.h"
  45. struct mlfiPriv
  46. {
  47. int is_auth;
  48. char *env_from;
  49. int env_from_len;
  50. int reject;
  51. };
  52. #define MLFIPRIV ((struct mlfiPriv*)smfi_getpriv(ctx))
  53. static unsigned long mta_caps = 0;
  54. // Function to extract addresses from the header/envelope fields.
  55. // If the field contains a < with a subsequent >, the inner part is used. If not, the whole header field is used. This allows matching "Max Mustermann <max.mustermann@example.invalid>" matching.
  56. const char *parse_address(const char *address, int *len)
  57. {
  58. int inlen = strlen(address);
  59. int pos_open = -1, pos_close = -1;
  60. int i;
  61. for (i = 0; i < inlen; ++i) {
  62. if (address[i] == '<') pos_open = i;
  63. else if (address[i] == '>') pos_close = i;
  64. }
  65. if (pos_open != -1 && pos_close != -1 && pos_open < pos_close) {
  66. *len = pos_close - pos_open - 1;
  67. return address + pos_open + 1;
  68. } else {
  69. *len = inlen;
  70. return address;
  71. }
  72. }
  73. void mlfi_cleanup(SMFICTX *ctx)
  74. {
  75. struct mlfiPriv *priv = MLFIPRIV;
  76. if (priv == NULL) return;
  77. free(priv->env_from);
  78. free(priv);
  79. smfi_setpriv(ctx, NULL);
  80. }
  81. sfsistat mlfi_envfrom(SMFICTX *ctx, char **envfrom)
  82. {
  83. struct mlfiPriv *priv;
  84. // Allocate some private memory.
  85. priv = malloc(sizeof *priv);
  86. if (priv == NULL) return SMFIS_TEMPFAIL;
  87. memset(priv, '\0', sizeof *priv);
  88. // Parse envelope from.
  89. int len;
  90. const char *from = parse_address(*envfrom, &len);
  91. char *fromcp = strndup(from, len);
  92. if (fromcp == NULL) return SMFIS_TEMPFAIL;
  93. // Set private values.
  94. priv->is_auth = smfi_getsymval(ctx, "{auth_type}") ? 1 : 0;
  95. priv->env_from = fromcp;
  96. priv->env_from_len = len;
  97. priv->reject = 0;
  98. smfi_setpriv(ctx, priv);
  99. return SMFIS_CONTINUE;
  100. }
  101. sfsistat mlfi_header(SMFICTX *ctx, char *headerf, char *headerv)
  102. {
  103. struct mlfiPriv *priv = MLFIPRIV;
  104. // Perform checks if the sender is authenticated and the message is not rejected yet (the mail may contain multiple from tags, all have to match!).
  105. if (priv->is_auth && !priv->reject) {
  106. if (strcasecmp(headerf, "from") == 0) {
  107. int len;
  108. const char *from = parse_address(headerv, &len);
  109. // Check whether header from matches envelope from and reject if not.
  110. if (len != priv->env_from_len || strncasecmp(from, priv->env_from, len) != 0) priv->reject = 1;
  111. }
  112. }
  113. return ((mta_caps & SMFIP_NR_HDR) != 0) ? SMFIS_NOREPLY : SMFIS_CONTINUE;
  114. }
  115. sfsistat
  116. mlfi_eom(SMFICTX *ctx)
  117. {
  118. struct mlfiPriv *priv = MLFIPRIV;
  119. if (priv->reject) {
  120. smfi_setreply(ctx, "550", "5.7.1", "Rejected due to unmatching envelope and header sender.");
  121. mlfi_cleanup(ctx);
  122. return SMFIS_REJECT;
  123. }
  124. mlfi_cleanup(ctx);
  125. return SMFIS_CONTINUE;
  126. }
  127. sfsistat
  128. mlfi_abort(SMFICTX *ctx)
  129. {
  130. mlfi_cleanup(ctx);
  131. return SMFIS_CONTINUE;
  132. }
  133. sfsistat
  134. mlfi_negotiate(SMFICTX *ctx, unsigned long f0, unsigned long f1, unsigned long f2, unsigned long f3, unsigned long *pf0, unsigned long *pf1, unsigned long *pf2, unsigned long *pf3)
  135. {
  136. *pf0 = 0;
  137. /* milter protocol steps: all but connect, HELO, RCPT */
  138. *pf1 = SMFIP_NOCONNECT|SMFIP_NOHELO|SMFIP_NORCPT;
  139. mta_caps = f1;
  140. if ((mta_caps & SMFIP_NR_HDR) != 0) *pf1 |= SMFIP_NR_HDR;
  141. *pf2 = 0;
  142. *pf3 = 0;
  143. return SMFIS_CONTINUE;
  144. }
  145. struct smfiDesc smfilter =
  146. {
  147. "Header from check", /* filter name */
  148. SMFI_VERSION, /* version code -- do not change */
  149. 0, /* flags */
  150. NULL, /* connection info filter */
  151. NULL, /* SMTP HELO command filter */
  152. mlfi_envfrom, /* envelope sender filter */
  153. NULL, /* envelope recipient filter */
  154. mlfi_header, /* header filter */
  155. NULL, /* end of header */
  156. NULL, /* body block filter */
  157. mlfi_eom, /* end of message */
  158. mlfi_abort, /* message aborted */
  159. NULL, /* connection cleanup */
  160. NULL, /* unknown/unimplemented SMTP commands */
  161. NULL, /* DATA command filter */
  162. mlfi_negotiate /* option negotiation at connection startup */
  163. };
  164. uid_t get_uid(const char *name)
  165. {
  166. struct passwd *pwd = getpwnam(name);
  167. return pwd == NULL ? -1 : pwd->pw_uid;
  168. }
  169. gid_t get_gid(const char *name)
  170. {
  171. struct group *grp = getgrnam(name);
  172. return grp == NULL ? -1 : grp->gr_gid;
  173. }
  174. int main(int argc, char **argv)
  175. {
  176. int c, daemonize = 0;
  177. uid_t uid = -1; gid_t gid = -1;
  178. mode_t um = -1;
  179. char *pidfilename = NULL, *sockname = NULL;
  180. FILE *pidfile = NULL;
  181. while ((c = getopt(argc, argv, "ds:p:u:g:m:")) != -1) {
  182. switch (c) {
  183. case 's':
  184. sockname = strdup(optarg);
  185. break;
  186. case 'p':
  187. pidfilename = strdup(optarg);
  188. break;
  189. case 'd':
  190. daemonize = 1;
  191. break;
  192. case 'u':
  193. uid = get_uid(optarg);
  194. break;
  195. case 'g':
  196. gid = get_gid(optarg);
  197. break;
  198. case 'm':
  199. um = strtol(optarg, 0, 8);
  200. break;
  201. }
  202. }
  203. if (!sockname) {
  204. fprintf(stderr, "%s: Missing required -s argument\n", argv[0]);
  205. exit(EX_USAGE);
  206. }
  207. if (pidfilename) {
  208. unlink(pidfilename);
  209. pidfile = fopen(pidfilename, "w");
  210. if (!pidfile)
  211. {
  212. fprintf(stderr, "Could not open pidfile: %s\n", strerror(errno));
  213. exit(1);
  214. }
  215. free(pidfilename);
  216. }
  217. if (um != (mode_t)-1) umask(um);
  218. if (gid != (gid_t)-1) setgid(gid);
  219. if (uid != (uid_t)-1) setuid(uid);
  220. if (daemonize) {
  221. if (daemon(0, 0) == -1) {
  222. fprintf(stderr, "daemon() failed: %s\n", strerror(errno));
  223. exit(EXIT_FAILURE);
  224. }
  225. }
  226. if (pidfile) {
  227. fprintf(pidfile, "%ld\n", (long)getpid());
  228. fclose(pidfile);
  229. }
  230. struct stat junk;
  231. if (stat(sockname, &junk) == 0) unlink(sockname);
  232. smfi_setconn(sockname);
  233. free(sockname);
  234. if (smfi_register(smfilter) == MI_FAILURE) {
  235. fprintf(stderr, "smfi_register failed\n");
  236. exit(EX_UNAVAILABLE);
  237. }
  238. return smfi_main();
  239. }