1 /*************************************************
2 * Exim - an Internet mail transport agent *
3 *************************************************/
5 /* Copyright (c) University of Cambridge 1995 - 2018 */
6 /* Copyright (c) The Exim Maintainers 2020 */
7 /* See the file NOTICE for conditions of use and distribution. */
9 /* This module provides TLS (aka SSL) support for Exim. The code for OpenSSL is
10 based on a patch that was originally contributed by Steve Haslam. It was
11 adapted from stunnel, a GPL program by Michal Trojnara. The code for GNU TLS is
12 based on a patch contributed by Nikos Mavrogiannopoulos. Because these packages
13 are so very different, the functions for each are kept in separate files. The
14 relevant file is #included as required, after any any common functions.
16 No cryptographic code is included in Exim. All this module does is to call
17 functions from the OpenSSL or GNU TLS libraries. */
21 #include "transports/smtp.h"
23 #if !defined(DISABLE_TLS) && !defined(USE_OPENSSL) && !defined(USE_GNUTLS)
24 # error One of USE_OPENSSL or USE_GNUTLS must be defined for a TLS build
28 #if defined(MACRO_PREDEF) && !defined(DISABLE_TLS)
29 # include "macro_predef.h"
33 # include "tls-openssl.c"
39 static void tls_per_lib_daemon_init(void);
40 static void tls_per_lib_daemon_tick(void);
41 static unsigned tls_server_creds_init(void);
42 static void tls_server_creds_invalidate(void);
43 static void tls_client_creds_init(transport_instance *, BOOL);
44 static void tls_client_creds_invalidate(transport_instance *);
45 static void tls_daemon_creds_reload(void);
46 static BOOL opt_set_and_noexpand(const uschar *);
47 static BOOL opt_unset_or_noexpand(const uschar *);
51 /* This module is compiled only when it is specifically requested in the
52 build-time configuration. However, some compilers don't like compiling empty
53 modules, so keep them happy with a dummy when skipping the rest. Make it
54 reference itself to stop picky compilers complaining that it is unused, and put
55 in a dummy argument to stop even pickier compilers complaining about infinite
59 static void dummy(int x) { dummy(x-1); }
60 #else /* most of the rest of the file */
62 const exim_tlslib_state null_tls_preload = {0};
64 /* Static variables that are used for buffering data by both sets of
65 functions and the common functions below.
67 We're moving away from this; GnuTLS is already using a state, which
68 can switch, so we can do TLS callouts during ACLs. */
70 static const int ssl_xfer_buffer_size = 4096;
72 static uschar *ssl_xfer_buffer = NULL;
73 static int ssl_xfer_buffer_lwm = 0;
74 static int ssl_xfer_buffer_hwm = 0;
75 static int ssl_xfer_eof = FALSE;
76 static BOOL ssl_xfer_error = FALSE;
79 #ifdef EXIM_HAVE_KEVENT
80 # define KEV_SIZE 16 /* Eight file,dir pairs */
81 static struct kevent kev[KEV_SIZE];
82 static int kev_used = 0;
85 static unsigned tls_creds_expire = 0;
87 /*************************************************
88 * Expand string; give error on failure *
89 *************************************************/
91 /* If expansion is forced to fail, set the result NULL and return TRUE.
92 Other failures return FALSE. For a server, an SMTP response is given.
95 s the string to expand; if NULL just return TRUE
96 name name of string being expanded (for error)
97 result where to put the result
99 Returns: TRUE if OK; result may still be NULL after forced failure
103 expand_check(const uschar *s, const uschar *name, uschar **result, uschar ** errstr)
107 else if ( !(*result = expand_string(US s)) /* need to clean up const more */
108 && !f.expand_string_forcedfail
111 *errstr = US"Internal error";
112 log_write(0, LOG_MAIN|LOG_PANIC, "expansion of %s failed: %s", name,
113 expand_string_message);
120 #if defined(EXIM_HAVE_INOTIFY) || defined(EXIM_HAVE_KEVENT)
121 /* Add the directory for a filename to the inotify handle, creating that if
122 needed. This is enough to see changes to files in that dir.
123 Return boolean success.
125 The word "system" fails, which is on the safe side as we don't know what
126 directory it implies nor if the TLS library handles a watch for us.
128 The string "system,cache" is recognised and explicitly accepted without
129 setting a watch. This permits the system CA bundle to be cached even though
130 we have no way to tell when it gets modified by an update.
131 The call chain for OpenSSL uses a (undocumented) call into the library
132 to discover the actual file. We don't know what GnuTLS uses.
134 A full set of caching including the CAs takes 35ms output off of the
135 server tls_init() (GnuTLS, Fedora 32, 2018-class x86_64 laptop hardware).
138 tls_set_one_watch(const uschar * filename)
139 # ifdef EXIM_HAVE_INOTIFY
143 if (Ustrcmp(filename, "system,cache") == 0) return TRUE;
145 if (!(s = Ustrrchr(filename, '/'))) return FALSE;
146 s = string_copyn(filename, s - filename); /* mem released by tls_set_watch */
147 DEBUG(D_tls) debug_printf("watch dir '%s'\n", s);
149 /*XXX unclear what effect symlinked files will have for inotify */
151 if (inotify_add_watch(tls_watch_fd, CCS s,
152 IN_ONESHOT | IN_CLOSE_WRITE | IN_DELETE | IN_DELETE_SELF
153 | IN_MOVED_FROM | IN_MOVED_TO | IN_MOVE_SELF) >= 0)
155 DEBUG(D_tls) debug_printf("notify_add_watch: %s\n", strerror(errno));
159 # ifdef EXIM_HAVE_KEVENT
162 int fd1, fd2, i, cnt = 0;
165 struct kevent k_dummy;
166 struct timespec ts = {0};
170 if (Ustrcmp(filename, "system,cache") == 0) return TRUE;
174 if (kev_used > KEV_SIZE-2) { s = US"out of kev space"; goto bad; }
175 if (!(s = Ustrrchr(filename, '/'))) return FALSE;
176 s = string_copyn(filename, s - filename); /* mem released by tls_set_watch */
178 /* The dir open will fail if there is a symlink on the path. Fine; it's too
179 much effort to handle all possible cases; just refuse the preload. */
181 if ((fd2 = open(CCS s, O_RDONLY | O_NOFOLLOW)) < 0) { s = US"open dir"; goto bad; }
183 if ((lstat(CCS filename, &sb)) < 0) { s = US"lstat"; goto bad; }
184 if (!S_ISLNK(sb.st_mode))
186 if ((fd1 = open(CCS filename, O_RDONLY | O_NOFOLLOW)) < 0)
187 { s = US"open file"; goto bad; }
188 DEBUG(D_tls) debug_printf("watch file '%s'\n", filename);
189 EV_SET(&kev[++kev_used],
192 EV_ADD | EV_ENABLE | EV_ONESHOT,
193 NOTE_DELETE | NOTE_WRITE | NOTE_EXTEND
194 | NOTE_ATTRIB | NOTE_RENAME | NOTE_REVOKE,
199 DEBUG(D_tls) debug_printf("watch dir '%s'\n", s);
200 EV_SET(&kev[++kev_used],
203 EV_ADD | EV_ENABLE | EV_ONESHOT,
204 NOTE_DELETE | NOTE_WRITE | NOTE_EXTEND
205 | NOTE_ATTRIB | NOTE_RENAME | NOTE_REVOKE,
210 if (!(S_ISLNK(sb.st_mode))) break;
212 s = store_get(1024, FALSE);
213 if ((i = readlink(CCS filename, (void *)s, 1024)) < 0) { s = US"readlink"; goto bad; }
216 store_release_above(s+1);
220 if (kevent(tls_watch_fd, &kev[kev_used-cnt], cnt, &k_dummy, 1, &ts) >= 0)
223 if (kevent(tls_watch_fd, &kev[kev_used-cnt], cnt, NULL, 0, NULL) >= 0)
231 debug_printf("%s: %s: %s\n", __FUNCTION__, s, strerror(errno));
233 debug_printf("%s: %s\n", __FUNCTION__, s);
236 # endif /*EXIM_HAVE_KEVENT*/
239 /* Create an inotify facility if needed.
240 Then set watches on the dir containing the given file or (optionally)
241 list of files. Return boolean success. */
244 tls_set_watch(const uschar * filename, BOOL list)
249 if (!filename || !*filename) return TRUE;
250 if (Ustrncmp(filename, "system", 6) == 0) return TRUE;
252 DEBUG(D_tls) debug_printf("tls_set_watch: '%s'\n", filename);
254 if ( tls_watch_fd < 0
255 # ifdef EXIM_HAVE_INOTIFY
256 && (tls_watch_fd = inotify_init1(O_CLOEXEC)) < 0
258 # ifdef EXIM_HAVE_KEVENT
259 && (tls_watch_fd = kqueue()) < 0
263 DEBUG(D_tls) debug_printf("inotify_init: %s\n", strerror(errno));
272 for (uschar * s; s = string_nextinlist(&filename, &sep, NULL, 0); )
273 if (!(rc = tls_set_one_watch(s))) break;
276 rc = tls_set_one_watch(filename);
279 if (!rc) DEBUG(D_tls) debug_printf("tls_set_watch() fail on '%s': %s\n", filename, strerror(errno));
285 tls_watch_discard_event(int fd)
287 #ifdef EXIM_HAVE_INOTIFY
288 (void) read(fd, big_buffer, big_buffer_size);
290 #ifdef EXIM_HAVE_KEVENT
292 struct timespec t = {0};
293 (void) kevent(fd, NULL, 0, &kev, 1, &t);
296 #endif /*EXIM_HAVE_INOTIFY*/
300 tls_client_creds_reload(BOOL watch)
302 for(transport_instance * t = transports; t; t = t->next)
303 if (Ustrcmp(t->driver_name, "smtp") == 0)
305 tls_client_creds_invalidate(t);
306 tls_client_creds_init(t, watch);
312 tls_watch_invalidate(void)
314 if (tls_watch_fd < 0) return;
316 #ifdef EXIM_HAVE_KEVENT
317 /* Close the files we had open for kevent */
318 for (int i = 0; i < kev_used; i++)
320 (void) close((int) kev[i].ident);
321 kev[i].ident = (uintptr_t)-1;
332 tls_daemon_creds_reload(void)
336 #ifdef EXIM_HAVE_KEVENT
337 tls_watch_invalidate();
340 tls_server_creds_invalidate();
341 tls_creds_expire = (lifetime = tls_server_creds_init())
342 ? time(NULL) + lifetime : 0;
344 tls_client_creds_reload(TRUE);
348 /* Utility predicates for use by the per-library code */
350 opt_set_and_noexpand(const uschar * opt)
351 { return opt && *opt && Ustrchr(opt, '$') == NULL; }
354 opt_unset_or_noexpand(const uschar * opt)
355 { return !opt || Ustrchr(opt, '$') == NULL; }
359 /* Called every time round the daemon loop */
362 tls_daemon_tick(void)
364 tls_per_lib_daemon_tick();
365 #if defined(EXIM_HAVE_INOTIFY) || defined(EXIM_HAVE_KEVENT)
366 if (tls_creds_expire && time(NULL) >= tls_creds_expire)
368 /* The server cert is a selfsign, with limited lifetime. Dump it and
369 generate a new one. Reload the rest of the creds also as the machinery
372 DEBUG(D_tls) debug_printf("selfsign cert rotate\n");
373 tls_creds_expire = 0;
374 tls_daemon_creds_reload();
376 else if (tls_watch_trigger_time && time(NULL) >= tls_watch_trigger_time + 5)
378 /* Called, after a delay for multiple file ops to get done, from
379 the daemon when any of the watches added (above) fire.
380 Dump the set of watches and arrange to reload cached creds (which
381 will set up new watches). */
383 DEBUG(D_tls) debug_printf("watch triggered\n");
384 tls_watch_trigger_time = tls_creds_expire = 0;
385 tls_daemon_creds_reload();
390 /* Called once at daemon startup */
393 tls_daemon_init(void)
395 tls_per_lib_daemon_init();
399 /*************************************************
400 * Timezone environment flipping *
401 *************************************************/
406 uschar * old = US getenv("TZ");
407 (void) setenv("TZ", CCS tz, 1);
413 restore_tz(uschar * tz)
416 (void) setenv("TZ", CCS tz, 1);
418 (void) os_unsetenv(US"TZ");
422 /*************************************************
423 * Many functions are package-specific *
424 *************************************************/
427 # include "tls-gnu.c"
428 # include "tlscert-gnu.c"
429 # define ssl_xfer_buffer (state_server.xfer_buffer)
430 # define ssl_xfer_buffer_lwm (state_server.xfer_buffer_lwm)
431 # define ssl_xfer_buffer_hwm (state_server.xfer_buffer_hwm)
432 # define ssl_xfer_eof (state_server.xfer_eof)
433 # define ssl_xfer_error (state_server.xfer_error)
437 # include "tls-openssl.c"
438 # include "tlscert-openssl.c"
443 /*************************************************
444 * TLS version of ungetc *
445 *************************************************/
447 /* Puts a character back in the input buffer. Only ever
449 Only used by the server-side TLS.
454 Returns: the character
460 ssl_xfer_buffer[--ssl_xfer_buffer_lwm] = ch;
466 /*************************************************
467 * TLS version of feof *
468 *************************************************/
470 /* Tests for a previous EOF
471 Only used by the server-side TLS.
474 Returns: non-zero if the eof flag is set
480 return (int)ssl_xfer_eof;
485 /*************************************************
486 * TLS version of ferror *
487 *************************************************/
489 /* Tests for a previous read error, and returns with errno
490 restored to what it was when the error was detected.
491 Only used by the server-side TLS.
493 >>>>> Hmm. Errno not handled yet. Where do we get it from? >>>>>
496 Returns: non-zero if the error flag is set
502 return (int)ssl_xfer_error;
506 /*************************************************
507 * TLS version of smtp_buffered *
508 *************************************************/
510 /* Tests for unused chars in the TLS input buffer.
511 Only used by the server-side TLS.
518 tls_smtp_buffered(void)
520 return ssl_xfer_buffer_lwm < ssl_xfer_buffer_hwm;
524 #endif /*DISABLE_TLS*/
527 tls_modify_variables(tls_support * dest_tsp)
529 modify_variable(US"tls_bits", &dest_tsp->bits);
530 modify_variable(US"tls_certificate_verified", &dest_tsp->certificate_verified);
531 modify_variable(US"tls_cipher", &dest_tsp->cipher);
532 modify_variable(US"tls_peerdn", &dest_tsp->peerdn);
534 modify_variable(US"tls_sni", &dest_tsp->sni);
540 /************************************************
541 * TLS certificate name operations *
542 ************************************************/
544 /* Convert an rfc4514 DN to an exim comma-sep list.
545 Backslashed commas need to be replaced by doublecomma
546 for Exim's list quoting. We modify the given string
551 dn_to_list(uschar * dn)
553 for (uschar * cp = dn; *cp; cp++)
554 if (cp[0] == '\\' && cp[1] == ',')
559 /* Extract fields of a given type from an RFC4514-
560 format Distinguished Name. Return an Exim list.
561 NOTE: We modify the supplied dn string during operation.
564 dn Distinguished Name string
565 mod list containing optional output list-sep and
566 field selector match, comma-separated
568 allocated string with list of matching fields,
573 tls_field_from_dn(uschar * dn, const uschar * mod)
576 uschar outsep = '\n';
578 uschar * match = NULL;
580 gstring * list = NULL;
582 while ((ele = string_nextinlist(&mod, &insep, NULL, 0)))
584 match = ele; /* field tag to match */
586 outsep = ele[1]; /* nondefault output separator */
590 len = match ? Ustrlen(match) : -1;
591 while ((ele = string_nextinlist(CUSS &dn, &insep, NULL, 0)))
593 || Ustrncmp(ele, match, len) == 0 && ele[len] == '='
595 list = string_append_listele(list, outsep, ele+len+1);
596 return string_from_gstring(list);
600 /* Compare a domain name with a possibly-wildcarded name. Wildcards
601 are restricted to a single one, as the first element of patterns
602 having at least three dot-separated elements. Case-independent.
603 Return TRUE for a match
606 is_name_match(const uschar * name, const uschar * pat)
609 return *pat == '*' /* possible wildcard match */
610 ? *++pat == '.' /* starts star, dot */
611 && !Ustrchr(++pat, '*') /* has no more stars */
612 && Ustrchr(pat, '.') /* and has another dot. */
613 && (cp = Ustrchr(name, '.'))/* The name has at least one dot */
614 && strcmpic(++cp, pat) == 0 /* and we only compare after it. */
615 : !Ustrchr(pat+1, '*')
616 && strcmpic(name, pat) == 0;
619 /* Compare a list of names with the dnsname elements
620 of the Subject Alternate Name, if any, and the
624 namelist names to compare
632 tls_is_name_for_cert(const uschar * namelist, void * cert)
634 uschar * altnames = tls_cert_subject_altname(cert, US"dns");
640 if ((altnames = tls_cert_subject_altname(cert, US"dns")))
643 while ((cmpname = string_nextinlist(&namelist, &cmp_sep, NULL, 0)))
645 const uschar * an = altnames;
646 while ((certname = string_nextinlist(&an, &alt_sep, NULL, 0)))
647 if (is_name_match(cmpname, certname))
652 else if ((subjdn = tls_cert_subject(cert, NULL)))
657 while ((cmpname = string_nextinlist(&namelist, &cmp_sep, NULL, 0)))
659 const uschar * sn = subjdn;
660 while ((certname = string_nextinlist(&sn, &sn_sep, NULL, 0)))
661 if ( *certname++ == 'C'
662 && *certname++ == 'N'
663 && *certname++ == '='
664 && is_name_match(cmpname, certname)
673 /* Environment cleanup: The GnuTLS library uses SSLKEYLOGFILE in the environment
674 and writes a file by that name. Our OpenSSL code does the same, using keying
675 info from the library API.
676 The GnuTLS support only works if exim is run by root, not taking advantage of
678 You can use either the external environment (modulo the keep_environment config)
679 or the add_environment config option for SSLKEYLOGFILE; the latter takes
682 If the path is absolute, require it starts with the spooldir; otherwise delete
683 the env variable. If relative, prefix the spooldir.
688 uschar * path = US getenv("SSLKEYLOGFILE");
691 unsetenv("SSLKEYLOGFILE");
692 else if (*path != '/')
695 debug_printf("prepending spooldir to env SSLKEYLOGFILE\n");
696 setenv("SSLKEYLOGFILE", CCS string_sprintf("%s/%s", spool_directory, path), 1);
698 else if (Ustrncmp(path, spool_directory, Ustrlen(spool_directory)) != 0)
701 debug_printf("removing env SSLKEYLOGFILE=%s: not under spooldir\n", path);
702 unsetenv("SSLKEYLOGFILE");
706 /*************************************************
707 * Drop privs for checking TLS config *
708 *************************************************/
710 /* We want to validate TLS options during readconf, but do not want to be
711 root when we call into the TLS library, in case of library linkage errors
712 which cause segfaults; before this check, those were always done as the Exim
713 runtime user and it makes sense to continue with that.
715 Assumes: tls_require_ciphers has been set, if it will be
716 exim_user has been set, if it will be
717 exim_group has been set, if it will be
719 Returns: bool for "okay"; false will cause caller to immediately exit.
723 tls_dropprivs_validate_require_cipher(BOOL nowarn)
725 const uschar *errmsg;
728 void (*oldsignal)(int);
730 /* If TLS will never be used, no point checking ciphers */
732 if ( !tls_advertise_hosts
733 || !*tls_advertise_hosts
734 || Ustrcmp(tls_advertise_hosts, ":") == 0
737 else if (!nowarn && !tls_certificate)
738 log_write(0, LOG_MAIN,
739 "Warning: No server certificate defined; will use a selfsigned one.\n"
740 " Suggested action: either install a certificate or change tls_advertise_hosts option");
742 oldsignal = signal(SIGCHLD, SIG_DFL);
745 if ((pid = exim_fork(US"cipher-validate")) < 0)
746 log_write(0, LOG_MAIN|LOG_PANIC_DIE, "fork failed for TLS check");
750 /* in some modes, will have dropped privilege already */
752 exim_setugid(exim_uid, exim_gid, FALSE,
753 US"calling tls_validate_require_cipher");
755 if ((errmsg = tls_validate_require_cipher()))
756 log_write(0, LOG_PANIC_DIE|LOG_CONFIG,
757 "tls_require_ciphers invalid: %s", errmsg);
759 exim_underbar_exit(EXIT_SUCCESS);
763 rc = waitpid(pid, &status, 0);
764 } while (rc < 0 && errno == EINTR);
767 debug_printf("tls_validate_require_cipher child %d ended: status=0x%x\n",
770 signal(SIGCHLD, oldsignal);
778 #endif /*!DISABLE_TLS*/
779 #endif /*!MACRO_PREDEF*/