This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "GNU Mailutils".
http://git.savannah.gnu.org/cgit/mailutils.git/commit/?id=6ff197ca52419567c123c4e9069e207ec55aadcb The branch, master has been updated via 6ff197ca52419567c123c4e9069e207ec55aadcb (commit) via 4d642922b63bdf1a312b5f76b1f827e794e23da6 (commit) from 10adba5274b12a3c27e1a96bb6d934e430ce5f13 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 6ff197ca52419567c123c4e9069e207ec55aadcb Author: Sergey Poznyakoff <g...@gnu.org.ua> Date: Sat Jul 11 11:14:16 2015 +0300 Log ciphersuite info after successful initiation of TLS connection * include/mailutils/stream.h (MU_IOCTL_TLSSTREAM): New ioctl code. (MU_IOCTL_TLS_GET_CIPHER_INFO): New ioctl opcode. * libmailutils/property/assocprop.c (_assoc_prop_fill) (_assoc_prop_save): allow for NULL stream pointer. * libmu_auth/tls.c (_tls_io_ioctl,_tls_ioctl): Handle MU_IOCTL_TLSSTREAM/MU_IOCTL_TLS_GET_CIPHER_INFO ioctl. * imap4d/io.c (log_cipher): New function. (io_setio, imap4d_init_tls_server): Call log_cipher after successfully establishing the TLS connection. * imap4d/starttls.c (tls_encryption_on): Remove diagnostic output. * pop3d/extra.c (log_cipher): New function. (pop3d_setio,pop3d_init_tls_server): Call log_cipher after successfully establishing the TLS connection. commit 4d642922b63bdf1a312b5f76b1f827e794e23da6 Author: Sergey Poznyakoff <g...@gnu.org.ua> Date: Sat Jul 11 11:12:20 2015 +0300 Minor fixes * libmailutils/mailbox/mbx_default.c (mu_normalize_mailbox_url): don't place / in front of the username. (plus_expand): Use mu_make_file_name and mu_asprintf. Check for errors. (mu_mailbox_create_default): Check for errors. ----------------------------------------------------------------------- Summary of changes: imap4d/io.c | 33 +++++++++++++++++++++++ imap4d/starttls.c | 1 - include/mailutils/stream.h | 10 ++++++- libmailutils/mailbox/mbx_default.c | 46 ++++++++++++++++++++------------ libmailutils/property/assocprop.c | 4 +- libmu_auth/tls.c | 51 ++++++++++++++++++++++++++++++++++++ pop3d/extra.c | 34 +++++++++++++++++++++++- 7 files changed, 157 insertions(+), 22 deletions(-) diff --git a/imap4d/io.c b/imap4d/io.c index c0f62de..d3a14dc 100644 --- a/imap4d/io.c +++ b/imap4d/io.c @@ -16,9 +16,39 @@ along with GNU Mailutils. If not, see <http://www.gnu.org/licenses/>. */ #include "imap4d.h" +#include <mailutils/property.h> mu_stream_t iostream; +static void +log_cipher (mu_stream_t stream) +{ + mu_property_t prop; + int rc = mu_stream_ioctl (stream, MU_IOCTL_TLSSTREAM, + MU_IOCTL_TLS_GET_CIPHER_INFO, &prop); + if (rc) + { + mu_diag_output (MU_DIAG_INFO, _("TLS established")); + mu_diag_output (MU_DIAG_ERROR, _("can't get TLS details: %s"), + mu_strerror (rc)); + } + else + { + char const *cipher, *mac, *proto; + if (mu_property_sget_value (prop, "cipher", &cipher)) + cipher = "UNKNOWN"; + if (mu_property_sget_value (prop, "mac", &mac)) + mac = "UNKNOWN"; + if (mu_property_sget_value (prop, "protocol", &proto)) + proto = "UNKNOWN"; + + mu_diag_output (MU_DIAG_INFO, _("TLS established using %s-%s (%s)"), + cipher, mac, proto); + + mu_property_destroy (&prop); + } +} + void io_setio (int ifd, int ofd, int tls) { @@ -49,6 +79,7 @@ io_setio (int ifd, int ofd, int tls) mu_error (_("failed to create TLS stream: %s"), mu_strerror (rc)); imap4d_bye (ERR_STREAM_CREATE); } + log_cipher (str); } else #endif @@ -112,6 +143,8 @@ imap4d_init_tls_server () return 1; } + log_cipher (tlsstream); + mu_stream_unref (stream[0]); mu_stream_unref (stream[1]); stream[0] = stream[1] = tlsstream; diff --git a/imap4d/starttls.c b/imap4d/starttls.c index 1ee3f70..1530931 100644 --- a/imap4d/starttls.c +++ b/imap4d/starttls.c @@ -71,7 +71,6 @@ tls_encryption_on (struct imap4d_session *session) session->tls_mode = tls_no; imap4d_capability_remove (IMAP_CAPA_XTLSREQUIRED); - mu_diag_output (MU_DIAG_INFO, _("TLS established")); } void diff --git a/include/mailutils/stream.h b/include/mailutils/stream.h index 6230ca2..07f99c3 100644 --- a/include/mailutils/stream.h +++ b/include/mailutils/stream.h @@ -77,7 +77,8 @@ enum mu_buffer_type #define MU_IOCTL_TOPSTREAM 12 /* Same as MU_IOCTL_SUBSTREAM, but always returns the topmost substream. */ - +#define MU_IOCTL_TLSSTREAM 13 /* TLS stream */ + /* Opcodes common for various families */ #define MU_IOCTL_OP_GET 0 #define MU_IOCTL_OP_SET 1 @@ -192,6 +193,13 @@ enum mu_buffer_type */ #define MU_IOCTL_FILTER_GET_DISABLED 0 #define MU_IOCTL_FILTER_SET_DISABLED 1 + + /* TLS transport streams */ + /* Get cipher info. + Arg: mu_property_t * + On success, the following keys are defined: "protocol", "cipher", "mac" + */ +#define MU_IOCTL_TLS_GET_CIPHER_INFO 0 #define MU_TRANSPORT_INPUT 0 #define MU_TRANSPORT_OUTPUT 1 diff --git a/libmailutils/mailbox/mbx_default.c b/libmailutils/mailbox/mbx_default.c index 4024208..5082027 100644 --- a/libmailutils/mailbox/mbx_default.c +++ b/libmailutils/mailbox/mbx_default.c @@ -64,13 +64,20 @@ mu_normalize_mailbox_url (char **pout, const char *dir) { if (!(len > 5 && strcmp (dir + len - 5, "user=") == 0)) return MU_ERR_BAD_FILENAME; + else + { + int rc = mu_asprintf (pout, "%s%s", dir, USERSUFFIX); + if (rc) + return rc; + } } else - *pout = mu_make_file_name (dir, USERSUFFIX); - - if (!*pout) - return errno; - + { + *pout = mu_make_file_name (dir, USERSUFFIX); + if (!*pout) + return errno; + } + return 0; } @@ -280,7 +287,6 @@ plus_expand (const char *file, char **buf) { char *home; const char *folder_dir = mu_folder_directory (); - int len; home = get_homedir (NULL); if (!home) @@ -290,17 +296,16 @@ plus_expand (const char *file, char **buf) if (folder_dir[0] == '/' || mu_is_proto (folder_dir)) { - len = strlen (folder_dir) + strlen (file) + 2; - *buf = malloc (len); - sprintf (*buf, "%s/%s", folder_dir, file); + *buf = mu_make_file_name (folder_dir, file); + if (!*buf) + return errno; } else { - len = strlen (home) + strlen (folder_dir) + strlen (file) + 3; - *buf = malloc (len); - sprintf (*buf, "%s/%s/%s", home, folder_dir, file); + int rc = mu_asprintf (buf, "%s/%s/%s", home, folder_dir, file); + if (rc) + return rc; } - (*buf)[len-1] = 0; free (home); return 0; @@ -419,7 +424,7 @@ mu_mailbox_create_default (mu_mailbox_t *pmbox, const char *mail) mail = tmp_mbox; if (!mail) return ENOMEM; - + switch (mail[0]) { case '%': @@ -433,18 +438,25 @@ mu_mailbox_create_default (mu_mailbox_t *pmbox, const char *mail) case '/': mbox = strdup (mail); + if (!mbox) + status = errno; break; default: if (!mu_is_proto (mail)) { p = mu_getcwd(); - mbox = malloc (strlen (p) + strlen (mail) + 2); - sprintf (mbox, "%s/%s", p, mail); + mbox = mu_make_file_name (p, mail); + if (!mbox) + status = errno; free (p); } else - mbox = strdup (mail); + { + mbox = strdup (mail); + if (!mbox) + status = errno; + } break; } diff --git a/libmailutils/property/assocprop.c b/libmailutils/property/assocprop.c index 6742737..dd730c3 100644 --- a/libmailutils/property/assocprop.c +++ b/libmailutils/property/assocprop.c @@ -145,7 +145,7 @@ _assoc_prop_fill (struct _mu_property *prop) size_t size[2] = { 0, 0 }, n; if (!str) - return EINVAL; + return 0; mu_stream_seek (str, 0, MU_SEEK_SET, NULL); while ((rc = mu_stream_getdelim (str, &buf[state], &size[state], 0, &n)) == 0 && @@ -169,7 +169,7 @@ _assoc_prop_save (struct _mu_property *prop) mu_off_t off; if (!str) - return EINVAL; + return 0; rc = mu_property_get_iterator (prop, &itr); if (rc) return rc; diff --git a/libmu_auth/tls.c b/libmu_auth/tls.c index a503814..a9bfb7a 100644 --- a/libmu_auth/tls.c +++ b/libmu_auth/tls.c @@ -34,6 +34,7 @@ #include <mailutils/stream.h> #include <mailutils/errno.h> #include <mailutils/util.h> +#include <mailutils/property.h> struct mu_tls_module_config mu_tls_module_config = { #ifdef WITH_TLS @@ -295,6 +296,34 @@ _tls_wr_wait (struct _mu_stream *stream, int *pflags, struct timeval *tvp) } static int +get_cipher_info (gnutls_session_t session, mu_property_t *pprop) +{ + mu_property_t prop; + const char *s; + int rc; + + if (!pprop) + return EINVAL; + + rc = mu_property_create_init (&prop, mu_assoc_property_init, NULL); + if (rc) + return rc; + + s = gnutls_protocol_get_name (gnutls_protocol_get_version (session)); + mu_property_set_value (prop, "protocol", s, 1); + + s = gnutls_cipher_get_name (gnutls_cipher_get (session)); + mu_property_set_value (prop, "cipher", s, 1); + + s = gnutls_mac_get_name (gnutls_mac_get (session)); + mu_property_set_value (prop, "mac", s, 1); + + *pprop = prop; + + return 0; +} + +static int _tls_io_ioctl (struct _mu_stream *stream, int code, int opcode, void *arg) { struct _mu_tls_io_stream *sp = (struct _mu_tls_io_stream *) stream; @@ -323,6 +352,17 @@ _tls_io_ioctl (struct _mu_stream *stream, int code, int opcode, void *arg) } break; + case MU_IOCTL_TLSSTREAM: + switch (opcode) + { + case MU_IOCTL_TLS_GET_CIPHER_INFO: + return get_cipher_info (sp->up->session, arg); + + default: + return EINVAL; + } + break; + default: return ENOSYS; } @@ -586,6 +626,17 @@ _tls_ioctl (struct _mu_stream *stream, int code, int opcode, void *arg) } break; + case MU_IOCTL_TLSSTREAM: + switch (opcode) + { + case MU_IOCTL_TLS_GET_CIPHER_INFO: + return get_cipher_info (sp->session, arg); + + default: + return EINVAL; + } + break; + default: return ENOSYS; } diff --git a/pop3d/extra.c b/pop3d/extra.c index 57aab2d..2ce84be 100644 --- a/pop3d/extra.c +++ b/pop3d/extra.c @@ -17,6 +17,7 @@ #include "pop3d.h" #include "mailutils/libargp.h" +#include "mailutils/property.h" mu_stream_t iostream; @@ -128,6 +129,35 @@ pop3d_abquit (int reason) exit (code); } +static void +log_cipher (mu_stream_t stream) +{ + mu_property_t prop; + int rc = mu_stream_ioctl (stream, MU_IOCTL_TLSSTREAM, + MU_IOCTL_TLS_GET_CIPHER_INFO, &prop); + if (rc) + { + mu_diag_output (MU_DIAG_INFO, _("TLS established")); + mu_diag_output (MU_DIAG_ERROR, _("can't get TLS details: %s"), + mu_strerror (rc)); + } + else + { + char const *cipher, *mac, *proto; + if (mu_property_sget_value (prop, "cipher", &cipher)) + cipher = "UNKNOWN"; + if (mu_property_sget_value (prop, "mac", &mac)) + mac = "UNKNOWN"; + if (mu_property_sget_value (prop, "protocol", &proto)) + proto = "UNKNOWN"; + + mu_diag_output (MU_DIAG_INFO, _("TLS established using %s-%s (%s)"), + cipher, mac, proto); + + mu_property_destroy (&prop); + } +} + void pop3d_setio (int ifd, int ofd, int tls) { @@ -158,7 +188,7 @@ pop3d_setio (int ifd, int ofd, int tls) pop3d_abquit (ERR_FILE); } tls_done = 1; - mu_diag_output (MU_DIAG_INFO, _("TLS established")); + log_cipher (str); } else #endif @@ -220,6 +250,8 @@ pop3d_init_tls_server () if (rc) return 1; + log_cipher (tlsstream); + stream[0] = stream[1] = tlsstream; rc = mu_stream_ioctl (iostream, MU_IOCTL_SUBSTREAM, MU_IOCTL_OP_SET, stream); mu_stream_unref (stream[0]); hooks/post-receive -- GNU Mailutils _______________________________________________ Commit-mailutils mailing list Commit-mailutils@gnu.org https://lists.gnu.org/mailman/listinfo/commit-mailutils
