* Implement RFC 2487 - SMTP Service Extension for Secure SMTP over TLS

diff --git a/citadel/ChangeLog b/citadel/ChangeLog
index f3bd9a86705b632bb8cbc9f6744de702823687bf..26f0ffc82647090345bd50e7b83e0e450d849d69 100644 (file)
--- a/citadel/ChangeLog
+++ b/citadel/ChangeLog
@@ -1,4 +1,7 @@
  $Log$
+ Revision 614.37  2004/02/16 21:45:43  ajc
+ * Implement RFC 2487 - SMTP Service Extension for Secure SMTP over TLS
+
  Revision 614.36  2004/02/16 21:02:28  ajc
  * IMAP and Citadel protocols now use the same code path for TLS negotiation
 
@@ -5350,4 +5353,3 @@ Sat Jul 11 00:20:48 EDT 1998 Nathan Bryant <bryant@cs.usm.maine.edu>
 
 Fri Jul 10 1998 Art Cancro <ajc@uncensored.citadel.org>
        * Initial CVS import
-

diff --git a/citadel/serv_imap.c b/citadel/serv_imap.c
index 4121921ddd64abe118e5ef104be127a2bf950fa4..5bd0749eda8ca5369413836e3c424453e657cd65 100644 (file)
--- a/citadel/serv_imap.c
+++ b/citadel/serv_imap.c
@@ -34,13 +34,6 @@
 #include <ctype.h>
 #include <string.h>
 #include <limits.h>
-
-#ifdef HAVE_OPENSSL
-#include <openssl/ssl.h>
-#include <openssl/err.h>
-#include <openssl/rand.h>
-#endif
-
 #include "citadel.h"
 #include "server.h"
 #include "sysdep_decls.h"
@@ -1263,7 +1256,6 @@ void imap_command_loop(void)
                imap_starttls(num_parms, parms);
        }
 #endif
-
        else if (!CC->logged_in) {
                cprintf("%s BAD Not logged in.\r\n", parms[0]);
        }

diff --git a/citadel/serv_smtp.c b/citadel/serv_smtp.c
index 56408ca6e245398c5354293b7e83a1b0ab203883..f4b50016b30704df1b824baf0d7bd88d7fd64538 100644 (file)
--- a/citadel/serv_smtp.c
+++ b/citadel/serv_smtp.c
@@ -14,6 +14,7 @@
  * RFC 2033 - Local Mail Transfer Protocol
  * RFC 2034 - SMTP Service Extension for Returning Enhanced Error Codes
  * RFC 2197 - SMTP Service Extension for Command Pipelining
+ * RFC 2487 - SMTP Service Extension for Secure SMTP over TLS
  * RFC 2554 - SMTP Service Extension for Authentication
  * RFC 2821 - Simple Mail Transfer Protocol
  * RFC 2822 - Internet Message Format
@@ -69,6 +70,11 @@
 #include "clientsocket.h"
 #include "locate_host.h"
 
+#ifdef HAVE_OPENSSL
+#include "serv_crypto.h"
+#endif
+
+
 
 #ifndef HAVE_SNPRINTF
 #include "snprintf.h"
@@ -182,6 +188,9 @@ void smtp_hello(char *argbuf, int which_command) {
                cprintf("250-SIZE %ld\r\n", config.c_maxmsglen);
                cprintf("250-PIPELINING\r\n");
                cprintf("250-AUTH=LOGIN\r\n");
+#ifdef HAVE_OPENSSL
+               cprintf("250-STARTTLS\r\n");
+#endif
                cprintf("250 ENHANCEDSTATUSCODES\r\n");
        }
 }
@@ -358,8 +367,10 @@ void smtp_expn(char *argbuf) {
  * Currently this just zeroes out the state buffer.  If pointers to data
  * allocated with mallok() are ever placed in the state buffer, we have to
  * be sure to phree() them first!
+ *
+ * Set do_response to nonzero to output the SMTP RSET response code.
  */
-void smtp_rset(void) {
+void smtp_rset(int do_response) {
        int is_lmtp;
 
        /*
@@ -387,7 +398,9 @@ void smtp_rset(void) {
         */
        SMTP->is_lmtp = is_lmtp;
 
-       cprintf("250 2.0.0 Zap!\r\n");
+       if (do_response) {
+               cprintf("250 2.0.0 Zap!\r\n");
+       }
 }
 
 /*
@@ -653,6 +666,27 @@ void smtp_data(void) {
 }
 
 
+/*
+ * implements the STARTTLS command (Citadel API version)
+ */
+#ifdef HAVE_OPENSSL
+void smtp_starttls(void)
+{
+       char ok_response[SIZ];
+       char nosup_response[SIZ];
+       char error_response[SIZ];
+
+       sprintf(ok_response,
+               "200 2.0.0 Begin TLS negotiation now\r\n");
+       sprintf(nosup_response,
+               "554 5.7.3 TLS not supported here\r\n");
+       sprintf(error_response,
+               "554 5.7.3 Internal error\r\n");
+       CtdlStartTLS(ok_response, nosup_response, error_response);
+       smtp_rset(0);
+}
+#endif
+
 
 
 /* 
@@ -728,9 +762,13 @@ void smtp_command_loop(void) {
        }
 
        else if (!strncasecmp(cmdbuf, "RSET", 4)) {
-               smtp_rset();
+               smtp_rset(1);
        }
-
+#ifdef HAVE_OPENSSL
+       else if (!strcasecmp(cmdbuf, "STARTTLS")) {
+               smtp_starttls();
+       }
+#endif
        else if (!strncasecmp(cmdbuf, "VRFY", 4)) {
                smtp_vrfy(&cmdbuf[5]);
        }