X-Git-Url: http://git.cascardo.eti.br/?a=blobdiff_plain;f=popproxy.c;h=d2ccbf76f709b0a16c3231c46387e926f36b0f25;hb=4bc777dcf6bedc0aa0cc81a71bfb0599c986e740;hp=f54c77cc21b778e0033ccf25a3fc8f31c4595228;hpb=d45a338204b37b044e9cf9c04415fb7f8af83e6e;p=cascardo%2Frnetproxy.git

diff --git a/popproxy.c b/popproxy.c
index f54c77c..d2ccbf7 100644
--- a/popproxy.c
+++ b/popproxy.c
@@ -25,6 +25,7 @@
 #include <gnutls/gnutls.h>
 #include <netinet/in.h>
 #include <arpa/inet.h>
+#include <signal.h>
 #include "log.h"
 #include "pop.h"
 
@@ -32,16 +33,19 @@
 #include "hcconn_ssl.h"
 #include "tcp_connect.h"
 
+#include "usermap.h"
+
 #define CONFFILE SYSCONFDIR "/popproxy.conf"
 
 struct pop_address
 {
   char *server;
   char *port;
+  int ssl;
 };
 
 static HCConn *
-server_conn_new (char *server, char *port)
+server_conn_new (char *server, char *port, int ssl)
 {
   int fd;
   HCConn *conn;
@@ -54,15 +58,16 @@ server_conn_new (char *server, char *port)
       return NULL;
     }
   conn = hc_conn_new (NULL, NULL);
-  ssl_conn = hc_conn_new (NULL, NULL);
   r = hc_conn_set_driver_channel (conn, fd);
   if (r != 0)
     {
-      hc_conn_close (ssl_conn);
       hc_conn_close (conn);
       close (fd);
       return NULL;
     }
+  if (!ssl)
+    return conn;
+  ssl_conn = hc_conn_new (NULL, NULL);
   r = hc_conn_set_driver_ssl_client (ssl_conn, conn);
   if (r != 0)
     {
@@ -97,7 +102,7 @@ client_conn_new (int fd)
       return NULL;
     }
   pop_conn = hc_conn_new (NULL, NULL);
-  r = hc_conn_set_driver_pop (pop_conn, conn);
+  r = hc_conn_set_driver_pop (pop_conn, ssl_conn);
   if (r != 0)
     {
       hc_conn_close (pop_conn);
@@ -141,7 +146,8 @@ new_client (int fd, struct sockaddr *addr, socklen_t saddr, gpointer data)
   g_message ("Received connection from %s.",
              inet_ntoa (((struct sockaddr_in *) addr)->sin_addr));
 
-  server_conn = server_conn_new (address->server, address->port);
+  server_conn = server_conn_new (address->server, address->port,
+                                 address->ssl);
   if (server_conn == NULL)
     {
       return;
@@ -181,8 +187,14 @@ int main (int argc, char **argv)
   gchar *port;
   gchar *server_address;
   gchar *server_port;
+  int server_ssl;
+  gchar *certfile;
+  gchar *ssl_keyfile;
+  gchar *policy;
   struct pop_address pop_address;
 
+  signal (SIGPIPE, SIG_IGN);
+
   gnutls_global_init ();
 
   configfile = CONFFILE;
@@ -211,6 +223,26 @@ int main (int argc, char **argv)
       exit (1);
     }
 
+  error = NULL;
+  certfile = g_key_file_get_string (keyfile, "global", "certfile",
+                                    &error);
+  if (certfile == NULL && error != NULL)
+    {
+      g_critical ("No certification file specified: %s.",
+                  error->message);
+      g_error_free (error);
+      exit (1);
+    }
+  error = NULL;
+  ssl_keyfile = g_key_file_get_string (keyfile, "global", "keyfile",
+                                       &error);
+  if (ssl_keyfile == NULL && error != NULL)
+    {
+      ssl_keyfile = g_strdup (certfile);
+      g_error_free (error);
+    }
+
+
   error = NULL;
   conf_address = g_key_file_get_string (keyfile, "global", "address",
                                         &error);
@@ -242,9 +274,32 @@ int main (int argc, char **argv)
       server_port = g_strdup ("995");
       g_error_free (error);
     }
+  error = NULL;
+  server_ssl = g_key_file_get_boolean (keyfile, "global", "server_ssl",
+                                       &error);
+  if (server_ssl == 0 && error != NULL)
+    {
+      server_ssl = 0;
+      g_error_free (error);
+    }
+
+  error = NULL;
+  policy = g_key_file_get_string (keyfile, "global", "policy",
+                                  &error);
+  if (policy == NULL && error != NULL)
+    {
+      policy = g_strdup ("deny");
+      g_error_free (error);
+    }
+
+  if (!strcmp (policy, "allow"))
+    ACCESS_DEFAULT = ACCESS_ALLOW;
+  g_free (policy);
+
 
   pop_address.server = server_address;
   pop_address.port = server_port;
+  pop_address.ssl = server_ssl;
 
   server_fd = hc_tcp_server (port);
   if (server_fd < 0)
@@ -257,6 +312,8 @@ int main (int argc, char **argv)
   pop_log_init ();
 
   g_message ("Listening at %s:%s.", conf_address, port);
+  if (ACCESS_DEFAULT == ACCESS_ALLOW)
+    g_message ("Authorizing users by default.");
 
   if (!foreground)
     daemon (0, 0);
@@ -264,7 +321,10 @@ int main (int argc, char **argv)
   g_free (conf_address);
   g_free (port);
 
-  hc_conn_ssl_server_init_credentials ("cert.pem", "key.pem");
+  hc_conn_ssl_server_init_credentials (certfile, ssl_keyfile);
+
+  g_free (certfile);
+  g_free (ssl_keyfile);
 
   g_main_loop_run (g_main_loop_new (g_main_context_default (), TRUE));