#include "pop.h"
#include "hcconn.h"
+#include "hcconn_ssl.h"
#include "tcp_connect.h"
+#include "usermap.h"
+
#define CONFFILE SYSCONFDIR "/popproxy.conf"
struct pop_address
{
char *server;
char *port;
+ int ssl;
};
static HCConn *
-server_conn_new (char *server, char *port)
+server_conn_new (char *server, char *port, int ssl)
{
int fd;
HCConn *conn;
HCConn *ssl_conn;
+ int r;
fd = hc_tcp_connect (server, port);
if (fd < 0)
{
return NULL;
}
conn = hc_conn_new (NULL, NULL);
+ r = hc_conn_set_driver_channel (conn, fd);
+ if (r != 0)
+ {
+ hc_conn_close (conn);
+ close (fd);
+ return NULL;
+ }
+ if (!ssl)
+ return conn;
ssl_conn = hc_conn_new (NULL, NULL);
- hc_conn_set_driver_channel (conn, fd);
- hc_conn_set_driver_ssl (ssl_conn, conn);
+ r = hc_conn_set_driver_ssl_client (ssl_conn, conn);
+ if (r != 0)
+ {
+ hc_conn_close (ssl_conn);
+ hc_conn_close (conn);
+ return NULL;
+ }
return ssl_conn;
}
+static HCConn *
+client_conn_new (int fd)
+{
+ HCConn *conn;
+ HCConn *ssl_conn;
+ HCConn *pop_conn;
+ int r;
+ conn = hc_conn_new (NULL, NULL);
+ r = hc_conn_set_driver_channel (conn, fd);
+ if (r != 0)
+ {
+ hc_conn_close (conn);
+ close (fd);
+ return NULL;
+ }
+ ssl_conn = hc_conn_new (NULL, NULL);
+ hc_conn_set_driver_ssl_server (ssl_conn, conn);
+ if (r != 0)
+ {
+ hc_conn_close (ssl_conn);
+ hc_conn_close (conn);
+ return NULL;
+ }
+ pop_conn = hc_conn_new (NULL, NULL);
+ r = hc_conn_set_driver_pop (pop_conn, ssl_conn);
+ if (r != 0)
+ {
+ hc_conn_close (pop_conn);
+ hc_conn_close (ssl_conn);
+ return NULL;
+ }
+ return pop_conn;
+}
+
static void
push_other (HCConn *conn, HCEvent event, gpointer data)
{
static void
new_client (int fd, struct sockaddr *addr, socklen_t saddr, gpointer data)
{
- HCConn *conn;
+ HCConn *client_conn;
HCConn *server_conn;
- net_hook_t *hook;
struct pop_address *address = data;
if (fd < 0)
{
g_critical ("Server has received an error event.");
return;
}
+
+ /* FIXME: Should be independent of address type. */
g_message ("Received connection from %s.",
inet_ntoa (((struct sockaddr_in *) addr)->sin_addr));
- server_conn = server_conn_new (address->server, address->port);
+ server_conn = server_conn_new (address->server, address->port,
+ address->ssl);
if (server_conn == NULL)
{
return;
}
+ client_conn = client_conn_new (fd);
+ if (client_conn == NULL)
+ {
+ hc_conn_close (server_conn);
+ return;
+ }
- conn = hc_conn_new (NULL, NULL);
- hc_conn_set_driver_channel (conn, fd);
-
- hc_conn_set_callback (conn, push_other, server_conn);
- hc_conn_set_callback (server_conn, push_other, conn);
+ hc_conn_set_callback (client_conn, push_other, server_conn);
+ hc_conn_set_callback (server_conn, push_other, client_conn);
}
gchar *port;
gchar *server_address;
gchar *server_port;
+ int server_ssl;
+ gchar *certfile;
+ gchar *ssl_keyfile;
+ gchar *policy;
struct pop_address pop_address;
gnutls_global_init ();
exit (1);
}
+ error = NULL;
+ certfile = g_key_file_get_string (keyfile, "global", "certfile",
+ &error);
+ if (certfile == NULL && error != NULL)
+ {
+ g_critical ("No certification file specified: %s.",
+ error->message);
+ g_error_free (error);
+ exit (1);
+ }
+ error = NULL;
+ ssl_keyfile = g_key_file_get_string (keyfile, "global", "keyfile",
+ &error);
+ if (ssl_keyfile == NULL && error != NULL)
+ {
+ ssl_keyfile = g_strdup (certfile);
+ g_error_free (error);
+ }
+
+
error = NULL;
conf_address = g_key_file_get_string (keyfile, "global", "address",
&error);
server_port = g_strdup ("995");
g_error_free (error);
}
+ error = NULL;
+ server_ssl = g_key_file_get_boolean (keyfile, "global", "server_ssl",
+ &error);
+ if (server_ssl == 0 && error != NULL)
+ {
+ server_ssl = 0;
+ g_error_free (error);
+ }
+
+ error = NULL;
+ policy = g_key_file_get_string (keyfile, "global", "policy",
+ &error);
+ if (policy == NULL && error != NULL)
+ {
+ policy = g_strdup ("deny");
+ g_error_free (error);
+ }
+
+ if (!strcmp (policy, "allow"))
+ ACCESS_DEFAULT = ACCESS_ALLOW;
+ g_free (policy);
+
pop_address.server = server_address;
pop_address.port = server_port;
+ pop_address.ssl = server_ssl;
server_fd = hc_tcp_server (port);
if (server_fd < 0)
pop_log_init ();
g_message ("Listening at %s:%s.", conf_address, port);
+ if (ACCESS_DEFAULT == ACCESS_ALLOW)
+ g_message ("Authorizing users by default.");
if (!foreground)
daemon (0, 0);
g_free (conf_address);
g_free (port);
+ hc_conn_ssl_server_init_credentials (certfile, ssl_keyfile);
+
+ g_free (certfile);
+ g_free (ssl_keyfile);
+
g_main_loop_run (g_main_loop_new (g_main_context_default (), TRUE));
gnutls_global_deinit ();