annotate src/login-common/ssl-proxy.h @ 22656:1789bf2a1e01

director: Make sure HOST-RESET-USERS isn't used with max_moving_users=0 The reset command would just hang in that case. doveadm would never have sent this, so this is just an extra sanity check.
author Timo Sirainen <timo.sirainen@dovecot.fi>
date Sun, 05 Nov 2017 23:51:56 +0200
parents 41622541a7a3
children
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
rev   line source
6410
e4eb71ae8e96 Changed .h ifdef/defines to use <NAME>_H format.
Timo Sirainen <tss@iki.fi>
parents: 4570
diff changeset
1 #ifndef SSL_PROXY_H
e4eb71ae8e96 Changed .h ifdef/defines to use <NAME>_H format.
Timo Sirainen <tss@iki.fi>
parents: 4570
diff changeset
2 #define SSL_PROXY_H
1049
c41787e8c3f4 Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
3
1235
2660b47fd9bc Added setting verbose_ssl
Timo Sirainen <tss@iki.fi>
parents: 1049
diff changeset
4 struct ip_addr;
2027
dc5d0da1abe9 Added ssl_require_client_cert auth-specific setting. Hide
Timo Sirainen <tss@iki.fi>
parents: 1235
diff changeset
5 struct ssl_proxy;
14728
983c6ff12cc9 Moved ssl_* settings from login-common to lib-master.
Timo Sirainen <tss@iki.fi>
parents: 14516
diff changeset
6 struct master_service_ssl_settings;
9283
02721ba17309 login processes: Added initial support for per-connection configuration.
Timo Sirainen <tss@iki.fi>
parents: 9165
diff changeset
7 struct login_settings;
9929
d60fa42fbaac *-login: Fixes to SSL/login proxy connection counting.
Timo Sirainen <tss@iki.fi>
parents: 9756
diff changeset
8 struct client;
1235
2660b47fd9bc Added setting verbose_ssl
Timo Sirainen <tss@iki.fi>
parents: 1049
diff changeset
9
3863
55df57c028d4 Added "bool" type and changed all ints that were used as booleans to bool.
Timo Sirainen <tss@iki.fi>
parents: 3635
diff changeset
10 extern bool ssl_initialized;
1049
c41787e8c3f4 Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
11
9165
96678e83eab6 imap/pop3 proxy: Support SSL/TLS connections to remote servers.
Timo Sirainen <tss@iki.fi>
parents: 9159
diff changeset
12 typedef int ssl_handshake_callback_t(void *context);
96678e83eab6 imap/pop3 proxy: Support SSL/TLS connections to remote servers.
Timo Sirainen <tss@iki.fi>
parents: 9159
diff changeset
13
1049
c41787e8c3f4 Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
14 /* establish SSL connection with the given fd, returns a new fd which you
3520
e2fe8222449d s/occured/occurred/
Timo Sirainen <tss@iki.fi>
parents: 2027
diff changeset
15 must use from now on, or -1 if error occurred. Unless -1 is returned,
1049
c41787e8c3f4 Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
16 the given fd must be simply forgotten. */
14368
842e5124038d *-login: Another crashfix
Timo Sirainen <tss@iki.fi>
parents: 14367
diff changeset
17 int ssl_proxy_alloc(int fd, const struct ip_addr *ip, pool_t set_pool,
14728
983c6ff12cc9 Moved ssl_* settings from login-common to lib-master.
Timo Sirainen <tss@iki.fi>
parents: 14516
diff changeset
18 const struct login_settings *login_set,
983c6ff12cc9 Moved ssl_* settings from login-common to lib-master.
Timo Sirainen <tss@iki.fi>
parents: 14516
diff changeset
19 const struct master_service_ssl_settings *ssl_set,
10224
3f1c47797dee ssl: Don't start handshake until client has been set.
Timo Sirainen <tss@iki.fi>
parents: 9929
diff changeset
20 struct ssl_proxy **proxy_r);
14368
842e5124038d *-login: Another crashfix
Timo Sirainen <tss@iki.fi>
parents: 14367
diff changeset
21 int ssl_proxy_client_alloc(int fd, struct ip_addr *ip, pool_t set_pool,
14728
983c6ff12cc9 Moved ssl_* settings from login-common to lib-master.
Timo Sirainen <tss@iki.fi>
parents: 14516
diff changeset
22 const struct login_settings *login_set,
983c6ff12cc9 Moved ssl_* settings from login-common to lib-master.
Timo Sirainen <tss@iki.fi>
parents: 14516
diff changeset
23 const struct master_service_ssl_settings *ssl_set,
10224
3f1c47797dee ssl: Don't start handshake until client has been set.
Timo Sirainen <tss@iki.fi>
parents: 9929
diff changeset
24 ssl_handshake_callback_t *callback, void *context,
3f1c47797dee ssl: Don't start handshake until client has been set.
Timo Sirainen <tss@iki.fi>
parents: 9929
diff changeset
25 struct ssl_proxy **proxy_r);
3f1c47797dee ssl: Don't start handshake until client has been set.
Timo Sirainen <tss@iki.fi>
parents: 9929
diff changeset
26 void ssl_proxy_start(struct ssl_proxy *proxy);
9929
d60fa42fbaac *-login: Fixes to SSL/login proxy connection counting.
Timo Sirainen <tss@iki.fi>
parents: 9756
diff changeset
27 void ssl_proxy_set_client(struct ssl_proxy *proxy, struct client *client);
7912
81806d402514 Added more consts, ATTR_CONSTs and ATTR_PUREs.
Timo Sirainen <tss@iki.fi>
parents: 7374
diff changeset
28 bool ssl_proxy_has_valid_client_cert(const struct ssl_proxy *proxy) ATTR_PURE;
8302
0db37acdc59f Login process: Log auth failure reasons better in disconnect message.
Timo Sirainen <tss@iki.fi>
parents: 8122
diff changeset
29 bool ssl_proxy_has_broken_client_cert(struct ssl_proxy *proxy);
13675
7e3afd2252fd login proxy: Verify that remote hostname matches SSL cert, unless ssl=any-cert
Timo Sirainen <tss@iki.fi>
parents: 10695
diff changeset
30 int ssl_proxy_cert_match_name(struct ssl_proxy *proxy, const char *verify_name);
3635
c12df370e1b2 Added ssl_username_from_cert setting. Not actually tested yet..
Timo Sirainen <tss@iki.fi>
parents: 3520
diff changeset
31 const char *ssl_proxy_get_peer_name(struct ssl_proxy *proxy);
7912
81806d402514 Added more consts, ATTR_CONSTs and ATTR_PUREs.
Timo Sirainen <tss@iki.fi>
parents: 7374
diff changeset
32 bool ssl_proxy_is_handshaked(const struct ssl_proxy *proxy) ATTR_PURE;
81806d402514 Added more consts, ATTR_CONSTs and ATTR_PUREs.
Timo Sirainen <tss@iki.fi>
parents: 7374
diff changeset
33 const char *ssl_proxy_get_last_error(const struct ssl_proxy *proxy) ATTR_PURE;
8122
3917bf9cf311 login_log_format_elements: Added %k to show SSL protocol/cipher information.
Timo Sirainen <tss@iki.fi>
parents: 7912
diff changeset
34 const char *ssl_proxy_get_security_string(struct ssl_proxy *proxy);
10695
fd5141e85076 imap: Remember if TLS compression is enabled.
Timo Sirainen <tss@iki.fi>
parents: 10224
diff changeset
35 const char *ssl_proxy_get_compression(struct ssl_proxy *proxy);
14516
36cde186aec6 *-login: If client certificate isn't valid, log the reason why.
Timo Sirainen <tss@iki.fi>
parents: 14393
diff changeset
36 const char *ssl_proxy_get_cert_error(struct ssl_proxy *proxy);
17334
41622541a7a3 *-login: SSL connections didn't get closed when the client got destroyed.
Timo Sirainen <tss@iki.fi>
parents: 14728
diff changeset
37 void ssl_proxy_destroy(struct ssl_proxy *proxy);
9756
e30495ae11de *-login: Moved most of the common code to login-common.
Timo Sirainen <tss@iki.fi>
parents: 9283
diff changeset
38 void ssl_proxy_free(struct ssl_proxy **proxy);
1049
c41787e8c3f4 Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
39
4538
9d9e72374164 Fixes to login process handling, especially with
Timo Sirainen <tss@iki.fi>
parents: 3863
diff changeset
40 /* Return number of active SSL proxies */
7912
81806d402514 Added more consts, ATTR_CONSTs and ATTR_PUREs.
Timo Sirainen <tss@iki.fi>
parents: 7374
diff changeset
41 unsigned int ssl_proxy_get_count(void) ATTR_PURE;
4538
9d9e72374164 Fixes to login process handling, especially with
Timo Sirainen <tss@iki.fi>
parents: 3863
diff changeset
42
1049
c41787e8c3f4 Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
43 void ssl_proxy_init(void);
c41787e8c3f4 Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
44 void ssl_proxy_deinit(void);
c41787e8c3f4 Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
45
c41787e8c3f4 Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
46 #endif