Mercurial > dovecot > core-2.2
annotate src/login-common/login-proxy.h @ 22715:20415dd0b85a
dsync: Add per-mailbox sync lock that is always used.
Both importing and exporting gets the lock before they even sync the
mailbox. The lock is kept until the import/export finishes. This guarantees
that no matter how dsync is run, two dsyncs can't be working on the same
mailbox at the same time.
This lock is in addition to the optional per-user lock enabled by the -l
parameter. If the -l parameter is used, the same lock timeout is used for
the per-mailbox lock. Otherwise 30s timeout is used.
This should help to avoid email duplication when replication is enabled for
public namespaces, and maybe in some other rare situations as well.
| author | Timo Sirainen <timo.sirainen@dovecot.fi> |
|---|---|
| date | Thu, 28 Dec 2017 14:10:23 +0200 |
| parents | aabfe48db1cf |
| children |
| rev | line source |
|---|---|
|
6410
e4eb71ae8e96
Changed .h ifdef/defines to use <NAME>_H format.
Timo Sirainen <tss@iki.fi>
parents:
5048
diff
changeset
|
1 #ifndef LOGIN_PROXY_H |
|
e4eb71ae8e96
Changed .h ifdef/defines to use <NAME>_H format.
Timo Sirainen <tss@iki.fi>
parents:
5048
diff
changeset
|
2 #define LOGIN_PROXY_H |
|
2768
d344be0bb70f
Added IMAP and POP3 proxying support.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
3 |
|
15187
02451e967a06
Renamed network.[ch] to net.[ch].
Timo Sirainen <tss@iki.fi>
parents:
14576
diff
changeset
|
4 #include "net.h" |
|
14518
773ca397d799
SSL proxying: Remote's host never matched cert, because auth process changed it to IP.
Timo Sirainen <tss@iki.fi>
parents:
11324
diff
changeset
|
5 |
|
14162
ba06ea38c722
imap/pop3/lmtp proxy: Implemented detection of proxy loops with TTL.
Timo Sirainen <tss@iki.fi>
parents:
14157
diff
changeset
|
6 /* Max. number of embedded proxying connections until proxying fails. |
|
ba06ea38c722
imap/pop3/lmtp proxy: Implemented detection of proxy loops with TTL.
Timo Sirainen <tss@iki.fi>
parents:
14157
diff
changeset
|
7 This is intended to avoid an accidental configuration where two proxies |
|
ba06ea38c722
imap/pop3/lmtp proxy: Implemented detection of proxy loops with TTL.
Timo Sirainen <tss@iki.fi>
parents:
14157
diff
changeset
|
8 keep connecting to each others, both thinking the other one is supposed to |
|
ba06ea38c722
imap/pop3/lmtp proxy: Implemented detection of proxy loops with TTL.
Timo Sirainen <tss@iki.fi>
parents:
14157
diff
changeset
|
9 handle the user. This only works if both proxies support the Dovecot |
|
ba06ea38c722
imap/pop3/lmtp proxy: Implemented detection of proxy loops with TTL.
Timo Sirainen <tss@iki.fi>
parents:
14157
diff
changeset
|
10 TTL extension feature. */ |
|
ba06ea38c722
imap/pop3/lmtp proxy: Implemented detection of proxy loops with TTL.
Timo Sirainen <tss@iki.fi>
parents:
14157
diff
changeset
|
11 #define LOGIN_PROXY_TTL 5 |
|
ba06ea38c722
imap/pop3/lmtp proxy: Implemented detection of proxy loops with TTL.
Timo Sirainen <tss@iki.fi>
parents:
14157
diff
changeset
|
12 |
|
9756
e30495ae11de
*-login: Moved most of the common code to login-common.
Timo Sirainen <tss@iki.fi>
parents:
9165
diff
changeset
|
13 struct client; |
|
2773
e624a9ad6a30
More smart IMAP and POP3 proxies. Now if remote login fails, it just
Timo Sirainen <tss@iki.fi>
parents:
2768
diff
changeset
|
14 struct login_proxy; |
|
e624a9ad6a30
More smart IMAP and POP3 proxies. Now if remote login fails, it just
Timo Sirainen <tss@iki.fi>
parents:
2768
diff
changeset
|
15 |
|
9165
96678e83eab6
imap/pop3 proxy: Support SSL/TLS connections to remote servers.
Timo Sirainen <tss@iki.fi>
parents:
9159
diff
changeset
|
16 enum login_proxy_ssl_flags { |
|
96678e83eab6
imap/pop3 proxy: Support SSL/TLS connections to remote servers.
Timo Sirainen <tss@iki.fi>
parents:
9159
diff
changeset
|
17 /* Use SSL/TLS enabled */ |
|
96678e83eab6
imap/pop3 proxy: Support SSL/TLS connections to remote servers.
Timo Sirainen <tss@iki.fi>
parents:
9159
diff
changeset
|
18 PROXY_SSL_FLAG_YES = 0x01, |
|
96678e83eab6
imap/pop3 proxy: Support SSL/TLS connections to remote servers.
Timo Sirainen <tss@iki.fi>
parents:
9159
diff
changeset
|
19 /* Don't do SSL handshake immediately after connected */ |
|
96678e83eab6
imap/pop3 proxy: Support SSL/TLS connections to remote servers.
Timo Sirainen <tss@iki.fi>
parents:
9159
diff
changeset
|
20 PROXY_SSL_FLAG_STARTTLS = 0x02, |
|
96678e83eab6
imap/pop3 proxy: Support SSL/TLS connections to remote servers.
Timo Sirainen <tss@iki.fi>
parents:
9159
diff
changeset
|
21 /* Don't require that the received certificate is valid */ |
|
96678e83eab6
imap/pop3 proxy: Support SSL/TLS connections to remote servers.
Timo Sirainen <tss@iki.fi>
parents:
9159
diff
changeset
|
22 PROXY_SSL_FLAG_ANY_CERT = 0x04 |
|
96678e83eab6
imap/pop3 proxy: Support SSL/TLS connections to remote servers.
Timo Sirainen <tss@iki.fi>
parents:
9159
diff
changeset
|
23 }; |
|
96678e83eab6
imap/pop3 proxy: Support SSL/TLS connections to remote servers.
Timo Sirainen <tss@iki.fi>
parents:
9159
diff
changeset
|
24 |
|
9773
8e099a00f8a9
login proxy: Added client_proxy passdb extra field to specify proxy's connect timeout.
Timo Sirainen <tss@iki.fi>
parents:
9756
diff
changeset
|
25 struct login_proxy_settings { |
|
8e099a00f8a9
login proxy: Added client_proxy passdb extra field to specify proxy's connect timeout.
Timo Sirainen <tss@iki.fi>
parents:
9756
diff
changeset
|
26 const char *host; |
|
17503
75d254897442
login proxy: If passdb returns "source_ip" extra field, use it for outgoing connections.
Timo Sirainen <tss@iki.fi>
parents:
15187
diff
changeset
|
27 struct ip_addr ip, source_ip; |
|
19035
aabfe48db1cf
Changed type of internet port values to in_port_t everywhere.
Stephan Bosch <stephan@rename-it.nl>
parents:
17503
diff
changeset
|
28 in_port_t port; |
|
9773
8e099a00f8a9
login proxy: Added client_proxy passdb extra field to specify proxy's connect timeout.
Timo Sirainen <tss@iki.fi>
parents:
9756
diff
changeset
|
29 unsigned int connect_timeout_msecs; |
|
11324
c872378a8de6
login proxy: If passdb returns proxy_refresh=<secs>, send username to proxy-notify fifo every n secs.
Timo Sirainen <tss@iki.fi>
parents:
10616
diff
changeset
|
30 /* send a notification about proxy connection to proxy-notify pipe |
|
c872378a8de6
login proxy: If passdb returns proxy_refresh=<secs>, send username to proxy-notify fifo every n secs.
Timo Sirainen <tss@iki.fi>
parents:
10616
diff
changeset
|
31 every n seconds */ |
|
c872378a8de6
login proxy: If passdb returns proxy_refresh=<secs>, send username to proxy-notify fifo every n secs.
Timo Sirainen <tss@iki.fi>
parents:
10616
diff
changeset
|
32 unsigned int notify_refresh_secs; |
|
9773
8e099a00f8a9
login proxy: Added client_proxy passdb extra field to specify proxy's connect timeout.
Timo Sirainen <tss@iki.fi>
parents:
9756
diff
changeset
|
33 enum login_proxy_ssl_flags ssl_flags; |
|
8e099a00f8a9
login proxy: Added client_proxy passdb extra field to specify proxy's connect timeout.
Timo Sirainen <tss@iki.fi>
parents:
9756
diff
changeset
|
34 }; |
|
8e099a00f8a9
login proxy: Added client_proxy passdb extra field to specify proxy's connect timeout.
Timo Sirainen <tss@iki.fi>
parents:
9756
diff
changeset
|
35 |
|
2773
e624a9ad6a30
More smart IMAP and POP3 proxies. Now if remote login fails, it just
Timo Sirainen <tss@iki.fi>
parents:
2768
diff
changeset
|
36 /* Called when new input comes from proxy. */ |
|
10612
6b3dc91ae0c5
login: Proxy code API cleanup.
Timo Sirainen <tss@iki.fi>
parents:
10171
diff
changeset
|
37 typedef void proxy_callback_t(struct client *client); |
|
2773
e624a9ad6a30
More smart IMAP and POP3 proxies. Now if remote login fails, it just
Timo Sirainen <tss@iki.fi>
parents:
2768
diff
changeset
|
38 |
|
e624a9ad6a30
More smart IMAP and POP3 proxies. Now if remote login fails, it just
Timo Sirainen <tss@iki.fi>
parents:
2768
diff
changeset
|
39 /* Create a proxy to given host. Returns NULL if failed. Given callback is |
|
e624a9ad6a30
More smart IMAP and POP3 proxies. Now if remote login fails, it just
Timo Sirainen <tss@iki.fi>
parents:
2768
diff
changeset
|
40 called when new input is available from proxy. */ |
|
10612
6b3dc91ae0c5
login: Proxy code API cleanup.
Timo Sirainen <tss@iki.fi>
parents:
10171
diff
changeset
|
41 int login_proxy_new(struct client *client, |
|
6b3dc91ae0c5
login: Proxy code API cleanup.
Timo Sirainen <tss@iki.fi>
parents:
10171
diff
changeset
|
42 const struct login_proxy_settings *set, |
|
10616
23956a9b915b
login: Proxying supports now doing DNS lookups for host names.
Timo Sirainen <tss@iki.fi>
parents:
10612
diff
changeset
|
43 proxy_callback_t *callback); |
|
2773
e624a9ad6a30
More smart IMAP and POP3 proxies. Now if remote login fails, it just
Timo Sirainen <tss@iki.fi>
parents:
2768
diff
changeset
|
44 /* Free the proxy. This should be called if authentication fails. */ |
|
8583
2ff2cac3578b
imap/pop3-login: Cleaned up proxying code. Don't disconnect client on proxy failures.
Timo Sirainen <tss@iki.fi>
parents:
7912
diff
changeset
|
45 void login_proxy_free(struct login_proxy **proxy); |
|
2773
e624a9ad6a30
More smart IMAP and POP3 proxies. Now if remote login fails, it just
Timo Sirainen <tss@iki.fi>
parents:
2768
diff
changeset
|
46 |
|
6472
6afb29dc9273
If proxy points to the same host/port/user combination as we currently have,
Timo Sirainen <tss@iki.fi>
parents:
6410
diff
changeset
|
47 /* Return TRUE if host/port/destuser combination points to same as current |
|
6afb29dc9273
If proxy points to the same host/port/user combination as we currently have,
Timo Sirainen <tss@iki.fi>
parents:
6410
diff
changeset
|
48 connection. */ |
|
7912
81806d402514
Added more consts, ATTR_CONSTs and ATTR_PUREs.
Timo Sirainen <tss@iki.fi>
parents:
6472
diff
changeset
|
49 bool login_proxy_is_ourself(const struct client *client, const char *host, |
|
19035
aabfe48db1cf
Changed type of internet port values to in_port_t everywhere.
Stephan Bosch <stephan@rename-it.nl>
parents:
17503
diff
changeset
|
50 in_port_t port, const char *destuser); |
|
6472
6afb29dc9273
If proxy points to the same host/port/user combination as we currently have,
Timo Sirainen <tss@iki.fi>
parents:
6410
diff
changeset
|
51 |
|
2773
e624a9ad6a30
More smart IMAP and POP3 proxies. Now if remote login fails, it just
Timo Sirainen <tss@iki.fi>
parents:
2768
diff
changeset
|
52 /* Detach proxy from client. This is done after the authentication is |
|
e624a9ad6a30
More smart IMAP and POP3 proxies. Now if remote login fails, it just
Timo Sirainen <tss@iki.fi>
parents:
2768
diff
changeset
|
53 successful and all that is left is the dummy proxying. */ |
|
9929
d60fa42fbaac
*-login: Fixes to SSL/login proxy connection counting.
Timo Sirainen <tss@iki.fi>
parents:
9774
diff
changeset
|
54 void login_proxy_detach(struct login_proxy *proxy); |
|
2768
d344be0bb70f
Added IMAP and POP3 proxying support.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
55 |
|
9165
96678e83eab6
imap/pop3 proxy: Support SSL/TLS connections to remote servers.
Timo Sirainen <tss@iki.fi>
parents:
9159
diff
changeset
|
56 /* STARTTLS command was issued. */ |
|
96678e83eab6
imap/pop3 proxy: Support SSL/TLS connections to remote servers.
Timo Sirainen <tss@iki.fi>
parents:
9159
diff
changeset
|
57 int login_proxy_starttls(struct login_proxy *proxy); |
|
96678e83eab6
imap/pop3 proxy: Support SSL/TLS connections to remote servers.
Timo Sirainen <tss@iki.fi>
parents:
9159
diff
changeset
|
58 |
|
96678e83eab6
imap/pop3 proxy: Support SSL/TLS connections to remote servers.
Timo Sirainen <tss@iki.fi>
parents:
9159
diff
changeset
|
59 struct istream *login_proxy_get_istream(struct login_proxy *proxy); |
|
96678e83eab6
imap/pop3 proxy: Support SSL/TLS connections to remote servers.
Timo Sirainen <tss@iki.fi>
parents:
9159
diff
changeset
|
60 struct ostream *login_proxy_get_ostream(struct login_proxy *proxy); |
|
96678e83eab6
imap/pop3 proxy: Support SSL/TLS connections to remote servers.
Timo Sirainen <tss@iki.fi>
parents:
9159
diff
changeset
|
61 |
|
7912
81806d402514
Added more consts, ATTR_CONSTs and ATTR_PUREs.
Timo Sirainen <tss@iki.fi>
parents:
6472
diff
changeset
|
62 const char *login_proxy_get_host(const struct login_proxy *proxy) ATTR_PURE; |
|
19035
aabfe48db1cf
Changed type of internet port values to in_port_t everywhere.
Stephan Bosch <stephan@rename-it.nl>
parents:
17503
diff
changeset
|
63 in_port_t login_proxy_get_port(const struct login_proxy *proxy) ATTR_PURE; |
|
9165
96678e83eab6
imap/pop3 proxy: Support SSL/TLS connections to remote servers.
Timo Sirainen <tss@iki.fi>
parents:
9159
diff
changeset
|
64 enum login_proxy_ssl_flags |
|
96678e83eab6
imap/pop3 proxy: Support SSL/TLS connections to remote servers.
Timo Sirainen <tss@iki.fi>
parents:
9159
diff
changeset
|
65 login_proxy_get_ssl_flags(const struct login_proxy *proxy) ATTR_PURE; |
|
5048
5c0a5cf4626d
Forgot to commit for the "log proxy destination" change.
Timo Sirainen <tss@iki.fi>
parents:
4906
diff
changeset
|
66 |
|
10171
7f0ccd367351
Handle shutdown_clients globally for all services.
Timo Sirainen <tss@iki.fi>
parents:
9929
diff
changeset
|
67 void login_proxy_kill_idle(void); |
|
7f0ccd367351
Handle shutdown_clients globally for all services.
Timo Sirainen <tss@iki.fi>
parents:
9929
diff
changeset
|
68 |
|
11324
c872378a8de6
login proxy: If passdb returns proxy_refresh=<secs>, send username to proxy-notify fifo every n secs.
Timo Sirainen <tss@iki.fi>
parents:
10616
diff
changeset
|
69 void login_proxy_init(const char *proxy_notify_pipe_path); |
|
2768
d344be0bb70f
Added IMAP and POP3 proxying support.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
70 void login_proxy_deinit(void); |
|
d344be0bb70f
Added IMAP and POP3 proxying support.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
71 |
|
d344be0bb70f
Added IMAP and POP3 proxying support.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
72 #endif |