annotate src/login-common/login-proxy.h @ 17503:75d254897442

login proxy: If passdb returns "source_ip" extra field, use it for outgoing connections.
author Timo Sirainen <tss@iki.fi>
date Mon, 16 Jun 2014 19:21:36 +0300
parents 02451e967a06
children aabfe48db1cf
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
rev   line source
6410
e4eb71ae8e96 Changed .h ifdef/defines to use <NAME>_H format.
Timo Sirainen <tss@iki.fi>
parents: 5048
diff changeset
1 #ifndef LOGIN_PROXY_H
e4eb71ae8e96 Changed .h ifdef/defines to use <NAME>_H format.
Timo Sirainen <tss@iki.fi>
parents: 5048
diff changeset
2 #define LOGIN_PROXY_H
2768
d344be0bb70f Added IMAP and POP3 proxying support.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
3
15187
02451e967a06 Renamed network.[ch] to net.[ch].
Timo Sirainen <tss@iki.fi>
parents: 14576
diff changeset
4 #include "net.h"
14518
773ca397d799 SSL proxying: Remote's host never matched cert, because auth process changed it to IP.
Timo Sirainen <tss@iki.fi>
parents: 11324
diff changeset
5
14162
ba06ea38c722 imap/pop3/lmtp proxy: Implemented detection of proxy loops with TTL.
Timo Sirainen <tss@iki.fi>
parents: 14157
diff changeset
6 /* Max. number of embedded proxying connections until proxying fails.
ba06ea38c722 imap/pop3/lmtp proxy: Implemented detection of proxy loops with TTL.
Timo Sirainen <tss@iki.fi>
parents: 14157
diff changeset
7 This is intended to avoid an accidental configuration where two proxies
ba06ea38c722 imap/pop3/lmtp proxy: Implemented detection of proxy loops with TTL.
Timo Sirainen <tss@iki.fi>
parents: 14157
diff changeset
8 keep connecting to each others, both thinking the other one is supposed to
ba06ea38c722 imap/pop3/lmtp proxy: Implemented detection of proxy loops with TTL.
Timo Sirainen <tss@iki.fi>
parents: 14157
diff changeset
9 handle the user. This only works if both proxies support the Dovecot
ba06ea38c722 imap/pop3/lmtp proxy: Implemented detection of proxy loops with TTL.
Timo Sirainen <tss@iki.fi>
parents: 14157
diff changeset
10 TTL extension feature. */
ba06ea38c722 imap/pop3/lmtp proxy: Implemented detection of proxy loops with TTL.
Timo Sirainen <tss@iki.fi>
parents: 14157
diff changeset
11 #define LOGIN_PROXY_TTL 5
ba06ea38c722 imap/pop3/lmtp proxy: Implemented detection of proxy loops with TTL.
Timo Sirainen <tss@iki.fi>
parents: 14157
diff changeset
12
9756
e30495ae11de *-login: Moved most of the common code to login-common.
Timo Sirainen <tss@iki.fi>
parents: 9165
diff changeset
13 struct client;
2773
e624a9ad6a30 More smart IMAP and POP3 proxies. Now if remote login fails, it just
Timo Sirainen <tss@iki.fi>
parents: 2768
diff changeset
14 struct login_proxy;
e624a9ad6a30 More smart IMAP and POP3 proxies. Now if remote login fails, it just
Timo Sirainen <tss@iki.fi>
parents: 2768
diff changeset
15
9165
96678e83eab6 imap/pop3 proxy: Support SSL/TLS connections to remote servers.
Timo Sirainen <tss@iki.fi>
parents: 9159
diff changeset
16 enum login_proxy_ssl_flags {
96678e83eab6 imap/pop3 proxy: Support SSL/TLS connections to remote servers.
Timo Sirainen <tss@iki.fi>
parents: 9159
diff changeset
17 /* Use SSL/TLS enabled */
96678e83eab6 imap/pop3 proxy: Support SSL/TLS connections to remote servers.
Timo Sirainen <tss@iki.fi>
parents: 9159
diff changeset
18 PROXY_SSL_FLAG_YES = 0x01,
96678e83eab6 imap/pop3 proxy: Support SSL/TLS connections to remote servers.
Timo Sirainen <tss@iki.fi>
parents: 9159
diff changeset
19 /* Don't do SSL handshake immediately after connected */
96678e83eab6 imap/pop3 proxy: Support SSL/TLS connections to remote servers.
Timo Sirainen <tss@iki.fi>
parents: 9159
diff changeset
20 PROXY_SSL_FLAG_STARTTLS = 0x02,
96678e83eab6 imap/pop3 proxy: Support SSL/TLS connections to remote servers.
Timo Sirainen <tss@iki.fi>
parents: 9159
diff changeset
21 /* Don't require that the received certificate is valid */
96678e83eab6 imap/pop3 proxy: Support SSL/TLS connections to remote servers.
Timo Sirainen <tss@iki.fi>
parents: 9159
diff changeset
22 PROXY_SSL_FLAG_ANY_CERT = 0x04
96678e83eab6 imap/pop3 proxy: Support SSL/TLS connections to remote servers.
Timo Sirainen <tss@iki.fi>
parents: 9159
diff changeset
23 };
96678e83eab6 imap/pop3 proxy: Support SSL/TLS connections to remote servers.
Timo Sirainen <tss@iki.fi>
parents: 9159
diff changeset
24
9773
8e099a00f8a9 login proxy: Added client_proxy passdb extra field to specify proxy's connect timeout.
Timo Sirainen <tss@iki.fi>
parents: 9756
diff changeset
25 struct login_proxy_settings {
8e099a00f8a9 login proxy: Added client_proxy passdb extra field to specify proxy's connect timeout.
Timo Sirainen <tss@iki.fi>
parents: 9756
diff changeset
26 const char *host;
17503
75d254897442 login proxy: If passdb returns "source_ip" extra field, use it for outgoing connections.
Timo Sirainen <tss@iki.fi>
parents: 15187
diff changeset
27 struct ip_addr ip, source_ip;
9773
8e099a00f8a9 login proxy: Added client_proxy passdb extra field to specify proxy's connect timeout.
Timo Sirainen <tss@iki.fi>
parents: 9756
diff changeset
28 unsigned int port;
8e099a00f8a9 login proxy: Added client_proxy passdb extra field to specify proxy's connect timeout.
Timo Sirainen <tss@iki.fi>
parents: 9756
diff changeset
29 unsigned int connect_timeout_msecs;
11324
c872378a8de6 login proxy: If passdb returns proxy_refresh=<secs>, send username to proxy-notify fifo every n secs.
Timo Sirainen <tss@iki.fi>
parents: 10616
diff changeset
30 /* send a notification about proxy connection to proxy-notify pipe
c872378a8de6 login proxy: If passdb returns proxy_refresh=<secs>, send username to proxy-notify fifo every n secs.
Timo Sirainen <tss@iki.fi>
parents: 10616
diff changeset
31 every n seconds */
c872378a8de6 login proxy: If passdb returns proxy_refresh=<secs>, send username to proxy-notify fifo every n secs.
Timo Sirainen <tss@iki.fi>
parents: 10616
diff changeset
32 unsigned int notify_refresh_secs;
9773
8e099a00f8a9 login proxy: Added client_proxy passdb extra field to specify proxy's connect timeout.
Timo Sirainen <tss@iki.fi>
parents: 9756
diff changeset
33 enum login_proxy_ssl_flags ssl_flags;
8e099a00f8a9 login proxy: Added client_proxy passdb extra field to specify proxy's connect timeout.
Timo Sirainen <tss@iki.fi>
parents: 9756
diff changeset
34 };
8e099a00f8a9 login proxy: Added client_proxy passdb extra field to specify proxy's connect timeout.
Timo Sirainen <tss@iki.fi>
parents: 9756
diff changeset
35
2773
e624a9ad6a30 More smart IMAP and POP3 proxies. Now if remote login fails, it just
Timo Sirainen <tss@iki.fi>
parents: 2768
diff changeset
36 /* Called when new input comes from proxy. */
10612
6b3dc91ae0c5 login: Proxy code API cleanup.
Timo Sirainen <tss@iki.fi>
parents: 10171
diff changeset
37 typedef void proxy_callback_t(struct client *client);
2773
e624a9ad6a30 More smart IMAP and POP3 proxies. Now if remote login fails, it just
Timo Sirainen <tss@iki.fi>
parents: 2768
diff changeset
38
e624a9ad6a30 More smart IMAP and POP3 proxies. Now if remote login fails, it just
Timo Sirainen <tss@iki.fi>
parents: 2768
diff changeset
39 /* Create a proxy to given host. Returns NULL if failed. Given callback is
e624a9ad6a30 More smart IMAP and POP3 proxies. Now if remote login fails, it just
Timo Sirainen <tss@iki.fi>
parents: 2768
diff changeset
40 called when new input is available from proxy. */
10612
6b3dc91ae0c5 login: Proxy code API cleanup.
Timo Sirainen <tss@iki.fi>
parents: 10171
diff changeset
41 int login_proxy_new(struct client *client,
6b3dc91ae0c5 login: Proxy code API cleanup.
Timo Sirainen <tss@iki.fi>
parents: 10171
diff changeset
42 const struct login_proxy_settings *set,
10616
23956a9b915b login: Proxying supports now doing DNS lookups for host names.
Timo Sirainen <tss@iki.fi>
parents: 10612
diff changeset
43 proxy_callback_t *callback);
2773
e624a9ad6a30 More smart IMAP and POP3 proxies. Now if remote login fails, it just
Timo Sirainen <tss@iki.fi>
parents: 2768
diff changeset
44 /* Free the proxy. This should be called if authentication fails. */
8583
2ff2cac3578b imap/pop3-login: Cleaned up proxying code. Don't disconnect client on proxy failures.
Timo Sirainen <tss@iki.fi>
parents: 7912
diff changeset
45 void login_proxy_free(struct login_proxy **proxy);
2773
e624a9ad6a30 More smart IMAP and POP3 proxies. Now if remote login fails, it just
Timo Sirainen <tss@iki.fi>
parents: 2768
diff changeset
46
6472
6afb29dc9273 If proxy points to the same host/port/user combination as we currently have,
Timo Sirainen <tss@iki.fi>
parents: 6410
diff changeset
47 /* Return TRUE if host/port/destuser combination points to same as current
6afb29dc9273 If proxy points to the same host/port/user combination as we currently have,
Timo Sirainen <tss@iki.fi>
parents: 6410
diff changeset
48 connection. */
7912
81806d402514 Added more consts, ATTR_CONSTs and ATTR_PUREs.
Timo Sirainen <tss@iki.fi>
parents: 6472
diff changeset
49 bool login_proxy_is_ourself(const struct client *client, const char *host,
6472
6afb29dc9273 If proxy points to the same host/port/user combination as we currently have,
Timo Sirainen <tss@iki.fi>
parents: 6410
diff changeset
50 unsigned int port, const char *destuser);
6afb29dc9273 If proxy points to the same host/port/user combination as we currently have,
Timo Sirainen <tss@iki.fi>
parents: 6410
diff changeset
51
2773
e624a9ad6a30 More smart IMAP and POP3 proxies. Now if remote login fails, it just
Timo Sirainen <tss@iki.fi>
parents: 2768
diff changeset
52 /* Detach proxy from client. This is done after the authentication is
e624a9ad6a30 More smart IMAP and POP3 proxies. Now if remote login fails, it just
Timo Sirainen <tss@iki.fi>
parents: 2768
diff changeset
53 successful and all that is left is the dummy proxying. */
9929
d60fa42fbaac *-login: Fixes to SSL/login proxy connection counting.
Timo Sirainen <tss@iki.fi>
parents: 9774
diff changeset
54 void login_proxy_detach(struct login_proxy *proxy);
2768
d344be0bb70f Added IMAP and POP3 proxying support.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
55
9165
96678e83eab6 imap/pop3 proxy: Support SSL/TLS connections to remote servers.
Timo Sirainen <tss@iki.fi>
parents: 9159
diff changeset
56 /* STARTTLS command was issued. */
96678e83eab6 imap/pop3 proxy: Support SSL/TLS connections to remote servers.
Timo Sirainen <tss@iki.fi>
parents: 9159
diff changeset
57 int login_proxy_starttls(struct login_proxy *proxy);
96678e83eab6 imap/pop3 proxy: Support SSL/TLS connections to remote servers.
Timo Sirainen <tss@iki.fi>
parents: 9159
diff changeset
58
96678e83eab6 imap/pop3 proxy: Support SSL/TLS connections to remote servers.
Timo Sirainen <tss@iki.fi>
parents: 9159
diff changeset
59 struct istream *login_proxy_get_istream(struct login_proxy *proxy);
96678e83eab6 imap/pop3 proxy: Support SSL/TLS connections to remote servers.
Timo Sirainen <tss@iki.fi>
parents: 9159
diff changeset
60 struct ostream *login_proxy_get_ostream(struct login_proxy *proxy);
96678e83eab6 imap/pop3 proxy: Support SSL/TLS connections to remote servers.
Timo Sirainen <tss@iki.fi>
parents: 9159
diff changeset
61
7912
81806d402514 Added more consts, ATTR_CONSTs and ATTR_PUREs.
Timo Sirainen <tss@iki.fi>
parents: 6472
diff changeset
62 const char *login_proxy_get_host(const struct login_proxy *proxy) ATTR_PURE;
81806d402514 Added more consts, ATTR_CONSTs and ATTR_PUREs.
Timo Sirainen <tss@iki.fi>
parents: 6472
diff changeset
63 unsigned int login_proxy_get_port(const struct login_proxy *proxy) ATTR_PURE;
9165
96678e83eab6 imap/pop3 proxy: Support SSL/TLS connections to remote servers.
Timo Sirainen <tss@iki.fi>
parents: 9159
diff changeset
64 enum login_proxy_ssl_flags
96678e83eab6 imap/pop3 proxy: Support SSL/TLS connections to remote servers.
Timo Sirainen <tss@iki.fi>
parents: 9159
diff changeset
65 login_proxy_get_ssl_flags(const struct login_proxy *proxy) ATTR_PURE;
5048
5c0a5cf4626d Forgot to commit for the "log proxy destination" change.
Timo Sirainen <tss@iki.fi>
parents: 4906
diff changeset
66
10171
7f0ccd367351 Handle shutdown_clients globally for all services.
Timo Sirainen <tss@iki.fi>
parents: 9929
diff changeset
67 void login_proxy_kill_idle(void);
7f0ccd367351 Handle shutdown_clients globally for all services.
Timo Sirainen <tss@iki.fi>
parents: 9929
diff changeset
68
11324
c872378a8de6 login proxy: If passdb returns proxy_refresh=<secs>, send username to proxy-notify fifo every n secs.
Timo Sirainen <tss@iki.fi>
parents: 10616
diff changeset
69 void login_proxy_init(const char *proxy_notify_pipe_path);
2768
d344be0bb70f Added IMAP and POP3 proxying support.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
70 void login_proxy_deinit(void);
d344be0bb70f Added IMAP and POP3 proxying support.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
71
d344be0bb70f Added IMAP and POP3 proxying support.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
72 #endif