Mercurial > dovecot > core-2.2
annotate src/login-common/login-proxy.h @ 17503:75d254897442
login proxy: If passdb returns "source_ip" extra field, use it for outgoing connections.
author | Timo Sirainen <tss@iki.fi> |
---|---|
date | Mon, 16 Jun 2014 19:21:36 +0300 |
parents | 02451e967a06 |
children | aabfe48db1cf |
rev | line source |
---|---|
6410
e4eb71ae8e96
Changed .h ifdef/defines to use <NAME>_H format.
Timo Sirainen <tss@iki.fi>
parents:
5048
diff
changeset
|
1 #ifndef LOGIN_PROXY_H |
e4eb71ae8e96
Changed .h ifdef/defines to use <NAME>_H format.
Timo Sirainen <tss@iki.fi>
parents:
5048
diff
changeset
|
2 #define LOGIN_PROXY_H |
2768
d344be0bb70f
Added IMAP and POP3 proxying support.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
3 |
15187
02451e967a06
Renamed network.[ch] to net.[ch].
Timo Sirainen <tss@iki.fi>
parents:
14576
diff
changeset
|
4 #include "net.h" |
14518
773ca397d799
SSL proxying: Remote's host never matched cert, because auth process changed it to IP.
Timo Sirainen <tss@iki.fi>
parents:
11324
diff
changeset
|
5 |
14162
ba06ea38c722
imap/pop3/lmtp proxy: Implemented detection of proxy loops with TTL.
Timo Sirainen <tss@iki.fi>
parents:
14157
diff
changeset
|
6 /* Max. number of embedded proxying connections until proxying fails. |
ba06ea38c722
imap/pop3/lmtp proxy: Implemented detection of proxy loops with TTL.
Timo Sirainen <tss@iki.fi>
parents:
14157
diff
changeset
|
7 This is intended to avoid an accidental configuration where two proxies |
ba06ea38c722
imap/pop3/lmtp proxy: Implemented detection of proxy loops with TTL.
Timo Sirainen <tss@iki.fi>
parents:
14157
diff
changeset
|
8 keep connecting to each others, both thinking the other one is supposed to |
ba06ea38c722
imap/pop3/lmtp proxy: Implemented detection of proxy loops with TTL.
Timo Sirainen <tss@iki.fi>
parents:
14157
diff
changeset
|
9 handle the user. This only works if both proxies support the Dovecot |
ba06ea38c722
imap/pop3/lmtp proxy: Implemented detection of proxy loops with TTL.
Timo Sirainen <tss@iki.fi>
parents:
14157
diff
changeset
|
10 TTL extension feature. */ |
ba06ea38c722
imap/pop3/lmtp proxy: Implemented detection of proxy loops with TTL.
Timo Sirainen <tss@iki.fi>
parents:
14157
diff
changeset
|
11 #define LOGIN_PROXY_TTL 5 |
ba06ea38c722
imap/pop3/lmtp proxy: Implemented detection of proxy loops with TTL.
Timo Sirainen <tss@iki.fi>
parents:
14157
diff
changeset
|
12 |
9756
e30495ae11de
*-login: Moved most of the common code to login-common.
Timo Sirainen <tss@iki.fi>
parents:
9165
diff
changeset
|
13 struct client; |
2773
e624a9ad6a30
More smart IMAP and POP3 proxies. Now if remote login fails, it just
Timo Sirainen <tss@iki.fi>
parents:
2768
diff
changeset
|
14 struct login_proxy; |
e624a9ad6a30
More smart IMAP and POP3 proxies. Now if remote login fails, it just
Timo Sirainen <tss@iki.fi>
parents:
2768
diff
changeset
|
15 |
9165
96678e83eab6
imap/pop3 proxy: Support SSL/TLS connections to remote servers.
Timo Sirainen <tss@iki.fi>
parents:
9159
diff
changeset
|
16 enum login_proxy_ssl_flags { |
96678e83eab6
imap/pop3 proxy: Support SSL/TLS connections to remote servers.
Timo Sirainen <tss@iki.fi>
parents:
9159
diff
changeset
|
17 /* Use SSL/TLS enabled */ |
96678e83eab6
imap/pop3 proxy: Support SSL/TLS connections to remote servers.
Timo Sirainen <tss@iki.fi>
parents:
9159
diff
changeset
|
18 PROXY_SSL_FLAG_YES = 0x01, |
96678e83eab6
imap/pop3 proxy: Support SSL/TLS connections to remote servers.
Timo Sirainen <tss@iki.fi>
parents:
9159
diff
changeset
|
19 /* Don't do SSL handshake immediately after connected */ |
96678e83eab6
imap/pop3 proxy: Support SSL/TLS connections to remote servers.
Timo Sirainen <tss@iki.fi>
parents:
9159
diff
changeset
|
20 PROXY_SSL_FLAG_STARTTLS = 0x02, |
96678e83eab6
imap/pop3 proxy: Support SSL/TLS connections to remote servers.
Timo Sirainen <tss@iki.fi>
parents:
9159
diff
changeset
|
21 /* Don't require that the received certificate is valid */ |
96678e83eab6
imap/pop3 proxy: Support SSL/TLS connections to remote servers.
Timo Sirainen <tss@iki.fi>
parents:
9159
diff
changeset
|
22 PROXY_SSL_FLAG_ANY_CERT = 0x04 |
96678e83eab6
imap/pop3 proxy: Support SSL/TLS connections to remote servers.
Timo Sirainen <tss@iki.fi>
parents:
9159
diff
changeset
|
23 }; |
96678e83eab6
imap/pop3 proxy: Support SSL/TLS connections to remote servers.
Timo Sirainen <tss@iki.fi>
parents:
9159
diff
changeset
|
24 |
9773
8e099a00f8a9
login proxy: Added client_proxy passdb extra field to specify proxy's connect timeout.
Timo Sirainen <tss@iki.fi>
parents:
9756
diff
changeset
|
25 struct login_proxy_settings { |
8e099a00f8a9
login proxy: Added client_proxy passdb extra field to specify proxy's connect timeout.
Timo Sirainen <tss@iki.fi>
parents:
9756
diff
changeset
|
26 const char *host; |
17503
75d254897442
login proxy: If passdb returns "source_ip" extra field, use it for outgoing connections.
Timo Sirainen <tss@iki.fi>
parents:
15187
diff
changeset
|
27 struct ip_addr ip, source_ip; |
9773
8e099a00f8a9
login proxy: Added client_proxy passdb extra field to specify proxy's connect timeout.
Timo Sirainen <tss@iki.fi>
parents:
9756
diff
changeset
|
28 unsigned int port; |
8e099a00f8a9
login proxy: Added client_proxy passdb extra field to specify proxy's connect timeout.
Timo Sirainen <tss@iki.fi>
parents:
9756
diff
changeset
|
29 unsigned int connect_timeout_msecs; |
11324
c872378a8de6
login proxy: If passdb returns proxy_refresh=<secs>, send username to proxy-notify fifo every n secs.
Timo Sirainen <tss@iki.fi>
parents:
10616
diff
changeset
|
30 /* send a notification about proxy connection to proxy-notify pipe |
c872378a8de6
login proxy: If passdb returns proxy_refresh=<secs>, send username to proxy-notify fifo every n secs.
Timo Sirainen <tss@iki.fi>
parents:
10616
diff
changeset
|
31 every n seconds */ |
c872378a8de6
login proxy: If passdb returns proxy_refresh=<secs>, send username to proxy-notify fifo every n secs.
Timo Sirainen <tss@iki.fi>
parents:
10616
diff
changeset
|
32 unsigned int notify_refresh_secs; |
9773
8e099a00f8a9
login proxy: Added client_proxy passdb extra field to specify proxy's connect timeout.
Timo Sirainen <tss@iki.fi>
parents:
9756
diff
changeset
|
33 enum login_proxy_ssl_flags ssl_flags; |
8e099a00f8a9
login proxy: Added client_proxy passdb extra field to specify proxy's connect timeout.
Timo Sirainen <tss@iki.fi>
parents:
9756
diff
changeset
|
34 }; |
8e099a00f8a9
login proxy: Added client_proxy passdb extra field to specify proxy's connect timeout.
Timo Sirainen <tss@iki.fi>
parents:
9756
diff
changeset
|
35 |
2773
e624a9ad6a30
More smart IMAP and POP3 proxies. Now if remote login fails, it just
Timo Sirainen <tss@iki.fi>
parents:
2768
diff
changeset
|
36 /* Called when new input comes from proxy. */ |
10612
6b3dc91ae0c5
login: Proxy code API cleanup.
Timo Sirainen <tss@iki.fi>
parents:
10171
diff
changeset
|
37 typedef void proxy_callback_t(struct client *client); |
2773
e624a9ad6a30
More smart IMAP and POP3 proxies. Now if remote login fails, it just
Timo Sirainen <tss@iki.fi>
parents:
2768
diff
changeset
|
38 |
e624a9ad6a30
More smart IMAP and POP3 proxies. Now if remote login fails, it just
Timo Sirainen <tss@iki.fi>
parents:
2768
diff
changeset
|
39 /* Create a proxy to given host. Returns NULL if failed. Given callback is |
e624a9ad6a30
More smart IMAP and POP3 proxies. Now if remote login fails, it just
Timo Sirainen <tss@iki.fi>
parents:
2768
diff
changeset
|
40 called when new input is available from proxy. */ |
10612
6b3dc91ae0c5
login: Proxy code API cleanup.
Timo Sirainen <tss@iki.fi>
parents:
10171
diff
changeset
|
41 int login_proxy_new(struct client *client, |
6b3dc91ae0c5
login: Proxy code API cleanup.
Timo Sirainen <tss@iki.fi>
parents:
10171
diff
changeset
|
42 const struct login_proxy_settings *set, |
10616
23956a9b915b
login: Proxying supports now doing DNS lookups for host names.
Timo Sirainen <tss@iki.fi>
parents:
10612
diff
changeset
|
43 proxy_callback_t *callback); |
2773
e624a9ad6a30
More smart IMAP and POP3 proxies. Now if remote login fails, it just
Timo Sirainen <tss@iki.fi>
parents:
2768
diff
changeset
|
44 /* Free the proxy. This should be called if authentication fails. */ |
8583
2ff2cac3578b
imap/pop3-login: Cleaned up proxying code. Don't disconnect client on proxy failures.
Timo Sirainen <tss@iki.fi>
parents:
7912
diff
changeset
|
45 void login_proxy_free(struct login_proxy **proxy); |
2773
e624a9ad6a30
More smart IMAP and POP3 proxies. Now if remote login fails, it just
Timo Sirainen <tss@iki.fi>
parents:
2768
diff
changeset
|
46 |
6472
6afb29dc9273
If proxy points to the same host/port/user combination as we currently have,
Timo Sirainen <tss@iki.fi>
parents:
6410
diff
changeset
|
47 /* Return TRUE if host/port/destuser combination points to same as current |
6afb29dc9273
If proxy points to the same host/port/user combination as we currently have,
Timo Sirainen <tss@iki.fi>
parents:
6410
diff
changeset
|
48 connection. */ |
7912
81806d402514
Added more consts, ATTR_CONSTs and ATTR_PUREs.
Timo Sirainen <tss@iki.fi>
parents:
6472
diff
changeset
|
49 bool login_proxy_is_ourself(const struct client *client, const char *host, |
6472
6afb29dc9273
If proxy points to the same host/port/user combination as we currently have,
Timo Sirainen <tss@iki.fi>
parents:
6410
diff
changeset
|
50 unsigned int port, const char *destuser); |
6afb29dc9273
If proxy points to the same host/port/user combination as we currently have,
Timo Sirainen <tss@iki.fi>
parents:
6410
diff
changeset
|
51 |
2773
e624a9ad6a30
More smart IMAP and POP3 proxies. Now if remote login fails, it just
Timo Sirainen <tss@iki.fi>
parents:
2768
diff
changeset
|
52 /* Detach proxy from client. This is done after the authentication is |
e624a9ad6a30
More smart IMAP and POP3 proxies. Now if remote login fails, it just
Timo Sirainen <tss@iki.fi>
parents:
2768
diff
changeset
|
53 successful and all that is left is the dummy proxying. */ |
9929
d60fa42fbaac
*-login: Fixes to SSL/login proxy connection counting.
Timo Sirainen <tss@iki.fi>
parents:
9774
diff
changeset
|
54 void login_proxy_detach(struct login_proxy *proxy); |
2768
d344be0bb70f
Added IMAP and POP3 proxying support.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
55 |
9165
96678e83eab6
imap/pop3 proxy: Support SSL/TLS connections to remote servers.
Timo Sirainen <tss@iki.fi>
parents:
9159
diff
changeset
|
56 /* STARTTLS command was issued. */ |
96678e83eab6
imap/pop3 proxy: Support SSL/TLS connections to remote servers.
Timo Sirainen <tss@iki.fi>
parents:
9159
diff
changeset
|
57 int login_proxy_starttls(struct login_proxy *proxy); |
96678e83eab6
imap/pop3 proxy: Support SSL/TLS connections to remote servers.
Timo Sirainen <tss@iki.fi>
parents:
9159
diff
changeset
|
58 |
96678e83eab6
imap/pop3 proxy: Support SSL/TLS connections to remote servers.
Timo Sirainen <tss@iki.fi>
parents:
9159
diff
changeset
|
59 struct istream *login_proxy_get_istream(struct login_proxy *proxy); |
96678e83eab6
imap/pop3 proxy: Support SSL/TLS connections to remote servers.
Timo Sirainen <tss@iki.fi>
parents:
9159
diff
changeset
|
60 struct ostream *login_proxy_get_ostream(struct login_proxy *proxy); |
96678e83eab6
imap/pop3 proxy: Support SSL/TLS connections to remote servers.
Timo Sirainen <tss@iki.fi>
parents:
9159
diff
changeset
|
61 |
7912
81806d402514
Added more consts, ATTR_CONSTs and ATTR_PUREs.
Timo Sirainen <tss@iki.fi>
parents:
6472
diff
changeset
|
62 const char *login_proxy_get_host(const struct login_proxy *proxy) ATTR_PURE; |
81806d402514
Added more consts, ATTR_CONSTs and ATTR_PUREs.
Timo Sirainen <tss@iki.fi>
parents:
6472
diff
changeset
|
63 unsigned int login_proxy_get_port(const struct login_proxy *proxy) ATTR_PURE; |
9165
96678e83eab6
imap/pop3 proxy: Support SSL/TLS connections to remote servers.
Timo Sirainen <tss@iki.fi>
parents:
9159
diff
changeset
|
64 enum login_proxy_ssl_flags |
96678e83eab6
imap/pop3 proxy: Support SSL/TLS connections to remote servers.
Timo Sirainen <tss@iki.fi>
parents:
9159
diff
changeset
|
65 login_proxy_get_ssl_flags(const struct login_proxy *proxy) ATTR_PURE; |
5048
5c0a5cf4626d
Forgot to commit for the "log proxy destination" change.
Timo Sirainen <tss@iki.fi>
parents:
4906
diff
changeset
|
66 |
10171
7f0ccd367351
Handle shutdown_clients globally for all services.
Timo Sirainen <tss@iki.fi>
parents:
9929
diff
changeset
|
67 void login_proxy_kill_idle(void); |
7f0ccd367351
Handle shutdown_clients globally for all services.
Timo Sirainen <tss@iki.fi>
parents:
9929
diff
changeset
|
68 |
11324
c872378a8de6
login proxy: If passdb returns proxy_refresh=<secs>, send username to proxy-notify fifo every n secs.
Timo Sirainen <tss@iki.fi>
parents:
10616
diff
changeset
|
69 void login_proxy_init(const char *proxy_notify_pipe_path); |
2768
d344be0bb70f
Added IMAP and POP3 proxying support.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
70 void login_proxy_deinit(void); |
d344be0bb70f
Added IMAP and POP3 proxying support.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
71 |
d344be0bb70f
Added IMAP and POP3 proxying support.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
72 #endif |