Mercurial > dovecot > core-2.2
annotate src/login-common/login-proxy.h @ 14518:773ca397d799
SSL proxying: Remote's host never matched cert, because auth process changed it to IP.
Now the "host" parameter isn't changed, but a new optional "hostip"
parameter contains the IP address where to connect to.
| author | Timo Sirainen <tss@iki.fi> |
|---|---|
| date | Wed, 25 Apr 2012 21:32:00 +0300 |
| parents | c872378a8de6 |
| children | fbb1ecb9b888 |
| rev | line source |
|---|---|
|
6410
e4eb71ae8e96
Changed .h ifdef/defines to use <NAME>_H format.
Timo Sirainen <tss@iki.fi>
parents:
5048
diff
changeset
|
1 #ifndef LOGIN_PROXY_H |
|
e4eb71ae8e96
Changed .h ifdef/defines to use <NAME>_H format.
Timo Sirainen <tss@iki.fi>
parents:
5048
diff
changeset
|
2 #define LOGIN_PROXY_H |
|
2768
d344be0bb70f
Added IMAP and POP3 proxying support.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
3 |
|
14518
773ca397d799
SSL proxying: Remote's host never matched cert, because auth process changed it to IP.
Timo Sirainen <tss@iki.fi>
parents:
11324
diff
changeset
|
4 #include "network.h" |
|
773ca397d799
SSL proxying: Remote's host never matched cert, because auth process changed it to IP.
Timo Sirainen <tss@iki.fi>
parents:
11324
diff
changeset
|
5 |
|
9756
e30495ae11de
*-login: Moved most of the common code to login-common.
Timo Sirainen <tss@iki.fi>
parents:
9165
diff
changeset
|
6 struct client; |
|
2773
e624a9ad6a30
More smart IMAP and POP3 proxies. Now if remote login fails, it just
Timo Sirainen <tss@iki.fi>
parents:
2768
diff
changeset
|
7 struct login_proxy; |
|
e624a9ad6a30
More smart IMAP and POP3 proxies. Now if remote login fails, it just
Timo Sirainen <tss@iki.fi>
parents:
2768
diff
changeset
|
8 |
|
9165
96678e83eab6
imap/pop3 proxy: Support SSL/TLS connections to remote servers.
Timo Sirainen <tss@iki.fi>
parents:
9159
diff
changeset
|
9 enum login_proxy_ssl_flags { |
|
96678e83eab6
imap/pop3 proxy: Support SSL/TLS connections to remote servers.
Timo Sirainen <tss@iki.fi>
parents:
9159
diff
changeset
|
10 /* Use SSL/TLS enabled */ |
|
96678e83eab6
imap/pop3 proxy: Support SSL/TLS connections to remote servers.
Timo Sirainen <tss@iki.fi>
parents:
9159
diff
changeset
|
11 PROXY_SSL_FLAG_YES = 0x01, |
|
96678e83eab6
imap/pop3 proxy: Support SSL/TLS connections to remote servers.
Timo Sirainen <tss@iki.fi>
parents:
9159
diff
changeset
|
12 /* Don't do SSL handshake immediately after connected */ |
|
96678e83eab6
imap/pop3 proxy: Support SSL/TLS connections to remote servers.
Timo Sirainen <tss@iki.fi>
parents:
9159
diff
changeset
|
13 PROXY_SSL_FLAG_STARTTLS = 0x02, |
|
96678e83eab6
imap/pop3 proxy: Support SSL/TLS connections to remote servers.
Timo Sirainen <tss@iki.fi>
parents:
9159
diff
changeset
|
14 /* Don't require that the received certificate is valid */ |
|
96678e83eab6
imap/pop3 proxy: Support SSL/TLS connections to remote servers.
Timo Sirainen <tss@iki.fi>
parents:
9159
diff
changeset
|
15 PROXY_SSL_FLAG_ANY_CERT = 0x04 |
|
96678e83eab6
imap/pop3 proxy: Support SSL/TLS connections to remote servers.
Timo Sirainen <tss@iki.fi>
parents:
9159
diff
changeset
|
16 }; |
|
96678e83eab6
imap/pop3 proxy: Support SSL/TLS connections to remote servers.
Timo Sirainen <tss@iki.fi>
parents:
9159
diff
changeset
|
17 |
|
9773
8e099a00f8a9
login proxy: Added client_proxy passdb extra field to specify proxy's connect timeout.
Timo Sirainen <tss@iki.fi>
parents:
9756
diff
changeset
|
18 struct login_proxy_settings { |
|
8e099a00f8a9
login proxy: Added client_proxy passdb extra field to specify proxy's connect timeout.
Timo Sirainen <tss@iki.fi>
parents:
9756
diff
changeset
|
19 const char *host; |
|
14518
773ca397d799
SSL proxying: Remote's host never matched cert, because auth process changed it to IP.
Timo Sirainen <tss@iki.fi>
parents:
11324
diff
changeset
|
20 struct ip_addr ip; |
|
10616
23956a9b915b
login: Proxying supports now doing DNS lookups for host names.
Timo Sirainen <tss@iki.fi>
parents:
10612
diff
changeset
|
21 const char *dns_client_socket_path; |
|
9773
8e099a00f8a9
login proxy: Added client_proxy passdb extra field to specify proxy's connect timeout.
Timo Sirainen <tss@iki.fi>
parents:
9756
diff
changeset
|
22 unsigned int port; |
|
8e099a00f8a9
login proxy: Added client_proxy passdb extra field to specify proxy's connect timeout.
Timo Sirainen <tss@iki.fi>
parents:
9756
diff
changeset
|
23 unsigned int connect_timeout_msecs; |
|
11324
c872378a8de6
login proxy: If passdb returns proxy_refresh=<secs>, send username to proxy-notify fifo every n secs.
Timo Sirainen <tss@iki.fi>
parents:
10616
diff
changeset
|
24 /* send a notification about proxy connection to proxy-notify pipe |
|
c872378a8de6
login proxy: If passdb returns proxy_refresh=<secs>, send username to proxy-notify fifo every n secs.
Timo Sirainen <tss@iki.fi>
parents:
10616
diff
changeset
|
25 every n seconds */ |
|
c872378a8de6
login proxy: If passdb returns proxy_refresh=<secs>, send username to proxy-notify fifo every n secs.
Timo Sirainen <tss@iki.fi>
parents:
10616
diff
changeset
|
26 unsigned int notify_refresh_secs; |
|
9773
8e099a00f8a9
login proxy: Added client_proxy passdb extra field to specify proxy's connect timeout.
Timo Sirainen <tss@iki.fi>
parents:
9756
diff
changeset
|
27 enum login_proxy_ssl_flags ssl_flags; |
|
8e099a00f8a9
login proxy: Added client_proxy passdb extra field to specify proxy's connect timeout.
Timo Sirainen <tss@iki.fi>
parents:
9756
diff
changeset
|
28 }; |
|
8e099a00f8a9
login proxy: Added client_proxy passdb extra field to specify proxy's connect timeout.
Timo Sirainen <tss@iki.fi>
parents:
9756
diff
changeset
|
29 |
|
2773
e624a9ad6a30
More smart IMAP and POP3 proxies. Now if remote login fails, it just
Timo Sirainen <tss@iki.fi>
parents:
2768
diff
changeset
|
30 /* Called when new input comes from proxy. */ |
|
10612
6b3dc91ae0c5
login: Proxy code API cleanup.
Timo Sirainen <tss@iki.fi>
parents:
10171
diff
changeset
|
31 typedef void proxy_callback_t(struct client *client); |
|
2773
e624a9ad6a30
More smart IMAP and POP3 proxies. Now if remote login fails, it just
Timo Sirainen <tss@iki.fi>
parents:
2768
diff
changeset
|
32 |
|
e624a9ad6a30
More smart IMAP and POP3 proxies. Now if remote login fails, it just
Timo Sirainen <tss@iki.fi>
parents:
2768
diff
changeset
|
33 /* Create a proxy to given host. Returns NULL if failed. Given callback is |
|
e624a9ad6a30
More smart IMAP and POP3 proxies. Now if remote login fails, it just
Timo Sirainen <tss@iki.fi>
parents:
2768
diff
changeset
|
34 called when new input is available from proxy. */ |
|
10612
6b3dc91ae0c5
login: Proxy code API cleanup.
Timo Sirainen <tss@iki.fi>
parents:
10171
diff
changeset
|
35 int login_proxy_new(struct client *client, |
|
6b3dc91ae0c5
login: Proxy code API cleanup.
Timo Sirainen <tss@iki.fi>
parents:
10171
diff
changeset
|
36 const struct login_proxy_settings *set, |
|
10616
23956a9b915b
login: Proxying supports now doing DNS lookups for host names.
Timo Sirainen <tss@iki.fi>
parents:
10612
diff
changeset
|
37 proxy_callback_t *callback); |
|
2773
e624a9ad6a30
More smart IMAP and POP3 proxies. Now if remote login fails, it just
Timo Sirainen <tss@iki.fi>
parents:
2768
diff
changeset
|
38 /* Free the proxy. This should be called if authentication fails. */ |
|
8583
2ff2cac3578b
imap/pop3-login: Cleaned up proxying code. Don't disconnect client on proxy failures.
Timo Sirainen <tss@iki.fi>
parents:
7912
diff
changeset
|
39 void login_proxy_free(struct login_proxy **proxy); |
|
2773
e624a9ad6a30
More smart IMAP and POP3 proxies. Now if remote login fails, it just
Timo Sirainen <tss@iki.fi>
parents:
2768
diff
changeset
|
40 |
|
6472
6afb29dc9273
If proxy points to the same host/port/user combination as we currently have,
Timo Sirainen <tss@iki.fi>
parents:
6410
diff
changeset
|
41 /* Return TRUE if host/port/destuser combination points to same as current |
|
6afb29dc9273
If proxy points to the same host/port/user combination as we currently have,
Timo Sirainen <tss@iki.fi>
parents:
6410
diff
changeset
|
42 connection. */ |
|
7912
81806d402514
Added more consts, ATTR_CONSTs and ATTR_PUREs.
Timo Sirainen <tss@iki.fi>
parents:
6472
diff
changeset
|
43 bool login_proxy_is_ourself(const struct client *client, const char *host, |
|
6472
6afb29dc9273
If proxy points to the same host/port/user combination as we currently have,
Timo Sirainen <tss@iki.fi>
parents:
6410
diff
changeset
|
44 unsigned int port, const char *destuser); |
|
6afb29dc9273
If proxy points to the same host/port/user combination as we currently have,
Timo Sirainen <tss@iki.fi>
parents:
6410
diff
changeset
|
45 |
|
2773
e624a9ad6a30
More smart IMAP and POP3 proxies. Now if remote login fails, it just
Timo Sirainen <tss@iki.fi>
parents:
2768
diff
changeset
|
46 /* Detach proxy from client. This is done after the authentication is |
|
e624a9ad6a30
More smart IMAP and POP3 proxies. Now if remote login fails, it just
Timo Sirainen <tss@iki.fi>
parents:
2768
diff
changeset
|
47 successful and all that is left is the dummy proxying. */ |
|
9929
d60fa42fbaac
*-login: Fixes to SSL/login proxy connection counting.
Timo Sirainen <tss@iki.fi>
parents:
9774
diff
changeset
|
48 void login_proxy_detach(struct login_proxy *proxy); |
|
2768
d344be0bb70f
Added IMAP and POP3 proxying support.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
49 |
|
9165
96678e83eab6
imap/pop3 proxy: Support SSL/TLS connections to remote servers.
Timo Sirainen <tss@iki.fi>
parents:
9159
diff
changeset
|
50 /* STARTTLS command was issued. */ |
|
96678e83eab6
imap/pop3 proxy: Support SSL/TLS connections to remote servers.
Timo Sirainen <tss@iki.fi>
parents:
9159
diff
changeset
|
51 int login_proxy_starttls(struct login_proxy *proxy); |
|
96678e83eab6
imap/pop3 proxy: Support SSL/TLS connections to remote servers.
Timo Sirainen <tss@iki.fi>
parents:
9159
diff
changeset
|
52 |
|
96678e83eab6
imap/pop3 proxy: Support SSL/TLS connections to remote servers.
Timo Sirainen <tss@iki.fi>
parents:
9159
diff
changeset
|
53 struct istream *login_proxy_get_istream(struct login_proxy *proxy); |
|
96678e83eab6
imap/pop3 proxy: Support SSL/TLS connections to remote servers.
Timo Sirainen <tss@iki.fi>
parents:
9159
diff
changeset
|
54 struct ostream *login_proxy_get_ostream(struct login_proxy *proxy); |
|
96678e83eab6
imap/pop3 proxy: Support SSL/TLS connections to remote servers.
Timo Sirainen <tss@iki.fi>
parents:
9159
diff
changeset
|
55 |
|
7912
81806d402514
Added more consts, ATTR_CONSTs and ATTR_PUREs.
Timo Sirainen <tss@iki.fi>
parents:
6472
diff
changeset
|
56 const char *login_proxy_get_host(const struct login_proxy *proxy) ATTR_PURE; |
|
81806d402514
Added more consts, ATTR_CONSTs and ATTR_PUREs.
Timo Sirainen <tss@iki.fi>
parents:
6472
diff
changeset
|
57 unsigned int login_proxy_get_port(const struct login_proxy *proxy) ATTR_PURE; |
|
9165
96678e83eab6
imap/pop3 proxy: Support SSL/TLS connections to remote servers.
Timo Sirainen <tss@iki.fi>
parents:
9159
diff
changeset
|
58 enum login_proxy_ssl_flags |
|
96678e83eab6
imap/pop3 proxy: Support SSL/TLS connections to remote servers.
Timo Sirainen <tss@iki.fi>
parents:
9159
diff
changeset
|
59 login_proxy_get_ssl_flags(const struct login_proxy *proxy) ATTR_PURE; |
|
5048
5c0a5cf4626d
Forgot to commit for the "log proxy destination" change.
Timo Sirainen <tss@iki.fi>
parents:
4906
diff
changeset
|
60 |
|
10171
7f0ccd367351
Handle shutdown_clients globally for all services.
Timo Sirainen <tss@iki.fi>
parents:
9929
diff
changeset
|
61 void login_proxy_kill_idle(void); |
|
7f0ccd367351
Handle shutdown_clients globally for all services.
Timo Sirainen <tss@iki.fi>
parents:
9929
diff
changeset
|
62 |
|
11324
c872378a8de6
login proxy: If passdb returns proxy_refresh=<secs>, send username to proxy-notify fifo every n secs.
Timo Sirainen <tss@iki.fi>
parents:
10616
diff
changeset
|
63 void login_proxy_init(const char *proxy_notify_pipe_path); |
|
2768
d344be0bb70f
Added IMAP and POP3 proxying support.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
64 void login_proxy_deinit(void); |
|
d344be0bb70f
Added IMAP and POP3 proxying support.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
65 |
|
d344be0bb70f
Added IMAP and POP3 proxying support.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
66 #endif |