dovecot/core-2.2: src/login-common/client-common-auth.c annotate

annotate src/login-common/client-common-auth.c @ 22955:812e5c961328

fts: Indexing virtual mailbox didn't always index the last mails

author	Timo Sirainen <timo.sirainen@dovecot.fi>
date	Thu, 03 May 2018 18:33:00 +0300
parents	cb108f786fb4
children

rev	line source
22713 cb108f786fb4 Updated copyright notices to include the year 2018. Stephan Bosch <stephan.bosch@dovecot.fi> parents: 21773 diff changeset	1 /* Copyright (c) 2002-2018 Dovecot authors, see the included COPYING file */
9756 e30495ae11de -login: Moved most of the common code to login-common. Timo Sirainen <tss@iki.fi>* parents: diff changeset	2
14146 e456e1bce47f login-common API made more extensible for different kinds of protocols. Timo Sirainen <tss@iki.fi> parents: 14133 diff changeset	3 #include "hostpid.h"
10549 9ae939146ff7 login-common: Renamed common.h to login-common.h Timo Sirainen <tss@iki.fi> parents: 10302 diff changeset	4 #include "login-common.h"
20840 1b4a57403aef -login: Store user_ passdb fields to client->alt_usernames. Timo Sirainen <timo.sirainen@dovecot.fi> parents: 19964 diff changeset	5 #include "array.h"
18990 cd2c95d82d4c Use io_stream_get_disconnect_reason() instead of duplicating its code all over the place. Timo Sirainen <tss@iki.fi> parents: 18137 diff changeset	6 #include "iostream.h"
9756 e30495ae11de -login: Moved most of the common code to login-common. Timo Sirainen <tss@iki.fi>* parents: diff changeset	7 #include "istream.h"
e30495ae11de -login: Moved most of the common code to login-common. Timo Sirainen <tss@iki.fi>* parents: diff changeset	8 #include "ostream.h"
e30495ae11de -login: Moved most of the common code to login-common. Timo Sirainen <tss@iki.fi>* parents: diff changeset	9 #include "str.h"
e30495ae11de -login: Moved most of the common code to login-common. Timo Sirainen <tss@iki.fi>* parents: diff changeset	10 #include "safe-memset.h"
14146 e456e1bce47f login-common API made more extensible for different kinds of protocols. Timo Sirainen <tss@iki.fi> parents: 14133 diff changeset	11 #include "time-util.h"
9756 e30495ae11de -login: Moved most of the common code to login-common. Timo Sirainen <tss@iki.fi>* parents: diff changeset	12 #include "login-proxy.h"
e30495ae11de -login: Moved most of the common code to login-common. Timo Sirainen <tss@iki.fi>* parents: diff changeset	13 #include "auth-client.h"
16555 2dd27b0e7e49 lib-sasl: Use dsasl_ prefix so we don't conflict with Cyrus SASL library. Timo Sirainen <tss@iki.fi> parents: 16487 diff changeset	14 #include "dsasl-client.h"
14728 983c6ff12cc9 Moved ssl_* settings from login-common to lib-master. Timo Sirainen <tss@iki.fi> parents: 14688 diff changeset	15 #include "master-service-ssl-settings.h"
9756 e30495ae11de -login: Moved most of the common code to login-common. Timo Sirainen <tss@iki.fi>* parents: diff changeset	16 #include "client-common.h"
e30495ae11de -login: Moved most of the common code to login-common. Timo Sirainen <tss@iki.fi>* parents: diff changeset	17
9775 a260d5ac01bf login proxy: Changed "unavailable" error message. Timo Sirainen <tss@iki.fi> parents: 9773 diff changeset	18 #define PROXY_FAILURE_MSG "Account is temporarily unavailable."
16086 9439a43bd645 login proxy: Set a default 30s timeout. Timo Sirainen <tss@iki.fi> parents: 15715 diff changeset	19 #define PROXY_DEFAULT_TIMEOUT_MSECS (1000*30)
9775 a260d5ac01bf login proxy: Changed "unavailable" error message. Timo Sirainen <tss@iki.fi> parents: 9773 diff changeset	20
9756 e30495ae11de -login: Moved most of the common code to login-common. Timo Sirainen <tss@iki.fi>* parents: diff changeset	21 /* If we've been waiting auth server to respond for over this many milliseconds,
e30495ae11de -login: Moved most of the common code to login-common. Timo Sirainen <tss@iki.fi>* parents: diff changeset	22 send a "waiting" message. */
e30495ae11de -login: Moved most of the common code to login-common. Timo Sirainen <tss@iki.fi>* parents: diff changeset	23 #define AUTH_WAITING_TIMEOUT_MSECS (30*1000)
14146 e456e1bce47f login-common API made more extensible for different kinds of protocols. Timo Sirainen <tss@iki.fi> parents: 14133 diff changeset	24 #define AUTH_WAITING_WARNING_TIMEOUT_MSECS (10*1000)
9756 e30495ae11de -login: Moved most of the common code to login-common. Timo Sirainen <tss@iki.fi>* parents: diff changeset	25
14146 e456e1bce47f login-common API made more extensible for different kinds of protocols. Timo Sirainen <tss@iki.fi> parents: 14133 diff changeset	26 static void client_auth_failed(struct client *client)
9756 e30495ae11de -login: Moved most of the common code to login-common. Timo Sirainen <tss@iki.fi>* parents: diff changeset	27 {
e30495ae11de -login: Moved most of the common code to login-common. Timo Sirainen <tss@iki.fi>* parents: diff changeset	28 i_free_and_null(client->master_data_prefix);
13979 32cf5ed72e2d imap-login: Fixed handling second AUTHENTICATE command when the first one failed. Timo Sirainen <tss@iki.fi> parents: 13953 diff changeset	29 if (client->auth_response != NULL)
32cf5ed72e2d imap-login: Fixed handling second AUTHENTICATE command when the first one failed. Timo Sirainen <tss@iki.fi> parents: 13953 diff changeset	30 str_truncate(client->auth_response, 0);
9756 e30495ae11de -login: Moved most of the common code to login-common. Timo Sirainen <tss@iki.fi>* parents: diff changeset	31
12474 e9b90ff13910 login: Fixed potential assert-crash during failed proxy authentication. Timo Sirainen <tss@iki.fi> parents: 12107 diff changeset	32 if (client->auth_initializing \|\| client->destroyed)
9756 e30495ae11de -login: Moved most of the common code to login-common. Timo Sirainen <tss@iki.fi>* parents: diff changeset	33 return;
e30495ae11de -login: Moved most of the common code to login-common. Timo Sirainen <tss@iki.fi>* parents: diff changeset	34
e30495ae11de -login: Moved most of the common code to login-common. Timo Sirainen <tss@iki.fi>* parents: diff changeset	35 if (client->io != NULL)
e30495ae11de -login: Moved most of the common code to login-common. Timo Sirainen <tss@iki.fi>* parents: diff changeset	36 io_remove(&client->io);
e30495ae11de -login: Moved most of the common code to login-common. Timo Sirainen <tss@iki.fi>* parents: diff changeset	37
10302 7d9cd9b7da08 -login: Removed per-connection auth failure penalties. Trust auth server to do it. Timo Sirainen <tss@iki.fi>* parents: 10082 diff changeset	38 client->io = io_add(client->fd, IO_READ, client_input, client);
7d9cd9b7da08 -login: Removed per-connection auth failure penalties. Trust auth server to do it. Timo Sirainen <tss@iki.fi>* parents: 10082 diff changeset	39 client_input(client);
9756 e30495ae11de -login: Moved most of the common code to login-common. Timo Sirainen <tss@iki.fi>* parents: diff changeset	40 }
e30495ae11de -login: Moved most of the common code to login-common. Timo Sirainen <tss@iki.fi>* parents: diff changeset	41
e30495ae11de -login: Moved most of the common code to login-common. Timo Sirainen <tss@iki.fi>* parents: diff changeset	42 static void client_auth_waiting_timeout(struct client *client)
e30495ae11de -login: Moved most of the common code to login-common. Timo Sirainen <tss@iki.fi>* parents: diff changeset	43 {
14146 e456e1bce47f login-common API made more extensible for different kinds of protocols. Timo Sirainen <tss@iki.fi> parents: 14133 diff changeset	44 if (!client->notified_auth_ready) {
13933 957e74f0d60f login: Added logging if auth process doesn't respond fast enough for greeting. Timo Sirainen <tss@iki.fi> parents: 13931 diff changeset	45 client_log_warn(client, "Auth process not responding, "
14146 e456e1bce47f login-common API made more extensible for different kinds of protocols. Timo Sirainen <tss@iki.fi> parents: 14133 diff changeset	46 "delayed sending initial response (greeting)");
13933 957e74f0d60f login: Added logging if auth process doesn't respond fast enough for greeting. Timo Sirainen <tss@iki.fi> parents: 13931 diff changeset	47 }
14146 e456e1bce47f login-common API made more extensible for different kinds of protocols. Timo Sirainen <tss@iki.fi> parents: 14133 diff changeset	48 client_notify_status(client, FALSE, client->master_tag == 0 ?
e456e1bce47f login-common API made more extensible for different kinds of protocols. Timo Sirainen <tss@iki.fi> parents: 14133 diff changeset	49 AUTH_SERVER_WAITING_MSG : AUTH_MASTER_WAITING_MSG);
9756 e30495ae11de -login: Moved most of the common code to login-common. Timo Sirainen <tss@iki.fi>* parents: diff changeset	50 timeout_remove(&client->to_auth_waiting);
e30495ae11de -login: Moved most of the common code to login-common. Timo Sirainen <tss@iki.fi>* parents: diff changeset	51 }
e30495ae11de -login: Moved most of the common code to login-common. Timo Sirainen <tss@iki.fi>* parents: diff changeset	52
e30495ae11de -login: Moved most of the common code to login-common. Timo Sirainen <tss@iki.fi>* parents: diff changeset	53 void client_set_auth_waiting(struct client *client)
e30495ae11de -login: Moved most of the common code to login-common. Timo Sirainen <tss@iki.fi>* parents: diff changeset	54 {
e30495ae11de -login: Moved most of the common code to login-common. Timo Sirainen <tss@iki.fi>* parents: diff changeset	55 i_assert(client->to_auth_waiting == NULL);
e30495ae11de -login: Moved most of the common code to login-common. Timo Sirainen <tss@iki.fi>* parents: diff changeset	56 client->to_auth_waiting =
14146 e456e1bce47f login-common API made more extensible for different kinds of protocols. Timo Sirainen <tss@iki.fi> parents: 14133 diff changeset	57 timeout_add(!client->notified_auth_ready ?
e456e1bce47f login-common API made more extensible for different kinds of protocols. Timo Sirainen <tss@iki.fi> parents: 14133 diff changeset	58 AUTH_WAITING_WARNING_TIMEOUT_MSECS :
13933 957e74f0d60f login: Added logging if auth process doesn't respond fast enough for greeting. Timo Sirainen <tss@iki.fi> parents: 13931 diff changeset	59 AUTH_WAITING_TIMEOUT_MSECS,
9756 e30495ae11de -login: Moved most of the common code to login-common. Timo Sirainen <tss@iki.fi>* parents: diff changeset	60 client_auth_waiting_timeout, client);
e30495ae11de -login: Moved most of the common code to login-common. Timo Sirainen <tss@iki.fi>* parents: diff changeset	61 }
e30495ae11de -login: Moved most of the common code to login-common. Timo Sirainen <tss@iki.fi>* parents: diff changeset	62
20840 1b4a57403aef -login: Store user_ passdb fields to client->alt_usernames. Timo Sirainen <timo.sirainen@dovecot.fi> parents: 19964 diff changeset	63 static void alt_username_set(ARRAY_TYPE(const_string) *alt_usernames, pool_t pool,
1b4a57403aef -login: Store user_ passdb fields to client->alt_usernames. Timo Sirainen <timo.sirainen@dovecot.fi> parents: 19964 diff changeset	64 const char key, const char value)
1b4a57403aef -login: Store user_ passdb fields to client->alt_usernames. Timo Sirainen <timo.sirainen@dovecot.fi> parents: 19964 diff changeset	65 {
1b4a57403aef -login: Store user_ passdb fields to client->alt_usernames. Timo Sirainen <timo.sirainen@dovecot.fi> parents: 19964 diff changeset	66 char const fields;
1b4a57403aef -login: Store user_ passdb fields to client->alt_usernames. Timo Sirainen <timo.sirainen@dovecot.fi> parents: 19964 diff changeset	67 unsigned int i, count;
1b4a57403aef -login: Store user_ passdb fields to client->alt_usernames. Timo Sirainen <timo.sirainen@dovecot.fi> parents: 19964 diff changeset	68
1b4a57403aef -login: Store user_ passdb fields to client->alt_usernames. Timo Sirainen <timo.sirainen@dovecot.fi> parents: 19964 diff changeset	69 fields = array_get(&global_alt_usernames, &count);
1b4a57403aef -login: Store user_ passdb fields to client->alt_usernames. Timo Sirainen <timo.sirainen@dovecot.fi> parents: 19964 diff changeset	70 for (i = 0; i < count; i++) {
1b4a57403aef -login: Store user_ passdb fields to client->alt_usernames. Timo Sirainen <timo.sirainen@dovecot.fi> parents: 19964 diff changeset	71 if (strcmp(fields[i], key) == 0)
1b4a57403aef -login: Store user_ passdb fields to client->alt_usernames. Timo Sirainen <timo.sirainen@dovecot.fi> parents: 19964 diff changeset	72 break;
1b4a57403aef -login: Store user_ passdb fields to client->alt_usernames. Timo Sirainen <timo.sirainen@dovecot.fi> parents: 19964 diff changeset	73 }
1b4a57403aef -login: Store user_ passdb fields to client->alt_usernames. Timo Sirainen <timo.sirainen@dovecot.fi> parents: 19964 diff changeset	74 if (i == count) {
1b4a57403aef -login: Store user_ passdb fields to client->alt_usernames. Timo Sirainen <timo.sirainen@dovecot.fi> parents: 19964 diff changeset	75 char *new_key = i_strdup(key);
1b4a57403aef -login: Store user_ passdb fields to client->alt_usernames. Timo Sirainen <timo.sirainen@dovecot.fi> parents: 19964 diff changeset	76 array_append(&global_alt_usernames, &new_key, 1);
1b4a57403aef -login: Store user_ passdb fields to client->alt_usernames. Timo Sirainen <timo.sirainen@dovecot.fi> parents: 19964 diff changeset	77 }
1b4a57403aef -login: Store user_ passdb fields to client->alt_usernames. Timo Sirainen <timo.sirainen@dovecot.fi> parents: 19964 diff changeset	78
1b4a57403aef -login: Store user_ passdb fields to client->alt_usernames. Timo Sirainen <timo.sirainen@dovecot.fi> parents: 19964 diff changeset	79 value = p_strdup(pool, value);
1b4a57403aef -login: Store user_ passdb fields to client->alt_usernames. Timo Sirainen <timo.sirainen@dovecot.fi> parents: 19964 diff changeset	80 if (i < array_count(alt_usernames)) {
1b4a57403aef -login: Store user_ passdb fields to client->alt_usernames. Timo Sirainen <timo.sirainen@dovecot.fi> parents: 19964 diff changeset	81 array_idx_set(alt_usernames, i, &value);
1b4a57403aef -login: Store user_ passdb fields to client->alt_usernames. Timo Sirainen <timo.sirainen@dovecot.fi> parents: 19964 diff changeset	82 return;
1b4a57403aef -login: Store user_ passdb fields to client->alt_usernames. Timo Sirainen <timo.sirainen@dovecot.fi> parents: 19964 diff changeset	83 }
1b4a57403aef -login: Store user_ passdb fields to client->alt_usernames. Timo Sirainen <timo.sirainen@dovecot.fi> parents: 19964 diff changeset	84
1b4a57403aef -login: Store user_ passdb fields to client->alt_usernames. Timo Sirainen <timo.sirainen@dovecot.fi> parents: 19964 diff changeset	85 /* array is NULL-terminated, so if there are unused fields in
1b4a57403aef -login: Store user_ passdb fields to client->alt_usernames. Timo Sirainen <timo.sirainen@dovecot.fi> parents: 19964 diff changeset	86 the middle set them as "" */
1b4a57403aef -login: Store user_ passdb fields to client->alt_usernames. Timo Sirainen <timo.sirainen@dovecot.fi> parents: 19964 diff changeset	87 while (array_count(alt_usernames) < i) {
1b4a57403aef -login: Store user_ passdb fields to client->alt_usernames. Timo Sirainen <timo.sirainen@dovecot.fi> parents: 19964 diff changeset	88 const char *empty_str = "";
1b4a57403aef -login: Store user_ passdb fields to client->alt_usernames. Timo Sirainen <timo.sirainen@dovecot.fi> parents: 19964 diff changeset	89 array_append(alt_usernames, &empty_str, 1);
1b4a57403aef -login: Store user_ passdb fields to client->alt_usernames. Timo Sirainen <timo.sirainen@dovecot.fi> parents: 19964 diff changeset	90 }
1b4a57403aef -login: Store user_ passdb fields to client->alt_usernames. Timo Sirainen <timo.sirainen@dovecot.fi> parents: 19964 diff changeset	91 array_append(alt_usernames, &value, 1);
1b4a57403aef -login: Store user_ passdb fields to client->alt_usernames. Timo Sirainen <timo.sirainen@dovecot.fi> parents: 19964 diff changeset	92 }
1b4a57403aef -login: Store user_ passdb fields to client->alt_usernames. Timo Sirainen <timo.sirainen@dovecot.fi> parents: 19964 diff changeset	93
1b4a57403aef -login: Store user_ passdb fields to client->alt_usernames. Timo Sirainen <timo.sirainen@dovecot.fi> parents: 19964 diff changeset	94 static void client_auth_parse_args(struct client *client, bool success,
9756 e30495ae11de -login: Moved most of the common code to login-common. Timo Sirainen <tss@iki.fi>* parents: diff changeset	95 const char const args,
e30495ae11de -login: Moved most of the common code to login-common. Timo Sirainen <tss@iki.fi>* parents: diff changeset	96 struct client_auth_reply *reply_r)
e30495ae11de -login: Moved most of the common code to login-common. Timo Sirainen <tss@iki.fi>* parents: diff changeset	97 {
e30495ae11de -login: Moved most of the common code to login-common. Timo Sirainen <tss@iki.fi>* parents: diff changeset	98 const char key, value, *p;
20840 1b4a57403aef -login: Store user_ passdb fields to client->alt_usernames. Timo Sirainen <timo.sirainen@dovecot.fi> parents: 19964 diff changeset	99 ARRAY_TYPE(const_string) alt_usernames;
9756 e30495ae11de -login: Moved most of the common code to login-common. Timo Sirainen <tss@iki.fi>* parents: diff changeset	100
20840 1b4a57403aef -login: Store user_ passdb fields to client->alt_usernames. Timo Sirainen <timo.sirainen@dovecot.fi> parents: 19964 diff changeset	101 t_array_init(&alt_usernames, 4);
21389 59437f8764c6 global: Replaced all instances of memset(p, 0, sizeof(p)) with the new i_zero() macro. Stephan Bosch <stephan.bosch@dovecot.fi>* parents: 21322 diff changeset	102 i_zero(reply_r);
9756 e30495ae11de -login: Moved most of the common code to login-common. Timo Sirainen <tss@iki.fi>* parents: diff changeset	103
e30495ae11de -login: Moved most of the common code to login-common. Timo Sirainen <tss@iki.fi>* parents: diff changeset	104 for (; *args != NULL; args++) {
e30495ae11de -login: Moved most of the common code to login-common. Timo Sirainen <tss@iki.fi>* parents: diff changeset	105 p = strchr(*args, '=');
e30495ae11de -login: Moved most of the common code to login-common. Timo Sirainen <tss@iki.fi>* parents: diff changeset	106 if (p == NULL) {
e30495ae11de -login: Moved most of the common code to login-common. Timo Sirainen <tss@iki.fi>* parents: diff changeset	107 key = *args;
e30495ae11de -login: Moved most of the common code to login-common. Timo Sirainen <tss@iki.fi>* parents: diff changeset	108 value = "";
e30495ae11de -login: Moved most of the common code to login-common. Timo Sirainen <tss@iki.fi>* parents: diff changeset	109 } else {
e30495ae11de -login: Moved most of the common code to login-common. Timo Sirainen <tss@iki.fi>* parents: diff changeset	110 key = t_strdup_until(*args, p);
e30495ae11de -login: Moved most of the common code to login-common. Timo Sirainen <tss@iki.fi>* parents: diff changeset	111 value = p + 1;
e30495ae11de -login: Moved most of the common code to login-common. Timo Sirainen <tss@iki.fi>* parents: diff changeset	112 }
e30495ae11de -login: Moved most of the common code to login-common. Timo Sirainen <tss@iki.fi>* parents: diff changeset	113 if (strcmp(key, "nologin") == 0)
e30495ae11de -login: Moved most of the common code to login-common. Timo Sirainen <tss@iki.fi>* parents: diff changeset	114 reply_r->nologin = TRUE;
e30495ae11de -login: Moved most of the common code to login-common. Timo Sirainen <tss@iki.fi>* parents: diff changeset	115 else if (strcmp(key, "proxy") == 0)
e30495ae11de -login: Moved most of the common code to login-common. Timo Sirainen <tss@iki.fi>* parents: diff changeset	116 reply_r->proxy = TRUE;
e30495ae11de -login: Moved most of the common code to login-common. Timo Sirainen <tss@iki.fi>* parents: diff changeset	117 else if (strcmp(key, "temp") == 0)
e30495ae11de -login: Moved most of the common code to login-common. Timo Sirainen <tss@iki.fi>* parents: diff changeset	118 reply_r->temp = TRUE;
e30495ae11de -login: Moved most of the common code to login-common. Timo Sirainen <tss@iki.fi>* parents: diff changeset	119 else if (strcmp(key, "authz") == 0)
e30495ae11de -login: Moved most of the common code to login-common. Timo Sirainen <tss@iki.fi>* parents: diff changeset	120 reply_r->authz_failure = TRUE;
14566 ca0fef559d43 login: If user is disabled or password expired, say it in logout reason. Timo Sirainen <tss@iki.fi> parents: 14518 diff changeset	121 else if (strcmp(key, "user_disabled") == 0)
ca0fef559d43 login: If user is disabled or password expired, say it in logout reason. Timo Sirainen <tss@iki.fi> parents: 14518 diff changeset	122 client->auth_user_disabled = TRUE;
ca0fef559d43 login: If user is disabled or password expired, say it in logout reason. Timo Sirainen <tss@iki.fi> parents: 14518 diff changeset	123 else if (strcmp(key, "pass_expired") == 0)
ca0fef559d43 login: If user is disabled or password expired, say it in logout reason. Timo Sirainen <tss@iki.fi> parents: 14518 diff changeset	124 client->auth_pass_expired = TRUE;
9756 e30495ae11de -login: Moved most of the common code to login-common. Timo Sirainen <tss@iki.fi>* parents: diff changeset	125 else if (strcmp(key, "reason") == 0)
e30495ae11de -login: Moved most of the common code to login-common. Timo Sirainen <tss@iki.fi>* parents: diff changeset	126 reply_r->reason = value;
e30495ae11de -login: Moved most of the common code to login-common. Timo Sirainen <tss@iki.fi>* parents: diff changeset	127 else if (strcmp(key, "host") == 0)
e30495ae11de -login: Moved most of the common code to login-common. Timo Sirainen <tss@iki.fi>* parents: diff changeset	128 reply_r->host = value;
14518 773ca397d799 SSL proxying: Remote's host never matched cert, because auth process changed it to IP. Timo Sirainen <tss@iki.fi> parents: 14133 diff changeset	129 else if (strcmp(key, "hostip") == 0)
773ca397d799 SSL proxying: Remote's host never matched cert, because auth process changed it to IP. Timo Sirainen <tss@iki.fi> parents: 14133 diff changeset	130 reply_r->hostip = value;
17503 75d254897442 login proxy: If passdb returns "source_ip" extra field, use it for outgoing connections. Timo Sirainen <tss@iki.fi> parents: 17130 diff changeset	131 else if (strcmp(key, "source_ip") == 0)
75d254897442 login proxy: If passdb returns "source_ip" extra field, use it for outgoing connections. Timo Sirainen <tss@iki.fi> parents: 17130 diff changeset	132 reply_r->source_ip = value;
19035 aabfe48db1cf Changed type of internet port values to in_port_t everywhere. Stephan Bosch <stephan@rename-it.nl> parents: 18990 diff changeset	133 else if (strcmp(key, "port") == 0) {
aabfe48db1cf Changed type of internet port values to in_port_t everywhere. Stephan Bosch <stephan@rename-it.nl> parents: 18990 diff changeset	134 if (net_str2port(value, &reply_r->port) < 0) {
aabfe48db1cf Changed type of internet port values to in_port_t everywhere. Stephan Bosch <stephan@rename-it.nl> parents: 18990 diff changeset	135 i_error("Auth service returned invalid "
aabfe48db1cf Changed type of internet port values to in_port_t everywhere. Stephan Bosch <stephan@rename-it.nl> parents: 18990 diff changeset	136 "port number: %s", value);
aabfe48db1cf Changed type of internet port values to in_port_t everywhere. Stephan Bosch <stephan@rename-it.nl> parents: 18990 diff changeset	137 }
aabfe48db1cf Changed type of internet port values to in_port_t everywhere. Stephan Bosch <stephan@rename-it.nl> parents: 18990 diff changeset	138 } else if (strcmp(key, "destuser") == 0)
9756 e30495ae11de -login: Moved most of the common code to login-common. Timo Sirainen <tss@iki.fi>* parents: diff changeset	139 reply_r->destuser = value;
e30495ae11de -login: Moved most of the common code to login-common. Timo Sirainen <tss@iki.fi>* parents: diff changeset	140 else if (strcmp(key, "pass") == 0)
e30495ae11de -login: Moved most of the common code to login-common. Timo Sirainen <tss@iki.fi>* parents: diff changeset	141 reply_r->password = value;
19036 f78e38c7cba2 Removed all invocations of atoi(). Stephan Bosch <stephan@rename-it.nl> parents: 19035 diff changeset	142 else if (strcmp(key, "proxy_timeout") == 0) {
f78e38c7cba2 Removed all invocations of atoi(). Stephan Bosch <stephan@rename-it.nl> parents: 19035 diff changeset	143 if (str_to_uint(value, &reply_r->proxy_timeout_msecs) < 0) {
f78e38c7cba2 Removed all invocations of atoi(). Stephan Bosch <stephan@rename-it.nl> parents: 19035 diff changeset	144 i_error("BUG: Auth service returned invalid "
f78e38c7cba2 Removed all invocations of atoi(). Stephan Bosch <stephan@rename-it.nl> parents: 19035 diff changeset	145 "proxy_timeout value: %s", value);
f78e38c7cba2 Removed all invocations of atoi(). Stephan Bosch <stephan@rename-it.nl> parents: 19035 diff changeset	146 }
f78e38c7cba2 Removed all invocations of atoi(). Stephan Bosch <stephan@rename-it.nl> parents: 19035 diff changeset	147 reply_r->proxy_timeout_msecs *= 1000;
f78e38c7cba2 Removed all invocations of atoi(). Stephan Bosch <stephan@rename-it.nl> parents: 19035 diff changeset	148 } else if (strcmp(key, "proxy_refresh") == 0) {
f78e38c7cba2 Removed all invocations of atoi(). Stephan Bosch <stephan@rename-it.nl> parents: 19035 diff changeset	149 if (str_to_uint(value, &reply_r->proxy_refresh_secs) < 0) {
f78e38c7cba2 Removed all invocations of atoi(). Stephan Bosch <stephan@rename-it.nl> parents: 19035 diff changeset	150 i_error("BUG: Auth service returned invalid "
f78e38c7cba2 Removed all invocations of atoi(). Stephan Bosch <stephan@rename-it.nl> parents: 19035 diff changeset	151 "proxy_refresh value: %s", value);
f78e38c7cba2 Removed all invocations of atoi(). Stephan Bosch <stephan@rename-it.nl> parents: 19035 diff changeset	152 }
f78e38c7cba2 Removed all invocations of atoi(). Stephan Bosch <stephan@rename-it.nl> parents: 19035 diff changeset	153 } else if (strcmp(key, "proxy_mech") == 0)
16487 266101990d63 imap/pop3-login: Use libsasl for authenticating to remote IMAP/POP3 server. Timo Sirainen <tss@iki.fi> parents: 16390 diff changeset	154 reply_r->proxy_mech = value;
17088 6b8ae0ba5959 imap proxy: Added proxy_nopipelining passdb setting to work around other servers' bugs. Timo Sirainen <tss@iki.fi> parents: 16881 diff changeset	155 else if (strcmp(key, "proxy_nopipelining") == 0)
6b8ae0ba5959 imap proxy: Added proxy_nopipelining passdb setting to work around other servers' bugs. Timo Sirainen <tss@iki.fi> parents: 16881 diff changeset	156 reply_r->proxy_nopipelining = TRUE;
21018 645375ff262c imap/pop3 proxy: If passdb returns proxy_not_trusted, don't send ID/XCLIENT Timo Sirainen <timo.sirainen@dovecot.fi> parents: 20840 diff changeset	157 else if (strcmp(key, "proxy_not_trusted") == 0)
645375ff262c imap/pop3 proxy: If passdb returns proxy_not_trusted, don't send ID/XCLIENT Timo Sirainen <timo.sirainen@dovecot.fi> parents: 20840 diff changeset	158 reply_r->proxy_not_trusted = TRUE;
9756 e30495ae11de -login: Moved most of the common code to login-common. Timo Sirainen <tss@iki.fi>* parents: diff changeset	159 else if (strcmp(key, "master") == 0)
e30495ae11de -login: Moved most of the common code to login-common. Timo Sirainen <tss@iki.fi>* parents: diff changeset	160 reply_r->master_user = value;
e30495ae11de -login: Moved most of the common code to login-common. Timo Sirainen <tss@iki.fi>* parents: diff changeset	161 else if (strcmp(key, "ssl") == 0) {
11229 d693c4a97d41 login proxy: "ssl" and "starttls" handlers make more sense now. Timo Sirainen <tss@iki.fi> parents: 11156 diff changeset	162 reply_r->ssl_flags \|= PROXY_SSL_FLAG_YES;
d693c4a97d41 login proxy: "ssl" and "starttls" handlers make more sense now. Timo Sirainen <tss@iki.fi> parents: 11156 diff changeset	163 if (strcmp(value, "any-cert") == 0)
d693c4a97d41 login proxy: "ssl" and "starttls" handlers make more sense now. Timo Sirainen <tss@iki.fi> parents: 11156 diff changeset	164 reply_r->ssl_flags \|= PROXY_SSL_FLAG_ANY_CERT;
d693c4a97d41 login proxy: "ssl" and "starttls" handlers make more sense now. Timo Sirainen <tss@iki.fi> parents: 11156 diff changeset	165 if (reply_r->port == 0)
12890 6f0396e35fd9 login-common API redesign so that the library doesn't refer to nonexistent variables. Timo Sirainen <tss@iki.fi> parents: 12782 diff changeset	166 reply_r->port = login_binary->default_ssl_port;
9756 e30495ae11de -login: Moved most of the common code to login-common. Timo Sirainen <tss@iki.fi>* parents: diff changeset	167 } else if (strcmp(key, "starttls") == 0) {
11229 d693c4a97d41 login proxy: "ssl" and "starttls" handlers make more sense now. Timo Sirainen <tss@iki.fi> parents: 11156 diff changeset	168 reply_r->ssl_flags \|= PROXY_SSL_FLAG_YES \|
d693c4a97d41 login proxy: "ssl" and "starttls" handlers make more sense now. Timo Sirainen <tss@iki.fi> parents: 11156 diff changeset	169 PROXY_SSL_FLAG_STARTTLS;
d693c4a97d41 login proxy: "ssl" and "starttls" handlers make more sense now. Timo Sirainen <tss@iki.fi> parents: 11156 diff changeset	170 if (strcmp(value, "any-cert") == 0)
d693c4a97d41 login proxy: "ssl" and "starttls" handlers make more sense now. Timo Sirainen <tss@iki.fi> parents: 11156 diff changeset	171 reply_r->ssl_flags \|= PROXY_SSL_FLAG_ANY_CERT;
19384 605dd1749578 -login: Added postlogin_socket=path passdb extra field. Timo Sirainen <tss@iki.fi>* parents: 19036 diff changeset	172 } else if (strcmp(key, "user") == 0 \|\|
605dd1749578 -login: Added postlogin_socket=path passdb extra field. Timo Sirainen <tss@iki.fi>* parents: 19036 diff changeset	173 strcmp(key, "postlogin_socket") == 0) {
605dd1749578 -login: Added postlogin_socket=path passdb extra field. Timo Sirainen <tss@iki.fi>* parents: 19036 diff changeset	174 /* already handled in sasl-server.c */
20840 1b4a57403aef -login: Store user_ passdb fields to client->alt_usernames. Timo Sirainen <timo.sirainen@dovecot.fi> parents: 19964 diff changeset	175 } else if (strncmp(key, "user_", 5) == 0) {
1b4a57403aef -login: Store user_ passdb fields to client->alt_usernames. Timo Sirainen <timo.sirainen@dovecot.fi> parents: 19964 diff changeset	176 if (success) {
1b4a57403aef -login: Store user_ passdb fields to client->alt_usernames. Timo Sirainen <timo.sirainen@dovecot.fi> parents: 19964 diff changeset	177 alt_username_set(&alt_usernames, client->pool,
1b4a57403aef -login: Store user_ passdb fields to client->alt_usernames. Timo Sirainen <timo.sirainen@dovecot.fi> parents: 19964 diff changeset	178 key, value);
1b4a57403aef -login: Store user_ passdb fields to client->alt_usernames. Timo Sirainen <timo.sirainen@dovecot.fi> parents: 19964 diff changeset	179 }
21773 606a4b7ccb21 imap-login: Allow x-forward- to specify forward fields from trusted networks Aki Tuomi <aki.tuomi@dovecot.fi> parents: 21726 diff changeset	180 } else if (strncmp(key, "forward_", 8) == 0) {
606a4b7ccb21 imap-login: Allow x-forward- to specify forward fields from trusted networks Aki Tuomi <aki.tuomi@dovecot.fi> parents: 21726 diff changeset	181 /* these are passed to upstream */
9756 e30495ae11de -login: Moved most of the common code to login-common. Timo Sirainen <tss@iki.fi>* parents: diff changeset	182 } else if (client->set->auth_debug)
10082 62b37dcf173e Log debug-level messages with i_debug(). Pascal Volk <user@localhost.localdomain.org> parents: 9929 diff changeset	183 i_debug("Ignoring unknown passdb extra field: %s", key);
9756 e30495ae11de -login: Moved most of the common code to login-common. Timo Sirainen <tss@iki.fi>* parents: diff changeset	184 }
20840 1b4a57403aef -login: Store user_ passdb fields to client->alt_usernames. Timo Sirainen <timo.sirainen@dovecot.fi> parents: 19964 diff changeset	185 if (array_count(&alt_usernames) > 0) {
1b4a57403aef -login: Store user_ passdb fields to client->alt_usernames. Timo Sirainen <timo.sirainen@dovecot.fi> parents: 19964 diff changeset	186 const char **alt;
1b4a57403aef -login: Store user_ passdb fields to client->alt_usernames. Timo Sirainen <timo.sirainen@dovecot.fi> parents: 19964 diff changeset	187
1b4a57403aef -login: Store user_ passdb fields to client->alt_usernames. Timo Sirainen <timo.sirainen@dovecot.fi> parents: 19964 diff changeset	188 alt = p_new(client->pool, const char *,
1b4a57403aef -login: Store user_ passdb fields to client->alt_usernames. Timo Sirainen <timo.sirainen@dovecot.fi> parents: 19964 diff changeset	189 array_count(&alt_usernames) + 1);
1b4a57403aef -login: Store user_ passdb fields to client->alt_usernames. Timo Sirainen <timo.sirainen@dovecot.fi> parents: 19964 diff changeset	190 memcpy(alt, array_idx(&alt_usernames, 0),
1b4a57403aef -login: Store user_ passdb fields to client->alt_usernames. Timo Sirainen <timo.sirainen@dovecot.fi> parents: 19964 diff changeset	191 sizeof(alt) array_count(&alt_usernames));
1b4a57403aef -login: Store user_ passdb fields to client->alt_usernames. Timo Sirainen <timo.sirainen@dovecot.fi> parents: 19964 diff changeset	192 client->alt_usernames = alt;
1b4a57403aef -login: Store user_ passdb fields to client->alt_usernames. Timo Sirainen <timo.sirainen@dovecot.fi> parents: 19964 diff changeset	193 }
11155 5f3edac6b3bf login: If proxy returns ssl=yes and no port, switch port to imaps/pop3s. Timo Sirainen <tss@iki.fi> parents: 11039 diff changeset	194 if (reply_r->port == 0)
12890 6f0396e35fd9 login-common API redesign so that the library doesn't refer to nonexistent variables. Timo Sirainen <tss@iki.fi> parents: 12782 diff changeset	195 reply_r->port = login_binary->default_port;
9756 e30495ae11de -login: Moved most of the common code to login-common. Timo Sirainen <tss@iki.fi>* parents: diff changeset	196
e30495ae11de -login: Moved most of the common code to login-common. Timo Sirainen <tss@iki.fi>* parents: diff changeset	197 if (reply_r->destuser == NULL)
e30495ae11de -login: Moved most of the common code to login-common. Timo Sirainen <tss@iki.fi>* parents: diff changeset	198 reply_r->destuser = client->virtual_user;
e30495ae11de -login: Moved most of the common code to login-common. Timo Sirainen <tss@iki.fi>* parents: diff changeset	199 }
e30495ae11de -login: Moved most of the common code to login-common. Timo Sirainen <tss@iki.fi>* parents: diff changeset	200
e30495ae11de -login: Moved most of the common code to login-common. Timo Sirainen <tss@iki.fi>* parents: diff changeset	201 static void proxy_free_password(struct client *client)
e30495ae11de -login: Moved most of the common code to login-common. Timo Sirainen <tss@iki.fi>* parents: diff changeset	202 {
e30495ae11de -login: Moved most of the common code to login-common. Timo Sirainen <tss@iki.fi>* parents: diff changeset	203 if (client->proxy_password == NULL)
e30495ae11de -login: Moved most of the common code to login-common. Timo Sirainen <tss@iki.fi>* parents: diff changeset	204 return;
e30495ae11de -login: Moved most of the common code to login-common. Timo Sirainen <tss@iki.fi>* parents: diff changeset	205
e30495ae11de -login: Moved most of the common code to login-common. Timo Sirainen <tss@iki.fi>* parents: diff changeset	206 safe_memset(client->proxy_password, 0, strlen(client->proxy_password));
e30495ae11de -login: Moved most of the common code to login-common. Timo Sirainen <tss@iki.fi>* parents: diff changeset	207 i_free_and_null(client->proxy_password);
e30495ae11de -login: Moved most of the common code to login-common. Timo Sirainen <tss@iki.fi>* parents: diff changeset	208 }
e30495ae11de -login: Moved most of the common code to login-common. Timo Sirainen <tss@iki.fi>* parents: diff changeset	209
e30495ae11de -login: Moved most of the common code to login-common. Timo Sirainen <tss@iki.fi>* parents: diff changeset	210 void client_proxy_finish_destroy_client(struct client *client)
e30495ae11de -login: Moved most of the common code to login-common. Timo Sirainen <tss@iki.fi>* parents: diff changeset	211 {
e30495ae11de -login: Moved most of the common code to login-common. Timo Sirainen <tss@iki.fi>* parents: diff changeset	212 string_t *str = t_str_new(128);
e30495ae11de -login: Moved most of the common code to login-common. Timo Sirainen <tss@iki.fi>* parents: diff changeset	213
13311 39655869f2ee login proxy: Fixed assert-crash on io_add() when client disconnects at a bad time. Timo Sirainen <tss@iki.fi> parents: 12782 diff changeset	214 if (client->input->closed) {
39655869f2ee login proxy: Fixed assert-crash on io_add() when client disconnects at a bad time. Timo Sirainen <tss@iki.fi> parents: 12782 diff changeset	215 /* input stream got closed in client_send_raw_data().
39655869f2ee login proxy: Fixed assert-crash on io_add() when client disconnects at a bad time. Timo Sirainen <tss@iki.fi> parents: 12782 diff changeset	216 In most places we don't have to check for this explicitly,
39655869f2ee login proxy: Fixed assert-crash on io_add() when client disconnects at a bad time. Timo Sirainen <tss@iki.fi> parents: 12782 diff changeset	217 but login_proxy_detach() attempts to get and use the
39655869f2ee login proxy: Fixed assert-crash on io_add() when client disconnects at a bad time. Timo Sirainen <tss@iki.fi> parents: 12782 diff changeset	218 istream's fd, which is now -1. */
39655869f2ee login proxy: Fixed assert-crash on io_add() when client disconnects at a bad time. Timo Sirainen <tss@iki.fi> parents: 12782 diff changeset	219 client_destroy(client, "Disconnected");
39655869f2ee login proxy: Fixed assert-crash on io_add() when client disconnects at a bad time. Timo Sirainen <tss@iki.fi> parents: 12782 diff changeset	220 return;
39655869f2ee login proxy: Fixed assert-crash on io_add() when client disconnects at a bad time. Timo Sirainen <tss@iki.fi> parents: 12782 diff changeset	221 }
39655869f2ee login proxy: Fixed assert-crash on io_add() when client disconnects at a bad time. Timo Sirainen <tss@iki.fi> parents: 12782 diff changeset	222
9756 e30495ae11de -login: Moved most of the common code to login-common. Timo Sirainen <tss@iki.fi>* parents: diff changeset	223 str_printfa(str, "proxy(%s): started proxying to %s:%u",
e30495ae11de -login: Moved most of the common code to login-common. Timo Sirainen <tss@iki.fi>* parents: diff changeset	224 client->virtual_user,
e30495ae11de -login: Moved most of the common code to login-common. Timo Sirainen <tss@iki.fi>* parents: diff changeset	225 login_proxy_get_host(client->login_proxy),
e30495ae11de -login: Moved most of the common code to login-common. Timo Sirainen <tss@iki.fi>* parents: diff changeset	226 login_proxy_get_port(client->login_proxy));
e30495ae11de -login: Moved most of the common code to login-common. Timo Sirainen <tss@iki.fi>* parents: diff changeset	227 if (strcmp(client->virtual_user, client->proxy_user) != 0) {
e30495ae11de -login: Moved most of the common code to login-common. Timo Sirainen <tss@iki.fi>* parents: diff changeset	228 /* remote username is different, log it */
e30495ae11de -login: Moved most of the common code to login-common. Timo Sirainen <tss@iki.fi>* parents: diff changeset	229 str_append_c(str, '/');
e30495ae11de -login: Moved most of the common code to login-common. Timo Sirainen <tss@iki.fi>* parents: diff changeset	230 str_append(str, client->proxy_user);
e30495ae11de -login: Moved most of the common code to login-common. Timo Sirainen <tss@iki.fi>* parents: diff changeset	231 }
e30495ae11de -login: Moved most of the common code to login-common. Timo Sirainen <tss@iki.fi>* parents: diff changeset	232 if (client->proxy_master_user != NULL)
e30495ae11de -login: Moved most of the common code to login-common. Timo Sirainen <tss@iki.fi>* parents: diff changeset	233 str_printfa(str, " (master %s)", client->proxy_master_user);
e30495ae11de -login: Moved most of the common code to login-common. Timo Sirainen <tss@iki.fi>* parents: diff changeset	234
9929 d60fa42fbaac -login: Fixes to SSL/login proxy connection counting. Timo Sirainen <tss@iki.fi>* parents: 9811 diff changeset	235 login_proxy_detach(client->login_proxy);
9756 e30495ae11de -login: Moved most of the common code to login-common. Timo Sirainen <tss@iki.fi>* parents: diff changeset	236 client_destroy_success(client, str_c(str));
e30495ae11de -login: Moved most of the common code to login-common. Timo Sirainen <tss@iki.fi>* parents: diff changeset	237 }
e30495ae11de -login: Moved most of the common code to login-common. Timo Sirainen <tss@iki.fi>* parents: diff changeset	238
14146 e456e1bce47f login-common API made more extensible for different kinds of protocols. Timo Sirainen <tss@iki.fi> parents: 14133 diff changeset	239 static void client_proxy_error(struct client client, const char text)
e456e1bce47f login-common API made more extensible for different kinds of protocols. Timo Sirainen <tss@iki.fi> parents: 14133 diff changeset	240 {
e456e1bce47f login-common API made more extensible for different kinds of protocols. Timo Sirainen <tss@iki.fi> parents: 14133 diff changeset	241 client->v.proxy_error(client, text);
e456e1bce47f login-common API made more extensible for different kinds of protocols. Timo Sirainen <tss@iki.fi> parents: 14133 diff changeset	242 }
e456e1bce47f login-common API made more extensible for different kinds of protocols. Timo Sirainen <tss@iki.fi> parents: 14133 diff changeset	243
21722 5571a8162b42 -login: Add client.proxy_get_state() for providing human-readable proxy state Timo Sirainen <timo.sirainen@dovecot.fi>* parents: 21390 diff changeset	244 const char client_proxy_get_state(struct client client)
5571a8162b42 -login: Add client.proxy_get_state() for providing human-readable proxy state Timo Sirainen <timo.sirainen@dovecot.fi>* parents: 21390 diff changeset	245 {
21726 995399a962cc -login: Remove unused client.proxy_state Timo Sirainen <timo.sirainen@dovecot.fi>* parents: 21722 diff changeset	246 return client->v.proxy_get_state(client);
21722 5571a8162b42 -login: Add client.proxy_get_state() for providing human-readable proxy state Timo Sirainen <timo.sirainen@dovecot.fi>* parents: 21390 diff changeset	247 }
5571a8162b42 -login: Add client.proxy_get_state() for providing human-readable proxy state Timo Sirainen <timo.sirainen@dovecot.fi>* parents: 21390 diff changeset	248
9756 e30495ae11de -login: Moved most of the common code to login-common. Timo Sirainen <tss@iki.fi>* parents: diff changeset	249 void client_proxy_log_failure(struct client client, const char line)
e30495ae11de -login: Moved most of the common code to login-common. Timo Sirainen <tss@iki.fi>* parents: diff changeset	250 {
e30495ae11de -login: Moved most of the common code to login-common. Timo Sirainen <tss@iki.fi>* parents: diff changeset	251 string_t *str = t_str_new(128);
e30495ae11de -login: Moved most of the common code to login-common. Timo Sirainen <tss@iki.fi>* parents: diff changeset	252
e30495ae11de -login: Moved most of the common code to login-common. Timo Sirainen <tss@iki.fi>* parents: diff changeset	253 str_printfa(str, "proxy(%s): Login failed to %s:%u",
e30495ae11de -login: Moved most of the common code to login-common. Timo Sirainen <tss@iki.fi>* parents: diff changeset	254 client->virtual_user,
e30495ae11de -login: Moved most of the common code to login-common. Timo Sirainen <tss@iki.fi>* parents: diff changeset	255 login_proxy_get_host(client->login_proxy),
e30495ae11de -login: Moved most of the common code to login-common. Timo Sirainen <tss@iki.fi>* parents: diff changeset	256 login_proxy_get_port(client->login_proxy));
e30495ae11de -login: Moved most of the common code to login-common. Timo Sirainen <tss@iki.fi>* parents: diff changeset	257 if (strcmp(client->virtual_user, client->proxy_user) != 0) {
e30495ae11de -login: Moved most of the common code to login-common. Timo Sirainen <tss@iki.fi>* parents: diff changeset	258 /* remote username is different, log it */
e30495ae11de -login: Moved most of the common code to login-common. Timo Sirainen <tss@iki.fi>* parents: diff changeset	259 str_append_c(str, '/');
e30495ae11de -login: Moved most of the common code to login-common. Timo Sirainen <tss@iki.fi>* parents: diff changeset	260 str_append(str, client->proxy_user);
e30495ae11de -login: Moved most of the common code to login-common. Timo Sirainen <tss@iki.fi>* parents: diff changeset	261 }
e30495ae11de -login: Moved most of the common code to login-common. Timo Sirainen <tss@iki.fi>* parents: diff changeset	262 if (client->proxy_master_user != NULL)
e30495ae11de -login: Moved most of the common code to login-common. Timo Sirainen <tss@iki.fi>* parents: diff changeset	263 str_printfa(str, " (master %s)", client->proxy_master_user);
e30495ae11de -login: Moved most of the common code to login-common. Timo Sirainen <tss@iki.fi>* parents: diff changeset	264 str_append(str, ": ");
e30495ae11de -login: Moved most of the common code to login-common. Timo Sirainen <tss@iki.fi>* parents: diff changeset	265 str_append(str, line);
19964 dd0b73d89761 login-proxy: When logging failures, include the client info prefix. Timo Sirainen <timo.sirainen@dovecot.fi> parents: 19843 diff changeset	266 client_log(client, str_c(str));
9756 e30495ae11de -login: Moved most of the common code to login-common. Timo Sirainen <tss@iki.fi>* parents: diff changeset	267 }
e30495ae11de -login: Moved most of the common code to login-common. Timo Sirainen <tss@iki.fi>* parents: diff changeset	268
e30495ae11de -login: Moved most of the common code to login-common. Timo Sirainen <tss@iki.fi>* parents: diff changeset	269 void client_proxy_failed(struct client *client, bool send_line)
e30495ae11de -login: Moved most of the common code to login-common. Timo Sirainen <tss@iki.fi>* parents: diff changeset	270 {
e30495ae11de -login: Moved most of the common code to login-common. Timo Sirainen <tss@iki.fi>* parents: diff changeset	271 if (send_line) {
14146 e456e1bce47f login-common API made more extensible for different kinds of protocols. Timo Sirainen <tss@iki.fi> parents: 14133 diff changeset	272 client_proxy_error(client, PROXY_FAILURE_MSG);
9756 e30495ae11de -login: Moved most of the common code to login-common. Timo Sirainen <tss@iki.fi>* parents: diff changeset	273 }
e30495ae11de -login: Moved most of the common code to login-common. Timo Sirainen <tss@iki.fi>* parents: diff changeset	274
16487 266101990d63 imap/pop3-login: Use libsasl for authenticating to remote IMAP/POP3 server. Timo Sirainen <tss@iki.fi> parents: 16390 diff changeset	275 if (client->proxy_sasl_client != NULL)
16555 2dd27b0e7e49 lib-sasl: Use dsasl_ prefix so we don't conflict with Cyrus SASL library. Timo Sirainen <tss@iki.fi> parents: 16487 diff changeset	276 dsasl_client_free(&client->proxy_sasl_client);
9756 e30495ae11de -login: Moved most of the common code to login-common. Timo Sirainen <tss@iki.fi>* parents: diff changeset	277 login_proxy_free(&client->login_proxy);
e30495ae11de -login: Moved most of the common code to login-common. Timo Sirainen <tss@iki.fi>* parents: diff changeset	278 proxy_free_password(client);
e30495ae11de -login: Moved most of the common code to login-common. Timo Sirainen <tss@iki.fi>* parents: diff changeset	279 i_free_and_null(client->proxy_user);
e30495ae11de -login: Moved most of the common code to login-common. Timo Sirainen <tss@iki.fi>* parents: diff changeset	280 i_free_and_null(client->proxy_master_user);
e30495ae11de -login: Moved most of the common code to login-common. Timo Sirainen <tss@iki.fi>* parents: diff changeset	281
e30495ae11de -login: Moved most of the common code to login-common. Timo Sirainen <tss@iki.fi>* parents: diff changeset	282 /* call this last - it may destroy the client */
10302 7d9cd9b7da08 -login: Removed per-connection auth failure penalties. Trust auth server to do it. Timo Sirainen <tss@iki.fi>* parents: 10082 diff changeset	283 client_auth_failed(client);
9756 e30495ae11de -login: Moved most of the common code to login-common. Timo Sirainen <tss@iki.fi>* parents: diff changeset	284 }
e30495ae11de -login: Moved most of the common code to login-common. Timo Sirainen <tss@iki.fi>* parents: diff changeset	285
e30495ae11de -login: Moved most of the common code to login-common. Timo Sirainen <tss@iki.fi>* parents: diff changeset	286 static void proxy_input(struct client *client)
e30495ae11de -login: Moved most of the common code to login-common. Timo Sirainen <tss@iki.fi>* parents: diff changeset	287 {
e30495ae11de -login: Moved most of the common code to login-common. Timo Sirainen <tss@iki.fi>* parents: diff changeset	288 struct istream *input;
16880 2d3d73d03fe2 login proxy: Use corking when writing data. Timo Sirainen <tss@iki.fi> parents: 16555 diff changeset	289 struct ostream *output;
9756 e30495ae11de -login: Moved most of the common code to login-common. Timo Sirainen <tss@iki.fi>* parents: diff changeset	290 const char *line;
13918 dd48e9094efb login proxy: If server disconnects during auth, log the connection duration. Timo Sirainen <tss@iki.fi> parents: 13733 diff changeset	291 unsigned int duration;
9756 e30495ae11de -login: Moved most of the common code to login-common. Timo Sirainen <tss@iki.fi>* parents: diff changeset	292
e30495ae11de -login: Moved most of the common code to login-common. Timo Sirainen <tss@iki.fi>* parents: diff changeset	293 if (client->login_proxy == NULL) {
e30495ae11de -login: Moved most of the common code to login-common. Timo Sirainen <tss@iki.fi>* parents: diff changeset	294 /* we're just freeing the proxy */
e30495ae11de -login: Moved most of the common code to login-common. Timo Sirainen <tss@iki.fi>* parents: diff changeset	295 return;
e30495ae11de -login: Moved most of the common code to login-common. Timo Sirainen <tss@iki.fi>* parents: diff changeset	296 }
e30495ae11de -login: Moved most of the common code to login-common. Timo Sirainen <tss@iki.fi>* parents: diff changeset	297
e30495ae11de -login: Moved most of the common code to login-common. Timo Sirainen <tss@iki.fi>* parents: diff changeset	298 input = login_proxy_get_istream(client->login_proxy);
e30495ae11de -login: Moved most of the common code to login-common. Timo Sirainen <tss@iki.fi>* parents: diff changeset	299 if (input == NULL) {
e30495ae11de -login: Moved most of the common code to login-common. Timo Sirainen <tss@iki.fi>* parents: diff changeset	300 if (client->destroyed) {
e30495ae11de -login: Moved most of the common code to login-common. Timo Sirainen <tss@iki.fi>* parents: diff changeset	301 /* we came here from client_destroy() */
e30495ae11de -login: Moved most of the common code to login-common. Timo Sirainen <tss@iki.fi>* parents: diff changeset	302 return;
e30495ae11de -login: Moved most of the common code to login-common. Timo Sirainen <tss@iki.fi>* parents: diff changeset	303 }
e30495ae11de -login: Moved most of the common code to login-common. Timo Sirainen <tss@iki.fi>* parents: diff changeset	304
e30495ae11de -login: Moved most of the common code to login-common. Timo Sirainen <tss@iki.fi>* parents: diff changeset	305 /* failed for some reason, probably server disconnected */
e30495ae11de -login: Moved most of the common code to login-common. Timo Sirainen <tss@iki.fi>* parents: diff changeset	306 client_proxy_failed(client, TRUE);
e30495ae11de -login: Moved most of the common code to login-common. Timo Sirainen <tss@iki.fi>* parents: diff changeset	307 return;
e30495ae11de -login: Moved most of the common code to login-common. Timo Sirainen <tss@iki.fi>* parents: diff changeset	308 }
e30495ae11de -login: Moved most of the common code to login-common. Timo Sirainen <tss@iki.fi>* parents: diff changeset	309
e30495ae11de -login: Moved most of the common code to login-common. Timo Sirainen <tss@iki.fi>* parents: diff changeset	310 i_assert(!client->destroyed);
e30495ae11de -login: Moved most of the common code to login-common. Timo Sirainen <tss@iki.fi>* parents: diff changeset	311
e30495ae11de -login: Moved most of the common code to login-common. Timo Sirainen <tss@iki.fi>* parents: diff changeset	312 switch (i_stream_read(input)) {
e30495ae11de -login: Moved most of the common code to login-common. Timo Sirainen <tss@iki.fi>* parents: diff changeset	313 case -2:
e30495ae11de -login: Moved most of the common code to login-common. Timo Sirainen <tss@iki.fi>* parents: diff changeset	314 client_log_err(client, "proxy: Remote input buffer full");
e30495ae11de -login: Moved most of the common code to login-common. Timo Sirainen <tss@iki.fi>* parents: diff changeset	315 client_proxy_failed(client, TRUE);
e30495ae11de -login: Moved most of the common code to login-common. Timo Sirainen <tss@iki.fi>* parents: diff changeset	316 return;
e30495ae11de -login: Moved most of the common code to login-common. Timo Sirainen <tss@iki.fi>* parents: diff changeset	317 case -1:
13931 d72db2acf75b login proxy: Added extra logging for bug detection. Timo Sirainen <tss@iki.fi> parents: 13918 diff changeset	318 line = i_stream_next_line(input);
13918 dd48e9094efb login proxy: If server disconnects during auth, log the connection duration. Timo Sirainen <tss@iki.fi> parents: 13733 diff changeset	319 duration = ioloop_time - client->created;
11981 b9bdcfd6eaa7 login proxy: Error message improvements. Timo Sirainen <tss@iki.fi> parents: 11505 diff changeset	320 client_log_err(client, t_strdup_printf(
13918 dd48e9094efb login proxy: If server disconnects during auth, log the connection duration. Timo Sirainen <tss@iki.fi> parents: 13733 diff changeset	321 "proxy: Remote %s:%u disconnected: %s "
21722 5571a8162b42 -login: Add client.proxy_get_state() for providing human-readable proxy state Timo Sirainen <timo.sirainen@dovecot.fi>* parents: 21390 diff changeset	322 "(state=%s, duration=%us)%s",
11981 b9bdcfd6eaa7 login proxy: Error message improvements. Timo Sirainen <tss@iki.fi> parents: 11505 diff changeset	323 login_proxy_get_host(client->login_proxy),
b9bdcfd6eaa7 login proxy: Error message improvements. Timo Sirainen <tss@iki.fi> parents: 11505 diff changeset	324 login_proxy_get_port(client->login_proxy),
18990 cd2c95d82d4c Use io_stream_get_disconnect_reason() instead of duplicating its code all over the place. Timo Sirainen <tss@iki.fi> parents: 18137 diff changeset	325 io_stream_get_disconnect_reason(input, NULL),
21722 5571a8162b42 -login: Add client.proxy_get_state() for providing human-readable proxy state Timo Sirainen <timo.sirainen@dovecot.fi>* parents: 21390 diff changeset	326 client_proxy_get_state(client), duration,
13931 d72db2acf75b login proxy: Added extra logging for bug detection. Timo Sirainen <tss@iki.fi> parents: 13918 diff changeset	327 line == NULL ? "" : t_strdup_printf(
d72db2acf75b login proxy: Added extra logging for bug detection. Timo Sirainen <tss@iki.fi> parents: 13918 diff changeset	328 " - BUG: line not read: %s", line)));
9756 e30495ae11de -login: Moved most of the common code to login-common. Timo Sirainen <tss@iki.fi>* parents: diff changeset	329 client_proxy_failed(client, TRUE);
e30495ae11de -login: Moved most of the common code to login-common. Timo Sirainen <tss@iki.fi>* parents: diff changeset	330 return;
e30495ae11de -login: Moved most of the common code to login-common. Timo Sirainen <tss@iki.fi>* parents: diff changeset	331 }
e30495ae11de -login: Moved most of the common code to login-common. Timo Sirainen <tss@iki.fi>* parents: diff changeset	332
16880 2d3d73d03fe2 login proxy: Use corking when writing data. Timo Sirainen <tss@iki.fi> parents: 16555 diff changeset	333 output = client->output;
2d3d73d03fe2 login proxy: Use corking when writing data. Timo Sirainen <tss@iki.fi> parents: 16555 diff changeset	334 o_stream_ref(output);
2d3d73d03fe2 login proxy: Use corking when writing data. Timo Sirainen <tss@iki.fi> parents: 16555 diff changeset	335 o_stream_cork(output);
9756 e30495ae11de -login: Moved most of the common code to login-common. Timo Sirainen <tss@iki.fi>* parents: diff changeset	336 while ((line = i_stream_next_line(input)) != NULL) {
e30495ae11de -login: Moved most of the common code to login-common. Timo Sirainen <tss@iki.fi>* parents: diff changeset	337 if (client->v.proxy_parse_line(client, line) != 0)
e30495ae11de -login: Moved most of the common code to login-common. Timo Sirainen <tss@iki.fi>* parents: diff changeset	338 break;
e30495ae11de -login: Moved most of the common code to login-common. Timo Sirainen <tss@iki.fi>* parents: diff changeset	339 }
16880 2d3d73d03fe2 login proxy: Use corking when writing data. Timo Sirainen <tss@iki.fi> parents: 16555 diff changeset	340 o_stream_uncork(output);
2d3d73d03fe2 login proxy: Use corking when writing data. Timo Sirainen <tss@iki.fi> parents: 16555 diff changeset	341 o_stream_unref(&output);
9756 e30495ae11de -login: Moved most of the common code to login-common. Timo Sirainen <tss@iki.fi>* parents: diff changeset	342 }
e30495ae11de -login: Moved most of the common code to login-common. Timo Sirainen <tss@iki.fi>* parents: diff changeset	343
e30495ae11de -login: Moved most of the common code to login-common. Timo Sirainen <tss@iki.fi>* parents: diff changeset	344 static int proxy_start(struct client *client,
e30495ae11de -login: Moved most of the common code to login-common. Timo Sirainen <tss@iki.fi>* parents: diff changeset	345 const struct client_auth_reply *reply)
e30495ae11de -login: Moved most of the common code to login-common. Timo Sirainen <tss@iki.fi>* parents: diff changeset	346 {
9773 8e099a00f8a9 login proxy: Added client_proxy passdb extra field to specify proxy's connect timeout. Timo Sirainen <tss@iki.fi> parents: 9767 diff changeset	347 struct login_proxy_settings proxy_set;
16555 2dd27b0e7e49 lib-sasl: Use dsasl_ prefix so we don't conflict with Cyrus SASL library. Timo Sirainen <tss@iki.fi> parents: 16487 diff changeset	348 const struct dsasl_client_mech *sasl_mech = NULL;
9773 8e099a00f8a9 login proxy: Added client_proxy passdb extra field to specify proxy's connect timeout. Timo Sirainen <tss@iki.fi> parents: 9767 diff changeset	349
9756 e30495ae11de -login: Moved most of the common code to login-common. Timo Sirainen <tss@iki.fi>* parents: diff changeset	350 i_assert(reply->destuser != NULL);
e30495ae11de -login: Moved most of the common code to login-common. Timo Sirainen <tss@iki.fi>* parents: diff changeset	351 i_assert(!client->destroyed);
16487 266101990d63 imap/pop3-login: Use libsasl for authenticating to remote IMAP/POP3 server. Timo Sirainen <tss@iki.fi> parents: 16390 diff changeset	352 i_assert(client->proxy_sasl_client == NULL);
9756 e30495ae11de -login: Moved most of the common code to login-common. Timo Sirainen <tss@iki.fi>* parents: diff changeset	353
16487 266101990d63 imap/pop3-login: Use libsasl for authenticating to remote IMAP/POP3 server. Timo Sirainen <tss@iki.fi> parents: 16390 diff changeset	354 client->proxy_mech = NULL;
9756 e30495ae11de -login: Moved most of the common code to login-common. Timo Sirainen <tss@iki.fi>* parents: diff changeset	355 client->v.proxy_reset(client);
e30495ae11de -login: Moved most of the common code to login-common. Timo Sirainen <tss@iki.fi>* parents: diff changeset	356
e30495ae11de -login: Moved most of the common code to login-common. Timo Sirainen <tss@iki.fi>* parents: diff changeset	357 if (reply->password == NULL) {
e30495ae11de -login: Moved most of the common code to login-common. Timo Sirainen <tss@iki.fi>* parents: diff changeset	358 client_log_err(client, "proxy: password not given");
14146 e456e1bce47f login-common API made more extensible for different kinds of protocols. Timo Sirainen <tss@iki.fi> parents: 14133 diff changeset	359 client_proxy_error(client, PROXY_FAILURE_MSG);
9756 e30495ae11de -login: Moved most of the common code to login-common. Timo Sirainen <tss@iki.fi>* parents: diff changeset	360 return -1;
e30495ae11de -login: Moved most of the common code to login-common. Timo Sirainen <tss@iki.fi>* parents: diff changeset	361 }
9811 211853d48eaf -login: If proxying is enabled but no host is given, don't crash. Timo Sirainen <tss@iki.fi>* parents: 9782 diff changeset	362 if (reply->host == NULL \|\| *reply->host == '\0') {
211853d48eaf -login: If proxying is enabled but no host is given, don't crash. Timo Sirainen <tss@iki.fi>* parents: 9782 diff changeset	363 client_log_err(client, "proxy: host not given");
14146 e456e1bce47f login-common API made more extensible for different kinds of protocols. Timo Sirainen <tss@iki.fi> parents: 14133 diff changeset	364 client_proxy_error(client, PROXY_FAILURE_MSG);
9811 211853d48eaf -login: If proxying is enabled but no host is given, don't crash. Timo Sirainen <tss@iki.fi>* parents: 9782 diff changeset	365 return -1;
211853d48eaf -login: If proxying is enabled but no host is given, don't crash. Timo Sirainen <tss@iki.fi>* parents: 9782 diff changeset	366 }
9756 e30495ae11de -login: Moved most of the common code to login-common. Timo Sirainen <tss@iki.fi>* parents: diff changeset	367
16487 266101990d63 imap/pop3-login: Use libsasl for authenticating to remote IMAP/POP3 server. Timo Sirainen <tss@iki.fi> parents: 16390 diff changeset	368 if (reply->proxy_mech != NULL) {
16555 2dd27b0e7e49 lib-sasl: Use dsasl_ prefix so we don't conflict with Cyrus SASL library. Timo Sirainen <tss@iki.fi> parents: 16487 diff changeset	369 sasl_mech = dsasl_client_mech_find(reply->proxy_mech);
16487 266101990d63 imap/pop3-login: Use libsasl for authenticating to remote IMAP/POP3 server. Timo Sirainen <tss@iki.fi> parents: 16390 diff changeset	370 if (sasl_mech == NULL) {
266101990d63 imap/pop3-login: Use libsasl for authenticating to remote IMAP/POP3 server. Timo Sirainen <tss@iki.fi> parents: 16390 diff changeset	371 client_log_err(client, t_strdup_printf(
266101990d63 imap/pop3-login: Use libsasl for authenticating to remote IMAP/POP3 server. Timo Sirainen <tss@iki.fi> parents: 16390 diff changeset	372 "proxy: Unsupported SASL mechanism %s",
266101990d63 imap/pop3-login: Use libsasl for authenticating to remote IMAP/POP3 server. Timo Sirainen <tss@iki.fi> parents: 16390 diff changeset	373 reply->proxy_mech));
266101990d63 imap/pop3-login: Use libsasl for authenticating to remote IMAP/POP3 server. Timo Sirainen <tss@iki.fi> parents: 16390 diff changeset	374 client_proxy_error(client, PROXY_FAILURE_MSG);
266101990d63 imap/pop3-login: Use libsasl for authenticating to remote IMAP/POP3 server. Timo Sirainen <tss@iki.fi> parents: 16390 diff changeset	375 return -1;
266101990d63 imap/pop3-login: Use libsasl for authenticating to remote IMAP/POP3 server. Timo Sirainen <tss@iki.fi> parents: 16390 diff changeset	376 }
266101990d63 imap/pop3-login: Use libsasl for authenticating to remote IMAP/POP3 server. Timo Sirainen <tss@iki.fi> parents: 16390 diff changeset	377 } else if (reply->master_user != NULL) {
266101990d63 imap/pop3-login: Use libsasl for authenticating to remote IMAP/POP3 server. Timo Sirainen <tss@iki.fi> parents: 16390 diff changeset	378 /* have to use PLAIN authentication with master user logins */
16555 2dd27b0e7e49 lib-sasl: Use dsasl_ prefix so we don't conflict with Cyrus SASL library. Timo Sirainen <tss@iki.fi> parents: 16487 diff changeset	379 sasl_mech = &dsasl_client_mech_plain;
16487 266101990d63 imap/pop3-login: Use libsasl for authenticating to remote IMAP/POP3 server. Timo Sirainen <tss@iki.fi> parents: 16390 diff changeset	380 }
266101990d63 imap/pop3-login: Use libsasl for authenticating to remote IMAP/POP3 server. Timo Sirainen <tss@iki.fi> parents: 16390 diff changeset	381
9756 e30495ae11de -login: Moved most of the common code to login-common. Timo Sirainen <tss@iki.fi>* parents: diff changeset	382 i_assert(client->refcount > 1);
e30495ae11de -login: Moved most of the common code to login-common. Timo Sirainen <tss@iki.fi>* parents: diff changeset	383
e30495ae11de -login: Moved most of the common code to login-common. Timo Sirainen <tss@iki.fi>* parents: diff changeset	384 if (client->destroyed) {
e30495ae11de -login: Moved most of the common code to login-common. Timo Sirainen <tss@iki.fi>* parents: diff changeset	385 /* connection_queue_add() decided that we were the oldest
e30495ae11de -login: Moved most of the common code to login-common. Timo Sirainen <tss@iki.fi>* parents: diff changeset	386 connection and killed us. */
e30495ae11de -login: Moved most of the common code to login-common. Timo Sirainen <tss@iki.fi>* parents: diff changeset	387 return -1;
e30495ae11de -login: Moved most of the common code to login-common. Timo Sirainen <tss@iki.fi>* parents: diff changeset	388 }
e30495ae11de -login: Moved most of the common code to login-common. Timo Sirainen <tss@iki.fi>* parents: diff changeset	389 if (login_proxy_is_ourself(client, reply->host, reply->port,
e30495ae11de -login: Moved most of the common code to login-common. Timo Sirainen <tss@iki.fi>* parents: diff changeset	390 reply->destuser)) {
e30495ae11de -login: Moved most of the common code to login-common. Timo Sirainen <tss@iki.fi>* parents: diff changeset	391 client_log_err(client, "Proxying loops to itself");
14146 e456e1bce47f login-common API made more extensible for different kinds of protocols. Timo Sirainen <tss@iki.fi> parents: 14133 diff changeset	392 client_proxy_error(client, PROXY_FAILURE_MSG);
9756 e30495ae11de -login: Moved most of the common code to login-common. Timo Sirainen <tss@iki.fi>* parents: diff changeset	393 return -1;
e30495ae11de -login: Moved most of the common code to login-common. Timo Sirainen <tss@iki.fi>* parents: diff changeset	394 }
e30495ae11de -login: Moved most of the common code to login-common. Timo Sirainen <tss@iki.fi>* parents: diff changeset	395
21389 59437f8764c6 global: Replaced all instances of memset(p, 0, sizeof(p)) with the new i_zero() macro. Stephan Bosch <stephan.bosch@dovecot.fi>* parents: 21322 diff changeset	396 i_zero(&proxy_set);
9773 8e099a00f8a9 login proxy: Added client_proxy passdb extra field to specify proxy's connect timeout. Timo Sirainen <tss@iki.fi> parents: 9767 diff changeset	397 proxy_set.host = reply->host;
14518 773ca397d799 SSL proxying: Remote's host never matched cert, because auth process changed it to IP. Timo Sirainen <tss@iki.fi> parents: 14133 diff changeset	398 if (reply->hostip != NULL &&
773ca397d799 SSL proxying: Remote's host never matched cert, because auth process changed it to IP. Timo Sirainen <tss@iki.fi> parents: 14133 diff changeset	399 net_addr2ip(reply->hostip, &proxy_set.ip) < 0)
773ca397d799 SSL proxying: Remote's host never matched cert, because auth process changed it to IP. Timo Sirainen <tss@iki.fi> parents: 14133 diff changeset	400 proxy_set.ip.family = 0;
17504 b6733f4777f1 login proxy: Added login_source_ips setting. Timo Sirainen <tss@iki.fi> parents: 17503 diff changeset	401 if (reply->source_ip != NULL) {
b6733f4777f1 login proxy: Added login_source_ips setting. Timo Sirainen <tss@iki.fi> parents: 17503 diff changeset	402 if (net_addr2ip(reply->source_ip, &proxy_set.source_ip) < 0)
b6733f4777f1 login proxy: Added login_source_ips setting. Timo Sirainen <tss@iki.fi> parents: 17503 diff changeset	403 proxy_set.source_ip.family = 0;
b6733f4777f1 login proxy: Added login_source_ips setting. Timo Sirainen <tss@iki.fi> parents: 17503 diff changeset	404 } else if (login_source_ips_count > 0) {
b6733f4777f1 login proxy: Added login_source_ips setting. Timo Sirainen <tss@iki.fi> parents: 17503 diff changeset	405 /* select the next source IP with round robin. */
b6733f4777f1 login proxy: Added login_source_ips setting. Timo Sirainen <tss@iki.fi> parents: 17503 diff changeset	406 proxy_set.source_ip = login_source_ips[login_source_ips_idx];
b6733f4777f1 login proxy: Added login_source_ips setting. Timo Sirainen <tss@iki.fi> parents: 17503 diff changeset	407 login_source_ips_idx =
b6733f4777f1 login proxy: Added login_source_ips setting. Timo Sirainen <tss@iki.fi> parents: 17503 diff changeset	408 (login_source_ips_idx + 1) % login_source_ips_count;
b6733f4777f1 login proxy: Added login_source_ips setting. Timo Sirainen <tss@iki.fi> parents: 17503 diff changeset	409 }
9773 8e099a00f8a9 login proxy: Added client_proxy passdb extra field to specify proxy's connect timeout. Timo Sirainen <tss@iki.fi> parents: 9767 diff changeset	410 proxy_set.port = reply->port;
8e099a00f8a9 login proxy: Added client_proxy passdb extra field to specify proxy's connect timeout. Timo Sirainen <tss@iki.fi> parents: 9767 diff changeset	411 proxy_set.connect_timeout_msecs = reply->proxy_timeout_msecs;
16086 9439a43bd645 login proxy: Set a default 30s timeout. Timo Sirainen <tss@iki.fi> parents: 15715 diff changeset	412 if (proxy_set.connect_timeout_msecs == 0)
9439a43bd645 login proxy: Set a default 30s timeout. Timo Sirainen <tss@iki.fi> parents: 15715 diff changeset	413 proxy_set.connect_timeout_msecs = PROXY_DEFAULT_TIMEOUT_MSECS;
11324 c872378a8de6 login proxy: If passdb returns proxy_refresh=<secs>, send username to proxy-notify fifo every n secs. Timo Sirainen <tss@iki.fi> parents: 11229 diff changeset	414 proxy_set.notify_refresh_secs = reply->proxy_refresh_secs;
9773 8e099a00f8a9 login proxy: Added client_proxy passdb extra field to specify proxy's connect timeout. Timo Sirainen <tss@iki.fi> parents: 9767 diff changeset	415 proxy_set.ssl_flags = reply->ssl_flags;
8e099a00f8a9 login proxy: Added client_proxy passdb extra field to specify proxy's connect timeout. Timo Sirainen <tss@iki.fi> parents: 9767 diff changeset	416
10616 23956a9b915b login: Proxying supports now doing DNS lookups for host names. Timo Sirainen <tss@iki.fi> parents: 10612 diff changeset	417 if (login_proxy_new(client, &proxy_set, proxy_input) < 0) {
14146 e456e1bce47f login-common API made more extensible for different kinds of protocols. Timo Sirainen <tss@iki.fi> parents: 14133 diff changeset	418 client_proxy_error(client, PROXY_FAILURE_MSG);
9756 e30495ae11de -login: Moved most of the common code to login-common. Timo Sirainen <tss@iki.fi>* parents: diff changeset	419 return -1;
e30495ae11de -login: Moved most of the common code to login-common. Timo Sirainen <tss@iki.fi>* parents: diff changeset	420 }
e30495ae11de -login: Moved most of the common code to login-common. Timo Sirainen <tss@iki.fi>* parents: diff changeset	421
16487 266101990d63 imap/pop3-login: Use libsasl for authenticating to remote IMAP/POP3 server. Timo Sirainen <tss@iki.fi> parents: 16390 diff changeset	422 client->proxy_mech = sasl_mech;
9756 e30495ae11de -login: Moved most of the common code to login-common. Timo Sirainen <tss@iki.fi>* parents: diff changeset	423 client->proxy_user = i_strdup(reply->destuser);
e30495ae11de -login: Moved most of the common code to login-common. Timo Sirainen <tss@iki.fi>* parents: diff changeset	424 client->proxy_master_user = i_strdup(reply->master_user);
e30495ae11de -login: Moved most of the common code to login-common. Timo Sirainen <tss@iki.fi>* parents: diff changeset	425 client->proxy_password = i_strdup(reply->password);
17088 6b8ae0ba5959 imap proxy: Added proxy_nopipelining passdb setting to work around other servers' bugs. Timo Sirainen <tss@iki.fi> parents: 16881 diff changeset	426 client->proxy_nopipelining = reply->proxy_nopipelining;
21018 645375ff262c imap/pop3 proxy: If passdb returns proxy_not_trusted, don't send ID/XCLIENT Timo Sirainen <timo.sirainen@dovecot.fi> parents: 20840 diff changeset	427 client->proxy_not_trusted = reply->proxy_not_trusted;
9756 e30495ae11de -login: Moved most of the common code to login-common. Timo Sirainen <tss@iki.fi>* parents: diff changeset	428
e30495ae11de -login: Moved most of the common code to login-common. Timo Sirainen <tss@iki.fi>* parents: diff changeset	429 /* disable input until authentication is finished */
e30495ae11de -login: Moved most of the common code to login-common. Timo Sirainen <tss@iki.fi>* parents: diff changeset	430 if (client->io != NULL)
e30495ae11de -login: Moved most of the common code to login-common. Timo Sirainen <tss@iki.fi>* parents: diff changeset	431 io_remove(&client->io);
e30495ae11de -login: Moved most of the common code to login-common. Timo Sirainen <tss@iki.fi>* parents: diff changeset	432 return 0;
e30495ae11de -login: Moved most of the common code to login-common. Timo Sirainen <tss@iki.fi>* parents: diff changeset	433 }
e30495ae11de -login: Moved most of the common code to login-common. Timo Sirainen <tss@iki.fi>* parents: diff changeset	434
14629 c93ca5e46a8a Marked functions parameters that are allowed to be NULL. Some APIs were also changed. Timo Sirainen <tss@iki.fi> parents: 14576 diff changeset	435 static void ATTR_NULL(3, 4)
14146 e456e1bce47f login-common API made more extensible for different kinds of protocols. Timo Sirainen <tss@iki.fi> parents: 14133 diff changeset	436 client_auth_result(struct client *client, enum client_auth_result result,
e456e1bce47f login-common API made more extensible for different kinds of protocols. Timo Sirainen <tss@iki.fi> parents: 14133 diff changeset	437 const struct client_auth_reply reply, const char text)
e456e1bce47f login-common API made more extensible for different kinds of protocols. Timo Sirainen <tss@iki.fi> parents: 14133 diff changeset	438 {
16881 e5bb04fe417b -login: Send the auth reply back corked. Timo Sirainen <tss@iki.fi>* parents: 16880 diff changeset	439 o_stream_cork(client->output);
14146 e456e1bce47f login-common API made more extensible for different kinds of protocols. Timo Sirainen <tss@iki.fi> parents: 14133 diff changeset	440 client->v.auth_result(client, result, reply, text);
16881 e5bb04fe417b -login: Send the auth reply back corked. Timo Sirainen <tss@iki.fi>* parents: 16880 diff changeset	441 o_stream_uncork(client->output);
14146 e456e1bce47f login-common API made more extensible for different kinds of protocols. Timo Sirainen <tss@iki.fi> parents: 14133 diff changeset	442 }
e456e1bce47f login-common API made more extensible for different kinds of protocols. Timo Sirainen <tss@iki.fi> parents: 14133 diff changeset	443
9756 e30495ae11de -login: Moved most of the common code to login-common. Timo Sirainen <tss@iki.fi>* parents: diff changeset	444 static bool
e30495ae11de -login: Moved most of the common code to login-common. Timo Sirainen <tss@iki.fi>* parents: diff changeset	445 client_auth_handle_reply(struct client *client,
e30495ae11de -login: Moved most of the common code to login-common. Timo Sirainen <tss@iki.fi>* parents: diff changeset	446 const struct client_auth_reply *reply, bool success)
e30495ae11de -login: Moved most of the common code to login-common. Timo Sirainen <tss@iki.fi>* parents: diff changeset	447 {
e30495ae11de -login: Moved most of the common code to login-common. Timo Sirainen <tss@iki.fi>* parents: diff changeset	448 if (reply->proxy) {
e30495ae11de -login: Moved most of the common code to login-common. Timo Sirainen <tss@iki.fi>* parents: diff changeset	449 /* we want to proxy the connection to another server.
e30495ae11de -login: Moved most of the common code to login-common. Timo Sirainen <tss@iki.fi>* parents: diff changeset	450 don't do this unless authentication succeeded. with
e30495ae11de -login: Moved most of the common code to login-common. Timo Sirainen <tss@iki.fi>* parents: diff changeset	451 master user proxying we can get FAIL with proxy still set.
e30495ae11de -login: Moved most of the common code to login-common. Timo Sirainen <tss@iki.fi>* parents: diff changeset	452
e30495ae11de -login: Moved most of the common code to login-common. Timo Sirainen <tss@iki.fi>* parents: diff changeset	453 proxy host=.. [port=..] [destuser=..] pass=.. */
e30495ae11de -login: Moved most of the common code to login-common. Timo Sirainen <tss@iki.fi>* parents: diff changeset	454 if (!success)
e30495ae11de -login: Moved most of the common code to login-common. Timo Sirainen <tss@iki.fi>* parents: diff changeset	455 return FALSE;
e30495ae11de -login: Moved most of the common code to login-common. Timo Sirainen <tss@iki.fi>* parents: diff changeset	456 if (proxy_start(client, reply) < 0)
10302 7d9cd9b7da08 -login: Removed per-connection auth failure penalties. Trust auth server to do it. Timo Sirainen <tss@iki.fi>* parents: 10082 diff changeset	457 client_auth_failed(client);
19843 a9131cd280b2 -login: Call client.auth_result() also when proxying Timo Sirainen <timo.sirainen@dovecot.fi>* parents: 19740 diff changeset	458 else {
a9131cd280b2 -login: Call client.auth_result() also when proxying Timo Sirainen <timo.sirainen@dovecot.fi>* parents: 19740 diff changeset	459 /* this for plugins being able th hook into auth reply
a9131cd280b2 -login: Call client.auth_result() also when proxying Timo Sirainen <timo.sirainen@dovecot.fi>* parents: 19740 diff changeset	460 when proxying is used */
a9131cd280b2 -login: Call client.auth_result() also when proxying Timo Sirainen <timo.sirainen@dovecot.fi>* parents: 19740 diff changeset	461 client_auth_result(client, CLIENT_AUTH_RESULT_SUCCESS,
a9131cd280b2 -login: Call client.auth_result() also when proxying Timo Sirainen <timo.sirainen@dovecot.fi>* parents: 19740 diff changeset	462 reply, NULL);
a9131cd280b2 -login: Call client.auth_result() also when proxying Timo Sirainen <timo.sirainen@dovecot.fi>* parents: 19740 diff changeset	463 }
9756 e30495ae11de -login: Moved most of the common code to login-common. Timo Sirainen <tss@iki.fi>* parents: diff changeset	464 return TRUE;
e30495ae11de -login: Moved most of the common code to login-common. Timo Sirainen <tss@iki.fi>* parents: diff changeset	465 }
14146 e456e1bce47f login-common API made more extensible for different kinds of protocols. Timo Sirainen <tss@iki.fi> parents: 14133 diff changeset	466
e456e1bce47f login-common API made more extensible for different kinds of protocols. Timo Sirainen <tss@iki.fi> parents: 14133 diff changeset	467 if (reply->host != NULL) {
e456e1bce47f login-common API made more extensible for different kinds of protocols. Timo Sirainen <tss@iki.fi> parents: 14133 diff changeset	468 const char *reason;
e456e1bce47f login-common API made more extensible for different kinds of protocols. Timo Sirainen <tss@iki.fi> parents: 14133 diff changeset	469
e456e1bce47f login-common API made more extensible for different kinds of protocols. Timo Sirainen <tss@iki.fi> parents: 14133 diff changeset	470 if (reply->reason != NULL)
e456e1bce47f login-common API made more extensible for different kinds of protocols. Timo Sirainen <tss@iki.fi> parents: 14133 diff changeset	471 reason = reply->reason;
e456e1bce47f login-common API made more extensible for different kinds of protocols. Timo Sirainen <tss@iki.fi> parents: 14133 diff changeset	472 else if (reply->nologin)
e456e1bce47f login-common API made more extensible for different kinds of protocols. Timo Sirainen <tss@iki.fi> parents: 14133 diff changeset	473 reason = "Try this server instead.";
e456e1bce47f login-common API made more extensible for different kinds of protocols. Timo Sirainen <tss@iki.fi> parents: 14133 diff changeset	474 else
e456e1bce47f login-common API made more extensible for different kinds of protocols. Timo Sirainen <tss@iki.fi> parents: 14133 diff changeset	475 reason = "Logged in, but you should use this server instead.";
e456e1bce47f login-common API made more extensible for different kinds of protocols. Timo Sirainen <tss@iki.fi> parents: 14133 diff changeset	476
e456e1bce47f login-common API made more extensible for different kinds of protocols. Timo Sirainen <tss@iki.fi> parents: 14133 diff changeset	477 if (reply->nologin) {
e456e1bce47f login-common API made more extensible for different kinds of protocols. Timo Sirainen <tss@iki.fi> parents: 14133 diff changeset	478 client_auth_result(client,
e456e1bce47f login-common API made more extensible for different kinds of protocols. Timo Sirainen <tss@iki.fi> parents: 14133 diff changeset	479 CLIENT_AUTH_RESULT_REFERRAL_NOLOGIN,
e456e1bce47f login-common API made more extensible for different kinds of protocols. Timo Sirainen <tss@iki.fi> parents: 14133 diff changeset	480 reply, reason);
e456e1bce47f login-common API made more extensible for different kinds of protocols. Timo Sirainen <tss@iki.fi> parents: 14133 diff changeset	481 } else {
e456e1bce47f login-common API made more extensible for different kinds of protocols. Timo Sirainen <tss@iki.fi> parents: 14133 diff changeset	482 client_auth_result(client,
e456e1bce47f login-common API made more extensible for different kinds of protocols. Timo Sirainen <tss@iki.fi> parents: 14133 diff changeset	483 CLIENT_AUTH_RESULT_REFERRAL_SUCCESS,
e456e1bce47f login-common API made more extensible for different kinds of protocols. Timo Sirainen <tss@iki.fi> parents: 14133 diff changeset	484 reply, reason);
e456e1bce47f login-common API made more extensible for different kinds of protocols. Timo Sirainen <tss@iki.fi> parents: 14133 diff changeset	485 return TRUE;
e456e1bce47f login-common API made more extensible for different kinds of protocols. Timo Sirainen <tss@iki.fi> parents: 14133 diff changeset	486 }
e456e1bce47f login-common API made more extensible for different kinds of protocols. Timo Sirainen <tss@iki.fi> parents: 14133 diff changeset	487 } else if (reply->nologin) {
e456e1bce47f login-common API made more extensible for different kinds of protocols. Timo Sirainen <tss@iki.fi> parents: 14133 diff changeset	488 /* Authentication went ok, but for some reason user isn't
e456e1bce47f login-common API made more extensible for different kinds of protocols. Timo Sirainen <tss@iki.fi> parents: 14133 diff changeset	489 allowed to log in. Shouldn't probably happen. */
e456e1bce47f login-common API made more extensible for different kinds of protocols. Timo Sirainen <tss@iki.fi> parents: 14133 diff changeset	490 if (reply->reason != NULL) {
e456e1bce47f login-common API made more extensible for different kinds of protocols. Timo Sirainen <tss@iki.fi> parents: 14133 diff changeset	491 client_auth_result(client,
e456e1bce47f login-common API made more extensible for different kinds of protocols. Timo Sirainen <tss@iki.fi> parents: 14133 diff changeset	492 CLIENT_AUTH_RESULT_AUTHFAILED_REASON,
e456e1bce47f login-common API made more extensible for different kinds of protocols. Timo Sirainen <tss@iki.fi> parents: 14133 diff changeset	493 reply, reply->reason);
e456e1bce47f login-common API made more extensible for different kinds of protocols. Timo Sirainen <tss@iki.fi> parents: 14133 diff changeset	494 } else if (reply->temp) {
e456e1bce47f login-common API made more extensible for different kinds of protocols. Timo Sirainen <tss@iki.fi> parents: 14133 diff changeset	495 const char timestamp, msg;
e456e1bce47f login-common API made more extensible for different kinds of protocols. Timo Sirainen <tss@iki.fi> parents: 14133 diff changeset	496
e456e1bce47f login-common API made more extensible for different kinds of protocols. Timo Sirainen <tss@iki.fi> parents: 14133 diff changeset	497 timestamp = t_strflocaltime("%Y-%m-%d %H:%M:%S", ioloop_time);
e456e1bce47f login-common API made more extensible for different kinds of protocols. Timo Sirainen <tss@iki.fi> parents: 14133 diff changeset	498 msg = t_strdup_printf(AUTH_TEMP_FAILED_MSG" [%s:%s]",
e456e1bce47f login-common API made more extensible for different kinds of protocols. Timo Sirainen <tss@iki.fi> parents: 14133 diff changeset	499 my_hostname, timestamp);
e456e1bce47f login-common API made more extensible for different kinds of protocols. Timo Sirainen <tss@iki.fi> parents: 14133 diff changeset	500 client_auth_result(client, CLIENT_AUTH_RESULT_TEMPFAIL,
e456e1bce47f login-common API made more extensible for different kinds of protocols. Timo Sirainen <tss@iki.fi> parents: 14133 diff changeset	501 reply, msg);
e456e1bce47f login-common API made more extensible for different kinds of protocols. Timo Sirainen <tss@iki.fi> parents: 14133 diff changeset	502 } else if (reply->authz_failure) {
e456e1bce47f login-common API made more extensible for different kinds of protocols. Timo Sirainen <tss@iki.fi> parents: 14133 diff changeset	503 client_auth_result(client,
e456e1bce47f login-common API made more extensible for different kinds of protocols. Timo Sirainen <tss@iki.fi> parents: 14133 diff changeset	504 CLIENT_AUTH_RESULT_AUTHZFAILED, reply,
e456e1bce47f login-common API made more extensible for different kinds of protocols. Timo Sirainen <tss@iki.fi> parents: 14133 diff changeset	505 "Authorization failed");
e456e1bce47f login-common API made more extensible for different kinds of protocols. Timo Sirainen <tss@iki.fi> parents: 14133 diff changeset	506 } else {
e456e1bce47f login-common API made more extensible for different kinds of protocols. Timo Sirainen <tss@iki.fi> parents: 14133 diff changeset	507 client_auth_result(client,
e456e1bce47f login-common API made more extensible for different kinds of protocols. Timo Sirainen <tss@iki.fi> parents: 14133 diff changeset	508 CLIENT_AUTH_RESULT_AUTHFAILED, reply,
e456e1bce47f login-common API made more extensible for different kinds of protocols. Timo Sirainen <tss@iki.fi> parents: 14133 diff changeset	509 AUTH_FAILED_MSG);
e456e1bce47f login-common API made more extensible for different kinds of protocols. Timo Sirainen <tss@iki.fi> parents: 14133 diff changeset	510 }
e456e1bce47f login-common API made more extensible for different kinds of protocols. Timo Sirainen <tss@iki.fi> parents: 14133 diff changeset	511 } else {
e456e1bce47f login-common API made more extensible for different kinds of protocols. Timo Sirainen <tss@iki.fi> parents: 14133 diff changeset	512 /* normal login/failure */
e456e1bce47f login-common API made more extensible for different kinds of protocols. Timo Sirainen <tss@iki.fi> parents: 14133 diff changeset	513 return FALSE;
e456e1bce47f login-common API made more extensible for different kinds of protocols. Timo Sirainen <tss@iki.fi> parents: 14133 diff changeset	514 }
e456e1bce47f login-common API made more extensible for different kinds of protocols. Timo Sirainen <tss@iki.fi> parents: 14133 diff changeset	515
e456e1bce47f login-common API made more extensible for different kinds of protocols. Timo Sirainen <tss@iki.fi> parents: 14133 diff changeset	516 i_assert(reply->nologin);
e456e1bce47f login-common API made more extensible for different kinds of protocols. Timo Sirainen <tss@iki.fi> parents: 14133 diff changeset	517
e456e1bce47f login-common API made more extensible for different kinds of protocols. Timo Sirainen <tss@iki.fi> parents: 14133 diff changeset	518 if (!client->destroyed)
e456e1bce47f login-common API made more extensible for different kinds of protocols. Timo Sirainen <tss@iki.fi> parents: 14133 diff changeset	519 client_auth_failed(client);
e456e1bce47f login-common API made more extensible for different kinds of protocols. Timo Sirainen <tss@iki.fi> parents: 14133 diff changeset	520 return TRUE;
e456e1bce47f login-common API made more extensible for different kinds of protocols. Timo Sirainen <tss@iki.fi> parents: 14133 diff changeset	521 }
e456e1bce47f login-common API made more extensible for different kinds of protocols. Timo Sirainen <tss@iki.fi> parents: 14133 diff changeset	522
e456e1bce47f login-common API made more extensible for different kinds of protocols. Timo Sirainen <tss@iki.fi> parents: 14133 diff changeset	523 void client_auth_respond(struct client client, const char response)
e456e1bce47f login-common API made more extensible for different kinds of protocols. Timo Sirainen <tss@iki.fi> parents: 14133 diff changeset	524 {
e456e1bce47f login-common API made more extensible for different kinds of protocols. Timo Sirainen <tss@iki.fi> parents: 14133 diff changeset	525 client->auth_waiting = FALSE;
e456e1bce47f login-common API made more extensible for different kinds of protocols. Timo Sirainen <tss@iki.fi> parents: 14133 diff changeset	526 client_set_auth_waiting(client);
e456e1bce47f login-common API made more extensible for different kinds of protocols. Timo Sirainen <tss@iki.fi> parents: 14133 diff changeset	527 auth_client_request_continue(client->auth_request, response);
e456e1bce47f login-common API made more extensible for different kinds of protocols. Timo Sirainen <tss@iki.fi> parents: 14133 diff changeset	528 io_remove(&client->io);
e456e1bce47f login-common API made more extensible for different kinds of protocols. Timo Sirainen <tss@iki.fi> parents: 14133 diff changeset	529 }
e456e1bce47f login-common API made more extensible for different kinds of protocols. Timo Sirainen <tss@iki.fi> parents: 14133 diff changeset	530
e456e1bce47f login-common API made more extensible for different kinds of protocols. Timo Sirainen <tss@iki.fi> parents: 14133 diff changeset	531 void client_auth_abort(struct client *client)
e456e1bce47f login-common API made more extensible for different kinds of protocols. Timo Sirainen <tss@iki.fi> parents: 14133 diff changeset	532 {
e456e1bce47f login-common API made more extensible for different kinds of protocols. Timo Sirainen <tss@iki.fi> parents: 14133 diff changeset	533 sasl_server_auth_abort(client);
e456e1bce47f login-common API made more extensible for different kinds of protocols. Timo Sirainen <tss@iki.fi> parents: 14133 diff changeset	534 }
e456e1bce47f login-common API made more extensible for different kinds of protocols. Timo Sirainen <tss@iki.fi> parents: 14133 diff changeset	535
e456e1bce47f login-common API made more extensible for different kinds of protocols. Timo Sirainen <tss@iki.fi> parents: 14133 diff changeset	536 void client_auth_fail(struct client client, const char text)
e456e1bce47f login-common API made more extensible for different kinds of protocols. Timo Sirainen <tss@iki.fi> parents: 14133 diff changeset	537 {
e456e1bce47f login-common API made more extensible for different kinds of protocols. Timo Sirainen <tss@iki.fi> parents: 14133 diff changeset	538 sasl_server_auth_failed(client, text);
9756 e30495ae11de -login: Moved most of the common code to login-common. Timo Sirainen <tss@iki.fi>* parents: diff changeset	539 }
e30495ae11de -login: Moved most of the common code to login-common. Timo Sirainen <tss@iki.fi>* parents: diff changeset	540
13953 b86f7dd170c6 imap-login: Handle SASL-IR without overflowing master_auth_request's buffer. Timo Sirainen <tss@iki.fi> parents: 13933 diff changeset	541 int client_auth_read_line(struct client *client)
9781 19912e4a2fb3 -login: Allow backend to parse SASL responses from client (for managesieve). Timo Sirainen <tss@iki.fi>* parents: 9775 diff changeset	542 {
9782 e4235adb3044 -login: Allow auth input to be larger than the rest of the input. Timo Sirainen <tss@iki.fi>* parents: 9781 diff changeset	543 const unsigned char *data;
21322 5ab8dc1a4a6f global: Change string position/length from unsigned int to size_t Timo Sirainen <timo.sirainen@dovecot.fi> parents: 21018 diff changeset	544 size_t i, size, len;
9782 e4235adb3044 -login: Allow auth input to be larger than the rest of the input. Timo Sirainen <tss@iki.fi>* parents: 9781 diff changeset	545
e4235adb3044 -login: Allow auth input to be larger than the rest of the input. Timo Sirainen <tss@iki.fi>* parents: 9781 diff changeset	546 if (i_stream_read_data(client->input, &data, &size, 0) == -1) {
e4235adb3044 -login: Allow auth input to be larger than the rest of the input. Timo Sirainen <tss@iki.fi>* parents: 9781 diff changeset	547 client_destroy(client, "Disconnected");
e4235adb3044 -login: Allow auth input to be larger than the rest of the input. Timo Sirainen <tss@iki.fi>* parents: 9781 diff changeset	548 return -1;
e4235adb3044 -login: Allow auth input to be larger than the rest of the input. Timo Sirainen <tss@iki.fi>* parents: 9781 diff changeset	549 }
9781 19912e4a2fb3 -login: Allow backend to parse SASL responses from client (for managesieve). Timo Sirainen <tss@iki.fi>* parents: 9775 diff changeset	550
9782 e4235adb3044 -login: Allow auth input to be larger than the rest of the input. Timo Sirainen <tss@iki.fi>* parents: 9781 diff changeset	551 /* see if we have a full line */
e4235adb3044 -login: Allow auth input to be larger than the rest of the input. Timo Sirainen <tss@iki.fi>* parents: 9781 diff changeset	552 for (i = 0; i < size; i++) {
e4235adb3044 -login: Allow auth input to be larger than the rest of the input. Timo Sirainen <tss@iki.fi>* parents: 9781 diff changeset	553 if (data[i] == '\n')
e4235adb3044 -login: Allow auth input to be larger than the rest of the input. Timo Sirainen <tss@iki.fi>* parents: 9781 diff changeset	554 break;
e4235adb3044 -login: Allow auth input to be larger than the rest of the input. Timo Sirainen <tss@iki.fi>* parents: 9781 diff changeset	555 }
13953 b86f7dd170c6 imap-login: Handle SASL-IR without overflowing master_auth_request's buffer. Timo Sirainen <tss@iki.fi> parents: 13933 diff changeset	556 if (client->auth_response == NULL)
b86f7dd170c6 imap-login: Handle SASL-IR without overflowing master_auth_request's buffer. Timo Sirainen <tss@iki.fi> parents: 13933 diff changeset	557 client->auth_response = str_new(default_pool, I_MAX(i+1, 256));
13982 83a2e1ba3ab6 login: Make SASL auth buffer size define public. Timo Sirainen <tss@iki.fi> parents: 13979 diff changeset	558 if (str_len(client->auth_response) + i > LOGIN_MAX_AUTH_BUF_SIZE) {
9782 e4235adb3044 -login: Allow auth input to be larger than the rest of the input. Timo Sirainen <tss@iki.fi>* parents: 9781 diff changeset	559 client_destroy(client, "Authentication response too large");
e4235adb3044 -login: Allow auth input to be larger than the rest of the input. Timo Sirainen <tss@iki.fi>* parents: 9781 diff changeset	560 return -1;
e4235adb3044 -login: Allow auth input to be larger than the rest of the input. Timo Sirainen <tss@iki.fi>* parents: 9781 diff changeset	561 }
e4235adb3044 -login: Allow auth input to be larger than the rest of the input. Timo Sirainen <tss@iki.fi>* parents: 9781 diff changeset	562 str_append_n(client->auth_response, data, i);
e4235adb3044 -login: Allow auth input to be larger than the rest of the input. Timo Sirainen <tss@iki.fi>* parents: 9781 diff changeset	563 i_stream_skip(client->input, i == size ? size : i+1);
9781 19912e4a2fb3 -login: Allow backend to parse SASL responses from client (for managesieve). Timo Sirainen <tss@iki.fi>* parents: 9775 diff changeset	564
9782 e4235adb3044 -login: Allow auth input to be larger than the rest of the input. Timo Sirainen <tss@iki.fi>* parents: 9781 diff changeset	565 /* drop trailing \r */
e4235adb3044 -login: Allow auth input to be larger than the rest of the input. Timo Sirainen <tss@iki.fi>* parents: 9781 diff changeset	566 len = str_len(client->auth_response);
e4235adb3044 -login: Allow auth input to be larger than the rest of the input. Timo Sirainen <tss@iki.fi>* parents: 9781 diff changeset	567 if (len > 0 && str_c(client->auth_response)[len-1] == '\r')
e4235adb3044 -login: Allow auth input to be larger than the rest of the input. Timo Sirainen <tss@iki.fi>* parents: 9781 diff changeset	568 str_truncate(client->auth_response, len-1);
e4235adb3044 -login: Allow auth input to be larger than the rest of the input. Timo Sirainen <tss@iki.fi>* parents: 9781 diff changeset	569
e4235adb3044 -login: Allow auth input to be larger than the rest of the input. Timo Sirainen <tss@iki.fi>* parents: 9781 diff changeset	570 return i < size;
e4235adb3044 -login: Allow auth input to be larger than the rest of the input. Timo Sirainen <tss@iki.fi>* parents: 9781 diff changeset	571 }
e4235adb3044 -login: Allow auth input to be larger than the rest of the input. Timo Sirainen <tss@iki.fi>* parents: 9781 diff changeset	572
14146 e456e1bce47f login-common API made more extensible for different kinds of protocols. Timo Sirainen <tss@iki.fi> parents: 14133 diff changeset	573 void client_auth_parse_response(struct client *client)
9782 e4235adb3044 -login: Allow auth input to be larger than the rest of the input. Timo Sirainen <tss@iki.fi>* parents: 9781 diff changeset	574 {
14146 e456e1bce47f login-common API made more extensible for different kinds of protocols. Timo Sirainen <tss@iki.fi> parents: 14133 diff changeset	575 if (client_auth_read_line(client) <= 0)
e456e1bce47f login-common API made more extensible for different kinds of protocols. Timo Sirainen <tss@iki.fi> parents: 14133 diff changeset	576 return;
9782 e4235adb3044 -login: Allow auth input to be larger than the rest of the input. Timo Sirainen <tss@iki.fi>* parents: 9781 diff changeset	577
e4235adb3044 -login: Allow auth input to be larger than the rest of the input. Timo Sirainen <tss@iki.fi>* parents: 9781 diff changeset	578 if (strcmp(str_c(client->auth_response), "*") == 0) {
9781 19912e4a2fb3 -login: Allow backend to parse SASL responses from client (for managesieve). Timo Sirainen <tss@iki.fi>* parents: 9775 diff changeset	579 sasl_server_auth_abort(client);
14146 e456e1bce47f login-common API made more extensible for different kinds of protocols. Timo Sirainen <tss@iki.fi> parents: 14133 diff changeset	580 return;
9781 19912e4a2fb3 -login: Allow backend to parse SASL responses from client (for managesieve). Timo Sirainen <tss@iki.fi>* parents: 9775 diff changeset	581 }
14146 e456e1bce47f login-common API made more extensible for different kinds of protocols. Timo Sirainen <tss@iki.fi> parents: 14133 diff changeset	582
e456e1bce47f login-common API made more extensible for different kinds of protocols. Timo Sirainen <tss@iki.fi> parents: 14133 diff changeset	583 client_auth_respond(client, str_c(client->auth_response));
e456e1bce47f login-common API made more extensible for different kinds of protocols. Timo Sirainen <tss@iki.fi> parents: 14133 diff changeset	584 memset(str_c_modifiable(client->auth_response), 0,
e456e1bce47f login-common API made more extensible for different kinds of protocols. Timo Sirainen <tss@iki.fi> parents: 14133 diff changeset	585 str_len(client->auth_response));
9781 19912e4a2fb3 -login: Allow backend to parse SASL responses from client (for managesieve). Timo Sirainen <tss@iki.fi>* parents: 9775 diff changeset	586 }
19912e4a2fb3 -login: Allow backend to parse SASL responses from client (for managesieve). Timo Sirainen <tss@iki.fi>* parents: 9775 diff changeset	587
9756 e30495ae11de -login: Moved most of the common code to login-common. Timo Sirainen <tss@iki.fi>* parents: diff changeset	588 static void client_auth_input(struct client *client)
e30495ae11de -login: Moved most of the common code to login-common. Timo Sirainen <tss@iki.fi>* parents: diff changeset	589 {
15049 aa6027a0a78e Added support to perform token-based service process authentication. Stephan Bosch <stephan@rename-it.nl> parents: 14728 diff changeset	590 i_assert(client->v.auth_parse_response != NULL);
14146 e456e1bce47f login-common API made more extensible for different kinds of protocols. Timo Sirainen <tss@iki.fi> parents: 14133 diff changeset	591 client->v.auth_parse_response(client);
9756 e30495ae11de -login: Moved most of the common code to login-common. Timo Sirainen <tss@iki.fi>* parents: diff changeset	592 }
e30495ae11de -login: Moved most of the common code to login-common. Timo Sirainen <tss@iki.fi>* parents: diff changeset	593
9781 19912e4a2fb3 -login: Allow backend to parse SASL responses from client (for managesieve). Timo Sirainen <tss@iki.fi>* parents: 9775 diff changeset	594 void client_auth_send_challenge(struct client client, const char data)
9767 50df3e60ab85 -login: Abstract out SASL continue reply sending (for managesieve). Timo Sirainen <tss@iki.fi>* parents: 9757 diff changeset	595 {
50df3e60ab85 -login: Abstract out SASL continue reply sending (for managesieve). Timo Sirainen <tss@iki.fi>* parents: 9757 diff changeset	596 struct const_iovec iov[3];
50df3e60ab85 -login: Abstract out SASL continue reply sending (for managesieve). Timo Sirainen <tss@iki.fi>* parents: 9757 diff changeset	597
50df3e60ab85 -login: Abstract out SASL continue reply sending (for managesieve). Timo Sirainen <tss@iki.fi>* parents: 9757 diff changeset	598 iov[0].iov_base = "+ ";
50df3e60ab85 -login: Abstract out SASL continue reply sending (for managesieve). Timo Sirainen <tss@iki.fi>* parents: 9757 diff changeset	599 iov[0].iov_len = 2;
50df3e60ab85 -login: Abstract out SASL continue reply sending (for managesieve). Timo Sirainen <tss@iki.fi>* parents: 9757 diff changeset	600 iov[1].iov_base = data;
50df3e60ab85 -login: Abstract out SASL continue reply sending (for managesieve). Timo Sirainen <tss@iki.fi>* parents: 9757 diff changeset	601 iov[1].iov_len = strlen(data);
50df3e60ab85 -login: Abstract out SASL continue reply sending (for managesieve). Timo Sirainen <tss@iki.fi>* parents: 9757 diff changeset	602 iov[2].iov_base = "\r\n";
50df3e60ab85 -login: Abstract out SASL continue reply sending (for managesieve). Timo Sirainen <tss@iki.fi>* parents: 9757 diff changeset	603 iov[2].iov_len = 2;
50df3e60ab85 -login: Abstract out SASL continue reply sending (for managesieve). Timo Sirainen <tss@iki.fi>* parents: 9757 diff changeset	604
14681 ca37d1577291 Added o_stream_nsend() and related functions to make delayed error handling safer. Timo Sirainen <tss@iki.fi>* parents: 14629 diff changeset	605 o_stream_nsendv(client->output, iov, 3);
9767 50df3e60ab85 -login: Abstract out SASL continue reply sending (for managesieve). Timo Sirainen <tss@iki.fi>* parents: 9757 diff changeset	606 }
50df3e60ab85 -login: Abstract out SASL continue reply sending (for managesieve). Timo Sirainen <tss@iki.fi>* parents: 9757 diff changeset	607
9756 e30495ae11de -login: Moved most of the common code to login-common. Timo Sirainen <tss@iki.fi>* parents: diff changeset	608 static void
e30495ae11de -login: Moved most of the common code to login-common. Timo Sirainen <tss@iki.fi>* parents: diff changeset	609 sasl_callback(struct client *client, enum sasl_server_reply sasl_reply,
e30495ae11de -login: Moved most of the common code to login-common. Timo Sirainen <tss@iki.fi>* parents: diff changeset	610 const char data, const char const *args)
e30495ae11de -login: Moved most of the common code to login-common. Timo Sirainen <tss@iki.fi>* parents: diff changeset	611 {
e30495ae11de -login: Moved most of the common code to login-common. Timo Sirainen <tss@iki.fi>* parents: diff changeset	612 struct client_auth_reply reply;
e30495ae11de -login: Moved most of the common code to login-common. Timo Sirainen <tss@iki.fi>* parents: diff changeset	613
e30495ae11de -login: Moved most of the common code to login-common. Timo Sirainen <tss@iki.fi>* parents: diff changeset	614 i_assert(!client->destroyed \|\|
e30495ae11de -login: Moved most of the common code to login-common. Timo Sirainen <tss@iki.fi>* parents: diff changeset	615 sasl_reply == SASL_SERVER_REPLY_AUTH_ABORTED \|\|
e30495ae11de -login: Moved most of the common code to login-common. Timo Sirainen <tss@iki.fi>* parents: diff changeset	616 sasl_reply == SASL_SERVER_REPLY_MASTER_FAILED);
e30495ae11de -login: Moved most of the common code to login-common. Timo Sirainen <tss@iki.fi>* parents: diff changeset	617
21389 59437f8764c6 global: Replaced all instances of memset(p, 0, sizeof(p)) with the new i_zero() macro. Stephan Bosch <stephan.bosch@dovecot.fi>* parents: 21322 diff changeset	618 i_zero(&reply);
9756 e30495ae11de -login: Moved most of the common code to login-common. Timo Sirainen <tss@iki.fi>* parents: diff changeset	619 switch (sasl_reply) {
e30495ae11de -login: Moved most of the common code to login-common. Timo Sirainen <tss@iki.fi>* parents: diff changeset	620 case SASL_SERVER_REPLY_SUCCESS:
e30495ae11de -login: Moved most of the common code to login-common. Timo Sirainen <tss@iki.fi>* parents: diff changeset	621 if (client->to_auth_waiting != NULL)
e30495ae11de -login: Moved most of the common code to login-common. Timo Sirainen <tss@iki.fi>* parents: diff changeset	622 timeout_remove(&client->to_auth_waiting);
e30495ae11de -login: Moved most of the common code to login-common. Timo Sirainen <tss@iki.fi>* parents: diff changeset	623 if (args != NULL) {
20840 1b4a57403aef -login: Store user_ passdb fields to client->alt_usernames. Timo Sirainen <timo.sirainen@dovecot.fi> parents: 19964 diff changeset	624 client_auth_parse_args(client, TRUE, args, &reply);
19650 44b26f969840 -login: Add all returned passdb fields to struct client_auth_reply.all_fields Timo Sirainen <timo.sirainen@dovecot.fi>* parents: 19552 diff changeset	625 reply.all_fields = args;
9756 e30495ae11de -login: Moved most of the common code to login-common. Timo Sirainen <tss@iki.fi>* parents: diff changeset	626 if (client_auth_handle_reply(client, &reply, TRUE))
e30495ae11de -login: Moved most of the common code to login-common. Timo Sirainen <tss@iki.fi>* parents: diff changeset	627 break;
e30495ae11de -login: Moved most of the common code to login-common. Timo Sirainen <tss@iki.fi>* parents: diff changeset	628 }
14146 e456e1bce47f login-common API made more extensible for different kinds of protocols. Timo Sirainen <tss@iki.fi> parents: 14133 diff changeset	629 client_auth_result(client, CLIENT_AUTH_RESULT_SUCCESS,
19740 722216cfad93 -login: Pass client_auth_reply to client.auth_result() whenever possible. Timo Sirainen <timo.sirainen@dovecot.fi>* parents: 19650 diff changeset	630 &reply, NULL);
9756 e30495ae11de -login: Moved most of the common code to login-common. Timo Sirainen <tss@iki.fi>* parents: diff changeset	631 client_destroy_success(client, "Login");
e30495ae11de -login: Moved most of the common code to login-common. Timo Sirainen <tss@iki.fi>* parents: diff changeset	632 break;
e30495ae11de -login: Moved most of the common code to login-common. Timo Sirainen <tss@iki.fi>* parents: diff changeset	633 case SASL_SERVER_REPLY_AUTH_FAILED:
e30495ae11de -login: Moved most of the common code to login-common. Timo Sirainen <tss@iki.fi>* parents: diff changeset	634 case SASL_SERVER_REPLY_AUTH_ABORTED:
e30495ae11de -login: Moved most of the common code to login-common. Timo Sirainen <tss@iki.fi>* parents: diff changeset	635 if (client->to_auth_waiting != NULL)
e30495ae11de -login: Moved most of the common code to login-common. Timo Sirainen <tss@iki.fi>* parents: diff changeset	636 timeout_remove(&client->to_auth_waiting);
e30495ae11de -login: Moved most of the common code to login-common. Timo Sirainen <tss@iki.fi>* parents: diff changeset	637 if (args != NULL) {
20840 1b4a57403aef -login: Store user_ passdb fields to client->alt_usernames. Timo Sirainen <timo.sirainen@dovecot.fi> parents: 19964 diff changeset	638 client_auth_parse_args(client, FALSE, args, &reply);
9756 e30495ae11de -login: Moved most of the common code to login-common. Timo Sirainen <tss@iki.fi>* parents: diff changeset	639 reply.nologin = TRUE;
19650 44b26f969840 -login: Add all returned passdb fields to struct client_auth_reply.all_fields Timo Sirainen <timo.sirainen@dovecot.fi>* parents: 19552 diff changeset	640 reply.all_fields = args;
9756 e30495ae11de -login: Moved most of the common code to login-common. Timo Sirainen <tss@iki.fi>* parents: diff changeset	641 if (client_auth_handle_reply(client, &reply, FALSE))
e30495ae11de -login: Moved most of the common code to login-common. Timo Sirainen <tss@iki.fi>* parents: diff changeset	642 break;
e30495ae11de -login: Moved most of the common code to login-common. Timo Sirainen <tss@iki.fi>* parents: diff changeset	643 }
e30495ae11de -login: Moved most of the common code to login-common. Timo Sirainen <tss@iki.fi>* parents: diff changeset	644
e30495ae11de -login: Moved most of the common code to login-common. Timo Sirainen <tss@iki.fi>* parents: diff changeset	645 if (sasl_reply == SASL_SERVER_REPLY_AUTH_ABORTED) {
14146 e456e1bce47f login-common API made more extensible for different kinds of protocols. Timo Sirainen <tss@iki.fi> parents: 14133 diff changeset	646 client_auth_result(client, CLIENT_AUTH_RESULT_ABORTED,
19740 722216cfad93 -login: Pass client_auth_reply to client.auth_result() whenever possible. Timo Sirainen <timo.sirainen@dovecot.fi>* parents: 19650 diff changeset	647 &reply, "Authentication aborted by client.");
9756 e30495ae11de -login: Moved most of the common code to login-common. Timo Sirainen <tss@iki.fi>* parents: diff changeset	648 } else if (data == NULL) {
14146 e456e1bce47f login-common API made more extensible for different kinds of protocols. Timo Sirainen <tss@iki.fi> parents: 14133 diff changeset	649 client_auth_result(client,
19740 722216cfad93 -login: Pass client_auth_reply to client.auth_result() whenever possible. Timo Sirainen <timo.sirainen@dovecot.fi>* parents: 19650 diff changeset	650 CLIENT_AUTH_RESULT_AUTHFAILED, &reply,
14146 e456e1bce47f login-common API made more extensible for different kinds of protocols. Timo Sirainen <tss@iki.fi> parents: 14133 diff changeset	651 AUTH_FAILED_MSG);
9756 e30495ae11de -login: Moved most of the common code to login-common. Timo Sirainen <tss@iki.fi>* parents: diff changeset	652 } else {
14146 e456e1bce47f login-common API made more extensible for different kinds of protocols. Timo Sirainen <tss@iki.fi> parents: 14133 diff changeset	653 client_auth_result(client,
19740 722216cfad93 -login: Pass client_auth_reply to client.auth_result() whenever possible. Timo Sirainen <timo.sirainen@dovecot.fi>* parents: 19650 diff changeset	654 CLIENT_AUTH_RESULT_AUTHFAILED_REASON, &reply,
16386 b05b772ff78f -login: If auth failed with a specified reason, the reason wasn't actually shown to client. Timo Sirainen <tss@iki.fi>* parents: 16086 diff changeset	655 data);
9756 e30495ae11de -login: Moved most of the common code to login-common. Timo Sirainen <tss@iki.fi>* parents: diff changeset	656 }
e30495ae11de -login: Moved most of the common code to login-common. Timo Sirainen <tss@iki.fi>* parents: diff changeset	657
e30495ae11de -login: Moved most of the common code to login-common. Timo Sirainen <tss@iki.fi>* parents: diff changeset	658 if (!client->destroyed)
10302 7d9cd9b7da08 -login: Removed per-connection auth failure penalties. Trust auth server to do it. Timo Sirainen <tss@iki.fi>* parents: 10082 diff changeset	659 client_auth_failed(client);
9756 e30495ae11de -login: Moved most of the common code to login-common. Timo Sirainen <tss@iki.fi>* parents: diff changeset	660 break;
e30495ae11de -login: Moved most of the common code to login-common. Timo Sirainen <tss@iki.fi>* parents: diff changeset	661 case SASL_SERVER_REPLY_MASTER_FAILED:
11504 279bf7435603 login: Master login internal failures weren't handled correctly. Timo Sirainen <tss@iki.fi> parents: 11324 diff changeset	662 if (data != NULL) {
9756 e30495ae11de -login: Moved most of the common code to login-common. Timo Sirainen <tss@iki.fi>* parents: diff changeset	663 /* authentication itself succeeded, we just hit some
e30495ae11de -login: Moved most of the common code to login-common. Timo Sirainen <tss@iki.fi>* parents: diff changeset	664 internal failure. */
14146 e456e1bce47f login-common API made more extensible for different kinds of protocols. Timo Sirainen <tss@iki.fi> parents: 14133 diff changeset	665 client_auth_result(client, CLIENT_AUTH_RESULT_TEMPFAIL,
19740 722216cfad93 -login: Pass client_auth_reply to client.auth_result() whenever possible. Timo Sirainen <timo.sirainen@dovecot.fi>* parents: 19650 diff changeset	666 &reply, data);
9756 e30495ae11de -login: Moved most of the common code to login-common. Timo Sirainen <tss@iki.fi>* parents: diff changeset	667 }
11504 279bf7435603 login: Master login internal failures weren't handled correctly. Timo Sirainen <tss@iki.fi> parents: 11324 diff changeset	668
11505 a859ab0d760e login: If master login fails, make sure the client gets disconnected. Timo Sirainen <tss@iki.fi> parents: 11504 diff changeset	669 /* the fd may still be hanging somewhere in kernel or another
a859ab0d760e login: If master login fails, make sure the client gets disconnected. Timo Sirainen <tss@iki.fi> parents: 11504 diff changeset	670 process. make sure the client gets disconnected. */
12107 babeebf041c4 -login: Ignore ENOTCONN error for shutdown() Timo Sirainen <tss@iki.fi>* parents: 12085 diff changeset	671 if (shutdown(client->fd, SHUT_RDWR) < 0 && errno != ENOTCONN)
11505 a859ab0d760e login: If master login fails, make sure the client gets disconnected. Timo Sirainen <tss@iki.fi> parents: 11504 diff changeset	672 i_error("shutdown() failed: %m");
a859ab0d760e login: If master login fails, make sure the client gets disconnected. Timo Sirainen <tss@iki.fi> parents: 11504 diff changeset	673
11504 279bf7435603 login: Master login internal failures weren't handled correctly. Timo Sirainen <tss@iki.fi> parents: 11324 diff changeset	674 if (data == NULL)
279bf7435603 login: Master login internal failures weren't handled correctly. Timo Sirainen <tss@iki.fi> parents: 11324 diff changeset	675 client_destroy_internal_failure(client);
279bf7435603 login: Master login internal failures weren't handled correctly. Timo Sirainen <tss@iki.fi> parents: 11324 diff changeset	676 else
279bf7435603 login: Master login internal failures weren't handled correctly. Timo Sirainen <tss@iki.fi> parents: 11324 diff changeset	677 client_destroy_success(client, data);
11018 2e08ce368bc0 Added support for userdb lookup to fail with a reason (many API changes). Timo Sirainen <tss@iki.fi> parents: 10616 diff changeset	678 break;
9756 e30495ae11de -login: Moved most of the common code to login-common. Timo Sirainen <tss@iki.fi>* parents: diff changeset	679 case SASL_SERVER_REPLY_CONTINUE:
15049 aa6027a0a78e Added support to perform token-based service process authentication. Stephan Bosch <stephan@rename-it.nl> parents: 14728 diff changeset	680 i_assert(client->v.auth_send_challenge != NULL);
9781 19912e4a2fb3 -login: Allow backend to parse SASL responses from client (for managesieve). Timo Sirainen <tss@iki.fi>* parents: 9775 diff changeset	681 client->v.auth_send_challenge(client, data);
9756 e30495ae11de -login: Moved most of the common code to login-common. Timo Sirainen <tss@iki.fi>* parents: diff changeset	682
e30495ae11de -login: Moved most of the common code to login-common. Timo Sirainen <tss@iki.fi>* parents: diff changeset	683 if (client->to_auth_waiting != NULL)
e30495ae11de -login: Moved most of the common code to login-common. Timo Sirainen <tss@iki.fi>* parents: diff changeset	684 timeout_remove(&client->to_auth_waiting);
e30495ae11de -login: Moved most of the common code to login-common. Timo Sirainen <tss@iki.fi>* parents: diff changeset	685
13953 b86f7dd170c6 imap-login: Handle SASL-IR without overflowing master_auth_request's buffer. Timo Sirainen <tss@iki.fi> parents: 13933 diff changeset	686 if (client->auth_response != NULL)
b86f7dd170c6 imap-login: Handle SASL-IR without overflowing master_auth_request's buffer. Timo Sirainen <tss@iki.fi> parents: 13933 diff changeset	687 str_truncate(client->auth_response, 0);
9782 e4235adb3044 -login: Allow auth input to be larger than the rest of the input. Timo Sirainen <tss@iki.fi>* parents: 9781 diff changeset	688
9756 e30495ae11de -login: Moved most of the common code to login-common. Timo Sirainen <tss@iki.fi>* parents: diff changeset	689 i_assert(client->io == NULL);
13733 679837ca1c95 login: Log a different disconnect message if client didn't finish SASL auth. Timo Sirainen <tss@iki.fi> parents: 13327 diff changeset	690 client->auth_waiting = TRUE;
9756 e30495ae11de -login: Moved most of the common code to login-common. Timo Sirainen <tss@iki.fi>* parents: diff changeset	691 client->io = io_add(client->fd, IO_READ,
e30495ae11de -login: Moved most of the common code to login-common. Timo Sirainen <tss@iki.fi>* parents: diff changeset	692 client_auth_input, client);
e30495ae11de -login: Moved most of the common code to login-common. Timo Sirainen <tss@iki.fi>* parents: diff changeset	693 client_auth_input(client);
e30495ae11de -login: Moved most of the common code to login-common. Timo Sirainen <tss@iki.fi>* parents: diff changeset	694 return;
e30495ae11de -login: Moved most of the common code to login-common. Timo Sirainen <tss@iki.fi>* parents: diff changeset	695 }
e30495ae11de -login: Moved most of the common code to login-common. Timo Sirainen <tss@iki.fi>* parents: diff changeset	696
14688 128c598d2870 Avoid using (void)s by adding ATTR_NOWARN_UNUSED_RESULT attributes and other ways. Timo Sirainen <tss@iki.fi> parents: 14682 diff changeset	697 client_unref(&client);
9756 e30495ae11de -login: Moved most of the common code to login-common. Timo Sirainen <tss@iki.fi>* parents: diff changeset	698 }
e30495ae11de -login: Moved most of the common code to login-common. Timo Sirainen <tss@iki.fi>* parents: diff changeset	699
e30495ae11de -login: Moved most of the common code to login-common. Timo Sirainen <tss@iki.fi>* parents: diff changeset	700 int client_auth_begin(struct client client, const char mech_name,
e30495ae11de -login: Moved most of the common code to login-common. Timo Sirainen <tss@iki.fi>* parents: diff changeset	701 const char *init_resp)
e30495ae11de -login: Moved most of the common code to login-common. Timo Sirainen <tss@iki.fi>* parents: diff changeset	702 {
14728 983c6ff12cc9 Moved ssl_* settings from login-common to lib-master. Timo Sirainen <tss@iki.fi> parents: 14688 diff changeset	703 if (!client->secured && strcmp(client->ssl_set->ssl, "required") == 0) {
14004 581aaea8569c login process wasn't logging all intended messages with auth_verbose=yes Timo Sirainen <tss@iki.fi> parents: 13982 diff changeset	704 if (client->set->auth_verbose) {
9757 1c01e6bf1090 -login: Moved ssl=required checking to login-common. Timo Sirainen <tss@iki.fi>* parents: 9756 diff changeset	705 client_log(client, "Login failed: "
1c01e6bf1090 -login: Moved ssl=required checking to login-common. Timo Sirainen <tss@iki.fi>* parents: 9756 diff changeset	706 "SSL required for authentication");
1c01e6bf1090 -login: Moved ssl=required checking to login-common. Timo Sirainen <tss@iki.fi>* parents: 9756 diff changeset	707 }
1c01e6bf1090 -login: Moved ssl=required checking to login-common. Timo Sirainen <tss@iki.fi>* parents: 9756 diff changeset	708 client->auth_attempts++;
14146 e456e1bce47f login-common API made more extensible for different kinds of protocols. Timo Sirainen <tss@iki.fi> parents: 14133 diff changeset	709 client_auth_result(client, CLIENT_AUTH_RESULT_SSL_REQUIRED, NULL,
9757 1c01e6bf1090 -login: Moved ssl=required checking to login-common. Timo Sirainen <tss@iki.fi>* parents: 9756 diff changeset	710 "Authentication not allowed until SSL/TLS is enabled.");
1c01e6bf1090 -login: Moved ssl=required checking to login-common. Timo Sirainen <tss@iki.fi>* parents: 9756 diff changeset	711 return 1;
1c01e6bf1090 -login: Moved ssl=required checking to login-common. Timo Sirainen <tss@iki.fi>* parents: 9756 diff changeset	712 }
1c01e6bf1090 -login: Moved ssl=required checking to login-common. Timo Sirainen <tss@iki.fi>* parents: 9756 diff changeset	713
1c01e6bf1090 -login: Moved ssl=required checking to login-common. Timo Sirainen <tss@iki.fi>* parents: 9756 diff changeset	714
9756 e30495ae11de -login: Moved most of the common code to login-common. Timo Sirainen <tss@iki.fi>* parents: diff changeset	715 client_ref(client);
e30495ae11de -login: Moved most of the common code to login-common. Timo Sirainen <tss@iki.fi>* parents: diff changeset	716 client->auth_initializing = TRUE;
12890 6f0396e35fd9 login-common API redesign so that the library doesn't refer to nonexistent variables. Timo Sirainen <tss@iki.fi> parents: 12782 diff changeset	717 sasl_server_auth_begin(client, login_binary->protocol, mech_name,
9756 e30495ae11de -login: Moved most of the common code to login-common. Timo Sirainen <tss@iki.fi>* parents: diff changeset	718 init_resp, sasl_callback);
e30495ae11de -login: Moved most of the common code to login-common. Timo Sirainen <tss@iki.fi>* parents: diff changeset	719 client->auth_initializing = FALSE;
e30495ae11de -login: Moved most of the common code to login-common. Timo Sirainen <tss@iki.fi>* parents: diff changeset	720 if (!client->authenticating)
e30495ae11de -login: Moved most of the common code to login-common. Timo Sirainen <tss@iki.fi>* parents: diff changeset	721 return 1;
e30495ae11de -login: Moved most of the common code to login-common. Timo Sirainen <tss@iki.fi>* parents: diff changeset	722
e30495ae11de -login: Moved most of the common code to login-common. Timo Sirainen <tss@iki.fi>* parents: diff changeset	723 /* don't handle input until we get the initial auth reply */
e30495ae11de -login: Moved most of the common code to login-common. Timo Sirainen <tss@iki.fi>* parents: diff changeset	724 if (client->io != NULL)
e30495ae11de -login: Moved most of the common code to login-common. Timo Sirainen <tss@iki.fi>* parents: diff changeset	725 io_remove(&client->io);
e30495ae11de -login: Moved most of the common code to login-common. Timo Sirainen <tss@iki.fi>* parents: diff changeset	726 client_set_auth_waiting(client);
e30495ae11de -login: Moved most of the common code to login-common. Timo Sirainen <tss@iki.fi>* parents: diff changeset	727 return 0;
e30495ae11de -login: Moved most of the common code to login-common. Timo Sirainen <tss@iki.fi>* parents: diff changeset	728 }
e30495ae11de -login: Moved most of the common code to login-common. Timo Sirainen <tss@iki.fi>* parents: diff changeset	729
e30495ae11de -login: Moved most of the common code to login-common. Timo Sirainen <tss@iki.fi>* parents: diff changeset	730 bool client_check_plaintext_auth(struct client *client, bool pass_sent)
e30495ae11de -login: Moved most of the common code to login-common. Timo Sirainen <tss@iki.fi>* parents: diff changeset	731 {
16390 787ef06c4c95 -login: ssl=required should imply disable_plaintext_auth=yes Timo Sirainen <tss@iki.fi>* parents: 16386 diff changeset	732 if (client->secured \|\| (!client->set->disable_plaintext_auth &&
787ef06c4c95 -login: ssl=required should imply disable_plaintext_auth=yes Timo Sirainen <tss@iki.fi>* parents: 16386 diff changeset	733 strcmp(client->ssl_set->ssl, "required") != 0))
9756 e30495ae11de -login: Moved most of the common code to login-common. Timo Sirainen <tss@iki.fi>* parents: diff changeset	734 return TRUE;
e30495ae11de -login: Moved most of the common code to login-common. Timo Sirainen <tss@iki.fi>* parents: diff changeset	735
14004 581aaea8569c login process wasn't logging all intended messages with auth_verbose=yes Timo Sirainen <tss@iki.fi> parents: 13982 diff changeset	736 if (client->set->auth_verbose) {
9756 e30495ae11de -login: Moved most of the common code to login-common. Timo Sirainen <tss@iki.fi>* parents: diff changeset	737 client_log(client, "Login failed: "
e30495ae11de -login: Moved most of the common code to login-common. Timo Sirainen <tss@iki.fi>* parents: diff changeset	738 "Plaintext authentication disabled");
e30495ae11de -login: Moved most of the common code to login-common. Timo Sirainen <tss@iki.fi>* parents: diff changeset	739 }
e30495ae11de -login: Moved most of the common code to login-common. Timo Sirainen <tss@iki.fi>* parents: diff changeset	740 if (pass_sent) {
14146 e456e1bce47f login-common API made more extensible for different kinds of protocols. Timo Sirainen <tss@iki.fi> parents: 14133 diff changeset	741 client_notify_status(client, TRUE,
9756 e30495ae11de -login: Moved most of the common code to login-common. Timo Sirainen <tss@iki.fi>* parents: diff changeset	742 "Plaintext authentication not allowed "
e30495ae11de -login: Moved most of the common code to login-common. Timo Sirainen <tss@iki.fi>* parents: diff changeset	743 "without SSL/TLS, but your client did it anyway. "
e30495ae11de -login: Moved most of the common code to login-common. Timo Sirainen <tss@iki.fi>* parents: diff changeset	744 "If anyone was listening, the password was exposed.");
e30495ae11de -login: Moved most of the common code to login-common. Timo Sirainen <tss@iki.fi>* parents: diff changeset	745 }
14146 e456e1bce47f login-common API made more extensible for different kinds of protocols. Timo Sirainen <tss@iki.fi> parents: 14133 diff changeset	746 client_auth_result(client, CLIENT_AUTH_RESULT_SSL_REQUIRED, NULL,
e456e1bce47f login-common API made more extensible for different kinds of protocols. Timo Sirainen <tss@iki.fi> parents: 14133 diff changeset	747 AUTH_PLAINTEXT_DISABLED_MSG);
9756 e30495ae11de -login: Moved most of the common code to login-common. Timo Sirainen <tss@iki.fi>* parents: diff changeset	748 client->auth_tried_disabled_plaintext = TRUE;
e30495ae11de -login: Moved most of the common code to login-common. Timo Sirainen <tss@iki.fi>* parents: diff changeset	749 client->auth_attempts++;
e30495ae11de -login: Moved most of the common code to login-common. Timo Sirainen <tss@iki.fi>* parents: diff changeset	750 return FALSE;
e30495ae11de -login: Moved most of the common code to login-common. Timo Sirainen <tss@iki.fi>* parents: diff changeset	751 }
e30495ae11de -login: Moved most of the common code to login-common. Timo Sirainen <tss@iki.fi>* parents: diff changeset	752
e30495ae11de -login: Moved most of the common code to login-common. Timo Sirainen <tss@iki.fi>* parents: diff changeset	753 void clients_notify_auth_connected(void)
e30495ae11de -login: Moved most of the common code to login-common. Timo Sirainen <tss@iki.fi>* parents: diff changeset	754 {
12085 af71d71e4b88 login: Crashfix when client disconnects before auth process has started. Timo Sirainen <tss@iki.fi> parents: 11982 diff changeset	755 struct client client, next;
9756 e30495ae11de -login: Moved most of the common code to login-common. Timo Sirainen <tss@iki.fi>* parents: diff changeset	756
12085 af71d71e4b88 login: Crashfix when client disconnects before auth process has started. Timo Sirainen <tss@iki.fi> parents: 11982 diff changeset	757 for (client = clients; client != NULL; client = next) {
af71d71e4b88 login: Crashfix when client disconnects before auth process has started. Timo Sirainen <tss@iki.fi> parents: 11982 diff changeset	758 next = client->next;
af71d71e4b88 login: Crashfix when client disconnects before auth process has started. Timo Sirainen <tss@iki.fi> parents: 11982 diff changeset	759
9756 e30495ae11de -login: Moved most of the common code to login-common. Timo Sirainen <tss@iki.fi>* parents: diff changeset	760 if (client->to_auth_waiting != NULL)
e30495ae11de -login: Moved most of the common code to login-common. Timo Sirainen <tss@iki.fi>* parents: diff changeset	761 timeout_remove(&client->to_auth_waiting);
14146 e456e1bce47f login-common API made more extensible for different kinds of protocols. Timo Sirainen <tss@iki.fi> parents: 14133 diff changeset	762
e456e1bce47f login-common API made more extensible for different kinds of protocols. Timo Sirainen <tss@iki.fi> parents: 14133 diff changeset	763 client_notify_auth_ready(client);
e456e1bce47f login-common API made more extensible for different kinds of protocols. Timo Sirainen <tss@iki.fi> parents: 14133 diff changeset	764
9756 e30495ae11de -login: Moved most of the common code to login-common. Timo Sirainen <tss@iki.fi>* parents: diff changeset	765 if (client->input_blocked) {
e30495ae11de -login: Moved most of the common code to login-common. Timo Sirainen <tss@iki.fi>* parents: diff changeset	766 client->input_blocked = FALSE;
e30495ae11de -login: Moved most of the common code to login-common. Timo Sirainen <tss@iki.fi>* parents: diff changeset	767 client_input(client);
e30495ae11de -login: Moved most of the common code to login-common. Timo Sirainen <tss@iki.fi>* parents: diff changeset	768 }
e30495ae11de -login: Moved most of the common code to login-common. Timo Sirainen <tss@iki.fi>* parents: diff changeset	769 }
e30495ae11de -login: Moved most of the common code to login-common. Timo Sirainen <tss@iki.fi>* parents: diff changeset	770 }

Mercurial > dovecot > core-2.2

annotate src/login-common/client-common-auth.c @ 22955:812e5c961328