Mercurial > dovecot > core-2.2
annotate src/login-common/client-common-auth.c @ 22955:812e5c961328
fts: Indexing virtual mailbox didn't always index the last mails
author | Timo Sirainen <timo.sirainen@dovecot.fi> |
---|---|
date | Thu, 03 May 2018 18:33:00 +0300 |
parents | cb108f786fb4 |
children |
rev | line source |
---|---|
22713
cb108f786fb4
Updated copyright notices to include the year 2018.
Stephan Bosch <stephan.bosch@dovecot.fi>
parents:
21773
diff
changeset
|
1 /* Copyright (c) 2002-2018 Dovecot authors, see the included COPYING file */ |
9756
e30495ae11de
*-login: Moved most of the common code to login-common.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
2 |
14146
e456e1bce47f
login-common API made more extensible for different kinds of protocols.
Timo Sirainen <tss@iki.fi>
parents:
14133
diff
changeset
|
3 #include "hostpid.h" |
10549
9ae939146ff7
login-common: Renamed common.h to login-common.h
Timo Sirainen <tss@iki.fi>
parents:
10302
diff
changeset
|
4 #include "login-common.h" |
20840
1b4a57403aef
*-login: Store user_* passdb fields to client->alt_usernames.
Timo Sirainen <timo.sirainen@dovecot.fi>
parents:
19964
diff
changeset
|
5 #include "array.h" |
18990
cd2c95d82d4c
Use io_stream_get_disconnect_reason() instead of duplicating its code all over the place.
Timo Sirainen <tss@iki.fi>
parents:
18137
diff
changeset
|
6 #include "iostream.h" |
9756
e30495ae11de
*-login: Moved most of the common code to login-common.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
7 #include "istream.h" |
e30495ae11de
*-login: Moved most of the common code to login-common.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
8 #include "ostream.h" |
e30495ae11de
*-login: Moved most of the common code to login-common.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
9 #include "str.h" |
e30495ae11de
*-login: Moved most of the common code to login-common.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
10 #include "safe-memset.h" |
14146
e456e1bce47f
login-common API made more extensible for different kinds of protocols.
Timo Sirainen <tss@iki.fi>
parents:
14133
diff
changeset
|
11 #include "time-util.h" |
9756
e30495ae11de
*-login: Moved most of the common code to login-common.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
12 #include "login-proxy.h" |
e30495ae11de
*-login: Moved most of the common code to login-common.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
13 #include "auth-client.h" |
16555
2dd27b0e7e49
lib-sasl: Use dsasl_ prefix so we don't conflict with Cyrus SASL library.
Timo Sirainen <tss@iki.fi>
parents:
16487
diff
changeset
|
14 #include "dsasl-client.h" |
14728
983c6ff12cc9
Moved ssl_* settings from login-common to lib-master.
Timo Sirainen <tss@iki.fi>
parents:
14688
diff
changeset
|
15 #include "master-service-ssl-settings.h" |
9756
e30495ae11de
*-login: Moved most of the common code to login-common.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
16 #include "client-common.h" |
e30495ae11de
*-login: Moved most of the common code to login-common.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
17 |
9775
a260d5ac01bf
login proxy: Changed "unavailable" error message.
Timo Sirainen <tss@iki.fi>
parents:
9773
diff
changeset
|
18 #define PROXY_FAILURE_MSG "Account is temporarily unavailable." |
16086
9439a43bd645
login proxy: Set a default 30s timeout.
Timo Sirainen <tss@iki.fi>
parents:
15715
diff
changeset
|
19 #define PROXY_DEFAULT_TIMEOUT_MSECS (1000*30) |
9775
a260d5ac01bf
login proxy: Changed "unavailable" error message.
Timo Sirainen <tss@iki.fi>
parents:
9773
diff
changeset
|
20 |
9756
e30495ae11de
*-login: Moved most of the common code to login-common.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
21 /* If we've been waiting auth server to respond for over this many milliseconds, |
e30495ae11de
*-login: Moved most of the common code to login-common.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
22 send a "waiting" message. */ |
e30495ae11de
*-login: Moved most of the common code to login-common.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
23 #define AUTH_WAITING_TIMEOUT_MSECS (30*1000) |
14146
e456e1bce47f
login-common API made more extensible for different kinds of protocols.
Timo Sirainen <tss@iki.fi>
parents:
14133
diff
changeset
|
24 #define AUTH_WAITING_WARNING_TIMEOUT_MSECS (10*1000) |
9756
e30495ae11de
*-login: Moved most of the common code to login-common.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
25 |
14146
e456e1bce47f
login-common API made more extensible for different kinds of protocols.
Timo Sirainen <tss@iki.fi>
parents:
14133
diff
changeset
|
26 static void client_auth_failed(struct client *client) |
9756
e30495ae11de
*-login: Moved most of the common code to login-common.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
27 { |
e30495ae11de
*-login: Moved most of the common code to login-common.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
28 i_free_and_null(client->master_data_prefix); |
13979
32cf5ed72e2d
imap-login: Fixed handling second AUTHENTICATE command when the first one failed.
Timo Sirainen <tss@iki.fi>
parents:
13953
diff
changeset
|
29 if (client->auth_response != NULL) |
32cf5ed72e2d
imap-login: Fixed handling second AUTHENTICATE command when the first one failed.
Timo Sirainen <tss@iki.fi>
parents:
13953
diff
changeset
|
30 str_truncate(client->auth_response, 0); |
9756
e30495ae11de
*-login: Moved most of the common code to login-common.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
31 |
12474
e9b90ff13910
login: Fixed potential assert-crash during failed proxy authentication.
Timo Sirainen <tss@iki.fi>
parents:
12107
diff
changeset
|
32 if (client->auth_initializing || client->destroyed) |
9756
e30495ae11de
*-login: Moved most of the common code to login-common.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
33 return; |
e30495ae11de
*-login: Moved most of the common code to login-common.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
34 |
e30495ae11de
*-login: Moved most of the common code to login-common.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
35 if (client->io != NULL) |
e30495ae11de
*-login: Moved most of the common code to login-common.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
36 io_remove(&client->io); |
e30495ae11de
*-login: Moved most of the common code to login-common.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
37 |
10302
7d9cd9b7da08
*-login: Removed per-connection auth failure penalties. Trust auth server to do it.
Timo Sirainen <tss@iki.fi>
parents:
10082
diff
changeset
|
38 client->io = io_add(client->fd, IO_READ, client_input, client); |
7d9cd9b7da08
*-login: Removed per-connection auth failure penalties. Trust auth server to do it.
Timo Sirainen <tss@iki.fi>
parents:
10082
diff
changeset
|
39 client_input(client); |
9756
e30495ae11de
*-login: Moved most of the common code to login-common.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
40 } |
e30495ae11de
*-login: Moved most of the common code to login-common.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
41 |
e30495ae11de
*-login: Moved most of the common code to login-common.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
42 static void client_auth_waiting_timeout(struct client *client) |
e30495ae11de
*-login: Moved most of the common code to login-common.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
43 { |
14146
e456e1bce47f
login-common API made more extensible for different kinds of protocols.
Timo Sirainen <tss@iki.fi>
parents:
14133
diff
changeset
|
44 if (!client->notified_auth_ready) { |
13933
957e74f0d60f
login: Added logging if auth process doesn't respond fast enough for greeting.
Timo Sirainen <tss@iki.fi>
parents:
13931
diff
changeset
|
45 client_log_warn(client, "Auth process not responding, " |
14146
e456e1bce47f
login-common API made more extensible for different kinds of protocols.
Timo Sirainen <tss@iki.fi>
parents:
14133
diff
changeset
|
46 "delayed sending initial response (greeting)"); |
13933
957e74f0d60f
login: Added logging if auth process doesn't respond fast enough for greeting.
Timo Sirainen <tss@iki.fi>
parents:
13931
diff
changeset
|
47 } |
14146
e456e1bce47f
login-common API made more extensible for different kinds of protocols.
Timo Sirainen <tss@iki.fi>
parents:
14133
diff
changeset
|
48 client_notify_status(client, FALSE, client->master_tag == 0 ? |
e456e1bce47f
login-common API made more extensible for different kinds of protocols.
Timo Sirainen <tss@iki.fi>
parents:
14133
diff
changeset
|
49 AUTH_SERVER_WAITING_MSG : AUTH_MASTER_WAITING_MSG); |
9756
e30495ae11de
*-login: Moved most of the common code to login-common.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
50 timeout_remove(&client->to_auth_waiting); |
e30495ae11de
*-login: Moved most of the common code to login-common.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
51 } |
e30495ae11de
*-login: Moved most of the common code to login-common.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
52 |
e30495ae11de
*-login: Moved most of the common code to login-common.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
53 void client_set_auth_waiting(struct client *client) |
e30495ae11de
*-login: Moved most of the common code to login-common.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
54 { |
e30495ae11de
*-login: Moved most of the common code to login-common.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
55 i_assert(client->to_auth_waiting == NULL); |
e30495ae11de
*-login: Moved most of the common code to login-common.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
56 client->to_auth_waiting = |
14146
e456e1bce47f
login-common API made more extensible for different kinds of protocols.
Timo Sirainen <tss@iki.fi>
parents:
14133
diff
changeset
|
57 timeout_add(!client->notified_auth_ready ? |
e456e1bce47f
login-common API made more extensible for different kinds of protocols.
Timo Sirainen <tss@iki.fi>
parents:
14133
diff
changeset
|
58 AUTH_WAITING_WARNING_TIMEOUT_MSECS : |
13933
957e74f0d60f
login: Added logging if auth process doesn't respond fast enough for greeting.
Timo Sirainen <tss@iki.fi>
parents:
13931
diff
changeset
|
59 AUTH_WAITING_TIMEOUT_MSECS, |
9756
e30495ae11de
*-login: Moved most of the common code to login-common.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
60 client_auth_waiting_timeout, client); |
e30495ae11de
*-login: Moved most of the common code to login-common.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
61 } |
e30495ae11de
*-login: Moved most of the common code to login-common.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
62 |
20840
1b4a57403aef
*-login: Store user_* passdb fields to client->alt_usernames.
Timo Sirainen <timo.sirainen@dovecot.fi>
parents:
19964
diff
changeset
|
63 static void alt_username_set(ARRAY_TYPE(const_string) *alt_usernames, pool_t pool, |
1b4a57403aef
*-login: Store user_* passdb fields to client->alt_usernames.
Timo Sirainen <timo.sirainen@dovecot.fi>
parents:
19964
diff
changeset
|
64 const char *key, const char *value) |
1b4a57403aef
*-login: Store user_* passdb fields to client->alt_usernames.
Timo Sirainen <timo.sirainen@dovecot.fi>
parents:
19964
diff
changeset
|
65 { |
1b4a57403aef
*-login: Store user_* passdb fields to client->alt_usernames.
Timo Sirainen <timo.sirainen@dovecot.fi>
parents:
19964
diff
changeset
|
66 char *const *fields; |
1b4a57403aef
*-login: Store user_* passdb fields to client->alt_usernames.
Timo Sirainen <timo.sirainen@dovecot.fi>
parents:
19964
diff
changeset
|
67 unsigned int i, count; |
1b4a57403aef
*-login: Store user_* passdb fields to client->alt_usernames.
Timo Sirainen <timo.sirainen@dovecot.fi>
parents:
19964
diff
changeset
|
68 |
1b4a57403aef
*-login: Store user_* passdb fields to client->alt_usernames.
Timo Sirainen <timo.sirainen@dovecot.fi>
parents:
19964
diff
changeset
|
69 fields = array_get(&global_alt_usernames, &count); |
1b4a57403aef
*-login: Store user_* passdb fields to client->alt_usernames.
Timo Sirainen <timo.sirainen@dovecot.fi>
parents:
19964
diff
changeset
|
70 for (i = 0; i < count; i++) { |
1b4a57403aef
*-login: Store user_* passdb fields to client->alt_usernames.
Timo Sirainen <timo.sirainen@dovecot.fi>
parents:
19964
diff
changeset
|
71 if (strcmp(fields[i], key) == 0) |
1b4a57403aef
*-login: Store user_* passdb fields to client->alt_usernames.
Timo Sirainen <timo.sirainen@dovecot.fi>
parents:
19964
diff
changeset
|
72 break; |
1b4a57403aef
*-login: Store user_* passdb fields to client->alt_usernames.
Timo Sirainen <timo.sirainen@dovecot.fi>
parents:
19964
diff
changeset
|
73 } |
1b4a57403aef
*-login: Store user_* passdb fields to client->alt_usernames.
Timo Sirainen <timo.sirainen@dovecot.fi>
parents:
19964
diff
changeset
|
74 if (i == count) { |
1b4a57403aef
*-login: Store user_* passdb fields to client->alt_usernames.
Timo Sirainen <timo.sirainen@dovecot.fi>
parents:
19964
diff
changeset
|
75 char *new_key = i_strdup(key); |
1b4a57403aef
*-login: Store user_* passdb fields to client->alt_usernames.
Timo Sirainen <timo.sirainen@dovecot.fi>
parents:
19964
diff
changeset
|
76 array_append(&global_alt_usernames, &new_key, 1); |
1b4a57403aef
*-login: Store user_* passdb fields to client->alt_usernames.
Timo Sirainen <timo.sirainen@dovecot.fi>
parents:
19964
diff
changeset
|
77 } |
1b4a57403aef
*-login: Store user_* passdb fields to client->alt_usernames.
Timo Sirainen <timo.sirainen@dovecot.fi>
parents:
19964
diff
changeset
|
78 |
1b4a57403aef
*-login: Store user_* passdb fields to client->alt_usernames.
Timo Sirainen <timo.sirainen@dovecot.fi>
parents:
19964
diff
changeset
|
79 value = p_strdup(pool, value); |
1b4a57403aef
*-login: Store user_* passdb fields to client->alt_usernames.
Timo Sirainen <timo.sirainen@dovecot.fi>
parents:
19964
diff
changeset
|
80 if (i < array_count(alt_usernames)) { |
1b4a57403aef
*-login: Store user_* passdb fields to client->alt_usernames.
Timo Sirainen <timo.sirainen@dovecot.fi>
parents:
19964
diff
changeset
|
81 array_idx_set(alt_usernames, i, &value); |
1b4a57403aef
*-login: Store user_* passdb fields to client->alt_usernames.
Timo Sirainen <timo.sirainen@dovecot.fi>
parents:
19964
diff
changeset
|
82 return; |
1b4a57403aef
*-login: Store user_* passdb fields to client->alt_usernames.
Timo Sirainen <timo.sirainen@dovecot.fi>
parents:
19964
diff
changeset
|
83 } |
1b4a57403aef
*-login: Store user_* passdb fields to client->alt_usernames.
Timo Sirainen <timo.sirainen@dovecot.fi>
parents:
19964
diff
changeset
|
84 |
1b4a57403aef
*-login: Store user_* passdb fields to client->alt_usernames.
Timo Sirainen <timo.sirainen@dovecot.fi>
parents:
19964
diff
changeset
|
85 /* array is NULL-terminated, so if there are unused fields in |
1b4a57403aef
*-login: Store user_* passdb fields to client->alt_usernames.
Timo Sirainen <timo.sirainen@dovecot.fi>
parents:
19964
diff
changeset
|
86 the middle set them as "" */ |
1b4a57403aef
*-login: Store user_* passdb fields to client->alt_usernames.
Timo Sirainen <timo.sirainen@dovecot.fi>
parents:
19964
diff
changeset
|
87 while (array_count(alt_usernames) < i) { |
1b4a57403aef
*-login: Store user_* passdb fields to client->alt_usernames.
Timo Sirainen <timo.sirainen@dovecot.fi>
parents:
19964
diff
changeset
|
88 const char *empty_str = ""; |
1b4a57403aef
*-login: Store user_* passdb fields to client->alt_usernames.
Timo Sirainen <timo.sirainen@dovecot.fi>
parents:
19964
diff
changeset
|
89 array_append(alt_usernames, &empty_str, 1); |
1b4a57403aef
*-login: Store user_* passdb fields to client->alt_usernames.
Timo Sirainen <timo.sirainen@dovecot.fi>
parents:
19964
diff
changeset
|
90 } |
1b4a57403aef
*-login: Store user_* passdb fields to client->alt_usernames.
Timo Sirainen <timo.sirainen@dovecot.fi>
parents:
19964
diff
changeset
|
91 array_append(alt_usernames, &value, 1); |
1b4a57403aef
*-login: Store user_* passdb fields to client->alt_usernames.
Timo Sirainen <timo.sirainen@dovecot.fi>
parents:
19964
diff
changeset
|
92 } |
1b4a57403aef
*-login: Store user_* passdb fields to client->alt_usernames.
Timo Sirainen <timo.sirainen@dovecot.fi>
parents:
19964
diff
changeset
|
93 |
1b4a57403aef
*-login: Store user_* passdb fields to client->alt_usernames.
Timo Sirainen <timo.sirainen@dovecot.fi>
parents:
19964
diff
changeset
|
94 static void client_auth_parse_args(struct client *client, bool success, |
9756
e30495ae11de
*-login: Moved most of the common code to login-common.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
95 const char *const *args, |
e30495ae11de
*-login: Moved most of the common code to login-common.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
96 struct client_auth_reply *reply_r) |
e30495ae11de
*-login: Moved most of the common code to login-common.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
97 { |
e30495ae11de
*-login: Moved most of the common code to login-common.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
98 const char *key, *value, *p; |
20840
1b4a57403aef
*-login: Store user_* passdb fields to client->alt_usernames.
Timo Sirainen <timo.sirainen@dovecot.fi>
parents:
19964
diff
changeset
|
99 ARRAY_TYPE(const_string) alt_usernames; |
9756
e30495ae11de
*-login: Moved most of the common code to login-common.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
100 |
20840
1b4a57403aef
*-login: Store user_* passdb fields to client->alt_usernames.
Timo Sirainen <timo.sirainen@dovecot.fi>
parents:
19964
diff
changeset
|
101 t_array_init(&alt_usernames, 4); |
21389
59437f8764c6
global: Replaced all instances of memset(p, 0, sizeof(*p)) with the new i_zero() macro.
Stephan Bosch <stephan.bosch@dovecot.fi>
parents:
21322
diff
changeset
|
102 i_zero(reply_r); |
9756
e30495ae11de
*-login: Moved most of the common code to login-common.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
103 |
e30495ae11de
*-login: Moved most of the common code to login-common.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
104 for (; *args != NULL; args++) { |
e30495ae11de
*-login: Moved most of the common code to login-common.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
105 p = strchr(*args, '='); |
e30495ae11de
*-login: Moved most of the common code to login-common.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
106 if (p == NULL) { |
e30495ae11de
*-login: Moved most of the common code to login-common.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
107 key = *args; |
e30495ae11de
*-login: Moved most of the common code to login-common.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
108 value = ""; |
e30495ae11de
*-login: Moved most of the common code to login-common.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
109 } else { |
e30495ae11de
*-login: Moved most of the common code to login-common.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
110 key = t_strdup_until(*args, p); |
e30495ae11de
*-login: Moved most of the common code to login-common.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
111 value = p + 1; |
e30495ae11de
*-login: Moved most of the common code to login-common.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
112 } |
e30495ae11de
*-login: Moved most of the common code to login-common.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
113 if (strcmp(key, "nologin") == 0) |
e30495ae11de
*-login: Moved most of the common code to login-common.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
114 reply_r->nologin = TRUE; |
e30495ae11de
*-login: Moved most of the common code to login-common.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
115 else if (strcmp(key, "proxy") == 0) |
e30495ae11de
*-login: Moved most of the common code to login-common.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
116 reply_r->proxy = TRUE; |
e30495ae11de
*-login: Moved most of the common code to login-common.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
117 else if (strcmp(key, "temp") == 0) |
e30495ae11de
*-login: Moved most of the common code to login-common.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
118 reply_r->temp = TRUE; |
e30495ae11de
*-login: Moved most of the common code to login-common.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
119 else if (strcmp(key, "authz") == 0) |
e30495ae11de
*-login: Moved most of the common code to login-common.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
120 reply_r->authz_failure = TRUE; |
14566
ca0fef559d43
login: If user is disabled or password expired, say it in logout reason.
Timo Sirainen <tss@iki.fi>
parents:
14518
diff
changeset
|
121 else if (strcmp(key, "user_disabled") == 0) |
ca0fef559d43
login: If user is disabled or password expired, say it in logout reason.
Timo Sirainen <tss@iki.fi>
parents:
14518
diff
changeset
|
122 client->auth_user_disabled = TRUE; |
ca0fef559d43
login: If user is disabled or password expired, say it in logout reason.
Timo Sirainen <tss@iki.fi>
parents:
14518
diff
changeset
|
123 else if (strcmp(key, "pass_expired") == 0) |
ca0fef559d43
login: If user is disabled or password expired, say it in logout reason.
Timo Sirainen <tss@iki.fi>
parents:
14518
diff
changeset
|
124 client->auth_pass_expired = TRUE; |
9756
e30495ae11de
*-login: Moved most of the common code to login-common.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
125 else if (strcmp(key, "reason") == 0) |
e30495ae11de
*-login: Moved most of the common code to login-common.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
126 reply_r->reason = value; |
e30495ae11de
*-login: Moved most of the common code to login-common.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
127 else if (strcmp(key, "host") == 0) |
e30495ae11de
*-login: Moved most of the common code to login-common.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
128 reply_r->host = value; |
14518
773ca397d799
SSL proxying: Remote's host never matched cert, because auth process changed it to IP.
Timo Sirainen <tss@iki.fi>
parents:
14133
diff
changeset
|
129 else if (strcmp(key, "hostip") == 0) |
773ca397d799
SSL proxying: Remote's host never matched cert, because auth process changed it to IP.
Timo Sirainen <tss@iki.fi>
parents:
14133
diff
changeset
|
130 reply_r->hostip = value; |
17503
75d254897442
login proxy: If passdb returns "source_ip" extra field, use it for outgoing connections.
Timo Sirainen <tss@iki.fi>
parents:
17130
diff
changeset
|
131 else if (strcmp(key, "source_ip") == 0) |
75d254897442
login proxy: If passdb returns "source_ip" extra field, use it for outgoing connections.
Timo Sirainen <tss@iki.fi>
parents:
17130
diff
changeset
|
132 reply_r->source_ip = value; |
19035
aabfe48db1cf
Changed type of internet port values to in_port_t everywhere.
Stephan Bosch <stephan@rename-it.nl>
parents:
18990
diff
changeset
|
133 else if (strcmp(key, "port") == 0) { |
aabfe48db1cf
Changed type of internet port values to in_port_t everywhere.
Stephan Bosch <stephan@rename-it.nl>
parents:
18990
diff
changeset
|
134 if (net_str2port(value, &reply_r->port) < 0) { |
aabfe48db1cf
Changed type of internet port values to in_port_t everywhere.
Stephan Bosch <stephan@rename-it.nl>
parents:
18990
diff
changeset
|
135 i_error("Auth service returned invalid " |
aabfe48db1cf
Changed type of internet port values to in_port_t everywhere.
Stephan Bosch <stephan@rename-it.nl>
parents:
18990
diff
changeset
|
136 "port number: %s", value); |
aabfe48db1cf
Changed type of internet port values to in_port_t everywhere.
Stephan Bosch <stephan@rename-it.nl>
parents:
18990
diff
changeset
|
137 } |
aabfe48db1cf
Changed type of internet port values to in_port_t everywhere.
Stephan Bosch <stephan@rename-it.nl>
parents:
18990
diff
changeset
|
138 } else if (strcmp(key, "destuser") == 0) |
9756
e30495ae11de
*-login: Moved most of the common code to login-common.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
139 reply_r->destuser = value; |
e30495ae11de
*-login: Moved most of the common code to login-common.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
140 else if (strcmp(key, "pass") == 0) |
e30495ae11de
*-login: Moved most of the common code to login-common.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
141 reply_r->password = value; |
19036
f78e38c7cba2
Removed all invocations of atoi().
Stephan Bosch <stephan@rename-it.nl>
parents:
19035
diff
changeset
|
142 else if (strcmp(key, "proxy_timeout") == 0) { |
f78e38c7cba2
Removed all invocations of atoi().
Stephan Bosch <stephan@rename-it.nl>
parents:
19035
diff
changeset
|
143 if (str_to_uint(value, &reply_r->proxy_timeout_msecs) < 0) { |
f78e38c7cba2
Removed all invocations of atoi().
Stephan Bosch <stephan@rename-it.nl>
parents:
19035
diff
changeset
|
144 i_error("BUG: Auth service returned invalid " |
f78e38c7cba2
Removed all invocations of atoi().
Stephan Bosch <stephan@rename-it.nl>
parents:
19035
diff
changeset
|
145 "proxy_timeout value: %s", value); |
f78e38c7cba2
Removed all invocations of atoi().
Stephan Bosch <stephan@rename-it.nl>
parents:
19035
diff
changeset
|
146 } |
f78e38c7cba2
Removed all invocations of atoi().
Stephan Bosch <stephan@rename-it.nl>
parents:
19035
diff
changeset
|
147 reply_r->proxy_timeout_msecs *= 1000; |
f78e38c7cba2
Removed all invocations of atoi().
Stephan Bosch <stephan@rename-it.nl>
parents:
19035
diff
changeset
|
148 } else if (strcmp(key, "proxy_refresh") == 0) { |
f78e38c7cba2
Removed all invocations of atoi().
Stephan Bosch <stephan@rename-it.nl>
parents:
19035
diff
changeset
|
149 if (str_to_uint(value, &reply_r->proxy_refresh_secs) < 0) { |
f78e38c7cba2
Removed all invocations of atoi().
Stephan Bosch <stephan@rename-it.nl>
parents:
19035
diff
changeset
|
150 i_error("BUG: Auth service returned invalid " |
f78e38c7cba2
Removed all invocations of atoi().
Stephan Bosch <stephan@rename-it.nl>
parents:
19035
diff
changeset
|
151 "proxy_refresh value: %s", value); |
f78e38c7cba2
Removed all invocations of atoi().
Stephan Bosch <stephan@rename-it.nl>
parents:
19035
diff
changeset
|
152 } |
f78e38c7cba2
Removed all invocations of atoi().
Stephan Bosch <stephan@rename-it.nl>
parents:
19035
diff
changeset
|
153 } else if (strcmp(key, "proxy_mech") == 0) |
16487
266101990d63
imap/pop3-login: Use libsasl for authenticating to remote IMAP/POP3 server.
Timo Sirainen <tss@iki.fi>
parents:
16390
diff
changeset
|
154 reply_r->proxy_mech = value; |
17088
6b8ae0ba5959
imap proxy: Added proxy_nopipelining passdb setting to work around other servers' bugs.
Timo Sirainen <tss@iki.fi>
parents:
16881
diff
changeset
|
155 else if (strcmp(key, "proxy_nopipelining") == 0) |
6b8ae0ba5959
imap proxy: Added proxy_nopipelining passdb setting to work around other servers' bugs.
Timo Sirainen <tss@iki.fi>
parents:
16881
diff
changeset
|
156 reply_r->proxy_nopipelining = TRUE; |
21018
645375ff262c
imap/pop3 proxy: If passdb returns proxy_not_trusted, don't send ID/XCLIENT
Timo Sirainen <timo.sirainen@dovecot.fi>
parents:
20840
diff
changeset
|
157 else if (strcmp(key, "proxy_not_trusted") == 0) |
645375ff262c
imap/pop3 proxy: If passdb returns proxy_not_trusted, don't send ID/XCLIENT
Timo Sirainen <timo.sirainen@dovecot.fi>
parents:
20840
diff
changeset
|
158 reply_r->proxy_not_trusted = TRUE; |
9756
e30495ae11de
*-login: Moved most of the common code to login-common.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
159 else if (strcmp(key, "master") == 0) |
e30495ae11de
*-login: Moved most of the common code to login-common.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
160 reply_r->master_user = value; |
e30495ae11de
*-login: Moved most of the common code to login-common.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
161 else if (strcmp(key, "ssl") == 0) { |
11229
d693c4a97d41
login proxy: "ssl" and "starttls" handlers make more sense now.
Timo Sirainen <tss@iki.fi>
parents:
11156
diff
changeset
|
162 reply_r->ssl_flags |= PROXY_SSL_FLAG_YES; |
d693c4a97d41
login proxy: "ssl" and "starttls" handlers make more sense now.
Timo Sirainen <tss@iki.fi>
parents:
11156
diff
changeset
|
163 if (strcmp(value, "any-cert") == 0) |
d693c4a97d41
login proxy: "ssl" and "starttls" handlers make more sense now.
Timo Sirainen <tss@iki.fi>
parents:
11156
diff
changeset
|
164 reply_r->ssl_flags |= PROXY_SSL_FLAG_ANY_CERT; |
d693c4a97d41
login proxy: "ssl" and "starttls" handlers make more sense now.
Timo Sirainen <tss@iki.fi>
parents:
11156
diff
changeset
|
165 if (reply_r->port == 0) |
12890
6f0396e35fd9
login-common API redesign so that the library doesn't refer to nonexistent variables.
Timo Sirainen <tss@iki.fi>
parents:
12782
diff
changeset
|
166 reply_r->port = login_binary->default_ssl_port; |
9756
e30495ae11de
*-login: Moved most of the common code to login-common.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
167 } else if (strcmp(key, "starttls") == 0) { |
11229
d693c4a97d41
login proxy: "ssl" and "starttls" handlers make more sense now.
Timo Sirainen <tss@iki.fi>
parents:
11156
diff
changeset
|
168 reply_r->ssl_flags |= PROXY_SSL_FLAG_YES | |
d693c4a97d41
login proxy: "ssl" and "starttls" handlers make more sense now.
Timo Sirainen <tss@iki.fi>
parents:
11156
diff
changeset
|
169 PROXY_SSL_FLAG_STARTTLS; |
d693c4a97d41
login proxy: "ssl" and "starttls" handlers make more sense now.
Timo Sirainen <tss@iki.fi>
parents:
11156
diff
changeset
|
170 if (strcmp(value, "any-cert") == 0) |
d693c4a97d41
login proxy: "ssl" and "starttls" handlers make more sense now.
Timo Sirainen <tss@iki.fi>
parents:
11156
diff
changeset
|
171 reply_r->ssl_flags |= PROXY_SSL_FLAG_ANY_CERT; |
19384
605dd1749578
*-login: Added postlogin_socket=path passdb extra field.
Timo Sirainen <tss@iki.fi>
parents:
19036
diff
changeset
|
172 } else if (strcmp(key, "user") == 0 || |
605dd1749578
*-login: Added postlogin_socket=path passdb extra field.
Timo Sirainen <tss@iki.fi>
parents:
19036
diff
changeset
|
173 strcmp(key, "postlogin_socket") == 0) { |
605dd1749578
*-login: Added postlogin_socket=path passdb extra field.
Timo Sirainen <tss@iki.fi>
parents:
19036
diff
changeset
|
174 /* already handled in sasl-server.c */ |
20840
1b4a57403aef
*-login: Store user_* passdb fields to client->alt_usernames.
Timo Sirainen <timo.sirainen@dovecot.fi>
parents:
19964
diff
changeset
|
175 } else if (strncmp(key, "user_", 5) == 0) { |
1b4a57403aef
*-login: Store user_* passdb fields to client->alt_usernames.
Timo Sirainen <timo.sirainen@dovecot.fi>
parents:
19964
diff
changeset
|
176 if (success) { |
1b4a57403aef
*-login: Store user_* passdb fields to client->alt_usernames.
Timo Sirainen <timo.sirainen@dovecot.fi>
parents:
19964
diff
changeset
|
177 alt_username_set(&alt_usernames, client->pool, |
1b4a57403aef
*-login: Store user_* passdb fields to client->alt_usernames.
Timo Sirainen <timo.sirainen@dovecot.fi>
parents:
19964
diff
changeset
|
178 key, value); |
1b4a57403aef
*-login: Store user_* passdb fields to client->alt_usernames.
Timo Sirainen <timo.sirainen@dovecot.fi>
parents:
19964
diff
changeset
|
179 } |
21773
606a4b7ccb21
imap-login: Allow x-forward- to specify forward fields from trusted networks
Aki Tuomi <aki.tuomi@dovecot.fi>
parents:
21726
diff
changeset
|
180 } else if (strncmp(key, "forward_", 8) == 0) { |
606a4b7ccb21
imap-login: Allow x-forward- to specify forward fields from trusted networks
Aki Tuomi <aki.tuomi@dovecot.fi>
parents:
21726
diff
changeset
|
181 /* these are passed to upstream */ |
9756
e30495ae11de
*-login: Moved most of the common code to login-common.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
182 } else if (client->set->auth_debug) |
10082
62b37dcf173e
Log debug-level messages with i_debug().
Pascal Volk <user@localhost.localdomain.org>
parents:
9929
diff
changeset
|
183 i_debug("Ignoring unknown passdb extra field: %s", key); |
9756
e30495ae11de
*-login: Moved most of the common code to login-common.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
184 } |
20840
1b4a57403aef
*-login: Store user_* passdb fields to client->alt_usernames.
Timo Sirainen <timo.sirainen@dovecot.fi>
parents:
19964
diff
changeset
|
185 if (array_count(&alt_usernames) > 0) { |
1b4a57403aef
*-login: Store user_* passdb fields to client->alt_usernames.
Timo Sirainen <timo.sirainen@dovecot.fi>
parents:
19964
diff
changeset
|
186 const char **alt; |
1b4a57403aef
*-login: Store user_* passdb fields to client->alt_usernames.
Timo Sirainen <timo.sirainen@dovecot.fi>
parents:
19964
diff
changeset
|
187 |
1b4a57403aef
*-login: Store user_* passdb fields to client->alt_usernames.
Timo Sirainen <timo.sirainen@dovecot.fi>
parents:
19964
diff
changeset
|
188 alt = p_new(client->pool, const char *, |
1b4a57403aef
*-login: Store user_* passdb fields to client->alt_usernames.
Timo Sirainen <timo.sirainen@dovecot.fi>
parents:
19964
diff
changeset
|
189 array_count(&alt_usernames) + 1); |
1b4a57403aef
*-login: Store user_* passdb fields to client->alt_usernames.
Timo Sirainen <timo.sirainen@dovecot.fi>
parents:
19964
diff
changeset
|
190 memcpy(alt, array_idx(&alt_usernames, 0), |
1b4a57403aef
*-login: Store user_* passdb fields to client->alt_usernames.
Timo Sirainen <timo.sirainen@dovecot.fi>
parents:
19964
diff
changeset
|
191 sizeof(*alt) * array_count(&alt_usernames)); |
1b4a57403aef
*-login: Store user_* passdb fields to client->alt_usernames.
Timo Sirainen <timo.sirainen@dovecot.fi>
parents:
19964
diff
changeset
|
192 client->alt_usernames = alt; |
1b4a57403aef
*-login: Store user_* passdb fields to client->alt_usernames.
Timo Sirainen <timo.sirainen@dovecot.fi>
parents:
19964
diff
changeset
|
193 } |
11155
5f3edac6b3bf
login: If proxy returns ssl=yes and no port, switch port to imaps/pop3s.
Timo Sirainen <tss@iki.fi>
parents:
11039
diff
changeset
|
194 if (reply_r->port == 0) |
12890
6f0396e35fd9
login-common API redesign so that the library doesn't refer to nonexistent variables.
Timo Sirainen <tss@iki.fi>
parents:
12782
diff
changeset
|
195 reply_r->port = login_binary->default_port; |
9756
e30495ae11de
*-login: Moved most of the common code to login-common.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
196 |
e30495ae11de
*-login: Moved most of the common code to login-common.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
197 if (reply_r->destuser == NULL) |
e30495ae11de
*-login: Moved most of the common code to login-common.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
198 reply_r->destuser = client->virtual_user; |
e30495ae11de
*-login: Moved most of the common code to login-common.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
199 } |
e30495ae11de
*-login: Moved most of the common code to login-common.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
200 |
e30495ae11de
*-login: Moved most of the common code to login-common.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
201 static void proxy_free_password(struct client *client) |
e30495ae11de
*-login: Moved most of the common code to login-common.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
202 { |
e30495ae11de
*-login: Moved most of the common code to login-common.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
203 if (client->proxy_password == NULL) |
e30495ae11de
*-login: Moved most of the common code to login-common.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
204 return; |
e30495ae11de
*-login: Moved most of the common code to login-common.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
205 |
e30495ae11de
*-login: Moved most of the common code to login-common.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
206 safe_memset(client->proxy_password, 0, strlen(client->proxy_password)); |
e30495ae11de
*-login: Moved most of the common code to login-common.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
207 i_free_and_null(client->proxy_password); |
e30495ae11de
*-login: Moved most of the common code to login-common.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
208 } |
e30495ae11de
*-login: Moved most of the common code to login-common.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
209 |
e30495ae11de
*-login: Moved most of the common code to login-common.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
210 void client_proxy_finish_destroy_client(struct client *client) |
e30495ae11de
*-login: Moved most of the common code to login-common.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
211 { |
e30495ae11de
*-login: Moved most of the common code to login-common.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
212 string_t *str = t_str_new(128); |
e30495ae11de
*-login: Moved most of the common code to login-common.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
213 |
13311
39655869f2ee
login proxy: Fixed assert-crash on io_add() when client disconnects at a bad time.
Timo Sirainen <tss@iki.fi>
parents:
12782
diff
changeset
|
214 if (client->input->closed) { |
39655869f2ee
login proxy: Fixed assert-crash on io_add() when client disconnects at a bad time.
Timo Sirainen <tss@iki.fi>
parents:
12782
diff
changeset
|
215 /* input stream got closed in client_send_raw_data(). |
39655869f2ee
login proxy: Fixed assert-crash on io_add() when client disconnects at a bad time.
Timo Sirainen <tss@iki.fi>
parents:
12782
diff
changeset
|
216 In most places we don't have to check for this explicitly, |
39655869f2ee
login proxy: Fixed assert-crash on io_add() when client disconnects at a bad time.
Timo Sirainen <tss@iki.fi>
parents:
12782
diff
changeset
|
217 but login_proxy_detach() attempts to get and use the |
39655869f2ee
login proxy: Fixed assert-crash on io_add() when client disconnects at a bad time.
Timo Sirainen <tss@iki.fi>
parents:
12782
diff
changeset
|
218 istream's fd, which is now -1. */ |
39655869f2ee
login proxy: Fixed assert-crash on io_add() when client disconnects at a bad time.
Timo Sirainen <tss@iki.fi>
parents:
12782
diff
changeset
|
219 client_destroy(client, "Disconnected"); |
39655869f2ee
login proxy: Fixed assert-crash on io_add() when client disconnects at a bad time.
Timo Sirainen <tss@iki.fi>
parents:
12782
diff
changeset
|
220 return; |
39655869f2ee
login proxy: Fixed assert-crash on io_add() when client disconnects at a bad time.
Timo Sirainen <tss@iki.fi>
parents:
12782
diff
changeset
|
221 } |
39655869f2ee
login proxy: Fixed assert-crash on io_add() when client disconnects at a bad time.
Timo Sirainen <tss@iki.fi>
parents:
12782
diff
changeset
|
222 |
9756
e30495ae11de
*-login: Moved most of the common code to login-common.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
223 str_printfa(str, "proxy(%s): started proxying to %s:%u", |
e30495ae11de
*-login: Moved most of the common code to login-common.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
224 client->virtual_user, |
e30495ae11de
*-login: Moved most of the common code to login-common.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
225 login_proxy_get_host(client->login_proxy), |
e30495ae11de
*-login: Moved most of the common code to login-common.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
226 login_proxy_get_port(client->login_proxy)); |
e30495ae11de
*-login: Moved most of the common code to login-common.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
227 if (strcmp(client->virtual_user, client->proxy_user) != 0) { |
e30495ae11de
*-login: Moved most of the common code to login-common.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
228 /* remote username is different, log it */ |
e30495ae11de
*-login: Moved most of the common code to login-common.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
229 str_append_c(str, '/'); |
e30495ae11de
*-login: Moved most of the common code to login-common.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
230 str_append(str, client->proxy_user); |
e30495ae11de
*-login: Moved most of the common code to login-common.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
231 } |
e30495ae11de
*-login: Moved most of the common code to login-common.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
232 if (client->proxy_master_user != NULL) |
e30495ae11de
*-login: Moved most of the common code to login-common.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
233 str_printfa(str, " (master %s)", client->proxy_master_user); |
e30495ae11de
*-login: Moved most of the common code to login-common.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
234 |
9929
d60fa42fbaac
*-login: Fixes to SSL/login proxy connection counting.
Timo Sirainen <tss@iki.fi>
parents:
9811
diff
changeset
|
235 login_proxy_detach(client->login_proxy); |
9756
e30495ae11de
*-login: Moved most of the common code to login-common.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
236 client_destroy_success(client, str_c(str)); |
e30495ae11de
*-login: Moved most of the common code to login-common.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
237 } |
e30495ae11de
*-login: Moved most of the common code to login-common.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
238 |
14146
e456e1bce47f
login-common API made more extensible for different kinds of protocols.
Timo Sirainen <tss@iki.fi>
parents:
14133
diff
changeset
|
239 static void client_proxy_error(struct client *client, const char *text) |
e456e1bce47f
login-common API made more extensible for different kinds of protocols.
Timo Sirainen <tss@iki.fi>
parents:
14133
diff
changeset
|
240 { |
e456e1bce47f
login-common API made more extensible for different kinds of protocols.
Timo Sirainen <tss@iki.fi>
parents:
14133
diff
changeset
|
241 client->v.proxy_error(client, text); |
e456e1bce47f
login-common API made more extensible for different kinds of protocols.
Timo Sirainen <tss@iki.fi>
parents:
14133
diff
changeset
|
242 } |
e456e1bce47f
login-common API made more extensible for different kinds of protocols.
Timo Sirainen <tss@iki.fi>
parents:
14133
diff
changeset
|
243 |
21722
5571a8162b42
*-login: Add client.proxy_get_state() for providing human-readable proxy state
Timo Sirainen <timo.sirainen@dovecot.fi>
parents:
21390
diff
changeset
|
244 const char *client_proxy_get_state(struct client *client) |
5571a8162b42
*-login: Add client.proxy_get_state() for providing human-readable proxy state
Timo Sirainen <timo.sirainen@dovecot.fi>
parents:
21390
diff
changeset
|
245 { |
21726
995399a962cc
*-login: Remove unused client.proxy_state
Timo Sirainen <timo.sirainen@dovecot.fi>
parents:
21722
diff
changeset
|
246 return client->v.proxy_get_state(client); |
21722
5571a8162b42
*-login: Add client.proxy_get_state() for providing human-readable proxy state
Timo Sirainen <timo.sirainen@dovecot.fi>
parents:
21390
diff
changeset
|
247 } |
5571a8162b42
*-login: Add client.proxy_get_state() for providing human-readable proxy state
Timo Sirainen <timo.sirainen@dovecot.fi>
parents:
21390
diff
changeset
|
248 |
9756
e30495ae11de
*-login: Moved most of the common code to login-common.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
249 void client_proxy_log_failure(struct client *client, const char *line) |
e30495ae11de
*-login: Moved most of the common code to login-common.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
250 { |
e30495ae11de
*-login: Moved most of the common code to login-common.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
251 string_t *str = t_str_new(128); |
e30495ae11de
*-login: Moved most of the common code to login-common.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
252 |
e30495ae11de
*-login: Moved most of the common code to login-common.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
253 str_printfa(str, "proxy(%s): Login failed to %s:%u", |
e30495ae11de
*-login: Moved most of the common code to login-common.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
254 client->virtual_user, |
e30495ae11de
*-login: Moved most of the common code to login-common.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
255 login_proxy_get_host(client->login_proxy), |
e30495ae11de
*-login: Moved most of the common code to login-common.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
256 login_proxy_get_port(client->login_proxy)); |
e30495ae11de
*-login: Moved most of the common code to login-common.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
257 if (strcmp(client->virtual_user, client->proxy_user) != 0) { |
e30495ae11de
*-login: Moved most of the common code to login-common.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
258 /* remote username is different, log it */ |
e30495ae11de
*-login: Moved most of the common code to login-common.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
259 str_append_c(str, '/'); |
e30495ae11de
*-login: Moved most of the common code to login-common.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
260 str_append(str, client->proxy_user); |
e30495ae11de
*-login: Moved most of the common code to login-common.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
261 } |
e30495ae11de
*-login: Moved most of the common code to login-common.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
262 if (client->proxy_master_user != NULL) |
e30495ae11de
*-login: Moved most of the common code to login-common.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
263 str_printfa(str, " (master %s)", client->proxy_master_user); |
e30495ae11de
*-login: Moved most of the common code to login-common.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
264 str_append(str, ": "); |
e30495ae11de
*-login: Moved most of the common code to login-common.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
265 str_append(str, line); |
19964
dd0b73d89761
login-proxy: When logging failures, include the client info prefix.
Timo Sirainen <timo.sirainen@dovecot.fi>
parents:
19843
diff
changeset
|
266 client_log(client, str_c(str)); |
9756
e30495ae11de
*-login: Moved most of the common code to login-common.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
267 } |
e30495ae11de
*-login: Moved most of the common code to login-common.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
268 |
e30495ae11de
*-login: Moved most of the common code to login-common.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
269 void client_proxy_failed(struct client *client, bool send_line) |
e30495ae11de
*-login: Moved most of the common code to login-common.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
270 { |
e30495ae11de
*-login: Moved most of the common code to login-common.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
271 if (send_line) { |
14146
e456e1bce47f
login-common API made more extensible for different kinds of protocols.
Timo Sirainen <tss@iki.fi>
parents:
14133
diff
changeset
|
272 client_proxy_error(client, PROXY_FAILURE_MSG); |
9756
e30495ae11de
*-login: Moved most of the common code to login-common.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
273 } |
e30495ae11de
*-login: Moved most of the common code to login-common.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
274 |
16487
266101990d63
imap/pop3-login: Use libsasl for authenticating to remote IMAP/POP3 server.
Timo Sirainen <tss@iki.fi>
parents:
16390
diff
changeset
|
275 if (client->proxy_sasl_client != NULL) |
16555
2dd27b0e7e49
lib-sasl: Use dsasl_ prefix so we don't conflict with Cyrus SASL library.
Timo Sirainen <tss@iki.fi>
parents:
16487
diff
changeset
|
276 dsasl_client_free(&client->proxy_sasl_client); |
9756
e30495ae11de
*-login: Moved most of the common code to login-common.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
277 login_proxy_free(&client->login_proxy); |
e30495ae11de
*-login: Moved most of the common code to login-common.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
278 proxy_free_password(client); |
e30495ae11de
*-login: Moved most of the common code to login-common.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
279 i_free_and_null(client->proxy_user); |
e30495ae11de
*-login: Moved most of the common code to login-common.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
280 i_free_and_null(client->proxy_master_user); |
e30495ae11de
*-login: Moved most of the common code to login-common.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
281 |
e30495ae11de
*-login: Moved most of the common code to login-common.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
282 /* call this last - it may destroy the client */ |
10302
7d9cd9b7da08
*-login: Removed per-connection auth failure penalties. Trust auth server to do it.
Timo Sirainen <tss@iki.fi>
parents:
10082
diff
changeset
|
283 client_auth_failed(client); |
9756
e30495ae11de
*-login: Moved most of the common code to login-common.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
284 } |
e30495ae11de
*-login: Moved most of the common code to login-common.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
285 |
e30495ae11de
*-login: Moved most of the common code to login-common.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
286 static void proxy_input(struct client *client) |
e30495ae11de
*-login: Moved most of the common code to login-common.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
287 { |
e30495ae11de
*-login: Moved most of the common code to login-common.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
288 struct istream *input; |
16880
2d3d73d03fe2
login proxy: Use corking when writing data.
Timo Sirainen <tss@iki.fi>
parents:
16555
diff
changeset
|
289 struct ostream *output; |
9756
e30495ae11de
*-login: Moved most of the common code to login-common.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
290 const char *line; |
13918
dd48e9094efb
login proxy: If server disconnects during auth, log the connection duration.
Timo Sirainen <tss@iki.fi>
parents:
13733
diff
changeset
|
291 unsigned int duration; |
9756
e30495ae11de
*-login: Moved most of the common code to login-common.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
292 |
e30495ae11de
*-login: Moved most of the common code to login-common.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
293 if (client->login_proxy == NULL) { |
e30495ae11de
*-login: Moved most of the common code to login-common.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
294 /* we're just freeing the proxy */ |
e30495ae11de
*-login: Moved most of the common code to login-common.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
295 return; |
e30495ae11de
*-login: Moved most of the common code to login-common.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
296 } |
e30495ae11de
*-login: Moved most of the common code to login-common.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
297 |
e30495ae11de
*-login: Moved most of the common code to login-common.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
298 input = login_proxy_get_istream(client->login_proxy); |
e30495ae11de
*-login: Moved most of the common code to login-common.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
299 if (input == NULL) { |
e30495ae11de
*-login: Moved most of the common code to login-common.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
300 if (client->destroyed) { |
e30495ae11de
*-login: Moved most of the common code to login-common.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
301 /* we came here from client_destroy() */ |
e30495ae11de
*-login: Moved most of the common code to login-common.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
302 return; |
e30495ae11de
*-login: Moved most of the common code to login-common.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
303 } |
e30495ae11de
*-login: Moved most of the common code to login-common.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
304 |
e30495ae11de
*-login: Moved most of the common code to login-common.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
305 /* failed for some reason, probably server disconnected */ |
e30495ae11de
*-login: Moved most of the common code to login-common.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
306 client_proxy_failed(client, TRUE); |
e30495ae11de
*-login: Moved most of the common code to login-common.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
307 return; |
e30495ae11de
*-login: Moved most of the common code to login-common.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
308 } |
e30495ae11de
*-login: Moved most of the common code to login-common.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
309 |
e30495ae11de
*-login: Moved most of the common code to login-common.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
310 i_assert(!client->destroyed); |
e30495ae11de
*-login: Moved most of the common code to login-common.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
311 |
e30495ae11de
*-login: Moved most of the common code to login-common.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
312 switch (i_stream_read(input)) { |
e30495ae11de
*-login: Moved most of the common code to login-common.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
313 case -2: |
e30495ae11de
*-login: Moved most of the common code to login-common.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
314 client_log_err(client, "proxy: Remote input buffer full"); |
e30495ae11de
*-login: Moved most of the common code to login-common.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
315 client_proxy_failed(client, TRUE); |
e30495ae11de
*-login: Moved most of the common code to login-common.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
316 return; |
e30495ae11de
*-login: Moved most of the common code to login-common.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
317 case -1: |
13931
d72db2acf75b
login proxy: Added extra logging for bug detection.
Timo Sirainen <tss@iki.fi>
parents:
13918
diff
changeset
|
318 line = i_stream_next_line(input); |
13918
dd48e9094efb
login proxy: If server disconnects during auth, log the connection duration.
Timo Sirainen <tss@iki.fi>
parents:
13733
diff
changeset
|
319 duration = ioloop_time - client->created; |
11981
b9bdcfd6eaa7
login proxy: Error message improvements.
Timo Sirainen <tss@iki.fi>
parents:
11505
diff
changeset
|
320 client_log_err(client, t_strdup_printf( |
13918
dd48e9094efb
login proxy: If server disconnects during auth, log the connection duration.
Timo Sirainen <tss@iki.fi>
parents:
13733
diff
changeset
|
321 "proxy: Remote %s:%u disconnected: %s " |
21722
5571a8162b42
*-login: Add client.proxy_get_state() for providing human-readable proxy state
Timo Sirainen <timo.sirainen@dovecot.fi>
parents:
21390
diff
changeset
|
322 "(state=%s, duration=%us)%s", |
11981
b9bdcfd6eaa7
login proxy: Error message improvements.
Timo Sirainen <tss@iki.fi>
parents:
11505
diff
changeset
|
323 login_proxy_get_host(client->login_proxy), |
b9bdcfd6eaa7
login proxy: Error message improvements.
Timo Sirainen <tss@iki.fi>
parents:
11505
diff
changeset
|
324 login_proxy_get_port(client->login_proxy), |
18990
cd2c95d82d4c
Use io_stream_get_disconnect_reason() instead of duplicating its code all over the place.
Timo Sirainen <tss@iki.fi>
parents:
18137
diff
changeset
|
325 io_stream_get_disconnect_reason(input, NULL), |
21722
5571a8162b42
*-login: Add client.proxy_get_state() for providing human-readable proxy state
Timo Sirainen <timo.sirainen@dovecot.fi>
parents:
21390
diff
changeset
|
326 client_proxy_get_state(client), duration, |
13931
d72db2acf75b
login proxy: Added extra logging for bug detection.
Timo Sirainen <tss@iki.fi>
parents:
13918
diff
changeset
|
327 line == NULL ? "" : t_strdup_printf( |
d72db2acf75b
login proxy: Added extra logging for bug detection.
Timo Sirainen <tss@iki.fi>
parents:
13918
diff
changeset
|
328 " - BUG: line not read: %s", line))); |
9756
e30495ae11de
*-login: Moved most of the common code to login-common.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
329 client_proxy_failed(client, TRUE); |
e30495ae11de
*-login: Moved most of the common code to login-common.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
330 return; |
e30495ae11de
*-login: Moved most of the common code to login-common.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
331 } |
e30495ae11de
*-login: Moved most of the common code to login-common.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
332 |
16880
2d3d73d03fe2
login proxy: Use corking when writing data.
Timo Sirainen <tss@iki.fi>
parents:
16555
diff
changeset
|
333 output = client->output; |
2d3d73d03fe2
login proxy: Use corking when writing data.
Timo Sirainen <tss@iki.fi>
parents:
16555
diff
changeset
|
334 o_stream_ref(output); |
2d3d73d03fe2
login proxy: Use corking when writing data.
Timo Sirainen <tss@iki.fi>
parents:
16555
diff
changeset
|
335 o_stream_cork(output); |
9756
e30495ae11de
*-login: Moved most of the common code to login-common.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
336 while ((line = i_stream_next_line(input)) != NULL) { |
e30495ae11de
*-login: Moved most of the common code to login-common.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
337 if (client->v.proxy_parse_line(client, line) != 0) |
e30495ae11de
*-login: Moved most of the common code to login-common.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
338 break; |
e30495ae11de
*-login: Moved most of the common code to login-common.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
339 } |
16880
2d3d73d03fe2
login proxy: Use corking when writing data.
Timo Sirainen <tss@iki.fi>
parents:
16555
diff
changeset
|
340 o_stream_uncork(output); |
2d3d73d03fe2
login proxy: Use corking when writing data.
Timo Sirainen <tss@iki.fi>
parents:
16555
diff
changeset
|
341 o_stream_unref(&output); |
9756
e30495ae11de
*-login: Moved most of the common code to login-common.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
342 } |
e30495ae11de
*-login: Moved most of the common code to login-common.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
343 |
e30495ae11de
*-login: Moved most of the common code to login-common.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
344 static int proxy_start(struct client *client, |
e30495ae11de
*-login: Moved most of the common code to login-common.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
345 const struct client_auth_reply *reply) |
e30495ae11de
*-login: Moved most of the common code to login-common.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
346 { |
9773
8e099a00f8a9
login proxy: Added client_proxy passdb extra field to specify proxy's connect timeout.
Timo Sirainen <tss@iki.fi>
parents:
9767
diff
changeset
|
347 struct login_proxy_settings proxy_set; |
16555
2dd27b0e7e49
lib-sasl: Use dsasl_ prefix so we don't conflict with Cyrus SASL library.
Timo Sirainen <tss@iki.fi>
parents:
16487
diff
changeset
|
348 const struct dsasl_client_mech *sasl_mech = NULL; |
9773
8e099a00f8a9
login proxy: Added client_proxy passdb extra field to specify proxy's connect timeout.
Timo Sirainen <tss@iki.fi>
parents:
9767
diff
changeset
|
349 |
9756
e30495ae11de
*-login: Moved most of the common code to login-common.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
350 i_assert(reply->destuser != NULL); |
e30495ae11de
*-login: Moved most of the common code to login-common.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
351 i_assert(!client->destroyed); |
16487
266101990d63
imap/pop3-login: Use libsasl for authenticating to remote IMAP/POP3 server.
Timo Sirainen <tss@iki.fi>
parents:
16390
diff
changeset
|
352 i_assert(client->proxy_sasl_client == NULL); |
9756
e30495ae11de
*-login: Moved most of the common code to login-common.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
353 |
16487
266101990d63
imap/pop3-login: Use libsasl for authenticating to remote IMAP/POP3 server.
Timo Sirainen <tss@iki.fi>
parents:
16390
diff
changeset
|
354 client->proxy_mech = NULL; |
9756
e30495ae11de
*-login: Moved most of the common code to login-common.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
355 client->v.proxy_reset(client); |
e30495ae11de
*-login: Moved most of the common code to login-common.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
356 |
e30495ae11de
*-login: Moved most of the common code to login-common.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
357 if (reply->password == NULL) { |
e30495ae11de
*-login: Moved most of the common code to login-common.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
358 client_log_err(client, "proxy: password not given"); |
14146
e456e1bce47f
login-common API made more extensible for different kinds of protocols.
Timo Sirainen <tss@iki.fi>
parents:
14133
diff
changeset
|
359 client_proxy_error(client, PROXY_FAILURE_MSG); |
9756
e30495ae11de
*-login: Moved most of the common code to login-common.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
360 return -1; |
e30495ae11de
*-login: Moved most of the common code to login-common.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
361 } |
9811
211853d48eaf
*-login: If proxying is enabled but no host is given, don't crash.
Timo Sirainen <tss@iki.fi>
parents:
9782
diff
changeset
|
362 if (reply->host == NULL || *reply->host == '\0') { |
211853d48eaf
*-login: If proxying is enabled but no host is given, don't crash.
Timo Sirainen <tss@iki.fi>
parents:
9782
diff
changeset
|
363 client_log_err(client, "proxy: host not given"); |
14146
e456e1bce47f
login-common API made more extensible for different kinds of protocols.
Timo Sirainen <tss@iki.fi>
parents:
14133
diff
changeset
|
364 client_proxy_error(client, PROXY_FAILURE_MSG); |
9811
211853d48eaf
*-login: If proxying is enabled but no host is given, don't crash.
Timo Sirainen <tss@iki.fi>
parents:
9782
diff
changeset
|
365 return -1; |
211853d48eaf
*-login: If proxying is enabled but no host is given, don't crash.
Timo Sirainen <tss@iki.fi>
parents:
9782
diff
changeset
|
366 } |
9756
e30495ae11de
*-login: Moved most of the common code to login-common.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
367 |
16487
266101990d63
imap/pop3-login: Use libsasl for authenticating to remote IMAP/POP3 server.
Timo Sirainen <tss@iki.fi>
parents:
16390
diff
changeset
|
368 if (reply->proxy_mech != NULL) { |
16555
2dd27b0e7e49
lib-sasl: Use dsasl_ prefix so we don't conflict with Cyrus SASL library.
Timo Sirainen <tss@iki.fi>
parents:
16487
diff
changeset
|
369 sasl_mech = dsasl_client_mech_find(reply->proxy_mech); |
16487
266101990d63
imap/pop3-login: Use libsasl for authenticating to remote IMAP/POP3 server.
Timo Sirainen <tss@iki.fi>
parents:
16390
diff
changeset
|
370 if (sasl_mech == NULL) { |
266101990d63
imap/pop3-login: Use libsasl for authenticating to remote IMAP/POP3 server.
Timo Sirainen <tss@iki.fi>
parents:
16390
diff
changeset
|
371 client_log_err(client, t_strdup_printf( |
266101990d63
imap/pop3-login: Use libsasl for authenticating to remote IMAP/POP3 server.
Timo Sirainen <tss@iki.fi>
parents:
16390
diff
changeset
|
372 "proxy: Unsupported SASL mechanism %s", |
266101990d63
imap/pop3-login: Use libsasl for authenticating to remote IMAP/POP3 server.
Timo Sirainen <tss@iki.fi>
parents:
16390
diff
changeset
|
373 reply->proxy_mech)); |
266101990d63
imap/pop3-login: Use libsasl for authenticating to remote IMAP/POP3 server.
Timo Sirainen <tss@iki.fi>
parents:
16390
diff
changeset
|
374 client_proxy_error(client, PROXY_FAILURE_MSG); |
266101990d63
imap/pop3-login: Use libsasl for authenticating to remote IMAP/POP3 server.
Timo Sirainen <tss@iki.fi>
parents:
16390
diff
changeset
|
375 return -1; |
266101990d63
imap/pop3-login: Use libsasl for authenticating to remote IMAP/POP3 server.
Timo Sirainen <tss@iki.fi>
parents:
16390
diff
changeset
|
376 } |
266101990d63
imap/pop3-login: Use libsasl for authenticating to remote IMAP/POP3 server.
Timo Sirainen <tss@iki.fi>
parents:
16390
diff
changeset
|
377 } else if (reply->master_user != NULL) { |
266101990d63
imap/pop3-login: Use libsasl for authenticating to remote IMAP/POP3 server.
Timo Sirainen <tss@iki.fi>
parents:
16390
diff
changeset
|
378 /* have to use PLAIN authentication with master user logins */ |
16555
2dd27b0e7e49
lib-sasl: Use dsasl_ prefix so we don't conflict with Cyrus SASL library.
Timo Sirainen <tss@iki.fi>
parents:
16487
diff
changeset
|
379 sasl_mech = &dsasl_client_mech_plain; |
16487
266101990d63
imap/pop3-login: Use libsasl for authenticating to remote IMAP/POP3 server.
Timo Sirainen <tss@iki.fi>
parents:
16390
diff
changeset
|
380 } |
266101990d63
imap/pop3-login: Use libsasl for authenticating to remote IMAP/POP3 server.
Timo Sirainen <tss@iki.fi>
parents:
16390
diff
changeset
|
381 |
9756
e30495ae11de
*-login: Moved most of the common code to login-common.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
382 i_assert(client->refcount > 1); |
e30495ae11de
*-login: Moved most of the common code to login-common.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
383 |
e30495ae11de
*-login: Moved most of the common code to login-common.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
384 if (client->destroyed) { |
e30495ae11de
*-login: Moved most of the common code to login-common.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
385 /* connection_queue_add() decided that we were the oldest |
e30495ae11de
*-login: Moved most of the common code to login-common.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
386 connection and killed us. */ |
e30495ae11de
*-login: Moved most of the common code to login-common.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
387 return -1; |
e30495ae11de
*-login: Moved most of the common code to login-common.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
388 } |
e30495ae11de
*-login: Moved most of the common code to login-common.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
389 if (login_proxy_is_ourself(client, reply->host, reply->port, |
e30495ae11de
*-login: Moved most of the common code to login-common.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
390 reply->destuser)) { |
e30495ae11de
*-login: Moved most of the common code to login-common.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
391 client_log_err(client, "Proxying loops to itself"); |
14146
e456e1bce47f
login-common API made more extensible for different kinds of protocols.
Timo Sirainen <tss@iki.fi>
parents:
14133
diff
changeset
|
392 client_proxy_error(client, PROXY_FAILURE_MSG); |
9756
e30495ae11de
*-login: Moved most of the common code to login-common.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
393 return -1; |
e30495ae11de
*-login: Moved most of the common code to login-common.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
394 } |
e30495ae11de
*-login: Moved most of the common code to login-common.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
395 |
21389
59437f8764c6
global: Replaced all instances of memset(p, 0, sizeof(*p)) with the new i_zero() macro.
Stephan Bosch <stephan.bosch@dovecot.fi>
parents:
21322
diff
changeset
|
396 i_zero(&proxy_set); |
9773
8e099a00f8a9
login proxy: Added client_proxy passdb extra field to specify proxy's connect timeout.
Timo Sirainen <tss@iki.fi>
parents:
9767
diff
changeset
|
397 proxy_set.host = reply->host; |
14518
773ca397d799
SSL proxying: Remote's host never matched cert, because auth process changed it to IP.
Timo Sirainen <tss@iki.fi>
parents:
14133
diff
changeset
|
398 if (reply->hostip != NULL && |
773ca397d799
SSL proxying: Remote's host never matched cert, because auth process changed it to IP.
Timo Sirainen <tss@iki.fi>
parents:
14133
diff
changeset
|
399 net_addr2ip(reply->hostip, &proxy_set.ip) < 0) |
773ca397d799
SSL proxying: Remote's host never matched cert, because auth process changed it to IP.
Timo Sirainen <tss@iki.fi>
parents:
14133
diff
changeset
|
400 proxy_set.ip.family = 0; |
17504
b6733f4777f1
login proxy: Added login_source_ips setting.
Timo Sirainen <tss@iki.fi>
parents:
17503
diff
changeset
|
401 if (reply->source_ip != NULL) { |
b6733f4777f1
login proxy: Added login_source_ips setting.
Timo Sirainen <tss@iki.fi>
parents:
17503
diff
changeset
|
402 if (net_addr2ip(reply->source_ip, &proxy_set.source_ip) < 0) |
b6733f4777f1
login proxy: Added login_source_ips setting.
Timo Sirainen <tss@iki.fi>
parents:
17503
diff
changeset
|
403 proxy_set.source_ip.family = 0; |
b6733f4777f1
login proxy: Added login_source_ips setting.
Timo Sirainen <tss@iki.fi>
parents:
17503
diff
changeset
|
404 } else if (login_source_ips_count > 0) { |
b6733f4777f1
login proxy: Added login_source_ips setting.
Timo Sirainen <tss@iki.fi>
parents:
17503
diff
changeset
|
405 /* select the next source IP with round robin. */ |
b6733f4777f1
login proxy: Added login_source_ips setting.
Timo Sirainen <tss@iki.fi>
parents:
17503
diff
changeset
|
406 proxy_set.source_ip = login_source_ips[login_source_ips_idx]; |
b6733f4777f1
login proxy: Added login_source_ips setting.
Timo Sirainen <tss@iki.fi>
parents:
17503
diff
changeset
|
407 login_source_ips_idx = |
b6733f4777f1
login proxy: Added login_source_ips setting.
Timo Sirainen <tss@iki.fi>
parents:
17503
diff
changeset
|
408 (login_source_ips_idx + 1) % login_source_ips_count; |
b6733f4777f1
login proxy: Added login_source_ips setting.
Timo Sirainen <tss@iki.fi>
parents:
17503
diff
changeset
|
409 } |
9773
8e099a00f8a9
login proxy: Added client_proxy passdb extra field to specify proxy's connect timeout.
Timo Sirainen <tss@iki.fi>
parents:
9767
diff
changeset
|
410 proxy_set.port = reply->port; |
8e099a00f8a9
login proxy: Added client_proxy passdb extra field to specify proxy's connect timeout.
Timo Sirainen <tss@iki.fi>
parents:
9767
diff
changeset
|
411 proxy_set.connect_timeout_msecs = reply->proxy_timeout_msecs; |
16086
9439a43bd645
login proxy: Set a default 30s timeout.
Timo Sirainen <tss@iki.fi>
parents:
15715
diff
changeset
|
412 if (proxy_set.connect_timeout_msecs == 0) |
9439a43bd645
login proxy: Set a default 30s timeout.
Timo Sirainen <tss@iki.fi>
parents:
15715
diff
changeset
|
413 proxy_set.connect_timeout_msecs = PROXY_DEFAULT_TIMEOUT_MSECS; |
11324
c872378a8de6
login proxy: If passdb returns proxy_refresh=<secs>, send username to proxy-notify fifo every n secs.
Timo Sirainen <tss@iki.fi>
parents:
11229
diff
changeset
|
414 proxy_set.notify_refresh_secs = reply->proxy_refresh_secs; |
9773
8e099a00f8a9
login proxy: Added client_proxy passdb extra field to specify proxy's connect timeout.
Timo Sirainen <tss@iki.fi>
parents:
9767
diff
changeset
|
415 proxy_set.ssl_flags = reply->ssl_flags; |
8e099a00f8a9
login proxy: Added client_proxy passdb extra field to specify proxy's connect timeout.
Timo Sirainen <tss@iki.fi>
parents:
9767
diff
changeset
|
416 |
10616
23956a9b915b
login: Proxying supports now doing DNS lookups for host names.
Timo Sirainen <tss@iki.fi>
parents:
10612
diff
changeset
|
417 if (login_proxy_new(client, &proxy_set, proxy_input) < 0) { |
14146
e456e1bce47f
login-common API made more extensible for different kinds of protocols.
Timo Sirainen <tss@iki.fi>
parents:
14133
diff
changeset
|
418 client_proxy_error(client, PROXY_FAILURE_MSG); |
9756
e30495ae11de
*-login: Moved most of the common code to login-common.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
419 return -1; |
e30495ae11de
*-login: Moved most of the common code to login-common.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
420 } |
e30495ae11de
*-login: Moved most of the common code to login-common.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
421 |
16487
266101990d63
imap/pop3-login: Use libsasl for authenticating to remote IMAP/POP3 server.
Timo Sirainen <tss@iki.fi>
parents:
16390
diff
changeset
|
422 client->proxy_mech = sasl_mech; |
9756
e30495ae11de
*-login: Moved most of the common code to login-common.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
423 client->proxy_user = i_strdup(reply->destuser); |
e30495ae11de
*-login: Moved most of the common code to login-common.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
424 client->proxy_master_user = i_strdup(reply->master_user); |
e30495ae11de
*-login: Moved most of the common code to login-common.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
425 client->proxy_password = i_strdup(reply->password); |
17088
6b8ae0ba5959
imap proxy: Added proxy_nopipelining passdb setting to work around other servers' bugs.
Timo Sirainen <tss@iki.fi>
parents:
16881
diff
changeset
|
426 client->proxy_nopipelining = reply->proxy_nopipelining; |
21018
645375ff262c
imap/pop3 proxy: If passdb returns proxy_not_trusted, don't send ID/XCLIENT
Timo Sirainen <timo.sirainen@dovecot.fi>
parents:
20840
diff
changeset
|
427 client->proxy_not_trusted = reply->proxy_not_trusted; |
9756
e30495ae11de
*-login: Moved most of the common code to login-common.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
428 |
e30495ae11de
*-login: Moved most of the common code to login-common.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
429 /* disable input until authentication is finished */ |
e30495ae11de
*-login: Moved most of the common code to login-common.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
430 if (client->io != NULL) |
e30495ae11de
*-login: Moved most of the common code to login-common.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
431 io_remove(&client->io); |
e30495ae11de
*-login: Moved most of the common code to login-common.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
432 return 0; |
e30495ae11de
*-login: Moved most of the common code to login-common.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
433 } |
e30495ae11de
*-login: Moved most of the common code to login-common.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
434 |
14629
c93ca5e46a8a
Marked functions parameters that are allowed to be NULL. Some APIs were also changed.
Timo Sirainen <tss@iki.fi>
parents:
14576
diff
changeset
|
435 static void ATTR_NULL(3, 4) |
14146
e456e1bce47f
login-common API made more extensible for different kinds of protocols.
Timo Sirainen <tss@iki.fi>
parents:
14133
diff
changeset
|
436 client_auth_result(struct client *client, enum client_auth_result result, |
e456e1bce47f
login-common API made more extensible for different kinds of protocols.
Timo Sirainen <tss@iki.fi>
parents:
14133
diff
changeset
|
437 const struct client_auth_reply *reply, const char *text) |
e456e1bce47f
login-common API made more extensible for different kinds of protocols.
Timo Sirainen <tss@iki.fi>
parents:
14133
diff
changeset
|
438 { |
16881
e5bb04fe417b
*-login: Send the auth reply back corked.
Timo Sirainen <tss@iki.fi>
parents:
16880
diff
changeset
|
439 o_stream_cork(client->output); |
14146
e456e1bce47f
login-common API made more extensible for different kinds of protocols.
Timo Sirainen <tss@iki.fi>
parents:
14133
diff
changeset
|
440 client->v.auth_result(client, result, reply, text); |
16881
e5bb04fe417b
*-login: Send the auth reply back corked.
Timo Sirainen <tss@iki.fi>
parents:
16880
diff
changeset
|
441 o_stream_uncork(client->output); |
14146
e456e1bce47f
login-common API made more extensible for different kinds of protocols.
Timo Sirainen <tss@iki.fi>
parents:
14133
diff
changeset
|
442 } |
e456e1bce47f
login-common API made more extensible for different kinds of protocols.
Timo Sirainen <tss@iki.fi>
parents:
14133
diff
changeset
|
443 |
9756
e30495ae11de
*-login: Moved most of the common code to login-common.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
444 static bool |
e30495ae11de
*-login: Moved most of the common code to login-common.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
445 client_auth_handle_reply(struct client *client, |
e30495ae11de
*-login: Moved most of the common code to login-common.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
446 const struct client_auth_reply *reply, bool success) |
e30495ae11de
*-login: Moved most of the common code to login-common.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
447 { |
e30495ae11de
*-login: Moved most of the common code to login-common.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
448 if (reply->proxy) { |
e30495ae11de
*-login: Moved most of the common code to login-common.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
449 /* we want to proxy the connection to another server. |
e30495ae11de
*-login: Moved most of the common code to login-common.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
450 don't do this unless authentication succeeded. with |
e30495ae11de
*-login: Moved most of the common code to login-common.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
451 master user proxying we can get FAIL with proxy still set. |
e30495ae11de
*-login: Moved most of the common code to login-common.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
452 |
e30495ae11de
*-login: Moved most of the common code to login-common.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
453 proxy host=.. [port=..] [destuser=..] pass=.. */ |
e30495ae11de
*-login: Moved most of the common code to login-common.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
454 if (!success) |
e30495ae11de
*-login: Moved most of the common code to login-common.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
455 return FALSE; |
e30495ae11de
*-login: Moved most of the common code to login-common.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
456 if (proxy_start(client, reply) < 0) |
10302
7d9cd9b7da08
*-login: Removed per-connection auth failure penalties. Trust auth server to do it.
Timo Sirainen <tss@iki.fi>
parents:
10082
diff
changeset
|
457 client_auth_failed(client); |
19843
a9131cd280b2
*-login: Call client.auth_result() also when proxying
Timo Sirainen <timo.sirainen@dovecot.fi>
parents:
19740
diff
changeset
|
458 else { |
a9131cd280b2
*-login: Call client.auth_result() also when proxying
Timo Sirainen <timo.sirainen@dovecot.fi>
parents:
19740
diff
changeset
|
459 /* this for plugins being able th hook into auth reply |
a9131cd280b2
*-login: Call client.auth_result() also when proxying
Timo Sirainen <timo.sirainen@dovecot.fi>
parents:
19740
diff
changeset
|
460 when proxying is used */ |
a9131cd280b2
*-login: Call client.auth_result() also when proxying
Timo Sirainen <timo.sirainen@dovecot.fi>
parents:
19740
diff
changeset
|
461 client_auth_result(client, CLIENT_AUTH_RESULT_SUCCESS, |
a9131cd280b2
*-login: Call client.auth_result() also when proxying
Timo Sirainen <timo.sirainen@dovecot.fi>
parents:
19740
diff
changeset
|
462 reply, NULL); |
a9131cd280b2
*-login: Call client.auth_result() also when proxying
Timo Sirainen <timo.sirainen@dovecot.fi>
parents:
19740
diff
changeset
|
463 } |
9756
e30495ae11de
*-login: Moved most of the common code to login-common.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
464 return TRUE; |
e30495ae11de
*-login: Moved most of the common code to login-common.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
465 } |
14146
e456e1bce47f
login-common API made more extensible for different kinds of protocols.
Timo Sirainen <tss@iki.fi>
parents:
14133
diff
changeset
|
466 |
e456e1bce47f
login-common API made more extensible for different kinds of protocols.
Timo Sirainen <tss@iki.fi>
parents:
14133
diff
changeset
|
467 if (reply->host != NULL) { |
e456e1bce47f
login-common API made more extensible for different kinds of protocols.
Timo Sirainen <tss@iki.fi>
parents:
14133
diff
changeset
|
468 const char *reason; |
e456e1bce47f
login-common API made more extensible for different kinds of protocols.
Timo Sirainen <tss@iki.fi>
parents:
14133
diff
changeset
|
469 |
e456e1bce47f
login-common API made more extensible for different kinds of protocols.
Timo Sirainen <tss@iki.fi>
parents:
14133
diff
changeset
|
470 if (reply->reason != NULL) |
e456e1bce47f
login-common API made more extensible for different kinds of protocols.
Timo Sirainen <tss@iki.fi>
parents:
14133
diff
changeset
|
471 reason = reply->reason; |
e456e1bce47f
login-common API made more extensible for different kinds of protocols.
Timo Sirainen <tss@iki.fi>
parents:
14133
diff
changeset
|
472 else if (reply->nologin) |
e456e1bce47f
login-common API made more extensible for different kinds of protocols.
Timo Sirainen <tss@iki.fi>
parents:
14133
diff
changeset
|
473 reason = "Try this server instead."; |
e456e1bce47f
login-common API made more extensible for different kinds of protocols.
Timo Sirainen <tss@iki.fi>
parents:
14133
diff
changeset
|
474 else |
e456e1bce47f
login-common API made more extensible for different kinds of protocols.
Timo Sirainen <tss@iki.fi>
parents:
14133
diff
changeset
|
475 reason = "Logged in, but you should use this server instead."; |
e456e1bce47f
login-common API made more extensible for different kinds of protocols.
Timo Sirainen <tss@iki.fi>
parents:
14133
diff
changeset
|
476 |
e456e1bce47f
login-common API made more extensible for different kinds of protocols.
Timo Sirainen <tss@iki.fi>
parents:
14133
diff
changeset
|
477 if (reply->nologin) { |
e456e1bce47f
login-common API made more extensible for different kinds of protocols.
Timo Sirainen <tss@iki.fi>
parents:
14133
diff
changeset
|
478 client_auth_result(client, |
e456e1bce47f
login-common API made more extensible for different kinds of protocols.
Timo Sirainen <tss@iki.fi>
parents:
14133
diff
changeset
|
479 CLIENT_AUTH_RESULT_REFERRAL_NOLOGIN, |
e456e1bce47f
login-common API made more extensible for different kinds of protocols.
Timo Sirainen <tss@iki.fi>
parents:
14133
diff
changeset
|
480 reply, reason); |
e456e1bce47f
login-common API made more extensible for different kinds of protocols.
Timo Sirainen <tss@iki.fi>
parents:
14133
diff
changeset
|
481 } else { |
e456e1bce47f
login-common API made more extensible for different kinds of protocols.
Timo Sirainen <tss@iki.fi>
parents:
14133
diff
changeset
|
482 client_auth_result(client, |
e456e1bce47f
login-common API made more extensible for different kinds of protocols.
Timo Sirainen <tss@iki.fi>
parents:
14133
diff
changeset
|
483 CLIENT_AUTH_RESULT_REFERRAL_SUCCESS, |
e456e1bce47f
login-common API made more extensible for different kinds of protocols.
Timo Sirainen <tss@iki.fi>
parents:
14133
diff
changeset
|
484 reply, reason); |
e456e1bce47f
login-common API made more extensible for different kinds of protocols.
Timo Sirainen <tss@iki.fi>
parents:
14133
diff
changeset
|
485 return TRUE; |
e456e1bce47f
login-common API made more extensible for different kinds of protocols.
Timo Sirainen <tss@iki.fi>
parents:
14133
diff
changeset
|
486 } |
e456e1bce47f
login-common API made more extensible for different kinds of protocols.
Timo Sirainen <tss@iki.fi>
parents:
14133
diff
changeset
|
487 } else if (reply->nologin) { |
e456e1bce47f
login-common API made more extensible for different kinds of protocols.
Timo Sirainen <tss@iki.fi>
parents:
14133
diff
changeset
|
488 /* Authentication went ok, but for some reason user isn't |
e456e1bce47f
login-common API made more extensible for different kinds of protocols.
Timo Sirainen <tss@iki.fi>
parents:
14133
diff
changeset
|
489 allowed to log in. Shouldn't probably happen. */ |
e456e1bce47f
login-common API made more extensible for different kinds of protocols.
Timo Sirainen <tss@iki.fi>
parents:
14133
diff
changeset
|
490 if (reply->reason != NULL) { |
e456e1bce47f
login-common API made more extensible for different kinds of protocols.
Timo Sirainen <tss@iki.fi>
parents:
14133
diff
changeset
|
491 client_auth_result(client, |
e456e1bce47f
login-common API made more extensible for different kinds of protocols.
Timo Sirainen <tss@iki.fi>
parents:
14133
diff
changeset
|
492 CLIENT_AUTH_RESULT_AUTHFAILED_REASON, |
e456e1bce47f
login-common API made more extensible for different kinds of protocols.
Timo Sirainen <tss@iki.fi>
parents:
14133
diff
changeset
|
493 reply, reply->reason); |
e456e1bce47f
login-common API made more extensible for different kinds of protocols.
Timo Sirainen <tss@iki.fi>
parents:
14133
diff
changeset
|
494 } else if (reply->temp) { |
e456e1bce47f
login-common API made more extensible for different kinds of protocols.
Timo Sirainen <tss@iki.fi>
parents:
14133
diff
changeset
|
495 const char *timestamp, *msg; |
e456e1bce47f
login-common API made more extensible for different kinds of protocols.
Timo Sirainen <tss@iki.fi>
parents:
14133
diff
changeset
|
496 |
e456e1bce47f
login-common API made more extensible for different kinds of protocols.
Timo Sirainen <tss@iki.fi>
parents:
14133
diff
changeset
|
497 timestamp = t_strflocaltime("%Y-%m-%d %H:%M:%S", ioloop_time); |
e456e1bce47f
login-common API made more extensible for different kinds of protocols.
Timo Sirainen <tss@iki.fi>
parents:
14133
diff
changeset
|
498 msg = t_strdup_printf(AUTH_TEMP_FAILED_MSG" [%s:%s]", |
e456e1bce47f
login-common API made more extensible for different kinds of protocols.
Timo Sirainen <tss@iki.fi>
parents:
14133
diff
changeset
|
499 my_hostname, timestamp); |
e456e1bce47f
login-common API made more extensible for different kinds of protocols.
Timo Sirainen <tss@iki.fi>
parents:
14133
diff
changeset
|
500 client_auth_result(client, CLIENT_AUTH_RESULT_TEMPFAIL, |
e456e1bce47f
login-common API made more extensible for different kinds of protocols.
Timo Sirainen <tss@iki.fi>
parents:
14133
diff
changeset
|
501 reply, msg); |
e456e1bce47f
login-common API made more extensible for different kinds of protocols.
Timo Sirainen <tss@iki.fi>
parents:
14133
diff
changeset
|
502 } else if (reply->authz_failure) { |
e456e1bce47f
login-common API made more extensible for different kinds of protocols.
Timo Sirainen <tss@iki.fi>
parents:
14133
diff
changeset
|
503 client_auth_result(client, |
e456e1bce47f
login-common API made more extensible for different kinds of protocols.
Timo Sirainen <tss@iki.fi>
parents:
14133
diff
changeset
|
504 CLIENT_AUTH_RESULT_AUTHZFAILED, reply, |
e456e1bce47f
login-common API made more extensible for different kinds of protocols.
Timo Sirainen <tss@iki.fi>
parents:
14133
diff
changeset
|
505 "Authorization failed"); |
e456e1bce47f
login-common API made more extensible for different kinds of protocols.
Timo Sirainen <tss@iki.fi>
parents:
14133
diff
changeset
|
506 } else { |
e456e1bce47f
login-common API made more extensible for different kinds of protocols.
Timo Sirainen <tss@iki.fi>
parents:
14133
diff
changeset
|
507 client_auth_result(client, |
e456e1bce47f
login-common API made more extensible for different kinds of protocols.
Timo Sirainen <tss@iki.fi>
parents:
14133
diff
changeset
|
508 CLIENT_AUTH_RESULT_AUTHFAILED, reply, |
e456e1bce47f
login-common API made more extensible for different kinds of protocols.
Timo Sirainen <tss@iki.fi>
parents:
14133
diff
changeset
|
509 AUTH_FAILED_MSG); |
e456e1bce47f
login-common API made more extensible for different kinds of protocols.
Timo Sirainen <tss@iki.fi>
parents:
14133
diff
changeset
|
510 } |
e456e1bce47f
login-common API made more extensible for different kinds of protocols.
Timo Sirainen <tss@iki.fi>
parents:
14133
diff
changeset
|
511 } else { |
e456e1bce47f
login-common API made more extensible for different kinds of protocols.
Timo Sirainen <tss@iki.fi>
parents:
14133
diff
changeset
|
512 /* normal login/failure */ |
e456e1bce47f
login-common API made more extensible for different kinds of protocols.
Timo Sirainen <tss@iki.fi>
parents:
14133
diff
changeset
|
513 return FALSE; |
e456e1bce47f
login-common API made more extensible for different kinds of protocols.
Timo Sirainen <tss@iki.fi>
parents:
14133
diff
changeset
|
514 } |
e456e1bce47f
login-common API made more extensible for different kinds of protocols.
Timo Sirainen <tss@iki.fi>
parents:
14133
diff
changeset
|
515 |
e456e1bce47f
login-common API made more extensible for different kinds of protocols.
Timo Sirainen <tss@iki.fi>
parents:
14133
diff
changeset
|
516 i_assert(reply->nologin); |
e456e1bce47f
login-common API made more extensible for different kinds of protocols.
Timo Sirainen <tss@iki.fi>
parents:
14133
diff
changeset
|
517 |
e456e1bce47f
login-common API made more extensible for different kinds of protocols.
Timo Sirainen <tss@iki.fi>
parents:
14133
diff
changeset
|
518 if (!client->destroyed) |
e456e1bce47f
login-common API made more extensible for different kinds of protocols.
Timo Sirainen <tss@iki.fi>
parents:
14133
diff
changeset
|
519 client_auth_failed(client); |
e456e1bce47f
login-common API made more extensible for different kinds of protocols.
Timo Sirainen <tss@iki.fi>
parents:
14133
diff
changeset
|
520 return TRUE; |
e456e1bce47f
login-common API made more extensible for different kinds of protocols.
Timo Sirainen <tss@iki.fi>
parents:
14133
diff
changeset
|
521 } |
e456e1bce47f
login-common API made more extensible for different kinds of protocols.
Timo Sirainen <tss@iki.fi>
parents:
14133
diff
changeset
|
522 |
e456e1bce47f
login-common API made more extensible for different kinds of protocols.
Timo Sirainen <tss@iki.fi>
parents:
14133
diff
changeset
|
523 void client_auth_respond(struct client *client, const char *response) |
e456e1bce47f
login-common API made more extensible for different kinds of protocols.
Timo Sirainen <tss@iki.fi>
parents:
14133
diff
changeset
|
524 { |
e456e1bce47f
login-common API made more extensible for different kinds of protocols.
Timo Sirainen <tss@iki.fi>
parents:
14133
diff
changeset
|
525 client->auth_waiting = FALSE; |
e456e1bce47f
login-common API made more extensible for different kinds of protocols.
Timo Sirainen <tss@iki.fi>
parents:
14133
diff
changeset
|
526 client_set_auth_waiting(client); |
e456e1bce47f
login-common API made more extensible for different kinds of protocols.
Timo Sirainen <tss@iki.fi>
parents:
14133
diff
changeset
|
527 auth_client_request_continue(client->auth_request, response); |
e456e1bce47f
login-common API made more extensible for different kinds of protocols.
Timo Sirainen <tss@iki.fi>
parents:
14133
diff
changeset
|
528 io_remove(&client->io); |
e456e1bce47f
login-common API made more extensible for different kinds of protocols.
Timo Sirainen <tss@iki.fi>
parents:
14133
diff
changeset
|
529 } |
e456e1bce47f
login-common API made more extensible for different kinds of protocols.
Timo Sirainen <tss@iki.fi>
parents:
14133
diff
changeset
|
530 |
e456e1bce47f
login-common API made more extensible for different kinds of protocols.
Timo Sirainen <tss@iki.fi>
parents:
14133
diff
changeset
|
531 void client_auth_abort(struct client *client) |
e456e1bce47f
login-common API made more extensible for different kinds of protocols.
Timo Sirainen <tss@iki.fi>
parents:
14133
diff
changeset
|
532 { |
e456e1bce47f
login-common API made more extensible for different kinds of protocols.
Timo Sirainen <tss@iki.fi>
parents:
14133
diff
changeset
|
533 sasl_server_auth_abort(client); |
e456e1bce47f
login-common API made more extensible for different kinds of protocols.
Timo Sirainen <tss@iki.fi>
parents:
14133
diff
changeset
|
534 } |
e456e1bce47f
login-common API made more extensible for different kinds of protocols.
Timo Sirainen <tss@iki.fi>
parents:
14133
diff
changeset
|
535 |
e456e1bce47f
login-common API made more extensible for different kinds of protocols.
Timo Sirainen <tss@iki.fi>
parents:
14133
diff
changeset
|
536 void client_auth_fail(struct client *client, const char *text) |
e456e1bce47f
login-common API made more extensible for different kinds of protocols.
Timo Sirainen <tss@iki.fi>
parents:
14133
diff
changeset
|
537 { |
e456e1bce47f
login-common API made more extensible for different kinds of protocols.
Timo Sirainen <tss@iki.fi>
parents:
14133
diff
changeset
|
538 sasl_server_auth_failed(client, text); |
9756
e30495ae11de
*-login: Moved most of the common code to login-common.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
539 } |
e30495ae11de
*-login: Moved most of the common code to login-common.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
540 |
13953
b86f7dd170c6
imap-login: Handle SASL-IR without overflowing master_auth_request's buffer.
Timo Sirainen <tss@iki.fi>
parents:
13933
diff
changeset
|
541 int client_auth_read_line(struct client *client) |
9781
19912e4a2fb3
*-login: Allow backend to parse SASL responses from client (for managesieve).
Timo Sirainen <tss@iki.fi>
parents:
9775
diff
changeset
|
542 { |
9782
e4235adb3044
*-login: Allow auth input to be larger than the rest of the input.
Timo Sirainen <tss@iki.fi>
parents:
9781
diff
changeset
|
543 const unsigned char *data; |
21322
5ab8dc1a4a6f
global: Change string position/length from unsigned int to size_t
Timo Sirainen <timo.sirainen@dovecot.fi>
parents:
21018
diff
changeset
|
544 size_t i, size, len; |
9782
e4235adb3044
*-login: Allow auth input to be larger than the rest of the input.
Timo Sirainen <tss@iki.fi>
parents:
9781
diff
changeset
|
545 |
e4235adb3044
*-login: Allow auth input to be larger than the rest of the input.
Timo Sirainen <tss@iki.fi>
parents:
9781
diff
changeset
|
546 if (i_stream_read_data(client->input, &data, &size, 0) == -1) { |
e4235adb3044
*-login: Allow auth input to be larger than the rest of the input.
Timo Sirainen <tss@iki.fi>
parents:
9781
diff
changeset
|
547 client_destroy(client, "Disconnected"); |
e4235adb3044
*-login: Allow auth input to be larger than the rest of the input.
Timo Sirainen <tss@iki.fi>
parents:
9781
diff
changeset
|
548 return -1; |
e4235adb3044
*-login: Allow auth input to be larger than the rest of the input.
Timo Sirainen <tss@iki.fi>
parents:
9781
diff
changeset
|
549 } |
9781
19912e4a2fb3
*-login: Allow backend to parse SASL responses from client (for managesieve).
Timo Sirainen <tss@iki.fi>
parents:
9775
diff
changeset
|
550 |
9782
e4235adb3044
*-login: Allow auth input to be larger than the rest of the input.
Timo Sirainen <tss@iki.fi>
parents:
9781
diff
changeset
|
551 /* see if we have a full line */ |
e4235adb3044
*-login: Allow auth input to be larger than the rest of the input.
Timo Sirainen <tss@iki.fi>
parents:
9781
diff
changeset
|
552 for (i = 0; i < size; i++) { |
e4235adb3044
*-login: Allow auth input to be larger than the rest of the input.
Timo Sirainen <tss@iki.fi>
parents:
9781
diff
changeset
|
553 if (data[i] == '\n') |
e4235adb3044
*-login: Allow auth input to be larger than the rest of the input.
Timo Sirainen <tss@iki.fi>
parents:
9781
diff
changeset
|
554 break; |
e4235adb3044
*-login: Allow auth input to be larger than the rest of the input.
Timo Sirainen <tss@iki.fi>
parents:
9781
diff
changeset
|
555 } |
13953
b86f7dd170c6
imap-login: Handle SASL-IR without overflowing master_auth_request's buffer.
Timo Sirainen <tss@iki.fi>
parents:
13933
diff
changeset
|
556 if (client->auth_response == NULL) |
b86f7dd170c6
imap-login: Handle SASL-IR without overflowing master_auth_request's buffer.
Timo Sirainen <tss@iki.fi>
parents:
13933
diff
changeset
|
557 client->auth_response = str_new(default_pool, I_MAX(i+1, 256)); |
13982
83a2e1ba3ab6
login: Make SASL auth buffer size define public.
Timo Sirainen <tss@iki.fi>
parents:
13979
diff
changeset
|
558 if (str_len(client->auth_response) + i > LOGIN_MAX_AUTH_BUF_SIZE) { |
9782
e4235adb3044
*-login: Allow auth input to be larger than the rest of the input.
Timo Sirainen <tss@iki.fi>
parents:
9781
diff
changeset
|
559 client_destroy(client, "Authentication response too large"); |
e4235adb3044
*-login: Allow auth input to be larger than the rest of the input.
Timo Sirainen <tss@iki.fi>
parents:
9781
diff
changeset
|
560 return -1; |
e4235adb3044
*-login: Allow auth input to be larger than the rest of the input.
Timo Sirainen <tss@iki.fi>
parents:
9781
diff
changeset
|
561 } |
e4235adb3044
*-login: Allow auth input to be larger than the rest of the input.
Timo Sirainen <tss@iki.fi>
parents:
9781
diff
changeset
|
562 str_append_n(client->auth_response, data, i); |
e4235adb3044
*-login: Allow auth input to be larger than the rest of the input.
Timo Sirainen <tss@iki.fi>
parents:
9781
diff
changeset
|
563 i_stream_skip(client->input, i == size ? size : i+1); |
9781
19912e4a2fb3
*-login: Allow backend to parse SASL responses from client (for managesieve).
Timo Sirainen <tss@iki.fi>
parents:
9775
diff
changeset
|
564 |
9782
e4235adb3044
*-login: Allow auth input to be larger than the rest of the input.
Timo Sirainen <tss@iki.fi>
parents:
9781
diff
changeset
|
565 /* drop trailing \r */ |
e4235adb3044
*-login: Allow auth input to be larger than the rest of the input.
Timo Sirainen <tss@iki.fi>
parents:
9781
diff
changeset
|
566 len = str_len(client->auth_response); |
e4235adb3044
*-login: Allow auth input to be larger than the rest of the input.
Timo Sirainen <tss@iki.fi>
parents:
9781
diff
changeset
|
567 if (len > 0 && str_c(client->auth_response)[len-1] == '\r') |
e4235adb3044
*-login: Allow auth input to be larger than the rest of the input.
Timo Sirainen <tss@iki.fi>
parents:
9781
diff
changeset
|
568 str_truncate(client->auth_response, len-1); |
e4235adb3044
*-login: Allow auth input to be larger than the rest of the input.
Timo Sirainen <tss@iki.fi>
parents:
9781
diff
changeset
|
569 |
e4235adb3044
*-login: Allow auth input to be larger than the rest of the input.
Timo Sirainen <tss@iki.fi>
parents:
9781
diff
changeset
|
570 return i < size; |
e4235adb3044
*-login: Allow auth input to be larger than the rest of the input.
Timo Sirainen <tss@iki.fi>
parents:
9781
diff
changeset
|
571 } |
e4235adb3044
*-login: Allow auth input to be larger than the rest of the input.
Timo Sirainen <tss@iki.fi>
parents:
9781
diff
changeset
|
572 |
14146
e456e1bce47f
login-common API made more extensible for different kinds of protocols.
Timo Sirainen <tss@iki.fi>
parents:
14133
diff
changeset
|
573 void client_auth_parse_response(struct client *client) |
9782
e4235adb3044
*-login: Allow auth input to be larger than the rest of the input.
Timo Sirainen <tss@iki.fi>
parents:
9781
diff
changeset
|
574 { |
14146
e456e1bce47f
login-common API made more extensible for different kinds of protocols.
Timo Sirainen <tss@iki.fi>
parents:
14133
diff
changeset
|
575 if (client_auth_read_line(client) <= 0) |
e456e1bce47f
login-common API made more extensible for different kinds of protocols.
Timo Sirainen <tss@iki.fi>
parents:
14133
diff
changeset
|
576 return; |
9782
e4235adb3044
*-login: Allow auth input to be larger than the rest of the input.
Timo Sirainen <tss@iki.fi>
parents:
9781
diff
changeset
|
577 |
e4235adb3044
*-login: Allow auth input to be larger than the rest of the input.
Timo Sirainen <tss@iki.fi>
parents:
9781
diff
changeset
|
578 if (strcmp(str_c(client->auth_response), "*") == 0) { |
9781
19912e4a2fb3
*-login: Allow backend to parse SASL responses from client (for managesieve).
Timo Sirainen <tss@iki.fi>
parents:
9775
diff
changeset
|
579 sasl_server_auth_abort(client); |
14146
e456e1bce47f
login-common API made more extensible for different kinds of protocols.
Timo Sirainen <tss@iki.fi>
parents:
14133
diff
changeset
|
580 return; |
9781
19912e4a2fb3
*-login: Allow backend to parse SASL responses from client (for managesieve).
Timo Sirainen <tss@iki.fi>
parents:
9775
diff
changeset
|
581 } |
14146
e456e1bce47f
login-common API made more extensible for different kinds of protocols.
Timo Sirainen <tss@iki.fi>
parents:
14133
diff
changeset
|
582 |
e456e1bce47f
login-common API made more extensible for different kinds of protocols.
Timo Sirainen <tss@iki.fi>
parents:
14133
diff
changeset
|
583 client_auth_respond(client, str_c(client->auth_response)); |
e456e1bce47f
login-common API made more extensible for different kinds of protocols.
Timo Sirainen <tss@iki.fi>
parents:
14133
diff
changeset
|
584 memset(str_c_modifiable(client->auth_response), 0, |
e456e1bce47f
login-common API made more extensible for different kinds of protocols.
Timo Sirainen <tss@iki.fi>
parents:
14133
diff
changeset
|
585 str_len(client->auth_response)); |
9781
19912e4a2fb3
*-login: Allow backend to parse SASL responses from client (for managesieve).
Timo Sirainen <tss@iki.fi>
parents:
9775
diff
changeset
|
586 } |
19912e4a2fb3
*-login: Allow backend to parse SASL responses from client (for managesieve).
Timo Sirainen <tss@iki.fi>
parents:
9775
diff
changeset
|
587 |
9756
e30495ae11de
*-login: Moved most of the common code to login-common.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
588 static void client_auth_input(struct client *client) |
e30495ae11de
*-login: Moved most of the common code to login-common.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
589 { |
15049
aa6027a0a78e
Added support to perform token-based service process authentication.
Stephan Bosch <stephan@rename-it.nl>
parents:
14728
diff
changeset
|
590 i_assert(client->v.auth_parse_response != NULL); |
14146
e456e1bce47f
login-common API made more extensible for different kinds of protocols.
Timo Sirainen <tss@iki.fi>
parents:
14133
diff
changeset
|
591 client->v.auth_parse_response(client); |
9756
e30495ae11de
*-login: Moved most of the common code to login-common.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
592 } |
e30495ae11de
*-login: Moved most of the common code to login-common.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
593 |
9781
19912e4a2fb3
*-login: Allow backend to parse SASL responses from client (for managesieve).
Timo Sirainen <tss@iki.fi>
parents:
9775
diff
changeset
|
594 void client_auth_send_challenge(struct client *client, const char *data) |
9767
50df3e60ab85
*-login: Abstract out SASL continue reply sending (for managesieve).
Timo Sirainen <tss@iki.fi>
parents:
9757
diff
changeset
|
595 { |
50df3e60ab85
*-login: Abstract out SASL continue reply sending (for managesieve).
Timo Sirainen <tss@iki.fi>
parents:
9757
diff
changeset
|
596 struct const_iovec iov[3]; |
50df3e60ab85
*-login: Abstract out SASL continue reply sending (for managesieve).
Timo Sirainen <tss@iki.fi>
parents:
9757
diff
changeset
|
597 |
50df3e60ab85
*-login: Abstract out SASL continue reply sending (for managesieve).
Timo Sirainen <tss@iki.fi>
parents:
9757
diff
changeset
|
598 iov[0].iov_base = "+ "; |
50df3e60ab85
*-login: Abstract out SASL continue reply sending (for managesieve).
Timo Sirainen <tss@iki.fi>
parents:
9757
diff
changeset
|
599 iov[0].iov_len = 2; |
50df3e60ab85
*-login: Abstract out SASL continue reply sending (for managesieve).
Timo Sirainen <tss@iki.fi>
parents:
9757
diff
changeset
|
600 iov[1].iov_base = data; |
50df3e60ab85
*-login: Abstract out SASL continue reply sending (for managesieve).
Timo Sirainen <tss@iki.fi>
parents:
9757
diff
changeset
|
601 iov[1].iov_len = strlen(data); |
50df3e60ab85
*-login: Abstract out SASL continue reply sending (for managesieve).
Timo Sirainen <tss@iki.fi>
parents:
9757
diff
changeset
|
602 iov[2].iov_base = "\r\n"; |
50df3e60ab85
*-login: Abstract out SASL continue reply sending (for managesieve).
Timo Sirainen <tss@iki.fi>
parents:
9757
diff
changeset
|
603 iov[2].iov_len = 2; |
50df3e60ab85
*-login: Abstract out SASL continue reply sending (for managesieve).
Timo Sirainen <tss@iki.fi>
parents:
9757
diff
changeset
|
604 |
14681
ca37d1577291
Added o_stream_nsend*() and related functions to make delayed error handling safer.
Timo Sirainen <tss@iki.fi>
parents:
14629
diff
changeset
|
605 o_stream_nsendv(client->output, iov, 3); |
9767
50df3e60ab85
*-login: Abstract out SASL continue reply sending (for managesieve).
Timo Sirainen <tss@iki.fi>
parents:
9757
diff
changeset
|
606 } |
50df3e60ab85
*-login: Abstract out SASL continue reply sending (for managesieve).
Timo Sirainen <tss@iki.fi>
parents:
9757
diff
changeset
|
607 |
9756
e30495ae11de
*-login: Moved most of the common code to login-common.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
608 static void |
e30495ae11de
*-login: Moved most of the common code to login-common.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
609 sasl_callback(struct client *client, enum sasl_server_reply sasl_reply, |
e30495ae11de
*-login: Moved most of the common code to login-common.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
610 const char *data, const char *const *args) |
e30495ae11de
*-login: Moved most of the common code to login-common.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
611 { |
e30495ae11de
*-login: Moved most of the common code to login-common.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
612 struct client_auth_reply reply; |
e30495ae11de
*-login: Moved most of the common code to login-common.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
613 |
e30495ae11de
*-login: Moved most of the common code to login-common.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
614 i_assert(!client->destroyed || |
e30495ae11de
*-login: Moved most of the common code to login-common.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
615 sasl_reply == SASL_SERVER_REPLY_AUTH_ABORTED || |
e30495ae11de
*-login: Moved most of the common code to login-common.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
616 sasl_reply == SASL_SERVER_REPLY_MASTER_FAILED); |
e30495ae11de
*-login: Moved most of the common code to login-common.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
617 |
21389
59437f8764c6
global: Replaced all instances of memset(p, 0, sizeof(*p)) with the new i_zero() macro.
Stephan Bosch <stephan.bosch@dovecot.fi>
parents:
21322
diff
changeset
|
618 i_zero(&reply); |
9756
e30495ae11de
*-login: Moved most of the common code to login-common.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
619 switch (sasl_reply) { |
e30495ae11de
*-login: Moved most of the common code to login-common.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
620 case SASL_SERVER_REPLY_SUCCESS: |
e30495ae11de
*-login: Moved most of the common code to login-common.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
621 if (client->to_auth_waiting != NULL) |
e30495ae11de
*-login: Moved most of the common code to login-common.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
622 timeout_remove(&client->to_auth_waiting); |
e30495ae11de
*-login: Moved most of the common code to login-common.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
623 if (args != NULL) { |
20840
1b4a57403aef
*-login: Store user_* passdb fields to client->alt_usernames.
Timo Sirainen <timo.sirainen@dovecot.fi>
parents:
19964
diff
changeset
|
624 client_auth_parse_args(client, TRUE, args, &reply); |
19650
44b26f969840
*-login: Add all returned passdb fields to struct client_auth_reply.all_fields
Timo Sirainen <timo.sirainen@dovecot.fi>
parents:
19552
diff
changeset
|
625 reply.all_fields = args; |
9756
e30495ae11de
*-login: Moved most of the common code to login-common.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
626 if (client_auth_handle_reply(client, &reply, TRUE)) |
e30495ae11de
*-login: Moved most of the common code to login-common.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
627 break; |
e30495ae11de
*-login: Moved most of the common code to login-common.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
628 } |
14146
e456e1bce47f
login-common API made more extensible for different kinds of protocols.
Timo Sirainen <tss@iki.fi>
parents:
14133
diff
changeset
|
629 client_auth_result(client, CLIENT_AUTH_RESULT_SUCCESS, |
19740
722216cfad93
*-login: Pass client_auth_reply to client.auth_result() whenever possible.
Timo Sirainen <timo.sirainen@dovecot.fi>
parents:
19650
diff
changeset
|
630 &reply, NULL); |
9756
e30495ae11de
*-login: Moved most of the common code to login-common.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
631 client_destroy_success(client, "Login"); |
e30495ae11de
*-login: Moved most of the common code to login-common.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
632 break; |
e30495ae11de
*-login: Moved most of the common code to login-common.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
633 case SASL_SERVER_REPLY_AUTH_FAILED: |
e30495ae11de
*-login: Moved most of the common code to login-common.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
634 case SASL_SERVER_REPLY_AUTH_ABORTED: |
e30495ae11de
*-login: Moved most of the common code to login-common.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
635 if (client->to_auth_waiting != NULL) |
e30495ae11de
*-login: Moved most of the common code to login-common.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
636 timeout_remove(&client->to_auth_waiting); |
e30495ae11de
*-login: Moved most of the common code to login-common.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
637 if (args != NULL) { |
20840
1b4a57403aef
*-login: Store user_* passdb fields to client->alt_usernames.
Timo Sirainen <timo.sirainen@dovecot.fi>
parents:
19964
diff
changeset
|
638 client_auth_parse_args(client, FALSE, args, &reply); |
9756
e30495ae11de
*-login: Moved most of the common code to login-common.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
639 reply.nologin = TRUE; |
19650
44b26f969840
*-login: Add all returned passdb fields to struct client_auth_reply.all_fields
Timo Sirainen <timo.sirainen@dovecot.fi>
parents:
19552
diff
changeset
|
640 reply.all_fields = args; |
9756
e30495ae11de
*-login: Moved most of the common code to login-common.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
641 if (client_auth_handle_reply(client, &reply, FALSE)) |
e30495ae11de
*-login: Moved most of the common code to login-common.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
642 break; |
e30495ae11de
*-login: Moved most of the common code to login-common.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
643 } |
e30495ae11de
*-login: Moved most of the common code to login-common.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
644 |
e30495ae11de
*-login: Moved most of the common code to login-common.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
645 if (sasl_reply == SASL_SERVER_REPLY_AUTH_ABORTED) { |
14146
e456e1bce47f
login-common API made more extensible for different kinds of protocols.
Timo Sirainen <tss@iki.fi>
parents:
14133
diff
changeset
|
646 client_auth_result(client, CLIENT_AUTH_RESULT_ABORTED, |
19740
722216cfad93
*-login: Pass client_auth_reply to client.auth_result() whenever possible.
Timo Sirainen <timo.sirainen@dovecot.fi>
parents:
19650
diff
changeset
|
647 &reply, "Authentication aborted by client."); |
9756
e30495ae11de
*-login: Moved most of the common code to login-common.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
648 } else if (data == NULL) { |
14146
e456e1bce47f
login-common API made more extensible for different kinds of protocols.
Timo Sirainen <tss@iki.fi>
parents:
14133
diff
changeset
|
649 client_auth_result(client, |
19740
722216cfad93
*-login: Pass client_auth_reply to client.auth_result() whenever possible.
Timo Sirainen <timo.sirainen@dovecot.fi>
parents:
19650
diff
changeset
|
650 CLIENT_AUTH_RESULT_AUTHFAILED, &reply, |
14146
e456e1bce47f
login-common API made more extensible for different kinds of protocols.
Timo Sirainen <tss@iki.fi>
parents:
14133
diff
changeset
|
651 AUTH_FAILED_MSG); |
9756
e30495ae11de
*-login: Moved most of the common code to login-common.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
652 } else { |
14146
e456e1bce47f
login-common API made more extensible for different kinds of protocols.
Timo Sirainen <tss@iki.fi>
parents:
14133
diff
changeset
|
653 client_auth_result(client, |
19740
722216cfad93
*-login: Pass client_auth_reply to client.auth_result() whenever possible.
Timo Sirainen <timo.sirainen@dovecot.fi>
parents:
19650
diff
changeset
|
654 CLIENT_AUTH_RESULT_AUTHFAILED_REASON, &reply, |
16386
b05b772ff78f
*-login: If auth failed with a specified reason, the reason wasn't actually shown to client.
Timo Sirainen <tss@iki.fi>
parents:
16086
diff
changeset
|
655 data); |
9756
e30495ae11de
*-login: Moved most of the common code to login-common.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
656 } |
e30495ae11de
*-login: Moved most of the common code to login-common.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
657 |
e30495ae11de
*-login: Moved most of the common code to login-common.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
658 if (!client->destroyed) |
10302
7d9cd9b7da08
*-login: Removed per-connection auth failure penalties. Trust auth server to do it.
Timo Sirainen <tss@iki.fi>
parents:
10082
diff
changeset
|
659 client_auth_failed(client); |
9756
e30495ae11de
*-login: Moved most of the common code to login-common.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
660 break; |
e30495ae11de
*-login: Moved most of the common code to login-common.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
661 case SASL_SERVER_REPLY_MASTER_FAILED: |
11504
279bf7435603
login: Master login internal failures weren't handled correctly.
Timo Sirainen <tss@iki.fi>
parents:
11324
diff
changeset
|
662 if (data != NULL) { |
9756
e30495ae11de
*-login: Moved most of the common code to login-common.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
663 /* authentication itself succeeded, we just hit some |
e30495ae11de
*-login: Moved most of the common code to login-common.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
664 internal failure. */ |
14146
e456e1bce47f
login-common API made more extensible for different kinds of protocols.
Timo Sirainen <tss@iki.fi>
parents:
14133
diff
changeset
|
665 client_auth_result(client, CLIENT_AUTH_RESULT_TEMPFAIL, |
19740
722216cfad93
*-login: Pass client_auth_reply to client.auth_result() whenever possible.
Timo Sirainen <timo.sirainen@dovecot.fi>
parents:
19650
diff
changeset
|
666 &reply, data); |
9756
e30495ae11de
*-login: Moved most of the common code to login-common.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
667 } |
11504
279bf7435603
login: Master login internal failures weren't handled correctly.
Timo Sirainen <tss@iki.fi>
parents:
11324
diff
changeset
|
668 |
11505
a859ab0d760e
login: If master login fails, make sure the client gets disconnected.
Timo Sirainen <tss@iki.fi>
parents:
11504
diff
changeset
|
669 /* the fd may still be hanging somewhere in kernel or another |
a859ab0d760e
login: If master login fails, make sure the client gets disconnected.
Timo Sirainen <tss@iki.fi>
parents:
11504
diff
changeset
|
670 process. make sure the client gets disconnected. */ |
12107
babeebf041c4
*-login: Ignore ENOTCONN error for shutdown()
Timo Sirainen <tss@iki.fi>
parents:
12085
diff
changeset
|
671 if (shutdown(client->fd, SHUT_RDWR) < 0 && errno != ENOTCONN) |
11505
a859ab0d760e
login: If master login fails, make sure the client gets disconnected.
Timo Sirainen <tss@iki.fi>
parents:
11504
diff
changeset
|
672 i_error("shutdown() failed: %m"); |
a859ab0d760e
login: If master login fails, make sure the client gets disconnected.
Timo Sirainen <tss@iki.fi>
parents:
11504
diff
changeset
|
673 |
11504
279bf7435603
login: Master login internal failures weren't handled correctly.
Timo Sirainen <tss@iki.fi>
parents:
11324
diff
changeset
|
674 if (data == NULL) |
279bf7435603
login: Master login internal failures weren't handled correctly.
Timo Sirainen <tss@iki.fi>
parents:
11324
diff
changeset
|
675 client_destroy_internal_failure(client); |
279bf7435603
login: Master login internal failures weren't handled correctly.
Timo Sirainen <tss@iki.fi>
parents:
11324
diff
changeset
|
676 else |
279bf7435603
login: Master login internal failures weren't handled correctly.
Timo Sirainen <tss@iki.fi>
parents:
11324
diff
changeset
|
677 client_destroy_success(client, data); |
11018
2e08ce368bc0
Added support for userdb lookup to fail with a reason (many API changes).
Timo Sirainen <tss@iki.fi>
parents:
10616
diff
changeset
|
678 break; |
9756
e30495ae11de
*-login: Moved most of the common code to login-common.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
679 case SASL_SERVER_REPLY_CONTINUE: |
15049
aa6027a0a78e
Added support to perform token-based service process authentication.
Stephan Bosch <stephan@rename-it.nl>
parents:
14728
diff
changeset
|
680 i_assert(client->v.auth_send_challenge != NULL); |
9781
19912e4a2fb3
*-login: Allow backend to parse SASL responses from client (for managesieve).
Timo Sirainen <tss@iki.fi>
parents:
9775
diff
changeset
|
681 client->v.auth_send_challenge(client, data); |
9756
e30495ae11de
*-login: Moved most of the common code to login-common.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
682 |
e30495ae11de
*-login: Moved most of the common code to login-common.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
683 if (client->to_auth_waiting != NULL) |
e30495ae11de
*-login: Moved most of the common code to login-common.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
684 timeout_remove(&client->to_auth_waiting); |
e30495ae11de
*-login: Moved most of the common code to login-common.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
685 |
13953
b86f7dd170c6
imap-login: Handle SASL-IR without overflowing master_auth_request's buffer.
Timo Sirainen <tss@iki.fi>
parents:
13933
diff
changeset
|
686 if (client->auth_response != NULL) |
b86f7dd170c6
imap-login: Handle SASL-IR without overflowing master_auth_request's buffer.
Timo Sirainen <tss@iki.fi>
parents:
13933
diff
changeset
|
687 str_truncate(client->auth_response, 0); |
9782
e4235adb3044
*-login: Allow auth input to be larger than the rest of the input.
Timo Sirainen <tss@iki.fi>
parents:
9781
diff
changeset
|
688 |
9756
e30495ae11de
*-login: Moved most of the common code to login-common.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
689 i_assert(client->io == NULL); |
13733
679837ca1c95
login: Log a different disconnect message if client didn't finish SASL auth.
Timo Sirainen <tss@iki.fi>
parents:
13327
diff
changeset
|
690 client->auth_waiting = TRUE; |
9756
e30495ae11de
*-login: Moved most of the common code to login-common.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
691 client->io = io_add(client->fd, IO_READ, |
e30495ae11de
*-login: Moved most of the common code to login-common.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
692 client_auth_input, client); |
e30495ae11de
*-login: Moved most of the common code to login-common.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
693 client_auth_input(client); |
e30495ae11de
*-login: Moved most of the common code to login-common.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
694 return; |
e30495ae11de
*-login: Moved most of the common code to login-common.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
695 } |
e30495ae11de
*-login: Moved most of the common code to login-common.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
696 |
14688
128c598d2870
Avoid using (void)s by adding ATTR_NOWARN_UNUSED_RESULT attributes and other ways.
Timo Sirainen <tss@iki.fi>
parents:
14682
diff
changeset
|
697 client_unref(&client); |
9756
e30495ae11de
*-login: Moved most of the common code to login-common.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
698 } |
e30495ae11de
*-login: Moved most of the common code to login-common.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
699 |
e30495ae11de
*-login: Moved most of the common code to login-common.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
700 int client_auth_begin(struct client *client, const char *mech_name, |
e30495ae11de
*-login: Moved most of the common code to login-common.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
701 const char *init_resp) |
e30495ae11de
*-login: Moved most of the common code to login-common.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
702 { |
14728
983c6ff12cc9
Moved ssl_* settings from login-common to lib-master.
Timo Sirainen <tss@iki.fi>
parents:
14688
diff
changeset
|
703 if (!client->secured && strcmp(client->ssl_set->ssl, "required") == 0) { |
14004
581aaea8569c
login process wasn't logging all intended messages with auth_verbose=yes
Timo Sirainen <tss@iki.fi>
parents:
13982
diff
changeset
|
704 if (client->set->auth_verbose) { |
9757
1c01e6bf1090
*-login: Moved ssl=required checking to login-common.
Timo Sirainen <tss@iki.fi>
parents:
9756
diff
changeset
|
705 client_log(client, "Login failed: " |
1c01e6bf1090
*-login: Moved ssl=required checking to login-common.
Timo Sirainen <tss@iki.fi>
parents:
9756
diff
changeset
|
706 "SSL required for authentication"); |
1c01e6bf1090
*-login: Moved ssl=required checking to login-common.
Timo Sirainen <tss@iki.fi>
parents:
9756
diff
changeset
|
707 } |
1c01e6bf1090
*-login: Moved ssl=required checking to login-common.
Timo Sirainen <tss@iki.fi>
parents:
9756
diff
changeset
|
708 client->auth_attempts++; |
14146
e456e1bce47f
login-common API made more extensible for different kinds of protocols.
Timo Sirainen <tss@iki.fi>
parents:
14133
diff
changeset
|
709 client_auth_result(client, CLIENT_AUTH_RESULT_SSL_REQUIRED, NULL, |
9757
1c01e6bf1090
*-login: Moved ssl=required checking to login-common.
Timo Sirainen <tss@iki.fi>
parents:
9756
diff
changeset
|
710 "Authentication not allowed until SSL/TLS is enabled."); |
1c01e6bf1090
*-login: Moved ssl=required checking to login-common.
Timo Sirainen <tss@iki.fi>
parents:
9756
diff
changeset
|
711 return 1; |
1c01e6bf1090
*-login: Moved ssl=required checking to login-common.
Timo Sirainen <tss@iki.fi>
parents:
9756
diff
changeset
|
712 } |
1c01e6bf1090
*-login: Moved ssl=required checking to login-common.
Timo Sirainen <tss@iki.fi>
parents:
9756
diff
changeset
|
713 |
1c01e6bf1090
*-login: Moved ssl=required checking to login-common.
Timo Sirainen <tss@iki.fi>
parents:
9756
diff
changeset
|
714 |
9756
e30495ae11de
*-login: Moved most of the common code to login-common.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
715 client_ref(client); |
e30495ae11de
*-login: Moved most of the common code to login-common.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
716 client->auth_initializing = TRUE; |
12890
6f0396e35fd9
login-common API redesign so that the library doesn't refer to nonexistent variables.
Timo Sirainen <tss@iki.fi>
parents:
12782
diff
changeset
|
717 sasl_server_auth_begin(client, login_binary->protocol, mech_name, |
9756
e30495ae11de
*-login: Moved most of the common code to login-common.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
718 init_resp, sasl_callback); |
e30495ae11de
*-login: Moved most of the common code to login-common.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
719 client->auth_initializing = FALSE; |
e30495ae11de
*-login: Moved most of the common code to login-common.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
720 if (!client->authenticating) |
e30495ae11de
*-login: Moved most of the common code to login-common.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
721 return 1; |
e30495ae11de
*-login: Moved most of the common code to login-common.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
722 |
e30495ae11de
*-login: Moved most of the common code to login-common.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
723 /* don't handle input until we get the initial auth reply */ |
e30495ae11de
*-login: Moved most of the common code to login-common.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
724 if (client->io != NULL) |
e30495ae11de
*-login: Moved most of the common code to login-common.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
725 io_remove(&client->io); |
e30495ae11de
*-login: Moved most of the common code to login-common.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
726 client_set_auth_waiting(client); |
e30495ae11de
*-login: Moved most of the common code to login-common.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
727 return 0; |
e30495ae11de
*-login: Moved most of the common code to login-common.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
728 } |
e30495ae11de
*-login: Moved most of the common code to login-common.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
729 |
e30495ae11de
*-login: Moved most of the common code to login-common.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
730 bool client_check_plaintext_auth(struct client *client, bool pass_sent) |
e30495ae11de
*-login: Moved most of the common code to login-common.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
731 { |
16390
787ef06c4c95
*-login: ssl=required should imply disable_plaintext_auth=yes
Timo Sirainen <tss@iki.fi>
parents:
16386
diff
changeset
|
732 if (client->secured || (!client->set->disable_plaintext_auth && |
787ef06c4c95
*-login: ssl=required should imply disable_plaintext_auth=yes
Timo Sirainen <tss@iki.fi>
parents:
16386
diff
changeset
|
733 strcmp(client->ssl_set->ssl, "required") != 0)) |
9756
e30495ae11de
*-login: Moved most of the common code to login-common.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
734 return TRUE; |
e30495ae11de
*-login: Moved most of the common code to login-common.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
735 |
14004
581aaea8569c
login process wasn't logging all intended messages with auth_verbose=yes
Timo Sirainen <tss@iki.fi>
parents:
13982
diff
changeset
|
736 if (client->set->auth_verbose) { |
9756
e30495ae11de
*-login: Moved most of the common code to login-common.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
737 client_log(client, "Login failed: " |
e30495ae11de
*-login: Moved most of the common code to login-common.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
738 "Plaintext authentication disabled"); |
e30495ae11de
*-login: Moved most of the common code to login-common.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
739 } |
e30495ae11de
*-login: Moved most of the common code to login-common.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
740 if (pass_sent) { |
14146
e456e1bce47f
login-common API made more extensible for different kinds of protocols.
Timo Sirainen <tss@iki.fi>
parents:
14133
diff
changeset
|
741 client_notify_status(client, TRUE, |
9756
e30495ae11de
*-login: Moved most of the common code to login-common.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
742 "Plaintext authentication not allowed " |
e30495ae11de
*-login: Moved most of the common code to login-common.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
743 "without SSL/TLS, but your client did it anyway. " |
e30495ae11de
*-login: Moved most of the common code to login-common.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
744 "If anyone was listening, the password was exposed."); |
e30495ae11de
*-login: Moved most of the common code to login-common.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
745 } |
14146
e456e1bce47f
login-common API made more extensible for different kinds of protocols.
Timo Sirainen <tss@iki.fi>
parents:
14133
diff
changeset
|
746 client_auth_result(client, CLIENT_AUTH_RESULT_SSL_REQUIRED, NULL, |
e456e1bce47f
login-common API made more extensible for different kinds of protocols.
Timo Sirainen <tss@iki.fi>
parents:
14133
diff
changeset
|
747 AUTH_PLAINTEXT_DISABLED_MSG); |
9756
e30495ae11de
*-login: Moved most of the common code to login-common.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
748 client->auth_tried_disabled_plaintext = TRUE; |
e30495ae11de
*-login: Moved most of the common code to login-common.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
749 client->auth_attempts++; |
e30495ae11de
*-login: Moved most of the common code to login-common.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
750 return FALSE; |
e30495ae11de
*-login: Moved most of the common code to login-common.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
751 } |
e30495ae11de
*-login: Moved most of the common code to login-common.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
752 |
e30495ae11de
*-login: Moved most of the common code to login-common.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
753 void clients_notify_auth_connected(void) |
e30495ae11de
*-login: Moved most of the common code to login-common.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
754 { |
12085
af71d71e4b88
login: Crashfix when client disconnects before auth process has started.
Timo Sirainen <tss@iki.fi>
parents:
11982
diff
changeset
|
755 struct client *client, *next; |
9756
e30495ae11de
*-login: Moved most of the common code to login-common.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
756 |
12085
af71d71e4b88
login: Crashfix when client disconnects before auth process has started.
Timo Sirainen <tss@iki.fi>
parents:
11982
diff
changeset
|
757 for (client = clients; client != NULL; client = next) { |
af71d71e4b88
login: Crashfix when client disconnects before auth process has started.
Timo Sirainen <tss@iki.fi>
parents:
11982
diff
changeset
|
758 next = client->next; |
af71d71e4b88
login: Crashfix when client disconnects before auth process has started.
Timo Sirainen <tss@iki.fi>
parents:
11982
diff
changeset
|
759 |
9756
e30495ae11de
*-login: Moved most of the common code to login-common.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
760 if (client->to_auth_waiting != NULL) |
e30495ae11de
*-login: Moved most of the common code to login-common.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
761 timeout_remove(&client->to_auth_waiting); |
14146
e456e1bce47f
login-common API made more extensible for different kinds of protocols.
Timo Sirainen <tss@iki.fi>
parents:
14133
diff
changeset
|
762 |
e456e1bce47f
login-common API made more extensible for different kinds of protocols.
Timo Sirainen <tss@iki.fi>
parents:
14133
diff
changeset
|
763 client_notify_auth_ready(client); |
e456e1bce47f
login-common API made more extensible for different kinds of protocols.
Timo Sirainen <tss@iki.fi>
parents:
14133
diff
changeset
|
764 |
9756
e30495ae11de
*-login: Moved most of the common code to login-common.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
765 if (client->input_blocked) { |
e30495ae11de
*-login: Moved most of the common code to login-common.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
766 client->input_blocked = FALSE; |
e30495ae11de
*-login: Moved most of the common code to login-common.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
767 client_input(client); |
e30495ae11de
*-login: Moved most of the common code to login-common.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
768 } |
e30495ae11de
*-login: Moved most of the common code to login-common.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
769 } |
e30495ae11de
*-login: Moved most of the common code to login-common.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
770 } |