Mercurial > dovecot > core-2.2
view src/director/login-connection.c @ 22311:25af9d4dad59
global: Replaced t_strsplit_tab() calls with t_strsplit_tabescaped()
This is useful especially in auth code to support LFs in extra fields.
Other pieces of code were also tab-escaping strings, but never unescaping
them. Usually it didn't matter, because nobody would use the escaped
characters. Still, the code wasn't exactly behaving correctly.
One downside to this change is that it's now possible to pass through TABs,
CRs and LFs through the various protocols. In theory this shouldn't cause
any problems, but combined with other bugs this could trigger some security
problems.
| author | Timo Sirainen <timo.sirainen@dovecot.fi> |
|---|---|
| date | Thu, 20 Oct 2016 17:45:44 +0300 |
| parents | 2e2563132d5f |
| children | 2ed6735ffc7a |
line wrap: on
line source
/* Copyright (c) 2010-2017 Dovecot authors, see the included COPYING file */ #include "lib.h" #include "ioloop.h" #include "net.h" #include "str.h" #include "istream.h" #include "ostream.h" #include "llist.h" #include "strescape.h" #include "master-service.h" #include "director.h" #include "director-request.h" #include "auth-connection.h" #include "login-connection.h" #include <unistd.h> #define AUTHREPLY_PROTOCOL_MAJOR_VERSION 1 #define AUTHREPLY_PROTOCOL_MINOR_VERSION 0 struct login_connection { struct login_connection *prev, *next; int refcount; enum login_connection_type type; int fd; struct io *io; struct istream *input; struct ostream *output; struct auth_connection *auth; struct director *dir; unsigned int handshaked:1; unsigned int destroyed:1; }; struct login_host_request { struct login_connection *conn; char *line, *username; struct ip_addr local_ip; in_port_t local_port; in_port_t dest_port; bool director_proxy_maybe; }; static struct login_connection *login_connections; static void auth_input_line(const char *line, void *context); static void login_connection_unref(struct login_connection **_conn); static void login_connection_input(struct login_connection *conn) { struct ostream *output; unsigned char buf[4096]; ssize_t ret; ret = read(conn->fd, buf, sizeof(buf)); if (ret <= 0) { if (ret < 0) { if (errno == EAGAIN) return; if (errno != ECONNRESET) i_error("read(login connection) failed: %m"); } login_connection_deinit(&conn); return; } output = auth_connection_get_output(conn->auth); o_stream_nsend(output, buf, ret); } static void login_connection_authreply_input(struct login_connection *conn) { bool bail = FALSE; const char *line; while (!bail && (line = i_stream_read_next_line(conn->input)) != NULL) T_BEGIN { if (!conn->handshaked) { if (!version_string_verify(line, "director-authreply-client", AUTHREPLY_PROTOCOL_MAJOR_VERSION)) { i_error("authreply client sent invalid handshake: %s", line); login_connection_deinit(&conn); bail = TRUE; /* don't return from within a T_BEGIN {...} T_END */ } else { conn->handshaked = TRUE; } } else { auth_input_line(line, conn); } } T_END; if (bail) return; if (conn->input->eof) { if (conn->input->stream_errno != 0 && conn->input->stream_errno != ECONNRESET) { i_error("read(authreply connection) failed: %s", i_stream_get_error(conn->input)); } login_connection_deinit(&conn); } } static void login_connection_send_line(struct login_connection *conn, const char *line) { struct const_iovec iov[2]; if (conn->destroyed) return; iov[0].iov_base = line; iov[0].iov_len = strlen(line); iov[1].iov_base = "\n"; iov[1].iov_len = 1; o_stream_nsendv(conn->output, iov, N_ELEMENTS(iov)); } static bool login_host_request_is_self(struct login_host_request *request, const struct ip_addr *dest_ip) { if (!net_ip_compare(dest_ip, &request->local_ip)) return FALSE; if (request->dest_port != 0 && request->local_port != 0 && request->dest_port != request->local_port) return FALSE; return TRUE; } static void login_host_callback(const struct ip_addr *ip, const char *hostname, const char *errormsg, void *context) { struct login_host_request *request = context; struct director *dir = request->conn->dir; const char *line, *line_params; unsigned int secs; if (ip == NULL) { if (strncmp(request->line, "OK\t", 3) == 0) line_params = request->line + 3; else if (strncmp(request->line, "PASS\t", 5) == 0) line_params = request->line + 5; else i_panic("BUG: Unexpected line: %s", request->line); i_error("director: User %s host lookup failed: %s", request->username, errormsg); line = t_strconcat("FAIL\t", t_strcut(line_params, '\t'), "\ttemp", NULL); } else if (request->director_proxy_maybe && login_host_request_is_self(request, ip)) { line = request->line; } else { string_t *str = t_str_new(64); secs = dir->set->director_user_expire / 2; str_printfa(str, "%s\tproxy_refresh=%u\t", request->line, secs); if (hostname == NULL || hostname[0] == '\0') str_printfa(str, "host=%s", net_ip2addr(ip)); else { str_printfa(str, "host=%s\thostip=%s", hostname, net_ip2addr(ip)); } line = str_c(str); } login_connection_send_line(request->conn, line); login_connection_unref(&request->conn); i_free(request->username); i_free(request->line); i_free(request); } static void auth_input_line(const char *line, void *context) { struct login_connection *conn = context; struct login_host_request *request, temp_request; const char *const *args, *line_params, *username = NULL, *tag = ""; bool proxy = FALSE, host = FALSE; if (line == NULL) { /* auth connection died -> kill also this login connection */ login_connection_deinit(&conn); return; } if (conn->type != LOGIN_CONNECTION_TYPE_USERDB && strncmp(line, "OK\t", 3) == 0) line_params = line + 3; else if (conn->type == LOGIN_CONNECTION_TYPE_USERDB && strncmp(line, "PASS\t", 5) == 0) line_params = line + 5; else { login_connection_send_line(conn, line); return; } /* OK <id> [<parameters>] */ args = t_strsplit_tabescaped(line_params); if (*args != NULL) { /* we should always get here, but in case we don't just forward as-is and let login process handle the error. */ args++; } i_zero(&temp_request); for (; *args != NULL; args++) { if (strncmp(*args, "proxy", 5) == 0 && ((*args)[5] == '=' || (*args)[5] == '\0')) proxy = TRUE; else if (strncmp(*args, "host=", 5) == 0) host = TRUE; else if (strncmp(*args, "lip=", 4) == 0) { if (net_addr2ip((*args) + 4, &temp_request.local_ip) < 0) i_error("auth sent invalid lip field: %s", (*args) + 6); } else if (strncmp(*args, "lport=", 6) == 0) { if (net_str2port((*args) + 6, &temp_request.local_port) < 0) i_error("auth sent invalid lport field: %s", (*args) + 6); } else if (strncmp(*args, "port=", 5) == 0) { if (net_str2port((*args) + 5, &temp_request.dest_port) < 0) i_error("auth sent invalid port field: %s", (*args) + 6); } else if (strncmp(*args, "destuser=", 9) == 0) username = *args + 9; else if (strncmp(*args, "director_tag=", 13) == 0) tag = *args + 13; else if (strncmp(*args, "director_proxy_maybe", 20) == 0 && ((*args)[20] == '=' || (*args)[20] == '\0')) temp_request.director_proxy_maybe = TRUE; else if (strncmp(*args, "user=", 5) == 0) { if (username == NULL) username = *args + 5; } } if ((!proxy && !temp_request.director_proxy_maybe) || host || username == NULL) { login_connection_send_line(conn, line); return; } if (*conn->dir->set->master_user_separator != '\0') { /* with master user logins we still want to use only the login username */ username = t_strcut(username, *conn->dir->set->master_user_separator); } /* we need to add the host. the lookup might be asynchronous */ request = i_new(struct login_host_request, 1); *request = temp_request; request->conn = conn; request->line = i_strdup(line); request->username = i_strdup(username); conn->refcount++; director_request(conn->dir, username, tag, login_host_callback, request); } struct login_connection * login_connection_init(struct director *dir, int fd, struct auth_connection *auth, enum login_connection_type type) { struct login_connection *conn; conn = i_new(struct login_connection, 1); conn->refcount = 1; conn->fd = fd; conn->dir = dir; conn->output = o_stream_create_fd(conn->fd, (size_t)-1, FALSE); o_stream_set_no_error_handling(conn->output, TRUE); if (type != LOGIN_CONNECTION_TYPE_AUTHREPLY) { i_assert(auth != NULL); conn->auth = auth; conn->io = io_add(conn->fd, IO_READ, login_connection_input, conn); auth_connection_set_callback(conn->auth, auth_input_line, conn); } else { i_assert(auth == NULL); conn->input = i_stream_create_fd(conn->fd, IO_BLOCK_SIZE, FALSE); conn->io = io_add(conn->fd, IO_READ, login_connection_authreply_input, conn); o_stream_nsend_str(conn->output, t_strdup_printf( "VERSION\tdirector-authreply-server\t%d\t%d\n", AUTHREPLY_PROTOCOL_MAJOR_VERSION, AUTHREPLY_PROTOCOL_MINOR_VERSION)); } conn->type = type; DLLIST_PREPEND(&login_connections, conn); return conn; } void login_connection_deinit(struct login_connection **_conn) { struct login_connection *conn = *_conn; *_conn = NULL; if (conn->destroyed) return; conn->destroyed = TRUE; DLLIST_REMOVE(&login_connections, conn); io_remove(&conn->io); if (conn->input != NULL) i_stream_destroy(&conn->input); o_stream_destroy(&conn->output); if (close(conn->fd) < 0) i_error("close(login connection) failed: %m"); conn->fd = -1; if (conn->auth != NULL) auth_connection_deinit(&conn->auth); login_connection_unref(&conn); master_service_client_connection_destroyed(master_service); } static void login_connection_unref(struct login_connection **_conn) { struct login_connection *conn = *_conn; *_conn = NULL; i_assert(conn->refcount > 0); if (--conn->refcount == 0) i_free(conn); } void login_connections_deinit(void) { while (login_connections != NULL) { struct login_connection *conn = login_connections; login_connection_deinit(&conn); } }