Mercurial > dovecot > core-2.2
changeset 10695:fd5141e85076 HEAD
imap: Remember if TLS compression is enabled.
author | Timo Sirainen <tss@iki.fi> |
---|---|
date | Sat, 13 Feb 2010 05:43:50 +0200 |
parents | 9f0014f19bd3 |
children | 57814e99b451 |
files | src/imap/imap-client.h src/imap/main.c src/lib-master/master-auth.h src/login-common/sasl-server.c src/login-common/ssl-proxy-openssl.c src/login-common/ssl-proxy.c src/login-common/ssl-proxy.h |
diffstat | 7 files changed, 39 insertions(+), 12 deletions(-) [+] |
line wrap: on
line diff
--- a/src/imap/imap-client.h Sat Feb 13 05:36:04 2010 +0200 +++ b/src/imap/imap-client.h Sat Feb 13 05:43:50 2010 +0200 @@ -142,6 +142,7 @@ unsigned int id_logged:1; unsigned int mailbox_examined:1; unsigned int anvil_sent:1; + unsigned int tls_compression:1; unsigned int input_skip_line:1; /* skip all the data until we've found a new line */ unsigned int modseqs_sent_since_sync:1;
--- a/src/imap/main.c Sat Feb 13 05:36:04 2010 +0200 +++ b/src/imap/main.c Sat Feb 13 05:43:50 2010 +0200 @@ -159,6 +159,7 @@ static int client_create_from_input(const struct mail_storage_service_input *input, + const struct master_login_client *login_client, int fd_in, int fd_out, const buffer_t *input_buf, const char **error_r) { @@ -166,6 +167,7 @@ struct mail_user *mail_user; struct client *client; const struct imap_settings *set; + enum mail_auth_request_flags flags; if (mail_storage_service_lookup_next(storage_service, input, &user, &mail_user, error_r) <= 0) @@ -180,6 +182,10 @@ T_BEGIN { client_add_input(client, input_buf); } T_END; + + flags = login_client == NULL ? 0 : login_client->auth_req.flags; + if ((flags & MAIL_AUTH_REQUEST_FLAG_TLS_COMPRESSION) != 0) + client->tls_compression = TRUE; return 0; } @@ -205,7 +211,7 @@ input_buf = input_base64 == NULL ? NULL : t_base64_decode_str(input_base64); - if (client_create_from_input(&input, STDIN_FILENO, STDOUT_FILENO, + if (client_create_from_input(&input, NULL, STDIN_FILENO, STDOUT_FILENO, input_buf, &error) < 0) i_fatal("%s", error); } @@ -227,7 +233,7 @@ buffer_create_const_data(&input_buf, client->data, client->auth_req.data_size); - if (client_create_from_input(&input, client->fd, client->fd, + if (client_create_from_input(&input, client, client->fd, client->fd, &input_buf, &error) < 0) { i_error("%s", error); (void)close(client->fd);
--- a/src/lib-master/master-auth.h Sat Feb 13 05:36:04 2010 +0200 +++ b/src/lib-master/master-auth.h Sat Feb 13 05:43:50 2010 +0200 @@ -17,6 +17,11 @@ to make sure there's space to transfer the command tag */ #define MASTER_AUTH_MAX_DATA_SIZE (1024*2) +enum mail_auth_request_flags { + /* Connection has TLS compression enabled */ + MAIL_AUTH_REQUEST_FLAG_TLS_COMPRESSION = 0x01 +}; + /* Authentication request. File descriptor may be sent along with the request. */ struct master_auth_request { @@ -33,6 +38,8 @@ itself may be a local socketpair. */ struct ip_addr local_ip, remote_ip; + uint32_t flags; + /* request follows this many bytes of client input */ uint32_t data_size; /* inode of the transferred fd. verified just to be sure that the
--- a/src/login-common/sasl-server.c Sat Feb 13 05:36:04 2010 +0200 +++ b/src/login-common/sasl-server.c Sat Feb 13 05:43:50 2010 +0200 @@ -119,6 +119,9 @@ req.local_ip = client->local_ip; req.remote_ip = client->ip; req.client_pid = getpid(); + if (client->ssl_proxy != NULL && + ssl_proxy_get_compression(client->ssl_proxy)) + req.flags |= MAIL_AUTH_REQUEST_FLAG_TLS_COMPRESSION; memcpy(req.cookie, anvil_request->cookie, sizeof(req.cookie)); buf = buffer_create_dynamic(pool_datastack_create(), 256);
--- a/src/login-common/ssl-proxy-openssl.c Sat Feb 13 05:36:04 2010 +0200 +++ b/src/login-common/ssl-proxy-openssl.c Sat Feb 13 05:43:50 2010 +0200 @@ -704,9 +704,6 @@ const char *ssl_proxy_get_security_string(struct ssl_proxy *proxy) { SSL_CIPHER *cipher; -#ifdef HAVE_SSL_COMPRESSION - const COMP_METHOD *comp; -#endif int bits, alg_bits; const char *comp_str; @@ -715,19 +712,26 @@ cipher = SSL_get_current_cipher(proxy->ssl); bits = SSL_CIPHER_get_bits(cipher, &alg_bits); -#ifdef HAVE_SSL_COMPRESSION - comp = SSL_get_current_compression(proxy->ssl); - comp_str = comp == NULL ? "" : - t_strconcat(" ", SSL_COMP_get_name(comp), NULL); -#else - comp_str = ""; -#endif + comp_str = ssl_proxy_get_compression(proxy); + comp_str = comp_str == NULL ? "" : t_strconcat(" ", comp_str, NULL); return t_strdup_printf("%s with cipher %s (%d/%d bits)%s", SSL_get_version(proxy->ssl), SSL_CIPHER_get_name(cipher), bits, alg_bits, comp_str); } +const char *ssl_proxy_get_compression(struct ssl_proxy *proxy) +{ +#ifdef HAVE_SSL_COMPRESSION + const COMP_METHOD *comp; + + comp = SSL_get_current_compression(proxy->ssl); + return comp == NULL ? NULL : SSL_COMP_get_name(comp); +#else + return NULL; +#endif +} + void ssl_proxy_free(struct ssl_proxy **_proxy) { struct ssl_proxy *proxy = *_proxy;
--- a/src/login-common/ssl-proxy.c Sat Feb 13 05:36:04 2010 +0200 +++ b/src/login-common/ssl-proxy.c Sat Feb 13 05:43:50 2010 +0200 @@ -66,6 +66,11 @@ return ""; } +const char *ssl_proxy_get_compression(struct ssl_proxy *proxy ATTR_UNUSED) +{ + return NULL; +} + void ssl_proxy_free(struct ssl_proxy **proxy ATTR_UNUSED) {} unsigned int ssl_proxy_get_count(void)
--- a/src/login-common/ssl-proxy.h Sat Feb 13 05:36:04 2010 +0200 +++ b/src/login-common/ssl-proxy.h Sat Feb 13 05:43:50 2010 +0200 @@ -28,6 +28,7 @@ bool ssl_proxy_is_handshaked(const struct ssl_proxy *proxy) ATTR_PURE; const char *ssl_proxy_get_last_error(const struct ssl_proxy *proxy) ATTR_PURE; const char *ssl_proxy_get_security_string(struct ssl_proxy *proxy); +const char *ssl_proxy_get_compression(struct ssl_proxy *proxy); void ssl_proxy_free(struct ssl_proxy **proxy); /* Return number of active SSL proxies */