dovecot/original-hg/dovecot-1.2: src/imap-login/client-authenticate.c annotate

annotate src/imap-login/client-authenticate.c @ 2691:46f879c46b45 HEAD

auth_verbose now affects imap/pop3 login processes too. Every authentication attempt by client is logged. Also fixed replies in AUTHENTICATE/AUTH commands when it was aborted by client.

author	Timo Sirainen <tss@iki.fi>
date	Tue, 05 Oct 2004 19:00:18 +0300
parents	6ba9dcff11b9
children	f1e9f3ec8135

rev	line source
2691 46f879c46b45 auth_verbose now affects imap/pop3 login processes too. Every authentication Timo Sirainen <tss@iki.fi> parents: 2629 diff changeset	1 /* Copyright (C) 2002-2004 Timo Sirainen */
1049 c41787e8c3f4 Moved common login process code to login-common, created pop3-login. Timo Sirainen <tss@iki.fi> parents: diff changeset	2
c41787e8c3f4 Moved common login process code to login-common, created pop3-login. Timo Sirainen <tss@iki.fi> parents: diff changeset	3 #include "common.h"
c41787e8c3f4 Moved common login process code to login-common, created pop3-login. Timo Sirainen <tss@iki.fi> parents: diff changeset	4 #include "base64.h"
c41787e8c3f4 Moved common login process code to login-common, created pop3-login. Timo Sirainen <tss@iki.fi> parents: diff changeset	5 #include "buffer.h"
c41787e8c3f4 Moved common login process code to login-common, created pop3-login. Timo Sirainen <tss@iki.fi> parents: diff changeset	6 #include "ioloop.h"
c41787e8c3f4 Moved common login process code to login-common, created pop3-login. Timo Sirainen <tss@iki.fi> parents: diff changeset	7 #include "istream.h"
c41787e8c3f4 Moved common login process code to login-common, created pop3-login. Timo Sirainen <tss@iki.fi> parents: diff changeset	8 #include "ostream.h"
c41787e8c3f4 Moved common login process code to login-common, created pop3-login. Timo Sirainen <tss@iki.fi> parents: diff changeset	9 #include "safe-memset.h"
c41787e8c3f4 Moved common login process code to login-common, created pop3-login. Timo Sirainen <tss@iki.fi> parents: diff changeset	10 #include "str.h"
2691 46f879c46b45 auth_verbose now affects imap/pop3 login processes too. Every authentication Timo Sirainen <tss@iki.fi> parents: 2629 diff changeset	11 #include "str-sanitize.h"
1049 c41787e8c3f4 Moved common login process code to login-common, created pop3-login. Timo Sirainen <tss@iki.fi> parents: diff changeset	12 #include "imap-parser.h"
1702 43815588dd6b Moved client side code for auth process handling to lib-auth. Some other login process cleanups. Timo Sirainen <tss@iki.fi> parents: 1499 diff changeset	13 #include "auth-client.h"
2027 dc5d0da1abe9 Added ssl_require_client_cert auth-specific setting. Hide Timo Sirainen <tss@iki.fi> parents: 1949 diff changeset	14 #include "ssl-proxy.h"
1049 c41787e8c3f4 Moved common login process code to login-common, created pop3-login. Timo Sirainen <tss@iki.fi> parents: diff changeset	15 #include "client.h"
c41787e8c3f4 Moved common login process code to login-common, created pop3-login. Timo Sirainen <tss@iki.fi> parents: diff changeset	16 #include "client-authenticate.h"
1084 86b8c9cb7ac0 Moved more auth code to login-common. Timo Sirainen <tss@iki.fi> parents: 1083 diff changeset	17 #include "auth-common.h"
1049 c41787e8c3f4 Moved common login process code to login-common, created pop3-login. Timo Sirainen <tss@iki.fi> parents: diff changeset	18 #include "master.h"
c41787e8c3f4 Moved common login process code to login-common, created pop3-login. Timo Sirainen <tss@iki.fi> parents: diff changeset	19
2691 46f879c46b45 auth_verbose now affects imap/pop3 login processes too. Every authentication Timo Sirainen <tss@iki.fi> parents: 2629 diff changeset	20 /* Used only for string sanitization while verbose_auth is set. */
46f879c46b45 auth_verbose now affects imap/pop3 login processes too. Every authentication Timo Sirainen <tss@iki.fi> parents: 2629 diff changeset	21 #define MAX_MECH_NAME 64
46f879c46b45 auth_verbose now affects imap/pop3 login processes too. Every authentication Timo Sirainen <tss@iki.fi> parents: 2629 diff changeset	22
1725 cc0690f92d96 disable_plaintext_auth defaults to yes now. ipv4 127.* and ipv6 ::1 Timo Sirainen <tss@iki.fi> parents: 1714 diff changeset	23 const char *client_authenticate_get_capabilities(int secured)
1049 c41787e8c3f4 Moved common login process code to login-common, created pop3-login. Timo Sirainen <tss@iki.fi> parents: diff changeset	24 {
2077 d5b20d679b8a Removed hardcoded mechanism lists. It's now possible to add them Timo Sirainen <tss@iki.fi> parents: 2076 diff changeset	25 const struct auth_mech_desc *mech;
d5b20d679b8a Removed hardcoded mechanism lists. It's now possible to add them Timo Sirainen <tss@iki.fi> parents: 2076 diff changeset	26 unsigned int i, count;
1049 c41787e8c3f4 Moved common login process code to login-common, created pop3-login. Timo Sirainen <tss@iki.fi> parents: diff changeset	27 string_t *str;
c41787e8c3f4 Moved common login process code to login-common, created pop3-login. Timo Sirainen <tss@iki.fi> parents: diff changeset	28
c41787e8c3f4 Moved common login process code to login-common, created pop3-login. Timo Sirainen <tss@iki.fi> parents: diff changeset	29 str = t_str_new(128);
2077 d5b20d679b8a Removed hardcoded mechanism lists. It's now possible to add them Timo Sirainen <tss@iki.fi> parents: 2076 diff changeset	30 mech = auth_client_get_available_mechs(auth_client, &count);
d5b20d679b8a Removed hardcoded mechanism lists. It's now possible to add them Timo Sirainen <tss@iki.fi> parents: 2076 diff changeset	31 for (i = 0; i < count; i++) {
1949 d2755efdd187 Don't advertise AUTH=PLAIN unless transport is secure Timo Sirainen <tss@iki.fi> parents: 1894 diff changeset	32 /* a) transport is secured
d2755efdd187 Don't advertise AUTH=PLAIN unless transport is secure Timo Sirainen <tss@iki.fi> parents: 1894 diff changeset	33 b) auth mechanism isn't plaintext
d2755efdd187 Don't advertise AUTH=PLAIN unless transport is secure Timo Sirainen <tss@iki.fi> parents: 1894 diff changeset	34 c) we allow insecure authentication
d2755efdd187 Don't advertise AUTH=PLAIN unless transport is secure Timo Sirainen <tss@iki.fi> parents: 1894 diff changeset	35 - but don't advertise AUTH=PLAIN, as RFC 2595 requires
d2755efdd187 Don't advertise AUTH=PLAIN unless transport is secure Timo Sirainen <tss@iki.fi> parents: 1894 diff changeset	36 */
2077 d5b20d679b8a Removed hardcoded mechanism lists. It's now possible to add them Timo Sirainen <tss@iki.fi> parents: 2076 diff changeset	37 if (mech[i].advertise &&
d5b20d679b8a Removed hardcoded mechanism lists. It's now possible to add them Timo Sirainen <tss@iki.fi> parents: 2076 diff changeset	38 (secured \|\| !mech[i].plaintext)) {
1049 c41787e8c3f4 Moved common login process code to login-common, created pop3-login. Timo Sirainen <tss@iki.fi> parents: diff changeset	39 str_append_c(str, ' ');
c41787e8c3f4 Moved common login process code to login-common, created pop3-login. Timo Sirainen <tss@iki.fi> parents: diff changeset	40 str_append(str, "AUTH=");
2077 d5b20d679b8a Removed hardcoded mechanism lists. It's now possible to add them Timo Sirainen <tss@iki.fi> parents: 2076 diff changeset	41 str_append(str, mech[i].name);
1049 c41787e8c3f4 Moved common login process code to login-common, created pop3-login. Timo Sirainen <tss@iki.fi> parents: diff changeset	42 }
c41787e8c3f4 Moved common login process code to login-common, created pop3-login. Timo Sirainen <tss@iki.fi> parents: diff changeset	43 }
c41787e8c3f4 Moved common login process code to login-common, created pop3-login. Timo Sirainen <tss@iki.fi> parents: diff changeset	44
2077 d5b20d679b8a Removed hardcoded mechanism lists. It's now possible to add them Timo Sirainen <tss@iki.fi> parents: 2076 diff changeset	45 return str_c(str);
1049 c41787e8c3f4 Moved common login process code to login-common, created pop3-login. Timo Sirainen <tss@iki.fi> parents: diff changeset	46 }
c41787e8c3f4 Moved common login process code to login-common, created pop3-login. Timo Sirainen <tss@iki.fi> parents: diff changeset	47
c41787e8c3f4 Moved common login process code to login-common, created pop3-login. Timo Sirainen <tss@iki.fi> parents: diff changeset	48 static void client_auth_abort(struct imap_client client, const char msg)
c41787e8c3f4 Moved common login process code to login-common, created pop3-login. Timo Sirainen <tss@iki.fi> parents: diff changeset	49 {
1499 e850252cdc7e Removed I/O priorities. They were pretty much useless and were just getting Timo Sirainen <tss@iki.fi> parents: 1474 diff changeset	50 client->authenticating = FALSE;
e850252cdc7e Removed I/O priorities. They were pretty much useless and were just getting Timo Sirainen <tss@iki.fi> parents: 1474 diff changeset	51
1084 86b8c9cb7ac0 Moved more auth code to login-common. Timo Sirainen <tss@iki.fi> parents: 1083 diff changeset	52 if (client->common.auth_request != NULL) {
1702 43815588dd6b Moved client side code for auth process handling to lib-auth. Some other login process cleanups. Timo Sirainen <tss@iki.fi> parents: 1499 diff changeset	53 auth_client_request_abort(client->common.auth_request);
1084 86b8c9cb7ac0 Moved more auth code to login-common. Timo Sirainen <tss@iki.fi> parents: 1083 diff changeset	54 client->common.auth_request = NULL;
1049 c41787e8c3f4 Moved common login process code to login-common, created pop3-login. Timo Sirainen <tss@iki.fi> parents: diff changeset	55 }
c41787e8c3f4 Moved common login process code to login-common, created pop3-login. Timo Sirainen <tss@iki.fi> parents: diff changeset	56
2691 46f879c46b45 auth_verbose now affects imap/pop3 login processes too. Every authentication Timo Sirainen <tss@iki.fi> parents: 2629 diff changeset	57 if (msg != NULL && verbose_auth)
46f879c46b45 auth_verbose now affects imap/pop3 login processes too. Every authentication Timo Sirainen <tss@iki.fi> parents: 2629 diff changeset	58 client_syslog(client, "Authentication failed: %s", msg);
46f879c46b45 auth_verbose now affects imap/pop3 login processes too. Every authentication Timo Sirainen <tss@iki.fi> parents: 2629 diff changeset	59
1084 86b8c9cb7ac0 Moved more auth code to login-common. Timo Sirainen <tss@iki.fi> parents: 1083 diff changeset	60 client_send_tagline(client, msg != NULL ?
86b8c9cb7ac0 Moved more auth code to login-common. Timo Sirainen <tss@iki.fi> parents: 1083 diff changeset	61 t_strconcat("NO ", msg, NULL) :
1049 c41787e8c3f4 Moved common login process code to login-common, created pop3-login. Timo Sirainen <tss@iki.fi> parents: diff changeset	62 "NO Authentication failed.");
c41787e8c3f4 Moved common login process code to login-common, created pop3-login. Timo Sirainen <tss@iki.fi> parents: diff changeset	63
c41787e8c3f4 Moved common login process code to login-common, created pop3-login. Timo Sirainen <tss@iki.fi> parents: diff changeset	64 /* get back to normal client input */
1084 86b8c9cb7ac0 Moved more auth code to login-common. Timo Sirainen <tss@iki.fi> parents: 1083 diff changeset	65 if (client->common.io != NULL)
86b8c9cb7ac0 Moved more auth code to login-common. Timo Sirainen <tss@iki.fi> parents: 1083 diff changeset	66 io_remove(client->common.io);
86b8c9cb7ac0 Moved more auth code to login-common. Timo Sirainen <tss@iki.fi> parents: 1083 diff changeset	67 client->common.io = client->common.fd == -1 ? NULL :
1049 c41787e8c3f4 Moved common login process code to login-common, created pop3-login. Timo Sirainen <tss@iki.fi> parents: diff changeset	68 io_add(client->common.fd, IO_READ, client_input, client);
1714 96dab004a87a fixes. maybe it works now. Timo Sirainen <tss@iki.fi> parents: 1702 diff changeset	69
96dab004a87a fixes. maybe it works now. Timo Sirainen <tss@iki.fi> parents: 1702 diff changeset	70 client_unref(client);
1049 c41787e8c3f4 Moved common login process code to login-common, created pop3-login. Timo Sirainen <tss@iki.fi> parents: diff changeset	71 }
c41787e8c3f4 Moved common login process code to login-common, created pop3-login. Timo Sirainen <tss@iki.fi> parents: diff changeset	72
c41787e8c3f4 Moved common login process code to login-common, created pop3-login. Timo Sirainen <tss@iki.fi> parents: diff changeset	73 static void master_callback(struct client *_client, int success)
c41787e8c3f4 Moved common login process code to login-common, created pop3-login. Timo Sirainen <tss@iki.fi> parents: diff changeset	74 {
c41787e8c3f4 Moved common login process code to login-common, created pop3-login. Timo Sirainen <tss@iki.fi> parents: diff changeset	75 struct imap_client client = (struct imap_client ) _client;
c41787e8c3f4 Moved common login process code to login-common, created pop3-login. Timo Sirainen <tss@iki.fi> parents: diff changeset	76 const char *reason = NULL;
c41787e8c3f4 Moved common login process code to login-common, created pop3-login. Timo Sirainen <tss@iki.fi> parents: diff changeset	77
1084 86b8c9cb7ac0 Moved more auth code to login-common. Timo Sirainen <tss@iki.fi> parents: 1083 diff changeset	78 if (success) {
86b8c9cb7ac0 Moved more auth code to login-common. Timo Sirainen <tss@iki.fi> parents: 1083 diff changeset	79 reason = t_strconcat("Login: ", client->common.virtual_user,
86b8c9cb7ac0 Moved more auth code to login-common. Timo Sirainen <tss@iki.fi> parents: 1083 diff changeset	80 NULL);
86b8c9cb7ac0 Moved more auth code to login-common. Timo Sirainen <tss@iki.fi> parents: 1083 diff changeset	81 } else {
1049 c41787e8c3f4 Moved common login process code to login-common, created pop3-login. Timo Sirainen <tss@iki.fi> parents: diff changeset	82 reason = t_strconcat("Internal login failure: ",
1084 86b8c9cb7ac0 Moved more auth code to login-common. Timo Sirainen <tss@iki.fi> parents: 1083 diff changeset	83 client->common.virtual_user, NULL);
2287 df0b936ae3ed Add "Error report written to server log." also to internal login error Timo Sirainen <tss@iki.fi> parents: 2267 diff changeset	84 client_send_line(client, "* BYE Internal login failure. "
df0b936ae3ed Add "Error report written to server log." also to internal login error Timo Sirainen <tss@iki.fi> parents: 2267 diff changeset	85 "Error report written to server log.");
1049 c41787e8c3f4 Moved common login process code to login-common, created pop3-login. Timo Sirainen <tss@iki.fi> parents: diff changeset	86 }
c41787e8c3f4 Moved common login process code to login-common, created pop3-login. Timo Sirainen <tss@iki.fi> parents: diff changeset	87
c41787e8c3f4 Moved common login process code to login-common, created pop3-login. Timo Sirainen <tss@iki.fi> parents: diff changeset	88 client_destroy(client, reason);
c41787e8c3f4 Moved common login process code to login-common, created pop3-login. Timo Sirainen <tss@iki.fi> parents: diff changeset	89 }
c41787e8c3f4 Moved common login process code to login-common, created pop3-login. Timo Sirainen <tss@iki.fi> parents: diff changeset	90
c41787e8c3f4 Moved common login process code to login-common, created pop3-login. Timo Sirainen <tss@iki.fi> parents: diff changeset	91 static void client_send_auth_data(struct imap_client *client,
c41787e8c3f4 Moved common login process code to login-common, created pop3-login. Timo Sirainen <tss@iki.fi> parents: diff changeset	92 const unsigned char *data, size_t size)
c41787e8c3f4 Moved common login process code to login-common, created pop3-login. Timo Sirainen <tss@iki.fi> parents: diff changeset	93 {
c41787e8c3f4 Moved common login process code to login-common, created pop3-login. Timo Sirainen <tss@iki.fi> parents: diff changeset	94 buffer_t *buf;
2421 d141e1bfdd63 We never do blocking reads/writes to network anymore. Changed imap and pop3 Timo Sirainen <tss@iki.fi> parents: 2287 diff changeset	95 const void *buf_data;
d141e1bfdd63 We never do blocking reads/writes to network anymore. Changed imap and pop3 Timo Sirainen <tss@iki.fi> parents: 2287 diff changeset	96 size_t buf_size;
d141e1bfdd63 We never do blocking reads/writes to network anymore. Changed imap and pop3 Timo Sirainen <tss@iki.fi> parents: 2287 diff changeset	97 ssize_t ret;
1049 c41787e8c3f4 Moved common login process code to login-common, created pop3-login. Timo Sirainen <tss@iki.fi> parents: diff changeset	98
c41787e8c3f4 Moved common login process code to login-common, created pop3-login. Timo Sirainen <tss@iki.fi> parents: diff changeset	99 t_push();
c41787e8c3f4 Moved common login process code to login-common, created pop3-login. Timo Sirainen <tss@iki.fi> parents: diff changeset	100
1782 2f3d906d99d8 data_stack_pool split into two: unsafe_data_stack_pool which works like Timo Sirainen <tss@iki.fi> parents: 1725 diff changeset	101 buf = buffer_create_dynamic(pool_datastack_create(),
2f3d906d99d8 data_stack_pool split into two: unsafe_data_stack_pool which works like Timo Sirainen <tss@iki.fi> parents: 1725 diff changeset	102 size*2, (size_t)-1);
1049 c41787e8c3f4 Moved common login process code to login-common, created pop3-login. Timo Sirainen <tss@iki.fi> parents: diff changeset	103 buffer_append(buf, "+ ", 2);
c41787e8c3f4 Moved common login process code to login-common, created pop3-login. Timo Sirainen <tss@iki.fi> parents: diff changeset	104 base64_encode(data, size, buf);
c41787e8c3f4 Moved common login process code to login-common, created pop3-login. Timo Sirainen <tss@iki.fi> parents: diff changeset	105 buffer_append(buf, "\r\n", 2);
c41787e8c3f4 Moved common login process code to login-common, created pop3-login. Timo Sirainen <tss@iki.fi> parents: diff changeset	106
2421 d141e1bfdd63 We never do blocking reads/writes to network anymore. Changed imap and pop3 Timo Sirainen <tss@iki.fi> parents: 2287 diff changeset	107 buf_data = buffer_get_data(buf, &buf_size);
2453 d2fe9172e408 AUTHENTICATE and AUTH commands were broken. Timo Sirainen <tss@iki.fi> parents: 2421 diff changeset	108 if ((ret = o_stream_send(client->output, buf_data, buf_size)) < 0)
2421 d141e1bfdd63 We never do blocking reads/writes to network anymore. Changed imap and pop3 Timo Sirainen <tss@iki.fi> parents: 2287 diff changeset	109 client_destroy(client, "Disconnected");
d141e1bfdd63 We never do blocking reads/writes to network anymore. Changed imap and pop3 Timo Sirainen <tss@iki.fi> parents: 2287 diff changeset	110 else if ((size_t)ret != buf_size)
d141e1bfdd63 We never do blocking reads/writes to network anymore. Changed imap and pop3 Timo Sirainen <tss@iki.fi> parents: 2287 diff changeset	111 client_destroy(client, "Transmit buffer full");
1049 c41787e8c3f4 Moved common login process code to login-common, created pop3-login. Timo Sirainen <tss@iki.fi> parents: diff changeset	112
c41787e8c3f4 Moved common login process code to login-common, created pop3-login. Timo Sirainen <tss@iki.fi> parents: diff changeset	113 t_pop();
c41787e8c3f4 Moved common login process code to login-common, created pop3-login. Timo Sirainen <tss@iki.fi> parents: diff changeset	114 }
c41787e8c3f4 Moved common login process code to login-common, created pop3-login. Timo Sirainen <tss@iki.fi> parents: diff changeset	115
c41787e8c3f4 Moved common login process code to login-common, created pop3-login. Timo Sirainen <tss@iki.fi> parents: diff changeset	116 static void login_callback(struct auth_request *request,
1702 43815588dd6b Moved client side code for auth process handling to lib-auth. Some other login process cleanups. Timo Sirainen <tss@iki.fi> parents: 1499 diff changeset	117 struct auth_client_request_reply *reply,
43815588dd6b Moved client side code for auth process handling to lib-auth. Some other login process cleanups. Timo Sirainen <tss@iki.fi> parents: 1499 diff changeset	118 const unsigned char data, void context)
1049 c41787e8c3f4 Moved common login process code to login-common, created pop3-login. Timo Sirainen <tss@iki.fi> parents: diff changeset	119 {
1702 43815588dd6b Moved client side code for auth process handling to lib-auth. Some other login process cleanups. Timo Sirainen <tss@iki.fi> parents: 1499 diff changeset	120 struct imap_client *client = context;
1084 86b8c9cb7ac0 Moved more auth code to login-common. Timo Sirainen <tss@iki.fi> parents: 1083 diff changeset	121 const char *error;
1049 c41787e8c3f4 Moved common login process code to login-common, created pop3-login. Timo Sirainen <tss@iki.fi> parents: diff changeset	122
1702 43815588dd6b Moved client side code for auth process handling to lib-auth. Some other login process cleanups. Timo Sirainen <tss@iki.fi> parents: 1499 diff changeset	123 switch (auth_callback(request, reply, data, &client->common,
1084 86b8c9cb7ac0 Moved more auth code to login-common. Timo Sirainen <tss@iki.fi> parents: 1083 diff changeset	124 master_callback, &error)) {
86b8c9cb7ac0 Moved more auth code to login-common. Timo Sirainen <tss@iki.fi> parents: 1083 diff changeset	125 case -1:
2088 4d0834aaa365 Use initial SASL response for LOGIN command internally. Timo Sirainen <tss@iki.fi> parents: 2077 diff changeset	126 case 0:
1084 86b8c9cb7ac0 Moved more auth code to login-common. Timo Sirainen <tss@iki.fi> parents: 1083 diff changeset	127 /* login failed */
86b8c9cb7ac0 Moved more auth code to login-common. Timo Sirainen <tss@iki.fi> parents: 1083 diff changeset	128 client_auth_abort(client, error);
86b8c9cb7ac0 Moved more auth code to login-common. Timo Sirainen <tss@iki.fi> parents: 1083 diff changeset	129 break;
86b8c9cb7ac0 Moved more auth code to login-common. Timo Sirainen <tss@iki.fi> parents: 1083 diff changeset	130
86b8c9cb7ac0 Moved more auth code to login-common. Timo Sirainen <tss@iki.fi> parents: 1083 diff changeset	131 default:
86b8c9cb7ac0 Moved more auth code to login-common. Timo Sirainen <tss@iki.fi> parents: 1083 diff changeset	132 /* success, we should be able to log in. if we fail, just
86b8c9cb7ac0 Moved more auth code to login-common. Timo Sirainen <tss@iki.fi> parents: 1083 diff changeset	133 disconnect the client. */
1275 af685269ead0 login: Wait until we're connected to auth process before executing command Timo Sirainen <tss@iki.fi> parents: 1085 diff changeset	134 client->authenticating = FALSE;
1084 86b8c9cb7ac0 Moved more auth code to login-common. Timo Sirainen <tss@iki.fi> parents: 1083 diff changeset	135 client_send_tagline(client, "OK Logged in.");
1714 96dab004a87a fixes. maybe it works now. Timo Sirainen <tss@iki.fi> parents: 1702 diff changeset	136 client_unref(client);
1049 c41787e8c3f4 Moved common login process code to login-common, created pop3-login. Timo Sirainen <tss@iki.fi> parents: diff changeset	137 }
c41787e8c3f4 Moved common login process code to login-common, created pop3-login. Timo Sirainen <tss@iki.fi> parents: diff changeset	138 }
c41787e8c3f4 Moved common login process code to login-common, created pop3-login. Timo Sirainen <tss@iki.fi> parents: diff changeset	139
2027 dc5d0da1abe9 Added ssl_require_client_cert auth-specific setting. Hide Timo Sirainen <tss@iki.fi> parents: 1949 diff changeset	140 static enum auth_client_request_new_flags
dc5d0da1abe9 Added ssl_require_client_cert auth-specific setting. Hide Timo Sirainen <tss@iki.fi> parents: 1949 diff changeset	141 client_get_auth_flags(struct imap_client *client)
dc5d0da1abe9 Added ssl_require_client_cert auth-specific setting. Hide Timo Sirainen <tss@iki.fi> parents: 1949 diff changeset	142 {
dc5d0da1abe9 Added ssl_require_client_cert auth-specific setting. Hide Timo Sirainen <tss@iki.fi> parents: 1949 diff changeset	143 enum auth_client_request_new_flags auth_flags = 0;
dc5d0da1abe9 Added ssl_require_client_cert auth-specific setting. Hide Timo Sirainen <tss@iki.fi> parents: 1949 diff changeset	144
dc5d0da1abe9 Added ssl_require_client_cert auth-specific setting. Hide Timo Sirainen <tss@iki.fi> parents: 1949 diff changeset	145 if (client->common.proxy != NULL &&
dc5d0da1abe9 Added ssl_require_client_cert auth-specific setting. Hide Timo Sirainen <tss@iki.fi> parents: 1949 diff changeset	146 ssl_proxy_has_valid_client_cert(client->common.proxy))
dc5d0da1abe9 Added ssl_require_client_cert auth-specific setting. Hide Timo Sirainen <tss@iki.fi> parents: 1949 diff changeset	147 auth_flags \|= AUTH_CLIENT_FLAG_SSL_VALID_CLIENT_CERT;
2535 0db84a609ee2 Tell dovecot-auth if SSL/TLS is enabled. Nothing can done with it yet Timo Sirainen <tss@iki.fi> parents: 2453 diff changeset	148 if (client->tls)
0db84a609ee2 Tell dovecot-auth if SSL/TLS is enabled. Nothing can done with it yet Timo Sirainen <tss@iki.fi> parents: 2453 diff changeset	149 auth_flags \|= AUTH_CLIENT_FLAG_SSL_ENABLED;
2027 dc5d0da1abe9 Added ssl_require_client_cert auth-specific setting. Hide Timo Sirainen <tss@iki.fi> parents: 1949 diff changeset	150 return auth_flags;
dc5d0da1abe9 Added ssl_require_client_cert auth-specific setting. Hide Timo Sirainen <tss@iki.fi> parents: 1949 diff changeset	151 }
dc5d0da1abe9 Added ssl_require_client_cert auth-specific setting. Hide Timo Sirainen <tss@iki.fi> parents: 1949 diff changeset	152
1049 c41787e8c3f4 Moved common login process code to login-common, created pop3-login. Timo Sirainen <tss@iki.fi> parents: diff changeset	153 int cmd_login(struct imap_client client, struct imap_arg args)
c41787e8c3f4 Moved common login process code to login-common, created pop3-login. Timo Sirainen <tss@iki.fi> parents: diff changeset	154 {
c41787e8c3f4 Moved common login process code to login-common, created pop3-login. Timo Sirainen <tss@iki.fi> parents: diff changeset	155 const char user, pass, *error;
2097 4e77cb0aff21 Added %l, %r and %P variables and mail_log_prefix setting. Timo Sirainen <tss@iki.fi> parents: 2088 diff changeset	156 struct auth_request_info info;
4e77cb0aff21 Added %l, %r and %P variables and mail_log_prefix setting. Timo Sirainen <tss@iki.fi> parents: 2088 diff changeset	157 string_t *plain_login;
1049 c41787e8c3f4 Moved common login process code to login-common, created pop3-login. Timo Sirainen <tss@iki.fi> parents: diff changeset	158
c41787e8c3f4 Moved common login process code to login-common, created pop3-login. Timo Sirainen <tss@iki.fi> parents: diff changeset	159 /* two arguments: username and password */
c41787e8c3f4 Moved common login process code to login-common, created pop3-login. Timo Sirainen <tss@iki.fi> parents: diff changeset	160 if (args[0].type != IMAP_ARG_ATOM && args[0].type != IMAP_ARG_STRING)
c41787e8c3f4 Moved common login process code to login-common, created pop3-login. Timo Sirainen <tss@iki.fi> parents: diff changeset	161 return FALSE;
c41787e8c3f4 Moved common login process code to login-common, created pop3-login. Timo Sirainen <tss@iki.fi> parents: diff changeset	162 if (args[1].type != IMAP_ARG_ATOM && args[1].type != IMAP_ARG_STRING)
c41787e8c3f4 Moved common login process code to login-common, created pop3-login. Timo Sirainen <tss@iki.fi> parents: diff changeset	163 return FALSE;
c41787e8c3f4 Moved common login process code to login-common, created pop3-login. Timo Sirainen <tss@iki.fi> parents: diff changeset	164 if (args[2].type != IMAP_ARG_EOL)
c41787e8c3f4 Moved common login process code to login-common, created pop3-login. Timo Sirainen <tss@iki.fi> parents: diff changeset	165 return FALSE;
c41787e8c3f4 Moved common login process code to login-common, created pop3-login. Timo Sirainen <tss@iki.fi> parents: diff changeset	166
c41787e8c3f4 Moved common login process code to login-common, created pop3-login. Timo Sirainen <tss@iki.fi> parents: diff changeset	167 user = IMAP_ARG_STR(&args[0]);
c41787e8c3f4 Moved common login process code to login-common, created pop3-login. Timo Sirainen <tss@iki.fi> parents: diff changeset	168 pass = IMAP_ARG_STR(&args[1]);
c41787e8c3f4 Moved common login process code to login-common, created pop3-login. Timo Sirainen <tss@iki.fi> parents: diff changeset	169
1725 cc0690f92d96 disable_plaintext_auth defaults to yes now. ipv4 127.* and ipv6 ::1 Timo Sirainen <tss@iki.fi> parents: 1714 diff changeset	170 if (!client->secured && disable_plaintext_auth) {
2691 46f879c46b45 auth_verbose now affects imap/pop3 login processes too. Every authentication Timo Sirainen <tss@iki.fi> parents: 2629 diff changeset	171 if (verbose_auth) {
46f879c46b45 auth_verbose now affects imap/pop3 login processes too. Every authentication Timo Sirainen <tss@iki.fi> parents: 2629 diff changeset	172 client_syslog(client, "Login failed: "
46f879c46b45 auth_verbose now affects imap/pop3 login processes too. Every authentication Timo Sirainen <tss@iki.fi> parents: 2629 diff changeset	173 "Plaintext authentication disabled");
46f879c46b45 auth_verbose now affects imap/pop3 login processes too. Every authentication Timo Sirainen <tss@iki.fi> parents: 2629 diff changeset	174 }
1474 e0065ebba5b3 If client tries to do LOGIN even if it's disabled, send [ALERT] to user. Timo Sirainen <tss@iki.fi> parents: 1473 diff changeset	175 client_send_line(client,
e0065ebba5b3 If client tries to do LOGIN even if it's disabled, send [ALERT] to user. Timo Sirainen <tss@iki.fi> parents: 1473 diff changeset	176 "* BAD [ALERT] Plaintext authentication is disabled, "
1725 cc0690f92d96 disable_plaintext_auth defaults to yes now. ipv4 127.* and ipv6 ::1 Timo Sirainen <tss@iki.fi> parents: 1714 diff changeset	177 "but your client sent password in plaintext anyway. "
1474 e0065ebba5b3 If client tries to do LOGIN even if it's disabled, send [ALERT] to user. Timo Sirainen <tss@iki.fi> parents: 1473 diff changeset	178 "If anyone was listening, the password was exposed.");
1049 c41787e8c3f4 Moved common login process code to login-common, created pop3-login. Timo Sirainen <tss@iki.fi> parents: diff changeset	179 client_send_tagline(client,
c41787e8c3f4 Moved common login process code to login-common, created pop3-login. Timo Sirainen <tss@iki.fi> parents: diff changeset	180 "NO Plaintext authentication disabled.");
c41787e8c3f4 Moved common login process code to login-common, created pop3-login. Timo Sirainen <tss@iki.fi> parents: diff changeset	181 return TRUE;
c41787e8c3f4 Moved common login process code to login-common, created pop3-login. Timo Sirainen <tss@iki.fi> parents: diff changeset	182 }
c41787e8c3f4 Moved common login process code to login-common, created pop3-login. Timo Sirainen <tss@iki.fi> parents: diff changeset	183
c41787e8c3f4 Moved common login process code to login-common, created pop3-login. Timo Sirainen <tss@iki.fi> parents: diff changeset	184 /* authorization ID \0 authentication ID \0 pass */
2097 4e77cb0aff21 Added %l, %r and %P variables and mail_log_prefix setting. Timo Sirainen <tss@iki.fi> parents: 2088 diff changeset	185 plain_login = t_str_new(64);
4e77cb0aff21 Added %l, %r and %P variables and mail_log_prefix setting. Timo Sirainen <tss@iki.fi> parents: 2088 diff changeset	186 str_append_c(plain_login, '\0');
4e77cb0aff21 Added %l, %r and %P variables and mail_log_prefix setting. Timo Sirainen <tss@iki.fi> parents: 2088 diff changeset	187 str_append(plain_login, user);
4e77cb0aff21 Added %l, %r and %P variables and mail_log_prefix setting. Timo Sirainen <tss@iki.fi> parents: 2088 diff changeset	188 str_append_c(plain_login, '\0');
4e77cb0aff21 Added %l, %r and %P variables and mail_log_prefix setting. Timo Sirainen <tss@iki.fi> parents: 2088 diff changeset	189 str_append(plain_login, pass);
4e77cb0aff21 Added %l, %r and %P variables and mail_log_prefix setting. Timo Sirainen <tss@iki.fi> parents: 2088 diff changeset	190
4e77cb0aff21 Added %l, %r and %P variables and mail_log_prefix setting. Timo Sirainen <tss@iki.fi> parents: 2088 diff changeset	191 memset(&info, 0, sizeof(info));
4e77cb0aff21 Added %l, %r and %P variables and mail_log_prefix setting. Timo Sirainen <tss@iki.fi> parents: 2088 diff changeset	192 info.mech = "PLAIN";
4e77cb0aff21 Added %l, %r and %P variables and mail_log_prefix setting. Timo Sirainen <tss@iki.fi> parents: 2088 diff changeset	193 info.protocol = "IMAP";
4e77cb0aff21 Added %l, %r and %P variables and mail_log_prefix setting. Timo Sirainen <tss@iki.fi> parents: 2088 diff changeset	194 info.flags = client_get_auth_flags(client);
4e77cb0aff21 Added %l, %r and %P variables and mail_log_prefix setting. Timo Sirainen <tss@iki.fi> parents: 2088 diff changeset	195 info.local_ip = client->common.local_ip;
4e77cb0aff21 Added %l, %r and %P variables and mail_log_prefix setting. Timo Sirainen <tss@iki.fi> parents: 2088 diff changeset	196 info.remote_ip = client->common.ip;
4e77cb0aff21 Added %l, %r and %P variables and mail_log_prefix setting. Timo Sirainen <tss@iki.fi> parents: 2088 diff changeset	197 info.initial_resp_data = str_data(plain_login);
4e77cb0aff21 Added %l, %r and %P variables and mail_log_prefix setting. Timo Sirainen <tss@iki.fi> parents: 2088 diff changeset	198 info.initial_resp_size = str_len(plain_login);
1049 c41787e8c3f4 Moved common login process code to login-common, created pop3-login. Timo Sirainen <tss@iki.fi> parents: diff changeset	199
1714 96dab004a87a fixes. maybe it works now. Timo Sirainen <tss@iki.fi> parents: 1702 diff changeset	200 client_ref(client);
2027 dc5d0da1abe9 Added ssl_require_client_cert auth-specific setting. Hide Timo Sirainen <tss@iki.fi> parents: 1949 diff changeset	201
1702 43815588dd6b Moved client side code for auth process handling to lib-auth. Some other login process cleanups. Timo Sirainen <tss@iki.fi> parents: 1499 diff changeset	202 client->common.auth_request =
2267 d2e186f716d8 Added APOP authentication for POP3. Patch by Andrey Panin. Timo Sirainen <tss@iki.fi> parents: 2237 diff changeset	203 auth_client_request_new(auth_client, NULL, &info,
2097 4e77cb0aff21 Added %l, %r and %P variables and mail_log_prefix setting. Timo Sirainen <tss@iki.fi> parents: 2088 diff changeset	204 login_callback, client, &error);
1702 43815588dd6b Moved client side code for auth process handling to lib-auth. Some other login process cleanups. Timo Sirainen <tss@iki.fi> parents: 1499 diff changeset	205 if (client->common.auth_request == NULL) {
2691 46f879c46b45 auth_verbose now affects imap/pop3 login processes too. Every authentication Timo Sirainen <tss@iki.fi> parents: 2629 diff changeset	206 if (verbose_auth)
46f879c46b45 auth_verbose now affects imap/pop3 login processes too. Every authentication Timo Sirainen <tss@iki.fi> parents: 2629 diff changeset	207 client_syslog(client, "Login failed: %s", error);
1049 c41787e8c3f4 Moved common login process code to login-common, created pop3-login. Timo Sirainen <tss@iki.fi> parents: diff changeset	208 client_send_tagline(client, t_strconcat(
c41787e8c3f4 Moved common login process code to login-common, created pop3-login. Timo Sirainen <tss@iki.fi> parents: diff changeset	209 "NO Login failed: ", error, NULL));
1714 96dab004a87a fixes. maybe it works now. Timo Sirainen <tss@iki.fi> parents: 1702 diff changeset	210 client_unref(client);
1049 c41787e8c3f4 Moved common login process code to login-common, created pop3-login. Timo Sirainen <tss@iki.fi> parents: diff changeset	211 return TRUE;
c41787e8c3f4 Moved common login process code to login-common, created pop3-login. Timo Sirainen <tss@iki.fi> parents: diff changeset	212 }
1702 43815588dd6b Moved client side code for auth process handling to lib-auth. Some other login process cleanups. Timo Sirainen <tss@iki.fi> parents: 1499 diff changeset	213
43815588dd6b Moved client side code for auth process handling to lib-auth. Some other login process cleanups. Timo Sirainen <tss@iki.fi> parents: 1499 diff changeset	214 /* don't read any input from client until login is finished */
43815588dd6b Moved client side code for auth process handling to lib-auth. Some other login process cleanups. Timo Sirainen <tss@iki.fi> parents: 1499 diff changeset	215 if (client->common.io != NULL) {
43815588dd6b Moved client side code for auth process handling to lib-auth. Some other login process cleanups. Timo Sirainen <tss@iki.fi> parents: 1499 diff changeset	216 io_remove(client->common.io);
43815588dd6b Moved client side code for auth process handling to lib-auth. Some other login process cleanups. Timo Sirainen <tss@iki.fi> parents: 1499 diff changeset	217 client->common.io = NULL;
43815588dd6b Moved client side code for auth process handling to lib-auth. Some other login process cleanups. Timo Sirainen <tss@iki.fi> parents: 1499 diff changeset	218 }
43815588dd6b Moved client side code for auth process handling to lib-auth. Some other login process cleanups. Timo Sirainen <tss@iki.fi> parents: 1499 diff changeset	219
43815588dd6b Moved client side code for auth process handling to lib-auth. Some other login process cleanups. Timo Sirainen <tss@iki.fi> parents: 1499 diff changeset	220 client->authenticating = TRUE;
43815588dd6b Moved client side code for auth process handling to lib-auth. Some other login process cleanups. Timo Sirainen <tss@iki.fi> parents: 1499 diff changeset	221 return TRUE;
1049 c41787e8c3f4 Moved common login process code to login-common, created pop3-login. Timo Sirainen <tss@iki.fi> parents: diff changeset	222 }
c41787e8c3f4 Moved common login process code to login-common, created pop3-login. Timo Sirainen <tss@iki.fi> parents: diff changeset	223
c41787e8c3f4 Moved common login process code to login-common, created pop3-login. Timo Sirainen <tss@iki.fi> parents: diff changeset	224 static void authenticate_callback(struct auth_request *request,
1702 43815588dd6b Moved client side code for auth process handling to lib-auth. Some other login process cleanups. Timo Sirainen <tss@iki.fi> parents: 1499 diff changeset	225 struct auth_client_request_reply *reply,
43815588dd6b Moved client side code for auth process handling to lib-auth. Some other login process cleanups. Timo Sirainen <tss@iki.fi> parents: 1499 diff changeset	226 const unsigned char data, void context)
1049 c41787e8c3f4 Moved common login process code to login-common, created pop3-login. Timo Sirainen <tss@iki.fi> parents: diff changeset	227 {
1702 43815588dd6b Moved client side code for auth process handling to lib-auth. Some other login process cleanups. Timo Sirainen <tss@iki.fi> parents: 1499 diff changeset	228 struct imap_client *client = context;
1084 86b8c9cb7ac0 Moved more auth code to login-common. Timo Sirainen <tss@iki.fi> parents: 1083 diff changeset	229 const char *error;
1049 c41787e8c3f4 Moved common login process code to login-common, created pop3-login. Timo Sirainen <tss@iki.fi> parents: diff changeset	230
2691 46f879c46b45 auth_verbose now affects imap/pop3 login processes too. Every authentication Timo Sirainen <tss@iki.fi> parents: 2629 diff changeset	231 if (!client->authenticating) {
46f879c46b45 auth_verbose now affects imap/pop3 login processes too. Every authentication Timo Sirainen <tss@iki.fi> parents: 2629 diff changeset	232 /* client aborted */
46f879c46b45 auth_verbose now affects imap/pop3 login processes too. Every authentication Timo Sirainen <tss@iki.fi> parents: 2629 diff changeset	233 i_assert(reply == NULL);
46f879c46b45 auth_verbose now affects imap/pop3 login processes too. Every authentication Timo Sirainen <tss@iki.fi> parents: 2629 diff changeset	234 return;
46f879c46b45 auth_verbose now affects imap/pop3 login processes too. Every authentication Timo Sirainen <tss@iki.fi> parents: 2629 diff changeset	235 }
46f879c46b45 auth_verbose now affects imap/pop3 login processes too. Every authentication Timo Sirainen <tss@iki.fi> parents: 2629 diff changeset	236
1702 43815588dd6b Moved client side code for auth process handling to lib-auth. Some other login process cleanups. Timo Sirainen <tss@iki.fi> parents: 1499 diff changeset	237 switch (auth_callback(request, reply, data, &client->common,
1084 86b8c9cb7ac0 Moved more auth code to login-common. Timo Sirainen <tss@iki.fi> parents: 1083 diff changeset	238 master_callback, &error)) {
86b8c9cb7ac0 Moved more auth code to login-common. Timo Sirainen <tss@iki.fi> parents: 1083 diff changeset	239 case -1:
86b8c9cb7ac0 Moved more auth code to login-common. Timo Sirainen <tss@iki.fi> parents: 1083 diff changeset	240 /* login failed */
86b8c9cb7ac0 Moved more auth code to login-common. Timo Sirainen <tss@iki.fi> parents: 1083 diff changeset	241 client_auth_abort(client, error);
86b8c9cb7ac0 Moved more auth code to login-common. Timo Sirainen <tss@iki.fi> parents: 1083 diff changeset	242 break;
86b8c9cb7ac0 Moved more auth code to login-common. Timo Sirainen <tss@iki.fi> parents: 1083 diff changeset	243
86b8c9cb7ac0 Moved more auth code to login-common. Timo Sirainen <tss@iki.fi> parents: 1083 diff changeset	244 case 0:
86b8c9cb7ac0 Moved more auth code to login-common. Timo Sirainen <tss@iki.fi> parents: 1083 diff changeset	245 /* continue */
1049 c41787e8c3f4 Moved common login process code to login-common, created pop3-login. Timo Sirainen <tss@iki.fi> parents: diff changeset	246 client_send_auth_data(client, data, reply->data_size);
1084 86b8c9cb7ac0 Moved more auth code to login-common. Timo Sirainen <tss@iki.fi> parents: 1083 diff changeset	247 break;
86b8c9cb7ac0 Moved more auth code to login-common. Timo Sirainen <tss@iki.fi> parents: 1083 diff changeset	248 default:
86b8c9cb7ac0 Moved more auth code to login-common. Timo Sirainen <tss@iki.fi> parents: 1083 diff changeset	249 /* success, we should be able to log in. if we fail, just
86b8c9cb7ac0 Moved more auth code to login-common. Timo Sirainen <tss@iki.fi> parents: 1083 diff changeset	250 disconnect the client. */
1275 af685269ead0 login: Wait until we're connected to auth process before executing command Timo Sirainen <tss@iki.fi> parents: 1085 diff changeset	251 client->authenticating = FALSE;
1084 86b8c9cb7ac0 Moved more auth code to login-common. Timo Sirainen <tss@iki.fi> parents: 1083 diff changeset	252 client_send_tagline(client, "OK Logged in.");
1714 96dab004a87a fixes. maybe it works now. Timo Sirainen <tss@iki.fi> parents: 1702 diff changeset	253 client_unref(client);
1084 86b8c9cb7ac0 Moved more auth code to login-common. Timo Sirainen <tss@iki.fi> parents: 1083 diff changeset	254 }
1049 c41787e8c3f4 Moved common login process code to login-common, created pop3-login. Timo Sirainen <tss@iki.fi> parents: diff changeset	255 }
c41787e8c3f4 Moved common login process code to login-common, created pop3-login. Timo Sirainen <tss@iki.fi> parents: diff changeset	256
c41787e8c3f4 Moved common login process code to login-common, created pop3-login. Timo Sirainen <tss@iki.fi> parents: diff changeset	257 static void client_auth_input(void *context)
c41787e8c3f4 Moved common login process code to login-common, created pop3-login. Timo Sirainen <tss@iki.fi> parents: diff changeset	258 {
c41787e8c3f4 Moved common login process code to login-common, created pop3-login. Timo Sirainen <tss@iki.fi> parents: diff changeset	259 struct imap_client *client = context;
c41787e8c3f4 Moved common login process code to login-common, created pop3-login. Timo Sirainen <tss@iki.fi> parents: diff changeset	260 buffer_t *buf;
c41787e8c3f4 Moved common login process code to login-common, created pop3-login. Timo Sirainen <tss@iki.fi> parents: diff changeset	261 char *line;
c41787e8c3f4 Moved common login process code to login-common, created pop3-login. Timo Sirainen <tss@iki.fi> parents: diff changeset	262 size_t linelen, bufsize;
c41787e8c3f4 Moved common login process code to login-common, created pop3-login. Timo Sirainen <tss@iki.fi> parents: diff changeset	263
2237 6b05e30c669a crashfix if client closes connection while authenticating Timo Sirainen <tss@iki.fi> parents: 2097 diff changeset	264 if (!client_read(client))
1049 c41787e8c3f4 Moved common login process code to login-common, created pop3-login. Timo Sirainen <tss@iki.fi> parents: diff changeset	265 return;
c41787e8c3f4 Moved common login process code to login-common, created pop3-login. Timo Sirainen <tss@iki.fi> parents: diff changeset	266
c41787e8c3f4 Moved common login process code to login-common, created pop3-login. Timo Sirainen <tss@iki.fi> parents: diff changeset	267 if (client->skip_line) {
c41787e8c3f4 Moved common login process code to login-common, created pop3-login. Timo Sirainen <tss@iki.fi> parents: diff changeset	268 if (i_stream_next_line(client->input) == NULL)
c41787e8c3f4 Moved common login process code to login-common, created pop3-login. Timo Sirainen <tss@iki.fi> parents: diff changeset	269 return;
c41787e8c3f4 Moved common login process code to login-common, created pop3-login. Timo Sirainen <tss@iki.fi> parents: diff changeset	270
c41787e8c3f4 Moved common login process code to login-common, created pop3-login. Timo Sirainen <tss@iki.fi> parents: diff changeset	271 client->skip_line = FALSE;
c41787e8c3f4 Moved common login process code to login-common, created pop3-login. Timo Sirainen <tss@iki.fi> parents: diff changeset	272 }
c41787e8c3f4 Moved common login process code to login-common, created pop3-login. Timo Sirainen <tss@iki.fi> parents: diff changeset	273
c41787e8c3f4 Moved common login process code to login-common, created pop3-login. Timo Sirainen <tss@iki.fi> parents: diff changeset	274 /* @UNSAFE */
c41787e8c3f4 Moved common login process code to login-common, created pop3-login. Timo Sirainen <tss@iki.fi> parents: diff changeset	275 line = i_stream_next_line(client->input);
c41787e8c3f4 Moved common login process code to login-common, created pop3-login. Timo Sirainen <tss@iki.fi> parents: diff changeset	276 if (line == NULL)
c41787e8c3f4 Moved common login process code to login-common, created pop3-login. Timo Sirainen <tss@iki.fi> parents: diff changeset	277 return;
c41787e8c3f4 Moved common login process code to login-common, created pop3-login. Timo Sirainen <tss@iki.fi> parents: diff changeset	278
c41787e8c3f4 Moved common login process code to login-common, created pop3-login. Timo Sirainen <tss@iki.fi> parents: diff changeset	279 if (strcmp(line, "*") == 0) {
1084 86b8c9cb7ac0 Moved more auth code to login-common. Timo Sirainen <tss@iki.fi> parents: 1083 diff changeset	280 client_auth_abort(client, "Authentication aborted");
1049 c41787e8c3f4 Moved common login process code to login-common, created pop3-login. Timo Sirainen <tss@iki.fi> parents: diff changeset	281 return;
c41787e8c3f4 Moved common login process code to login-common, created pop3-login. Timo Sirainen <tss@iki.fi> parents: diff changeset	282 }
c41787e8c3f4 Moved common login process code to login-common, created pop3-login. Timo Sirainen <tss@iki.fi> parents: diff changeset	283
c41787e8c3f4 Moved common login process code to login-common, created pop3-login. Timo Sirainen <tss@iki.fi> parents: diff changeset	284 linelen = strlen(line);
1782 2f3d906d99d8 data_stack_pool split into two: unsafe_data_stack_pool which works like Timo Sirainen <tss@iki.fi> parents: 1725 diff changeset	285 buf = buffer_create_static_hard(pool_datastack_create(), linelen);
1049 c41787e8c3f4 Moved common login process code to login-common, created pop3-login. Timo Sirainen <tss@iki.fi> parents: diff changeset	286
2629 6ba9dcff11b9 Compiler warning fixes and cleanups Timo Sirainen <tss@iki.fi> parents: 2535 diff changeset	287 if (base64_decode(line, linelen, NULL, buf) <= 0) {
1049 c41787e8c3f4 Moved common login process code to login-common, created pop3-login. Timo Sirainen <tss@iki.fi> parents: diff changeset	288 /* failed */
1084 86b8c9cb7ac0 Moved more auth code to login-common. Timo Sirainen <tss@iki.fi> parents: 1083 diff changeset	289 client_auth_abort(client, "Invalid base64 data");
86b8c9cb7ac0 Moved more auth code to login-common. Timo Sirainen <tss@iki.fi> parents: 1083 diff changeset	290 } else if (client->common.auth_request == NULL) {
86b8c9cb7ac0 Moved more auth code to login-common. Timo Sirainen <tss@iki.fi> parents: 1083 diff changeset	291 client_auth_abort(client, "Don't send unrequested data");
1049 c41787e8c3f4 Moved common login process code to login-common, created pop3-login. Timo Sirainen <tss@iki.fi> parents: diff changeset	292 } else {
1702 43815588dd6b Moved client side code for auth process handling to lib-auth. Some other login process cleanups. Timo Sirainen <tss@iki.fi> parents: 1499 diff changeset	293 auth_client_request_continue(client->common.auth_request,
43815588dd6b Moved client side code for auth process handling to lib-auth. Some other login process cleanups. Timo Sirainen <tss@iki.fi> parents: 1499 diff changeset	294 buffer_get_data(buf, NULL),
43815588dd6b Moved client side code for auth process handling to lib-auth. Some other login process cleanups. Timo Sirainen <tss@iki.fi> parents: 1499 diff changeset	295 buffer_get_used_size(buf));
1049 c41787e8c3f4 Moved common login process code to login-common, created pop3-login. Timo Sirainen <tss@iki.fi> parents: diff changeset	296 }
c41787e8c3f4 Moved common login process code to login-common, created pop3-login. Timo Sirainen <tss@iki.fi> parents: diff changeset	297
c41787e8c3f4 Moved common login process code to login-common, created pop3-login. Timo Sirainen <tss@iki.fi> parents: diff changeset	298 /* clear sensitive data */
c41787e8c3f4 Moved common login process code to login-common, created pop3-login. Timo Sirainen <tss@iki.fi> parents: diff changeset	299 safe_memset(line, 0, linelen);
c41787e8c3f4 Moved common login process code to login-common, created pop3-login. Timo Sirainen <tss@iki.fi> parents: diff changeset	300
c41787e8c3f4 Moved common login process code to login-common, created pop3-login. Timo Sirainen <tss@iki.fi> parents: diff changeset	301 bufsize = buffer_get_used_size(buf);
c41787e8c3f4 Moved common login process code to login-common, created pop3-login. Timo Sirainen <tss@iki.fi> parents: diff changeset	302 safe_memset(buffer_free_without_data(buf), 0, bufsize);
c41787e8c3f4 Moved common login process code to login-common, created pop3-login. Timo Sirainen <tss@iki.fi> parents: diff changeset	303 }
c41787e8c3f4 Moved common login process code to login-common, created pop3-login. Timo Sirainen <tss@iki.fi> parents: diff changeset	304
c41787e8c3f4 Moved common login process code to login-common, created pop3-login. Timo Sirainen <tss@iki.fi> parents: diff changeset	305 int cmd_authenticate(struct imap_client client, struct imap_arg args)
c41787e8c3f4 Moved common login process code to login-common, created pop3-login. Timo Sirainen <tss@iki.fi> parents: diff changeset	306 {
2077 d5b20d679b8a Removed hardcoded mechanism lists. It's now possible to add them Timo Sirainen <tss@iki.fi> parents: 2076 diff changeset	307 const struct auth_mech_desc *mech;
1049 c41787e8c3f4 Moved common login process code to login-common, created pop3-login. Timo Sirainen <tss@iki.fi> parents: diff changeset	308 const char mech_name, error;
2097 4e77cb0aff21 Added %l, %r and %P variables and mail_log_prefix setting. Timo Sirainen <tss@iki.fi> parents: 2088 diff changeset	309 struct auth_request_info info;
1049 c41787e8c3f4 Moved common login process code to login-common, created pop3-login. Timo Sirainen <tss@iki.fi> parents: diff changeset	310
c41787e8c3f4 Moved common login process code to login-common, created pop3-login. Timo Sirainen <tss@iki.fi> parents: diff changeset	311 /* we want only one argument: authentication mechanism name */
c41787e8c3f4 Moved common login process code to login-common, created pop3-login. Timo Sirainen <tss@iki.fi> parents: diff changeset	312 if (args[0].type != IMAP_ARG_ATOM && args[0].type != IMAP_ARG_STRING)
c41787e8c3f4 Moved common login process code to login-common, created pop3-login. Timo Sirainen <tss@iki.fi> parents: diff changeset	313 return FALSE;
c41787e8c3f4 Moved common login process code to login-common, created pop3-login. Timo Sirainen <tss@iki.fi> parents: diff changeset	314 if (args[1].type != IMAP_ARG_EOL)
c41787e8c3f4 Moved common login process code to login-common, created pop3-login. Timo Sirainen <tss@iki.fi> parents: diff changeset	315 return FALSE;
c41787e8c3f4 Moved common login process code to login-common, created pop3-login. Timo Sirainen <tss@iki.fi> parents: diff changeset	316
c41787e8c3f4 Moved common login process code to login-common, created pop3-login. Timo Sirainen <tss@iki.fi> parents: diff changeset	317 mech_name = IMAP_ARG_STR(&args[0]);
c41787e8c3f4 Moved common login process code to login-common, created pop3-login. Timo Sirainen <tss@iki.fi> parents: diff changeset	318 if (*mech_name == '\0')
c41787e8c3f4 Moved common login process code to login-common, created pop3-login. Timo Sirainen <tss@iki.fi> parents: diff changeset	319 return FALSE;
c41787e8c3f4 Moved common login process code to login-common, created pop3-login. Timo Sirainen <tss@iki.fi> parents: diff changeset	320
2077 d5b20d679b8a Removed hardcoded mechanism lists. It's now possible to add them Timo Sirainen <tss@iki.fi> parents: 2076 diff changeset	321 mech = auth_client_find_mech(auth_client, mech_name);
1049 c41787e8c3f4 Moved common login process code to login-common, created pop3-login. Timo Sirainen <tss@iki.fi> parents: diff changeset	322 if (mech == NULL) {
2691 46f879c46b45 auth_verbose now affects imap/pop3 login processes too. Every authentication Timo Sirainen <tss@iki.fi> parents: 2629 diff changeset	323 if (verbose_auth) {
46f879c46b45 auth_verbose now affects imap/pop3 login processes too. Every authentication Timo Sirainen <tss@iki.fi> parents: 2629 diff changeset	324 client_syslog(client, "Authenticate %s failed: "
46f879c46b45 auth_verbose now affects imap/pop3 login processes too. Every authentication Timo Sirainen <tss@iki.fi> parents: 2629 diff changeset	325 "Unsupported mechanism",
46f879c46b45 auth_verbose now affects imap/pop3 login processes too. Every authentication Timo Sirainen <tss@iki.fi> parents: 2629 diff changeset	326 str_sanitize(mech_name, MAX_MECH_NAME));
46f879c46b45 auth_verbose now affects imap/pop3 login processes too. Every authentication Timo Sirainen <tss@iki.fi> parents: 2629 diff changeset	327 }
1049 c41787e8c3f4 Moved common login process code to login-common, created pop3-login. Timo Sirainen <tss@iki.fi> parents: diff changeset	328 client_send_tagline(client,
c41787e8c3f4 Moved common login process code to login-common, created pop3-login. Timo Sirainen <tss@iki.fi> parents: diff changeset	329 "NO Unsupported authentication mechanism.");
c41787e8c3f4 Moved common login process code to login-common, created pop3-login. Timo Sirainen <tss@iki.fi> parents: diff changeset	330 return TRUE;
c41787e8c3f4 Moved common login process code to login-common, created pop3-login. Timo Sirainen <tss@iki.fi> parents: diff changeset	331 }
c41787e8c3f4 Moved common login process code to login-common, created pop3-login. Timo Sirainen <tss@iki.fi> parents: diff changeset	332
1725 cc0690f92d96 disable_plaintext_auth defaults to yes now. ipv4 127.* and ipv6 ::1 Timo Sirainen <tss@iki.fi> parents: 1714 diff changeset	333 if (!client->secured && mech->plaintext && disable_plaintext_auth) {
2691 46f879c46b45 auth_verbose now affects imap/pop3 login processes too. Every authentication Timo Sirainen <tss@iki.fi> parents: 2629 diff changeset	334 if (verbose_auth) {
46f879c46b45 auth_verbose now affects imap/pop3 login processes too. Every authentication Timo Sirainen <tss@iki.fi> parents: 2629 diff changeset	335 client_syslog(client, "Authenticate %s failed: "
46f879c46b45 auth_verbose now affects imap/pop3 login processes too. Every authentication Timo Sirainen <tss@iki.fi> parents: 2629 diff changeset	336 "Plaintext authentication disabled",
46f879c46b45 auth_verbose now affects imap/pop3 login processes too. Every authentication Timo Sirainen <tss@iki.fi> parents: 2629 diff changeset	337 str_sanitize(mech_name, MAX_MECH_NAME));
46f879c46b45 auth_verbose now affects imap/pop3 login processes too. Every authentication Timo Sirainen <tss@iki.fi> parents: 2629 diff changeset	338 }
1049 c41787e8c3f4 Moved common login process code to login-common, created pop3-login. Timo Sirainen <tss@iki.fi> parents: diff changeset	339 client_send_tagline(client,
c41787e8c3f4 Moved common login process code to login-common, created pop3-login. Timo Sirainen <tss@iki.fi> parents: diff changeset	340 "NO Plaintext authentication disabled.");
c41787e8c3f4 Moved common login process code to login-common, created pop3-login. Timo Sirainen <tss@iki.fi> parents: diff changeset	341 return TRUE;
c41787e8c3f4 Moved common login process code to login-common, created pop3-login. Timo Sirainen <tss@iki.fi> parents: diff changeset	342 }
c41787e8c3f4 Moved common login process code to login-common, created pop3-login. Timo Sirainen <tss@iki.fi> parents: diff changeset	343
2097 4e77cb0aff21 Added %l, %r and %P variables and mail_log_prefix setting. Timo Sirainen <tss@iki.fi> parents: 2088 diff changeset	344 memset(&info, 0, sizeof(info));
4e77cb0aff21 Added %l, %r and %P variables and mail_log_prefix setting. Timo Sirainen <tss@iki.fi> parents: 2088 diff changeset	345 info.mech = mech->name;
4e77cb0aff21 Added %l, %r and %P variables and mail_log_prefix setting. Timo Sirainen <tss@iki.fi> parents: 2088 diff changeset	346 info.protocol = "IMAP";
4e77cb0aff21 Added %l, %r and %P variables and mail_log_prefix setting. Timo Sirainen <tss@iki.fi> parents: 2088 diff changeset	347 info.flags = client_get_auth_flags(client);
4e77cb0aff21 Added %l, %r and %P variables and mail_log_prefix setting. Timo Sirainen <tss@iki.fi> parents: 2088 diff changeset	348 info.local_ip = client->common.local_ip;
4e77cb0aff21 Added %l, %r and %P variables and mail_log_prefix setting. Timo Sirainen <tss@iki.fi> parents: 2088 diff changeset	349 info.remote_ip = client->common.ip;
4e77cb0aff21 Added %l, %r and %P variables and mail_log_prefix setting. Timo Sirainen <tss@iki.fi> parents: 2088 diff changeset	350
1714 96dab004a87a fixes. maybe it works now. Timo Sirainen <tss@iki.fi> parents: 1702 diff changeset	351 client_ref(client);
2421 d141e1bfdd63 We never do blocking reads/writes to network anymore. Changed imap and pop3 Timo Sirainen <tss@iki.fi> parents: 2287 diff changeset	352 o_stream_uncork(client->output);
d141e1bfdd63 We never do blocking reads/writes to network anymore. Changed imap and pop3 Timo Sirainen <tss@iki.fi> parents: 2287 diff changeset	353
1702 43815588dd6b Moved client side code for auth process handling to lib-auth. Some other login process cleanups. Timo Sirainen <tss@iki.fi> parents: 1499 diff changeset	354 client->common.auth_request =
2267 d2e186f716d8 Added APOP authentication for POP3. Patch by Andrey Panin. Timo Sirainen <tss@iki.fi> parents: 2237 diff changeset	355 auth_client_request_new(auth_client, NULL, &info,
2097 4e77cb0aff21 Added %l, %r and %P variables and mail_log_prefix setting. Timo Sirainen <tss@iki.fi> parents: 2088 diff changeset	356 authenticate_callback, client, &error);
1702 43815588dd6b Moved client side code for auth process handling to lib-auth. Some other login process cleanups. Timo Sirainen <tss@iki.fi> parents: 1499 diff changeset	357 if (client->common.auth_request != NULL) {
1049 c41787e8c3f4 Moved common login process code to login-common, created pop3-login. Timo Sirainen <tss@iki.fi> parents: diff changeset	358 /* following input data will go to authentication */
1084 86b8c9cb7ac0 Moved more auth code to login-common. Timo Sirainen <tss@iki.fi> parents: 1083 diff changeset	359 if (client->common.io != NULL)
86b8c9cb7ac0 Moved more auth code to login-common. Timo Sirainen <tss@iki.fi> parents: 1083 diff changeset	360 io_remove(client->common.io);
86b8c9cb7ac0 Moved more auth code to login-common. Timo Sirainen <tss@iki.fi> parents: 1083 diff changeset	361 client->common.io = io_add(client->common.fd, IO_READ,
86b8c9cb7ac0 Moved more auth code to login-common. Timo Sirainen <tss@iki.fi> parents: 1083 diff changeset	362 client_auth_input, client);
1275 af685269ead0 login: Wait until we're connected to auth process before executing command Timo Sirainen <tss@iki.fi> parents: 1085 diff changeset	363 client->authenticating = TRUE;
1049 c41787e8c3f4 Moved common login process code to login-common, created pop3-login. Timo Sirainen <tss@iki.fi> parents: diff changeset	364 } else {
2691 46f879c46b45 auth_verbose now affects imap/pop3 login processes too. Every authentication Timo Sirainen <tss@iki.fi> parents: 2629 diff changeset	365 if (verbose_auth) {
46f879c46b45 auth_verbose now affects imap/pop3 login processes too. Every authentication Timo Sirainen <tss@iki.fi> parents: 2629 diff changeset	366 client_syslog(client, "Authenticate %s failed: %s",
46f879c46b45 auth_verbose now affects imap/pop3 login processes too. Every authentication Timo Sirainen <tss@iki.fi> parents: 2629 diff changeset	367 str_sanitize(mech_name, MAX_MECH_NAME),
46f879c46b45 auth_verbose now affects imap/pop3 login processes too. Every authentication Timo Sirainen <tss@iki.fi> parents: 2629 diff changeset	368 error);
46f879c46b45 auth_verbose now affects imap/pop3 login processes too. Every authentication Timo Sirainen <tss@iki.fi> parents: 2629 diff changeset	369 }
1049 c41787e8c3f4 Moved common login process code to login-common, created pop3-login. Timo Sirainen <tss@iki.fi> parents: diff changeset	370 client_send_tagline(client, t_strconcat(
c41787e8c3f4 Moved common login process code to login-common, created pop3-login. Timo Sirainen <tss@iki.fi> parents: diff changeset	371 "NO Authentication failed: ", error, NULL));
1714 96dab004a87a fixes. maybe it works now. Timo Sirainen <tss@iki.fi> parents: 1702 diff changeset	372 client_unref(client);
1049 c41787e8c3f4 Moved common login process code to login-common, created pop3-login. Timo Sirainen <tss@iki.fi> parents: diff changeset	373 }
c41787e8c3f4 Moved common login process code to login-common, created pop3-login. Timo Sirainen <tss@iki.fi> parents: diff changeset	374
c41787e8c3f4 Moved common login process code to login-common, created pop3-login. Timo Sirainen <tss@iki.fi> parents: diff changeset	375 return TRUE;
c41787e8c3f4 Moved common login process code to login-common, created pop3-login. Timo Sirainen <tss@iki.fi> parents: diff changeset	376 }

Mercurial > dovecot > original-hg > dovecot-1.2

annotate src/imap-login/client-authenticate.c @ 2691:46f879c46b45 HEAD