Mercurial > dovecot > original-hg > dovecot-1.2
annotate src/imap-login/client-authenticate.c @ 2691:46f879c46b45 HEAD
auth_verbose now affects imap/pop3 login processes too. Every authentication
attempt by client is logged. Also fixed replies in AUTHENTICATE/AUTH
commands when it was aborted by client.
author | Timo Sirainen <tss@iki.fi> |
---|---|
date | Tue, 05 Oct 2004 19:00:18 +0300 |
parents | 6ba9dcff11b9 |
children | f1e9f3ec8135 |
rev | line source |
---|---|
2691
46f879c46b45
auth_verbose now affects imap/pop3 login processes too. Every authentication
Timo Sirainen <tss@iki.fi>
parents:
2629
diff
changeset
|
1 /* Copyright (C) 2002-2004 Timo Sirainen */ |
1049
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
2 |
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
3 #include "common.h" |
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
4 #include "base64.h" |
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
5 #include "buffer.h" |
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
6 #include "ioloop.h" |
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
7 #include "istream.h" |
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
8 #include "ostream.h" |
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
9 #include "safe-memset.h" |
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
10 #include "str.h" |
2691
46f879c46b45
auth_verbose now affects imap/pop3 login processes too. Every authentication
Timo Sirainen <tss@iki.fi>
parents:
2629
diff
changeset
|
11 #include "str-sanitize.h" |
1049
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
12 #include "imap-parser.h" |
1702
43815588dd6b
Moved client side code for auth process handling to lib-auth. Some other login process cleanups.
Timo Sirainen <tss@iki.fi>
parents:
1499
diff
changeset
|
13 #include "auth-client.h" |
2027
dc5d0da1abe9
Added ssl_require_client_cert auth-specific setting. Hide
Timo Sirainen <tss@iki.fi>
parents:
1949
diff
changeset
|
14 #include "ssl-proxy.h" |
1049
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
15 #include "client.h" |
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
16 #include "client-authenticate.h" |
1084
86b8c9cb7ac0
Moved more auth code to login-common.
Timo Sirainen <tss@iki.fi>
parents:
1083
diff
changeset
|
17 #include "auth-common.h" |
1049
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
18 #include "master.h" |
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
19 |
2691
46f879c46b45
auth_verbose now affects imap/pop3 login processes too. Every authentication
Timo Sirainen <tss@iki.fi>
parents:
2629
diff
changeset
|
20 /* Used only for string sanitization while verbose_auth is set. */ |
46f879c46b45
auth_verbose now affects imap/pop3 login processes too. Every authentication
Timo Sirainen <tss@iki.fi>
parents:
2629
diff
changeset
|
21 #define MAX_MECH_NAME 64 |
46f879c46b45
auth_verbose now affects imap/pop3 login processes too. Every authentication
Timo Sirainen <tss@iki.fi>
parents:
2629
diff
changeset
|
22 |
1725
cc0690f92d96
disable_plaintext_auth defaults to yes now. ipv4 127.* and ipv6 ::1
Timo Sirainen <tss@iki.fi>
parents:
1714
diff
changeset
|
23 const char *client_authenticate_get_capabilities(int secured) |
1049
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
24 { |
2077
d5b20d679b8a
Removed hardcoded mechanism lists. It's now possible to add them
Timo Sirainen <tss@iki.fi>
parents:
2076
diff
changeset
|
25 const struct auth_mech_desc *mech; |
d5b20d679b8a
Removed hardcoded mechanism lists. It's now possible to add them
Timo Sirainen <tss@iki.fi>
parents:
2076
diff
changeset
|
26 unsigned int i, count; |
1049
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
27 string_t *str; |
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
28 |
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
29 str = t_str_new(128); |
2077
d5b20d679b8a
Removed hardcoded mechanism lists. It's now possible to add them
Timo Sirainen <tss@iki.fi>
parents:
2076
diff
changeset
|
30 mech = auth_client_get_available_mechs(auth_client, &count); |
d5b20d679b8a
Removed hardcoded mechanism lists. It's now possible to add them
Timo Sirainen <tss@iki.fi>
parents:
2076
diff
changeset
|
31 for (i = 0; i < count; i++) { |
1949
d2755efdd187
Don't advertise AUTH=PLAIN unless transport is secure
Timo Sirainen <tss@iki.fi>
parents:
1894
diff
changeset
|
32 /* a) transport is secured |
d2755efdd187
Don't advertise AUTH=PLAIN unless transport is secure
Timo Sirainen <tss@iki.fi>
parents:
1894
diff
changeset
|
33 b) auth mechanism isn't plaintext |
d2755efdd187
Don't advertise AUTH=PLAIN unless transport is secure
Timo Sirainen <tss@iki.fi>
parents:
1894
diff
changeset
|
34 c) we allow insecure authentication |
d2755efdd187
Don't advertise AUTH=PLAIN unless transport is secure
Timo Sirainen <tss@iki.fi>
parents:
1894
diff
changeset
|
35 - but don't advertise AUTH=PLAIN, as RFC 2595 requires |
d2755efdd187
Don't advertise AUTH=PLAIN unless transport is secure
Timo Sirainen <tss@iki.fi>
parents:
1894
diff
changeset
|
36 */ |
2077
d5b20d679b8a
Removed hardcoded mechanism lists. It's now possible to add them
Timo Sirainen <tss@iki.fi>
parents:
2076
diff
changeset
|
37 if (mech[i].advertise && |
d5b20d679b8a
Removed hardcoded mechanism lists. It's now possible to add them
Timo Sirainen <tss@iki.fi>
parents:
2076
diff
changeset
|
38 (secured || !mech[i].plaintext)) { |
1049
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
39 str_append_c(str, ' '); |
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
40 str_append(str, "AUTH="); |
2077
d5b20d679b8a
Removed hardcoded mechanism lists. It's now possible to add them
Timo Sirainen <tss@iki.fi>
parents:
2076
diff
changeset
|
41 str_append(str, mech[i].name); |
1049
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
42 } |
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
43 } |
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
44 |
2077
d5b20d679b8a
Removed hardcoded mechanism lists. It's now possible to add them
Timo Sirainen <tss@iki.fi>
parents:
2076
diff
changeset
|
45 return str_c(str); |
1049
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
46 } |
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
47 |
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
48 static void client_auth_abort(struct imap_client *client, const char *msg) |
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
49 { |
1499
e850252cdc7e
Removed I/O priorities. They were pretty much useless and were just getting
Timo Sirainen <tss@iki.fi>
parents:
1474
diff
changeset
|
50 client->authenticating = FALSE; |
e850252cdc7e
Removed I/O priorities. They were pretty much useless and were just getting
Timo Sirainen <tss@iki.fi>
parents:
1474
diff
changeset
|
51 |
1084
86b8c9cb7ac0
Moved more auth code to login-common.
Timo Sirainen <tss@iki.fi>
parents:
1083
diff
changeset
|
52 if (client->common.auth_request != NULL) { |
1702
43815588dd6b
Moved client side code for auth process handling to lib-auth. Some other login process cleanups.
Timo Sirainen <tss@iki.fi>
parents:
1499
diff
changeset
|
53 auth_client_request_abort(client->common.auth_request); |
1084
86b8c9cb7ac0
Moved more auth code to login-common.
Timo Sirainen <tss@iki.fi>
parents:
1083
diff
changeset
|
54 client->common.auth_request = NULL; |
1049
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
55 } |
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
56 |
2691
46f879c46b45
auth_verbose now affects imap/pop3 login processes too. Every authentication
Timo Sirainen <tss@iki.fi>
parents:
2629
diff
changeset
|
57 if (msg != NULL && verbose_auth) |
46f879c46b45
auth_verbose now affects imap/pop3 login processes too. Every authentication
Timo Sirainen <tss@iki.fi>
parents:
2629
diff
changeset
|
58 client_syslog(client, "Authentication failed: %s", msg); |
46f879c46b45
auth_verbose now affects imap/pop3 login processes too. Every authentication
Timo Sirainen <tss@iki.fi>
parents:
2629
diff
changeset
|
59 |
1084
86b8c9cb7ac0
Moved more auth code to login-common.
Timo Sirainen <tss@iki.fi>
parents:
1083
diff
changeset
|
60 client_send_tagline(client, msg != NULL ? |
86b8c9cb7ac0
Moved more auth code to login-common.
Timo Sirainen <tss@iki.fi>
parents:
1083
diff
changeset
|
61 t_strconcat("NO ", msg, NULL) : |
1049
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
62 "NO Authentication failed."); |
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
63 |
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
64 /* get back to normal client input */ |
1084
86b8c9cb7ac0
Moved more auth code to login-common.
Timo Sirainen <tss@iki.fi>
parents:
1083
diff
changeset
|
65 if (client->common.io != NULL) |
86b8c9cb7ac0
Moved more auth code to login-common.
Timo Sirainen <tss@iki.fi>
parents:
1083
diff
changeset
|
66 io_remove(client->common.io); |
86b8c9cb7ac0
Moved more auth code to login-common.
Timo Sirainen <tss@iki.fi>
parents:
1083
diff
changeset
|
67 client->common.io = client->common.fd == -1 ? NULL : |
1049
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
68 io_add(client->common.fd, IO_READ, client_input, client); |
1714 | 69 |
70 client_unref(client); | |
1049
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
71 } |
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
72 |
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
73 static void master_callback(struct client *_client, int success) |
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
74 { |
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
75 struct imap_client *client = (struct imap_client *) _client; |
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
76 const char *reason = NULL; |
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
77 |
1084
86b8c9cb7ac0
Moved more auth code to login-common.
Timo Sirainen <tss@iki.fi>
parents:
1083
diff
changeset
|
78 if (success) { |
86b8c9cb7ac0
Moved more auth code to login-common.
Timo Sirainen <tss@iki.fi>
parents:
1083
diff
changeset
|
79 reason = t_strconcat("Login: ", client->common.virtual_user, |
86b8c9cb7ac0
Moved more auth code to login-common.
Timo Sirainen <tss@iki.fi>
parents:
1083
diff
changeset
|
80 NULL); |
86b8c9cb7ac0
Moved more auth code to login-common.
Timo Sirainen <tss@iki.fi>
parents:
1083
diff
changeset
|
81 } else { |
1049
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
82 reason = t_strconcat("Internal login failure: ", |
1084
86b8c9cb7ac0
Moved more auth code to login-common.
Timo Sirainen <tss@iki.fi>
parents:
1083
diff
changeset
|
83 client->common.virtual_user, NULL); |
2287
df0b936ae3ed
Add "Error report written to server log." also to internal login error
Timo Sirainen <tss@iki.fi>
parents:
2267
diff
changeset
|
84 client_send_line(client, "* BYE Internal login failure. " |
df0b936ae3ed
Add "Error report written to server log." also to internal login error
Timo Sirainen <tss@iki.fi>
parents:
2267
diff
changeset
|
85 "Error report written to server log."); |
1049
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
86 } |
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
87 |
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
88 client_destroy(client, reason); |
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
89 } |
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
90 |
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
91 static void client_send_auth_data(struct imap_client *client, |
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
92 const unsigned char *data, size_t size) |
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
93 { |
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
94 buffer_t *buf; |
2421
d141e1bfdd63
We never do blocking reads/writes to network anymore. Changed imap and pop3
Timo Sirainen <tss@iki.fi>
parents:
2287
diff
changeset
|
95 const void *buf_data; |
d141e1bfdd63
We never do blocking reads/writes to network anymore. Changed imap and pop3
Timo Sirainen <tss@iki.fi>
parents:
2287
diff
changeset
|
96 size_t buf_size; |
d141e1bfdd63
We never do blocking reads/writes to network anymore. Changed imap and pop3
Timo Sirainen <tss@iki.fi>
parents:
2287
diff
changeset
|
97 ssize_t ret; |
1049
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
98 |
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
99 t_push(); |
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
100 |
1782
2f3d906d99d8
data_stack_pool split into two: unsafe_data_stack_pool which works like
Timo Sirainen <tss@iki.fi>
parents:
1725
diff
changeset
|
101 buf = buffer_create_dynamic(pool_datastack_create(), |
2f3d906d99d8
data_stack_pool split into two: unsafe_data_stack_pool which works like
Timo Sirainen <tss@iki.fi>
parents:
1725
diff
changeset
|
102 size*2, (size_t)-1); |
1049
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
103 buffer_append(buf, "+ ", 2); |
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
104 base64_encode(data, size, buf); |
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
105 buffer_append(buf, "\r\n", 2); |
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
106 |
2421
d141e1bfdd63
We never do blocking reads/writes to network anymore. Changed imap and pop3
Timo Sirainen <tss@iki.fi>
parents:
2287
diff
changeset
|
107 buf_data = buffer_get_data(buf, &buf_size); |
2453
d2fe9172e408
AUTHENTICATE and AUTH commands were broken.
Timo Sirainen <tss@iki.fi>
parents:
2421
diff
changeset
|
108 if ((ret = o_stream_send(client->output, buf_data, buf_size)) < 0) |
2421
d141e1bfdd63
We never do blocking reads/writes to network anymore. Changed imap and pop3
Timo Sirainen <tss@iki.fi>
parents:
2287
diff
changeset
|
109 client_destroy(client, "Disconnected"); |
d141e1bfdd63
We never do blocking reads/writes to network anymore. Changed imap and pop3
Timo Sirainen <tss@iki.fi>
parents:
2287
diff
changeset
|
110 else if ((size_t)ret != buf_size) |
d141e1bfdd63
We never do blocking reads/writes to network anymore. Changed imap and pop3
Timo Sirainen <tss@iki.fi>
parents:
2287
diff
changeset
|
111 client_destroy(client, "Transmit buffer full"); |
1049
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
112 |
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
113 t_pop(); |
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
114 } |
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
115 |
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
116 static void login_callback(struct auth_request *request, |
1702
43815588dd6b
Moved client side code for auth process handling to lib-auth. Some other login process cleanups.
Timo Sirainen <tss@iki.fi>
parents:
1499
diff
changeset
|
117 struct auth_client_request_reply *reply, |
43815588dd6b
Moved client side code for auth process handling to lib-auth. Some other login process cleanups.
Timo Sirainen <tss@iki.fi>
parents:
1499
diff
changeset
|
118 const unsigned char *data, void *context) |
1049
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
119 { |
1702
43815588dd6b
Moved client side code for auth process handling to lib-auth. Some other login process cleanups.
Timo Sirainen <tss@iki.fi>
parents:
1499
diff
changeset
|
120 struct imap_client *client = context; |
1084
86b8c9cb7ac0
Moved more auth code to login-common.
Timo Sirainen <tss@iki.fi>
parents:
1083
diff
changeset
|
121 const char *error; |
1049
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
122 |
1702
43815588dd6b
Moved client side code for auth process handling to lib-auth. Some other login process cleanups.
Timo Sirainen <tss@iki.fi>
parents:
1499
diff
changeset
|
123 switch (auth_callback(request, reply, data, &client->common, |
1084
86b8c9cb7ac0
Moved more auth code to login-common.
Timo Sirainen <tss@iki.fi>
parents:
1083
diff
changeset
|
124 master_callback, &error)) { |
86b8c9cb7ac0
Moved more auth code to login-common.
Timo Sirainen <tss@iki.fi>
parents:
1083
diff
changeset
|
125 case -1: |
2088
4d0834aaa365
Use initial SASL response for LOGIN command internally.
Timo Sirainen <tss@iki.fi>
parents:
2077
diff
changeset
|
126 case 0: |
1084
86b8c9cb7ac0
Moved more auth code to login-common.
Timo Sirainen <tss@iki.fi>
parents:
1083
diff
changeset
|
127 /* login failed */ |
86b8c9cb7ac0
Moved more auth code to login-common.
Timo Sirainen <tss@iki.fi>
parents:
1083
diff
changeset
|
128 client_auth_abort(client, error); |
86b8c9cb7ac0
Moved more auth code to login-common.
Timo Sirainen <tss@iki.fi>
parents:
1083
diff
changeset
|
129 break; |
86b8c9cb7ac0
Moved more auth code to login-common.
Timo Sirainen <tss@iki.fi>
parents:
1083
diff
changeset
|
130 |
86b8c9cb7ac0
Moved more auth code to login-common.
Timo Sirainen <tss@iki.fi>
parents:
1083
diff
changeset
|
131 default: |
86b8c9cb7ac0
Moved more auth code to login-common.
Timo Sirainen <tss@iki.fi>
parents:
1083
diff
changeset
|
132 /* success, we should be able to log in. if we fail, just |
86b8c9cb7ac0
Moved more auth code to login-common.
Timo Sirainen <tss@iki.fi>
parents:
1083
diff
changeset
|
133 disconnect the client. */ |
1275
af685269ead0
login: Wait until we're connected to auth process before executing command
Timo Sirainen <tss@iki.fi>
parents:
1085
diff
changeset
|
134 client->authenticating = FALSE; |
1084
86b8c9cb7ac0
Moved more auth code to login-common.
Timo Sirainen <tss@iki.fi>
parents:
1083
diff
changeset
|
135 client_send_tagline(client, "OK Logged in."); |
1714 | 136 client_unref(client); |
1049
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
137 } |
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
138 } |
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
139 |
2027
dc5d0da1abe9
Added ssl_require_client_cert auth-specific setting. Hide
Timo Sirainen <tss@iki.fi>
parents:
1949
diff
changeset
|
140 static enum auth_client_request_new_flags |
dc5d0da1abe9
Added ssl_require_client_cert auth-specific setting. Hide
Timo Sirainen <tss@iki.fi>
parents:
1949
diff
changeset
|
141 client_get_auth_flags(struct imap_client *client) |
dc5d0da1abe9
Added ssl_require_client_cert auth-specific setting. Hide
Timo Sirainen <tss@iki.fi>
parents:
1949
diff
changeset
|
142 { |
dc5d0da1abe9
Added ssl_require_client_cert auth-specific setting. Hide
Timo Sirainen <tss@iki.fi>
parents:
1949
diff
changeset
|
143 enum auth_client_request_new_flags auth_flags = 0; |
dc5d0da1abe9
Added ssl_require_client_cert auth-specific setting. Hide
Timo Sirainen <tss@iki.fi>
parents:
1949
diff
changeset
|
144 |
dc5d0da1abe9
Added ssl_require_client_cert auth-specific setting. Hide
Timo Sirainen <tss@iki.fi>
parents:
1949
diff
changeset
|
145 if (client->common.proxy != NULL && |
dc5d0da1abe9
Added ssl_require_client_cert auth-specific setting. Hide
Timo Sirainen <tss@iki.fi>
parents:
1949
diff
changeset
|
146 ssl_proxy_has_valid_client_cert(client->common.proxy)) |
dc5d0da1abe9
Added ssl_require_client_cert auth-specific setting. Hide
Timo Sirainen <tss@iki.fi>
parents:
1949
diff
changeset
|
147 auth_flags |= AUTH_CLIENT_FLAG_SSL_VALID_CLIENT_CERT; |
2535
0db84a609ee2
Tell dovecot-auth if SSL/TLS is enabled. Nothing can done with it yet
Timo Sirainen <tss@iki.fi>
parents:
2453
diff
changeset
|
148 if (client->tls) |
0db84a609ee2
Tell dovecot-auth if SSL/TLS is enabled. Nothing can done with it yet
Timo Sirainen <tss@iki.fi>
parents:
2453
diff
changeset
|
149 auth_flags |= AUTH_CLIENT_FLAG_SSL_ENABLED; |
2027
dc5d0da1abe9
Added ssl_require_client_cert auth-specific setting. Hide
Timo Sirainen <tss@iki.fi>
parents:
1949
diff
changeset
|
150 return auth_flags; |
dc5d0da1abe9
Added ssl_require_client_cert auth-specific setting. Hide
Timo Sirainen <tss@iki.fi>
parents:
1949
diff
changeset
|
151 } |
dc5d0da1abe9
Added ssl_require_client_cert auth-specific setting. Hide
Timo Sirainen <tss@iki.fi>
parents:
1949
diff
changeset
|
152 |
1049
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
153 int cmd_login(struct imap_client *client, struct imap_arg *args) |
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
154 { |
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
155 const char *user, *pass, *error; |
2097
4e77cb0aff21
Added %l, %r and %P variables and mail_log_prefix setting.
Timo Sirainen <tss@iki.fi>
parents:
2088
diff
changeset
|
156 struct auth_request_info info; |
4e77cb0aff21
Added %l, %r and %P variables and mail_log_prefix setting.
Timo Sirainen <tss@iki.fi>
parents:
2088
diff
changeset
|
157 string_t *plain_login; |
1049
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
158 |
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
159 /* two arguments: username and password */ |
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
160 if (args[0].type != IMAP_ARG_ATOM && args[0].type != IMAP_ARG_STRING) |
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
161 return FALSE; |
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
162 if (args[1].type != IMAP_ARG_ATOM && args[1].type != IMAP_ARG_STRING) |
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
163 return FALSE; |
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
164 if (args[2].type != IMAP_ARG_EOL) |
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
165 return FALSE; |
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
166 |
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
167 user = IMAP_ARG_STR(&args[0]); |
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
168 pass = IMAP_ARG_STR(&args[1]); |
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
169 |
1725
cc0690f92d96
disable_plaintext_auth defaults to yes now. ipv4 127.* and ipv6 ::1
Timo Sirainen <tss@iki.fi>
parents:
1714
diff
changeset
|
170 if (!client->secured && disable_plaintext_auth) { |
2691
46f879c46b45
auth_verbose now affects imap/pop3 login processes too. Every authentication
Timo Sirainen <tss@iki.fi>
parents:
2629
diff
changeset
|
171 if (verbose_auth) { |
46f879c46b45
auth_verbose now affects imap/pop3 login processes too. Every authentication
Timo Sirainen <tss@iki.fi>
parents:
2629
diff
changeset
|
172 client_syslog(client, "Login failed: " |
46f879c46b45
auth_verbose now affects imap/pop3 login processes too. Every authentication
Timo Sirainen <tss@iki.fi>
parents:
2629
diff
changeset
|
173 "Plaintext authentication disabled"); |
46f879c46b45
auth_verbose now affects imap/pop3 login processes too. Every authentication
Timo Sirainen <tss@iki.fi>
parents:
2629
diff
changeset
|
174 } |
1474
e0065ebba5b3
If client tries to do LOGIN even if it's disabled, send [ALERT] to user.
Timo Sirainen <tss@iki.fi>
parents:
1473
diff
changeset
|
175 client_send_line(client, |
e0065ebba5b3
If client tries to do LOGIN even if it's disabled, send [ALERT] to user.
Timo Sirainen <tss@iki.fi>
parents:
1473
diff
changeset
|
176 "* BAD [ALERT] Plaintext authentication is disabled, " |
1725
cc0690f92d96
disable_plaintext_auth defaults to yes now. ipv4 127.* and ipv6 ::1
Timo Sirainen <tss@iki.fi>
parents:
1714
diff
changeset
|
177 "but your client sent password in plaintext anyway. " |
1474
e0065ebba5b3
If client tries to do LOGIN even if it's disabled, send [ALERT] to user.
Timo Sirainen <tss@iki.fi>
parents:
1473
diff
changeset
|
178 "If anyone was listening, the password was exposed."); |
1049
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
179 client_send_tagline(client, |
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
180 "NO Plaintext authentication disabled."); |
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
181 return TRUE; |
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
182 } |
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
183 |
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
184 /* authorization ID \0 authentication ID \0 pass */ |
2097
4e77cb0aff21
Added %l, %r and %P variables and mail_log_prefix setting.
Timo Sirainen <tss@iki.fi>
parents:
2088
diff
changeset
|
185 plain_login = t_str_new(64); |
4e77cb0aff21
Added %l, %r and %P variables and mail_log_prefix setting.
Timo Sirainen <tss@iki.fi>
parents:
2088
diff
changeset
|
186 str_append_c(plain_login, '\0'); |
4e77cb0aff21
Added %l, %r and %P variables and mail_log_prefix setting.
Timo Sirainen <tss@iki.fi>
parents:
2088
diff
changeset
|
187 str_append(plain_login, user); |
4e77cb0aff21
Added %l, %r and %P variables and mail_log_prefix setting.
Timo Sirainen <tss@iki.fi>
parents:
2088
diff
changeset
|
188 str_append_c(plain_login, '\0'); |
4e77cb0aff21
Added %l, %r and %P variables and mail_log_prefix setting.
Timo Sirainen <tss@iki.fi>
parents:
2088
diff
changeset
|
189 str_append(plain_login, pass); |
4e77cb0aff21
Added %l, %r and %P variables and mail_log_prefix setting.
Timo Sirainen <tss@iki.fi>
parents:
2088
diff
changeset
|
190 |
4e77cb0aff21
Added %l, %r and %P variables and mail_log_prefix setting.
Timo Sirainen <tss@iki.fi>
parents:
2088
diff
changeset
|
191 memset(&info, 0, sizeof(info)); |
4e77cb0aff21
Added %l, %r and %P variables and mail_log_prefix setting.
Timo Sirainen <tss@iki.fi>
parents:
2088
diff
changeset
|
192 info.mech = "PLAIN"; |
4e77cb0aff21
Added %l, %r and %P variables and mail_log_prefix setting.
Timo Sirainen <tss@iki.fi>
parents:
2088
diff
changeset
|
193 info.protocol = "IMAP"; |
4e77cb0aff21
Added %l, %r and %P variables and mail_log_prefix setting.
Timo Sirainen <tss@iki.fi>
parents:
2088
diff
changeset
|
194 info.flags = client_get_auth_flags(client); |
4e77cb0aff21
Added %l, %r and %P variables and mail_log_prefix setting.
Timo Sirainen <tss@iki.fi>
parents:
2088
diff
changeset
|
195 info.local_ip = client->common.local_ip; |
4e77cb0aff21
Added %l, %r and %P variables and mail_log_prefix setting.
Timo Sirainen <tss@iki.fi>
parents:
2088
diff
changeset
|
196 info.remote_ip = client->common.ip; |
4e77cb0aff21
Added %l, %r and %P variables and mail_log_prefix setting.
Timo Sirainen <tss@iki.fi>
parents:
2088
diff
changeset
|
197 info.initial_resp_data = str_data(plain_login); |
4e77cb0aff21
Added %l, %r and %P variables and mail_log_prefix setting.
Timo Sirainen <tss@iki.fi>
parents:
2088
diff
changeset
|
198 info.initial_resp_size = str_len(plain_login); |
1049
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
199 |
1714 | 200 client_ref(client); |
2027
dc5d0da1abe9
Added ssl_require_client_cert auth-specific setting. Hide
Timo Sirainen <tss@iki.fi>
parents:
1949
diff
changeset
|
201 |
1702
43815588dd6b
Moved client side code for auth process handling to lib-auth. Some other login process cleanups.
Timo Sirainen <tss@iki.fi>
parents:
1499
diff
changeset
|
202 client->common.auth_request = |
2267
d2e186f716d8
Added APOP authentication for POP3. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
2237
diff
changeset
|
203 auth_client_request_new(auth_client, NULL, &info, |
2097
4e77cb0aff21
Added %l, %r and %P variables and mail_log_prefix setting.
Timo Sirainen <tss@iki.fi>
parents:
2088
diff
changeset
|
204 login_callback, client, &error); |
1702
43815588dd6b
Moved client side code for auth process handling to lib-auth. Some other login process cleanups.
Timo Sirainen <tss@iki.fi>
parents:
1499
diff
changeset
|
205 if (client->common.auth_request == NULL) { |
2691
46f879c46b45
auth_verbose now affects imap/pop3 login processes too. Every authentication
Timo Sirainen <tss@iki.fi>
parents:
2629
diff
changeset
|
206 if (verbose_auth) |
46f879c46b45
auth_verbose now affects imap/pop3 login processes too. Every authentication
Timo Sirainen <tss@iki.fi>
parents:
2629
diff
changeset
|
207 client_syslog(client, "Login failed: %s", error); |
1049
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
208 client_send_tagline(client, t_strconcat( |
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
209 "NO Login failed: ", error, NULL)); |
1714 | 210 client_unref(client); |
1049
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
211 return TRUE; |
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
212 } |
1702
43815588dd6b
Moved client side code for auth process handling to lib-auth. Some other login process cleanups.
Timo Sirainen <tss@iki.fi>
parents:
1499
diff
changeset
|
213 |
43815588dd6b
Moved client side code for auth process handling to lib-auth. Some other login process cleanups.
Timo Sirainen <tss@iki.fi>
parents:
1499
diff
changeset
|
214 /* don't read any input from client until login is finished */ |
43815588dd6b
Moved client side code for auth process handling to lib-auth. Some other login process cleanups.
Timo Sirainen <tss@iki.fi>
parents:
1499
diff
changeset
|
215 if (client->common.io != NULL) { |
43815588dd6b
Moved client side code for auth process handling to lib-auth. Some other login process cleanups.
Timo Sirainen <tss@iki.fi>
parents:
1499
diff
changeset
|
216 io_remove(client->common.io); |
43815588dd6b
Moved client side code for auth process handling to lib-auth. Some other login process cleanups.
Timo Sirainen <tss@iki.fi>
parents:
1499
diff
changeset
|
217 client->common.io = NULL; |
43815588dd6b
Moved client side code for auth process handling to lib-auth. Some other login process cleanups.
Timo Sirainen <tss@iki.fi>
parents:
1499
diff
changeset
|
218 } |
43815588dd6b
Moved client side code for auth process handling to lib-auth. Some other login process cleanups.
Timo Sirainen <tss@iki.fi>
parents:
1499
diff
changeset
|
219 |
43815588dd6b
Moved client side code for auth process handling to lib-auth. Some other login process cleanups.
Timo Sirainen <tss@iki.fi>
parents:
1499
diff
changeset
|
220 client->authenticating = TRUE; |
43815588dd6b
Moved client side code for auth process handling to lib-auth. Some other login process cleanups.
Timo Sirainen <tss@iki.fi>
parents:
1499
diff
changeset
|
221 return TRUE; |
1049
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
222 } |
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
223 |
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
224 static void authenticate_callback(struct auth_request *request, |
1702
43815588dd6b
Moved client side code for auth process handling to lib-auth. Some other login process cleanups.
Timo Sirainen <tss@iki.fi>
parents:
1499
diff
changeset
|
225 struct auth_client_request_reply *reply, |
43815588dd6b
Moved client side code for auth process handling to lib-auth. Some other login process cleanups.
Timo Sirainen <tss@iki.fi>
parents:
1499
diff
changeset
|
226 const unsigned char *data, void *context) |
1049
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
227 { |
1702
43815588dd6b
Moved client side code for auth process handling to lib-auth. Some other login process cleanups.
Timo Sirainen <tss@iki.fi>
parents:
1499
diff
changeset
|
228 struct imap_client *client = context; |
1084
86b8c9cb7ac0
Moved more auth code to login-common.
Timo Sirainen <tss@iki.fi>
parents:
1083
diff
changeset
|
229 const char *error; |
1049
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
230 |
2691
46f879c46b45
auth_verbose now affects imap/pop3 login processes too. Every authentication
Timo Sirainen <tss@iki.fi>
parents:
2629
diff
changeset
|
231 if (!client->authenticating) { |
46f879c46b45
auth_verbose now affects imap/pop3 login processes too. Every authentication
Timo Sirainen <tss@iki.fi>
parents:
2629
diff
changeset
|
232 /* client aborted */ |
46f879c46b45
auth_verbose now affects imap/pop3 login processes too. Every authentication
Timo Sirainen <tss@iki.fi>
parents:
2629
diff
changeset
|
233 i_assert(reply == NULL); |
46f879c46b45
auth_verbose now affects imap/pop3 login processes too. Every authentication
Timo Sirainen <tss@iki.fi>
parents:
2629
diff
changeset
|
234 return; |
46f879c46b45
auth_verbose now affects imap/pop3 login processes too. Every authentication
Timo Sirainen <tss@iki.fi>
parents:
2629
diff
changeset
|
235 } |
46f879c46b45
auth_verbose now affects imap/pop3 login processes too. Every authentication
Timo Sirainen <tss@iki.fi>
parents:
2629
diff
changeset
|
236 |
1702
43815588dd6b
Moved client side code for auth process handling to lib-auth. Some other login process cleanups.
Timo Sirainen <tss@iki.fi>
parents:
1499
diff
changeset
|
237 switch (auth_callback(request, reply, data, &client->common, |
1084
86b8c9cb7ac0
Moved more auth code to login-common.
Timo Sirainen <tss@iki.fi>
parents:
1083
diff
changeset
|
238 master_callback, &error)) { |
86b8c9cb7ac0
Moved more auth code to login-common.
Timo Sirainen <tss@iki.fi>
parents:
1083
diff
changeset
|
239 case -1: |
86b8c9cb7ac0
Moved more auth code to login-common.
Timo Sirainen <tss@iki.fi>
parents:
1083
diff
changeset
|
240 /* login failed */ |
86b8c9cb7ac0
Moved more auth code to login-common.
Timo Sirainen <tss@iki.fi>
parents:
1083
diff
changeset
|
241 client_auth_abort(client, error); |
86b8c9cb7ac0
Moved more auth code to login-common.
Timo Sirainen <tss@iki.fi>
parents:
1083
diff
changeset
|
242 break; |
86b8c9cb7ac0
Moved more auth code to login-common.
Timo Sirainen <tss@iki.fi>
parents:
1083
diff
changeset
|
243 |
86b8c9cb7ac0
Moved more auth code to login-common.
Timo Sirainen <tss@iki.fi>
parents:
1083
diff
changeset
|
244 case 0: |
86b8c9cb7ac0
Moved more auth code to login-common.
Timo Sirainen <tss@iki.fi>
parents:
1083
diff
changeset
|
245 /* continue */ |
1049
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
246 client_send_auth_data(client, data, reply->data_size); |
1084
86b8c9cb7ac0
Moved more auth code to login-common.
Timo Sirainen <tss@iki.fi>
parents:
1083
diff
changeset
|
247 break; |
86b8c9cb7ac0
Moved more auth code to login-common.
Timo Sirainen <tss@iki.fi>
parents:
1083
diff
changeset
|
248 default: |
86b8c9cb7ac0
Moved more auth code to login-common.
Timo Sirainen <tss@iki.fi>
parents:
1083
diff
changeset
|
249 /* success, we should be able to log in. if we fail, just |
86b8c9cb7ac0
Moved more auth code to login-common.
Timo Sirainen <tss@iki.fi>
parents:
1083
diff
changeset
|
250 disconnect the client. */ |
1275
af685269ead0
login: Wait until we're connected to auth process before executing command
Timo Sirainen <tss@iki.fi>
parents:
1085
diff
changeset
|
251 client->authenticating = FALSE; |
1084
86b8c9cb7ac0
Moved more auth code to login-common.
Timo Sirainen <tss@iki.fi>
parents:
1083
diff
changeset
|
252 client_send_tagline(client, "OK Logged in."); |
1714 | 253 client_unref(client); |
1084
86b8c9cb7ac0
Moved more auth code to login-common.
Timo Sirainen <tss@iki.fi>
parents:
1083
diff
changeset
|
254 } |
1049
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
255 } |
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
256 |
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
257 static void client_auth_input(void *context) |
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
258 { |
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
259 struct imap_client *client = context; |
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
260 buffer_t *buf; |
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
261 char *line; |
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
262 size_t linelen, bufsize; |
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
263 |
2237
6b05e30c669a
crashfix if client closes connection while authenticating
Timo Sirainen <tss@iki.fi>
parents:
2097
diff
changeset
|
264 if (!client_read(client)) |
1049
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
265 return; |
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
266 |
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
267 if (client->skip_line) { |
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
268 if (i_stream_next_line(client->input) == NULL) |
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
269 return; |
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
270 |
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
271 client->skip_line = FALSE; |
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
272 } |
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
273 |
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
274 /* @UNSAFE */ |
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
275 line = i_stream_next_line(client->input); |
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
276 if (line == NULL) |
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
277 return; |
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
278 |
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
279 if (strcmp(line, "*") == 0) { |
1084
86b8c9cb7ac0
Moved more auth code to login-common.
Timo Sirainen <tss@iki.fi>
parents:
1083
diff
changeset
|
280 client_auth_abort(client, "Authentication aborted"); |
1049
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
281 return; |
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
282 } |
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
283 |
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
284 linelen = strlen(line); |
1782
2f3d906d99d8
data_stack_pool split into two: unsafe_data_stack_pool which works like
Timo Sirainen <tss@iki.fi>
parents:
1725
diff
changeset
|
285 buf = buffer_create_static_hard(pool_datastack_create(), linelen); |
1049
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
286 |
2629
6ba9dcff11b9
Compiler warning fixes and cleanups
Timo Sirainen <tss@iki.fi>
parents:
2535
diff
changeset
|
287 if (base64_decode(line, linelen, NULL, buf) <= 0) { |
1049
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
288 /* failed */ |
1084
86b8c9cb7ac0
Moved more auth code to login-common.
Timo Sirainen <tss@iki.fi>
parents:
1083
diff
changeset
|
289 client_auth_abort(client, "Invalid base64 data"); |
86b8c9cb7ac0
Moved more auth code to login-common.
Timo Sirainen <tss@iki.fi>
parents:
1083
diff
changeset
|
290 } else if (client->common.auth_request == NULL) { |
86b8c9cb7ac0
Moved more auth code to login-common.
Timo Sirainen <tss@iki.fi>
parents:
1083
diff
changeset
|
291 client_auth_abort(client, "Don't send unrequested data"); |
1049
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
292 } else { |
1702
43815588dd6b
Moved client side code for auth process handling to lib-auth. Some other login process cleanups.
Timo Sirainen <tss@iki.fi>
parents:
1499
diff
changeset
|
293 auth_client_request_continue(client->common.auth_request, |
43815588dd6b
Moved client side code for auth process handling to lib-auth. Some other login process cleanups.
Timo Sirainen <tss@iki.fi>
parents:
1499
diff
changeset
|
294 buffer_get_data(buf, NULL), |
43815588dd6b
Moved client side code for auth process handling to lib-auth. Some other login process cleanups.
Timo Sirainen <tss@iki.fi>
parents:
1499
diff
changeset
|
295 buffer_get_used_size(buf)); |
1049
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
296 } |
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
297 |
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
298 /* clear sensitive data */ |
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
299 safe_memset(line, 0, linelen); |
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
300 |
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
301 bufsize = buffer_get_used_size(buf); |
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
302 safe_memset(buffer_free_without_data(buf), 0, bufsize); |
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
303 } |
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
304 |
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
305 int cmd_authenticate(struct imap_client *client, struct imap_arg *args) |
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
306 { |
2077
d5b20d679b8a
Removed hardcoded mechanism lists. It's now possible to add them
Timo Sirainen <tss@iki.fi>
parents:
2076
diff
changeset
|
307 const struct auth_mech_desc *mech; |
1049
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
308 const char *mech_name, *error; |
2097
4e77cb0aff21
Added %l, %r and %P variables and mail_log_prefix setting.
Timo Sirainen <tss@iki.fi>
parents:
2088
diff
changeset
|
309 struct auth_request_info info; |
1049
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
310 |
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
311 /* we want only one argument: authentication mechanism name */ |
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
312 if (args[0].type != IMAP_ARG_ATOM && args[0].type != IMAP_ARG_STRING) |
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
313 return FALSE; |
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
314 if (args[1].type != IMAP_ARG_EOL) |
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
315 return FALSE; |
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
316 |
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
317 mech_name = IMAP_ARG_STR(&args[0]); |
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
318 if (*mech_name == '\0') |
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
319 return FALSE; |
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
320 |
2077
d5b20d679b8a
Removed hardcoded mechanism lists. It's now possible to add them
Timo Sirainen <tss@iki.fi>
parents:
2076
diff
changeset
|
321 mech = auth_client_find_mech(auth_client, mech_name); |
1049
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
322 if (mech == NULL) { |
2691
46f879c46b45
auth_verbose now affects imap/pop3 login processes too. Every authentication
Timo Sirainen <tss@iki.fi>
parents:
2629
diff
changeset
|
323 if (verbose_auth) { |
46f879c46b45
auth_verbose now affects imap/pop3 login processes too. Every authentication
Timo Sirainen <tss@iki.fi>
parents:
2629
diff
changeset
|
324 client_syslog(client, "Authenticate %s failed: " |
46f879c46b45
auth_verbose now affects imap/pop3 login processes too. Every authentication
Timo Sirainen <tss@iki.fi>
parents:
2629
diff
changeset
|
325 "Unsupported mechanism", |
46f879c46b45
auth_verbose now affects imap/pop3 login processes too. Every authentication
Timo Sirainen <tss@iki.fi>
parents:
2629
diff
changeset
|
326 str_sanitize(mech_name, MAX_MECH_NAME)); |
46f879c46b45
auth_verbose now affects imap/pop3 login processes too. Every authentication
Timo Sirainen <tss@iki.fi>
parents:
2629
diff
changeset
|
327 } |
1049
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
328 client_send_tagline(client, |
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
329 "NO Unsupported authentication mechanism."); |
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
330 return TRUE; |
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
331 } |
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
332 |
1725
cc0690f92d96
disable_plaintext_auth defaults to yes now. ipv4 127.* and ipv6 ::1
Timo Sirainen <tss@iki.fi>
parents:
1714
diff
changeset
|
333 if (!client->secured && mech->plaintext && disable_plaintext_auth) { |
2691
46f879c46b45
auth_verbose now affects imap/pop3 login processes too. Every authentication
Timo Sirainen <tss@iki.fi>
parents:
2629
diff
changeset
|
334 if (verbose_auth) { |
46f879c46b45
auth_verbose now affects imap/pop3 login processes too. Every authentication
Timo Sirainen <tss@iki.fi>
parents:
2629
diff
changeset
|
335 client_syslog(client, "Authenticate %s failed: " |
46f879c46b45
auth_verbose now affects imap/pop3 login processes too. Every authentication
Timo Sirainen <tss@iki.fi>
parents:
2629
diff
changeset
|
336 "Plaintext authentication disabled", |
46f879c46b45
auth_verbose now affects imap/pop3 login processes too. Every authentication
Timo Sirainen <tss@iki.fi>
parents:
2629
diff
changeset
|
337 str_sanitize(mech_name, MAX_MECH_NAME)); |
46f879c46b45
auth_verbose now affects imap/pop3 login processes too. Every authentication
Timo Sirainen <tss@iki.fi>
parents:
2629
diff
changeset
|
338 } |
1049
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
339 client_send_tagline(client, |
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
340 "NO Plaintext authentication disabled."); |
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
341 return TRUE; |
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
342 } |
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
343 |
2097
4e77cb0aff21
Added %l, %r and %P variables and mail_log_prefix setting.
Timo Sirainen <tss@iki.fi>
parents:
2088
diff
changeset
|
344 memset(&info, 0, sizeof(info)); |
4e77cb0aff21
Added %l, %r and %P variables and mail_log_prefix setting.
Timo Sirainen <tss@iki.fi>
parents:
2088
diff
changeset
|
345 info.mech = mech->name; |
4e77cb0aff21
Added %l, %r and %P variables and mail_log_prefix setting.
Timo Sirainen <tss@iki.fi>
parents:
2088
diff
changeset
|
346 info.protocol = "IMAP"; |
4e77cb0aff21
Added %l, %r and %P variables and mail_log_prefix setting.
Timo Sirainen <tss@iki.fi>
parents:
2088
diff
changeset
|
347 info.flags = client_get_auth_flags(client); |
4e77cb0aff21
Added %l, %r and %P variables and mail_log_prefix setting.
Timo Sirainen <tss@iki.fi>
parents:
2088
diff
changeset
|
348 info.local_ip = client->common.local_ip; |
4e77cb0aff21
Added %l, %r and %P variables and mail_log_prefix setting.
Timo Sirainen <tss@iki.fi>
parents:
2088
diff
changeset
|
349 info.remote_ip = client->common.ip; |
4e77cb0aff21
Added %l, %r and %P variables and mail_log_prefix setting.
Timo Sirainen <tss@iki.fi>
parents:
2088
diff
changeset
|
350 |
1714 | 351 client_ref(client); |
2421
d141e1bfdd63
We never do blocking reads/writes to network anymore. Changed imap and pop3
Timo Sirainen <tss@iki.fi>
parents:
2287
diff
changeset
|
352 o_stream_uncork(client->output); |
d141e1bfdd63
We never do blocking reads/writes to network anymore. Changed imap and pop3
Timo Sirainen <tss@iki.fi>
parents:
2287
diff
changeset
|
353 |
1702
43815588dd6b
Moved client side code for auth process handling to lib-auth. Some other login process cleanups.
Timo Sirainen <tss@iki.fi>
parents:
1499
diff
changeset
|
354 client->common.auth_request = |
2267
d2e186f716d8
Added APOP authentication for POP3. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
2237
diff
changeset
|
355 auth_client_request_new(auth_client, NULL, &info, |
2097
4e77cb0aff21
Added %l, %r and %P variables and mail_log_prefix setting.
Timo Sirainen <tss@iki.fi>
parents:
2088
diff
changeset
|
356 authenticate_callback, client, &error); |
1702
43815588dd6b
Moved client side code for auth process handling to lib-auth. Some other login process cleanups.
Timo Sirainen <tss@iki.fi>
parents:
1499
diff
changeset
|
357 if (client->common.auth_request != NULL) { |
1049
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
358 /* following input data will go to authentication */ |
1084
86b8c9cb7ac0
Moved more auth code to login-common.
Timo Sirainen <tss@iki.fi>
parents:
1083
diff
changeset
|
359 if (client->common.io != NULL) |
86b8c9cb7ac0
Moved more auth code to login-common.
Timo Sirainen <tss@iki.fi>
parents:
1083
diff
changeset
|
360 io_remove(client->common.io); |
86b8c9cb7ac0
Moved more auth code to login-common.
Timo Sirainen <tss@iki.fi>
parents:
1083
diff
changeset
|
361 client->common.io = io_add(client->common.fd, IO_READ, |
86b8c9cb7ac0
Moved more auth code to login-common.
Timo Sirainen <tss@iki.fi>
parents:
1083
diff
changeset
|
362 client_auth_input, client); |
1275
af685269ead0
login: Wait until we're connected to auth process before executing command
Timo Sirainen <tss@iki.fi>
parents:
1085
diff
changeset
|
363 client->authenticating = TRUE; |
1049
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
364 } else { |
2691
46f879c46b45
auth_verbose now affects imap/pop3 login processes too. Every authentication
Timo Sirainen <tss@iki.fi>
parents:
2629
diff
changeset
|
365 if (verbose_auth) { |
46f879c46b45
auth_verbose now affects imap/pop3 login processes too. Every authentication
Timo Sirainen <tss@iki.fi>
parents:
2629
diff
changeset
|
366 client_syslog(client, "Authenticate %s failed: %s", |
46f879c46b45
auth_verbose now affects imap/pop3 login processes too. Every authentication
Timo Sirainen <tss@iki.fi>
parents:
2629
diff
changeset
|
367 str_sanitize(mech_name, MAX_MECH_NAME), |
46f879c46b45
auth_verbose now affects imap/pop3 login processes too. Every authentication
Timo Sirainen <tss@iki.fi>
parents:
2629
diff
changeset
|
368 error); |
46f879c46b45
auth_verbose now affects imap/pop3 login processes too. Every authentication
Timo Sirainen <tss@iki.fi>
parents:
2629
diff
changeset
|
369 } |
1049
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
370 client_send_tagline(client, t_strconcat( |
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
371 "NO Authentication failed: ", error, NULL)); |
1714 | 372 client_unref(client); |
1049
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
373 } |
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
374 |
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
375 return TRUE; |
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
376 } |