dovecot/original-hg/dovecot-1.2: src/login-common/sasl-server.c annotate

annotate src/login-common/sasl-server.c @ 9651:9ab1c8a10944 HEAD

lib-storage: Message size lookups from cache was broken if fields weren't in "normal" order in file.

author	Timo Sirainen <tss@iki.fi>
date	Wed, 25 Jan 2012 23:45:02 +0200
parents	00cd9aacd03c
children

rev	line source
9532 00cd9aacd03c Updated copyright notices to include year 2010. Timo Sirainen <tss@iki.fi> parents: 9408 diff changeset	1 /* Copyright (c) 2002-2010 Dovecot authors, see the included COPYING file */
2733 9b9d9c164a31 Login process cleanups. Share more authentication code between pop3/imap. Timo Sirainen <tss@iki.fi> parents: diff changeset	2
9b9d9c164a31 Login process cleanups. Share more authentication code between pop3/imap. Timo Sirainen <tss@iki.fi> parents: diff changeset	3 #include "common.h"
9b9d9c164a31 Login process cleanups. Share more authentication code between pop3/imap. Timo Sirainen <tss@iki.fi> parents: diff changeset	4 #include "base64.h"
9b9d9c164a31 Login process cleanups. Share more authentication code between pop3/imap. Timo Sirainen <tss@iki.fi> parents: diff changeset	5 #include "buffer.h"
9b9d9c164a31 Login process cleanups. Share more authentication code between pop3/imap. Timo Sirainen <tss@iki.fi> parents: diff changeset	6 #include "str-sanitize.h"
9b9d9c164a31 Login process cleanups. Share more authentication code between pop3/imap. Timo Sirainen <tss@iki.fi> parents: diff changeset	7 #include "auth-client.h"
9b9d9c164a31 Login process cleanups. Share more authentication code between pop3/imap. Timo Sirainen <tss@iki.fi> parents: diff changeset	8 #include "ssl-proxy.h"
9b9d9c164a31 Login process cleanups. Share more authentication code between pop3/imap. Timo Sirainen <tss@iki.fi> parents: diff changeset	9 #include "client-common.h"
9b9d9c164a31 Login process cleanups. Share more authentication code between pop3/imap. Timo Sirainen <tss@iki.fi> parents: diff changeset	10 #include "master.h"
9b9d9c164a31 Login process cleanups. Share more authentication code between pop3/imap. Timo Sirainen <tss@iki.fi> parents: diff changeset	11
2736 0f31778d3c34 Changed dovecot-auth protocol to ASCII based. Should be easier now to write Timo Sirainen <tss@iki.fi> parents: 2733 diff changeset	12 static enum auth_request_flags
2733 9b9d9c164a31 Login process cleanups. Share more authentication code between pop3/imap. Timo Sirainen <tss@iki.fi> parents: diff changeset	13 client_get_auth_flags(struct client *client)
9b9d9c164a31 Login process cleanups. Share more authentication code between pop3/imap. Timo Sirainen <tss@iki.fi> parents: diff changeset	14 {
2736 0f31778d3c34 Changed dovecot-auth protocol to ASCII based. Should be easier now to write Timo Sirainen <tss@iki.fi> parents: 2733 diff changeset	15 enum auth_request_flags auth_flags = 0;
2733 9b9d9c164a31 Login process cleanups. Share more authentication code between pop3/imap. Timo Sirainen <tss@iki.fi> parents: diff changeset	16
9b9d9c164a31 Login process cleanups. Share more authentication code between pop3/imap. Timo Sirainen <tss@iki.fi> parents: diff changeset	17 if (client->proxy != NULL &&
9b9d9c164a31 Login process cleanups. Share more authentication code between pop3/imap. Timo Sirainen <tss@iki.fi> parents: diff changeset	18 ssl_proxy_has_valid_client_cert(client->proxy))
2736 0f31778d3c34 Changed dovecot-auth protocol to ASCII based. Should be easier now to write Timo Sirainen <tss@iki.fi> parents: 2733 diff changeset	19 auth_flags \|= AUTH_REQUEST_FLAG_VALID_CLIENT_CERT;
0f31778d3c34 Changed dovecot-auth protocol to ASCII based. Should be easier now to write Timo Sirainen <tss@iki.fi> parents: 2733 diff changeset	20 if (client->secured)
0f31778d3c34 Changed dovecot-auth protocol to ASCII based. Should be easier now to write Timo Sirainen <tss@iki.fi> parents: 2733 diff changeset	21 auth_flags \|= AUTH_REQUEST_FLAG_SECURED;
2733 9b9d9c164a31 Login process cleanups. Share more authentication code between pop3/imap. Timo Sirainen <tss@iki.fi> parents: diff changeset	22 return auth_flags;
9b9d9c164a31 Login process cleanups. Share more authentication code between pop3/imap. Timo Sirainen <tss@iki.fi> parents: diff changeset	23 }
9b9d9c164a31 Login process cleanups. Share more authentication code between pop3/imap. Timo Sirainen <tss@iki.fi> parents: diff changeset	24
5232 7e26736a9fba After calling sasl_callback() the client may be destroyed already. Don't try Timo Sirainen <tss@iki.fi> parents: 5149 diff changeset	25 static void
7e26736a9fba After calling sasl_callback() the client may be destroyed already. Don't try Timo Sirainen <tss@iki.fi> parents: 5149 diff changeset	26 call_client_callback(struct client *client, enum sasl_server_reply reply,
7e26736a9fba After calling sasl_callback() the client may be destroyed already. Don't try Timo Sirainen <tss@iki.fi> parents: 5149 diff changeset	27 const char data, const char const *args)
7e26736a9fba After calling sasl_callback() the client may be destroyed already. Don't try Timo Sirainen <tss@iki.fi> parents: 5149 diff changeset	28 {
7e26736a9fba After calling sasl_callback() the client may be destroyed already. Don't try Timo Sirainen <tss@iki.fi> parents: 5149 diff changeset	29 sasl_server_callback_t *sasl_callback;
7e26736a9fba After calling sasl_callback() the client may be destroyed already. Don't try Timo Sirainen <tss@iki.fi> parents: 5149 diff changeset	30
7e26736a9fba After calling sasl_callback() the client may be destroyed already. Don't try Timo Sirainen <tss@iki.fi> parents: 5149 diff changeset	31 i_assert(reply != SASL_SERVER_REPLY_CONTINUE);
7e26736a9fba After calling sasl_callback() the client may be destroyed already. Don't try Timo Sirainen <tss@iki.fi> parents: 5149 diff changeset	32
7e26736a9fba After calling sasl_callback() the client may be destroyed already. Don't try Timo Sirainen <tss@iki.fi> parents: 5149 diff changeset	33 sasl_callback = client->sasl_callback;
7e26736a9fba After calling sasl_callback() the client may be destroyed already. Don't try Timo Sirainen <tss@iki.fi> parents: 5149 diff changeset	34 client->sasl_callback = NULL;
7e26736a9fba After calling sasl_callback() the client may be destroyed already. Don't try Timo Sirainen <tss@iki.fi> parents: 5149 diff changeset	35
7e26736a9fba After calling sasl_callback() the client may be destroyed already. Don't try Timo Sirainen <tss@iki.fi> parents: 5149 diff changeset	36 sasl_callback(client, reply, data, args);
7e26736a9fba After calling sasl_callback() the client may be destroyed already. Don't try Timo Sirainen <tss@iki.fi> parents: 5149 diff changeset	37 /* NOTE: client may be destroyed now */
7e26736a9fba After calling sasl_callback() the client may be destroyed already. Don't try Timo Sirainen <tss@iki.fi> parents: 5149 diff changeset	38 }
7e26736a9fba After calling sasl_callback() the client may be destroyed already. Don't try Timo Sirainen <tss@iki.fi> parents: 5149 diff changeset	39
5846 21e529b8a701 Initial implementation for mail_max_user_connections setting. Timo Sirainen <tss@iki.fi> parents: 5435 diff changeset	40 static void
8092 29b623366e1e Pass the created mail process PID back to login process so it can log it. Timo Sirainen <tss@iki.fi> parents: 7086 diff changeset	41 master_callback(struct client client, const struct master_login_reply reply)
2733 9b9d9c164a31 Login process cleanups. Share more authentication code between pop3/imap. Timo Sirainen <tss@iki.fi> parents: diff changeset	42 {
8092 29b623366e1e Pass the created mail process PID back to login process so it can log it. Timo Sirainen <tss@iki.fi> parents: 7086 diff changeset	43 enum sasl_server_reply sasl_reply = SASL_SERVER_REPLY_MASTER_FAILED;
5846 21e529b8a701 Initial implementation for mail_max_user_connections setting. Timo Sirainen <tss@iki.fi> parents: 5435 diff changeset	44 const char *data = NULL;
21e529b8a701 Initial implementation for mail_max_user_connections setting. Timo Sirainen <tss@iki.fi> parents: 5435 diff changeset	45
2733 9b9d9c164a31 Login process cleanups. Share more authentication code between pop3/imap. Timo Sirainen <tss@iki.fi> parents: diff changeset	46 client->authenticating = FALSE;
8092 29b623366e1e Pass the created mail process PID back to login process so it can log it. Timo Sirainen <tss@iki.fi> parents: 7086 diff changeset	47 switch (reply->status) {
5846 21e529b8a701 Initial implementation for mail_max_user_connections setting. Timo Sirainen <tss@iki.fi> parents: 5435 diff changeset	48 case MASTER_LOGIN_STATUS_OK:
8092 29b623366e1e Pass the created mail process PID back to login process so it can log it. Timo Sirainen <tss@iki.fi> parents: 7086 diff changeset	49 sasl_reply = SASL_SERVER_REPLY_SUCCESS;
5846 21e529b8a701 Initial implementation for mail_max_user_connections setting. Timo Sirainen <tss@iki.fi> parents: 5435 diff changeset	50 break;
21e529b8a701 Initial implementation for mail_max_user_connections setting. Timo Sirainen <tss@iki.fi> parents: 5435 diff changeset	51 case MASTER_LOGIN_STATUS_INTERNAL_ERROR:
21e529b8a701 Initial implementation for mail_max_user_connections setting. Timo Sirainen <tss@iki.fi> parents: 5435 diff changeset	52 break;
21e529b8a701 Initial implementation for mail_max_user_connections setting. Timo Sirainen <tss@iki.fi> parents: 5435 diff changeset	53 case MASTER_LOGIN_STATUS_MAX_CONNECTIONS:
8233 b7cbf648228f Mention mail_max_userip_connections setting in the log message if the limit is exceeded. Timo Sirainen <tss@iki.fi> parents: 8092 diff changeset	54 data = "Maximum number of connections from user+IP exceeded "
b7cbf648228f Mention mail_max_userip_connections setting in the log message if the limit is exceeded. Timo Sirainen <tss@iki.fi> parents: 8092 diff changeset	55 "(mail_max_userip_connections)";
5846 21e529b8a701 Initial implementation for mail_max_user_connections setting. Timo Sirainen <tss@iki.fi> parents: 5435 diff changeset	56 break;
21e529b8a701 Initial implementation for mail_max_user_connections setting. Timo Sirainen <tss@iki.fi> parents: 5435 diff changeset	57 }
8092 29b623366e1e Pass the created mail process PID back to login process so it can log it. Timo Sirainen <tss@iki.fi> parents: 7086 diff changeset	58 client->mail_pid = reply->mail_pid;
29b623366e1e Pass the created mail process PID back to login process so it can log it. Timo Sirainen <tss@iki.fi> parents: 7086 diff changeset	59 call_client_callback(client, sasl_reply, data, NULL);
2733 9b9d9c164a31 Login process cleanups. Share more authentication code between pop3/imap. Timo Sirainen <tss@iki.fi> parents: diff changeset	60 }
9b9d9c164a31 Login process cleanups. Share more authentication code between pop3/imap. Timo Sirainen <tss@iki.fi> parents: diff changeset	61
2736 0f31778d3c34 Changed dovecot-auth protocol to ASCII based. Should be easier now to write Timo Sirainen <tss@iki.fi> parents: 2733 diff changeset	62 static void authenticate_callback(struct auth_request *request, int status,
0f31778d3c34 Changed dovecot-auth protocol to ASCII based. Should be easier now to write Timo Sirainen <tss@iki.fi> parents: 2733 diff changeset	63 const char *data_base64,
0f31778d3c34 Changed dovecot-auth protocol to ASCII based. Should be easier now to write Timo Sirainen <tss@iki.fi> parents: 2733 diff changeset	64 const char const args, void *context)
2733 9b9d9c164a31 Login process cleanups. Share more authentication code between pop3/imap. Timo Sirainen <tss@iki.fi> parents: diff changeset	65 {
9b9d9c164a31 Login process cleanups. Share more authentication code between pop3/imap. Timo Sirainen <tss@iki.fi> parents: diff changeset	66 struct client *client = context;
2766 26a091f3add6 Implemented support for LOGIN-REFERRALS using "referral" and "reason" Timo Sirainen <tss@iki.fi> parents: 2736 diff changeset	67 unsigned int i;
3863 55df57c028d4 Added "bool" type and changed all ints that were used as booleans to bool. Timo Sirainen <tss@iki.fi> parents: 3635 diff changeset	68 bool nologin;
2733 9b9d9c164a31 Login process cleanups. Share more authentication code between pop3/imap. Timo Sirainen <tss@iki.fi> parents: diff changeset	69
9b9d9c164a31 Login process cleanups. Share more authentication code between pop3/imap. Timo Sirainen <tss@iki.fi> parents: diff changeset	70 if (!client->authenticating) {
9b9d9c164a31 Login process cleanups. Share more authentication code between pop3/imap. Timo Sirainen <tss@iki.fi> parents: diff changeset	71 /* client aborted */
2736 0f31778d3c34 Changed dovecot-auth protocol to ASCII based. Should be easier now to write Timo Sirainen <tss@iki.fi> parents: 2733 diff changeset	72 i_assert(status < 0);
2733 9b9d9c164a31 Login process cleanups. Share more authentication code between pop3/imap. Timo Sirainen <tss@iki.fi> parents: diff changeset	73 return;
9b9d9c164a31 Login process cleanups. Share more authentication code between pop3/imap. Timo Sirainen <tss@iki.fi> parents: diff changeset	74 }
9b9d9c164a31 Login process cleanups. Share more authentication code between pop3/imap. Timo Sirainen <tss@iki.fi> parents: diff changeset	75
5105 342429974bf5 Assert-crashfixes Timo Sirainen <tss@iki.fi> parents: 4874 diff changeset	76 i_assert(client->auth_request == request);
2736 0f31778d3c34 Changed dovecot-auth protocol to ASCII based. Should be easier now to write Timo Sirainen <tss@iki.fi> parents: 2733 diff changeset	77 switch (status) {
0f31778d3c34 Changed dovecot-auth protocol to ASCII based. Should be easier now to write Timo Sirainen <tss@iki.fi> parents: 2733 diff changeset	78 case 0:
0f31778d3c34 Changed dovecot-auth protocol to ASCII based. Should be easier now to write Timo Sirainen <tss@iki.fi> parents: 2733 diff changeset	79 /* continue */
2733 9b9d9c164a31 Login process cleanups. Share more authentication code between pop3/imap. Timo Sirainen <tss@iki.fi> parents: diff changeset	80 client->sasl_callback(client, SASL_SERVER_REPLY_CONTINUE,
2766 26a091f3add6 Implemented support for LOGIN-REFERRALS using "referral" and "reason" Timo Sirainen <tss@iki.fi> parents: 2736 diff changeset	81 data_base64, NULL);
2733 9b9d9c164a31 Login process cleanups. Share more authentication code between pop3/imap. Timo Sirainen <tss@iki.fi> parents: diff changeset	82 break;
2736 0f31778d3c34 Changed dovecot-auth protocol to ASCII based. Should be easier now to write Timo Sirainen <tss@iki.fi> parents: 2733 diff changeset	83 case 1:
2733 9b9d9c164a31 Login process cleanups. Share more authentication code between pop3/imap. Timo Sirainen <tss@iki.fi> parents: diff changeset	84 client->auth_request = NULL;
9b9d9c164a31 Login process cleanups. Share more authentication code between pop3/imap. Timo Sirainen <tss@iki.fi> parents: diff changeset	85
2766 26a091f3add6 Implemented support for LOGIN-REFERRALS using "referral" and "reason" Timo Sirainen <tss@iki.fi> parents: 2736 diff changeset	86 nologin = FALSE;
26a091f3add6 Implemented support for LOGIN-REFERRALS using "referral" and "reason" Timo Sirainen <tss@iki.fi> parents: 2736 diff changeset	87 for (i = 0; args[i] != NULL; i++) {
26a091f3add6 Implemented support for LOGIN-REFERRALS using "referral" and "reason" Timo Sirainen <tss@iki.fi> parents: 2736 diff changeset	88 if (strncmp(args[i], "user=", 5) == 0) {
2736 0f31778d3c34 Changed dovecot-auth protocol to ASCII based. Should be easier now to write Timo Sirainen <tss@iki.fi> parents: 2733 diff changeset	89 i_free(client->virtual_user);
2766 26a091f3add6 Implemented support for LOGIN-REFERRALS using "referral" and "reason" Timo Sirainen <tss@iki.fi> parents: 2736 diff changeset	90 client->virtual_user = i_strdup(args[i] + 5);
26a091f3add6 Implemented support for LOGIN-REFERRALS using "referral" and "reason" Timo Sirainen <tss@iki.fi> parents: 2736 diff changeset	91 }
4874 e39397cf0915 proxy=y logins can't log in either. Timo Sirainen <tss@iki.fi> parents: 4858 diff changeset	92 if (strcmp(args[i], "nologin") == 0 \|\|
e39397cf0915 proxy=y logins can't log in either. Timo Sirainen <tss@iki.fi> parents: 4858 diff changeset	93 strcmp(args[i], "proxy") == 0) {
2766 26a091f3add6 Implemented support for LOGIN-REFERRALS using "referral" and "reason" Timo Sirainen <tss@iki.fi> parents: 2736 diff changeset	94 /* user can't login */
26a091f3add6 Implemented support for LOGIN-REFERRALS using "referral" and "reason" Timo Sirainen <tss@iki.fi> parents: 2736 diff changeset	95 nologin = TRUE;
2736 0f31778d3c34 Changed dovecot-auth protocol to ASCII based. Should be easier now to write Timo Sirainen <tss@iki.fi> parents: 2733 diff changeset	96 }
0f31778d3c34 Changed dovecot-auth protocol to ASCII based. Should be easier now to write Timo Sirainen <tss@iki.fi> parents: 2733 diff changeset	97 }
2733 9b9d9c164a31 Login process cleanups. Share more authentication code between pop3/imap. Timo Sirainen <tss@iki.fi> parents: diff changeset	98
2766 26a091f3add6 Implemented support for LOGIN-REFERRALS using "referral" and "reason" Timo Sirainen <tss@iki.fi> parents: 2736 diff changeset	99 if (nologin) {
26a091f3add6 Implemented support for LOGIN-REFERRALS using "referral" and "reason" Timo Sirainen <tss@iki.fi> parents: 2736 diff changeset	100 client->authenticating = FALSE;
5232 7e26736a9fba After calling sasl_callback() the client may be destroyed already. Don't try Timo Sirainen <tss@iki.fi> parents: 5149 diff changeset	101 call_client_callback(client, SASL_SERVER_REPLY_SUCCESS,
7e26736a9fba After calling sasl_callback() the client may be destroyed already. Don't try Timo Sirainen <tss@iki.fi> parents: 5149 diff changeset	102 NULL, args);
2766 26a091f3add6 Implemented support for LOGIN-REFERRALS using "referral" and "reason" Timo Sirainen <tss@iki.fi> parents: 2736 diff changeset	103 } else {
26a091f3add6 Implemented support for LOGIN-REFERRALS using "referral" and "reason" Timo Sirainen <tss@iki.fi> parents: 2736 diff changeset	104 master_request_login(client, master_callback,
2733 9b9d9c164a31 Login process cleanups. Share more authentication code between pop3/imap. Timo Sirainen <tss@iki.fi> parents: diff changeset	105 auth_client_request_get_server_pid(request),
9b9d9c164a31 Login process cleanups. Share more authentication code between pop3/imap. Timo Sirainen <tss@iki.fi> parents: diff changeset	106 auth_client_request_get_id(request));
2766 26a091f3add6 Implemented support for LOGIN-REFERRALS using "referral" and "reason" Timo Sirainen <tss@iki.fi> parents: 2736 diff changeset	107 }
2733 9b9d9c164a31 Login process cleanups. Share more authentication code between pop3/imap. Timo Sirainen <tss@iki.fi> parents: diff changeset	108 break;
2736 0f31778d3c34 Changed dovecot-auth protocol to ASCII based. Should be easier now to write Timo Sirainen <tss@iki.fi> parents: 2733 diff changeset	109 case -1:
2733 9b9d9c164a31 Login process cleanups. Share more authentication code between pop3/imap. Timo Sirainen <tss@iki.fi> parents: diff changeset	110 client->auth_request = NULL;
9b9d9c164a31 Login process cleanups. Share more authentication code between pop3/imap. Timo Sirainen <tss@iki.fi> parents: diff changeset	111
2768 d344be0bb70f Added IMAP and POP3 proxying support. Timo Sirainen <tss@iki.fi> parents: 2766 diff changeset	112 if (args != NULL) {
2772 7ac5ee00278c Use reason=xx field in FAIL to report the error message instead of separate Timo Sirainen <tss@iki.fi> parents: 2768 diff changeset	113 /* parse our username if it's there */
2768 d344be0bb70f Added IMAP and POP3 proxying support. Timo Sirainen <tss@iki.fi> parents: 2766 diff changeset	114 for (i = 0; args[i] != NULL; i++) {
d344be0bb70f Added IMAP and POP3 proxying support. Timo Sirainen <tss@iki.fi> parents: 2766 diff changeset	115 if (strncmp(args[i], "user=", 5) == 0) {
d344be0bb70f Added IMAP and POP3 proxying support. Timo Sirainen <tss@iki.fi> parents: 2766 diff changeset	116 i_free(client->virtual_user);
d344be0bb70f Added IMAP and POP3 proxying support. Timo Sirainen <tss@iki.fi> parents: 2766 diff changeset	117 client->virtual_user =
d344be0bb70f Added IMAP and POP3 proxying support. Timo Sirainen <tss@iki.fi> parents: 2766 diff changeset	118 i_strdup(args[i] + 5);
d344be0bb70f Added IMAP and POP3 proxying support. Timo Sirainen <tss@iki.fi> parents: 2766 diff changeset	119 }
d344be0bb70f Added IMAP and POP3 proxying support. Timo Sirainen <tss@iki.fi> parents: 2766 diff changeset	120 }
d344be0bb70f Added IMAP and POP3 proxying support. Timo Sirainen <tss@iki.fi> parents: 2766 diff changeset	121 }
d344be0bb70f Added IMAP and POP3 proxying support. Timo Sirainen <tss@iki.fi> parents: 2766 diff changeset	122
2766 26a091f3add6 Implemented support for LOGIN-REFERRALS using "referral" and "reason" Timo Sirainen <tss@iki.fi> parents: 2736 diff changeset	123 client->authenticating = FALSE;
5232 7e26736a9fba After calling sasl_callback() the client may be destroyed already. Don't try Timo Sirainen <tss@iki.fi> parents: 5149 diff changeset	124 call_client_callback(client, SASL_SERVER_REPLY_AUTH_FAILED,
7e26736a9fba After calling sasl_callback() the client may be destroyed already. Don't try Timo Sirainen <tss@iki.fi> parents: 5149 diff changeset	125 NULL, args);
2733 9b9d9c164a31 Login process cleanups. Share more authentication code between pop3/imap. Timo Sirainen <tss@iki.fi> parents: diff changeset	126 break;
9b9d9c164a31 Login process cleanups. Share more authentication code between pop3/imap. Timo Sirainen <tss@iki.fi> parents: diff changeset	127 }
9b9d9c164a31 Login process cleanups. Share more authentication code between pop3/imap. Timo Sirainen <tss@iki.fi> parents: diff changeset	128 }
9b9d9c164a31 Login process cleanups. Share more authentication code between pop3/imap. Timo Sirainen <tss@iki.fi> parents: diff changeset	129
9b9d9c164a31 Login process cleanups. Share more authentication code between pop3/imap. Timo Sirainen <tss@iki.fi> parents: diff changeset	130 void sasl_server_auth_begin(struct client *client,
2781 e44a84dc947c s/protocol/service/ in authentication Timo Sirainen <tss@iki.fi> parents: 2772 diff changeset	131 const char service, const char mech_name,
2736 0f31778d3c34 Changed dovecot-auth protocol to ASCII based. Should be easier now to write Timo Sirainen <tss@iki.fi> parents: 2733 diff changeset	132 const char *initial_resp_base64,
2733 9b9d9c164a31 Login process cleanups. Share more authentication code between pop3/imap. Timo Sirainen <tss@iki.fi> parents: diff changeset	133 sasl_server_callback_t *callback)
9b9d9c164a31 Login process cleanups. Share more authentication code between pop3/imap. Timo Sirainen <tss@iki.fi> parents: diff changeset	134 {
9b9d9c164a31 Login process cleanups. Share more authentication code between pop3/imap. Timo Sirainen <tss@iki.fi> parents: diff changeset	135 struct auth_request_info info;
9b9d9c164a31 Login process cleanups. Share more authentication code between pop3/imap. Timo Sirainen <tss@iki.fi> parents: diff changeset	136 const struct auth_mech_desc *mech;
9b9d9c164a31 Login process cleanups. Share more authentication code between pop3/imap. Timo Sirainen <tss@iki.fi> parents: diff changeset	137 const char *error;
9b9d9c164a31 Login process cleanups. Share more authentication code between pop3/imap. Timo Sirainen <tss@iki.fi> parents: diff changeset	138
6992 249e6c711e8d Instead of logging only "Aborted login", log also if client tried to use Timo Sirainen <tss@iki.fi> parents: 6835 diff changeset	139 client->auth_attempts++;
2733 9b9d9c164a31 Login process cleanups. Share more authentication code between pop3/imap. Timo Sirainen <tss@iki.fi> parents: diff changeset	140 client->authenticating = TRUE;
2766 26a091f3add6 Implemented support for LOGIN-REFERRALS using "referral" and "reason" Timo Sirainen <tss@iki.fi> parents: 2736 diff changeset	141 i_free(client->auth_mech_name);
4858 69a2b3d5f00d Uppercase the auth mechanism name so it's always uppercased in logs. Timo Sirainen <tss@iki.fi> parents: 4770 diff changeset	142 client->auth_mech_name = str_ucase(i_strdup(mech_name));
2733 9b9d9c164a31 Login process cleanups. Share more authentication code between pop3/imap. Timo Sirainen <tss@iki.fi> parents: diff changeset	143 client->sasl_callback = callback;
9b9d9c164a31 Login process cleanups. Share more authentication code between pop3/imap. Timo Sirainen <tss@iki.fi> parents: diff changeset	144
9b9d9c164a31 Login process cleanups. Share more authentication code between pop3/imap. Timo Sirainen <tss@iki.fi> parents: diff changeset	145 mech = auth_client_find_mech(auth_client, mech_name);
9b9d9c164a31 Login process cleanups. Share more authentication code between pop3/imap. Timo Sirainen <tss@iki.fi> parents: diff changeset	146 if (mech == NULL) {
9408 0c7bbdd7b81f -login: Log more precise reasons for some auth failures. Timo Sirainen <tss@iki.fi>* parents: 9218 diff changeset	147 client->auth_tried_unsupported_mech = TRUE;
6692 a3079c4320c6 "Unsupported auth mechanism" and "Plaintext auth disabled" errors should Timo Sirainen <tss@iki.fi> parents: 6429 diff changeset	148 sasl_server_auth_failed(client,
2733 9b9d9c164a31 Login process cleanups. Share more authentication code between pop3/imap. Timo Sirainen <tss@iki.fi> parents: diff changeset	149 "Unsupported authentication mechanism.");
9b9d9c164a31 Login process cleanups. Share more authentication code between pop3/imap. Timo Sirainen <tss@iki.fi> parents: diff changeset	150 return;
9b9d9c164a31 Login process cleanups. Share more authentication code between pop3/imap. Timo Sirainen <tss@iki.fi> parents: diff changeset	151 }
9b9d9c164a31 Login process cleanups. Share more authentication code between pop3/imap. Timo Sirainen <tss@iki.fi> parents: diff changeset	152
2736 0f31778d3c34 Changed dovecot-auth protocol to ASCII based. Should be easier now to write Timo Sirainen <tss@iki.fi> parents: 2733 diff changeset	153 if (!client->secured && disable_plaintext_auth &&
0f31778d3c34 Changed dovecot-auth protocol to ASCII based. Should be easier now to write Timo Sirainen <tss@iki.fi> parents: 2733 diff changeset	154 (mech->flags & MECH_SEC_PLAINTEXT) != 0) {
9408 0c7bbdd7b81f -login: Log more precise reasons for some auth failures. Timo Sirainen <tss@iki.fi>* parents: 9218 diff changeset	155 client->auth_tried_disabled_plaintext = TRUE;
6692 a3079c4320c6 "Unsupported auth mechanism" and "Plaintext auth disabled" errors should Timo Sirainen <tss@iki.fi> parents: 6429 diff changeset	156 sasl_server_auth_failed(client,
4301 0e10b01960a0 IMAP: Reply with tagged BAD if authentication is aborted because client sent Timo Sirainen <tss@iki.fi> parents: 3863 diff changeset	157 "Plaintext authentication disabled.");
2733 9b9d9c164a31 Login process cleanups. Share more authentication code between pop3/imap. Timo Sirainen <tss@iki.fi> parents: diff changeset	158 return;
9b9d9c164a31 Login process cleanups. Share more authentication code between pop3/imap. Timo Sirainen <tss@iki.fi> parents: diff changeset	159 }
9b9d9c164a31 Login process cleanups. Share more authentication code between pop3/imap. Timo Sirainen <tss@iki.fi> parents: diff changeset	160
9b9d9c164a31 Login process cleanups. Share more authentication code between pop3/imap. Timo Sirainen <tss@iki.fi> parents: diff changeset	161 memset(&info, 0, sizeof(info));
9b9d9c164a31 Login process cleanups. Share more authentication code between pop3/imap. Timo Sirainen <tss@iki.fi> parents: diff changeset	162 info.mech = mech->name;
2781 e44a84dc947c s/protocol/service/ in authentication Timo Sirainen <tss@iki.fi> parents: 2772 diff changeset	163 info.service = service;
3635 c12df370e1b2 Added ssl_username_from_cert setting. Not actually tested yet.. Timo Sirainen <tss@iki.fi> parents: 3384 diff changeset	164 info.cert_username = client->proxy == NULL ? NULL :
c12df370e1b2 Added ssl_username_from_cert setting. Not actually tested yet.. Timo Sirainen <tss@iki.fi> parents: 3384 diff changeset	165 ssl_proxy_get_peer_name(client->proxy);
2733 9b9d9c164a31 Login process cleanups. Share more authentication code between pop3/imap. Timo Sirainen <tss@iki.fi> parents: diff changeset	166 info.flags = client_get_auth_flags(client);
9b9d9c164a31 Login process cleanups. Share more authentication code between pop3/imap. Timo Sirainen <tss@iki.fi> parents: diff changeset	167 info.local_ip = client->local_ip;
9b9d9c164a31 Login process cleanups. Share more authentication code between pop3/imap. Timo Sirainen <tss@iki.fi> parents: diff changeset	168 info.remote_ip = client->ip;
5882 40ce533c88f9 Send local/remote ports to dovecot-auth. They're now in %a and %b variables. Timo Sirainen <tss@iki.fi> parents: 5846 diff changeset	169 info.local_port = client->local_port;
40ce533c88f9 Send local/remote ports to dovecot-auth. They're now in %a and %b variables. Timo Sirainen <tss@iki.fi> parents: 5846 diff changeset	170 info.remote_port = client->remote_port;
2736 0f31778d3c34 Changed dovecot-auth protocol to ASCII based. Should be easier now to write Timo Sirainen <tss@iki.fi> parents: 2733 diff changeset	171 info.initial_resp_base64 = initial_resp_base64;
2733 9b9d9c164a31 Login process cleanups. Share more authentication code between pop3/imap. Timo Sirainen <tss@iki.fi> parents: diff changeset	172
9b9d9c164a31 Login process cleanups. Share more authentication code between pop3/imap. Timo Sirainen <tss@iki.fi> parents: diff changeset	173 client->auth_request =
9b9d9c164a31 Login process cleanups. Share more authentication code between pop3/imap. Timo Sirainen <tss@iki.fi> parents: diff changeset	174 auth_client_request_new(auth_client, NULL, &info,
9b9d9c164a31 Login process cleanups. Share more authentication code between pop3/imap. Timo Sirainen <tss@iki.fi> parents: diff changeset	175 authenticate_callback, client, &error);
9b9d9c164a31 Login process cleanups. Share more authentication code between pop3/imap. Timo Sirainen <tss@iki.fi> parents: diff changeset	176 if (client->auth_request == NULL) {
4301 0e10b01960a0 IMAP: Reply with tagged BAD if authentication is aborted because client sent Timo Sirainen <tss@iki.fi> parents: 3863 diff changeset	177 sasl_server_auth_failed(client,
2733 9b9d9c164a31 Login process cleanups. Share more authentication code between pop3/imap. Timo Sirainen <tss@iki.fi> parents: diff changeset	178 t_strconcat("Authentication failed: ", error, NULL));
9b9d9c164a31 Login process cleanups. Share more authentication code between pop3/imap. Timo Sirainen <tss@iki.fi> parents: diff changeset	179 }
9b9d9c164a31 Login process cleanups. Share more authentication code between pop3/imap. Timo Sirainen <tss@iki.fi> parents: diff changeset	180 }
9b9d9c164a31 Login process cleanups. Share more authentication code between pop3/imap. Timo Sirainen <tss@iki.fi> parents: diff changeset	181
4301 0e10b01960a0 IMAP: Reply with tagged BAD if authentication is aborted because client sent Timo Sirainen <tss@iki.fi> parents: 3863 diff changeset	182 static void sasl_server_auth_cancel(struct client client, const char reason,
0e10b01960a0 IMAP: Reply with tagged BAD if authentication is aborted because client sent Timo Sirainen <tss@iki.fi> parents: 3863 diff changeset	183 enum sasl_server_reply reply)
2733 9b9d9c164a31 Login process cleanups. Share more authentication code between pop3/imap. Timo Sirainen <tss@iki.fi> parents: diff changeset	184 {
5149 892b8f1c1916 Make sure we crash if we're trying to call sasl_callback() too many times. Timo Sirainen <tss@iki.fi> parents: 5105 diff changeset	185 i_assert(client->authenticating);
892b8f1c1916 Make sure we crash if we're trying to call sasl_callback() too many times. Timo Sirainen <tss@iki.fi> parents: 5105 diff changeset	186
2733 9b9d9c164a31 Login process cleanups. Share more authentication code between pop3/imap. Timo Sirainen <tss@iki.fi> parents: diff changeset	187 if (verbose_auth && reason != NULL) {
3384 3b75956d20c4 Added configurable logging for login process. Added configurable pop3 logout Timo Sirainen <tss@iki.fi> parents: 3056 diff changeset	188 const char *auth_name =
3b75956d20c4 Added configurable logging for login process. Added configurable pop3 logout Timo Sirainen <tss@iki.fi> parents: 3056 diff changeset	189 str_sanitize(client->auth_mech_name, MAX_MECH_NAME);
3b75956d20c4 Added configurable logging for login process. Added configurable pop3 logout Timo Sirainen <tss@iki.fi> parents: 3056 diff changeset	190 client_syslog(client,
3b75956d20c4 Added configurable logging for login process. Added configurable pop3 logout Timo Sirainen <tss@iki.fi> parents: 3056 diff changeset	191 t_strdup_printf("Authenticate %s failed: %s",
3b75956d20c4 Added configurable logging for login process. Added configurable pop3 logout Timo Sirainen <tss@iki.fi> parents: 3056 diff changeset	192 auth_name, reason));
2733 9b9d9c164a31 Login process cleanups. Share more authentication code between pop3/imap. Timo Sirainen <tss@iki.fi> parents: diff changeset	193 }
9b9d9c164a31 Login process cleanups. Share more authentication code between pop3/imap. Timo Sirainen <tss@iki.fi> parents: diff changeset	194
9b9d9c164a31 Login process cleanups. Share more authentication code between pop3/imap. Timo Sirainen <tss@iki.fi> parents: diff changeset	195 client->authenticating = FALSE;
9b9d9c164a31 Login process cleanups. Share more authentication code between pop3/imap. Timo Sirainen <tss@iki.fi> parents: diff changeset	196 if (client->auth_request != NULL) {
9b9d9c164a31 Login process cleanups. Share more authentication code between pop3/imap. Timo Sirainen <tss@iki.fi> parents: diff changeset	197 auth_client_request_abort(client->auth_request);
9b9d9c164a31 Login process cleanups. Share more authentication code between pop3/imap. Timo Sirainen <tss@iki.fi> parents: diff changeset	198 client->auth_request = NULL;
9b9d9c164a31 Login process cleanups. Share more authentication code between pop3/imap. Timo Sirainen <tss@iki.fi> parents: diff changeset	199 }
9b9d9c164a31 Login process cleanups. Share more authentication code between pop3/imap. Timo Sirainen <tss@iki.fi> parents: diff changeset	200
5232 7e26736a9fba After calling sasl_callback() the client may be destroyed already. Don't try Timo Sirainen <tss@iki.fi> parents: 5149 diff changeset	201 call_client_callback(client, reply, reason, NULL);
2733 9b9d9c164a31 Login process cleanups. Share more authentication code between pop3/imap. Timo Sirainen <tss@iki.fi> parents: diff changeset	202 }
4301 0e10b01960a0 IMAP: Reply with tagged BAD if authentication is aborted because client sent Timo Sirainen <tss@iki.fi> parents: 3863 diff changeset	203
0e10b01960a0 IMAP: Reply with tagged BAD if authentication is aborted because client sent Timo Sirainen <tss@iki.fi> parents: 3863 diff changeset	204 void sasl_server_auth_failed(struct client client, const char reason)
0e10b01960a0 IMAP: Reply with tagged BAD if authentication is aborted because client sent Timo Sirainen <tss@iki.fi> parents: 3863 diff changeset	205 {
0e10b01960a0 IMAP: Reply with tagged BAD if authentication is aborted because client sent Timo Sirainen <tss@iki.fi> parents: 3863 diff changeset	206 sasl_server_auth_cancel(client, reason, SASL_SERVER_REPLY_AUTH_FAILED);
0e10b01960a0 IMAP: Reply with tagged BAD if authentication is aborted because client sent Timo Sirainen <tss@iki.fi> parents: 3863 diff changeset	207 }
0e10b01960a0 IMAP: Reply with tagged BAD if authentication is aborted because client sent Timo Sirainen <tss@iki.fi> parents: 3863 diff changeset	208
9218 754234248510 login processes: Auth code cleanups. Custom IMAP auth errors now have [ALERT] prefix. Timo Sirainen <tss@iki.fi> parents: 8590 diff changeset	209 void sasl_server_auth_abort(struct client *client)
4301 0e10b01960a0 IMAP: Reply with tagged BAD if authentication is aborted because client sent Timo Sirainen <tss@iki.fi> parents: 3863 diff changeset	210 {
9408 0c7bbdd7b81f -login: Log more precise reasons for some auth failures. Timo Sirainen <tss@iki.fi>* parents: 9218 diff changeset	211 client->auth_try_aborted = TRUE;
9218 754234248510 login processes: Auth code cleanups. Custom IMAP auth errors now have [ALERT] prefix. Timo Sirainen <tss@iki.fi> parents: 8590 diff changeset	212 sasl_server_auth_cancel(client, NULL, SASL_SERVER_REPLY_AUTH_ABORTED);
4301 0e10b01960a0 IMAP: Reply with tagged BAD if authentication is aborted because client sent Timo Sirainen <tss@iki.fi> parents: 3863 diff changeset	213 }

Mercurial > dovecot > original-hg > dovecot-1.2

annotate src/login-common/sasl-server.c @ 9651:9ab1c8a10944 HEAD