Mercurial > dovecot > original-hg > dovecot-1.2

annotate src/imap-login/imap-proxy.c @ 9266:cd29b745c8dd HEAD

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
configure: clock_gettime()'s -lrt adding dropped everything else from $LIBS.
author Timo Sirainen <tss@iki.fi>
date Mon, 27 Jul 2009 06:32:42 -0400
parents 5ee5def4f0ff
children e3ccd235a7e5
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
rev   line source
8590
b9faf4db2a9f Updated copyright notices to include year 2009.
Timo Sirainen <tss@iki.fi>
parents: 8583
diff changeset
1 /* Copyright (c) 2004-2009 Dovecot authors, see the included COPYING file */
2768
d344be0bb70f Added IMAP and POP3 proxying support.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
2
d344be0bb70f Added IMAP and POP3 proxying support.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
3 #include "common.h"
8979
f8404c0f14de imap-proxy: Send backend's CAPABILITY if it's different from what was sent to client before.
Timo Sirainen <tss@iki.fi>
parents: 8978
diff changeset
4 #include "array.h"
2768
d344be0bb70f Added IMAP and POP3 proxying support.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
5 #include "ioloop.h"
2773
e624a9ad6a30 More smart IMAP and POP3 proxies. Now if remote login fails, it just
Timo Sirainen <tss@iki.fi>
parents: 2768
diff changeset
6 #include "istream.h"
e624a9ad6a30 More smart IMAP and POP3 proxies. Now if remote login fails, it just
Timo Sirainen <tss@iki.fi>
parents: 2768
diff changeset
7 #include "ostream.h"
8546
50f49805b13b imap/pop3 proxy: Support master user logins.
Timo Sirainen <tss@iki.fi>
parents: 8123
diff changeset
8 #include "base64.h"
2768
d344be0bb70f Added IMAP and POP3 proxying support.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
9 #include "str.h"
7117
769181a20483 Make sure all user input is sanitized before it's logged.
Timo Sirainen <tss@iki.fi>
parents: 7086
diff changeset
10 #include "str-sanitize.h"
2773
e624a9ad6a30 More smart IMAP and POP3 proxies. Now if remote login fails, it just
Timo Sirainen <tss@iki.fi>
parents: 2768
diff changeset
11 #include "safe-memset.h"
2768
d344be0bb70f Added IMAP and POP3 proxying support.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
12 #include "client.h"
8926
415089905616 imap-login: Use [resp-codes] to figure out when to replace remote's auth failed message with ours.
Timo Sirainen <tss@iki.fi>
parents: 8774
diff changeset
13 #include "client-authenticate.h"
8583
2ff2cac3578b imap/pop3-login: Cleaned up proxying code. Don't disconnect client on proxy failures.
Timo Sirainen <tss@iki.fi>
parents: 8546
diff changeset
14 #include "imap-resp-code.h"
2768
d344be0bb70f Added IMAP and POP3 proxying support.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
15 #include "imap-quote.h"
d344be0bb70f Added IMAP and POP3 proxying support.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
16 #include "imap-proxy.h"
d344be0bb70f Added IMAP and POP3 proxying support.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
17
8979
f8404c0f14de imap-proxy: Send backend's CAPABILITY if it's different from what was sent to client before.
Timo Sirainen <tss@iki.fi>
parents: 8978
diff changeset
18 #include <stdlib.h>
f8404c0f14de imap-proxy: Send backend's CAPABILITY if it's different from what was sent to client before.
Timo Sirainen <tss@iki.fi>
parents: 8978
diff changeset
19
8583
2ff2cac3578b imap/pop3-login: Cleaned up proxying code. Don't disconnect client on proxy failures.
Timo Sirainen <tss@iki.fi>
parents: 8546
diff changeset
20 #define PROXY_FAILURE_MSG \
2ff2cac3578b imap/pop3-login: Cleaned up proxying code. Don't disconnect client on proxy failures.
Timo Sirainen <tss@iki.fi>
parents: 8546
diff changeset
21 "NO ["IMAP_RESP_CODE_UNAVAILABLE"] "AUTH_TEMP_FAILED_MSG
2ff2cac3578b imap/pop3-login: Cleaned up proxying code. Don't disconnect client on proxy failures.
Timo Sirainen <tss@iki.fi>
parents: 8546
diff changeset
22
8979
f8404c0f14de imap-proxy: Send backend's CAPABILITY if it's different from what was sent to client before.
Timo Sirainen <tss@iki.fi>
parents: 8978
diff changeset
23 static const char *const *
f8404c0f14de imap-proxy: Send backend's CAPABILITY if it's different from what was sent to client before.
Timo Sirainen <tss@iki.fi>
parents: 8978
diff changeset
24 capabilities_strip_prelogin(const char *const *capabilities)
7920
3644883cf44e Support transferring original IPs and ports through IMAP proxies.
Timo Sirainen <tss@iki.fi>
parents: 7454
diff changeset
25 {
8979
f8404c0f14de imap-proxy: Send backend's CAPABILITY if it's different from what was sent to client before.
Timo Sirainen <tss@iki.fi>
parents: 8978
diff changeset
26 ARRAY_TYPE(const_string) new_caps_arr;
f8404c0f14de imap-proxy: Send backend's CAPABILITY if it's different from what was sent to client before.
Timo Sirainen <tss@iki.fi>
parents: 8978
diff changeset
27 const char **new_caps, *str;
f8404c0f14de imap-proxy: Send backend's CAPABILITY if it's different from what was sent to client before.
Timo Sirainen <tss@iki.fi>
parents: 8978
diff changeset
28 unsigned int count;
7920
3644883cf44e Support transferring original IPs and ports through IMAP proxies.
Timo Sirainen <tss@iki.fi>
parents: 7454
diff changeset
29
8979
f8404c0f14de imap-proxy: Send backend's CAPABILITY if it's different from what was sent to client before.
Timo Sirainen <tss@iki.fi>
parents: 8978
diff changeset
30 t_array_init(&new_caps_arr, 64);
f8404c0f14de imap-proxy: Send backend's CAPABILITY if it's different from what was sent to client before.
Timo Sirainen <tss@iki.fi>
parents: 8978
diff changeset
31 for (; *capabilities != NULL; capabilities++) {
f8404c0f14de imap-proxy: Send backend's CAPABILITY if it's different from what was sent to client before.
Timo Sirainen <tss@iki.fi>
parents: 8978
diff changeset
32 if (strncasecmp(*capabilities, "AUTH=", 5) == 0 ||
f8404c0f14de imap-proxy: Send backend's CAPABILITY if it's different from what was sent to client before.
Timo Sirainen <tss@iki.fi>
parents: 8978
diff changeset
33 strcasecmp(*capabilities, "STARTTLS") == 0 ||
f8404c0f14de imap-proxy: Send backend's CAPABILITY if it's different from what was sent to client before.
Timo Sirainen <tss@iki.fi>
parents: 8978
diff changeset
34 strcasecmp(*capabilities, "SASL-IR") == 0 ||
f8404c0f14de imap-proxy: Send backend's CAPABILITY if it's different from what was sent to client before.
Timo Sirainen <tss@iki.fi>
parents: 8978
diff changeset
35 strcasecmp(*capabilities, "LOGINDISABLED") == 0 ||
f8404c0f14de imap-proxy: Send backend's CAPABILITY if it's different from what was sent to client before.
Timo Sirainen <tss@iki.fi>
parents: 8978
diff changeset
36 strcasecmp(*capabilities, "LOGIN-REFERRALS") == 0)
f8404c0f14de imap-proxy: Send backend's CAPABILITY if it's different from what was sent to client before.
Timo Sirainen <tss@iki.fi>
parents: 8978
diff changeset
37 continue;
f8404c0f14de imap-proxy: Send backend's CAPABILITY if it's different from what was sent to client before.
Timo Sirainen <tss@iki.fi>
parents: 8978
diff changeset
38
f8404c0f14de imap-proxy: Send backend's CAPABILITY if it's different from what was sent to client before.
Timo Sirainen <tss@iki.fi>
parents: 8978
diff changeset
39 str = *capabilities;
f8404c0f14de imap-proxy: Send backend's CAPABILITY if it's different from what was sent to client before.
Timo Sirainen <tss@iki.fi>
parents: 8978
diff changeset
40 array_append(&new_caps_arr, &str, 1);
7920
3644883cf44e Support transferring original IPs and ports through IMAP proxies.
Timo Sirainen <tss@iki.fi>
parents: 7454
diff changeset
41 }
8979
f8404c0f14de imap-proxy: Send backend's CAPABILITY if it's different from what was sent to client before.
Timo Sirainen <tss@iki.fi>
parents: 8978
diff changeset
42 new_caps = array_get_modifiable(&new_caps_arr, &count);
f8404c0f14de imap-proxy: Send backend's CAPABILITY if it's different from what was sent to client before.
Timo Sirainen <tss@iki.fi>
parents: 8978
diff changeset
43 qsort(new_caps, count, sizeof(*new_caps), i_strcasecmp_p);
f8404c0f14de imap-proxy: Send backend's CAPABILITY if it's different from what was sent to client before.
Timo Sirainen <tss@iki.fi>
parents: 8978
diff changeset
44
f8404c0f14de imap-proxy: Send backend's CAPABILITY if it's different from what was sent to client before.
Timo Sirainen <tss@iki.fi>
parents: 8978
diff changeset
45 (void)array_append_space(&new_caps_arr);
f8404c0f14de imap-proxy: Send backend's CAPABILITY if it's different from what was sent to client before.
Timo Sirainen <tss@iki.fi>
parents: 8978
diff changeset
46 return array_idx(&new_caps_arr, 0);
7920
3644883cf44e Support transferring original IPs and ports through IMAP proxies.
Timo Sirainen <tss@iki.fi>
parents: 7454
diff changeset
47 }
3644883cf44e Support transferring original IPs and ports through IMAP proxies.
Timo Sirainen <tss@iki.fi>
parents: 7454
diff changeset
48
3644883cf44e Support transferring original IPs and ports through IMAP proxies.
Timo Sirainen <tss@iki.fi>
parents: 7454
diff changeset
49 static void proxy_write_id(struct imap_client *client, string_t *str)
3644883cf44e Support transferring original IPs and ports through IMAP proxies.
Timo Sirainen <tss@iki.fi>
parents: 7454
diff changeset
50 {
3644883cf44e Support transferring original IPs and ports through IMAP proxies.
Timo Sirainen <tss@iki.fi>
parents: 7454
diff changeset
51 str_printfa(str, "I ID ("
3644883cf44e Support transferring original IPs and ports through IMAP proxies.
Timo Sirainen <tss@iki.fi>
parents: 7454
diff changeset
52 "\"x-originating-ip\" \"%s\" "
3644883cf44e Support transferring original IPs and ports through IMAP proxies.
Timo Sirainen <tss@iki.fi>
parents: 7454
diff changeset
53 "\"x-originating-port\" \"%u\" "
7921
9a7469e52f91 Renamed x-local-ip/port to x-connected-ip/port
Timo Sirainen <tss@iki.fi>
parents: 7920
diff changeset
54 "\"x-connected-ip\" \"%s\" "
9a7469e52f91 Renamed x-local-ip/port to x-connected-ip/port
Timo Sirainen <tss@iki.fi>
parents: 7920
diff changeset
55 "\"x-connected-port\" \"%u\")\r\n",
7920
3644883cf44e Support transferring original IPs and ports through IMAP proxies.
Timo Sirainen <tss@iki.fi>
parents: 7454
diff changeset
56 net_ip2addr(&client->common.ip),
3644883cf44e Support transferring original IPs and ports through IMAP proxies.
Timo Sirainen <tss@iki.fi>
parents: 7454
diff changeset
57 client->common.remote_port,
3644883cf44e Support transferring original IPs and ports through IMAP proxies.
Timo Sirainen <tss@iki.fi>
parents: 7454
diff changeset
58 net_ip2addr(&client->common.local_ip),
3644883cf44e Support transferring original IPs and ports through IMAP proxies.
Timo Sirainen <tss@iki.fi>
parents: 7454
diff changeset
59 client->common.local_port);
3644883cf44e Support transferring original IPs and ports through IMAP proxies.
Timo Sirainen <tss@iki.fi>
parents: 7454
diff changeset
60 }
3644883cf44e Support transferring original IPs and ports through IMAP proxies.
Timo Sirainen <tss@iki.fi>
parents: 7454
diff changeset
61
8546
50f49805b13b imap/pop3 proxy: Support master user logins.
Timo Sirainen <tss@iki.fi>
parents: 8123
diff changeset
62 static void proxy_free_password(struct imap_client *client)
50f49805b13b imap/pop3 proxy: Support master user logins.
Timo Sirainen <tss@iki.fi>
parents: 8123
diff changeset
63 {
8583
2ff2cac3578b imap/pop3-login: Cleaned up proxying code. Don't disconnect client on proxy failures.
Timo Sirainen <tss@iki.fi>
parents: 8546
diff changeset
64 if (client->proxy_password == NULL)
2ff2cac3578b imap/pop3-login: Cleaned up proxying code. Don't disconnect client on proxy failures.
Timo Sirainen <tss@iki.fi>
parents: 8546
diff changeset
65 return;
2ff2cac3578b imap/pop3-login: Cleaned up proxying code. Don't disconnect client on proxy failures.
Timo Sirainen <tss@iki.fi>
parents: 8546
diff changeset
66
8546
50f49805b13b imap/pop3 proxy: Support master user logins.
Timo Sirainen <tss@iki.fi>
parents: 8123
diff changeset
67 safe_memset(client->proxy_password, 0, strlen(client->proxy_password));
50f49805b13b imap/pop3 proxy: Support master user logins.
Timo Sirainen <tss@iki.fi>
parents: 8123
diff changeset
68 i_free_and_null(client->proxy_password);
50f49805b13b imap/pop3 proxy: Support master user logins.
Timo Sirainen <tss@iki.fi>
parents: 8123
diff changeset
69 }
50f49805b13b imap/pop3 proxy: Support master user logins.
Timo Sirainen <tss@iki.fi>
parents: 8123
diff changeset
70
8583
2ff2cac3578b imap/pop3-login: Cleaned up proxying code. Don't disconnect client on proxy failures.
Timo Sirainen <tss@iki.fi>
parents: 8546
diff changeset
71 static void proxy_failed(struct imap_client *client, bool send_tagline)
2ff2cac3578b imap/pop3-login: Cleaned up proxying code. Don't disconnect client on proxy failures.
Timo Sirainen <tss@iki.fi>
parents: 8546
diff changeset
72 {
2ff2cac3578b imap/pop3-login: Cleaned up proxying code. Don't disconnect client on proxy failures.
Timo Sirainen <tss@iki.fi>
parents: 8546
diff changeset
73 if (send_tagline)
2ff2cac3578b imap/pop3-login: Cleaned up proxying code. Don't disconnect client on proxy failures.
Timo Sirainen <tss@iki.fi>
parents: 8546
diff changeset
74 client_send_tagline(client, PROXY_FAILURE_MSG);
2ff2cac3578b imap/pop3-login: Cleaned up proxying code. Don't disconnect client on proxy failures.
Timo Sirainen <tss@iki.fi>
parents: 8546
diff changeset
75
2ff2cac3578b imap/pop3-login: Cleaned up proxying code. Don't disconnect client on proxy failures.
Timo Sirainen <tss@iki.fi>
parents: 8546
diff changeset
76 login_proxy_free(&client->proxy);
2ff2cac3578b imap/pop3-login: Cleaned up proxying code. Don't disconnect client on proxy failures.
Timo Sirainen <tss@iki.fi>
parents: 8546
diff changeset
77 proxy_free_password(client);
2ff2cac3578b imap/pop3-login: Cleaned up proxying code. Don't disconnect client on proxy failures.
Timo Sirainen <tss@iki.fi>
parents: 8546
diff changeset
78 i_free_and_null(client->proxy_user);
2ff2cac3578b imap/pop3-login: Cleaned up proxying code. Don't disconnect client on proxy failures.
Timo Sirainen <tss@iki.fi>
parents: 8546
diff changeset
79 i_free_and_null(client->proxy_master_user);
2ff2cac3578b imap/pop3-login: Cleaned up proxying code. Don't disconnect client on proxy failures.
Timo Sirainen <tss@iki.fi>
parents: 8546
diff changeset
80
2ff2cac3578b imap/pop3-login: Cleaned up proxying code. Don't disconnect client on proxy failures.
Timo Sirainen <tss@iki.fi>
parents: 8546
diff changeset
81 /* call this last - it may destroy the client */
2ff2cac3578b imap/pop3-login: Cleaned up proxying code. Don't disconnect client on proxy failures.
Timo Sirainen <tss@iki.fi>
parents: 8546
diff changeset
82 client_auth_failed(client, TRUE);
2ff2cac3578b imap/pop3-login: Cleaned up proxying code. Don't disconnect client on proxy failures.
Timo Sirainen <tss@iki.fi>
parents: 8546
diff changeset
83 }
2ff2cac3578b imap/pop3-login: Cleaned up proxying code. Don't disconnect client on proxy failures.
Timo Sirainen <tss@iki.fi>
parents: 8546
diff changeset
84
8546
50f49805b13b imap/pop3 proxy: Support master user logins.
Timo Sirainen <tss@iki.fi>
parents: 8123
diff changeset
85 static void get_plain_auth(struct imap_client *client, string_t *dest)
50f49805b13b imap/pop3 proxy: Support master user logins.
Timo Sirainen <tss@iki.fi>
parents: 8123
diff changeset
86 {
50f49805b13b imap/pop3 proxy: Support master user logins.
Timo Sirainen <tss@iki.fi>
parents: 8123
diff changeset
87 string_t *str;
50f49805b13b imap/pop3 proxy: Support master user logins.
Timo Sirainen <tss@iki.fi>
parents: 8123
diff changeset
88
50f49805b13b imap/pop3 proxy: Support master user logins.
Timo Sirainen <tss@iki.fi>
parents: 8123
diff changeset
89 str = t_str_new(128);
50f49805b13b imap/pop3 proxy: Support master user logins.
Timo Sirainen <tss@iki.fi>
parents: 8123
diff changeset
90 str_append(str, client->proxy_user);
50f49805b13b imap/pop3 proxy: Support master user logins.
Timo Sirainen <tss@iki.fi>
parents: 8123
diff changeset
91 str_append_c(str, '\0');
50f49805b13b imap/pop3 proxy: Support master user logins.
Timo Sirainen <tss@iki.fi>
parents: 8123
diff changeset
92 str_append(str, client->proxy_master_user);
50f49805b13b imap/pop3 proxy: Support master user logins.
Timo Sirainen <tss@iki.fi>
parents: 8123
diff changeset
93 str_append_c(str, '\0');
50f49805b13b imap/pop3 proxy: Support master user logins.
Timo Sirainen <tss@iki.fi>
parents: 8123
diff changeset
94 str_append(str, client->proxy_password);
50f49805b13b imap/pop3 proxy: Support master user logins.
Timo Sirainen <tss@iki.fi>
parents: 8123
diff changeset
95 base64_encode(str_data(str), str_len(str), dest);
50f49805b13b imap/pop3 proxy: Support master user logins.
Timo Sirainen <tss@iki.fi>
parents: 8123
diff changeset
96 }
50f49805b13b imap/pop3 proxy: Support master user logins.
Timo Sirainen <tss@iki.fi>
parents: 8123
diff changeset
97
8979
f8404c0f14de imap-proxy: Send backend's CAPABILITY if it's different from what was sent to client before.
Timo Sirainen <tss@iki.fi>
parents: 8978
diff changeset
98 static bool str_array_icmp(const char *const *arr1, const char *const *arr2)
f8404c0f14de imap-proxy: Send backend's CAPABILITY if it's different from what was sent to client before.
Timo Sirainen <tss@iki.fi>
parents: 8978
diff changeset
99 {
f8404c0f14de imap-proxy: Send backend's CAPABILITY if it's different from what was sent to client before.
Timo Sirainen <tss@iki.fi>
parents: 8978
diff changeset
100 unsigned int i;
f8404c0f14de imap-proxy: Send backend's CAPABILITY if it's different from what was sent to client before.
Timo Sirainen <tss@iki.fi>
parents: 8978
diff changeset
101
f8404c0f14de imap-proxy: Send backend's CAPABILITY if it's different from what was sent to client before.
Timo Sirainen <tss@iki.fi>
parents: 8978
diff changeset
102 for (i = 0; arr1[i] != NULL; i++) {
f8404c0f14de imap-proxy: Send backend's CAPABILITY if it's different from what was sent to client before.
Timo Sirainen <tss@iki.fi>
parents: 8978
diff changeset
103 if (arr2[i] == NULL || strcasecmp(arr1[i], arr2[i]) != 0)
f8404c0f14de imap-proxy: Send backend's CAPABILITY if it's different from what was sent to client before.
Timo Sirainen <tss@iki.fi>
parents: 8978
diff changeset
104 return FALSE;
f8404c0f14de imap-proxy: Send backend's CAPABILITY if it's different from what was sent to client before.
Timo Sirainen <tss@iki.fi>
parents: 8978
diff changeset
105 }
f8404c0f14de imap-proxy: Send backend's CAPABILITY if it's different from what was sent to client before.
Timo Sirainen <tss@iki.fi>
parents: 8978
diff changeset
106 return TRUE;
f8404c0f14de imap-proxy: Send backend's CAPABILITY if it's different from what was sent to client before.
Timo Sirainen <tss@iki.fi>
parents: 8978
diff changeset
107 }
f8404c0f14de imap-proxy: Send backend's CAPABILITY if it's different from what was sent to client before.
Timo Sirainen <tss@iki.fi>
parents: 8978
diff changeset
108
f8404c0f14de imap-proxy: Send backend's CAPABILITY if it's different from what was sent to client before.
Timo Sirainen <tss@iki.fi>
parents: 8978
diff changeset
109 static void
f8404c0f14de imap-proxy: Send backend's CAPABILITY if it's different from what was sent to client before.
Timo Sirainen <tss@iki.fi>
parents: 8978
diff changeset
110 client_send_capability_if_needed(struct imap_client *client, string_t *str,
f8404c0f14de imap-proxy: Send backend's CAPABILITY if it's different from what was sent to client before.
Timo Sirainen <tss@iki.fi>
parents: 8978
diff changeset
111 const char *capability)
f8404c0f14de imap-proxy: Send backend's CAPABILITY if it's different from what was sent to client before.
Timo Sirainen <tss@iki.fi>
parents: 8978
diff changeset
112 {
f8404c0f14de imap-proxy: Send backend's CAPABILITY if it's different from what was sent to client before.
Timo Sirainen <tss@iki.fi>
parents: 8978
diff changeset
113 const char *const *backend_capabilities;
f8404c0f14de imap-proxy: Send backend's CAPABILITY if it's different from what was sent to client before.
Timo Sirainen <tss@iki.fi>
parents: 8978
diff changeset
114 const char *const *proxy_capabilities;
f8404c0f14de imap-proxy: Send backend's CAPABILITY if it's different from what was sent to client before.
Timo Sirainen <tss@iki.fi>
parents: 8978
diff changeset
115
9142
5ee5def4f0ff imap-login: Using CAPABILITY command after STARTTLS shouldn't trigger CAPABILITY pushing workaround.
Timo Sirainen <tss@iki.fi>
parents: 9128
diff changeset
116 if (!client->client_ignores_capability_resp_code || capability == NULL)
8979
f8404c0f14de imap-proxy: Send backend's CAPABILITY if it's different from what was sent to client before.
Timo Sirainen <tss@iki.fi>
parents: 8978
diff changeset
117 return;
f8404c0f14de imap-proxy: Send backend's CAPABILITY if it's different from what was sent to client before.
Timo Sirainen <tss@iki.fi>
parents: 8978
diff changeset
118
f8404c0f14de imap-proxy: Send backend's CAPABILITY if it's different from what was sent to client before.
Timo Sirainen <tss@iki.fi>
parents: 8978
diff changeset
119 /* reset this so that we don't re-send the CAPABILITY in case server
f8404c0f14de imap-proxy: Send backend's CAPABILITY if it's different from what was sent to client before.
Timo Sirainen <tss@iki.fi>
parents: 8978
diff changeset
120 sends it multiple times */
9142
5ee5def4f0ff imap-login: Using CAPABILITY command after STARTTLS shouldn't trigger CAPABILITY pushing workaround.
Timo Sirainen <tss@iki.fi>
parents: 9128
diff changeset
121 client->client_ignores_capability_resp_code = FALSE;
8979
f8404c0f14de imap-proxy: Send backend's CAPABILITY if it's different from what was sent to client before.
Timo Sirainen <tss@iki.fi>
parents: 8978
diff changeset
122
f8404c0f14de imap-proxy: Send backend's CAPABILITY if it's different from what was sent to client before.
Timo Sirainen <tss@iki.fi>
parents: 8978
diff changeset
123 /* client has used CAPABILITY command, so it didn't understand the
f8404c0f14de imap-proxy: Send backend's CAPABILITY if it's different from what was sent to client before.
Timo Sirainen <tss@iki.fi>
parents: 8978
diff changeset
124 capabilities in the banner. if backend server has different
f8404c0f14de imap-proxy: Send backend's CAPABILITY if it's different from what was sent to client before.
Timo Sirainen <tss@iki.fi>
parents: 8978
diff changeset
125 capabilities than we advertised already, there's a problem.
f8404c0f14de imap-proxy: Send backend's CAPABILITY if it's different from what was sent to client before.
Timo Sirainen <tss@iki.fi>
parents: 8978
diff changeset
126 to solve that we'll send the backend's untagged CAPABILITY reply
f8404c0f14de imap-proxy: Send backend's CAPABILITY if it's different from what was sent to client before.
Timo Sirainen <tss@iki.fi>
parents: 8978
diff changeset
127 and hope that the client understands it */
f8404c0f14de imap-proxy: Send backend's CAPABILITY if it's different from what was sent to client before.
Timo Sirainen <tss@iki.fi>
parents: 8978
diff changeset
128 backend_capabilities =
f8404c0f14de imap-proxy: Send backend's CAPABILITY if it's different from what was sent to client before.
Timo Sirainen <tss@iki.fi>
parents: 8978
diff changeset
129 capabilities_strip_prelogin(t_strsplit(capability, " "));
f8404c0f14de imap-proxy: Send backend's CAPABILITY if it's different from what was sent to client before.
Timo Sirainen <tss@iki.fi>
parents: 8978
diff changeset
130 proxy_capabilities =
f8404c0f14de imap-proxy: Send backend's CAPABILITY if it's different from what was sent to client before.
Timo Sirainen <tss@iki.fi>
parents: 8978
diff changeset
131 capabilities_strip_prelogin(t_strsplit(capability_string, " "));
f8404c0f14de imap-proxy: Send backend's CAPABILITY if it's different from what was sent to client before.
Timo Sirainen <tss@iki.fi>
parents: 8978
diff changeset
132
f8404c0f14de imap-proxy: Send backend's CAPABILITY if it's different from what was sent to client before.
Timo Sirainen <tss@iki.fi>
parents: 8978
diff changeset
133 if (str_array_icmp(backend_capabilities, proxy_capabilities))
f8404c0f14de imap-proxy: Send backend's CAPABILITY if it's different from what was sent to client before.
Timo Sirainen <tss@iki.fi>
parents: 8978
diff changeset
134 return;
f8404c0f14de imap-proxy: Send backend's CAPABILITY if it's different from what was sent to client before.
Timo Sirainen <tss@iki.fi>
parents: 8978
diff changeset
135
f8404c0f14de imap-proxy: Send backend's CAPABILITY if it's different from what was sent to client before.
Timo Sirainen <tss@iki.fi>
parents: 8978
diff changeset
136 str_printfa(str, "* CAPABILITY %s\r\n", capability);
f8404c0f14de imap-proxy: Send backend's CAPABILITY if it's different from what was sent to client before.
Timo Sirainen <tss@iki.fi>
parents: 8978
diff changeset
137 }
f8404c0f14de imap-proxy: Send backend's CAPABILITY if it's different from what was sent to client before.
Timo Sirainen <tss@iki.fi>
parents: 8978
diff changeset
138
8985
f43bebab3dac imap/pop3 proxy: Support SSL/TLS connections to remote servers.
Timo Sirainen <tss@iki.fi>
parents: 8979
diff changeset
139 static void proxy_write_login(struct imap_client *client, string_t *str)
f43bebab3dac imap/pop3 proxy: Support SSL/TLS connections to remote servers.
Timo Sirainen <tss@iki.fi>
parents: 8979
diff changeset
140 {
9142
5ee5def4f0ff imap-login: Using CAPABILITY command after STARTTLS shouldn't trigger CAPABILITY pushing workaround.
Timo Sirainen <tss@iki.fi>
parents: 9128
diff changeset
141 if (client->client_ignores_capability_resp_code)
8985
f43bebab3dac imap/pop3 proxy: Support SSL/TLS connections to remote servers.
Timo Sirainen <tss@iki.fi>
parents: 8979
diff changeset
142 str_append(str, "C CAPABILITY\r\n");
f43bebab3dac imap/pop3 proxy: Support SSL/TLS connections to remote servers.
Timo Sirainen <tss@iki.fi>
parents: 8979
diff changeset
143
f43bebab3dac imap/pop3 proxy: Support SSL/TLS connections to remote servers.
Timo Sirainen <tss@iki.fi>
parents: 8979
diff changeset
144 if (client->proxy_master_user == NULL) {
f43bebab3dac imap/pop3 proxy: Support SSL/TLS connections to remote servers.
Timo Sirainen <tss@iki.fi>
parents: 8979
diff changeset
145 /* logging in normally - use LOGIN command */
f43bebab3dac imap/pop3 proxy: Support SSL/TLS connections to remote servers.
Timo Sirainen <tss@iki.fi>
parents: 8979
diff changeset
146 str_append(str, "L LOGIN ");
f43bebab3dac imap/pop3 proxy: Support SSL/TLS connections to remote servers.
Timo Sirainen <tss@iki.fi>
parents: 8979
diff changeset
147 imap_quote_append_string(str, client->proxy_user, FALSE);
f43bebab3dac imap/pop3 proxy: Support SSL/TLS connections to remote servers.
Timo Sirainen <tss@iki.fi>
parents: 8979
diff changeset
148 str_append_c(str, ' ');
f43bebab3dac imap/pop3 proxy: Support SSL/TLS connections to remote servers.
Timo Sirainen <tss@iki.fi>
parents: 8979
diff changeset
149 imap_quote_append_string(str, client->proxy_password, FALSE);
f43bebab3dac imap/pop3 proxy: Support SSL/TLS connections to remote servers.
Timo Sirainen <tss@iki.fi>
parents: 8979
diff changeset
150
f43bebab3dac imap/pop3 proxy: Support SSL/TLS connections to remote servers.
Timo Sirainen <tss@iki.fi>
parents: 8979
diff changeset
151 proxy_free_password(client);
f43bebab3dac imap/pop3 proxy: Support SSL/TLS connections to remote servers.
Timo Sirainen <tss@iki.fi>
parents: 8979
diff changeset
152 } else if (client->proxy_sasl_ir) {
f43bebab3dac imap/pop3 proxy: Support SSL/TLS connections to remote servers.
Timo Sirainen <tss@iki.fi>
parents: 8979
diff changeset
153 /* master user login with SASL initial response support */
f43bebab3dac imap/pop3 proxy: Support SSL/TLS connections to remote servers.
Timo Sirainen <tss@iki.fi>
parents: 8979
diff changeset
154 str_append(str, "L AUTHENTICATE PLAIN ");
f43bebab3dac imap/pop3 proxy: Support SSL/TLS connections to remote servers.
Timo Sirainen <tss@iki.fi>
parents: 8979
diff changeset
155 get_plain_auth(client, str);
f43bebab3dac imap/pop3 proxy: Support SSL/TLS connections to remote servers.
Timo Sirainen <tss@iki.fi>
parents: 8979
diff changeset
156 proxy_free_password(client);
f43bebab3dac imap/pop3 proxy: Support SSL/TLS connections to remote servers.
Timo Sirainen <tss@iki.fi>
parents: 8979
diff changeset
157 } else {
f43bebab3dac imap/pop3 proxy: Support SSL/TLS connections to remote servers.
Timo Sirainen <tss@iki.fi>
parents: 8979
diff changeset
158 /* master user login without SASL initial response */
f43bebab3dac imap/pop3 proxy: Support SSL/TLS connections to remote servers.
Timo Sirainen <tss@iki.fi>
parents: 8979
diff changeset
159 str_append(str, "L AUTHENTICATE PLAIN");
f43bebab3dac imap/pop3 proxy: Support SSL/TLS connections to remote servers.
Timo Sirainen <tss@iki.fi>
parents: 8979
diff changeset
160 }
f43bebab3dac imap/pop3 proxy: Support SSL/TLS connections to remote servers.
Timo Sirainen <tss@iki.fi>
parents: 8979
diff changeset
161 str_append(str, "\r\n");
f43bebab3dac imap/pop3 proxy: Support SSL/TLS connections to remote servers.
Timo Sirainen <tss@iki.fi>
parents: 8979
diff changeset
162 }
f43bebab3dac imap/pop3 proxy: Support SSL/TLS connections to remote servers.
Timo Sirainen <tss@iki.fi>
parents: 8979
diff changeset
163
8546
50f49805b13b imap/pop3 proxy: Support master user logins.
Timo Sirainen <tss@iki.fi>
parents: 8123
diff changeset
164 static int proxy_input_banner(struct imap_client *client,
50f49805b13b imap/pop3 proxy: Support master user logins.
Timo Sirainen <tss@iki.fi>
parents: 8123
diff changeset
165 struct ostream *output, const char *line)
50f49805b13b imap/pop3 proxy: Support master user logins.
Timo Sirainen <tss@iki.fi>
parents: 8123
diff changeset
166 {
8985
f43bebab3dac imap/pop3 proxy: Support SSL/TLS connections to remote servers.
Timo Sirainen <tss@iki.fi>
parents: 8979
diff changeset
167 enum login_proxy_ssl_flags ssl_flags;
8979
f8404c0f14de imap-proxy: Send backend's CAPABILITY if it's different from what was sent to client before.
Timo Sirainen <tss@iki.fi>
parents: 8978
diff changeset
168 const char *const *capabilities = NULL;
8546
50f49805b13b imap/pop3 proxy: Support master user logins.
Timo Sirainen <tss@iki.fi>
parents: 8123
diff changeset
169 string_t *str;
50f49805b13b imap/pop3 proxy: Support master user logins.
Timo Sirainen <tss@iki.fi>
parents: 8123
diff changeset
170
50f49805b13b imap/pop3 proxy: Support master user logins.
Timo Sirainen <tss@iki.fi>
parents: 8123
diff changeset
171 if (strncmp(line, "* OK ", 5) != 0) {
8583
2ff2cac3578b imap/pop3-login: Cleaned up proxying code. Don't disconnect client on proxy failures.
Timo Sirainen <tss@iki.fi>
parents: 8546
diff changeset
172 client_syslog_err(&client->common, t_strdup_printf(
8546
50f49805b13b imap/pop3 proxy: Support master user logins.
Timo Sirainen <tss@iki.fi>
parents: 8123
diff changeset
173 "proxy: Remote returned invalid banner: %s",
50f49805b13b imap/pop3 proxy: Support master user logins.
Timo Sirainen <tss@iki.fi>
parents: 8123
diff changeset
174 str_sanitize(line, 160)));
50f49805b13b imap/pop3 proxy: Support master user logins.
Timo Sirainen <tss@iki.fi>
parents: 8123
diff changeset
175 return -1;
50f49805b13b imap/pop3 proxy: Support master user logins.
Timo Sirainen <tss@iki.fi>
parents: 8123
diff changeset
176 }
50f49805b13b imap/pop3 proxy: Support master user logins.
Timo Sirainen <tss@iki.fi>
parents: 8123
diff changeset
177
50f49805b13b imap/pop3 proxy: Support master user logins.
Timo Sirainen <tss@iki.fi>
parents: 8123
diff changeset
178 str = t_str_new(128);
8978
2e3baa171e20 imap-proxy: Don't break ID capability check if it's the last capability.
Timo Sirainen <tss@iki.fi>
parents: 8926
diff changeset
179 if (strncmp(line + 5, "[CAPABILITY ", 12) == 0) {
8979
f8404c0f14de imap-proxy: Send backend's CAPABILITY if it's different from what was sent to client before.
Timo Sirainen <tss@iki.fi>
parents: 8978
diff changeset
180 capabilities = t_strsplit(t_strcut(line + 5 + 12, ']'), " ");
f8404c0f14de imap-proxy: Send backend's CAPABILITY if it's different from what was sent to client before.
Timo Sirainen <tss@iki.fi>
parents: 8978
diff changeset
181 if (str_array_icase_find(capabilities, "ID"))
8978
2e3baa171e20 imap-proxy: Don't break ID capability check if it's the last capability.
Timo Sirainen <tss@iki.fi>
parents: 8926
diff changeset
182 proxy_write_id(client, str);
8985
f43bebab3dac imap/pop3 proxy: Support SSL/TLS connections to remote servers.
Timo Sirainen <tss@iki.fi>
parents: 8979
diff changeset
183 if (str_array_icase_find(capabilities, "SASL-IR"))
f43bebab3dac imap/pop3 proxy: Support SSL/TLS connections to remote servers.
Timo Sirainen <tss@iki.fi>
parents: 8979
diff changeset
184 client->proxy_sasl_ir = TRUE;
8978
2e3baa171e20 imap-proxy: Don't break ID capability check if it's the last capability.
Timo Sirainen <tss@iki.fi>
parents: 8926
diff changeset
185 }
8546
50f49805b13b imap/pop3 proxy: Support master user logins.
Timo Sirainen <tss@iki.fi>
parents: 8123
diff changeset
186
8985
f43bebab3dac imap/pop3 proxy: Support SSL/TLS connections to remote servers.
Timo Sirainen <tss@iki.fi>
parents: 8979
diff changeset
187 ssl_flags = login_proxy_get_ssl_flags(client->proxy);
f43bebab3dac imap/pop3 proxy: Support SSL/TLS connections to remote servers.
Timo Sirainen <tss@iki.fi>
parents: 8979
diff changeset
188 if ((ssl_flags & PROXY_SSL_FLAG_STARTTLS) != 0) {
f43bebab3dac imap/pop3 proxy: Support SSL/TLS connections to remote servers.
Timo Sirainen <tss@iki.fi>
parents: 8979
diff changeset
189 if (capabilities != NULL &&
f43bebab3dac imap/pop3 proxy: Support SSL/TLS connections to remote servers.
Timo Sirainen <tss@iki.fi>
parents: 8979
diff changeset
190 !str_array_icase_find(capabilities, "STARTTLS")) {
f43bebab3dac imap/pop3 proxy: Support SSL/TLS connections to remote servers.
Timo Sirainen <tss@iki.fi>
parents: 8979
diff changeset
191 client_syslog_err(&client->common,
f43bebab3dac imap/pop3 proxy: Support SSL/TLS connections to remote servers.
Timo Sirainen <tss@iki.fi>
parents: 8979
diff changeset
192 "proxy: Remote doesn't support STARTTLS");
f43bebab3dac imap/pop3 proxy: Support SSL/TLS connections to remote servers.
Timo Sirainen <tss@iki.fi>
parents: 8979
diff changeset
193 return -1;
f43bebab3dac imap/pop3 proxy: Support SSL/TLS connections to remote servers.
Timo Sirainen <tss@iki.fi>
parents: 8979
diff changeset
194 }
f43bebab3dac imap/pop3 proxy: Support SSL/TLS connections to remote servers.
Timo Sirainen <tss@iki.fi>
parents: 8979
diff changeset
195 str_append(str, "S STARTTLS\r\n");
8546
50f49805b13b imap/pop3 proxy: Support master user logins.
Timo Sirainen <tss@iki.fi>
parents: 8123
diff changeset
196 } else {
8985
f43bebab3dac imap/pop3 proxy: Support SSL/TLS connections to remote servers.
Timo Sirainen <tss@iki.fi>
parents: 8979
diff changeset
197 proxy_write_login(client, str);
8546
50f49805b13b imap/pop3 proxy: Support master user logins.
Timo Sirainen <tss@iki.fi>
parents: 8123
diff changeset
198 }
8985
f43bebab3dac imap/pop3 proxy: Support SSL/TLS connections to remote servers.
Timo Sirainen <tss@iki.fi>
parents: 8979
diff changeset
199
8546
50f49805b13b imap/pop3 proxy: Support master user logins.
Timo Sirainen <tss@iki.fi>
parents: 8123
diff changeset
200 (void)o_stream_send(output, str_data(str), str_len(str));
50f49805b13b imap/pop3 proxy: Support master user logins.
Timo Sirainen <tss@iki.fi>
parents: 8123
diff changeset
201 return 0;
50f49805b13b imap/pop3 proxy: Support master user logins.
Timo Sirainen <tss@iki.fi>
parents: 8123
diff changeset
202 }
50f49805b13b imap/pop3 proxy: Support master user logins.
Timo Sirainen <tss@iki.fi>
parents: 8123
diff changeset
203
8985
f43bebab3dac imap/pop3 proxy: Support SSL/TLS connections to remote servers.
Timo Sirainen <tss@iki.fi>
parents: 8979
diff changeset
204 static int proxy_input_line(struct imap_client *client, const char *line)
2773
e624a9ad6a30 More smart IMAP and POP3 proxies. Now if remote login fails, it just
Timo Sirainen <tss@iki.fi>
parents: 2768
diff changeset
205 {
8985
f43bebab3dac imap/pop3 proxy: Support SSL/TLS connections to remote servers.
Timo Sirainen <tss@iki.fi>
parents: 8979
diff changeset
206 struct ostream *output;
8979
f8404c0f14de imap-proxy: Send backend's CAPABILITY if it's different from what was sent to client before.
Timo Sirainen <tss@iki.fi>
parents: 8978
diff changeset
207 const char *capability;
2773
e624a9ad6a30 More smart IMAP and POP3 proxies. Now if remote login fails, it just
Timo Sirainen <tss@iki.fi>
parents: 2768
diff changeset
208 string_t *str;
e624a9ad6a30 More smart IMAP and POP3 proxies. Now if remote login fails, it just
Timo Sirainen <tss@iki.fi>
parents: 2768
diff changeset
209
4770
88c29111fcee Crashfixes and more asserts. Mostly related to use of AUTHENTICATE/AUTH
Timo Sirainen <tss@iki.fi>
parents: 4768
diff changeset
210 i_assert(!client->destroyed);
4768
4e99f8e7e9bd If client disconnects before logging into remote server is complete, don't
Timo Sirainen <tss@iki.fi>
parents: 4669
diff changeset
211
8985
f43bebab3dac imap/pop3 proxy: Support SSL/TLS connections to remote servers.
Timo Sirainen <tss@iki.fi>
parents: 8979
diff changeset
212 output = login_proxy_get_ostream(client->proxy);
f43bebab3dac imap/pop3 proxy: Support SSL/TLS connections to remote servers.
Timo Sirainen <tss@iki.fi>
parents: 8979
diff changeset
213 if (!client->proxy_seen_banner) {
2773
e624a9ad6a30 More smart IMAP and POP3 proxies. Now if remote login fails, it just
Timo Sirainen <tss@iki.fi>
parents: 2768
diff changeset
214 /* this is a banner */
8985
f43bebab3dac imap/pop3 proxy: Support SSL/TLS connections to remote servers.
Timo Sirainen <tss@iki.fi>
parents: 8979
diff changeset
215 client->proxy_seen_banner = TRUE;
8583
2ff2cac3578b imap/pop3-login: Cleaned up proxying code. Don't disconnect client on proxy failures.
Timo Sirainen <tss@iki.fi>
parents: 8546
diff changeset
216 if (proxy_input_banner(client, output, line) < 0) {
2ff2cac3578b imap/pop3-login: Cleaned up proxying code. Don't disconnect client on proxy failures.
Timo Sirainen <tss@iki.fi>
parents: 8546
diff changeset
217 proxy_failed(client, TRUE);
2ff2cac3578b imap/pop3-login: Cleaned up proxying code. Don't disconnect client on proxy failures.
Timo Sirainen <tss@iki.fi>
parents: 8546
diff changeset
218 return -1;
2ff2cac3578b imap/pop3-login: Cleaned up proxying code. Don't disconnect client on proxy failures.
Timo Sirainen <tss@iki.fi>
parents: 8546
diff changeset
219 }
2ff2cac3578b imap/pop3-login: Cleaned up proxying code. Don't disconnect client on proxy failures.
Timo Sirainen <tss@iki.fi>
parents: 8546
diff changeset
220 return 0;
8546
50f49805b13b imap/pop3 proxy: Support master user logins.
Timo Sirainen <tss@iki.fi>
parents: 8123
diff changeset
221 } else if (*line == '+') {
50f49805b13b imap/pop3 proxy: Support master user logins.
Timo Sirainen <tss@iki.fi>
parents: 8123
diff changeset
222 /* AUTHENTICATE started. finish it. */
7920
3644883cf44e Support transferring original IPs and ports through IMAP proxies.
Timo Sirainen <tss@iki.fi>
parents: 7454
diff changeset
223 str = t_str_new(128);
8546
50f49805b13b imap/pop3 proxy: Support master user logins.
Timo Sirainen <tss@iki.fi>
parents: 8123
diff changeset
224 get_plain_auth(client, str);
50f49805b13b imap/pop3 proxy: Support master user logins.
Timo Sirainen <tss@iki.fi>
parents: 8123
diff changeset
225 str_append(str, "\r\n");
50f49805b13b imap/pop3 proxy: Support master user logins.
Timo Sirainen <tss@iki.fi>
parents: 8123
diff changeset
226 proxy_free_password(client);
7920
3644883cf44e Support transferring original IPs and ports through IMAP proxies.
Timo Sirainen <tss@iki.fi>
parents: 7454
diff changeset
227
2773
e624a9ad6a30 More smart IMAP and POP3 proxies. Now if remote login fails, it just
Timo Sirainen <tss@iki.fi>
parents: 2768
diff changeset
228 (void)o_stream_send(output, str_data(str), str_len(str));
e624a9ad6a30 More smart IMAP and POP3 proxies. Now if remote login fails, it just
Timo Sirainen <tss@iki.fi>
parents: 2768
diff changeset
229 return 0;
8985
f43bebab3dac imap/pop3 proxy: Support SSL/TLS connections to remote servers.
Timo Sirainen <tss@iki.fi>
parents: 8979
diff changeset
230 } else if (strncmp(line, "S ", 2) == 0) {
f43bebab3dac imap/pop3 proxy: Support SSL/TLS connections to remote servers.
Timo Sirainen <tss@iki.fi>
parents: 8979
diff changeset
231 if (strncmp(line, "S OK ", 5) != 0) {
f43bebab3dac imap/pop3 proxy: Support SSL/TLS connections to remote servers.
Timo Sirainen <tss@iki.fi>
parents: 8979
diff changeset
232 /* STARTTLS failed */
f43bebab3dac imap/pop3 proxy: Support SSL/TLS connections to remote servers.
Timo Sirainen <tss@iki.fi>
parents: 8979
diff changeset
233 client_syslog_err(&client->common, t_strdup_printf(
f43bebab3dac imap/pop3 proxy: Support SSL/TLS connections to remote servers.
Timo Sirainen <tss@iki.fi>
parents: 8979
diff changeset
234 "proxy: Remote STARTTLS failed: %s",
f43bebab3dac imap/pop3 proxy: Support SSL/TLS connections to remote servers.
Timo Sirainen <tss@iki.fi>
parents: 8979
diff changeset
235 str_sanitize(line + 5, 160)));
f43bebab3dac imap/pop3 proxy: Support SSL/TLS connections to remote servers.
Timo Sirainen <tss@iki.fi>
parents: 8979
diff changeset
236 proxy_failed(client, TRUE);
f43bebab3dac imap/pop3 proxy: Support SSL/TLS connections to remote servers.
Timo Sirainen <tss@iki.fi>
parents: 8979
diff changeset
237 return -1;
f43bebab3dac imap/pop3 proxy: Support SSL/TLS connections to remote servers.
Timo Sirainen <tss@iki.fi>
parents: 8979
diff changeset
238 }
f43bebab3dac imap/pop3 proxy: Support SSL/TLS connections to remote servers.
Timo Sirainen <tss@iki.fi>
parents: 8979
diff changeset
239 /* STARTTLS successful, begin TLS negotiation. */
f43bebab3dac imap/pop3 proxy: Support SSL/TLS connections to remote servers.
Timo Sirainen <tss@iki.fi>
parents: 8979
diff changeset
240 if (login_proxy_starttls(client->proxy) < 0) {
f43bebab3dac imap/pop3 proxy: Support SSL/TLS connections to remote servers.
Timo Sirainen <tss@iki.fi>
parents: 8979
diff changeset
241 proxy_failed(client, TRUE);
f43bebab3dac imap/pop3 proxy: Support SSL/TLS connections to remote servers.
Timo Sirainen <tss@iki.fi>
parents: 8979
diff changeset
242 return -1;
f43bebab3dac imap/pop3 proxy: Support SSL/TLS connections to remote servers.
Timo Sirainen <tss@iki.fi>
parents: 8979
diff changeset
243 }
f43bebab3dac imap/pop3 proxy: Support SSL/TLS connections to remote servers.
Timo Sirainen <tss@iki.fi>
parents: 8979
diff changeset
244 /* i/ostreams changed. */
f43bebab3dac imap/pop3 proxy: Support SSL/TLS connections to remote servers.
Timo Sirainen <tss@iki.fi>
parents: 8979
diff changeset
245 output = login_proxy_get_ostream(client->proxy);
f43bebab3dac imap/pop3 proxy: Support SSL/TLS connections to remote servers.
Timo Sirainen <tss@iki.fi>
parents: 8979
diff changeset
246 str = t_str_new(128);
f43bebab3dac imap/pop3 proxy: Support SSL/TLS connections to remote servers.
Timo Sirainen <tss@iki.fi>
parents: 8979
diff changeset
247 proxy_write_login(client, str);
f43bebab3dac imap/pop3 proxy: Support SSL/TLS connections to remote servers.
Timo Sirainen <tss@iki.fi>
parents: 8979
diff changeset
248 (void)o_stream_send(output, str_data(str), str_len(str));
f43bebab3dac imap/pop3 proxy: Support SSL/TLS connections to remote servers.
Timo Sirainen <tss@iki.fi>
parents: 8979
diff changeset
249 return 1;
8546
50f49805b13b imap/pop3 proxy: Support master user logins.
Timo Sirainen <tss@iki.fi>
parents: 8123
diff changeset
250 } else if (strncmp(line, "L OK ", 5) == 0) {
2773
e624a9ad6a30 More smart IMAP and POP3 proxies. Now if remote login fails, it just
Timo Sirainen <tss@iki.fi>
parents: 2768
diff changeset
251 /* Login successful. Send this line to client. */
8979
f8404c0f14de imap-proxy: Send backend's CAPABILITY if it's different from what was sent to client before.
Timo Sirainen <tss@iki.fi>
parents: 8978
diff changeset
252 capability = client->proxy_backend_capability;
f8404c0f14de imap-proxy: Send backend's CAPABILITY if it's different from what was sent to client before.
Timo Sirainen <tss@iki.fi>
parents: 8978
diff changeset
253 if (strncmp(line + 5, "[CAPABILITY ", 12) == 0)
f8404c0f14de imap-proxy: Send backend's CAPABILITY if it's different from what was sent to client before.
Timo Sirainen <tss@iki.fi>
parents: 8978
diff changeset
254 capability = t_strcut(line + 5 + 12, ']');
f8404c0f14de imap-proxy: Send backend's CAPABILITY if it's different from what was sent to client before.
Timo Sirainen <tss@iki.fi>
parents: 8978
diff changeset
255
7454
053ec63146cb Send the success reply in one write. Based on patch by Onno Molenkamp.
Timo Sirainen <tss@iki.fi>
parents: 7438
diff changeset
256 str = t_str_new(128);
8979
f8404c0f14de imap-proxy: Send backend's CAPABILITY if it's different from what was sent to client before.
Timo Sirainen <tss@iki.fi>
parents: 8978
diff changeset
257 client_send_capability_if_needed(client, str, capability);
7454
053ec63146cb Send the success reply in one write. Based on patch by Onno Molenkamp.
Timo Sirainen <tss@iki.fi>
parents: 7438
diff changeset
258 str_append(str, client->cmd_tag);
053ec63146cb Send the success reply in one write. Based on patch by Onno Molenkamp.
Timo Sirainen <tss@iki.fi>
parents: 7438
diff changeset
259 str_append(str, line + 1);
053ec63146cb Send the success reply in one write. Based on patch by Onno Molenkamp.
Timo Sirainen <tss@iki.fi>
parents: 7438
diff changeset
260 str_append(str, "\r\n");
053ec63146cb Send the success reply in one write. Based on patch by Onno Molenkamp.
Timo Sirainen <tss@iki.fi>
parents: 7438
diff changeset
261 (void)o_stream_send(client->output,
053ec63146cb Send the success reply in one write. Based on patch by Onno Molenkamp.
Timo Sirainen <tss@iki.fi>
parents: 7438
diff changeset
262 str_data(str), str_len(str));
2773
e624a9ad6a30 More smart IMAP and POP3 proxies. Now if remote login fails, it just
Timo Sirainen <tss@iki.fi>
parents: 2768
diff changeset
263
8097
4d6cc7bb3426 Proxy: Log destuser in the "proxying" line if it's different from username.
Timo Sirainen <tss@iki.fi>
parents: 7927
diff changeset
264 str_truncate(str, 0);
4d6cc7bb3426 Proxy: Log destuser in the "proxying" line if it's different from username.
Timo Sirainen <tss@iki.fi>
parents: 7927
diff changeset
265 str_printfa(str, "proxy(%s): started proxying to %s:%u",
4d6cc7bb3426 Proxy: Log destuser in the "proxying" line if it's different from username.
Timo Sirainen <tss@iki.fi>
parents: 7927
diff changeset
266 client->common.virtual_user,
4d6cc7bb3426 Proxy: Log destuser in the "proxying" line if it's different from username.
Timo Sirainen <tss@iki.fi>
parents: 7927
diff changeset
267 login_proxy_get_host(client->proxy),
4d6cc7bb3426 Proxy: Log destuser in the "proxying" line if it's different from username.
Timo Sirainen <tss@iki.fi>
parents: 7927
diff changeset
268 login_proxy_get_port(client->proxy));
4d6cc7bb3426 Proxy: Log destuser in the "proxying" line if it's different from username.
Timo Sirainen <tss@iki.fi>
parents: 7927
diff changeset
269 if (strcmp(client->common.virtual_user,
4d6cc7bb3426 Proxy: Log destuser in the "proxying" line if it's different from username.
Timo Sirainen <tss@iki.fi>
parents: 7927
diff changeset
270 client->proxy_user) != 0) {
4d6cc7bb3426 Proxy: Log destuser in the "proxying" line if it's different from username.
Timo Sirainen <tss@iki.fi>
parents: 7927
diff changeset
271 /* remote username is different, log it */
4d6cc7bb3426 Proxy: Log destuser in the "proxying" line if it's different from username.
Timo Sirainen <tss@iki.fi>
parents: 7927
diff changeset
272 str_append_c(str, '/');
4d6cc7bb3426 Proxy: Log destuser in the "proxying" line if it's different from username.
Timo Sirainen <tss@iki.fi>
parents: 7927
diff changeset
273 str_append(str, client->proxy_user);
4d6cc7bb3426 Proxy: Log destuser in the "proxying" line if it's different from username.
Timo Sirainen <tss@iki.fi>
parents: 7927
diff changeset
274 }
8546
50f49805b13b imap/pop3 proxy: Support master user logins.
Timo Sirainen <tss@iki.fi>
parents: 8123
diff changeset
275 if (client->proxy_master_user != NULL) {
50f49805b13b imap/pop3 proxy: Support master user logins.
Timo Sirainen <tss@iki.fi>
parents: 8123
diff changeset
276 str_printfa(str, " (master %s)",
50f49805b13b imap/pop3 proxy: Support master user logins.
Timo Sirainen <tss@iki.fi>
parents: 8123
diff changeset
277 client->proxy_master_user);
50f49805b13b imap/pop3 proxy: Support master user logins.
Timo Sirainen <tss@iki.fi>
parents: 8123
diff changeset
278 }
5046
f2cc68a3a198 Log the proxy destination host:port.
Timo Sirainen <tss@iki.fi>
parents: 4907
diff changeset
279
2787
Timo Sirainen <tss@iki.fi>
parents: 2786
diff changeset
280 (void)client_skip_line(client);
7927
2351a81ce699 If commands are pipelined after the login command, pass them to the
Timo Sirainen <tss@iki.fi>
parents: 7921
diff changeset
281 login_proxy_detach(client->proxy, client->common.input,
2773
e624a9ad6a30 More smart IMAP and POP3 proxies. Now if remote login fails, it just
Timo Sirainen <tss@iki.fi>
parents: 2768
diff changeset
282 client->output);
e624a9ad6a30 More smart IMAP and POP3 proxies. Now if remote login fails, it just
Timo Sirainen <tss@iki.fi>
parents: 2768
diff changeset
283
e624a9ad6a30 More smart IMAP and POP3 proxies. Now if remote login fails, it just
Timo Sirainen <tss@iki.fi>
parents: 2768
diff changeset
284 client->proxy = NULL;
7927
2351a81ce699 If commands are pipelined after the login command, pass them to the
Timo Sirainen <tss@iki.fi>
parents: 7921
diff changeset
285 client->common.input = NULL;
2773
e624a9ad6a30 More smart IMAP and POP3 proxies. Now if remote login fails, it just
Timo Sirainen <tss@iki.fi>
parents: 2768
diff changeset
286 client->output = NULL;
e624a9ad6a30 More smart IMAP and POP3 proxies. Now if remote login fails, it just
Timo Sirainen <tss@iki.fi>
parents: 2768
diff changeset
287 client->common.fd = -1;
8097
4d6cc7bb3426 Proxy: Log destuser in the "proxying" line if it's different from username.
Timo Sirainen <tss@iki.fi>
parents: 7927
diff changeset
288 client_destroy_success(client, str_c(str));
8774
e9f711a08dd5 imap-proxy: Minor code cleanup
Timo Sirainen <tss@iki.fi>
parents: 8590
diff changeset
289 return 1;
8546
50f49805b13b imap/pop3 proxy: Support master user logins.
Timo Sirainen <tss@iki.fi>
parents: 8123
diff changeset
290 } else if (strncmp(line, "L ", 2) == 0) {
8926
415089905616 imap-login: Use [resp-codes] to figure out when to replace remote's auth failed message with ours.
Timo Sirainen <tss@iki.fi>
parents: 8774
diff changeset
291 line += 2;
8123
26b67708b365 imap/pop3-proxy: If auth_verbose=yes, log proxy login failures.
Timo Sirainen <tss@iki.fi>
parents: 8097
diff changeset
292 if (verbose_auth) {
26b67708b365 imap/pop3-proxy: If auth_verbose=yes, log proxy login failures.
Timo Sirainen <tss@iki.fi>
parents: 8097
diff changeset
293 str = t_str_new(128);
26b67708b365 imap/pop3-proxy: If auth_verbose=yes, log proxy login failures.
Timo Sirainen <tss@iki.fi>
parents: 8097
diff changeset
294 str_printfa(str, "proxy(%s): Login failed to %s:%u",
26b67708b365 imap/pop3-proxy: If auth_verbose=yes, log proxy login failures.
Timo Sirainen <tss@iki.fi>
parents: 8097
diff changeset
295 client->common.virtual_user,
26b67708b365 imap/pop3-proxy: If auth_verbose=yes, log proxy login failures.
Timo Sirainen <tss@iki.fi>
parents: 8097
diff changeset
296 login_proxy_get_host(client->proxy),
26b67708b365 imap/pop3-proxy: If auth_verbose=yes, log proxy login failures.
Timo Sirainen <tss@iki.fi>
parents: 8097
diff changeset
297 login_proxy_get_port(client->proxy));
26b67708b365 imap/pop3-proxy: If auth_verbose=yes, log proxy login failures.
Timo Sirainen <tss@iki.fi>
parents: 8097
diff changeset
298 if (strcmp(client->common.virtual_user,
26b67708b365 imap/pop3-proxy: If auth_verbose=yes, log proxy login failures.
Timo Sirainen <tss@iki.fi>
parents: 8097
diff changeset
299 client->proxy_user) != 0) {
26b67708b365 imap/pop3-proxy: If auth_verbose=yes, log proxy login failures.
Timo Sirainen <tss@iki.fi>
parents: 8097
diff changeset
300 /* remote username is different, log it */
26b67708b365 imap/pop3-proxy: If auth_verbose=yes, log proxy login failures.
Timo Sirainen <tss@iki.fi>
parents: 8097
diff changeset
301 str_append_c(str, '/');
26b67708b365 imap/pop3-proxy: If auth_verbose=yes, log proxy login failures.
Timo Sirainen <tss@iki.fi>
parents: 8097
diff changeset
302 str_append(str, client->proxy_user);
26b67708b365 imap/pop3-proxy: If auth_verbose=yes, log proxy login failures.
Timo Sirainen <tss@iki.fi>
parents: 8097
diff changeset
303 }
8546
50f49805b13b imap/pop3 proxy: Support master user logins.
Timo Sirainen <tss@iki.fi>
parents: 8123
diff changeset
304 if (client->proxy_master_user != NULL) {
50f49805b13b imap/pop3 proxy: Support master user logins.
Timo Sirainen <tss@iki.fi>
parents: 8123
diff changeset
305 str_printfa(str, " (master %s)",
50f49805b13b imap/pop3 proxy: Support master user logins.
Timo Sirainen <tss@iki.fi>
parents: 8123
diff changeset
306 client->proxy_master_user);
50f49805b13b imap/pop3 proxy: Support master user logins.
Timo Sirainen <tss@iki.fi>
parents: 8123
diff changeset
307 }
8123
26b67708b365 imap/pop3-proxy: If auth_verbose=yes, log proxy login failures.
Timo Sirainen <tss@iki.fi>
parents: 8097
diff changeset
308 str_append(str, ": ");
8926
415089905616 imap-login: Use [resp-codes] to figure out when to replace remote's auth failed message with ours.
Timo Sirainen <tss@iki.fi>
parents: 8774
diff changeset
309 if (strncasecmp(line, "NO ", 3) == 0)
415089905616 imap-login: Use [resp-codes] to figure out when to replace remote's auth failed message with ours.
Timo Sirainen <tss@iki.fi>
parents: 8774
diff changeset
310 str_append(str, line + 3);
8123
26b67708b365 imap/pop3-proxy: If auth_verbose=yes, log proxy login failures.
Timo Sirainen <tss@iki.fi>
parents: 8097
diff changeset
311 else
8926
415089905616 imap-login: Use [resp-codes] to figure out when to replace remote's auth failed message with ours.
Timo Sirainen <tss@iki.fi>
parents: 8774
diff changeset
312 str_append(str, line);
8123
26b67708b365 imap/pop3-proxy: If auth_verbose=yes, log proxy login failures.
Timo Sirainen <tss@iki.fi>
parents: 8097
diff changeset
313 i_info("%s", str_c(str));
26b67708b365 imap/pop3-proxy: If auth_verbose=yes, log proxy login failures.
Timo Sirainen <tss@iki.fi>
parents: 8097
diff changeset
314 }
8926
415089905616 imap-login: Use [resp-codes] to figure out when to replace remote's auth failed message with ours.
Timo Sirainen <tss@iki.fi>
parents: 8774
diff changeset
315 #define STR_NO_IMAP_RESP_CODE_AUTHFAILED "NO ["IMAP_RESP_CODE_AUTHFAILED"]"
415089905616 imap-login: Use [resp-codes] to figure out when to replace remote's auth failed message with ours.
Timo Sirainen <tss@iki.fi>
parents: 8774
diff changeset
316 if (strncmp(line, STR_NO_IMAP_RESP_CODE_AUTHFAILED,
415089905616 imap-login: Use [resp-codes] to figure out when to replace remote's auth failed message with ours.
Timo Sirainen <tss@iki.fi>
parents: 8774
diff changeset
317 strlen(STR_NO_IMAP_RESP_CODE_AUTHFAILED)) == 0) {
415089905616 imap-login: Use [resp-codes] to figure out when to replace remote's auth failed message with ours.
Timo Sirainen <tss@iki.fi>
parents: 8774
diff changeset
318 /* the remote sent a generic "authentication failed"
415089905616 imap-login: Use [resp-codes] to figure out when to replace remote's auth failed message with ours.
Timo Sirainen <tss@iki.fi>
parents: 8774
diff changeset
319 error. replace it with our one, so that in case
415089905616 imap-login: Use [resp-codes] to figure out when to replace remote's auth failed message with ours.
Timo Sirainen <tss@iki.fi>
parents: 8774
diff changeset
320 the remote is sending a different error message
415089905616 imap-login: Use [resp-codes] to figure out when to replace remote's auth failed message with ours.
Timo Sirainen <tss@iki.fi>
parents: 8774
diff changeset
321 an attacker can't find out what users exist in
415089905616 imap-login: Use [resp-codes] to figure out when to replace remote's auth failed message with ours.
Timo Sirainen <tss@iki.fi>
parents: 8774
diff changeset
322 the system. */
415089905616 imap-login: Use [resp-codes] to figure out when to replace remote's auth failed message with ours.
Timo Sirainen <tss@iki.fi>
parents: 8774
diff changeset
323 line = "NO "IMAP_AUTH_FAILED_MSG;
415089905616 imap-login: Use [resp-codes] to figure out when to replace remote's auth failed message with ours.
Timo Sirainen <tss@iki.fi>
parents: 8774
diff changeset
324 } else if (strncmp(line, "NO [", 4) == 0) {
415089905616 imap-login: Use [resp-codes] to figure out when to replace remote's auth failed message with ours.
Timo Sirainen <tss@iki.fi>
parents: 8774
diff changeset
325 /* remote sent some other resp-code. forward it. */
415089905616 imap-login: Use [resp-codes] to figure out when to replace remote's auth failed message with ours.
Timo Sirainen <tss@iki.fi>
parents: 8774
diff changeset
326 } else {
415089905616 imap-login: Use [resp-codes] to figure out when to replace remote's auth failed message with ours.
Timo Sirainen <tss@iki.fi>
parents: 8774
diff changeset
327 /* there was no [resp-code], so remote isn't Dovecot
415089905616 imap-login: Use [resp-codes] to figure out when to replace remote's auth failed message with ours.
Timo Sirainen <tss@iki.fi>
parents: 8774
diff changeset
328 v1.2+. we could either forward the line as-is and
415089905616 imap-login: Use [resp-codes] to figure out when to replace remote's auth failed message with ours.
Timo Sirainen <tss@iki.fi>
parents: 8774
diff changeset
329 leak information about what users exist in this
415089905616 imap-login: Use [resp-codes] to figure out when to replace remote's auth failed message with ours.
Timo Sirainen <tss@iki.fi>
parents: 8774
diff changeset
330 system, or we could hide other errors than password
415089905616 imap-login: Use [resp-codes] to figure out when to replace remote's auth failed message with ours.
Timo Sirainen <tss@iki.fi>
parents: 8774
diff changeset
331 failures. since other errors are pretty rare,
415089905616 imap-login: Use [resp-codes] to figure out when to replace remote's auth failed message with ours.
Timo Sirainen <tss@iki.fi>
parents: 8774
diff changeset
332 it's safer to just hide them. they're still
415089905616 imap-login: Use [resp-codes] to figure out when to replace remote's auth failed message with ours.
Timo Sirainen <tss@iki.fi>
parents: 8774
diff changeset
333 available in logs though. */
415089905616 imap-login: Use [resp-codes] to figure out when to replace remote's auth failed message with ours.
Timo Sirainen <tss@iki.fi>
parents: 8774
diff changeset
334 line = "NO "IMAP_AUTH_FAILED_MSG;
415089905616 imap-login: Use [resp-codes] to figure out when to replace remote's auth failed message with ours.
Timo Sirainen <tss@iki.fi>
parents: 8774
diff changeset
335 }
415089905616 imap-login: Use [resp-codes] to figure out when to replace remote's auth failed message with ours.
Timo Sirainen <tss@iki.fi>
parents: 8774
diff changeset
336 client_send_tagline(client, line);
415089905616 imap-login: Use [resp-codes] to figure out when to replace remote's auth failed message with ours.
Timo Sirainen <tss@iki.fi>
parents: 8774
diff changeset
337
8583
2ff2cac3578b imap/pop3-login: Cleaned up proxying code. Don't disconnect client on proxy failures.
Timo Sirainen <tss@iki.fi>
parents: 8546
diff changeset
338 proxy_failed(client, FALSE);
2773
e624a9ad6a30 More smart IMAP and POP3 proxies. Now if remote login fails, it just
Timo Sirainen <tss@iki.fi>
parents: 2768
diff changeset
339 return -1;
8979
f8404c0f14de imap-proxy: Send backend's CAPABILITY if it's different from what was sent to client before.
Timo Sirainen <tss@iki.fi>
parents: 8978
diff changeset
340 } else if (strncasecmp(line, "* CAPABILITY ", 13) == 0) {
f8404c0f14de imap-proxy: Send backend's CAPABILITY if it's different from what was sent to client before.
Timo Sirainen <tss@iki.fi>
parents: 8978
diff changeset
341 i_free(client->proxy_backend_capability);
f8404c0f14de imap-proxy: Send backend's CAPABILITY if it's different from what was sent to client before.
Timo Sirainen <tss@iki.fi>
parents: 8978
diff changeset
342 client->proxy_backend_capability = i_strdup(line + 13);
f8404c0f14de imap-proxy: Send backend's CAPABILITY if it's different from what was sent to client before.
Timo Sirainen <tss@iki.fi>
parents: 8978
diff changeset
343 return 0;
9126
b745911012bb imap proxy: Pass through to client unexpected untagged replies from remote server.
Timo Sirainen <tss@iki.fi>
parents: 8985
diff changeset
344 } else if (strncasecmp(line, "I ", 2) == 0 ||
b745911012bb imap proxy: Pass through to client unexpected untagged replies from remote server.
Timo Sirainen <tss@iki.fi>
parents: 8985
diff changeset
345 strncasecmp(line, "* ID ", 5) == 0) {
b745911012bb imap proxy: Pass through to client unexpected untagged replies from remote server.
Timo Sirainen <tss@iki.fi>
parents: 8985
diff changeset
346 /* Reply to ID command we sent, ignore it */
9128
ca486f917810 imap proxy: Fix to previous change.
Timo Sirainen <tss@iki.fi>
parents: 9126
diff changeset
347 return 0;
9126
b745911012bb imap proxy: Pass through to client unexpected untagged replies from remote server.
Timo Sirainen <tss@iki.fi>
parents: 8985
diff changeset
348 } else if (strncmp(line, "* ", 2) == 0) {
b745911012bb imap proxy: Pass through to client unexpected untagged replies from remote server.
Timo Sirainen <tss@iki.fi>
parents: 8985
diff changeset
349 /* untagged reply. just foward it. */
b745911012bb imap proxy: Pass through to client unexpected untagged replies from remote server.
Timo Sirainen <tss@iki.fi>
parents: 8985
diff changeset
350 client_send_line(client, line);
b745911012bb imap proxy: Pass through to client unexpected untagged replies from remote server.
Timo Sirainen <tss@iki.fi>
parents: 8985
diff changeset
351 return 0;
2773
e624a9ad6a30 More smart IMAP and POP3 proxies. Now if remote login fails, it just
Timo Sirainen <tss@iki.fi>
parents: 2768
diff changeset
352 } else {
9126
b745911012bb imap proxy: Pass through to client unexpected untagged replies from remote server.
Timo Sirainen <tss@iki.fi>
parents: 8985
diff changeset
353 /* tagged reply, shouldn't happen. */
2773
e624a9ad6a30 More smart IMAP and POP3 proxies. Now if remote login fails, it just
Timo Sirainen <tss@iki.fi>
parents: 2768
diff changeset
354 return 0;
e624a9ad6a30 More smart IMAP and POP3 proxies. Now if remote login fails, it just
Timo Sirainen <tss@iki.fi>
parents: 2768
diff changeset
355 }
e624a9ad6a30 More smart IMAP and POP3 proxies. Now if remote login fails, it just
Timo Sirainen <tss@iki.fi>
parents: 2768
diff changeset
356 }
e624a9ad6a30 More smart IMAP and POP3 proxies. Now if remote login fails, it just
Timo Sirainen <tss@iki.fi>
parents: 2768
diff changeset
357
8985
f43bebab3dac imap/pop3 proxy: Support SSL/TLS connections to remote servers.
Timo Sirainen <tss@iki.fi>
parents: 8979
diff changeset
358 static void proxy_input(struct imap_client *client)
2773
e624a9ad6a30 More smart IMAP and POP3 proxies. Now if remote login fails, it just
Timo Sirainen <tss@iki.fi>
parents: 2768
diff changeset
359 {
8985
f43bebab3dac imap/pop3 proxy: Support SSL/TLS connections to remote servers.
Timo Sirainen <tss@iki.fi>
parents: 8979
diff changeset
360 struct istream *input;
2773
e624a9ad6a30 More smart IMAP and POP3 proxies. Now if remote login fails, it just
Timo Sirainen <tss@iki.fi>
parents: 2768
diff changeset
361 const char *line;
e624a9ad6a30 More smart IMAP and POP3 proxies. Now if remote login fails, it just
Timo Sirainen <tss@iki.fi>
parents: 2768
diff changeset
362
8985
f43bebab3dac imap/pop3 proxy: Support SSL/TLS connections to remote servers.
Timo Sirainen <tss@iki.fi>
parents: 8979
diff changeset
363 if (client->proxy == NULL) {
f43bebab3dac imap/pop3 proxy: Support SSL/TLS connections to remote servers.
Timo Sirainen <tss@iki.fi>
parents: 8979
diff changeset
364 /* we're just freeing the proxy */
f43bebab3dac imap/pop3 proxy: Support SSL/TLS connections to remote servers.
Timo Sirainen <tss@iki.fi>
parents: 8979
diff changeset
365 return;
f43bebab3dac imap/pop3 proxy: Support SSL/TLS connections to remote servers.
Timo Sirainen <tss@iki.fi>
parents: 8979
diff changeset
366 }
f43bebab3dac imap/pop3 proxy: Support SSL/TLS connections to remote servers.
Timo Sirainen <tss@iki.fi>
parents: 8979
diff changeset
367
f43bebab3dac imap/pop3 proxy: Support SSL/TLS connections to remote servers.
Timo Sirainen <tss@iki.fi>
parents: 8979
diff changeset
368 input = login_proxy_get_istream(client->proxy);
2773
e624a9ad6a30 More smart IMAP and POP3 proxies. Now if remote login fails, it just
Timo Sirainen <tss@iki.fi>
parents: 2768
diff changeset
369 if (input == NULL) {
5138
20302f49eda3 Don't crash if the remote server disconnects before we're logged in.
Timo Sirainen <tss@iki.fi>
parents: 5046
diff changeset
370 if (client->destroyed) {
20302f49eda3 Don't crash if the remote server disconnects before we're logged in.
Timo Sirainen <tss@iki.fi>
parents: 5046
diff changeset
371 /* we came here from client_destroy() */
20302f49eda3 Don't crash if the remote server disconnects before we're logged in.
Timo Sirainen <tss@iki.fi>
parents: 5046
diff changeset
372 return;
20302f49eda3 Don't crash if the remote server disconnects before we're logged in.
Timo Sirainen <tss@iki.fi>
parents: 5046
diff changeset
373 }
20302f49eda3 Don't crash if the remote server disconnects before we're logged in.
Timo Sirainen <tss@iki.fi>
parents: 5046
diff changeset
374
3054
a5dbe1e56c07 proxy: When we can't connect to remote server, show "Temporary login
Timo Sirainen <tss@iki.fi>
parents: 2835
diff changeset
375 /* failed for some reason, probably server disconnected */
8583
2ff2cac3578b imap/pop3-login: Cleaned up proxying code. Don't disconnect client on proxy failures.
Timo Sirainen <tss@iki.fi>
parents: 8546
diff changeset
376 proxy_failed(client, TRUE);
2773
e624a9ad6a30 More smart IMAP and POP3 proxies. Now if remote login fails, it just
Timo Sirainen <tss@iki.fi>
parents: 2768
diff changeset
377 return;
e624a9ad6a30 More smart IMAP and POP3 proxies. Now if remote login fails, it just
Timo Sirainen <tss@iki.fi>
parents: 2768
diff changeset
378 }
e624a9ad6a30 More smart IMAP and POP3 proxies. Now if remote login fails, it just
Timo Sirainen <tss@iki.fi>
parents: 2768
diff changeset
379
5138
20302f49eda3 Don't crash if the remote server disconnects before we're logged in.
Timo Sirainen <tss@iki.fi>
parents: 5046
diff changeset
380 i_assert(!client->destroyed);
20302f49eda3 Don't crash if the remote server disconnects before we're logged in.
Timo Sirainen <tss@iki.fi>
parents: 5046
diff changeset
381
2773
e624a9ad6a30 More smart IMAP and POP3 proxies. Now if remote login fails, it just
Timo Sirainen <tss@iki.fi>
parents: 2768
diff changeset
382 switch (i_stream_read(input)) {
e624a9ad6a30 More smart IMAP and POP3 proxies. Now if remote login fails, it just
Timo Sirainen <tss@iki.fi>
parents: 2768
diff changeset
383 case -2:
8583
2ff2cac3578b imap/pop3-login: Cleaned up proxying code. Don't disconnect client on proxy failures.
Timo Sirainen <tss@iki.fi>
parents: 8546
diff changeset
384 client_syslog_err(&client->common,
2ff2cac3578b imap/pop3-login: Cleaned up proxying code. Don't disconnect client on proxy failures.
Timo Sirainen <tss@iki.fi>
parents: 8546
diff changeset
385 "proxy: Remote input buffer full");
2ff2cac3578b imap/pop3-login: Cleaned up proxying code. Don't disconnect client on proxy failures.
Timo Sirainen <tss@iki.fi>
parents: 8546
diff changeset
386 proxy_failed(client, TRUE);
2773
e624a9ad6a30 More smart IMAP and POP3 proxies. Now if remote login fails, it just
Timo Sirainen <tss@iki.fi>
parents: 2768
diff changeset
387 return;
e624a9ad6a30 More smart IMAP and POP3 proxies. Now if remote login fails, it just
Timo Sirainen <tss@iki.fi>
parents: 2768
diff changeset
388 case -1:
8583
2ff2cac3578b imap/pop3-login: Cleaned up proxying code. Don't disconnect client on proxy failures.
Timo Sirainen <tss@iki.fi>
parents: 8546
diff changeset
389 client_syslog_err(&client->common,
2ff2cac3578b imap/pop3-login: Cleaned up proxying code. Don't disconnect client on proxy failures.
Timo Sirainen <tss@iki.fi>
parents: 8546
diff changeset
390 "proxy: Remote disconnected");
2ff2cac3578b imap/pop3-login: Cleaned up proxying code. Don't disconnect client on proxy failures.
Timo Sirainen <tss@iki.fi>
parents: 8546
diff changeset
391 proxy_failed(client, TRUE);
2773
e624a9ad6a30 More smart IMAP and POP3 proxies. Now if remote login fails, it just
Timo Sirainen <tss@iki.fi>
parents: 2768
diff changeset
392 return;
e624a9ad6a30 More smart IMAP and POP3 proxies. Now if remote login fails, it just
Timo Sirainen <tss@iki.fi>
parents: 2768
diff changeset
393 }
e624a9ad6a30 More smart IMAP and POP3 proxies. Now if remote login fails, it just
Timo Sirainen <tss@iki.fi>
parents: 2768
diff changeset
394
e624a9ad6a30 More smart IMAP and POP3 proxies. Now if remote login fails, it just
Timo Sirainen <tss@iki.fi>
parents: 2768
diff changeset
395 while ((line = i_stream_next_line(input)) != NULL) {
8985
f43bebab3dac imap/pop3 proxy: Support SSL/TLS connections to remote servers.
Timo Sirainen <tss@iki.fi>
parents: 8979
diff changeset
396 if (proxy_input_line(client, line) != 0)
2773
e624a9ad6a30 More smart IMAP and POP3 proxies. Now if remote login fails, it just
Timo Sirainen <tss@iki.fi>
parents: 2768
diff changeset
397 break;
e624a9ad6a30 More smart IMAP and POP3 proxies. Now if remote login fails, it just
Timo Sirainen <tss@iki.fi>
parents: 2768
diff changeset
398 }
e624a9ad6a30 More smart IMAP and POP3 proxies. Now if remote login fails, it just
Timo Sirainen <tss@iki.fi>
parents: 2768
diff changeset
399 }
e624a9ad6a30 More smart IMAP and POP3 proxies. Now if remote login fails, it just
Timo Sirainen <tss@iki.fi>
parents: 2768
diff changeset
400
2768
d344be0bb70f Added IMAP and POP3 proxying support.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
401 int imap_proxy_new(struct imap_client *client, const char *host,
8546
50f49805b13b imap/pop3 proxy: Support master user logins.
Timo Sirainen <tss@iki.fi>
parents: 8123
diff changeset
402 unsigned int port, const char *user, const char *master_user,
8985
f43bebab3dac imap/pop3 proxy: Support SSL/TLS connections to remote servers.
Timo Sirainen <tss@iki.fi>
parents: 8979
diff changeset
403 const char *password, enum login_proxy_ssl_flags ssl_flags)
2768
d344be0bb70f Added IMAP and POP3 proxying support.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
404 {
d344be0bb70f Added IMAP and POP3 proxying support.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
405 i_assert(user != NULL);
4770
88c29111fcee Crashfixes and more asserts. Mostly related to use of AUTHENTICATE/AUTH
Timo Sirainen <tss@iki.fi>
parents: 4768
diff changeset
406 i_assert(!client->destroyed);
2768
d344be0bb70f Added IMAP and POP3 proxying support.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
407
d344be0bb70f Added IMAP and POP3 proxying support.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
408 if (password == NULL) {
8583
2ff2cac3578b imap/pop3-login: Cleaned up proxying code. Don't disconnect client on proxy failures.
Timo Sirainen <tss@iki.fi>
parents: 8546
diff changeset
409 client_syslog_err(&client->common, "proxy: password not given");
2ff2cac3578b imap/pop3-login: Cleaned up proxying code. Don't disconnect client on proxy failures.
Timo Sirainen <tss@iki.fi>
parents: 8546
diff changeset
410 client_send_tagline(client, PROXY_FAILURE_MSG);
2768
d344be0bb70f Added IMAP and POP3 proxying support.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
411 return -1;
d344be0bb70f Added IMAP and POP3 proxying support.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
412 }
d344be0bb70f Added IMAP and POP3 proxying support.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
413
4560
507088c0d511 Fixes for handling near-full connection queues.
Timo Sirainen <tss@iki.fi>
parents: 3879
diff changeset
414 i_assert(client->refcount > 1);
507088c0d511 Fixes for handling near-full connection queues.
Timo Sirainen <tss@iki.fi>
parents: 3879
diff changeset
415 connection_queue_add(1);
507088c0d511 Fixes for handling near-full connection queues.
Timo Sirainen <tss@iki.fi>
parents: 3879
diff changeset
416
4770
88c29111fcee Crashfixes and more asserts. Mostly related to use of AUTHENTICATE/AUTH
Timo Sirainen <tss@iki.fi>
parents: 4768
diff changeset
417 if (client->destroyed) {
88c29111fcee Crashfixes and more asserts. Mostly related to use of AUTHENTICATE/AUTH
Timo Sirainen <tss@iki.fi>
parents: 4768
diff changeset
418 /* connection_queue_add() decided that we were the oldest
88c29111fcee Crashfixes and more asserts. Mostly related to use of AUTHENTICATE/AUTH
Timo Sirainen <tss@iki.fi>
parents: 4768
diff changeset
419 connection and killed us. */
88c29111fcee Crashfixes and more asserts. Mostly related to use of AUTHENTICATE/AUTH
Timo Sirainen <tss@iki.fi>
parents: 4768
diff changeset
420 return -1;
88c29111fcee Crashfixes and more asserts. Mostly related to use of AUTHENTICATE/AUTH
Timo Sirainen <tss@iki.fi>
parents: 4768
diff changeset
421 }
8583
2ff2cac3578b imap/pop3-login: Cleaned up proxying code. Don't disconnect client on proxy failures.
Timo Sirainen <tss@iki.fi>
parents: 8546
diff changeset
422 if (login_proxy_is_ourself(&client->common, host, port, user)) {
2ff2cac3578b imap/pop3-login: Cleaned up proxying code. Don't disconnect client on proxy failures.
Timo Sirainen <tss@iki.fi>
parents: 8546
diff changeset
423 client_syslog_err(&client->common, "Proxying loops to itself");
2ff2cac3578b imap/pop3-login: Cleaned up proxying code. Don't disconnect client on proxy failures.
Timo Sirainen <tss@iki.fi>
parents: 8546
diff changeset
424 client_send_tagline(client, PROXY_FAILURE_MSG);
2ff2cac3578b imap/pop3-login: Cleaned up proxying code. Don't disconnect client on proxy failures.
Timo Sirainen <tss@iki.fi>
parents: 8546
diff changeset
425 return -1;
2ff2cac3578b imap/pop3-login: Cleaned up proxying code. Don't disconnect client on proxy failures.
Timo Sirainen <tss@iki.fi>
parents: 8546
diff changeset
426 }
4770
88c29111fcee Crashfixes and more asserts. Mostly related to use of AUTHENTICATE/AUTH
Timo Sirainen <tss@iki.fi>
parents: 4768
diff changeset
427
8985
f43bebab3dac imap/pop3 proxy: Support SSL/TLS connections to remote servers.
Timo Sirainen <tss@iki.fi>
parents: 8979
diff changeset
428 client->proxy = login_proxy_new(&client->common, host, port, ssl_flags,
2773
e624a9ad6a30 More smart IMAP and POP3 proxies. Now if remote login fails, it just
Timo Sirainen <tss@iki.fi>
parents: 2768
diff changeset
429 proxy_input, client);
8583
2ff2cac3578b imap/pop3-login: Cleaned up proxying code. Don't disconnect client on proxy failures.
Timo Sirainen <tss@iki.fi>
parents: 8546
diff changeset
430 if (client->proxy == NULL) {
2ff2cac3578b imap/pop3-login: Cleaned up proxying code. Don't disconnect client on proxy failures.
Timo Sirainen <tss@iki.fi>
parents: 8546
diff changeset
431 client_send_tagline(client, PROXY_FAILURE_MSG);
2768
d344be0bb70f Added IMAP and POP3 proxying support.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
432 return -1;
8583
2ff2cac3578b imap/pop3-login: Cleaned up proxying code. Don't disconnect client on proxy failures.
Timo Sirainen <tss@iki.fi>
parents: 8546
diff changeset
433 }
2768
d344be0bb70f Added IMAP and POP3 proxying support.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
434
8985
f43bebab3dac imap/pop3 proxy: Support SSL/TLS connections to remote servers.
Timo Sirainen <tss@iki.fi>
parents: 8979
diff changeset
435 client->proxy_sasl_ir = FALSE;
f43bebab3dac imap/pop3 proxy: Support SSL/TLS connections to remote servers.
Timo Sirainen <tss@iki.fi>
parents: 8979
diff changeset
436 client->proxy_seen_banner = FALSE;
2773
e624a9ad6a30 More smart IMAP and POP3 proxies. Now if remote login fails, it just
Timo Sirainen <tss@iki.fi>
parents: 2768
diff changeset
437 client->proxy_user = i_strdup(user);
8546
50f49805b13b imap/pop3 proxy: Support master user logins.
Timo Sirainen <tss@iki.fi>
parents: 8123
diff changeset
438 client->proxy_master_user = i_strdup(master_user);
2773
e624a9ad6a30 More smart IMAP and POP3 proxies. Now if remote login fails, it just
Timo Sirainen <tss@iki.fi>
parents: 2768
diff changeset
439 client->proxy_password = i_strdup(password);
e624a9ad6a30 More smart IMAP and POP3 proxies. Now if remote login fails, it just
Timo Sirainen <tss@iki.fi>
parents: 2768
diff changeset
440
e624a9ad6a30 More smart IMAP and POP3 proxies. Now if remote login fails, it just
Timo Sirainen <tss@iki.fi>
parents: 2768
diff changeset
441 /* disable input until authentication is finished */
3879
928229f8b3e6 deinit, unref, destroy, close, free, etc. functions now take a pointer to
Timo Sirainen <tss@iki.fi>
parents: 3054
diff changeset
442 if (client->io != NULL)
928229f8b3e6 deinit, unref, destroy, close, free, etc. functions now take a pointer to
Timo Sirainen <tss@iki.fi>
parents: 3054
diff changeset
443 io_remove(&client->io);
2768
d344be0bb70f Added IMAP and POP3 proxying support.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
444 return 0;
d344be0bb70f Added IMAP and POP3 proxying support.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
445 }