Mercurial > dovecot > original-hg > dovecot-1.2
annotate src/imap-login/imap-proxy.c @ 9266:cd29b745c8dd HEAD
configure: clock_gettime()'s -lrt adding dropped everything else from $LIBS.
author | Timo Sirainen <tss@iki.fi> |
---|---|
date | Mon, 27 Jul 2009 06:32:42 -0400 |
parents | 5ee5def4f0ff |
children | e3ccd235a7e5 |
rev | line source |
---|---|
8590
b9faf4db2a9f
Updated copyright notices to include year 2009.
Timo Sirainen <tss@iki.fi>
parents:
8583
diff
changeset
|
1 /* Copyright (c) 2004-2009 Dovecot authors, see the included COPYING file */ |
2768
d344be0bb70f
Added IMAP and POP3 proxying support.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
2 |
d344be0bb70f
Added IMAP and POP3 proxying support.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
3 #include "common.h" |
8979
f8404c0f14de
imap-proxy: Send backend's CAPABILITY if it's different from what was sent to client before.
Timo Sirainen <tss@iki.fi>
parents:
8978
diff
changeset
|
4 #include "array.h" |
2768
d344be0bb70f
Added IMAP and POP3 proxying support.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
5 #include "ioloop.h" |
2773
e624a9ad6a30
More smart IMAP and POP3 proxies. Now if remote login fails, it just
Timo Sirainen <tss@iki.fi>
parents:
2768
diff
changeset
|
6 #include "istream.h" |
e624a9ad6a30
More smart IMAP and POP3 proxies. Now if remote login fails, it just
Timo Sirainen <tss@iki.fi>
parents:
2768
diff
changeset
|
7 #include "ostream.h" |
8546
50f49805b13b
imap/pop3 proxy: Support master user logins.
Timo Sirainen <tss@iki.fi>
parents:
8123
diff
changeset
|
8 #include "base64.h" |
2768
d344be0bb70f
Added IMAP and POP3 proxying support.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
9 #include "str.h" |
7117
769181a20483
Make sure all user input is sanitized before it's logged.
Timo Sirainen <tss@iki.fi>
parents:
7086
diff
changeset
|
10 #include "str-sanitize.h" |
2773
e624a9ad6a30
More smart IMAP and POP3 proxies. Now if remote login fails, it just
Timo Sirainen <tss@iki.fi>
parents:
2768
diff
changeset
|
11 #include "safe-memset.h" |
2768
d344be0bb70f
Added IMAP and POP3 proxying support.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
12 #include "client.h" |
8926
415089905616
imap-login: Use [resp-codes] to figure out when to replace remote's auth failed message with ours.
Timo Sirainen <tss@iki.fi>
parents:
8774
diff
changeset
|
13 #include "client-authenticate.h" |
8583
2ff2cac3578b
imap/pop3-login: Cleaned up proxying code. Don't disconnect client on proxy failures.
Timo Sirainen <tss@iki.fi>
parents:
8546
diff
changeset
|
14 #include "imap-resp-code.h" |
2768
d344be0bb70f
Added IMAP and POP3 proxying support.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
15 #include "imap-quote.h" |
d344be0bb70f
Added IMAP and POP3 proxying support.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
16 #include "imap-proxy.h" |
d344be0bb70f
Added IMAP and POP3 proxying support.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
17 |
8979
f8404c0f14de
imap-proxy: Send backend's CAPABILITY if it's different from what was sent to client before.
Timo Sirainen <tss@iki.fi>
parents:
8978
diff
changeset
|
18 #include <stdlib.h> |
f8404c0f14de
imap-proxy: Send backend's CAPABILITY if it's different from what was sent to client before.
Timo Sirainen <tss@iki.fi>
parents:
8978
diff
changeset
|
19 |
8583
2ff2cac3578b
imap/pop3-login: Cleaned up proxying code. Don't disconnect client on proxy failures.
Timo Sirainen <tss@iki.fi>
parents:
8546
diff
changeset
|
20 #define PROXY_FAILURE_MSG \ |
2ff2cac3578b
imap/pop3-login: Cleaned up proxying code. Don't disconnect client on proxy failures.
Timo Sirainen <tss@iki.fi>
parents:
8546
diff
changeset
|
21 "NO ["IMAP_RESP_CODE_UNAVAILABLE"] "AUTH_TEMP_FAILED_MSG |
2ff2cac3578b
imap/pop3-login: Cleaned up proxying code. Don't disconnect client on proxy failures.
Timo Sirainen <tss@iki.fi>
parents:
8546
diff
changeset
|
22 |
8979
f8404c0f14de
imap-proxy: Send backend's CAPABILITY if it's different from what was sent to client before.
Timo Sirainen <tss@iki.fi>
parents:
8978
diff
changeset
|
23 static const char *const * |
f8404c0f14de
imap-proxy: Send backend's CAPABILITY if it's different from what was sent to client before.
Timo Sirainen <tss@iki.fi>
parents:
8978
diff
changeset
|
24 capabilities_strip_prelogin(const char *const *capabilities) |
7920
3644883cf44e
Support transferring original IPs and ports through IMAP proxies.
Timo Sirainen <tss@iki.fi>
parents:
7454
diff
changeset
|
25 { |
8979
f8404c0f14de
imap-proxy: Send backend's CAPABILITY if it's different from what was sent to client before.
Timo Sirainen <tss@iki.fi>
parents:
8978
diff
changeset
|
26 ARRAY_TYPE(const_string) new_caps_arr; |
f8404c0f14de
imap-proxy: Send backend's CAPABILITY if it's different from what was sent to client before.
Timo Sirainen <tss@iki.fi>
parents:
8978
diff
changeset
|
27 const char **new_caps, *str; |
f8404c0f14de
imap-proxy: Send backend's CAPABILITY if it's different from what was sent to client before.
Timo Sirainen <tss@iki.fi>
parents:
8978
diff
changeset
|
28 unsigned int count; |
7920
3644883cf44e
Support transferring original IPs and ports through IMAP proxies.
Timo Sirainen <tss@iki.fi>
parents:
7454
diff
changeset
|
29 |
8979
f8404c0f14de
imap-proxy: Send backend's CAPABILITY if it's different from what was sent to client before.
Timo Sirainen <tss@iki.fi>
parents:
8978
diff
changeset
|
30 t_array_init(&new_caps_arr, 64); |
f8404c0f14de
imap-proxy: Send backend's CAPABILITY if it's different from what was sent to client before.
Timo Sirainen <tss@iki.fi>
parents:
8978
diff
changeset
|
31 for (; *capabilities != NULL; capabilities++) { |
f8404c0f14de
imap-proxy: Send backend's CAPABILITY if it's different from what was sent to client before.
Timo Sirainen <tss@iki.fi>
parents:
8978
diff
changeset
|
32 if (strncasecmp(*capabilities, "AUTH=", 5) == 0 || |
f8404c0f14de
imap-proxy: Send backend's CAPABILITY if it's different from what was sent to client before.
Timo Sirainen <tss@iki.fi>
parents:
8978
diff
changeset
|
33 strcasecmp(*capabilities, "STARTTLS") == 0 || |
f8404c0f14de
imap-proxy: Send backend's CAPABILITY if it's different from what was sent to client before.
Timo Sirainen <tss@iki.fi>
parents:
8978
diff
changeset
|
34 strcasecmp(*capabilities, "SASL-IR") == 0 || |
f8404c0f14de
imap-proxy: Send backend's CAPABILITY if it's different from what was sent to client before.
Timo Sirainen <tss@iki.fi>
parents:
8978
diff
changeset
|
35 strcasecmp(*capabilities, "LOGINDISABLED") == 0 || |
f8404c0f14de
imap-proxy: Send backend's CAPABILITY if it's different from what was sent to client before.
Timo Sirainen <tss@iki.fi>
parents:
8978
diff
changeset
|
36 strcasecmp(*capabilities, "LOGIN-REFERRALS") == 0) |
f8404c0f14de
imap-proxy: Send backend's CAPABILITY if it's different from what was sent to client before.
Timo Sirainen <tss@iki.fi>
parents:
8978
diff
changeset
|
37 continue; |
f8404c0f14de
imap-proxy: Send backend's CAPABILITY if it's different from what was sent to client before.
Timo Sirainen <tss@iki.fi>
parents:
8978
diff
changeset
|
38 |
f8404c0f14de
imap-proxy: Send backend's CAPABILITY if it's different from what was sent to client before.
Timo Sirainen <tss@iki.fi>
parents:
8978
diff
changeset
|
39 str = *capabilities; |
f8404c0f14de
imap-proxy: Send backend's CAPABILITY if it's different from what was sent to client before.
Timo Sirainen <tss@iki.fi>
parents:
8978
diff
changeset
|
40 array_append(&new_caps_arr, &str, 1); |
7920
3644883cf44e
Support transferring original IPs and ports through IMAP proxies.
Timo Sirainen <tss@iki.fi>
parents:
7454
diff
changeset
|
41 } |
8979
f8404c0f14de
imap-proxy: Send backend's CAPABILITY if it's different from what was sent to client before.
Timo Sirainen <tss@iki.fi>
parents:
8978
diff
changeset
|
42 new_caps = array_get_modifiable(&new_caps_arr, &count); |
f8404c0f14de
imap-proxy: Send backend's CAPABILITY if it's different from what was sent to client before.
Timo Sirainen <tss@iki.fi>
parents:
8978
diff
changeset
|
43 qsort(new_caps, count, sizeof(*new_caps), i_strcasecmp_p); |
f8404c0f14de
imap-proxy: Send backend's CAPABILITY if it's different from what was sent to client before.
Timo Sirainen <tss@iki.fi>
parents:
8978
diff
changeset
|
44 |
f8404c0f14de
imap-proxy: Send backend's CAPABILITY if it's different from what was sent to client before.
Timo Sirainen <tss@iki.fi>
parents:
8978
diff
changeset
|
45 (void)array_append_space(&new_caps_arr); |
f8404c0f14de
imap-proxy: Send backend's CAPABILITY if it's different from what was sent to client before.
Timo Sirainen <tss@iki.fi>
parents:
8978
diff
changeset
|
46 return array_idx(&new_caps_arr, 0); |
7920
3644883cf44e
Support transferring original IPs and ports through IMAP proxies.
Timo Sirainen <tss@iki.fi>
parents:
7454
diff
changeset
|
47 } |
3644883cf44e
Support transferring original IPs and ports through IMAP proxies.
Timo Sirainen <tss@iki.fi>
parents:
7454
diff
changeset
|
48 |
3644883cf44e
Support transferring original IPs and ports through IMAP proxies.
Timo Sirainen <tss@iki.fi>
parents:
7454
diff
changeset
|
49 static void proxy_write_id(struct imap_client *client, string_t *str) |
3644883cf44e
Support transferring original IPs and ports through IMAP proxies.
Timo Sirainen <tss@iki.fi>
parents:
7454
diff
changeset
|
50 { |
3644883cf44e
Support transferring original IPs and ports through IMAP proxies.
Timo Sirainen <tss@iki.fi>
parents:
7454
diff
changeset
|
51 str_printfa(str, "I ID (" |
3644883cf44e
Support transferring original IPs and ports through IMAP proxies.
Timo Sirainen <tss@iki.fi>
parents:
7454
diff
changeset
|
52 "\"x-originating-ip\" \"%s\" " |
3644883cf44e
Support transferring original IPs and ports through IMAP proxies.
Timo Sirainen <tss@iki.fi>
parents:
7454
diff
changeset
|
53 "\"x-originating-port\" \"%u\" " |
7921
9a7469e52f91
Renamed x-local-ip/port to x-connected-ip/port
Timo Sirainen <tss@iki.fi>
parents:
7920
diff
changeset
|
54 "\"x-connected-ip\" \"%s\" " |
9a7469e52f91
Renamed x-local-ip/port to x-connected-ip/port
Timo Sirainen <tss@iki.fi>
parents:
7920
diff
changeset
|
55 "\"x-connected-port\" \"%u\")\r\n", |
7920
3644883cf44e
Support transferring original IPs and ports through IMAP proxies.
Timo Sirainen <tss@iki.fi>
parents:
7454
diff
changeset
|
56 net_ip2addr(&client->common.ip), |
3644883cf44e
Support transferring original IPs and ports through IMAP proxies.
Timo Sirainen <tss@iki.fi>
parents:
7454
diff
changeset
|
57 client->common.remote_port, |
3644883cf44e
Support transferring original IPs and ports through IMAP proxies.
Timo Sirainen <tss@iki.fi>
parents:
7454
diff
changeset
|
58 net_ip2addr(&client->common.local_ip), |
3644883cf44e
Support transferring original IPs and ports through IMAP proxies.
Timo Sirainen <tss@iki.fi>
parents:
7454
diff
changeset
|
59 client->common.local_port); |
3644883cf44e
Support transferring original IPs and ports through IMAP proxies.
Timo Sirainen <tss@iki.fi>
parents:
7454
diff
changeset
|
60 } |
3644883cf44e
Support transferring original IPs and ports through IMAP proxies.
Timo Sirainen <tss@iki.fi>
parents:
7454
diff
changeset
|
61 |
8546
50f49805b13b
imap/pop3 proxy: Support master user logins.
Timo Sirainen <tss@iki.fi>
parents:
8123
diff
changeset
|
62 static void proxy_free_password(struct imap_client *client) |
50f49805b13b
imap/pop3 proxy: Support master user logins.
Timo Sirainen <tss@iki.fi>
parents:
8123
diff
changeset
|
63 { |
8583
2ff2cac3578b
imap/pop3-login: Cleaned up proxying code. Don't disconnect client on proxy failures.
Timo Sirainen <tss@iki.fi>
parents:
8546
diff
changeset
|
64 if (client->proxy_password == NULL) |
2ff2cac3578b
imap/pop3-login: Cleaned up proxying code. Don't disconnect client on proxy failures.
Timo Sirainen <tss@iki.fi>
parents:
8546
diff
changeset
|
65 return; |
2ff2cac3578b
imap/pop3-login: Cleaned up proxying code. Don't disconnect client on proxy failures.
Timo Sirainen <tss@iki.fi>
parents:
8546
diff
changeset
|
66 |
8546
50f49805b13b
imap/pop3 proxy: Support master user logins.
Timo Sirainen <tss@iki.fi>
parents:
8123
diff
changeset
|
67 safe_memset(client->proxy_password, 0, strlen(client->proxy_password)); |
50f49805b13b
imap/pop3 proxy: Support master user logins.
Timo Sirainen <tss@iki.fi>
parents:
8123
diff
changeset
|
68 i_free_and_null(client->proxy_password); |
50f49805b13b
imap/pop3 proxy: Support master user logins.
Timo Sirainen <tss@iki.fi>
parents:
8123
diff
changeset
|
69 } |
50f49805b13b
imap/pop3 proxy: Support master user logins.
Timo Sirainen <tss@iki.fi>
parents:
8123
diff
changeset
|
70 |
8583
2ff2cac3578b
imap/pop3-login: Cleaned up proxying code. Don't disconnect client on proxy failures.
Timo Sirainen <tss@iki.fi>
parents:
8546
diff
changeset
|
71 static void proxy_failed(struct imap_client *client, bool send_tagline) |
2ff2cac3578b
imap/pop3-login: Cleaned up proxying code. Don't disconnect client on proxy failures.
Timo Sirainen <tss@iki.fi>
parents:
8546
diff
changeset
|
72 { |
2ff2cac3578b
imap/pop3-login: Cleaned up proxying code. Don't disconnect client on proxy failures.
Timo Sirainen <tss@iki.fi>
parents:
8546
diff
changeset
|
73 if (send_tagline) |
2ff2cac3578b
imap/pop3-login: Cleaned up proxying code. Don't disconnect client on proxy failures.
Timo Sirainen <tss@iki.fi>
parents:
8546
diff
changeset
|
74 client_send_tagline(client, PROXY_FAILURE_MSG); |
2ff2cac3578b
imap/pop3-login: Cleaned up proxying code. Don't disconnect client on proxy failures.
Timo Sirainen <tss@iki.fi>
parents:
8546
diff
changeset
|
75 |
2ff2cac3578b
imap/pop3-login: Cleaned up proxying code. Don't disconnect client on proxy failures.
Timo Sirainen <tss@iki.fi>
parents:
8546
diff
changeset
|
76 login_proxy_free(&client->proxy); |
2ff2cac3578b
imap/pop3-login: Cleaned up proxying code. Don't disconnect client on proxy failures.
Timo Sirainen <tss@iki.fi>
parents:
8546
diff
changeset
|
77 proxy_free_password(client); |
2ff2cac3578b
imap/pop3-login: Cleaned up proxying code. Don't disconnect client on proxy failures.
Timo Sirainen <tss@iki.fi>
parents:
8546
diff
changeset
|
78 i_free_and_null(client->proxy_user); |
2ff2cac3578b
imap/pop3-login: Cleaned up proxying code. Don't disconnect client on proxy failures.
Timo Sirainen <tss@iki.fi>
parents:
8546
diff
changeset
|
79 i_free_and_null(client->proxy_master_user); |
2ff2cac3578b
imap/pop3-login: Cleaned up proxying code. Don't disconnect client on proxy failures.
Timo Sirainen <tss@iki.fi>
parents:
8546
diff
changeset
|
80 |
2ff2cac3578b
imap/pop3-login: Cleaned up proxying code. Don't disconnect client on proxy failures.
Timo Sirainen <tss@iki.fi>
parents:
8546
diff
changeset
|
81 /* call this last - it may destroy the client */ |
2ff2cac3578b
imap/pop3-login: Cleaned up proxying code. Don't disconnect client on proxy failures.
Timo Sirainen <tss@iki.fi>
parents:
8546
diff
changeset
|
82 client_auth_failed(client, TRUE); |
2ff2cac3578b
imap/pop3-login: Cleaned up proxying code. Don't disconnect client on proxy failures.
Timo Sirainen <tss@iki.fi>
parents:
8546
diff
changeset
|
83 } |
2ff2cac3578b
imap/pop3-login: Cleaned up proxying code. Don't disconnect client on proxy failures.
Timo Sirainen <tss@iki.fi>
parents:
8546
diff
changeset
|
84 |
8546
50f49805b13b
imap/pop3 proxy: Support master user logins.
Timo Sirainen <tss@iki.fi>
parents:
8123
diff
changeset
|
85 static void get_plain_auth(struct imap_client *client, string_t *dest) |
50f49805b13b
imap/pop3 proxy: Support master user logins.
Timo Sirainen <tss@iki.fi>
parents:
8123
diff
changeset
|
86 { |
50f49805b13b
imap/pop3 proxy: Support master user logins.
Timo Sirainen <tss@iki.fi>
parents:
8123
diff
changeset
|
87 string_t *str; |
50f49805b13b
imap/pop3 proxy: Support master user logins.
Timo Sirainen <tss@iki.fi>
parents:
8123
diff
changeset
|
88 |
50f49805b13b
imap/pop3 proxy: Support master user logins.
Timo Sirainen <tss@iki.fi>
parents:
8123
diff
changeset
|
89 str = t_str_new(128); |
50f49805b13b
imap/pop3 proxy: Support master user logins.
Timo Sirainen <tss@iki.fi>
parents:
8123
diff
changeset
|
90 str_append(str, client->proxy_user); |
50f49805b13b
imap/pop3 proxy: Support master user logins.
Timo Sirainen <tss@iki.fi>
parents:
8123
diff
changeset
|
91 str_append_c(str, '\0'); |
50f49805b13b
imap/pop3 proxy: Support master user logins.
Timo Sirainen <tss@iki.fi>
parents:
8123
diff
changeset
|
92 str_append(str, client->proxy_master_user); |
50f49805b13b
imap/pop3 proxy: Support master user logins.
Timo Sirainen <tss@iki.fi>
parents:
8123
diff
changeset
|
93 str_append_c(str, '\0'); |
50f49805b13b
imap/pop3 proxy: Support master user logins.
Timo Sirainen <tss@iki.fi>
parents:
8123
diff
changeset
|
94 str_append(str, client->proxy_password); |
50f49805b13b
imap/pop3 proxy: Support master user logins.
Timo Sirainen <tss@iki.fi>
parents:
8123
diff
changeset
|
95 base64_encode(str_data(str), str_len(str), dest); |
50f49805b13b
imap/pop3 proxy: Support master user logins.
Timo Sirainen <tss@iki.fi>
parents:
8123
diff
changeset
|
96 } |
50f49805b13b
imap/pop3 proxy: Support master user logins.
Timo Sirainen <tss@iki.fi>
parents:
8123
diff
changeset
|
97 |
8979
f8404c0f14de
imap-proxy: Send backend's CAPABILITY if it's different from what was sent to client before.
Timo Sirainen <tss@iki.fi>
parents:
8978
diff
changeset
|
98 static bool str_array_icmp(const char *const *arr1, const char *const *arr2) |
f8404c0f14de
imap-proxy: Send backend's CAPABILITY if it's different from what was sent to client before.
Timo Sirainen <tss@iki.fi>
parents:
8978
diff
changeset
|
99 { |
f8404c0f14de
imap-proxy: Send backend's CAPABILITY if it's different from what was sent to client before.
Timo Sirainen <tss@iki.fi>
parents:
8978
diff
changeset
|
100 unsigned int i; |
f8404c0f14de
imap-proxy: Send backend's CAPABILITY if it's different from what was sent to client before.
Timo Sirainen <tss@iki.fi>
parents:
8978
diff
changeset
|
101 |
f8404c0f14de
imap-proxy: Send backend's CAPABILITY if it's different from what was sent to client before.
Timo Sirainen <tss@iki.fi>
parents:
8978
diff
changeset
|
102 for (i = 0; arr1[i] != NULL; i++) { |
f8404c0f14de
imap-proxy: Send backend's CAPABILITY if it's different from what was sent to client before.
Timo Sirainen <tss@iki.fi>
parents:
8978
diff
changeset
|
103 if (arr2[i] == NULL || strcasecmp(arr1[i], arr2[i]) != 0) |
f8404c0f14de
imap-proxy: Send backend's CAPABILITY if it's different from what was sent to client before.
Timo Sirainen <tss@iki.fi>
parents:
8978
diff
changeset
|
104 return FALSE; |
f8404c0f14de
imap-proxy: Send backend's CAPABILITY if it's different from what was sent to client before.
Timo Sirainen <tss@iki.fi>
parents:
8978
diff
changeset
|
105 } |
f8404c0f14de
imap-proxy: Send backend's CAPABILITY if it's different from what was sent to client before.
Timo Sirainen <tss@iki.fi>
parents:
8978
diff
changeset
|
106 return TRUE; |
f8404c0f14de
imap-proxy: Send backend's CAPABILITY if it's different from what was sent to client before.
Timo Sirainen <tss@iki.fi>
parents:
8978
diff
changeset
|
107 } |
f8404c0f14de
imap-proxy: Send backend's CAPABILITY if it's different from what was sent to client before.
Timo Sirainen <tss@iki.fi>
parents:
8978
diff
changeset
|
108 |
f8404c0f14de
imap-proxy: Send backend's CAPABILITY if it's different from what was sent to client before.
Timo Sirainen <tss@iki.fi>
parents:
8978
diff
changeset
|
109 static void |
f8404c0f14de
imap-proxy: Send backend's CAPABILITY if it's different from what was sent to client before.
Timo Sirainen <tss@iki.fi>
parents:
8978
diff
changeset
|
110 client_send_capability_if_needed(struct imap_client *client, string_t *str, |
f8404c0f14de
imap-proxy: Send backend's CAPABILITY if it's different from what was sent to client before.
Timo Sirainen <tss@iki.fi>
parents:
8978
diff
changeset
|
111 const char *capability) |
f8404c0f14de
imap-proxy: Send backend's CAPABILITY if it's different from what was sent to client before.
Timo Sirainen <tss@iki.fi>
parents:
8978
diff
changeset
|
112 { |
f8404c0f14de
imap-proxy: Send backend's CAPABILITY if it's different from what was sent to client before.
Timo Sirainen <tss@iki.fi>
parents:
8978
diff
changeset
|
113 const char *const *backend_capabilities; |
f8404c0f14de
imap-proxy: Send backend's CAPABILITY if it's different from what was sent to client before.
Timo Sirainen <tss@iki.fi>
parents:
8978
diff
changeset
|
114 const char *const *proxy_capabilities; |
f8404c0f14de
imap-proxy: Send backend's CAPABILITY if it's different from what was sent to client before.
Timo Sirainen <tss@iki.fi>
parents:
8978
diff
changeset
|
115 |
9142
5ee5def4f0ff
imap-login: Using CAPABILITY command after STARTTLS shouldn't trigger CAPABILITY pushing workaround.
Timo Sirainen <tss@iki.fi>
parents:
9128
diff
changeset
|
116 if (!client->client_ignores_capability_resp_code || capability == NULL) |
8979
f8404c0f14de
imap-proxy: Send backend's CAPABILITY if it's different from what was sent to client before.
Timo Sirainen <tss@iki.fi>
parents:
8978
diff
changeset
|
117 return; |
f8404c0f14de
imap-proxy: Send backend's CAPABILITY if it's different from what was sent to client before.
Timo Sirainen <tss@iki.fi>
parents:
8978
diff
changeset
|
118 |
f8404c0f14de
imap-proxy: Send backend's CAPABILITY if it's different from what was sent to client before.
Timo Sirainen <tss@iki.fi>
parents:
8978
diff
changeset
|
119 /* reset this so that we don't re-send the CAPABILITY in case server |
f8404c0f14de
imap-proxy: Send backend's CAPABILITY if it's different from what was sent to client before.
Timo Sirainen <tss@iki.fi>
parents:
8978
diff
changeset
|
120 sends it multiple times */ |
9142
5ee5def4f0ff
imap-login: Using CAPABILITY command after STARTTLS shouldn't trigger CAPABILITY pushing workaround.
Timo Sirainen <tss@iki.fi>
parents:
9128
diff
changeset
|
121 client->client_ignores_capability_resp_code = FALSE; |
8979
f8404c0f14de
imap-proxy: Send backend's CAPABILITY if it's different from what was sent to client before.
Timo Sirainen <tss@iki.fi>
parents:
8978
diff
changeset
|
122 |
f8404c0f14de
imap-proxy: Send backend's CAPABILITY if it's different from what was sent to client before.
Timo Sirainen <tss@iki.fi>
parents:
8978
diff
changeset
|
123 /* client has used CAPABILITY command, so it didn't understand the |
f8404c0f14de
imap-proxy: Send backend's CAPABILITY if it's different from what was sent to client before.
Timo Sirainen <tss@iki.fi>
parents:
8978
diff
changeset
|
124 capabilities in the banner. if backend server has different |
f8404c0f14de
imap-proxy: Send backend's CAPABILITY if it's different from what was sent to client before.
Timo Sirainen <tss@iki.fi>
parents:
8978
diff
changeset
|
125 capabilities than we advertised already, there's a problem. |
f8404c0f14de
imap-proxy: Send backend's CAPABILITY if it's different from what was sent to client before.
Timo Sirainen <tss@iki.fi>
parents:
8978
diff
changeset
|
126 to solve that we'll send the backend's untagged CAPABILITY reply |
f8404c0f14de
imap-proxy: Send backend's CAPABILITY if it's different from what was sent to client before.
Timo Sirainen <tss@iki.fi>
parents:
8978
diff
changeset
|
127 and hope that the client understands it */ |
f8404c0f14de
imap-proxy: Send backend's CAPABILITY if it's different from what was sent to client before.
Timo Sirainen <tss@iki.fi>
parents:
8978
diff
changeset
|
128 backend_capabilities = |
f8404c0f14de
imap-proxy: Send backend's CAPABILITY if it's different from what was sent to client before.
Timo Sirainen <tss@iki.fi>
parents:
8978
diff
changeset
|
129 capabilities_strip_prelogin(t_strsplit(capability, " ")); |
f8404c0f14de
imap-proxy: Send backend's CAPABILITY if it's different from what was sent to client before.
Timo Sirainen <tss@iki.fi>
parents:
8978
diff
changeset
|
130 proxy_capabilities = |
f8404c0f14de
imap-proxy: Send backend's CAPABILITY if it's different from what was sent to client before.
Timo Sirainen <tss@iki.fi>
parents:
8978
diff
changeset
|
131 capabilities_strip_prelogin(t_strsplit(capability_string, " ")); |
f8404c0f14de
imap-proxy: Send backend's CAPABILITY if it's different from what was sent to client before.
Timo Sirainen <tss@iki.fi>
parents:
8978
diff
changeset
|
132 |
f8404c0f14de
imap-proxy: Send backend's CAPABILITY if it's different from what was sent to client before.
Timo Sirainen <tss@iki.fi>
parents:
8978
diff
changeset
|
133 if (str_array_icmp(backend_capabilities, proxy_capabilities)) |
f8404c0f14de
imap-proxy: Send backend's CAPABILITY if it's different from what was sent to client before.
Timo Sirainen <tss@iki.fi>
parents:
8978
diff
changeset
|
134 return; |
f8404c0f14de
imap-proxy: Send backend's CAPABILITY if it's different from what was sent to client before.
Timo Sirainen <tss@iki.fi>
parents:
8978
diff
changeset
|
135 |
f8404c0f14de
imap-proxy: Send backend's CAPABILITY if it's different from what was sent to client before.
Timo Sirainen <tss@iki.fi>
parents:
8978
diff
changeset
|
136 str_printfa(str, "* CAPABILITY %s\r\n", capability); |
f8404c0f14de
imap-proxy: Send backend's CAPABILITY if it's different from what was sent to client before.
Timo Sirainen <tss@iki.fi>
parents:
8978
diff
changeset
|
137 } |
f8404c0f14de
imap-proxy: Send backend's CAPABILITY if it's different from what was sent to client before.
Timo Sirainen <tss@iki.fi>
parents:
8978
diff
changeset
|
138 |
8985
f43bebab3dac
imap/pop3 proxy: Support SSL/TLS connections to remote servers.
Timo Sirainen <tss@iki.fi>
parents:
8979
diff
changeset
|
139 static void proxy_write_login(struct imap_client *client, string_t *str) |
f43bebab3dac
imap/pop3 proxy: Support SSL/TLS connections to remote servers.
Timo Sirainen <tss@iki.fi>
parents:
8979
diff
changeset
|
140 { |
9142
5ee5def4f0ff
imap-login: Using CAPABILITY command after STARTTLS shouldn't trigger CAPABILITY pushing workaround.
Timo Sirainen <tss@iki.fi>
parents:
9128
diff
changeset
|
141 if (client->client_ignores_capability_resp_code) |
8985
f43bebab3dac
imap/pop3 proxy: Support SSL/TLS connections to remote servers.
Timo Sirainen <tss@iki.fi>
parents:
8979
diff
changeset
|
142 str_append(str, "C CAPABILITY\r\n"); |
f43bebab3dac
imap/pop3 proxy: Support SSL/TLS connections to remote servers.
Timo Sirainen <tss@iki.fi>
parents:
8979
diff
changeset
|
143 |
f43bebab3dac
imap/pop3 proxy: Support SSL/TLS connections to remote servers.
Timo Sirainen <tss@iki.fi>
parents:
8979
diff
changeset
|
144 if (client->proxy_master_user == NULL) { |
f43bebab3dac
imap/pop3 proxy: Support SSL/TLS connections to remote servers.
Timo Sirainen <tss@iki.fi>
parents:
8979
diff
changeset
|
145 /* logging in normally - use LOGIN command */ |
f43bebab3dac
imap/pop3 proxy: Support SSL/TLS connections to remote servers.
Timo Sirainen <tss@iki.fi>
parents:
8979
diff
changeset
|
146 str_append(str, "L LOGIN "); |
f43bebab3dac
imap/pop3 proxy: Support SSL/TLS connections to remote servers.
Timo Sirainen <tss@iki.fi>
parents:
8979
diff
changeset
|
147 imap_quote_append_string(str, client->proxy_user, FALSE); |
f43bebab3dac
imap/pop3 proxy: Support SSL/TLS connections to remote servers.
Timo Sirainen <tss@iki.fi>
parents:
8979
diff
changeset
|
148 str_append_c(str, ' '); |
f43bebab3dac
imap/pop3 proxy: Support SSL/TLS connections to remote servers.
Timo Sirainen <tss@iki.fi>
parents:
8979
diff
changeset
|
149 imap_quote_append_string(str, client->proxy_password, FALSE); |
f43bebab3dac
imap/pop3 proxy: Support SSL/TLS connections to remote servers.
Timo Sirainen <tss@iki.fi>
parents:
8979
diff
changeset
|
150 |
f43bebab3dac
imap/pop3 proxy: Support SSL/TLS connections to remote servers.
Timo Sirainen <tss@iki.fi>
parents:
8979
diff
changeset
|
151 proxy_free_password(client); |
f43bebab3dac
imap/pop3 proxy: Support SSL/TLS connections to remote servers.
Timo Sirainen <tss@iki.fi>
parents:
8979
diff
changeset
|
152 } else if (client->proxy_sasl_ir) { |
f43bebab3dac
imap/pop3 proxy: Support SSL/TLS connections to remote servers.
Timo Sirainen <tss@iki.fi>
parents:
8979
diff
changeset
|
153 /* master user login with SASL initial response support */ |
f43bebab3dac
imap/pop3 proxy: Support SSL/TLS connections to remote servers.
Timo Sirainen <tss@iki.fi>
parents:
8979
diff
changeset
|
154 str_append(str, "L AUTHENTICATE PLAIN "); |
f43bebab3dac
imap/pop3 proxy: Support SSL/TLS connections to remote servers.
Timo Sirainen <tss@iki.fi>
parents:
8979
diff
changeset
|
155 get_plain_auth(client, str); |
f43bebab3dac
imap/pop3 proxy: Support SSL/TLS connections to remote servers.
Timo Sirainen <tss@iki.fi>
parents:
8979
diff
changeset
|
156 proxy_free_password(client); |
f43bebab3dac
imap/pop3 proxy: Support SSL/TLS connections to remote servers.
Timo Sirainen <tss@iki.fi>
parents:
8979
diff
changeset
|
157 } else { |
f43bebab3dac
imap/pop3 proxy: Support SSL/TLS connections to remote servers.
Timo Sirainen <tss@iki.fi>
parents:
8979
diff
changeset
|
158 /* master user login without SASL initial response */ |
f43bebab3dac
imap/pop3 proxy: Support SSL/TLS connections to remote servers.
Timo Sirainen <tss@iki.fi>
parents:
8979
diff
changeset
|
159 str_append(str, "L AUTHENTICATE PLAIN"); |
f43bebab3dac
imap/pop3 proxy: Support SSL/TLS connections to remote servers.
Timo Sirainen <tss@iki.fi>
parents:
8979
diff
changeset
|
160 } |
f43bebab3dac
imap/pop3 proxy: Support SSL/TLS connections to remote servers.
Timo Sirainen <tss@iki.fi>
parents:
8979
diff
changeset
|
161 str_append(str, "\r\n"); |
f43bebab3dac
imap/pop3 proxy: Support SSL/TLS connections to remote servers.
Timo Sirainen <tss@iki.fi>
parents:
8979
diff
changeset
|
162 } |
f43bebab3dac
imap/pop3 proxy: Support SSL/TLS connections to remote servers.
Timo Sirainen <tss@iki.fi>
parents:
8979
diff
changeset
|
163 |
8546
50f49805b13b
imap/pop3 proxy: Support master user logins.
Timo Sirainen <tss@iki.fi>
parents:
8123
diff
changeset
|
164 static int proxy_input_banner(struct imap_client *client, |
50f49805b13b
imap/pop3 proxy: Support master user logins.
Timo Sirainen <tss@iki.fi>
parents:
8123
diff
changeset
|
165 struct ostream *output, const char *line) |
50f49805b13b
imap/pop3 proxy: Support master user logins.
Timo Sirainen <tss@iki.fi>
parents:
8123
diff
changeset
|
166 { |
8985
f43bebab3dac
imap/pop3 proxy: Support SSL/TLS connections to remote servers.
Timo Sirainen <tss@iki.fi>
parents:
8979
diff
changeset
|
167 enum login_proxy_ssl_flags ssl_flags; |
8979
f8404c0f14de
imap-proxy: Send backend's CAPABILITY if it's different from what was sent to client before.
Timo Sirainen <tss@iki.fi>
parents:
8978
diff
changeset
|
168 const char *const *capabilities = NULL; |
8546
50f49805b13b
imap/pop3 proxy: Support master user logins.
Timo Sirainen <tss@iki.fi>
parents:
8123
diff
changeset
|
169 string_t *str; |
50f49805b13b
imap/pop3 proxy: Support master user logins.
Timo Sirainen <tss@iki.fi>
parents:
8123
diff
changeset
|
170 |
50f49805b13b
imap/pop3 proxy: Support master user logins.
Timo Sirainen <tss@iki.fi>
parents:
8123
diff
changeset
|
171 if (strncmp(line, "* OK ", 5) != 0) { |
8583
2ff2cac3578b
imap/pop3-login: Cleaned up proxying code. Don't disconnect client on proxy failures.
Timo Sirainen <tss@iki.fi>
parents:
8546
diff
changeset
|
172 client_syslog_err(&client->common, t_strdup_printf( |
8546
50f49805b13b
imap/pop3 proxy: Support master user logins.
Timo Sirainen <tss@iki.fi>
parents:
8123
diff
changeset
|
173 "proxy: Remote returned invalid banner: %s", |
50f49805b13b
imap/pop3 proxy: Support master user logins.
Timo Sirainen <tss@iki.fi>
parents:
8123
diff
changeset
|
174 str_sanitize(line, 160))); |
50f49805b13b
imap/pop3 proxy: Support master user logins.
Timo Sirainen <tss@iki.fi>
parents:
8123
diff
changeset
|
175 return -1; |
50f49805b13b
imap/pop3 proxy: Support master user logins.
Timo Sirainen <tss@iki.fi>
parents:
8123
diff
changeset
|
176 } |
50f49805b13b
imap/pop3 proxy: Support master user logins.
Timo Sirainen <tss@iki.fi>
parents:
8123
diff
changeset
|
177 |
50f49805b13b
imap/pop3 proxy: Support master user logins.
Timo Sirainen <tss@iki.fi>
parents:
8123
diff
changeset
|
178 str = t_str_new(128); |
8978
2e3baa171e20
imap-proxy: Don't break ID capability check if it's the last capability.
Timo Sirainen <tss@iki.fi>
parents:
8926
diff
changeset
|
179 if (strncmp(line + 5, "[CAPABILITY ", 12) == 0) { |
8979
f8404c0f14de
imap-proxy: Send backend's CAPABILITY if it's different from what was sent to client before.
Timo Sirainen <tss@iki.fi>
parents:
8978
diff
changeset
|
180 capabilities = t_strsplit(t_strcut(line + 5 + 12, ']'), " "); |
f8404c0f14de
imap-proxy: Send backend's CAPABILITY if it's different from what was sent to client before.
Timo Sirainen <tss@iki.fi>
parents:
8978
diff
changeset
|
181 if (str_array_icase_find(capabilities, "ID")) |
8978
2e3baa171e20
imap-proxy: Don't break ID capability check if it's the last capability.
Timo Sirainen <tss@iki.fi>
parents:
8926
diff
changeset
|
182 proxy_write_id(client, str); |
8985
f43bebab3dac
imap/pop3 proxy: Support SSL/TLS connections to remote servers.
Timo Sirainen <tss@iki.fi>
parents:
8979
diff
changeset
|
183 if (str_array_icase_find(capabilities, "SASL-IR")) |
f43bebab3dac
imap/pop3 proxy: Support SSL/TLS connections to remote servers.
Timo Sirainen <tss@iki.fi>
parents:
8979
diff
changeset
|
184 client->proxy_sasl_ir = TRUE; |
8978
2e3baa171e20
imap-proxy: Don't break ID capability check if it's the last capability.
Timo Sirainen <tss@iki.fi>
parents:
8926
diff
changeset
|
185 } |
8546
50f49805b13b
imap/pop3 proxy: Support master user logins.
Timo Sirainen <tss@iki.fi>
parents:
8123
diff
changeset
|
186 |
8985
f43bebab3dac
imap/pop3 proxy: Support SSL/TLS connections to remote servers.
Timo Sirainen <tss@iki.fi>
parents:
8979
diff
changeset
|
187 ssl_flags = login_proxy_get_ssl_flags(client->proxy); |
f43bebab3dac
imap/pop3 proxy: Support SSL/TLS connections to remote servers.
Timo Sirainen <tss@iki.fi>
parents:
8979
diff
changeset
|
188 if ((ssl_flags & PROXY_SSL_FLAG_STARTTLS) != 0) { |
f43bebab3dac
imap/pop3 proxy: Support SSL/TLS connections to remote servers.
Timo Sirainen <tss@iki.fi>
parents:
8979
diff
changeset
|
189 if (capabilities != NULL && |
f43bebab3dac
imap/pop3 proxy: Support SSL/TLS connections to remote servers.
Timo Sirainen <tss@iki.fi>
parents:
8979
diff
changeset
|
190 !str_array_icase_find(capabilities, "STARTTLS")) { |
f43bebab3dac
imap/pop3 proxy: Support SSL/TLS connections to remote servers.
Timo Sirainen <tss@iki.fi>
parents:
8979
diff
changeset
|
191 client_syslog_err(&client->common, |
f43bebab3dac
imap/pop3 proxy: Support SSL/TLS connections to remote servers.
Timo Sirainen <tss@iki.fi>
parents:
8979
diff
changeset
|
192 "proxy: Remote doesn't support STARTTLS"); |
f43bebab3dac
imap/pop3 proxy: Support SSL/TLS connections to remote servers.
Timo Sirainen <tss@iki.fi>
parents:
8979
diff
changeset
|
193 return -1; |
f43bebab3dac
imap/pop3 proxy: Support SSL/TLS connections to remote servers.
Timo Sirainen <tss@iki.fi>
parents:
8979
diff
changeset
|
194 } |
f43bebab3dac
imap/pop3 proxy: Support SSL/TLS connections to remote servers.
Timo Sirainen <tss@iki.fi>
parents:
8979
diff
changeset
|
195 str_append(str, "S STARTTLS\r\n"); |
8546
50f49805b13b
imap/pop3 proxy: Support master user logins.
Timo Sirainen <tss@iki.fi>
parents:
8123
diff
changeset
|
196 } else { |
8985
f43bebab3dac
imap/pop3 proxy: Support SSL/TLS connections to remote servers.
Timo Sirainen <tss@iki.fi>
parents:
8979
diff
changeset
|
197 proxy_write_login(client, str); |
8546
50f49805b13b
imap/pop3 proxy: Support master user logins.
Timo Sirainen <tss@iki.fi>
parents:
8123
diff
changeset
|
198 } |
8985
f43bebab3dac
imap/pop3 proxy: Support SSL/TLS connections to remote servers.
Timo Sirainen <tss@iki.fi>
parents:
8979
diff
changeset
|
199 |
8546
50f49805b13b
imap/pop3 proxy: Support master user logins.
Timo Sirainen <tss@iki.fi>
parents:
8123
diff
changeset
|
200 (void)o_stream_send(output, str_data(str), str_len(str)); |
50f49805b13b
imap/pop3 proxy: Support master user logins.
Timo Sirainen <tss@iki.fi>
parents:
8123
diff
changeset
|
201 return 0; |
50f49805b13b
imap/pop3 proxy: Support master user logins.
Timo Sirainen <tss@iki.fi>
parents:
8123
diff
changeset
|
202 } |
50f49805b13b
imap/pop3 proxy: Support master user logins.
Timo Sirainen <tss@iki.fi>
parents:
8123
diff
changeset
|
203 |
8985
f43bebab3dac
imap/pop3 proxy: Support SSL/TLS connections to remote servers.
Timo Sirainen <tss@iki.fi>
parents:
8979
diff
changeset
|
204 static int proxy_input_line(struct imap_client *client, const char *line) |
2773
e624a9ad6a30
More smart IMAP and POP3 proxies. Now if remote login fails, it just
Timo Sirainen <tss@iki.fi>
parents:
2768
diff
changeset
|
205 { |
8985
f43bebab3dac
imap/pop3 proxy: Support SSL/TLS connections to remote servers.
Timo Sirainen <tss@iki.fi>
parents:
8979
diff
changeset
|
206 struct ostream *output; |
8979
f8404c0f14de
imap-proxy: Send backend's CAPABILITY if it's different from what was sent to client before.
Timo Sirainen <tss@iki.fi>
parents:
8978
diff
changeset
|
207 const char *capability; |
2773
e624a9ad6a30
More smart IMAP and POP3 proxies. Now if remote login fails, it just
Timo Sirainen <tss@iki.fi>
parents:
2768
diff
changeset
|
208 string_t *str; |
e624a9ad6a30
More smart IMAP and POP3 proxies. Now if remote login fails, it just
Timo Sirainen <tss@iki.fi>
parents:
2768
diff
changeset
|
209 |
4770
88c29111fcee
Crashfixes and more asserts. Mostly related to use of AUTHENTICATE/AUTH
Timo Sirainen <tss@iki.fi>
parents:
4768
diff
changeset
|
210 i_assert(!client->destroyed); |
4768
4e99f8e7e9bd
If client disconnects before logging into remote server is complete, don't
Timo Sirainen <tss@iki.fi>
parents:
4669
diff
changeset
|
211 |
8985
f43bebab3dac
imap/pop3 proxy: Support SSL/TLS connections to remote servers.
Timo Sirainen <tss@iki.fi>
parents:
8979
diff
changeset
|
212 output = login_proxy_get_ostream(client->proxy); |
f43bebab3dac
imap/pop3 proxy: Support SSL/TLS connections to remote servers.
Timo Sirainen <tss@iki.fi>
parents:
8979
diff
changeset
|
213 if (!client->proxy_seen_banner) { |
2773
e624a9ad6a30
More smart IMAP and POP3 proxies. Now if remote login fails, it just
Timo Sirainen <tss@iki.fi>
parents:
2768
diff
changeset
|
214 /* this is a banner */ |
8985
f43bebab3dac
imap/pop3 proxy: Support SSL/TLS connections to remote servers.
Timo Sirainen <tss@iki.fi>
parents:
8979
diff
changeset
|
215 client->proxy_seen_banner = TRUE; |
8583
2ff2cac3578b
imap/pop3-login: Cleaned up proxying code. Don't disconnect client on proxy failures.
Timo Sirainen <tss@iki.fi>
parents:
8546
diff
changeset
|
216 if (proxy_input_banner(client, output, line) < 0) { |
2ff2cac3578b
imap/pop3-login: Cleaned up proxying code. Don't disconnect client on proxy failures.
Timo Sirainen <tss@iki.fi>
parents:
8546
diff
changeset
|
217 proxy_failed(client, TRUE); |
2ff2cac3578b
imap/pop3-login: Cleaned up proxying code. Don't disconnect client on proxy failures.
Timo Sirainen <tss@iki.fi>
parents:
8546
diff
changeset
|
218 return -1; |
2ff2cac3578b
imap/pop3-login: Cleaned up proxying code. Don't disconnect client on proxy failures.
Timo Sirainen <tss@iki.fi>
parents:
8546
diff
changeset
|
219 } |
2ff2cac3578b
imap/pop3-login: Cleaned up proxying code. Don't disconnect client on proxy failures.
Timo Sirainen <tss@iki.fi>
parents:
8546
diff
changeset
|
220 return 0; |
8546
50f49805b13b
imap/pop3 proxy: Support master user logins.
Timo Sirainen <tss@iki.fi>
parents:
8123
diff
changeset
|
221 } else if (*line == '+') { |
50f49805b13b
imap/pop3 proxy: Support master user logins.
Timo Sirainen <tss@iki.fi>
parents:
8123
diff
changeset
|
222 /* AUTHENTICATE started. finish it. */ |
7920
3644883cf44e
Support transferring original IPs and ports through IMAP proxies.
Timo Sirainen <tss@iki.fi>
parents:
7454
diff
changeset
|
223 str = t_str_new(128); |
8546
50f49805b13b
imap/pop3 proxy: Support master user logins.
Timo Sirainen <tss@iki.fi>
parents:
8123
diff
changeset
|
224 get_plain_auth(client, str); |
50f49805b13b
imap/pop3 proxy: Support master user logins.
Timo Sirainen <tss@iki.fi>
parents:
8123
diff
changeset
|
225 str_append(str, "\r\n"); |
50f49805b13b
imap/pop3 proxy: Support master user logins.
Timo Sirainen <tss@iki.fi>
parents:
8123
diff
changeset
|
226 proxy_free_password(client); |
7920
3644883cf44e
Support transferring original IPs and ports through IMAP proxies.
Timo Sirainen <tss@iki.fi>
parents:
7454
diff
changeset
|
227 |
2773
e624a9ad6a30
More smart IMAP and POP3 proxies. Now if remote login fails, it just
Timo Sirainen <tss@iki.fi>
parents:
2768
diff
changeset
|
228 (void)o_stream_send(output, str_data(str), str_len(str)); |
e624a9ad6a30
More smart IMAP and POP3 proxies. Now if remote login fails, it just
Timo Sirainen <tss@iki.fi>
parents:
2768
diff
changeset
|
229 return 0; |
8985
f43bebab3dac
imap/pop3 proxy: Support SSL/TLS connections to remote servers.
Timo Sirainen <tss@iki.fi>
parents:
8979
diff
changeset
|
230 } else if (strncmp(line, "S ", 2) == 0) { |
f43bebab3dac
imap/pop3 proxy: Support SSL/TLS connections to remote servers.
Timo Sirainen <tss@iki.fi>
parents:
8979
diff
changeset
|
231 if (strncmp(line, "S OK ", 5) != 0) { |
f43bebab3dac
imap/pop3 proxy: Support SSL/TLS connections to remote servers.
Timo Sirainen <tss@iki.fi>
parents:
8979
diff
changeset
|
232 /* STARTTLS failed */ |
f43bebab3dac
imap/pop3 proxy: Support SSL/TLS connections to remote servers.
Timo Sirainen <tss@iki.fi>
parents:
8979
diff
changeset
|
233 client_syslog_err(&client->common, t_strdup_printf( |
f43bebab3dac
imap/pop3 proxy: Support SSL/TLS connections to remote servers.
Timo Sirainen <tss@iki.fi>
parents:
8979
diff
changeset
|
234 "proxy: Remote STARTTLS failed: %s", |
f43bebab3dac
imap/pop3 proxy: Support SSL/TLS connections to remote servers.
Timo Sirainen <tss@iki.fi>
parents:
8979
diff
changeset
|
235 str_sanitize(line + 5, 160))); |
f43bebab3dac
imap/pop3 proxy: Support SSL/TLS connections to remote servers.
Timo Sirainen <tss@iki.fi>
parents:
8979
diff
changeset
|
236 proxy_failed(client, TRUE); |
f43bebab3dac
imap/pop3 proxy: Support SSL/TLS connections to remote servers.
Timo Sirainen <tss@iki.fi>
parents:
8979
diff
changeset
|
237 return -1; |
f43bebab3dac
imap/pop3 proxy: Support SSL/TLS connections to remote servers.
Timo Sirainen <tss@iki.fi>
parents:
8979
diff
changeset
|
238 } |
f43bebab3dac
imap/pop3 proxy: Support SSL/TLS connections to remote servers.
Timo Sirainen <tss@iki.fi>
parents:
8979
diff
changeset
|
239 /* STARTTLS successful, begin TLS negotiation. */ |
f43bebab3dac
imap/pop3 proxy: Support SSL/TLS connections to remote servers.
Timo Sirainen <tss@iki.fi>
parents:
8979
diff
changeset
|
240 if (login_proxy_starttls(client->proxy) < 0) { |
f43bebab3dac
imap/pop3 proxy: Support SSL/TLS connections to remote servers.
Timo Sirainen <tss@iki.fi>
parents:
8979
diff
changeset
|
241 proxy_failed(client, TRUE); |
f43bebab3dac
imap/pop3 proxy: Support SSL/TLS connections to remote servers.
Timo Sirainen <tss@iki.fi>
parents:
8979
diff
changeset
|
242 return -1; |
f43bebab3dac
imap/pop3 proxy: Support SSL/TLS connections to remote servers.
Timo Sirainen <tss@iki.fi>
parents:
8979
diff
changeset
|
243 } |
f43bebab3dac
imap/pop3 proxy: Support SSL/TLS connections to remote servers.
Timo Sirainen <tss@iki.fi>
parents:
8979
diff
changeset
|
244 /* i/ostreams changed. */ |
f43bebab3dac
imap/pop3 proxy: Support SSL/TLS connections to remote servers.
Timo Sirainen <tss@iki.fi>
parents:
8979
diff
changeset
|
245 output = login_proxy_get_ostream(client->proxy); |
f43bebab3dac
imap/pop3 proxy: Support SSL/TLS connections to remote servers.
Timo Sirainen <tss@iki.fi>
parents:
8979
diff
changeset
|
246 str = t_str_new(128); |
f43bebab3dac
imap/pop3 proxy: Support SSL/TLS connections to remote servers.
Timo Sirainen <tss@iki.fi>
parents:
8979
diff
changeset
|
247 proxy_write_login(client, str); |
f43bebab3dac
imap/pop3 proxy: Support SSL/TLS connections to remote servers.
Timo Sirainen <tss@iki.fi>
parents:
8979
diff
changeset
|
248 (void)o_stream_send(output, str_data(str), str_len(str)); |
f43bebab3dac
imap/pop3 proxy: Support SSL/TLS connections to remote servers.
Timo Sirainen <tss@iki.fi>
parents:
8979
diff
changeset
|
249 return 1; |
8546
50f49805b13b
imap/pop3 proxy: Support master user logins.
Timo Sirainen <tss@iki.fi>
parents:
8123
diff
changeset
|
250 } else if (strncmp(line, "L OK ", 5) == 0) { |
2773
e624a9ad6a30
More smart IMAP and POP3 proxies. Now if remote login fails, it just
Timo Sirainen <tss@iki.fi>
parents:
2768
diff
changeset
|
251 /* Login successful. Send this line to client. */ |
8979
f8404c0f14de
imap-proxy: Send backend's CAPABILITY if it's different from what was sent to client before.
Timo Sirainen <tss@iki.fi>
parents:
8978
diff
changeset
|
252 capability = client->proxy_backend_capability; |
f8404c0f14de
imap-proxy: Send backend's CAPABILITY if it's different from what was sent to client before.
Timo Sirainen <tss@iki.fi>
parents:
8978
diff
changeset
|
253 if (strncmp(line + 5, "[CAPABILITY ", 12) == 0) |
f8404c0f14de
imap-proxy: Send backend's CAPABILITY if it's different from what was sent to client before.
Timo Sirainen <tss@iki.fi>
parents:
8978
diff
changeset
|
254 capability = t_strcut(line + 5 + 12, ']'); |
f8404c0f14de
imap-proxy: Send backend's CAPABILITY if it's different from what was sent to client before.
Timo Sirainen <tss@iki.fi>
parents:
8978
diff
changeset
|
255 |
7454
053ec63146cb
Send the success reply in one write. Based on patch by Onno Molenkamp.
Timo Sirainen <tss@iki.fi>
parents:
7438
diff
changeset
|
256 str = t_str_new(128); |
8979
f8404c0f14de
imap-proxy: Send backend's CAPABILITY if it's different from what was sent to client before.
Timo Sirainen <tss@iki.fi>
parents:
8978
diff
changeset
|
257 client_send_capability_if_needed(client, str, capability); |
7454
053ec63146cb
Send the success reply in one write. Based on patch by Onno Molenkamp.
Timo Sirainen <tss@iki.fi>
parents:
7438
diff
changeset
|
258 str_append(str, client->cmd_tag); |
053ec63146cb
Send the success reply in one write. Based on patch by Onno Molenkamp.
Timo Sirainen <tss@iki.fi>
parents:
7438
diff
changeset
|
259 str_append(str, line + 1); |
053ec63146cb
Send the success reply in one write. Based on patch by Onno Molenkamp.
Timo Sirainen <tss@iki.fi>
parents:
7438
diff
changeset
|
260 str_append(str, "\r\n"); |
053ec63146cb
Send the success reply in one write. Based on patch by Onno Molenkamp.
Timo Sirainen <tss@iki.fi>
parents:
7438
diff
changeset
|
261 (void)o_stream_send(client->output, |
053ec63146cb
Send the success reply in one write. Based on patch by Onno Molenkamp.
Timo Sirainen <tss@iki.fi>
parents:
7438
diff
changeset
|
262 str_data(str), str_len(str)); |
2773
e624a9ad6a30
More smart IMAP and POP3 proxies. Now if remote login fails, it just
Timo Sirainen <tss@iki.fi>
parents:
2768
diff
changeset
|
263 |
8097
4d6cc7bb3426
Proxy: Log destuser in the "proxying" line if it's different from username.
Timo Sirainen <tss@iki.fi>
parents:
7927
diff
changeset
|
264 str_truncate(str, 0); |
4d6cc7bb3426
Proxy: Log destuser in the "proxying" line if it's different from username.
Timo Sirainen <tss@iki.fi>
parents:
7927
diff
changeset
|
265 str_printfa(str, "proxy(%s): started proxying to %s:%u", |
4d6cc7bb3426
Proxy: Log destuser in the "proxying" line if it's different from username.
Timo Sirainen <tss@iki.fi>
parents:
7927
diff
changeset
|
266 client->common.virtual_user, |
4d6cc7bb3426
Proxy: Log destuser in the "proxying" line if it's different from username.
Timo Sirainen <tss@iki.fi>
parents:
7927
diff
changeset
|
267 login_proxy_get_host(client->proxy), |
4d6cc7bb3426
Proxy: Log destuser in the "proxying" line if it's different from username.
Timo Sirainen <tss@iki.fi>
parents:
7927
diff
changeset
|
268 login_proxy_get_port(client->proxy)); |
4d6cc7bb3426
Proxy: Log destuser in the "proxying" line if it's different from username.
Timo Sirainen <tss@iki.fi>
parents:
7927
diff
changeset
|
269 if (strcmp(client->common.virtual_user, |
4d6cc7bb3426
Proxy: Log destuser in the "proxying" line if it's different from username.
Timo Sirainen <tss@iki.fi>
parents:
7927
diff
changeset
|
270 client->proxy_user) != 0) { |
4d6cc7bb3426
Proxy: Log destuser in the "proxying" line if it's different from username.
Timo Sirainen <tss@iki.fi>
parents:
7927
diff
changeset
|
271 /* remote username is different, log it */ |
4d6cc7bb3426
Proxy: Log destuser in the "proxying" line if it's different from username.
Timo Sirainen <tss@iki.fi>
parents:
7927
diff
changeset
|
272 str_append_c(str, '/'); |
4d6cc7bb3426
Proxy: Log destuser in the "proxying" line if it's different from username.
Timo Sirainen <tss@iki.fi>
parents:
7927
diff
changeset
|
273 str_append(str, client->proxy_user); |
4d6cc7bb3426
Proxy: Log destuser in the "proxying" line if it's different from username.
Timo Sirainen <tss@iki.fi>
parents:
7927
diff
changeset
|
274 } |
8546
50f49805b13b
imap/pop3 proxy: Support master user logins.
Timo Sirainen <tss@iki.fi>
parents:
8123
diff
changeset
|
275 if (client->proxy_master_user != NULL) { |
50f49805b13b
imap/pop3 proxy: Support master user logins.
Timo Sirainen <tss@iki.fi>
parents:
8123
diff
changeset
|
276 str_printfa(str, " (master %s)", |
50f49805b13b
imap/pop3 proxy: Support master user logins.
Timo Sirainen <tss@iki.fi>
parents:
8123
diff
changeset
|
277 client->proxy_master_user); |
50f49805b13b
imap/pop3 proxy: Support master user logins.
Timo Sirainen <tss@iki.fi>
parents:
8123
diff
changeset
|
278 } |
5046
f2cc68a3a198
Log the proxy destination host:port.
Timo Sirainen <tss@iki.fi>
parents:
4907
diff
changeset
|
279 |
2787 | 280 (void)client_skip_line(client); |
7927
2351a81ce699
If commands are pipelined after the login command, pass them to the
Timo Sirainen <tss@iki.fi>
parents:
7921
diff
changeset
|
281 login_proxy_detach(client->proxy, client->common.input, |
2773
e624a9ad6a30
More smart IMAP and POP3 proxies. Now if remote login fails, it just
Timo Sirainen <tss@iki.fi>
parents:
2768
diff
changeset
|
282 client->output); |
e624a9ad6a30
More smart IMAP and POP3 proxies. Now if remote login fails, it just
Timo Sirainen <tss@iki.fi>
parents:
2768
diff
changeset
|
283 |
e624a9ad6a30
More smart IMAP and POP3 proxies. Now if remote login fails, it just
Timo Sirainen <tss@iki.fi>
parents:
2768
diff
changeset
|
284 client->proxy = NULL; |
7927
2351a81ce699
If commands are pipelined after the login command, pass them to the
Timo Sirainen <tss@iki.fi>
parents:
7921
diff
changeset
|
285 client->common.input = NULL; |
2773
e624a9ad6a30
More smart IMAP and POP3 proxies. Now if remote login fails, it just
Timo Sirainen <tss@iki.fi>
parents:
2768
diff
changeset
|
286 client->output = NULL; |
e624a9ad6a30
More smart IMAP and POP3 proxies. Now if remote login fails, it just
Timo Sirainen <tss@iki.fi>
parents:
2768
diff
changeset
|
287 client->common.fd = -1; |
8097
4d6cc7bb3426
Proxy: Log destuser in the "proxying" line if it's different from username.
Timo Sirainen <tss@iki.fi>
parents:
7927
diff
changeset
|
288 client_destroy_success(client, str_c(str)); |
8774 | 289 return 1; |
8546
50f49805b13b
imap/pop3 proxy: Support master user logins.
Timo Sirainen <tss@iki.fi>
parents:
8123
diff
changeset
|
290 } else if (strncmp(line, "L ", 2) == 0) { |
8926
415089905616
imap-login: Use [resp-codes] to figure out when to replace remote's auth failed message with ours.
Timo Sirainen <tss@iki.fi>
parents:
8774
diff
changeset
|
291 line += 2; |
8123
26b67708b365
imap/pop3-proxy: If auth_verbose=yes, log proxy login failures.
Timo Sirainen <tss@iki.fi>
parents:
8097
diff
changeset
|
292 if (verbose_auth) { |
26b67708b365
imap/pop3-proxy: If auth_verbose=yes, log proxy login failures.
Timo Sirainen <tss@iki.fi>
parents:
8097
diff
changeset
|
293 str = t_str_new(128); |
26b67708b365
imap/pop3-proxy: If auth_verbose=yes, log proxy login failures.
Timo Sirainen <tss@iki.fi>
parents:
8097
diff
changeset
|
294 str_printfa(str, "proxy(%s): Login failed to %s:%u", |
26b67708b365
imap/pop3-proxy: If auth_verbose=yes, log proxy login failures.
Timo Sirainen <tss@iki.fi>
parents:
8097
diff
changeset
|
295 client->common.virtual_user, |
26b67708b365
imap/pop3-proxy: If auth_verbose=yes, log proxy login failures.
Timo Sirainen <tss@iki.fi>
parents:
8097
diff
changeset
|
296 login_proxy_get_host(client->proxy), |
26b67708b365
imap/pop3-proxy: If auth_verbose=yes, log proxy login failures.
Timo Sirainen <tss@iki.fi>
parents:
8097
diff
changeset
|
297 login_proxy_get_port(client->proxy)); |
26b67708b365
imap/pop3-proxy: If auth_verbose=yes, log proxy login failures.
Timo Sirainen <tss@iki.fi>
parents:
8097
diff
changeset
|
298 if (strcmp(client->common.virtual_user, |
26b67708b365
imap/pop3-proxy: If auth_verbose=yes, log proxy login failures.
Timo Sirainen <tss@iki.fi>
parents:
8097
diff
changeset
|
299 client->proxy_user) != 0) { |
26b67708b365
imap/pop3-proxy: If auth_verbose=yes, log proxy login failures.
Timo Sirainen <tss@iki.fi>
parents:
8097
diff
changeset
|
300 /* remote username is different, log it */ |
26b67708b365
imap/pop3-proxy: If auth_verbose=yes, log proxy login failures.
Timo Sirainen <tss@iki.fi>
parents:
8097
diff
changeset
|
301 str_append_c(str, '/'); |
26b67708b365
imap/pop3-proxy: If auth_verbose=yes, log proxy login failures.
Timo Sirainen <tss@iki.fi>
parents:
8097
diff
changeset
|
302 str_append(str, client->proxy_user); |
26b67708b365
imap/pop3-proxy: If auth_verbose=yes, log proxy login failures.
Timo Sirainen <tss@iki.fi>
parents:
8097
diff
changeset
|
303 } |
8546
50f49805b13b
imap/pop3 proxy: Support master user logins.
Timo Sirainen <tss@iki.fi>
parents:
8123
diff
changeset
|
304 if (client->proxy_master_user != NULL) { |
50f49805b13b
imap/pop3 proxy: Support master user logins.
Timo Sirainen <tss@iki.fi>
parents:
8123
diff
changeset
|
305 str_printfa(str, " (master %s)", |
50f49805b13b
imap/pop3 proxy: Support master user logins.
Timo Sirainen <tss@iki.fi>
parents:
8123
diff
changeset
|
306 client->proxy_master_user); |
50f49805b13b
imap/pop3 proxy: Support master user logins.
Timo Sirainen <tss@iki.fi>
parents:
8123
diff
changeset
|
307 } |
8123
26b67708b365
imap/pop3-proxy: If auth_verbose=yes, log proxy login failures.
Timo Sirainen <tss@iki.fi>
parents:
8097
diff
changeset
|
308 str_append(str, ": "); |
8926
415089905616
imap-login: Use [resp-codes] to figure out when to replace remote's auth failed message with ours.
Timo Sirainen <tss@iki.fi>
parents:
8774
diff
changeset
|
309 if (strncasecmp(line, "NO ", 3) == 0) |
415089905616
imap-login: Use [resp-codes] to figure out when to replace remote's auth failed message with ours.
Timo Sirainen <tss@iki.fi>
parents:
8774
diff
changeset
|
310 str_append(str, line + 3); |
8123
26b67708b365
imap/pop3-proxy: If auth_verbose=yes, log proxy login failures.
Timo Sirainen <tss@iki.fi>
parents:
8097
diff
changeset
|
311 else |
8926
415089905616
imap-login: Use [resp-codes] to figure out when to replace remote's auth failed message with ours.
Timo Sirainen <tss@iki.fi>
parents:
8774
diff
changeset
|
312 str_append(str, line); |
8123
26b67708b365
imap/pop3-proxy: If auth_verbose=yes, log proxy login failures.
Timo Sirainen <tss@iki.fi>
parents:
8097
diff
changeset
|
313 i_info("%s", str_c(str)); |
26b67708b365
imap/pop3-proxy: If auth_verbose=yes, log proxy login failures.
Timo Sirainen <tss@iki.fi>
parents:
8097
diff
changeset
|
314 } |
8926
415089905616
imap-login: Use [resp-codes] to figure out when to replace remote's auth failed message with ours.
Timo Sirainen <tss@iki.fi>
parents:
8774
diff
changeset
|
315 #define STR_NO_IMAP_RESP_CODE_AUTHFAILED "NO ["IMAP_RESP_CODE_AUTHFAILED"]" |
415089905616
imap-login: Use [resp-codes] to figure out when to replace remote's auth failed message with ours.
Timo Sirainen <tss@iki.fi>
parents:
8774
diff
changeset
|
316 if (strncmp(line, STR_NO_IMAP_RESP_CODE_AUTHFAILED, |
415089905616
imap-login: Use [resp-codes] to figure out when to replace remote's auth failed message with ours.
Timo Sirainen <tss@iki.fi>
parents:
8774
diff
changeset
|
317 strlen(STR_NO_IMAP_RESP_CODE_AUTHFAILED)) == 0) { |
415089905616
imap-login: Use [resp-codes] to figure out when to replace remote's auth failed message with ours.
Timo Sirainen <tss@iki.fi>
parents:
8774
diff
changeset
|
318 /* the remote sent a generic "authentication failed" |
415089905616
imap-login: Use [resp-codes] to figure out when to replace remote's auth failed message with ours.
Timo Sirainen <tss@iki.fi>
parents:
8774
diff
changeset
|
319 error. replace it with our one, so that in case |
415089905616
imap-login: Use [resp-codes] to figure out when to replace remote's auth failed message with ours.
Timo Sirainen <tss@iki.fi>
parents:
8774
diff
changeset
|
320 the remote is sending a different error message |
415089905616
imap-login: Use [resp-codes] to figure out when to replace remote's auth failed message with ours.
Timo Sirainen <tss@iki.fi>
parents:
8774
diff
changeset
|
321 an attacker can't find out what users exist in |
415089905616
imap-login: Use [resp-codes] to figure out when to replace remote's auth failed message with ours.
Timo Sirainen <tss@iki.fi>
parents:
8774
diff
changeset
|
322 the system. */ |
415089905616
imap-login: Use [resp-codes] to figure out when to replace remote's auth failed message with ours.
Timo Sirainen <tss@iki.fi>
parents:
8774
diff
changeset
|
323 line = "NO "IMAP_AUTH_FAILED_MSG; |
415089905616
imap-login: Use [resp-codes] to figure out when to replace remote's auth failed message with ours.
Timo Sirainen <tss@iki.fi>
parents:
8774
diff
changeset
|
324 } else if (strncmp(line, "NO [", 4) == 0) { |
415089905616
imap-login: Use [resp-codes] to figure out when to replace remote's auth failed message with ours.
Timo Sirainen <tss@iki.fi>
parents:
8774
diff
changeset
|
325 /* remote sent some other resp-code. forward it. */ |
415089905616
imap-login: Use [resp-codes] to figure out when to replace remote's auth failed message with ours.
Timo Sirainen <tss@iki.fi>
parents:
8774
diff
changeset
|
326 } else { |
415089905616
imap-login: Use [resp-codes] to figure out when to replace remote's auth failed message with ours.
Timo Sirainen <tss@iki.fi>
parents:
8774
diff
changeset
|
327 /* there was no [resp-code], so remote isn't Dovecot |
415089905616
imap-login: Use [resp-codes] to figure out when to replace remote's auth failed message with ours.
Timo Sirainen <tss@iki.fi>
parents:
8774
diff
changeset
|
328 v1.2+. we could either forward the line as-is and |
415089905616
imap-login: Use [resp-codes] to figure out when to replace remote's auth failed message with ours.
Timo Sirainen <tss@iki.fi>
parents:
8774
diff
changeset
|
329 leak information about what users exist in this |
415089905616
imap-login: Use [resp-codes] to figure out when to replace remote's auth failed message with ours.
Timo Sirainen <tss@iki.fi>
parents:
8774
diff
changeset
|
330 system, or we could hide other errors than password |
415089905616
imap-login: Use [resp-codes] to figure out when to replace remote's auth failed message with ours.
Timo Sirainen <tss@iki.fi>
parents:
8774
diff
changeset
|
331 failures. since other errors are pretty rare, |
415089905616
imap-login: Use [resp-codes] to figure out when to replace remote's auth failed message with ours.
Timo Sirainen <tss@iki.fi>
parents:
8774
diff
changeset
|
332 it's safer to just hide them. they're still |
415089905616
imap-login: Use [resp-codes] to figure out when to replace remote's auth failed message with ours.
Timo Sirainen <tss@iki.fi>
parents:
8774
diff
changeset
|
333 available in logs though. */ |
415089905616
imap-login: Use [resp-codes] to figure out when to replace remote's auth failed message with ours.
Timo Sirainen <tss@iki.fi>
parents:
8774
diff
changeset
|
334 line = "NO "IMAP_AUTH_FAILED_MSG; |
415089905616
imap-login: Use [resp-codes] to figure out when to replace remote's auth failed message with ours.
Timo Sirainen <tss@iki.fi>
parents:
8774
diff
changeset
|
335 } |
415089905616
imap-login: Use [resp-codes] to figure out when to replace remote's auth failed message with ours.
Timo Sirainen <tss@iki.fi>
parents:
8774
diff
changeset
|
336 client_send_tagline(client, line); |
415089905616
imap-login: Use [resp-codes] to figure out when to replace remote's auth failed message with ours.
Timo Sirainen <tss@iki.fi>
parents:
8774
diff
changeset
|
337 |
8583
2ff2cac3578b
imap/pop3-login: Cleaned up proxying code. Don't disconnect client on proxy failures.
Timo Sirainen <tss@iki.fi>
parents:
8546
diff
changeset
|
338 proxy_failed(client, FALSE); |
2773
e624a9ad6a30
More smart IMAP and POP3 proxies. Now if remote login fails, it just
Timo Sirainen <tss@iki.fi>
parents:
2768
diff
changeset
|
339 return -1; |
8979
f8404c0f14de
imap-proxy: Send backend's CAPABILITY if it's different from what was sent to client before.
Timo Sirainen <tss@iki.fi>
parents:
8978
diff
changeset
|
340 } else if (strncasecmp(line, "* CAPABILITY ", 13) == 0) { |
f8404c0f14de
imap-proxy: Send backend's CAPABILITY if it's different from what was sent to client before.
Timo Sirainen <tss@iki.fi>
parents:
8978
diff
changeset
|
341 i_free(client->proxy_backend_capability); |
f8404c0f14de
imap-proxy: Send backend's CAPABILITY if it's different from what was sent to client before.
Timo Sirainen <tss@iki.fi>
parents:
8978
diff
changeset
|
342 client->proxy_backend_capability = i_strdup(line + 13); |
f8404c0f14de
imap-proxy: Send backend's CAPABILITY if it's different from what was sent to client before.
Timo Sirainen <tss@iki.fi>
parents:
8978
diff
changeset
|
343 return 0; |
9126
b745911012bb
imap proxy: Pass through to client unexpected untagged replies from remote server.
Timo Sirainen <tss@iki.fi>
parents:
8985
diff
changeset
|
344 } else if (strncasecmp(line, "I ", 2) == 0 || |
b745911012bb
imap proxy: Pass through to client unexpected untagged replies from remote server.
Timo Sirainen <tss@iki.fi>
parents:
8985
diff
changeset
|
345 strncasecmp(line, "* ID ", 5) == 0) { |
b745911012bb
imap proxy: Pass through to client unexpected untagged replies from remote server.
Timo Sirainen <tss@iki.fi>
parents:
8985
diff
changeset
|
346 /* Reply to ID command we sent, ignore it */ |
9128
ca486f917810
imap proxy: Fix to previous change.
Timo Sirainen <tss@iki.fi>
parents:
9126
diff
changeset
|
347 return 0; |
9126
b745911012bb
imap proxy: Pass through to client unexpected untagged replies from remote server.
Timo Sirainen <tss@iki.fi>
parents:
8985
diff
changeset
|
348 } else if (strncmp(line, "* ", 2) == 0) { |
b745911012bb
imap proxy: Pass through to client unexpected untagged replies from remote server.
Timo Sirainen <tss@iki.fi>
parents:
8985
diff
changeset
|
349 /* untagged reply. just foward it. */ |
b745911012bb
imap proxy: Pass through to client unexpected untagged replies from remote server.
Timo Sirainen <tss@iki.fi>
parents:
8985
diff
changeset
|
350 client_send_line(client, line); |
b745911012bb
imap proxy: Pass through to client unexpected untagged replies from remote server.
Timo Sirainen <tss@iki.fi>
parents:
8985
diff
changeset
|
351 return 0; |
2773
e624a9ad6a30
More smart IMAP and POP3 proxies. Now if remote login fails, it just
Timo Sirainen <tss@iki.fi>
parents:
2768
diff
changeset
|
352 } else { |
9126
b745911012bb
imap proxy: Pass through to client unexpected untagged replies from remote server.
Timo Sirainen <tss@iki.fi>
parents:
8985
diff
changeset
|
353 /* tagged reply, shouldn't happen. */ |
2773
e624a9ad6a30
More smart IMAP and POP3 proxies. Now if remote login fails, it just
Timo Sirainen <tss@iki.fi>
parents:
2768
diff
changeset
|
354 return 0; |
e624a9ad6a30
More smart IMAP and POP3 proxies. Now if remote login fails, it just
Timo Sirainen <tss@iki.fi>
parents:
2768
diff
changeset
|
355 } |
e624a9ad6a30
More smart IMAP and POP3 proxies. Now if remote login fails, it just
Timo Sirainen <tss@iki.fi>
parents:
2768
diff
changeset
|
356 } |
e624a9ad6a30
More smart IMAP and POP3 proxies. Now if remote login fails, it just
Timo Sirainen <tss@iki.fi>
parents:
2768
diff
changeset
|
357 |
8985
f43bebab3dac
imap/pop3 proxy: Support SSL/TLS connections to remote servers.
Timo Sirainen <tss@iki.fi>
parents:
8979
diff
changeset
|
358 static void proxy_input(struct imap_client *client) |
2773
e624a9ad6a30
More smart IMAP and POP3 proxies. Now if remote login fails, it just
Timo Sirainen <tss@iki.fi>
parents:
2768
diff
changeset
|
359 { |
8985
f43bebab3dac
imap/pop3 proxy: Support SSL/TLS connections to remote servers.
Timo Sirainen <tss@iki.fi>
parents:
8979
diff
changeset
|
360 struct istream *input; |
2773
e624a9ad6a30
More smart IMAP and POP3 proxies. Now if remote login fails, it just
Timo Sirainen <tss@iki.fi>
parents:
2768
diff
changeset
|
361 const char *line; |
e624a9ad6a30
More smart IMAP and POP3 proxies. Now if remote login fails, it just
Timo Sirainen <tss@iki.fi>
parents:
2768
diff
changeset
|
362 |
8985
f43bebab3dac
imap/pop3 proxy: Support SSL/TLS connections to remote servers.
Timo Sirainen <tss@iki.fi>
parents:
8979
diff
changeset
|
363 if (client->proxy == NULL) { |
f43bebab3dac
imap/pop3 proxy: Support SSL/TLS connections to remote servers.
Timo Sirainen <tss@iki.fi>
parents:
8979
diff
changeset
|
364 /* we're just freeing the proxy */ |
f43bebab3dac
imap/pop3 proxy: Support SSL/TLS connections to remote servers.
Timo Sirainen <tss@iki.fi>
parents:
8979
diff
changeset
|
365 return; |
f43bebab3dac
imap/pop3 proxy: Support SSL/TLS connections to remote servers.
Timo Sirainen <tss@iki.fi>
parents:
8979
diff
changeset
|
366 } |
f43bebab3dac
imap/pop3 proxy: Support SSL/TLS connections to remote servers.
Timo Sirainen <tss@iki.fi>
parents:
8979
diff
changeset
|
367 |
f43bebab3dac
imap/pop3 proxy: Support SSL/TLS connections to remote servers.
Timo Sirainen <tss@iki.fi>
parents:
8979
diff
changeset
|
368 input = login_proxy_get_istream(client->proxy); |
2773
e624a9ad6a30
More smart IMAP and POP3 proxies. Now if remote login fails, it just
Timo Sirainen <tss@iki.fi>
parents:
2768
diff
changeset
|
369 if (input == NULL) { |
5138
20302f49eda3
Don't crash if the remote server disconnects before we're logged in.
Timo Sirainen <tss@iki.fi>
parents:
5046
diff
changeset
|
370 if (client->destroyed) { |
20302f49eda3
Don't crash if the remote server disconnects before we're logged in.
Timo Sirainen <tss@iki.fi>
parents:
5046
diff
changeset
|
371 /* we came here from client_destroy() */ |
20302f49eda3
Don't crash if the remote server disconnects before we're logged in.
Timo Sirainen <tss@iki.fi>
parents:
5046
diff
changeset
|
372 return; |
20302f49eda3
Don't crash if the remote server disconnects before we're logged in.
Timo Sirainen <tss@iki.fi>
parents:
5046
diff
changeset
|
373 } |
20302f49eda3
Don't crash if the remote server disconnects before we're logged in.
Timo Sirainen <tss@iki.fi>
parents:
5046
diff
changeset
|
374 |
3054
a5dbe1e56c07
proxy: When we can't connect to remote server, show "Temporary login
Timo Sirainen <tss@iki.fi>
parents:
2835
diff
changeset
|
375 /* failed for some reason, probably server disconnected */ |
8583
2ff2cac3578b
imap/pop3-login: Cleaned up proxying code. Don't disconnect client on proxy failures.
Timo Sirainen <tss@iki.fi>
parents:
8546
diff
changeset
|
376 proxy_failed(client, TRUE); |
2773
e624a9ad6a30
More smart IMAP and POP3 proxies. Now if remote login fails, it just
Timo Sirainen <tss@iki.fi>
parents:
2768
diff
changeset
|
377 return; |
e624a9ad6a30
More smart IMAP and POP3 proxies. Now if remote login fails, it just
Timo Sirainen <tss@iki.fi>
parents:
2768
diff
changeset
|
378 } |
e624a9ad6a30
More smart IMAP and POP3 proxies. Now if remote login fails, it just
Timo Sirainen <tss@iki.fi>
parents:
2768
diff
changeset
|
379 |
5138
20302f49eda3
Don't crash if the remote server disconnects before we're logged in.
Timo Sirainen <tss@iki.fi>
parents:
5046
diff
changeset
|
380 i_assert(!client->destroyed); |
20302f49eda3
Don't crash if the remote server disconnects before we're logged in.
Timo Sirainen <tss@iki.fi>
parents:
5046
diff
changeset
|
381 |
2773
e624a9ad6a30
More smart IMAP and POP3 proxies. Now if remote login fails, it just
Timo Sirainen <tss@iki.fi>
parents:
2768
diff
changeset
|
382 switch (i_stream_read(input)) { |
e624a9ad6a30
More smart IMAP and POP3 proxies. Now if remote login fails, it just
Timo Sirainen <tss@iki.fi>
parents:
2768
diff
changeset
|
383 case -2: |
8583
2ff2cac3578b
imap/pop3-login: Cleaned up proxying code. Don't disconnect client on proxy failures.
Timo Sirainen <tss@iki.fi>
parents:
8546
diff
changeset
|
384 client_syslog_err(&client->common, |
2ff2cac3578b
imap/pop3-login: Cleaned up proxying code. Don't disconnect client on proxy failures.
Timo Sirainen <tss@iki.fi>
parents:
8546
diff
changeset
|
385 "proxy: Remote input buffer full"); |
2ff2cac3578b
imap/pop3-login: Cleaned up proxying code. Don't disconnect client on proxy failures.
Timo Sirainen <tss@iki.fi>
parents:
8546
diff
changeset
|
386 proxy_failed(client, TRUE); |
2773
e624a9ad6a30
More smart IMAP and POP3 proxies. Now if remote login fails, it just
Timo Sirainen <tss@iki.fi>
parents:
2768
diff
changeset
|
387 return; |
e624a9ad6a30
More smart IMAP and POP3 proxies. Now if remote login fails, it just
Timo Sirainen <tss@iki.fi>
parents:
2768
diff
changeset
|
388 case -1: |
8583
2ff2cac3578b
imap/pop3-login: Cleaned up proxying code. Don't disconnect client on proxy failures.
Timo Sirainen <tss@iki.fi>
parents:
8546
diff
changeset
|
389 client_syslog_err(&client->common, |
2ff2cac3578b
imap/pop3-login: Cleaned up proxying code. Don't disconnect client on proxy failures.
Timo Sirainen <tss@iki.fi>
parents:
8546
diff
changeset
|
390 "proxy: Remote disconnected"); |
2ff2cac3578b
imap/pop3-login: Cleaned up proxying code. Don't disconnect client on proxy failures.
Timo Sirainen <tss@iki.fi>
parents:
8546
diff
changeset
|
391 proxy_failed(client, TRUE); |
2773
e624a9ad6a30
More smart IMAP and POP3 proxies. Now if remote login fails, it just
Timo Sirainen <tss@iki.fi>
parents:
2768
diff
changeset
|
392 return; |
e624a9ad6a30
More smart IMAP and POP3 proxies. Now if remote login fails, it just
Timo Sirainen <tss@iki.fi>
parents:
2768
diff
changeset
|
393 } |
e624a9ad6a30
More smart IMAP and POP3 proxies. Now if remote login fails, it just
Timo Sirainen <tss@iki.fi>
parents:
2768
diff
changeset
|
394 |
e624a9ad6a30
More smart IMAP and POP3 proxies. Now if remote login fails, it just
Timo Sirainen <tss@iki.fi>
parents:
2768
diff
changeset
|
395 while ((line = i_stream_next_line(input)) != NULL) { |
8985
f43bebab3dac
imap/pop3 proxy: Support SSL/TLS connections to remote servers.
Timo Sirainen <tss@iki.fi>
parents:
8979
diff
changeset
|
396 if (proxy_input_line(client, line) != 0) |
2773
e624a9ad6a30
More smart IMAP and POP3 proxies. Now if remote login fails, it just
Timo Sirainen <tss@iki.fi>
parents:
2768
diff
changeset
|
397 break; |
e624a9ad6a30
More smart IMAP and POP3 proxies. Now if remote login fails, it just
Timo Sirainen <tss@iki.fi>
parents:
2768
diff
changeset
|
398 } |
e624a9ad6a30
More smart IMAP and POP3 proxies. Now if remote login fails, it just
Timo Sirainen <tss@iki.fi>
parents:
2768
diff
changeset
|
399 } |
e624a9ad6a30
More smart IMAP and POP3 proxies. Now if remote login fails, it just
Timo Sirainen <tss@iki.fi>
parents:
2768
diff
changeset
|
400 |
2768
d344be0bb70f
Added IMAP and POP3 proxying support.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
401 int imap_proxy_new(struct imap_client *client, const char *host, |
8546
50f49805b13b
imap/pop3 proxy: Support master user logins.
Timo Sirainen <tss@iki.fi>
parents:
8123
diff
changeset
|
402 unsigned int port, const char *user, const char *master_user, |
8985
f43bebab3dac
imap/pop3 proxy: Support SSL/TLS connections to remote servers.
Timo Sirainen <tss@iki.fi>
parents:
8979
diff
changeset
|
403 const char *password, enum login_proxy_ssl_flags ssl_flags) |
2768
d344be0bb70f
Added IMAP and POP3 proxying support.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
404 { |
d344be0bb70f
Added IMAP and POP3 proxying support.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
405 i_assert(user != NULL); |
4770
88c29111fcee
Crashfixes and more asserts. Mostly related to use of AUTHENTICATE/AUTH
Timo Sirainen <tss@iki.fi>
parents:
4768
diff
changeset
|
406 i_assert(!client->destroyed); |
2768
d344be0bb70f
Added IMAP and POP3 proxying support.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
407 |
d344be0bb70f
Added IMAP and POP3 proxying support.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
408 if (password == NULL) { |
8583
2ff2cac3578b
imap/pop3-login: Cleaned up proxying code. Don't disconnect client on proxy failures.
Timo Sirainen <tss@iki.fi>
parents:
8546
diff
changeset
|
409 client_syslog_err(&client->common, "proxy: password not given"); |
2ff2cac3578b
imap/pop3-login: Cleaned up proxying code. Don't disconnect client on proxy failures.
Timo Sirainen <tss@iki.fi>
parents:
8546
diff
changeset
|
410 client_send_tagline(client, PROXY_FAILURE_MSG); |
2768
d344be0bb70f
Added IMAP and POP3 proxying support.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
411 return -1; |
d344be0bb70f
Added IMAP and POP3 proxying support.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
412 } |
d344be0bb70f
Added IMAP and POP3 proxying support.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
413 |
4560
507088c0d511
Fixes for handling near-full connection queues.
Timo Sirainen <tss@iki.fi>
parents:
3879
diff
changeset
|
414 i_assert(client->refcount > 1); |
507088c0d511
Fixes for handling near-full connection queues.
Timo Sirainen <tss@iki.fi>
parents:
3879
diff
changeset
|
415 connection_queue_add(1); |
507088c0d511
Fixes for handling near-full connection queues.
Timo Sirainen <tss@iki.fi>
parents:
3879
diff
changeset
|
416 |
4770
88c29111fcee
Crashfixes and more asserts. Mostly related to use of AUTHENTICATE/AUTH
Timo Sirainen <tss@iki.fi>
parents:
4768
diff
changeset
|
417 if (client->destroyed) { |
88c29111fcee
Crashfixes and more asserts. Mostly related to use of AUTHENTICATE/AUTH
Timo Sirainen <tss@iki.fi>
parents:
4768
diff
changeset
|
418 /* connection_queue_add() decided that we were the oldest |
88c29111fcee
Crashfixes and more asserts. Mostly related to use of AUTHENTICATE/AUTH
Timo Sirainen <tss@iki.fi>
parents:
4768
diff
changeset
|
419 connection and killed us. */ |
88c29111fcee
Crashfixes and more asserts. Mostly related to use of AUTHENTICATE/AUTH
Timo Sirainen <tss@iki.fi>
parents:
4768
diff
changeset
|
420 return -1; |
88c29111fcee
Crashfixes and more asserts. Mostly related to use of AUTHENTICATE/AUTH
Timo Sirainen <tss@iki.fi>
parents:
4768
diff
changeset
|
421 } |
8583
2ff2cac3578b
imap/pop3-login: Cleaned up proxying code. Don't disconnect client on proxy failures.
Timo Sirainen <tss@iki.fi>
parents:
8546
diff
changeset
|
422 if (login_proxy_is_ourself(&client->common, host, port, user)) { |
2ff2cac3578b
imap/pop3-login: Cleaned up proxying code. Don't disconnect client on proxy failures.
Timo Sirainen <tss@iki.fi>
parents:
8546
diff
changeset
|
423 client_syslog_err(&client->common, "Proxying loops to itself"); |
2ff2cac3578b
imap/pop3-login: Cleaned up proxying code. Don't disconnect client on proxy failures.
Timo Sirainen <tss@iki.fi>
parents:
8546
diff
changeset
|
424 client_send_tagline(client, PROXY_FAILURE_MSG); |
2ff2cac3578b
imap/pop3-login: Cleaned up proxying code. Don't disconnect client on proxy failures.
Timo Sirainen <tss@iki.fi>
parents:
8546
diff
changeset
|
425 return -1; |
2ff2cac3578b
imap/pop3-login: Cleaned up proxying code. Don't disconnect client on proxy failures.
Timo Sirainen <tss@iki.fi>
parents:
8546
diff
changeset
|
426 } |
4770
88c29111fcee
Crashfixes and more asserts. Mostly related to use of AUTHENTICATE/AUTH
Timo Sirainen <tss@iki.fi>
parents:
4768
diff
changeset
|
427 |
8985
f43bebab3dac
imap/pop3 proxy: Support SSL/TLS connections to remote servers.
Timo Sirainen <tss@iki.fi>
parents:
8979
diff
changeset
|
428 client->proxy = login_proxy_new(&client->common, host, port, ssl_flags, |
2773
e624a9ad6a30
More smart IMAP and POP3 proxies. Now if remote login fails, it just
Timo Sirainen <tss@iki.fi>
parents:
2768
diff
changeset
|
429 proxy_input, client); |
8583
2ff2cac3578b
imap/pop3-login: Cleaned up proxying code. Don't disconnect client on proxy failures.
Timo Sirainen <tss@iki.fi>
parents:
8546
diff
changeset
|
430 if (client->proxy == NULL) { |
2ff2cac3578b
imap/pop3-login: Cleaned up proxying code. Don't disconnect client on proxy failures.
Timo Sirainen <tss@iki.fi>
parents:
8546
diff
changeset
|
431 client_send_tagline(client, PROXY_FAILURE_MSG); |
2768
d344be0bb70f
Added IMAP and POP3 proxying support.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
432 return -1; |
8583
2ff2cac3578b
imap/pop3-login: Cleaned up proxying code. Don't disconnect client on proxy failures.
Timo Sirainen <tss@iki.fi>
parents:
8546
diff
changeset
|
433 } |
2768
d344be0bb70f
Added IMAP and POP3 proxying support.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
434 |
8985
f43bebab3dac
imap/pop3 proxy: Support SSL/TLS connections to remote servers.
Timo Sirainen <tss@iki.fi>
parents:
8979
diff
changeset
|
435 client->proxy_sasl_ir = FALSE; |
f43bebab3dac
imap/pop3 proxy: Support SSL/TLS connections to remote servers.
Timo Sirainen <tss@iki.fi>
parents:
8979
diff
changeset
|
436 client->proxy_seen_banner = FALSE; |
2773
e624a9ad6a30
More smart IMAP and POP3 proxies. Now if remote login fails, it just
Timo Sirainen <tss@iki.fi>
parents:
2768
diff
changeset
|
437 client->proxy_user = i_strdup(user); |
8546
50f49805b13b
imap/pop3 proxy: Support master user logins.
Timo Sirainen <tss@iki.fi>
parents:
8123
diff
changeset
|
438 client->proxy_master_user = i_strdup(master_user); |
2773
e624a9ad6a30
More smart IMAP and POP3 proxies. Now if remote login fails, it just
Timo Sirainen <tss@iki.fi>
parents:
2768
diff
changeset
|
439 client->proxy_password = i_strdup(password); |
e624a9ad6a30
More smart IMAP and POP3 proxies. Now if remote login fails, it just
Timo Sirainen <tss@iki.fi>
parents:
2768
diff
changeset
|
440 |
e624a9ad6a30
More smart IMAP and POP3 proxies. Now if remote login fails, it just
Timo Sirainen <tss@iki.fi>
parents:
2768
diff
changeset
|
441 /* disable input until authentication is finished */ |
3879
928229f8b3e6
deinit, unref, destroy, close, free, etc. functions now take a pointer to
Timo Sirainen <tss@iki.fi>
parents:
3054
diff
changeset
|
442 if (client->io != NULL) |
928229f8b3e6
deinit, unref, destroy, close, free, etc. functions now take a pointer to
Timo Sirainen <tss@iki.fi>
parents:
3054
diff
changeset
|
443 io_remove(&client->io); |
2768
d344be0bb70f
Added IMAP and POP3 proxying support.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
444 return 0; |
d344be0bb70f
Added IMAP and POP3 proxying support.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
445 } |