Mercurial > dovecot > original-hg > dovecot-1.2
annotate src/imap-login/client-authenticate.c @ 2773:e624a9ad6a30 HEAD
More smart IMAP and POP3 proxies. Now if remote login fails, it just
destroys the proxy and allows trying another username which can go elsewhere.
Also now replies with the same old "Authentication failed" error message
instead of showing remote server's failure message.
author | Timo Sirainen <tss@iki.fi> |
---|---|
date | Tue, 19 Oct 2004 02:07:01 +0300 |
parents | d344be0bb70f |
children | 08c640bdf749 |
rev | line source |
---|---|
2691
46f879c46b45
auth_verbose now affects imap/pop3 login processes too. Every authentication
Timo Sirainen <tss@iki.fi>
parents:
2629
diff
changeset
|
1 /* Copyright (C) 2002-2004 Timo Sirainen */ |
1049
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
2 |
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
3 #include "common.h" |
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
4 #include "base64.h" |
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
5 #include "buffer.h" |
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
6 #include "ioloop.h" |
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
7 #include "istream.h" |
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
8 #include "ostream.h" |
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
9 #include "safe-memset.h" |
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
10 #include "str.h" |
2691
46f879c46b45
auth_verbose now affects imap/pop3 login processes too. Every authentication
Timo Sirainen <tss@iki.fi>
parents:
2629
diff
changeset
|
11 #include "str-sanitize.h" |
1049
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
12 #include "imap-parser.h" |
1702
43815588dd6b
Moved client side code for auth process handling to lib-auth. Some other login process cleanups.
Timo Sirainen <tss@iki.fi>
parents:
1499
diff
changeset
|
13 #include "auth-client.h" |
1049
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
14 #include "client.h" |
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
15 #include "client-authenticate.h" |
2768
d344be0bb70f
Added IMAP and POP3 proxying support.
Timo Sirainen <tss@iki.fi>
parents:
2766
diff
changeset
|
16 #include "imap-proxy.h" |
d344be0bb70f
Added IMAP and POP3 proxying support.
Timo Sirainen <tss@iki.fi>
parents:
2766
diff
changeset
|
17 |
d344be0bb70f
Added IMAP and POP3 proxying support.
Timo Sirainen <tss@iki.fi>
parents:
2766
diff
changeset
|
18 #include <stdlib.h> |
2691
46f879c46b45
auth_verbose now affects imap/pop3 login processes too. Every authentication
Timo Sirainen <tss@iki.fi>
parents:
2629
diff
changeset
|
19 |
1725
cc0690f92d96
disable_plaintext_auth defaults to yes now. ipv4 127.* and ipv6 ::1
Timo Sirainen <tss@iki.fi>
parents:
1714
diff
changeset
|
20 const char *client_authenticate_get_capabilities(int secured) |
1049
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
21 { |
2077
d5b20d679b8a
Removed hardcoded mechanism lists. It's now possible to add them
Timo Sirainen <tss@iki.fi>
parents:
2076
diff
changeset
|
22 const struct auth_mech_desc *mech; |
d5b20d679b8a
Removed hardcoded mechanism lists. It's now possible to add them
Timo Sirainen <tss@iki.fi>
parents:
2076
diff
changeset
|
23 unsigned int i, count; |
1049
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
24 string_t *str; |
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
25 |
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
26 str = t_str_new(128); |
2077
d5b20d679b8a
Removed hardcoded mechanism lists. It's now possible to add them
Timo Sirainen <tss@iki.fi>
parents:
2076
diff
changeset
|
27 mech = auth_client_get_available_mechs(auth_client, &count); |
d5b20d679b8a
Removed hardcoded mechanism lists. It's now possible to add them
Timo Sirainen <tss@iki.fi>
parents:
2076
diff
changeset
|
28 for (i = 0; i < count; i++) { |
1949
d2755efdd187
Don't advertise AUTH=PLAIN unless transport is secure
Timo Sirainen <tss@iki.fi>
parents:
1894
diff
changeset
|
29 /* a) transport is secured |
d2755efdd187
Don't advertise AUTH=PLAIN unless transport is secure
Timo Sirainen <tss@iki.fi>
parents:
1894
diff
changeset
|
30 b) auth mechanism isn't plaintext |
d2755efdd187
Don't advertise AUTH=PLAIN unless transport is secure
Timo Sirainen <tss@iki.fi>
parents:
1894
diff
changeset
|
31 c) we allow insecure authentication |
d2755efdd187
Don't advertise AUTH=PLAIN unless transport is secure
Timo Sirainen <tss@iki.fi>
parents:
1894
diff
changeset
|
32 */ |
2736
0f31778d3c34
Changed dovecot-auth protocol to ASCII based. Should be easier now to write
Timo Sirainen <tss@iki.fi>
parents:
2734
diff
changeset
|
33 if ((mech[i].flags & MECH_SEC_PRIVATE) == 0 && |
0f31778d3c34
Changed dovecot-auth protocol to ASCII based. Should be easier now to write
Timo Sirainen <tss@iki.fi>
parents:
2734
diff
changeset
|
34 (secured || !disable_plaintext_auth || |
0f31778d3c34
Changed dovecot-auth protocol to ASCII based. Should be easier now to write
Timo Sirainen <tss@iki.fi>
parents:
2734
diff
changeset
|
35 (mech[i].flags & MECH_SEC_PLAINTEXT) == 0)) { |
1049
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
36 str_append_c(str, ' '); |
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
37 str_append(str, "AUTH="); |
2077
d5b20d679b8a
Removed hardcoded mechanism lists. It's now possible to add them
Timo Sirainen <tss@iki.fi>
parents:
2076
diff
changeset
|
38 str_append(str, mech[i].name); |
1049
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
39 } |
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
40 } |
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
41 |
2077
d5b20d679b8a
Removed hardcoded mechanism lists. It's now possible to add them
Timo Sirainen <tss@iki.fi>
parents:
2076
diff
changeset
|
42 return str_c(str); |
1049
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
43 } |
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
44 |
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
45 static void client_auth_input(void *context) |
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
46 { |
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
47 struct imap_client *client = context; |
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
48 char *line; |
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
49 |
2237
6b05e30c669a
crashfix if client closes connection while authenticating
Timo Sirainen <tss@iki.fi>
parents:
2097
diff
changeset
|
50 if (!client_read(client)) |
1049
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
51 return; |
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
52 |
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
53 if (client->skip_line) { |
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
54 if (i_stream_next_line(client->input) == NULL) |
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
55 return; |
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
56 |
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
57 client->skip_line = FALSE; |
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
58 } |
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
59 |
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
60 /* @UNSAFE */ |
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
61 line = i_stream_next_line(client->input); |
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
62 if (line == NULL) |
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
63 return; |
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
64 |
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
65 if (strcmp(line, "*") == 0) { |
2733
9b9d9c164a31
Login process cleanups. Share more authentication code between pop3/imap.
Timo Sirainen <tss@iki.fi>
parents:
2708
diff
changeset
|
66 sasl_server_auth_cancel(&client->common, |
9b9d9c164a31
Login process cleanups. Share more authentication code between pop3/imap.
Timo Sirainen <tss@iki.fi>
parents:
2708
diff
changeset
|
67 "Authentication aborted"); |
1049
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
68 return; |
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
69 } |
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
70 |
2736
0f31778d3c34
Changed dovecot-auth protocol to ASCII based. Should be easier now to write
Timo Sirainen <tss@iki.fi>
parents:
2734
diff
changeset
|
71 if (client->common.auth_request == NULL) { |
2733
9b9d9c164a31
Login process cleanups. Share more authentication code between pop3/imap.
Timo Sirainen <tss@iki.fi>
parents:
2708
diff
changeset
|
72 sasl_server_auth_cancel(&client->common, |
9b9d9c164a31
Login process cleanups. Share more authentication code between pop3/imap.
Timo Sirainen <tss@iki.fi>
parents:
2708
diff
changeset
|
73 "Don't send unrequested data"); |
1049
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
74 } else { |
2736
0f31778d3c34
Changed dovecot-auth protocol to ASCII based. Should be easier now to write
Timo Sirainen <tss@iki.fi>
parents:
2734
diff
changeset
|
75 auth_client_request_continue(client->common.auth_request, line); |
1049
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
76 } |
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
77 |
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
78 /* clear sensitive data */ |
2736
0f31778d3c34
Changed dovecot-auth protocol to ASCII based. Should be easier now to write
Timo Sirainen <tss@iki.fi>
parents:
2734
diff
changeset
|
79 safe_memset(line, 0, strlen(line)); |
1049
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
80 } |
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
81 |
2768
d344be0bb70f
Added IMAP and POP3 proxying support.
Timo Sirainen <tss@iki.fi>
parents:
2766
diff
changeset
|
82 static int client_handle_args(struct imap_client *client, |
d344be0bb70f
Added IMAP and POP3 proxying support.
Timo Sirainen <tss@iki.fi>
parents:
2766
diff
changeset
|
83 const char *const *args, int nologin) |
2766
26a091f3add6
Implemented support for LOGIN-REFERRALS using "referral" and "reason"
Timo Sirainen <tss@iki.fi>
parents:
2736
diff
changeset
|
84 { |
2768
d344be0bb70f
Added IMAP and POP3 proxying support.
Timo Sirainen <tss@iki.fi>
parents:
2766
diff
changeset
|
85 const char *reason = NULL, *host = NULL, *destuser = NULL, *pass = NULL; |
2766
26a091f3add6
Implemented support for LOGIN-REFERRALS using "referral" and "reason"
Timo Sirainen <tss@iki.fi>
parents:
2736
diff
changeset
|
86 string_t *reply; |
2768
d344be0bb70f
Added IMAP and POP3 proxying support.
Timo Sirainen <tss@iki.fi>
parents:
2766
diff
changeset
|
87 unsigned int port = 143; |
d344be0bb70f
Added IMAP and POP3 proxying support.
Timo Sirainen <tss@iki.fi>
parents:
2766
diff
changeset
|
88 int proxy = FALSE; |
2766
26a091f3add6
Implemented support for LOGIN-REFERRALS using "referral" and "reason"
Timo Sirainen <tss@iki.fi>
parents:
2736
diff
changeset
|
89 |
26a091f3add6
Implemented support for LOGIN-REFERRALS using "referral" and "reason"
Timo Sirainen <tss@iki.fi>
parents:
2736
diff
changeset
|
90 for (; *args != NULL; args++) { |
26a091f3add6
Implemented support for LOGIN-REFERRALS using "referral" and "reason"
Timo Sirainen <tss@iki.fi>
parents:
2736
diff
changeset
|
91 if (strcmp(*args, "nologin") == 0) |
26a091f3add6
Implemented support for LOGIN-REFERRALS using "referral" and "reason"
Timo Sirainen <tss@iki.fi>
parents:
2736
diff
changeset
|
92 nologin = TRUE; |
2768
d344be0bb70f
Added IMAP and POP3 proxying support.
Timo Sirainen <tss@iki.fi>
parents:
2766
diff
changeset
|
93 else if (strcmp(*args, "proxy") == 0) |
d344be0bb70f
Added IMAP and POP3 proxying support.
Timo Sirainen <tss@iki.fi>
parents:
2766
diff
changeset
|
94 proxy = TRUE; |
2766
26a091f3add6
Implemented support for LOGIN-REFERRALS using "referral" and "reason"
Timo Sirainen <tss@iki.fi>
parents:
2736
diff
changeset
|
95 else if (strncmp(*args, "reason=", 7) == 0) |
26a091f3add6
Implemented support for LOGIN-REFERRALS using "referral" and "reason"
Timo Sirainen <tss@iki.fi>
parents:
2736
diff
changeset
|
96 reason = *args + 7; |
2768
d344be0bb70f
Added IMAP and POP3 proxying support.
Timo Sirainen <tss@iki.fi>
parents:
2766
diff
changeset
|
97 else if (strncmp(*args, "host=", 5) == 0) |
d344be0bb70f
Added IMAP and POP3 proxying support.
Timo Sirainen <tss@iki.fi>
parents:
2766
diff
changeset
|
98 host = *args + 5; |
d344be0bb70f
Added IMAP and POP3 proxying support.
Timo Sirainen <tss@iki.fi>
parents:
2766
diff
changeset
|
99 else if (strncmp(*args, "port=", 5) == 0) |
d344be0bb70f
Added IMAP and POP3 proxying support.
Timo Sirainen <tss@iki.fi>
parents:
2766
diff
changeset
|
100 port = atoi(*args + 5); |
d344be0bb70f
Added IMAP and POP3 proxying support.
Timo Sirainen <tss@iki.fi>
parents:
2766
diff
changeset
|
101 else if (strncmp(*args, "destuser=", 9) == 0) |
d344be0bb70f
Added IMAP and POP3 proxying support.
Timo Sirainen <tss@iki.fi>
parents:
2766
diff
changeset
|
102 destuser = *args + 9; |
d344be0bb70f
Added IMAP and POP3 proxying support.
Timo Sirainen <tss@iki.fi>
parents:
2766
diff
changeset
|
103 else if (strncmp(*args, "pass=", 5) == 0) |
d344be0bb70f
Added IMAP and POP3 proxying support.
Timo Sirainen <tss@iki.fi>
parents:
2766
diff
changeset
|
104 pass = *args + 5; |
2766
26a091f3add6
Implemented support for LOGIN-REFERRALS using "referral" and "reason"
Timo Sirainen <tss@iki.fi>
parents:
2736
diff
changeset
|
105 } |
26a091f3add6
Implemented support for LOGIN-REFERRALS using "referral" and "reason"
Timo Sirainen <tss@iki.fi>
parents:
2736
diff
changeset
|
106 |
2768
d344be0bb70f
Added IMAP and POP3 proxying support.
Timo Sirainen <tss@iki.fi>
parents:
2766
diff
changeset
|
107 if (destuser == NULL) |
d344be0bb70f
Added IMAP and POP3 proxying support.
Timo Sirainen <tss@iki.fi>
parents:
2766
diff
changeset
|
108 destuser = client->common.virtual_user; |
d344be0bb70f
Added IMAP and POP3 proxying support.
Timo Sirainen <tss@iki.fi>
parents:
2766
diff
changeset
|
109 |
d344be0bb70f
Added IMAP and POP3 proxying support.
Timo Sirainen <tss@iki.fi>
parents:
2766
diff
changeset
|
110 if (proxy) { |
d344be0bb70f
Added IMAP and POP3 proxying support.
Timo Sirainen <tss@iki.fi>
parents:
2766
diff
changeset
|
111 /* we want to proxy the connection to another server. |
2766
26a091f3add6
Implemented support for LOGIN-REFERRALS using "referral" and "reason"
Timo Sirainen <tss@iki.fi>
parents:
2736
diff
changeset
|
112 |
2768
d344be0bb70f
Added IMAP and POP3 proxying support.
Timo Sirainen <tss@iki.fi>
parents:
2766
diff
changeset
|
113 proxy host=.. [port=..] [destuser=..] pass=.. */ |
d344be0bb70f
Added IMAP and POP3 proxying support.
Timo Sirainen <tss@iki.fi>
parents:
2766
diff
changeset
|
114 if (imap_proxy_new(client, host, port, destuser, pass) < 0) |
d344be0bb70f
Added IMAP and POP3 proxying support.
Timo Sirainen <tss@iki.fi>
parents:
2766
diff
changeset
|
115 client_destroy_internal_failure(client); |
d344be0bb70f
Added IMAP and POP3 proxying support.
Timo Sirainen <tss@iki.fi>
parents:
2766
diff
changeset
|
116 return TRUE; |
d344be0bb70f
Added IMAP and POP3 proxying support.
Timo Sirainen <tss@iki.fi>
parents:
2766
diff
changeset
|
117 } else if (host != NULL) { |
d344be0bb70f
Added IMAP and POP3 proxying support.
Timo Sirainen <tss@iki.fi>
parents:
2766
diff
changeset
|
118 /* IMAP referral |
d344be0bb70f
Added IMAP and POP3 proxying support.
Timo Sirainen <tss@iki.fi>
parents:
2766
diff
changeset
|
119 |
d344be0bb70f
Added IMAP and POP3 proxying support.
Timo Sirainen <tss@iki.fi>
parents:
2766
diff
changeset
|
120 [nologin] referral host=.. [port=..] [destuser=..] |
d344be0bb70f
Added IMAP and POP3 proxying support.
Timo Sirainen <tss@iki.fi>
parents:
2766
diff
changeset
|
121 [reason=..] |
2766
26a091f3add6
Implemented support for LOGIN-REFERRALS using "referral" and "reason"
Timo Sirainen <tss@iki.fi>
parents:
2736
diff
changeset
|
122 |
2768
d344be0bb70f
Added IMAP and POP3 proxying support.
Timo Sirainen <tss@iki.fi>
parents:
2766
diff
changeset
|
123 NO [REFERRAL imap://destuser;AUTH=..@host:port/] Can't login. |
d344be0bb70f
Added IMAP and POP3 proxying support.
Timo Sirainen <tss@iki.fi>
parents:
2766
diff
changeset
|
124 OK [...] Logged in, but you should use this server instead. |
d344be0bb70f
Added IMAP and POP3 proxying support.
Timo Sirainen <tss@iki.fi>
parents:
2766
diff
changeset
|
125 .. [REFERRAL ..] (Reason from auth server) |
d344be0bb70f
Added IMAP and POP3 proxying support.
Timo Sirainen <tss@iki.fi>
parents:
2766
diff
changeset
|
126 */ |
d344be0bb70f
Added IMAP and POP3 proxying support.
Timo Sirainen <tss@iki.fi>
parents:
2766
diff
changeset
|
127 reply = t_str_new(128); |
d344be0bb70f
Added IMAP and POP3 proxying support.
Timo Sirainen <tss@iki.fi>
parents:
2766
diff
changeset
|
128 str_append(reply, nologin ? "NO " : "OK "); |
d344be0bb70f
Added IMAP and POP3 proxying support.
Timo Sirainen <tss@iki.fi>
parents:
2766
diff
changeset
|
129 str_printfa(reply, "[REFERRAL imap://%s;AUTH=%s@%s", |
d344be0bb70f
Added IMAP and POP3 proxying support.
Timo Sirainen <tss@iki.fi>
parents:
2766
diff
changeset
|
130 destuser, client->common.auth_mech_name, host); |
d344be0bb70f
Added IMAP and POP3 proxying support.
Timo Sirainen <tss@iki.fi>
parents:
2766
diff
changeset
|
131 if (port != 143) |
d344be0bb70f
Added IMAP and POP3 proxying support.
Timo Sirainen <tss@iki.fi>
parents:
2766
diff
changeset
|
132 str_printfa(reply, ":%u", port); |
d344be0bb70f
Added IMAP and POP3 proxying support.
Timo Sirainen <tss@iki.fi>
parents:
2766
diff
changeset
|
133 str_append(reply, "/] "); |
d344be0bb70f
Added IMAP and POP3 proxying support.
Timo Sirainen <tss@iki.fi>
parents:
2766
diff
changeset
|
134 if (reason != NULL) |
d344be0bb70f
Added IMAP and POP3 proxying support.
Timo Sirainen <tss@iki.fi>
parents:
2766
diff
changeset
|
135 str_append(reply, reason); |
d344be0bb70f
Added IMAP and POP3 proxying support.
Timo Sirainen <tss@iki.fi>
parents:
2766
diff
changeset
|
136 else if (nologin) |
d344be0bb70f
Added IMAP and POP3 proxying support.
Timo Sirainen <tss@iki.fi>
parents:
2766
diff
changeset
|
137 str_append(reply, "Try this server instead."); |
d344be0bb70f
Added IMAP and POP3 proxying support.
Timo Sirainen <tss@iki.fi>
parents:
2766
diff
changeset
|
138 else { |
d344be0bb70f
Added IMAP and POP3 proxying support.
Timo Sirainen <tss@iki.fi>
parents:
2766
diff
changeset
|
139 str_append(reply, "Logged in, but you should use " |
d344be0bb70f
Added IMAP and POP3 proxying support.
Timo Sirainen <tss@iki.fi>
parents:
2766
diff
changeset
|
140 "this server instead."); |
d344be0bb70f
Added IMAP and POP3 proxying support.
Timo Sirainen <tss@iki.fi>
parents:
2766
diff
changeset
|
141 } |
d344be0bb70f
Added IMAP and POP3 proxying support.
Timo Sirainen <tss@iki.fi>
parents:
2766
diff
changeset
|
142 client_send_tagline(client, str_c(reply)); |
d344be0bb70f
Added IMAP and POP3 proxying support.
Timo Sirainen <tss@iki.fi>
parents:
2766
diff
changeset
|
143 } else if (nologin) { |
d344be0bb70f
Added IMAP and POP3 proxying support.
Timo Sirainen <tss@iki.fi>
parents:
2766
diff
changeset
|
144 /* Authentication went ok, but for some reason user isn't |
d344be0bb70f
Added IMAP and POP3 proxying support.
Timo Sirainen <tss@iki.fi>
parents:
2766
diff
changeset
|
145 allowed to log in. Shouldn't probably happen. */ |
d344be0bb70f
Added IMAP and POP3 proxying support.
Timo Sirainen <tss@iki.fi>
parents:
2766
diff
changeset
|
146 reply = t_str_new(128); |
d344be0bb70f
Added IMAP and POP3 proxying support.
Timo Sirainen <tss@iki.fi>
parents:
2766
diff
changeset
|
147 if (reason != NULL) |
d344be0bb70f
Added IMAP and POP3 proxying support.
Timo Sirainen <tss@iki.fi>
parents:
2766
diff
changeset
|
148 str_printfa(reply, "NO %s", reason); |
d344be0bb70f
Added IMAP and POP3 proxying support.
Timo Sirainen <tss@iki.fi>
parents:
2766
diff
changeset
|
149 else |
2773
e624a9ad6a30
More smart IMAP and POP3 proxies. Now if remote login fails, it just
Timo Sirainen <tss@iki.fi>
parents:
2768
diff
changeset
|
150 str_append(reply, "NO "AUTH_FAILED_MSG); |
2768
d344be0bb70f
Added IMAP and POP3 proxying support.
Timo Sirainen <tss@iki.fi>
parents:
2766
diff
changeset
|
151 client_send_tagline(client, str_c(reply)); |
d344be0bb70f
Added IMAP and POP3 proxying support.
Timo Sirainen <tss@iki.fi>
parents:
2766
diff
changeset
|
152 } else { |
d344be0bb70f
Added IMAP and POP3 proxying support.
Timo Sirainen <tss@iki.fi>
parents:
2766
diff
changeset
|
153 /* normal login/failure */ |
d344be0bb70f
Added IMAP and POP3 proxying support.
Timo Sirainen <tss@iki.fi>
parents:
2766
diff
changeset
|
154 return FALSE; |
d344be0bb70f
Added IMAP and POP3 proxying support.
Timo Sirainen <tss@iki.fi>
parents:
2766
diff
changeset
|
155 } |
2766
26a091f3add6
Implemented support for LOGIN-REFERRALS using "referral" and "reason"
Timo Sirainen <tss@iki.fi>
parents:
2736
diff
changeset
|
156 |
26a091f3add6
Implemented support for LOGIN-REFERRALS using "referral" and "reason"
Timo Sirainen <tss@iki.fi>
parents:
2736
diff
changeset
|
157 if (!nologin) { |
26a091f3add6
Implemented support for LOGIN-REFERRALS using "referral" and "reason"
Timo Sirainen <tss@iki.fi>
parents:
2736
diff
changeset
|
158 client_destroy(client, t_strconcat( |
26a091f3add6
Implemented support for LOGIN-REFERRALS using "referral" and "reason"
Timo Sirainen <tss@iki.fi>
parents:
2736
diff
changeset
|
159 "Login: ", client->common.virtual_user, NULL)); |
26a091f3add6
Implemented support for LOGIN-REFERRALS using "referral" and "reason"
Timo Sirainen <tss@iki.fi>
parents:
2736
diff
changeset
|
160 } else { |
26a091f3add6
Implemented support for LOGIN-REFERRALS using "referral" and "reason"
Timo Sirainen <tss@iki.fi>
parents:
2736
diff
changeset
|
161 /* get back to normal client input. */ |
26a091f3add6
Implemented support for LOGIN-REFERRALS using "referral" and "reason"
Timo Sirainen <tss@iki.fi>
parents:
2736
diff
changeset
|
162 if (client->io != NULL) |
26a091f3add6
Implemented support for LOGIN-REFERRALS using "referral" and "reason"
Timo Sirainen <tss@iki.fi>
parents:
2736
diff
changeset
|
163 io_remove(client->io); |
26a091f3add6
Implemented support for LOGIN-REFERRALS using "referral" and "reason"
Timo Sirainen <tss@iki.fi>
parents:
2736
diff
changeset
|
164 client->io = io_add(client->common.fd, IO_READ, |
26a091f3add6
Implemented support for LOGIN-REFERRALS using "referral" and "reason"
Timo Sirainen <tss@iki.fi>
parents:
2736
diff
changeset
|
165 client_input, client); |
26a091f3add6
Implemented support for LOGIN-REFERRALS using "referral" and "reason"
Timo Sirainen <tss@iki.fi>
parents:
2736
diff
changeset
|
166 } |
26a091f3add6
Implemented support for LOGIN-REFERRALS using "referral" and "reason"
Timo Sirainen <tss@iki.fi>
parents:
2736
diff
changeset
|
167 return TRUE; |
26a091f3add6
Implemented support for LOGIN-REFERRALS using "referral" and "reason"
Timo Sirainen <tss@iki.fi>
parents:
2736
diff
changeset
|
168 } |
26a091f3add6
Implemented support for LOGIN-REFERRALS using "referral" and "reason"
Timo Sirainen <tss@iki.fi>
parents:
2736
diff
changeset
|
169 |
2733
9b9d9c164a31
Login process cleanups. Share more authentication code between pop3/imap.
Timo Sirainen <tss@iki.fi>
parents:
2708
diff
changeset
|
170 static void sasl_callback(struct client *_client, enum sasl_server_reply reply, |
2766
26a091f3add6
Implemented support for LOGIN-REFERRALS using "referral" and "reason"
Timo Sirainen <tss@iki.fi>
parents:
2736
diff
changeset
|
171 const char *data, const char *const *args) |
2733
9b9d9c164a31
Login process cleanups. Share more authentication code between pop3/imap.
Timo Sirainen <tss@iki.fi>
parents:
2708
diff
changeset
|
172 { |
9b9d9c164a31
Login process cleanups. Share more authentication code between pop3/imap.
Timo Sirainen <tss@iki.fi>
parents:
2708
diff
changeset
|
173 struct imap_client *client = (struct imap_client *)_client; |
9b9d9c164a31
Login process cleanups. Share more authentication code between pop3/imap.
Timo Sirainen <tss@iki.fi>
parents:
2708
diff
changeset
|
174 struct const_iovec iov[3]; |
9b9d9c164a31
Login process cleanups. Share more authentication code between pop3/imap.
Timo Sirainen <tss@iki.fi>
parents:
2708
diff
changeset
|
175 size_t data_len; |
9b9d9c164a31
Login process cleanups. Share more authentication code between pop3/imap.
Timo Sirainen <tss@iki.fi>
parents:
2708
diff
changeset
|
176 ssize_t ret; |
9b9d9c164a31
Login process cleanups. Share more authentication code between pop3/imap.
Timo Sirainen <tss@iki.fi>
parents:
2708
diff
changeset
|
177 |
9b9d9c164a31
Login process cleanups. Share more authentication code between pop3/imap.
Timo Sirainen <tss@iki.fi>
parents:
2708
diff
changeset
|
178 switch (reply) { |
9b9d9c164a31
Login process cleanups. Share more authentication code between pop3/imap.
Timo Sirainen <tss@iki.fi>
parents:
2708
diff
changeset
|
179 case SASL_SERVER_REPLY_SUCCESS: |
2766
26a091f3add6
Implemented support for LOGIN-REFERRALS using "referral" and "reason"
Timo Sirainen <tss@iki.fi>
parents:
2736
diff
changeset
|
180 if (args != NULL) { |
2768
d344be0bb70f
Added IMAP and POP3 proxying support.
Timo Sirainen <tss@iki.fi>
parents:
2766
diff
changeset
|
181 if (client_handle_args(client, args, FALSE)) |
2766
26a091f3add6
Implemented support for LOGIN-REFERRALS using "referral" and "reason"
Timo Sirainen <tss@iki.fi>
parents:
2736
diff
changeset
|
182 break; |
26a091f3add6
Implemented support for LOGIN-REFERRALS using "referral" and "reason"
Timo Sirainen <tss@iki.fi>
parents:
2736
diff
changeset
|
183 } |
26a091f3add6
Implemented support for LOGIN-REFERRALS using "referral" and "reason"
Timo Sirainen <tss@iki.fi>
parents:
2736
diff
changeset
|
184 |
2733
9b9d9c164a31
Login process cleanups. Share more authentication code between pop3/imap.
Timo Sirainen <tss@iki.fi>
parents:
2708
diff
changeset
|
185 client_send_tagline(client, "OK Logged in."); |
9b9d9c164a31
Login process cleanups. Share more authentication code between pop3/imap.
Timo Sirainen <tss@iki.fi>
parents:
2708
diff
changeset
|
186 client_destroy(client, t_strconcat( |
9b9d9c164a31
Login process cleanups. Share more authentication code between pop3/imap.
Timo Sirainen <tss@iki.fi>
parents:
2708
diff
changeset
|
187 "Login: ", client->common.virtual_user, NULL)); |
9b9d9c164a31
Login process cleanups. Share more authentication code between pop3/imap.
Timo Sirainen <tss@iki.fi>
parents:
2708
diff
changeset
|
188 break; |
9b9d9c164a31
Login process cleanups. Share more authentication code between pop3/imap.
Timo Sirainen <tss@iki.fi>
parents:
2708
diff
changeset
|
189 case SASL_SERVER_REPLY_AUTH_FAILED: |
2766
26a091f3add6
Implemented support for LOGIN-REFERRALS using "referral" and "reason"
Timo Sirainen <tss@iki.fi>
parents:
2736
diff
changeset
|
190 if (args != NULL) { |
2768
d344be0bb70f
Added IMAP and POP3 proxying support.
Timo Sirainen <tss@iki.fi>
parents:
2766
diff
changeset
|
191 if (client_handle_args(client, args, TRUE)) |
2766
26a091f3add6
Implemented support for LOGIN-REFERRALS using "referral" and "reason"
Timo Sirainen <tss@iki.fi>
parents:
2736
diff
changeset
|
192 break; |
26a091f3add6
Implemented support for LOGIN-REFERRALS using "referral" and "reason"
Timo Sirainen <tss@iki.fi>
parents:
2736
diff
changeset
|
193 } |
26a091f3add6
Implemented support for LOGIN-REFERRALS using "referral" and "reason"
Timo Sirainen <tss@iki.fi>
parents:
2736
diff
changeset
|
194 |
2773
e624a9ad6a30
More smart IMAP and POP3 proxies. Now if remote login fails, it just
Timo Sirainen <tss@iki.fi>
parents:
2768
diff
changeset
|
195 client_send_tagline(client, "NO "AUTH_FAILED_MSG); |
2733
9b9d9c164a31
Login process cleanups. Share more authentication code between pop3/imap.
Timo Sirainen <tss@iki.fi>
parents:
2708
diff
changeset
|
196 |
9b9d9c164a31
Login process cleanups. Share more authentication code between pop3/imap.
Timo Sirainen <tss@iki.fi>
parents:
2708
diff
changeset
|
197 /* get back to normal client input. */ |
9b9d9c164a31
Login process cleanups. Share more authentication code between pop3/imap.
Timo Sirainen <tss@iki.fi>
parents:
2708
diff
changeset
|
198 if (client->io != NULL) |
9b9d9c164a31
Login process cleanups. Share more authentication code between pop3/imap.
Timo Sirainen <tss@iki.fi>
parents:
2708
diff
changeset
|
199 io_remove(client->io); |
9b9d9c164a31
Login process cleanups. Share more authentication code between pop3/imap.
Timo Sirainen <tss@iki.fi>
parents:
2708
diff
changeset
|
200 client->io = io_add(client->common.fd, IO_READ, |
9b9d9c164a31
Login process cleanups. Share more authentication code between pop3/imap.
Timo Sirainen <tss@iki.fi>
parents:
2708
diff
changeset
|
201 client_input, client); |
9b9d9c164a31
Login process cleanups. Share more authentication code between pop3/imap.
Timo Sirainen <tss@iki.fi>
parents:
2708
diff
changeset
|
202 break; |
9b9d9c164a31
Login process cleanups. Share more authentication code between pop3/imap.
Timo Sirainen <tss@iki.fi>
parents:
2708
diff
changeset
|
203 case SASL_SERVER_REPLY_MASTER_FAILED: |
2768
d344be0bb70f
Added IMAP and POP3 proxying support.
Timo Sirainen <tss@iki.fi>
parents:
2766
diff
changeset
|
204 client_destroy_internal_failure(client); |
2733
9b9d9c164a31
Login process cleanups. Share more authentication code between pop3/imap.
Timo Sirainen <tss@iki.fi>
parents:
2708
diff
changeset
|
205 break; |
9b9d9c164a31
Login process cleanups. Share more authentication code between pop3/imap.
Timo Sirainen <tss@iki.fi>
parents:
2708
diff
changeset
|
206 case SASL_SERVER_REPLY_CONTINUE: |
9b9d9c164a31
Login process cleanups. Share more authentication code between pop3/imap.
Timo Sirainen <tss@iki.fi>
parents:
2708
diff
changeset
|
207 data_len = strlen(data); |
9b9d9c164a31
Login process cleanups. Share more authentication code between pop3/imap.
Timo Sirainen <tss@iki.fi>
parents:
2708
diff
changeset
|
208 iov[0].iov_base = "+ "; |
9b9d9c164a31
Login process cleanups. Share more authentication code between pop3/imap.
Timo Sirainen <tss@iki.fi>
parents:
2708
diff
changeset
|
209 iov[0].iov_len = 2; |
9b9d9c164a31
Login process cleanups. Share more authentication code between pop3/imap.
Timo Sirainen <tss@iki.fi>
parents:
2708
diff
changeset
|
210 iov[1].iov_base = data; |
9b9d9c164a31
Login process cleanups. Share more authentication code between pop3/imap.
Timo Sirainen <tss@iki.fi>
parents:
2708
diff
changeset
|
211 iov[1].iov_len = data_len; |
9b9d9c164a31
Login process cleanups. Share more authentication code between pop3/imap.
Timo Sirainen <tss@iki.fi>
parents:
2708
diff
changeset
|
212 iov[2].iov_base = "\r\n"; |
9b9d9c164a31
Login process cleanups. Share more authentication code between pop3/imap.
Timo Sirainen <tss@iki.fi>
parents:
2708
diff
changeset
|
213 iov[2].iov_len = 2; |
9b9d9c164a31
Login process cleanups. Share more authentication code between pop3/imap.
Timo Sirainen <tss@iki.fi>
parents:
2708
diff
changeset
|
214 |
9b9d9c164a31
Login process cleanups. Share more authentication code between pop3/imap.
Timo Sirainen <tss@iki.fi>
parents:
2708
diff
changeset
|
215 ret = o_stream_sendv(client->output, iov, 3); |
9b9d9c164a31
Login process cleanups. Share more authentication code between pop3/imap.
Timo Sirainen <tss@iki.fi>
parents:
2708
diff
changeset
|
216 if (ret < 0) |
9b9d9c164a31
Login process cleanups. Share more authentication code between pop3/imap.
Timo Sirainen <tss@iki.fi>
parents:
2708
diff
changeset
|
217 client_destroy(client, "Disconnected"); |
9b9d9c164a31
Login process cleanups. Share more authentication code between pop3/imap.
Timo Sirainen <tss@iki.fi>
parents:
2708
diff
changeset
|
218 else if ((size_t)ret != 2 + data_len + 2) |
9b9d9c164a31
Login process cleanups. Share more authentication code between pop3/imap.
Timo Sirainen <tss@iki.fi>
parents:
2708
diff
changeset
|
219 client_destroy(client, "Transmit buffer full"); |
9b9d9c164a31
Login process cleanups. Share more authentication code between pop3/imap.
Timo Sirainen <tss@iki.fi>
parents:
2708
diff
changeset
|
220 else { |
9b9d9c164a31
Login process cleanups. Share more authentication code between pop3/imap.
Timo Sirainen <tss@iki.fi>
parents:
2708
diff
changeset
|
221 /* continue */ |
9b9d9c164a31
Login process cleanups. Share more authentication code between pop3/imap.
Timo Sirainen <tss@iki.fi>
parents:
2708
diff
changeset
|
222 return; |
9b9d9c164a31
Login process cleanups. Share more authentication code between pop3/imap.
Timo Sirainen <tss@iki.fi>
parents:
2708
diff
changeset
|
223 } |
9b9d9c164a31
Login process cleanups. Share more authentication code between pop3/imap.
Timo Sirainen <tss@iki.fi>
parents:
2708
diff
changeset
|
224 break; |
9b9d9c164a31
Login process cleanups. Share more authentication code between pop3/imap.
Timo Sirainen <tss@iki.fi>
parents:
2708
diff
changeset
|
225 } |
9b9d9c164a31
Login process cleanups. Share more authentication code between pop3/imap.
Timo Sirainen <tss@iki.fi>
parents:
2708
diff
changeset
|
226 |
9b9d9c164a31
Login process cleanups. Share more authentication code between pop3/imap.
Timo Sirainen <tss@iki.fi>
parents:
2708
diff
changeset
|
227 client_unref(client); |
9b9d9c164a31
Login process cleanups. Share more authentication code between pop3/imap.
Timo Sirainen <tss@iki.fi>
parents:
2708
diff
changeset
|
228 } |
9b9d9c164a31
Login process cleanups. Share more authentication code between pop3/imap.
Timo Sirainen <tss@iki.fi>
parents:
2708
diff
changeset
|
229 |
1049
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
230 int cmd_authenticate(struct imap_client *client, struct imap_arg *args) |
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
231 { |
2733
9b9d9c164a31
Login process cleanups. Share more authentication code between pop3/imap.
Timo Sirainen <tss@iki.fi>
parents:
2708
diff
changeset
|
232 const char *mech_name; |
1049
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
233 |
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
234 /* we want only one argument: authentication mechanism name */ |
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
235 if (args[0].type != IMAP_ARG_ATOM && args[0].type != IMAP_ARG_STRING) |
2733
9b9d9c164a31
Login process cleanups. Share more authentication code between pop3/imap.
Timo Sirainen <tss@iki.fi>
parents:
2708
diff
changeset
|
236 return -1; |
1049
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
237 if (args[1].type != IMAP_ARG_EOL) |
2733
9b9d9c164a31
Login process cleanups. Share more authentication code between pop3/imap.
Timo Sirainen <tss@iki.fi>
parents:
2708
diff
changeset
|
238 return -1; |
1049
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
239 |
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
240 mech_name = IMAP_ARG_STR(&args[0]); |
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
241 if (*mech_name == '\0') |
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
242 return FALSE; |
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
243 |
2733
9b9d9c164a31
Login process cleanups. Share more authentication code between pop3/imap.
Timo Sirainen <tss@iki.fi>
parents:
2708
diff
changeset
|
244 client_ref(client); |
2736
0f31778d3c34
Changed dovecot-auth protocol to ASCII based. Should be easier now to write
Timo Sirainen <tss@iki.fi>
parents:
2734
diff
changeset
|
245 sasl_server_auth_begin(&client->common, "IMAP", mech_name, NULL, |
2733
9b9d9c164a31
Login process cleanups. Share more authentication code between pop3/imap.
Timo Sirainen <tss@iki.fi>
parents:
2708
diff
changeset
|
246 sasl_callback); |
9b9d9c164a31
Login process cleanups. Share more authentication code between pop3/imap.
Timo Sirainen <tss@iki.fi>
parents:
2708
diff
changeset
|
247 if (!client->common.authenticating) |
9b9d9c164a31
Login process cleanups. Share more authentication code between pop3/imap.
Timo Sirainen <tss@iki.fi>
parents:
2708
diff
changeset
|
248 return 1; |
9b9d9c164a31
Login process cleanups. Share more authentication code between pop3/imap.
Timo Sirainen <tss@iki.fi>
parents:
2708
diff
changeset
|
249 |
9b9d9c164a31
Login process cleanups. Share more authentication code between pop3/imap.
Timo Sirainen <tss@iki.fi>
parents:
2708
diff
changeset
|
250 /* following input data will go to authentication */ |
9b9d9c164a31
Login process cleanups. Share more authentication code between pop3/imap.
Timo Sirainen <tss@iki.fi>
parents:
2708
diff
changeset
|
251 if (client->io != NULL) |
9b9d9c164a31
Login process cleanups. Share more authentication code between pop3/imap.
Timo Sirainen <tss@iki.fi>
parents:
2708
diff
changeset
|
252 io_remove(client->io); |
9b9d9c164a31
Login process cleanups. Share more authentication code between pop3/imap.
Timo Sirainen <tss@iki.fi>
parents:
2708
diff
changeset
|
253 client->io = io_add(client->common.fd, IO_READ, |
9b9d9c164a31
Login process cleanups. Share more authentication code between pop3/imap.
Timo Sirainen <tss@iki.fi>
parents:
2708
diff
changeset
|
254 client_auth_input, client); |
9b9d9c164a31
Login process cleanups. Share more authentication code between pop3/imap.
Timo Sirainen <tss@iki.fi>
parents:
2708
diff
changeset
|
255 return 0; |
9b9d9c164a31
Login process cleanups. Share more authentication code between pop3/imap.
Timo Sirainen <tss@iki.fi>
parents:
2708
diff
changeset
|
256 } |
9b9d9c164a31
Login process cleanups. Share more authentication code between pop3/imap.
Timo Sirainen <tss@iki.fi>
parents:
2708
diff
changeset
|
257 |
9b9d9c164a31
Login process cleanups. Share more authentication code between pop3/imap.
Timo Sirainen <tss@iki.fi>
parents:
2708
diff
changeset
|
258 int cmd_login(struct imap_client *client, struct imap_arg *args) |
9b9d9c164a31
Login process cleanups. Share more authentication code between pop3/imap.
Timo Sirainen <tss@iki.fi>
parents:
2708
diff
changeset
|
259 { |
9b9d9c164a31
Login process cleanups. Share more authentication code between pop3/imap.
Timo Sirainen <tss@iki.fi>
parents:
2708
diff
changeset
|
260 const char *user, *pass; |
2736
0f31778d3c34
Changed dovecot-auth protocol to ASCII based. Should be easier now to write
Timo Sirainen <tss@iki.fi>
parents:
2734
diff
changeset
|
261 string_t *plain_login, *base64; |
2733
9b9d9c164a31
Login process cleanups. Share more authentication code between pop3/imap.
Timo Sirainen <tss@iki.fi>
parents:
2708
diff
changeset
|
262 |
9b9d9c164a31
Login process cleanups. Share more authentication code between pop3/imap.
Timo Sirainen <tss@iki.fi>
parents:
2708
diff
changeset
|
263 /* two arguments: username and password */ |
9b9d9c164a31
Login process cleanups. Share more authentication code between pop3/imap.
Timo Sirainen <tss@iki.fi>
parents:
2708
diff
changeset
|
264 if (args[0].type != IMAP_ARG_ATOM && args[0].type != IMAP_ARG_STRING) |
9b9d9c164a31
Login process cleanups. Share more authentication code between pop3/imap.
Timo Sirainen <tss@iki.fi>
parents:
2708
diff
changeset
|
265 return -1; |
9b9d9c164a31
Login process cleanups. Share more authentication code between pop3/imap.
Timo Sirainen <tss@iki.fi>
parents:
2708
diff
changeset
|
266 if (args[1].type != IMAP_ARG_ATOM && args[1].type != IMAP_ARG_STRING) |
9b9d9c164a31
Login process cleanups. Share more authentication code between pop3/imap.
Timo Sirainen <tss@iki.fi>
parents:
2708
diff
changeset
|
267 return -1; |
9b9d9c164a31
Login process cleanups. Share more authentication code between pop3/imap.
Timo Sirainen <tss@iki.fi>
parents:
2708
diff
changeset
|
268 if (args[2].type != IMAP_ARG_EOL) |
9b9d9c164a31
Login process cleanups. Share more authentication code between pop3/imap.
Timo Sirainen <tss@iki.fi>
parents:
2708
diff
changeset
|
269 return -1; |
9b9d9c164a31
Login process cleanups. Share more authentication code between pop3/imap.
Timo Sirainen <tss@iki.fi>
parents:
2708
diff
changeset
|
270 |
9b9d9c164a31
Login process cleanups. Share more authentication code between pop3/imap.
Timo Sirainen <tss@iki.fi>
parents:
2708
diff
changeset
|
271 user = IMAP_ARG_STR(&args[0]); |
9b9d9c164a31
Login process cleanups. Share more authentication code between pop3/imap.
Timo Sirainen <tss@iki.fi>
parents:
2708
diff
changeset
|
272 pass = IMAP_ARG_STR(&args[1]); |
9b9d9c164a31
Login process cleanups. Share more authentication code between pop3/imap.
Timo Sirainen <tss@iki.fi>
parents:
2708
diff
changeset
|
273 |
9b9d9c164a31
Login process cleanups. Share more authentication code between pop3/imap.
Timo Sirainen <tss@iki.fi>
parents:
2708
diff
changeset
|
274 if (!client->common.secured && disable_plaintext_auth) { |
2691
46f879c46b45
auth_verbose now affects imap/pop3 login processes too. Every authentication
Timo Sirainen <tss@iki.fi>
parents:
2629
diff
changeset
|
275 if (verbose_auth) { |
2733
9b9d9c164a31
Login process cleanups. Share more authentication code between pop3/imap.
Timo Sirainen <tss@iki.fi>
parents:
2708
diff
changeset
|
276 client_syslog(&client->common, "Login failed: " |
9b9d9c164a31
Login process cleanups. Share more authentication code between pop3/imap.
Timo Sirainen <tss@iki.fi>
parents:
2708
diff
changeset
|
277 "Plaintext authentication disabled"); |
2691
46f879c46b45
auth_verbose now affects imap/pop3 login processes too. Every authentication
Timo Sirainen <tss@iki.fi>
parents:
2629
diff
changeset
|
278 } |
2733
9b9d9c164a31
Login process cleanups. Share more authentication code between pop3/imap.
Timo Sirainen <tss@iki.fi>
parents:
2708
diff
changeset
|
279 client_send_line(client, |
9b9d9c164a31
Login process cleanups. Share more authentication code between pop3/imap.
Timo Sirainen <tss@iki.fi>
parents:
2708
diff
changeset
|
280 "* BAD [ALERT] Plaintext authentication is disabled, " |
9b9d9c164a31
Login process cleanups. Share more authentication code between pop3/imap.
Timo Sirainen <tss@iki.fi>
parents:
2708
diff
changeset
|
281 "but your client sent password in plaintext anyway. " |
9b9d9c164a31
Login process cleanups. Share more authentication code between pop3/imap.
Timo Sirainen <tss@iki.fi>
parents:
2708
diff
changeset
|
282 "If anyone was listening, the password was exposed."); |
1049
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
283 client_send_tagline(client, |
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
284 "NO Plaintext authentication disabled."); |
2733
9b9d9c164a31
Login process cleanups. Share more authentication code between pop3/imap.
Timo Sirainen <tss@iki.fi>
parents:
2708
diff
changeset
|
285 return 1; |
1049
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
286 } |
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
287 |
2733
9b9d9c164a31
Login process cleanups. Share more authentication code between pop3/imap.
Timo Sirainen <tss@iki.fi>
parents:
2708
diff
changeset
|
288 /* authorization ID \0 authentication ID \0 pass */ |
9b9d9c164a31
Login process cleanups. Share more authentication code between pop3/imap.
Timo Sirainen <tss@iki.fi>
parents:
2708
diff
changeset
|
289 plain_login = buffer_create_dynamic(pool_datastack_create(), 64); |
9b9d9c164a31
Login process cleanups. Share more authentication code between pop3/imap.
Timo Sirainen <tss@iki.fi>
parents:
2708
diff
changeset
|
290 buffer_append_c(plain_login, '\0'); |
9b9d9c164a31
Login process cleanups. Share more authentication code between pop3/imap.
Timo Sirainen <tss@iki.fi>
parents:
2708
diff
changeset
|
291 buffer_append(plain_login, user, strlen(user)); |
9b9d9c164a31
Login process cleanups. Share more authentication code between pop3/imap.
Timo Sirainen <tss@iki.fi>
parents:
2708
diff
changeset
|
292 buffer_append_c(plain_login, '\0'); |
9b9d9c164a31
Login process cleanups. Share more authentication code between pop3/imap.
Timo Sirainen <tss@iki.fi>
parents:
2708
diff
changeset
|
293 buffer_append(plain_login, pass, strlen(pass)); |
2097
4e77cb0aff21
Added %l, %r and %P variables and mail_log_prefix setting.
Timo Sirainen <tss@iki.fi>
parents:
2088
diff
changeset
|
294 |
2736
0f31778d3c34
Changed dovecot-auth protocol to ASCII based. Should be easier now to write
Timo Sirainen <tss@iki.fi>
parents:
2734
diff
changeset
|
295 base64 = buffer_create_dynamic(pool_datastack_create(), |
0f31778d3c34
Changed dovecot-auth protocol to ASCII based. Should be easier now to write
Timo Sirainen <tss@iki.fi>
parents:
2734
diff
changeset
|
296 MAX_BASE64_ENCODED_SIZE(plain_login->used)); |
0f31778d3c34
Changed dovecot-auth protocol to ASCII based. Should be easier now to write
Timo Sirainen <tss@iki.fi>
parents:
2734
diff
changeset
|
297 base64_encode(plain_login->data, plain_login->used, base64); |
0f31778d3c34
Changed dovecot-auth protocol to ASCII based. Should be easier now to write
Timo Sirainen <tss@iki.fi>
parents:
2734
diff
changeset
|
298 |
1714 | 299 client_ref(client); |
2733
9b9d9c164a31
Login process cleanups. Share more authentication code between pop3/imap.
Timo Sirainen <tss@iki.fi>
parents:
2708
diff
changeset
|
300 sasl_server_auth_begin(&client->common, "IMAP", "PLAIN", |
2736
0f31778d3c34
Changed dovecot-auth protocol to ASCII based. Should be easier now to write
Timo Sirainen <tss@iki.fi>
parents:
2734
diff
changeset
|
301 str_c(base64), sasl_callback); |
2733
9b9d9c164a31
Login process cleanups. Share more authentication code between pop3/imap.
Timo Sirainen <tss@iki.fi>
parents:
2708
diff
changeset
|
302 if (!client->common.authenticating) |
9b9d9c164a31
Login process cleanups. Share more authentication code between pop3/imap.
Timo Sirainen <tss@iki.fi>
parents:
2708
diff
changeset
|
303 return 1; |
2421
d141e1bfdd63
We never do blocking reads/writes to network anymore. Changed imap and pop3
Timo Sirainen <tss@iki.fi>
parents:
2287
diff
changeset
|
304 |
2733
9b9d9c164a31
Login process cleanups. Share more authentication code between pop3/imap.
Timo Sirainen <tss@iki.fi>
parents:
2708
diff
changeset
|
305 /* don't read any input from client until login is finished */ |
9b9d9c164a31
Login process cleanups. Share more authentication code between pop3/imap.
Timo Sirainen <tss@iki.fi>
parents:
2708
diff
changeset
|
306 if (client->io != NULL) { |
9b9d9c164a31
Login process cleanups. Share more authentication code between pop3/imap.
Timo Sirainen <tss@iki.fi>
parents:
2708
diff
changeset
|
307 io_remove(client->io); |
9b9d9c164a31
Login process cleanups. Share more authentication code between pop3/imap.
Timo Sirainen <tss@iki.fi>
parents:
2708
diff
changeset
|
308 client->io = NULL; |
1049
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
309 } |
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
310 |
2733
9b9d9c164a31
Login process cleanups. Share more authentication code between pop3/imap.
Timo Sirainen <tss@iki.fi>
parents:
2708
diff
changeset
|
311 return 0; |
1049
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
312 } |