Mercurial > dovecot > original-hg > dovecot-1.2

annotate src/imap-login/client-authenticate.c @ 2708:f1e9f3ec8135 HEAD

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Buffer API change: we no longer support limited sized buffers where writes past limit wouldn't kill the process. They weren't used hardly anywhere, they could have hidden bugs and the code for handling them was too complex. This also changed base64 and hex-binary APIs.
author Timo Sirainen <tss@iki.fi>
date Fri, 08 Oct 2004 20:51:47 +0300
parents 46f879c46b45
children 9b9d9c164a31
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
rev   line source
2691
46f879c46b45 auth_verbose now affects imap/pop3 login processes too. Every authentication
Timo Sirainen <tss@iki.fi>
parents: 2629
diff changeset
1 /* Copyright (C) 2002-2004 Timo Sirainen */
1049
c41787e8c3f4 Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
2
c41787e8c3f4 Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
3 #include "common.h"
c41787e8c3f4 Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
4 #include "base64.h"
c41787e8c3f4 Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
5 #include "buffer.h"
c41787e8c3f4 Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
6 #include "ioloop.h"
c41787e8c3f4 Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
7 #include "istream.h"
c41787e8c3f4 Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
8 #include "ostream.h"
c41787e8c3f4 Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
9 #include "safe-memset.h"
c41787e8c3f4 Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
10 #include "str.h"
2691
46f879c46b45 auth_verbose now affects imap/pop3 login processes too. Every authentication
Timo Sirainen <tss@iki.fi>
parents: 2629
diff changeset
11 #include "str-sanitize.h"
1049
c41787e8c3f4 Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
12 #include "imap-parser.h"
1702
43815588dd6b Moved client side code for auth process handling to lib-auth. Some other login process cleanups.
Timo Sirainen <tss@iki.fi>
parents: 1499
diff changeset
13 #include "auth-client.h"
2027
dc5d0da1abe9 Added ssl_require_client_cert auth-specific setting. Hide
Timo Sirainen <tss@iki.fi>
parents: 1949
diff changeset
14 #include "ssl-proxy.h"
1049
c41787e8c3f4 Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
15 #include "client.h"
c41787e8c3f4 Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
16 #include "client-authenticate.h"
1084
86b8c9cb7ac0 Moved more auth code to login-common.
Timo Sirainen <tss@iki.fi>
parents: 1083
diff changeset
17 #include "auth-common.h"
1049
c41787e8c3f4 Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
18 #include "master.h"
c41787e8c3f4 Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
19
2691
46f879c46b45 auth_verbose now affects imap/pop3 login processes too. Every authentication
Timo Sirainen <tss@iki.fi>
parents: 2629
diff changeset
20 /* Used only for string sanitization while verbose_auth is set. */
46f879c46b45 auth_verbose now affects imap/pop3 login processes too. Every authentication
Timo Sirainen <tss@iki.fi>
parents: 2629
diff changeset
21 #define MAX_MECH_NAME 64
46f879c46b45 auth_verbose now affects imap/pop3 login processes too. Every authentication
Timo Sirainen <tss@iki.fi>
parents: 2629
diff changeset
22
1725
cc0690f92d96 disable_plaintext_auth defaults to yes now. ipv4 127.* and ipv6 ::1
Timo Sirainen <tss@iki.fi>
parents: 1714
diff changeset
23 const char *client_authenticate_get_capabilities(int secured)
1049
c41787e8c3f4 Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
24 {
2077
d5b20d679b8a Removed hardcoded mechanism lists. It's now possible to add them
Timo Sirainen <tss@iki.fi>
parents: 2076
diff changeset
25 const struct auth_mech_desc *mech;
d5b20d679b8a Removed hardcoded mechanism lists. It's now possible to add them
Timo Sirainen <tss@iki.fi>
parents: 2076
diff changeset
26 unsigned int i, count;
1049
c41787e8c3f4 Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
27 string_t *str;
c41787e8c3f4 Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
28
c41787e8c3f4 Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
29 str = t_str_new(128);
2077
d5b20d679b8a Removed hardcoded mechanism lists. It's now possible to add them
Timo Sirainen <tss@iki.fi>
parents: 2076
diff changeset
30 mech = auth_client_get_available_mechs(auth_client, &count);
d5b20d679b8a Removed hardcoded mechanism lists. It's now possible to add them
Timo Sirainen <tss@iki.fi>
parents: 2076
diff changeset
31 for (i = 0; i < count; i++) {
1949
d2755efdd187 Don't advertise AUTH=PLAIN unless transport is secure
Timo Sirainen <tss@iki.fi>
parents: 1894
diff changeset
32 /* a) transport is secured
d2755efdd187 Don't advertise AUTH=PLAIN unless transport is secure
Timo Sirainen <tss@iki.fi>
parents: 1894
diff changeset
33 b) auth mechanism isn't plaintext
d2755efdd187 Don't advertise AUTH=PLAIN unless transport is secure
Timo Sirainen <tss@iki.fi>
parents: 1894
diff changeset
34 c) we allow insecure authentication
d2755efdd187 Don't advertise AUTH=PLAIN unless transport is secure
Timo Sirainen <tss@iki.fi>
parents: 1894
diff changeset
35 - but don't advertise AUTH=PLAIN, as RFC 2595 requires
d2755efdd187 Don't advertise AUTH=PLAIN unless transport is secure
Timo Sirainen <tss@iki.fi>
parents: 1894
diff changeset
36 */
2077
d5b20d679b8a Removed hardcoded mechanism lists. It's now possible to add them
Timo Sirainen <tss@iki.fi>
parents: 2076
diff changeset
37 if (mech[i].advertise &&
d5b20d679b8a Removed hardcoded mechanism lists. It's now possible to add them
Timo Sirainen <tss@iki.fi>
parents: 2076
diff changeset
38 (secured || !mech[i].plaintext)) {
1049
c41787e8c3f4 Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
39 str_append_c(str, ' ');
c41787e8c3f4 Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
40 str_append(str, "AUTH=");
2077
d5b20d679b8a Removed hardcoded mechanism lists. It's now possible to add them
Timo Sirainen <tss@iki.fi>
parents: 2076
diff changeset
41 str_append(str, mech[i].name);
1049
c41787e8c3f4 Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
42 }
c41787e8c3f4 Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
43 }
c41787e8c3f4 Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
44
2077
d5b20d679b8a Removed hardcoded mechanism lists. It's now possible to add them
Timo Sirainen <tss@iki.fi>
parents: 2076
diff changeset
45 return str_c(str);
1049
c41787e8c3f4 Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
46 }
c41787e8c3f4 Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
47
c41787e8c3f4 Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
48 static void client_auth_abort(struct imap_client *client, const char *msg)
c41787e8c3f4 Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
49 {
1499
e850252cdc7e Removed I/O priorities. They were pretty much useless and were just getting
Timo Sirainen <tss@iki.fi>
parents: 1474
diff changeset
50 client->authenticating = FALSE;
e850252cdc7e Removed I/O priorities. They were pretty much useless and were just getting
Timo Sirainen <tss@iki.fi>
parents: 1474
diff changeset
51
1084
86b8c9cb7ac0 Moved more auth code to login-common.
Timo Sirainen <tss@iki.fi>
parents: 1083
diff changeset
52 if (client->common.auth_request != NULL) {
1702
43815588dd6b Moved client side code for auth process handling to lib-auth. Some other login process cleanups.
Timo Sirainen <tss@iki.fi>
parents: 1499
diff changeset
53 auth_client_request_abort(client->common.auth_request);
1084
86b8c9cb7ac0 Moved more auth code to login-common.
Timo Sirainen <tss@iki.fi>
parents: 1083
diff changeset
54 client->common.auth_request = NULL;
1049
c41787e8c3f4 Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
55 }
c41787e8c3f4 Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
56
2691
46f879c46b45 auth_verbose now affects imap/pop3 login processes too. Every authentication
Timo Sirainen <tss@iki.fi>
parents: 2629
diff changeset
57 if (msg != NULL && verbose_auth)
46f879c46b45 auth_verbose now affects imap/pop3 login processes too. Every authentication
Timo Sirainen <tss@iki.fi>
parents: 2629
diff changeset
58 client_syslog(client, "Authentication failed: %s", msg);
46f879c46b45 auth_verbose now affects imap/pop3 login processes too. Every authentication
Timo Sirainen <tss@iki.fi>
parents: 2629
diff changeset
59
1084
86b8c9cb7ac0 Moved more auth code to login-common.
Timo Sirainen <tss@iki.fi>
parents: 1083
diff changeset
60 client_send_tagline(client, msg != NULL ?
86b8c9cb7ac0 Moved more auth code to login-common.
Timo Sirainen <tss@iki.fi>
parents: 1083
diff changeset
61 t_strconcat("NO ", msg, NULL) :
1049
c41787e8c3f4 Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
62 "NO Authentication failed.");
c41787e8c3f4 Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
63
c41787e8c3f4 Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
64 /* get back to normal client input */
1084
86b8c9cb7ac0 Moved more auth code to login-common.
Timo Sirainen <tss@iki.fi>
parents: 1083
diff changeset
65 if (client->common.io != NULL)
86b8c9cb7ac0 Moved more auth code to login-common.
Timo Sirainen <tss@iki.fi>
parents: 1083
diff changeset
66 io_remove(client->common.io);
86b8c9cb7ac0 Moved more auth code to login-common.
Timo Sirainen <tss@iki.fi>
parents: 1083
diff changeset
67 client->common.io = client->common.fd == -1 ? NULL :
1049
c41787e8c3f4 Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
68 io_add(client->common.fd, IO_READ, client_input, client);
1714
96dab004a87a fixes. maybe it works now.
Timo Sirainen <tss@iki.fi>
parents: 1702
diff changeset
69
96dab004a87a fixes. maybe it works now.
Timo Sirainen <tss@iki.fi>
parents: 1702
diff changeset
70 client_unref(client);
1049
c41787e8c3f4 Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
71 }
c41787e8c3f4 Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
72
c41787e8c3f4 Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
73 static void master_callback(struct client *_client, int success)
c41787e8c3f4 Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
74 {
c41787e8c3f4 Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
75 struct imap_client *client = (struct imap_client *) _client;
c41787e8c3f4 Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
76 const char *reason = NULL;
c41787e8c3f4 Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
77
1084
86b8c9cb7ac0 Moved more auth code to login-common.
Timo Sirainen <tss@iki.fi>
parents: 1083
diff changeset
78 if (success) {
86b8c9cb7ac0 Moved more auth code to login-common.
Timo Sirainen <tss@iki.fi>
parents: 1083
diff changeset
79 reason = t_strconcat("Login: ", client->common.virtual_user,
86b8c9cb7ac0 Moved more auth code to login-common.
Timo Sirainen <tss@iki.fi>
parents: 1083
diff changeset
80 NULL);
86b8c9cb7ac0 Moved more auth code to login-common.
Timo Sirainen <tss@iki.fi>
parents: 1083
diff changeset
81 } else {
1049
c41787e8c3f4 Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
82 reason = t_strconcat("Internal login failure: ",
1084
86b8c9cb7ac0 Moved more auth code to login-common.
Timo Sirainen <tss@iki.fi>
parents: 1083
diff changeset
83 client->common.virtual_user, NULL);
2287
df0b936ae3ed Add "Error report written to server log." also to internal login error
Timo Sirainen <tss@iki.fi>
parents: 2267
diff changeset
84 client_send_line(client, "* BYE Internal login failure. "
df0b936ae3ed Add "Error report written to server log." also to internal login error
Timo Sirainen <tss@iki.fi>
parents: 2267
diff changeset
85 "Error report written to server log.");
1049
c41787e8c3f4 Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
86 }
c41787e8c3f4 Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
87
c41787e8c3f4 Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
88 client_destroy(client, reason);
c41787e8c3f4 Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
89 }
c41787e8c3f4 Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
90
c41787e8c3f4 Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
91 static void client_send_auth_data(struct imap_client *client,
c41787e8c3f4 Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
92 const unsigned char *data, size_t size)
c41787e8c3f4 Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
93 {
c41787e8c3f4 Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
94 buffer_t *buf;
2421
d141e1bfdd63 We never do blocking reads/writes to network anymore. Changed imap and pop3
Timo Sirainen <tss@iki.fi>
parents: 2287
diff changeset
95 const void *buf_data;
d141e1bfdd63 We never do blocking reads/writes to network anymore. Changed imap and pop3
Timo Sirainen <tss@iki.fi>
parents: 2287
diff changeset
96 size_t buf_size;
d141e1bfdd63 We never do blocking reads/writes to network anymore. Changed imap and pop3
Timo Sirainen <tss@iki.fi>
parents: 2287
diff changeset
97 ssize_t ret;
1049
c41787e8c3f4 Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
98
c41787e8c3f4 Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
99 t_push();
c41787e8c3f4 Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
100
2708
f1e9f3ec8135 Buffer API change: we no longer support limited sized buffers where
Timo Sirainen <tss@iki.fi>
parents: 2691
diff changeset
101 buf = buffer_create_dynamic(pool_datastack_create(), size*2);
1049
c41787e8c3f4 Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
102 buffer_append(buf, "+ ", 2);
c41787e8c3f4 Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
103 base64_encode(data, size, buf);
c41787e8c3f4 Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
104 buffer_append(buf, "\r\n", 2);
c41787e8c3f4 Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
105
2421
d141e1bfdd63 We never do blocking reads/writes to network anymore. Changed imap and pop3
Timo Sirainen <tss@iki.fi>
parents: 2287
diff changeset
106 buf_data = buffer_get_data(buf, &buf_size);
2453
d2fe9172e408 AUTHENTICATE and AUTH commands were broken.
Timo Sirainen <tss@iki.fi>
parents: 2421
diff changeset
107 if ((ret = o_stream_send(client->output, buf_data, buf_size)) < 0)
2421
d141e1bfdd63 We never do blocking reads/writes to network anymore. Changed imap and pop3
Timo Sirainen <tss@iki.fi>
parents: 2287
diff changeset
108 client_destroy(client, "Disconnected");
d141e1bfdd63 We never do blocking reads/writes to network anymore. Changed imap and pop3
Timo Sirainen <tss@iki.fi>
parents: 2287
diff changeset
109 else if ((size_t)ret != buf_size)
d141e1bfdd63 We never do blocking reads/writes to network anymore. Changed imap and pop3
Timo Sirainen <tss@iki.fi>
parents: 2287
diff changeset
110 client_destroy(client, "Transmit buffer full");
1049
c41787e8c3f4 Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
111
c41787e8c3f4 Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
112 t_pop();
c41787e8c3f4 Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
113 }
c41787e8c3f4 Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
114
c41787e8c3f4 Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
115 static void login_callback(struct auth_request *request,
1702
43815588dd6b Moved client side code for auth process handling to lib-auth. Some other login process cleanups.
Timo Sirainen <tss@iki.fi>
parents: 1499
diff changeset
116 struct auth_client_request_reply *reply,
43815588dd6b Moved client side code for auth process handling to lib-auth. Some other login process cleanups.
Timo Sirainen <tss@iki.fi>
parents: 1499
diff changeset
117 const unsigned char *data, void *context)
1049
c41787e8c3f4 Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
118 {
1702
43815588dd6b Moved client side code for auth process handling to lib-auth. Some other login process cleanups.
Timo Sirainen <tss@iki.fi>
parents: 1499
diff changeset
119 struct imap_client *client = context;
1084
86b8c9cb7ac0 Moved more auth code to login-common.
Timo Sirainen <tss@iki.fi>
parents: 1083
diff changeset
120 const char *error;
1049
c41787e8c3f4 Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
121
1702
43815588dd6b Moved client side code for auth process handling to lib-auth. Some other login process cleanups.
Timo Sirainen <tss@iki.fi>
parents: 1499
diff changeset
122 switch (auth_callback(request, reply, data, &client->common,
1084
86b8c9cb7ac0 Moved more auth code to login-common.
Timo Sirainen <tss@iki.fi>
parents: 1083
diff changeset
123 master_callback, &error)) {
86b8c9cb7ac0 Moved more auth code to login-common.
Timo Sirainen <tss@iki.fi>
parents: 1083
diff changeset
124 case -1:
2088
4d0834aaa365 Use initial SASL response for LOGIN command internally.
Timo Sirainen <tss@iki.fi>
parents: 2077
diff changeset
125 case 0:
1084
86b8c9cb7ac0 Moved more auth code to login-common.
Timo Sirainen <tss@iki.fi>
parents: 1083
diff changeset
126 /* login failed */
86b8c9cb7ac0 Moved more auth code to login-common.
Timo Sirainen <tss@iki.fi>
parents: 1083
diff changeset
127 client_auth_abort(client, error);
86b8c9cb7ac0 Moved more auth code to login-common.
Timo Sirainen <tss@iki.fi>
parents: 1083
diff changeset
128 break;
86b8c9cb7ac0 Moved more auth code to login-common.
Timo Sirainen <tss@iki.fi>
parents: 1083
diff changeset
129
86b8c9cb7ac0 Moved more auth code to login-common.
Timo Sirainen <tss@iki.fi>
parents: 1083
diff changeset
130 default:
86b8c9cb7ac0 Moved more auth code to login-common.
Timo Sirainen <tss@iki.fi>
parents: 1083
diff changeset
131 /* success, we should be able to log in. if we fail, just
86b8c9cb7ac0 Moved more auth code to login-common.
Timo Sirainen <tss@iki.fi>
parents: 1083
diff changeset
132 disconnect the client. */
1275
af685269ead0 login: Wait until we're connected to auth process before executing command
Timo Sirainen <tss@iki.fi>
parents: 1085
diff changeset
133 client->authenticating = FALSE;
1084
86b8c9cb7ac0 Moved more auth code to login-common.
Timo Sirainen <tss@iki.fi>
parents: 1083
diff changeset
134 client_send_tagline(client, "OK Logged in.");
1714
96dab004a87a fixes. maybe it works now.
Timo Sirainen <tss@iki.fi>
parents: 1702
diff changeset
135 client_unref(client);
1049
c41787e8c3f4 Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
136 }
c41787e8c3f4 Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
137 }
c41787e8c3f4 Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
138
2027
dc5d0da1abe9 Added ssl_require_client_cert auth-specific setting. Hide
Timo Sirainen <tss@iki.fi>
parents: 1949
diff changeset
139 static enum auth_client_request_new_flags
dc5d0da1abe9 Added ssl_require_client_cert auth-specific setting. Hide
Timo Sirainen <tss@iki.fi>
parents: 1949
diff changeset
140 client_get_auth_flags(struct imap_client *client)
dc5d0da1abe9 Added ssl_require_client_cert auth-specific setting. Hide
Timo Sirainen <tss@iki.fi>
parents: 1949
diff changeset
141 {
dc5d0da1abe9 Added ssl_require_client_cert auth-specific setting. Hide
Timo Sirainen <tss@iki.fi>
parents: 1949
diff changeset
142 enum auth_client_request_new_flags auth_flags = 0;
dc5d0da1abe9 Added ssl_require_client_cert auth-specific setting. Hide
Timo Sirainen <tss@iki.fi>
parents: 1949
diff changeset
143
dc5d0da1abe9 Added ssl_require_client_cert auth-specific setting. Hide
Timo Sirainen <tss@iki.fi>
parents: 1949
diff changeset
144 if (client->common.proxy != NULL &&
dc5d0da1abe9 Added ssl_require_client_cert auth-specific setting. Hide
Timo Sirainen <tss@iki.fi>
parents: 1949
diff changeset
145 ssl_proxy_has_valid_client_cert(client->common.proxy))
dc5d0da1abe9 Added ssl_require_client_cert auth-specific setting. Hide
Timo Sirainen <tss@iki.fi>
parents: 1949
diff changeset
146 auth_flags |= AUTH_CLIENT_FLAG_SSL_VALID_CLIENT_CERT;
2535
0db84a609ee2 Tell dovecot-auth if SSL/TLS is enabled. Nothing can done with it yet
Timo Sirainen <tss@iki.fi>
parents: 2453
diff changeset
147 if (client->tls)
0db84a609ee2 Tell dovecot-auth if SSL/TLS is enabled. Nothing can done with it yet
Timo Sirainen <tss@iki.fi>
parents: 2453
diff changeset
148 auth_flags |= AUTH_CLIENT_FLAG_SSL_ENABLED;
2027
dc5d0da1abe9 Added ssl_require_client_cert auth-specific setting. Hide
Timo Sirainen <tss@iki.fi>
parents: 1949
diff changeset
149 return auth_flags;
dc5d0da1abe9 Added ssl_require_client_cert auth-specific setting. Hide
Timo Sirainen <tss@iki.fi>
parents: 1949
diff changeset
150 }
dc5d0da1abe9 Added ssl_require_client_cert auth-specific setting. Hide
Timo Sirainen <tss@iki.fi>
parents: 1949
diff changeset
151
1049
c41787e8c3f4 Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
152 int cmd_login(struct imap_client *client, struct imap_arg *args)
c41787e8c3f4 Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
153 {
c41787e8c3f4 Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
154 const char *user, *pass, *error;
2097
4e77cb0aff21 Added %l, %r and %P variables and mail_log_prefix setting.
Timo Sirainen <tss@iki.fi>
parents: 2088
diff changeset
155 struct auth_request_info info;
4e77cb0aff21 Added %l, %r and %P variables and mail_log_prefix setting.
Timo Sirainen <tss@iki.fi>
parents: 2088
diff changeset
156 string_t *plain_login;
1049
c41787e8c3f4 Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
157
c41787e8c3f4 Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
158 /* two arguments: username and password */
c41787e8c3f4 Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
159 if (args[0].type != IMAP_ARG_ATOM && args[0].type != IMAP_ARG_STRING)
c41787e8c3f4 Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
160 return FALSE;
c41787e8c3f4 Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
161 if (args[1].type != IMAP_ARG_ATOM && args[1].type != IMAP_ARG_STRING)
c41787e8c3f4 Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
162 return FALSE;
c41787e8c3f4 Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
163 if (args[2].type != IMAP_ARG_EOL)
c41787e8c3f4 Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
164 return FALSE;
c41787e8c3f4 Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
165
c41787e8c3f4 Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
166 user = IMAP_ARG_STR(&args[0]);
c41787e8c3f4 Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
167 pass = IMAP_ARG_STR(&args[1]);
c41787e8c3f4 Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
168
1725
cc0690f92d96 disable_plaintext_auth defaults to yes now. ipv4 127.* and ipv6 ::1
Timo Sirainen <tss@iki.fi>
parents: 1714
diff changeset
169 if (!client->secured && disable_plaintext_auth) {
2691
46f879c46b45 auth_verbose now affects imap/pop3 login processes too. Every authentication
Timo Sirainen <tss@iki.fi>
parents: 2629
diff changeset
170 if (verbose_auth) {
46f879c46b45 auth_verbose now affects imap/pop3 login processes too. Every authentication
Timo Sirainen <tss@iki.fi>
parents: 2629
diff changeset
171 client_syslog(client, "Login failed: "
46f879c46b45 auth_verbose now affects imap/pop3 login processes too. Every authentication
Timo Sirainen <tss@iki.fi>
parents: 2629
diff changeset
172 "Plaintext authentication disabled");
46f879c46b45 auth_verbose now affects imap/pop3 login processes too. Every authentication
Timo Sirainen <tss@iki.fi>
parents: 2629
diff changeset
173 }
1474
e0065ebba5b3 If client tries to do LOGIN even if it's disabled, send [ALERT] to user.
Timo Sirainen <tss@iki.fi>
parents: 1473
diff changeset
174 client_send_line(client,
e0065ebba5b3 If client tries to do LOGIN even if it's disabled, send [ALERT] to user.
Timo Sirainen <tss@iki.fi>
parents: 1473
diff changeset
175 "* BAD [ALERT] Plaintext authentication is disabled, "
1725
cc0690f92d96 disable_plaintext_auth defaults to yes now. ipv4 127.* and ipv6 ::1
Timo Sirainen <tss@iki.fi>
parents: 1714
diff changeset
176 "but your client sent password in plaintext anyway. "
1474
e0065ebba5b3 If client tries to do LOGIN even if it's disabled, send [ALERT] to user.
Timo Sirainen <tss@iki.fi>
parents: 1473
diff changeset
177 "If anyone was listening, the password was exposed.");
1049
c41787e8c3f4 Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
178 client_send_tagline(client,
c41787e8c3f4 Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
179 "NO Plaintext authentication disabled.");
c41787e8c3f4 Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
180 return TRUE;
c41787e8c3f4 Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
181 }
c41787e8c3f4 Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
182
c41787e8c3f4 Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
183 /* authorization ID \0 authentication ID \0 pass */
2097
4e77cb0aff21 Added %l, %r and %P variables and mail_log_prefix setting.
Timo Sirainen <tss@iki.fi>
parents: 2088
diff changeset
184 plain_login = t_str_new(64);
4e77cb0aff21 Added %l, %r and %P variables and mail_log_prefix setting.
Timo Sirainen <tss@iki.fi>
parents: 2088
diff changeset
185 str_append_c(plain_login, '\0');
4e77cb0aff21 Added %l, %r and %P variables and mail_log_prefix setting.
Timo Sirainen <tss@iki.fi>
parents: 2088
diff changeset
186 str_append(plain_login, user);
4e77cb0aff21 Added %l, %r and %P variables and mail_log_prefix setting.
Timo Sirainen <tss@iki.fi>
parents: 2088
diff changeset
187 str_append_c(plain_login, '\0');
4e77cb0aff21 Added %l, %r and %P variables and mail_log_prefix setting.
Timo Sirainen <tss@iki.fi>
parents: 2088
diff changeset
188 str_append(plain_login, pass);
4e77cb0aff21 Added %l, %r and %P variables and mail_log_prefix setting.
Timo Sirainen <tss@iki.fi>
parents: 2088
diff changeset
189
4e77cb0aff21 Added %l, %r and %P variables and mail_log_prefix setting.
Timo Sirainen <tss@iki.fi>
parents: 2088
diff changeset
190 memset(&info, 0, sizeof(info));
4e77cb0aff21 Added %l, %r and %P variables and mail_log_prefix setting.
Timo Sirainen <tss@iki.fi>
parents: 2088
diff changeset
191 info.mech = "PLAIN";
4e77cb0aff21 Added %l, %r and %P variables and mail_log_prefix setting.
Timo Sirainen <tss@iki.fi>
parents: 2088
diff changeset
192 info.protocol = "IMAP";
4e77cb0aff21 Added %l, %r and %P variables and mail_log_prefix setting.
Timo Sirainen <tss@iki.fi>
parents: 2088
diff changeset
193 info.flags = client_get_auth_flags(client);
4e77cb0aff21 Added %l, %r and %P variables and mail_log_prefix setting.
Timo Sirainen <tss@iki.fi>
parents: 2088
diff changeset
194 info.local_ip = client->common.local_ip;
4e77cb0aff21 Added %l, %r and %P variables and mail_log_prefix setting.
Timo Sirainen <tss@iki.fi>
parents: 2088
diff changeset
195 info.remote_ip = client->common.ip;
4e77cb0aff21 Added %l, %r and %P variables and mail_log_prefix setting.
Timo Sirainen <tss@iki.fi>
parents: 2088
diff changeset
196 info.initial_resp_data = str_data(plain_login);
4e77cb0aff21 Added %l, %r and %P variables and mail_log_prefix setting.
Timo Sirainen <tss@iki.fi>
parents: 2088
diff changeset
197 info.initial_resp_size = str_len(plain_login);
1049
c41787e8c3f4 Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
198
1714
96dab004a87a fixes. maybe it works now.
Timo Sirainen <tss@iki.fi>
parents: 1702
diff changeset
199 client_ref(client);
2027
dc5d0da1abe9 Added ssl_require_client_cert auth-specific setting. Hide
Timo Sirainen <tss@iki.fi>
parents: 1949
diff changeset
200
1702
43815588dd6b Moved client side code for auth process handling to lib-auth. Some other login process cleanups.
Timo Sirainen <tss@iki.fi>
parents: 1499
diff changeset
201 client->common.auth_request =
2267
d2e186f716d8 Added APOP authentication for POP3. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents: 2237
diff changeset
202 auth_client_request_new(auth_client, NULL, &info,
2097
4e77cb0aff21 Added %l, %r and %P variables and mail_log_prefix setting.
Timo Sirainen <tss@iki.fi>
parents: 2088
diff changeset
203 login_callback, client, &error);
1702
43815588dd6b Moved client side code for auth process handling to lib-auth. Some other login process cleanups.
Timo Sirainen <tss@iki.fi>
parents: 1499
diff changeset
204 if (client->common.auth_request == NULL) {
2691
46f879c46b45 auth_verbose now affects imap/pop3 login processes too. Every authentication
Timo Sirainen <tss@iki.fi>
parents: 2629
diff changeset
205 if (verbose_auth)
46f879c46b45 auth_verbose now affects imap/pop3 login processes too. Every authentication
Timo Sirainen <tss@iki.fi>
parents: 2629
diff changeset
206 client_syslog(client, "Login failed: %s", error);
1049
c41787e8c3f4 Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
207 client_send_tagline(client, t_strconcat(
c41787e8c3f4 Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
208 "NO Login failed: ", error, NULL));
1714
96dab004a87a fixes. maybe it works now.
Timo Sirainen <tss@iki.fi>
parents: 1702
diff changeset
209 client_unref(client);
1049
c41787e8c3f4 Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
210 return TRUE;
c41787e8c3f4 Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
211 }
1702
43815588dd6b Moved client side code for auth process handling to lib-auth. Some other login process cleanups.
Timo Sirainen <tss@iki.fi>
parents: 1499
diff changeset
212
43815588dd6b Moved client side code for auth process handling to lib-auth. Some other login process cleanups.
Timo Sirainen <tss@iki.fi>
parents: 1499
diff changeset
213 /* don't read any input from client until login is finished */
43815588dd6b Moved client side code for auth process handling to lib-auth. Some other login process cleanups.
Timo Sirainen <tss@iki.fi>
parents: 1499
diff changeset
214 if (client->common.io != NULL) {
43815588dd6b Moved client side code for auth process handling to lib-auth. Some other login process cleanups.
Timo Sirainen <tss@iki.fi>
parents: 1499
diff changeset
215 io_remove(client->common.io);
43815588dd6b Moved client side code for auth process handling to lib-auth. Some other login process cleanups.
Timo Sirainen <tss@iki.fi>
parents: 1499
diff changeset
216 client->common.io = NULL;
43815588dd6b Moved client side code for auth process handling to lib-auth. Some other login process cleanups.
Timo Sirainen <tss@iki.fi>
parents: 1499
diff changeset
217 }
43815588dd6b Moved client side code for auth process handling to lib-auth. Some other login process cleanups.
Timo Sirainen <tss@iki.fi>
parents: 1499
diff changeset
218
43815588dd6b Moved client side code for auth process handling to lib-auth. Some other login process cleanups.
Timo Sirainen <tss@iki.fi>
parents: 1499
diff changeset
219 client->authenticating = TRUE;
43815588dd6b Moved client side code for auth process handling to lib-auth. Some other login process cleanups.
Timo Sirainen <tss@iki.fi>
parents: 1499
diff changeset
220 return TRUE;
1049
c41787e8c3f4 Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
221 }
c41787e8c3f4 Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
222
c41787e8c3f4 Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
223 static void authenticate_callback(struct auth_request *request,
1702
43815588dd6b Moved client side code for auth process handling to lib-auth. Some other login process cleanups.
Timo Sirainen <tss@iki.fi>
parents: 1499
diff changeset
224 struct auth_client_request_reply *reply,
43815588dd6b Moved client side code for auth process handling to lib-auth. Some other login process cleanups.
Timo Sirainen <tss@iki.fi>
parents: 1499
diff changeset
225 const unsigned char *data, void *context)
1049
c41787e8c3f4 Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
226 {
1702
43815588dd6b Moved client side code for auth process handling to lib-auth. Some other login process cleanups.
Timo Sirainen <tss@iki.fi>
parents: 1499
diff changeset
227 struct imap_client *client = context;
1084
86b8c9cb7ac0 Moved more auth code to login-common.
Timo Sirainen <tss@iki.fi>
parents: 1083
diff changeset
228 const char *error;
1049
c41787e8c3f4 Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
229
2691
46f879c46b45 auth_verbose now affects imap/pop3 login processes too. Every authentication
Timo Sirainen <tss@iki.fi>
parents: 2629
diff changeset
230 if (!client->authenticating) {
46f879c46b45 auth_verbose now affects imap/pop3 login processes too. Every authentication
Timo Sirainen <tss@iki.fi>
parents: 2629
diff changeset
231 /* client aborted */
46f879c46b45 auth_verbose now affects imap/pop3 login processes too. Every authentication
Timo Sirainen <tss@iki.fi>
parents: 2629
diff changeset
232 i_assert(reply == NULL);
46f879c46b45 auth_verbose now affects imap/pop3 login processes too. Every authentication
Timo Sirainen <tss@iki.fi>
parents: 2629
diff changeset
233 return;
46f879c46b45 auth_verbose now affects imap/pop3 login processes too. Every authentication
Timo Sirainen <tss@iki.fi>
parents: 2629
diff changeset
234 }
46f879c46b45 auth_verbose now affects imap/pop3 login processes too. Every authentication
Timo Sirainen <tss@iki.fi>
parents: 2629
diff changeset
235
1702
43815588dd6b Moved client side code for auth process handling to lib-auth. Some other login process cleanups.
Timo Sirainen <tss@iki.fi>
parents: 1499
diff changeset
236 switch (auth_callback(request, reply, data, &client->common,
1084
86b8c9cb7ac0 Moved more auth code to login-common.
Timo Sirainen <tss@iki.fi>
parents: 1083
diff changeset
237 master_callback, &error)) {
86b8c9cb7ac0 Moved more auth code to login-common.
Timo Sirainen <tss@iki.fi>
parents: 1083
diff changeset
238 case -1:
86b8c9cb7ac0 Moved more auth code to login-common.
Timo Sirainen <tss@iki.fi>
parents: 1083
diff changeset
239 /* login failed */
86b8c9cb7ac0 Moved more auth code to login-common.
Timo Sirainen <tss@iki.fi>
parents: 1083
diff changeset
240 client_auth_abort(client, error);
86b8c9cb7ac0 Moved more auth code to login-common.
Timo Sirainen <tss@iki.fi>
parents: 1083
diff changeset
241 break;
86b8c9cb7ac0 Moved more auth code to login-common.
Timo Sirainen <tss@iki.fi>
parents: 1083
diff changeset
242
86b8c9cb7ac0 Moved more auth code to login-common.
Timo Sirainen <tss@iki.fi>
parents: 1083
diff changeset
243 case 0:
86b8c9cb7ac0 Moved more auth code to login-common.
Timo Sirainen <tss@iki.fi>
parents: 1083
diff changeset
244 /* continue */
1049
c41787e8c3f4 Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
245 client_send_auth_data(client, data, reply->data_size);
1084
86b8c9cb7ac0 Moved more auth code to login-common.
Timo Sirainen <tss@iki.fi>
parents: 1083
diff changeset
246 break;
86b8c9cb7ac0 Moved more auth code to login-common.
Timo Sirainen <tss@iki.fi>
parents: 1083
diff changeset
247 default:
86b8c9cb7ac0 Moved more auth code to login-common.
Timo Sirainen <tss@iki.fi>
parents: 1083
diff changeset
248 /* success, we should be able to log in. if we fail, just
86b8c9cb7ac0 Moved more auth code to login-common.
Timo Sirainen <tss@iki.fi>
parents: 1083
diff changeset
249 disconnect the client. */
1275
af685269ead0 login: Wait until we're connected to auth process before executing command
Timo Sirainen <tss@iki.fi>
parents: 1085
diff changeset
250 client->authenticating = FALSE;
1084
86b8c9cb7ac0 Moved more auth code to login-common.
Timo Sirainen <tss@iki.fi>
parents: 1083
diff changeset
251 client_send_tagline(client, "OK Logged in.");
1714
96dab004a87a fixes. maybe it works now.
Timo Sirainen <tss@iki.fi>
parents: 1702
diff changeset
252 client_unref(client);
1084
86b8c9cb7ac0 Moved more auth code to login-common.
Timo Sirainen <tss@iki.fi>
parents: 1083
diff changeset
253 }
1049
c41787e8c3f4 Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
254 }
c41787e8c3f4 Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
255
c41787e8c3f4 Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
256 static void client_auth_input(void *context)
c41787e8c3f4 Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
257 {
c41787e8c3f4 Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
258 struct imap_client *client = context;
c41787e8c3f4 Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
259 buffer_t *buf;
c41787e8c3f4 Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
260 char *line;
c41787e8c3f4 Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
261 size_t linelen, bufsize;
c41787e8c3f4 Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
262
2237
6b05e30c669a crashfix if client closes connection while authenticating
Timo Sirainen <tss@iki.fi>
parents: 2097
diff changeset
263 if (!client_read(client))
1049
c41787e8c3f4 Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
264 return;
c41787e8c3f4 Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
265
c41787e8c3f4 Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
266 if (client->skip_line) {
c41787e8c3f4 Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
267 if (i_stream_next_line(client->input) == NULL)
c41787e8c3f4 Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
268 return;
c41787e8c3f4 Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
269
c41787e8c3f4 Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
270 client->skip_line = FALSE;
c41787e8c3f4 Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
271 }
c41787e8c3f4 Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
272
c41787e8c3f4 Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
273 /* @UNSAFE */
c41787e8c3f4 Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
274 line = i_stream_next_line(client->input);
c41787e8c3f4 Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
275 if (line == NULL)
c41787e8c3f4 Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
276 return;
c41787e8c3f4 Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
277
c41787e8c3f4 Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
278 if (strcmp(line, "*") == 0) {
1084
86b8c9cb7ac0 Moved more auth code to login-common.
Timo Sirainen <tss@iki.fi>
parents: 1083
diff changeset
279 client_auth_abort(client, "Authentication aborted");
1049
c41787e8c3f4 Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
280 return;
c41787e8c3f4 Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
281 }
c41787e8c3f4 Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
282
c41787e8c3f4 Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
283 linelen = strlen(line);
1782
2f3d906d99d8 data_stack_pool split into two: unsafe_data_stack_pool which works like
Timo Sirainen <tss@iki.fi>
parents: 1725
diff changeset
284 buf = buffer_create_static_hard(pool_datastack_create(), linelen);
1049
c41787e8c3f4 Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
285
2708
f1e9f3ec8135 Buffer API change: we no longer support limited sized buffers where
Timo Sirainen <tss@iki.fi>
parents: 2691
diff changeset
286 if (base64_decode(line, linelen, NULL, buf) < 0) {
1049
c41787e8c3f4 Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
287 /* failed */
1084
86b8c9cb7ac0 Moved more auth code to login-common.
Timo Sirainen <tss@iki.fi>
parents: 1083
diff changeset
288 client_auth_abort(client, "Invalid base64 data");
86b8c9cb7ac0 Moved more auth code to login-common.
Timo Sirainen <tss@iki.fi>
parents: 1083
diff changeset
289 } else if (client->common.auth_request == NULL) {
86b8c9cb7ac0 Moved more auth code to login-common.
Timo Sirainen <tss@iki.fi>
parents: 1083
diff changeset
290 client_auth_abort(client, "Don't send unrequested data");
1049
c41787e8c3f4 Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
291 } else {
1702
43815588dd6b Moved client side code for auth process handling to lib-auth. Some other login process cleanups.
Timo Sirainen <tss@iki.fi>
parents: 1499
diff changeset
292 auth_client_request_continue(client->common.auth_request,
43815588dd6b Moved client side code for auth process handling to lib-auth. Some other login process cleanups.
Timo Sirainen <tss@iki.fi>
parents: 1499
diff changeset
293 buffer_get_data(buf, NULL),
43815588dd6b Moved client side code for auth process handling to lib-auth. Some other login process cleanups.
Timo Sirainen <tss@iki.fi>
parents: 1499
diff changeset
294 buffer_get_used_size(buf));
1049
c41787e8c3f4 Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
295 }
c41787e8c3f4 Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
296
c41787e8c3f4 Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
297 /* clear sensitive data */
c41787e8c3f4 Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
298 safe_memset(line, 0, linelen);
c41787e8c3f4 Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
299
c41787e8c3f4 Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
300 bufsize = buffer_get_used_size(buf);
c41787e8c3f4 Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
301 safe_memset(buffer_free_without_data(buf), 0, bufsize);
c41787e8c3f4 Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
302 }
c41787e8c3f4 Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
303
c41787e8c3f4 Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
304 int cmd_authenticate(struct imap_client *client, struct imap_arg *args)
c41787e8c3f4 Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
305 {
2077
d5b20d679b8a Removed hardcoded mechanism lists. It's now possible to add them
Timo Sirainen <tss@iki.fi>
parents: 2076
diff changeset
306 const struct auth_mech_desc *mech;
1049
c41787e8c3f4 Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
307 const char *mech_name, *error;
2097
4e77cb0aff21 Added %l, %r and %P variables and mail_log_prefix setting.
Timo Sirainen <tss@iki.fi>
parents: 2088
diff changeset
308 struct auth_request_info info;
1049
c41787e8c3f4 Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
309
c41787e8c3f4 Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
310 /* we want only one argument: authentication mechanism name */
c41787e8c3f4 Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
311 if (args[0].type != IMAP_ARG_ATOM && args[0].type != IMAP_ARG_STRING)
c41787e8c3f4 Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
312 return FALSE;
c41787e8c3f4 Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
313 if (args[1].type != IMAP_ARG_EOL)
c41787e8c3f4 Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
314 return FALSE;
c41787e8c3f4 Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
315
c41787e8c3f4 Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
316 mech_name = IMAP_ARG_STR(&args[0]);
c41787e8c3f4 Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
317 if (*mech_name == '\0')
c41787e8c3f4 Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
318 return FALSE;
c41787e8c3f4 Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
319
2077
d5b20d679b8a Removed hardcoded mechanism lists. It's now possible to add them
Timo Sirainen <tss@iki.fi>
parents: 2076
diff changeset
320 mech = auth_client_find_mech(auth_client, mech_name);
1049
c41787e8c3f4 Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
321 if (mech == NULL) {
2691
46f879c46b45 auth_verbose now affects imap/pop3 login processes too. Every authentication
Timo Sirainen <tss@iki.fi>
parents: 2629
diff changeset
322 if (verbose_auth) {
46f879c46b45 auth_verbose now affects imap/pop3 login processes too. Every authentication
Timo Sirainen <tss@iki.fi>
parents: 2629
diff changeset
323 client_syslog(client, "Authenticate %s failed: "
46f879c46b45 auth_verbose now affects imap/pop3 login processes too. Every authentication
Timo Sirainen <tss@iki.fi>
parents: 2629
diff changeset
324 "Unsupported mechanism",
46f879c46b45 auth_verbose now affects imap/pop3 login processes too. Every authentication
Timo Sirainen <tss@iki.fi>
parents: 2629
diff changeset
325 str_sanitize(mech_name, MAX_MECH_NAME));
46f879c46b45 auth_verbose now affects imap/pop3 login processes too. Every authentication
Timo Sirainen <tss@iki.fi>
parents: 2629
diff changeset
326 }
1049
c41787e8c3f4 Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
327 client_send_tagline(client,
c41787e8c3f4 Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
328 "NO Unsupported authentication mechanism.");
c41787e8c3f4 Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
329 return TRUE;
c41787e8c3f4 Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
330 }
c41787e8c3f4 Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
331
1725
cc0690f92d96 disable_plaintext_auth defaults to yes now. ipv4 127.* and ipv6 ::1
Timo Sirainen <tss@iki.fi>
parents: 1714
diff changeset
332 if (!client->secured && mech->plaintext && disable_plaintext_auth) {
2691
46f879c46b45 auth_verbose now affects imap/pop3 login processes too. Every authentication
Timo Sirainen <tss@iki.fi>
parents: 2629
diff changeset
333 if (verbose_auth) {
46f879c46b45 auth_verbose now affects imap/pop3 login processes too. Every authentication
Timo Sirainen <tss@iki.fi>
parents: 2629
diff changeset
334 client_syslog(client, "Authenticate %s failed: "
46f879c46b45 auth_verbose now affects imap/pop3 login processes too. Every authentication
Timo Sirainen <tss@iki.fi>
parents: 2629
diff changeset
335 "Plaintext authentication disabled",
46f879c46b45 auth_verbose now affects imap/pop3 login processes too. Every authentication
Timo Sirainen <tss@iki.fi>
parents: 2629
diff changeset
336 str_sanitize(mech_name, MAX_MECH_NAME));
46f879c46b45 auth_verbose now affects imap/pop3 login processes too. Every authentication
Timo Sirainen <tss@iki.fi>
parents: 2629
diff changeset
337 }
1049
c41787e8c3f4 Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
338 client_send_tagline(client,
c41787e8c3f4 Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
339 "NO Plaintext authentication disabled.");
c41787e8c3f4 Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
340 return TRUE;
c41787e8c3f4 Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
341 }
c41787e8c3f4 Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
342
2097
4e77cb0aff21 Added %l, %r and %P variables and mail_log_prefix setting.
Timo Sirainen <tss@iki.fi>
parents: 2088
diff changeset
343 memset(&info, 0, sizeof(info));
4e77cb0aff21 Added %l, %r and %P variables and mail_log_prefix setting.
Timo Sirainen <tss@iki.fi>
parents: 2088
diff changeset
344 info.mech = mech->name;
4e77cb0aff21 Added %l, %r and %P variables and mail_log_prefix setting.
Timo Sirainen <tss@iki.fi>
parents: 2088
diff changeset
345 info.protocol = "IMAP";
4e77cb0aff21 Added %l, %r and %P variables and mail_log_prefix setting.
Timo Sirainen <tss@iki.fi>
parents: 2088
diff changeset
346 info.flags = client_get_auth_flags(client);
4e77cb0aff21 Added %l, %r and %P variables and mail_log_prefix setting.
Timo Sirainen <tss@iki.fi>
parents: 2088
diff changeset
347 info.local_ip = client->common.local_ip;
4e77cb0aff21 Added %l, %r and %P variables and mail_log_prefix setting.
Timo Sirainen <tss@iki.fi>
parents: 2088
diff changeset
348 info.remote_ip = client->common.ip;
4e77cb0aff21 Added %l, %r and %P variables and mail_log_prefix setting.
Timo Sirainen <tss@iki.fi>
parents: 2088
diff changeset
349
1714
96dab004a87a fixes. maybe it works now.
Timo Sirainen <tss@iki.fi>
parents: 1702
diff changeset
350 client_ref(client);
2421
d141e1bfdd63 We never do blocking reads/writes to network anymore. Changed imap and pop3
Timo Sirainen <tss@iki.fi>
parents: 2287
diff changeset
351 o_stream_uncork(client->output);
d141e1bfdd63 We never do blocking reads/writes to network anymore. Changed imap and pop3
Timo Sirainen <tss@iki.fi>
parents: 2287
diff changeset
352
1702
43815588dd6b Moved client side code for auth process handling to lib-auth. Some other login process cleanups.
Timo Sirainen <tss@iki.fi>
parents: 1499
diff changeset
353 client->common.auth_request =
2267
d2e186f716d8 Added APOP authentication for POP3. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents: 2237
diff changeset
354 auth_client_request_new(auth_client, NULL, &info,
2097
4e77cb0aff21 Added %l, %r and %P variables and mail_log_prefix setting.
Timo Sirainen <tss@iki.fi>
parents: 2088
diff changeset
355 authenticate_callback, client, &error);
1702
43815588dd6b Moved client side code for auth process handling to lib-auth. Some other login process cleanups.
Timo Sirainen <tss@iki.fi>
parents: 1499
diff changeset
356 if (client->common.auth_request != NULL) {
1049
c41787e8c3f4 Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
357 /* following input data will go to authentication */
1084
86b8c9cb7ac0 Moved more auth code to login-common.
Timo Sirainen <tss@iki.fi>
parents: 1083
diff changeset
358 if (client->common.io != NULL)
86b8c9cb7ac0 Moved more auth code to login-common.
Timo Sirainen <tss@iki.fi>
parents: 1083
diff changeset
359 io_remove(client->common.io);
86b8c9cb7ac0 Moved more auth code to login-common.
Timo Sirainen <tss@iki.fi>
parents: 1083
diff changeset
360 client->common.io = io_add(client->common.fd, IO_READ,
86b8c9cb7ac0 Moved more auth code to login-common.
Timo Sirainen <tss@iki.fi>
parents: 1083
diff changeset
361 client_auth_input, client);
1275
af685269ead0 login: Wait until we're connected to auth process before executing command
Timo Sirainen <tss@iki.fi>
parents: 1085
diff changeset
362 client->authenticating = TRUE;
1049
c41787e8c3f4 Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
363 } else {
2691
46f879c46b45 auth_verbose now affects imap/pop3 login processes too. Every authentication
Timo Sirainen <tss@iki.fi>
parents: 2629
diff changeset
364 if (verbose_auth) {
46f879c46b45 auth_verbose now affects imap/pop3 login processes too. Every authentication
Timo Sirainen <tss@iki.fi>
parents: 2629
diff changeset
365 client_syslog(client, "Authenticate %s failed: %s",
46f879c46b45 auth_verbose now affects imap/pop3 login processes too. Every authentication
Timo Sirainen <tss@iki.fi>
parents: 2629
diff changeset
366 str_sanitize(mech_name, MAX_MECH_NAME),
46f879c46b45 auth_verbose now affects imap/pop3 login processes too. Every authentication
Timo Sirainen <tss@iki.fi>
parents: 2629
diff changeset
367 error);
46f879c46b45 auth_verbose now affects imap/pop3 login processes too. Every authentication
Timo Sirainen <tss@iki.fi>
parents: 2629
diff changeset
368 }
1049
c41787e8c3f4 Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
369 client_send_tagline(client, t_strconcat(
c41787e8c3f4 Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
370 "NO Authentication failed: ", error, NULL));
1714
96dab004a87a fixes. maybe it works now.
Timo Sirainen <tss@iki.fi>
parents: 1702
diff changeset
371 client_unref(client);
1049
c41787e8c3f4 Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
372 }
c41787e8c3f4 Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
373
c41787e8c3f4 Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
374 return TRUE;
c41787e8c3f4 Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
375 }