Mercurial > dovecot > original-hg > dovecot-1.2
annotate src/pop3-login/client-authenticate.c @ 6834:ff62b2323a97 HEAD
Disable processing input while it's not expected, otherwise we could get
there and crash while master is processing the login. Also allow client to
send the SASL data within the same IP packet as the AUTH/AUTHENTICATE
command without hanging.
author | Timo Sirainen <tss@iki.fi> |
---|---|
date | Sun, 18 Nov 2007 20:14:00 +0200 |
parents | 6afb29dc9273 |
children | 249e6c711e8d |
rev | line source |
---|---|
6429
65c69a53a7be
Replaced my Copyright notices. The year range always ends with 2007 now.
Timo Sirainen <tss@iki.fi>
parents:
6411
diff
changeset
|
1 /* Copyright (c) 2002-2007 Dovecot authors, see the included COPYING file */ |
1049
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
2 |
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
3 #include "common.h" |
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
4 #include "base64.h" |
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
5 #include "buffer.h" |
2267
d2e186f716d8
Added APOP authentication for POP3. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
2237
diff
changeset
|
6 #include "hex-binary.h" |
1049
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
7 #include "ioloop.h" |
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
8 #include "istream.h" |
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
9 #include "ostream.h" |
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
10 #include "safe-memset.h" |
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
11 #include "str.h" |
2691
46f879c46b45
auth_verbose now affects imap/pop3 login processes too. Every authentication
Timo Sirainen <tss@iki.fi>
parents:
2629
diff
changeset
|
12 #include "str-sanitize.h" |
1702
43815588dd6b
Moved client side code for auth process handling to lib-auth. Some other login process cleanups.
Timo Sirainen <tss@iki.fi>
parents:
1692
diff
changeset
|
13 #include "auth-client.h" |
1059
d805c2f1d6a9
Support for CAPA command (rfc2449).
Timo Sirainen <tss@iki.fi>
parents:
1054
diff
changeset
|
14 #include "../pop3/capability.h" |
2027
dc5d0da1abe9
Added ssl_require_client_cert auth-specific setting. Hide
Timo Sirainen <tss@iki.fi>
parents:
1949
diff
changeset
|
15 #include "ssl-proxy.h" |
1049
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
16 #include "client.h" |
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
17 #include "client-authenticate.h" |
2768
d344be0bb70f
Added IMAP and POP3 proxying support.
Timo Sirainen <tss@iki.fi>
parents:
2766
diff
changeset
|
18 #include "pop3-proxy.h" |
d344be0bb70f
Added IMAP and POP3 proxying support.
Timo Sirainen <tss@iki.fi>
parents:
2766
diff
changeset
|
19 |
d344be0bb70f
Added IMAP and POP3 proxying support.
Timo Sirainen <tss@iki.fi>
parents:
2766
diff
changeset
|
20 #include <stdlib.h> |
2691
46f879c46b45
auth_verbose now affects imap/pop3 login processes too. Every authentication
Timo Sirainen <tss@iki.fi>
parents:
2629
diff
changeset
|
21 |
4856
f75041ec22ba
Changed the service name from uppercase IMAP/POP3 to lowercase imap/pop3 so
Timo Sirainen <tss@iki.fi>
parents:
4790
diff
changeset
|
22 #define POP3_SERVICE_NAME "pop3" |
f75041ec22ba
Changed the service name from uppercase IMAP/POP3 to lowercase imap/pop3 so
Timo Sirainen <tss@iki.fi>
parents:
4790
diff
changeset
|
23 |
4197
c3ded5b815aa
If we have plugins set and imap_capability unset, figure out the IMAP
Timo Sirainen <tss@iki.fi>
parents:
3986
diff
changeset
|
24 const char *capability_string = POP3_CAPABILITY_REPLY; |
c3ded5b815aa
If we have plugins set and imap_capability unset, figure out the IMAP
Timo Sirainen <tss@iki.fi>
parents:
3986
diff
changeset
|
25 |
6411
6a64e64fa3a3
Renamed __attr_*__ to ATTR_*. Renamed __attrs_used__ to ATTRS_DEFINED.
Timo Sirainen <tss@iki.fi>
parents:
5846
diff
changeset
|
26 bool cmd_capa(struct pop3_client *client, const char *args ATTR_UNUSED) |
1059
d805c2f1d6a9
Support for CAPA command (rfc2449).
Timo Sirainen <tss@iki.fi>
parents:
1054
diff
changeset
|
27 { |
2077
d5b20d679b8a
Removed hardcoded mechanism lists. It's now possible to add them
Timo Sirainen <tss@iki.fi>
parents:
2076
diff
changeset
|
28 const struct auth_mech_desc *mech; |
d5b20d679b8a
Removed hardcoded mechanism lists. It's now possible to add them
Timo Sirainen <tss@iki.fi>
parents:
2076
diff
changeset
|
29 unsigned int i, count; |
1059
d805c2f1d6a9
Support for CAPA command (rfc2449).
Timo Sirainen <tss@iki.fi>
parents:
1054
diff
changeset
|
30 string_t *str; |
d805c2f1d6a9
Support for CAPA command (rfc2449).
Timo Sirainen <tss@iki.fi>
parents:
1054
diff
changeset
|
31 |
2077
d5b20d679b8a
Removed hardcoded mechanism lists. It's now possible to add them
Timo Sirainen <tss@iki.fi>
parents:
2076
diff
changeset
|
32 str = t_str_new(128); |
4197
c3ded5b815aa
If we have plugins set and imap_capability unset, figure out the IMAP
Timo Sirainen <tss@iki.fi>
parents:
3986
diff
changeset
|
33 str_append(str, "+OK\r\n"); |
c3ded5b815aa
If we have plugins set and imap_capability unset, figure out the IMAP
Timo Sirainen <tss@iki.fi>
parents:
3986
diff
changeset
|
34 str_append(str, capability_string); |
3136
bf8bc07e546e
Don't advertise USER capability if we're not allowing plaintext
Timo Sirainen <tss@iki.fi>
parents:
3089
diff
changeset
|
35 |
bf8bc07e546e
Don't advertise USER capability if we're not allowing plaintext
Timo Sirainen <tss@iki.fi>
parents:
3089
diff
changeset
|
36 if (ssl_initialized && !client->common.tls) |
bf8bc07e546e
Don't advertise USER capability if we're not allowing plaintext
Timo Sirainen <tss@iki.fi>
parents:
3089
diff
changeset
|
37 str_append(str, "STLS\r\n"); |
bf8bc07e546e
Don't advertise USER capability if we're not allowing plaintext
Timo Sirainen <tss@iki.fi>
parents:
3089
diff
changeset
|
38 if (!disable_plaintext_auth || client->common.secured) |
bf8bc07e546e
Don't advertise USER capability if we're not allowing plaintext
Timo Sirainen <tss@iki.fi>
parents:
3089
diff
changeset
|
39 str_append(str, "USER\r\n"); |
bf8bc07e546e
Don't advertise USER capability if we're not allowing plaintext
Timo Sirainen <tss@iki.fi>
parents:
3089
diff
changeset
|
40 |
2077
d5b20d679b8a
Removed hardcoded mechanism lists. It's now possible to add them
Timo Sirainen <tss@iki.fi>
parents:
2076
diff
changeset
|
41 str_append(str, "SASL"); |
d5b20d679b8a
Removed hardcoded mechanism lists. It's now possible to add them
Timo Sirainen <tss@iki.fi>
parents:
2076
diff
changeset
|
42 mech = auth_client_get_available_mechs(auth_client, &count); |
d5b20d679b8a
Removed hardcoded mechanism lists. It's now possible to add them
Timo Sirainen <tss@iki.fi>
parents:
2076
diff
changeset
|
43 for (i = 0; i < count; i++) { |
d5b20d679b8a
Removed hardcoded mechanism lists. It's now possible to add them
Timo Sirainen <tss@iki.fi>
parents:
2076
diff
changeset
|
44 /* a) transport is secured |
d5b20d679b8a
Removed hardcoded mechanism lists. It's now possible to add them
Timo Sirainen <tss@iki.fi>
parents:
2076
diff
changeset
|
45 b) auth mechanism isn't plaintext |
d5b20d679b8a
Removed hardcoded mechanism lists. It's now possible to add them
Timo Sirainen <tss@iki.fi>
parents:
2076
diff
changeset
|
46 c) we allow insecure authentication |
d5b20d679b8a
Removed hardcoded mechanism lists. It's now possible to add them
Timo Sirainen <tss@iki.fi>
parents:
2076
diff
changeset
|
47 */ |
2736
0f31778d3c34
Changed dovecot-auth protocol to ASCII based. Should be easier now to write
Timo Sirainen <tss@iki.fi>
parents:
2733
diff
changeset
|
48 if ((mech[i].flags & MECH_SEC_PRIVATE) == 0 && |
2838
62908cbe2299
typofix: advertise auth=plain only with disable_plaintext_auth = yes
Timo Sirainen <tss@iki.fi>
parents:
2773
diff
changeset
|
49 (client->common.secured || !disable_plaintext_auth || |
2736
0f31778d3c34
Changed dovecot-auth protocol to ASCII based. Should be easier now to write
Timo Sirainen <tss@iki.fi>
parents:
2733
diff
changeset
|
50 (mech[i].flags & MECH_SEC_PLAINTEXT) == 0)) { |
2077
d5b20d679b8a
Removed hardcoded mechanism lists. It's now possible to add them
Timo Sirainen <tss@iki.fi>
parents:
2076
diff
changeset
|
51 str_append_c(str, ' '); |
d5b20d679b8a
Removed hardcoded mechanism lists. It's now possible to add them
Timo Sirainen <tss@iki.fi>
parents:
2076
diff
changeset
|
52 str_append(str, mech[i].name); |
1059
d805c2f1d6a9
Support for CAPA command (rfc2449).
Timo Sirainen <tss@iki.fi>
parents:
1054
diff
changeset
|
53 } |
d805c2f1d6a9
Support for CAPA command (rfc2449).
Timo Sirainen <tss@iki.fi>
parents:
1054
diff
changeset
|
54 } |
3136
bf8bc07e546e
Don't advertise USER capability if we're not allowing plaintext
Timo Sirainen <tss@iki.fi>
parents:
3089
diff
changeset
|
55 str_append(str, "\r\n."); |
1059
d805c2f1d6a9
Support for CAPA command (rfc2449).
Timo Sirainen <tss@iki.fi>
parents:
1054
diff
changeset
|
56 |
3136
bf8bc07e546e
Don't advertise USER capability if we're not allowing plaintext
Timo Sirainen <tss@iki.fi>
parents:
3089
diff
changeset
|
57 client_send_line(client, str_c(str)); |
1059
d805c2f1d6a9
Support for CAPA command (rfc2449).
Timo Sirainen <tss@iki.fi>
parents:
1054
diff
changeset
|
58 return TRUE; |
d805c2f1d6a9
Support for CAPA command (rfc2449).
Timo Sirainen <tss@iki.fi>
parents:
1054
diff
changeset
|
59 } |
d805c2f1d6a9
Support for CAPA command (rfc2449).
Timo Sirainen <tss@iki.fi>
parents:
1054
diff
changeset
|
60 |
4907
5b4c9b20eba0
Replaced void *context from a lot of callbacks with the actual context
Timo Sirainen <tss@iki.fi>
parents:
4856
diff
changeset
|
61 static void client_auth_input(struct pop3_client *client) |
1049
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
62 { |
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
63 char *line; |
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
64 |
2237
6b05e30c669a
crashfix if client closes connection while authenticating
Timo Sirainen <tss@iki.fi>
parents:
2097
diff
changeset
|
65 if (!client_read(client)) |
1049
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
66 return; |
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
67 |
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
68 /* @UNSAFE */ |
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
69 line = i_stream_next_line(client->input); |
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
70 if (line == NULL) |
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
71 return; |
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
72 |
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
73 if (strcmp(line, "*") == 0) { |
4301
0e10b01960a0
IMAP: Reply with tagged BAD if authentication is aborted because client sent
Timo Sirainen <tss@iki.fi>
parents:
4269
diff
changeset
|
74 sasl_server_auth_client_error(&client->common, |
0e10b01960a0
IMAP: Reply with tagged BAD if authentication is aborted because client sent
Timo Sirainen <tss@iki.fi>
parents:
4269
diff
changeset
|
75 "Authentication aborted"); |
1049
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
76 } else { |
2736
0f31778d3c34
Changed dovecot-auth protocol to ASCII based. Should be easier now to write
Timo Sirainen <tss@iki.fi>
parents:
2733
diff
changeset
|
77 auth_client_request_continue(client->common.auth_request, line); |
6834
ff62b2323a97
Disable processing input while it's not expected, otherwise we could get
Timo Sirainen <tss@iki.fi>
parents:
6472
diff
changeset
|
78 io_remove(&client->io); |
5433 | 79 |
80 /* clear sensitive data */ | |
81 safe_memset(line, 0, strlen(line)); | |
1049
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
82 } |
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
83 } |
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
84 |
3863
55df57c028d4
Added "bool" type and changed all ints that were used as booleans to bool.
Timo Sirainen <tss@iki.fi>
parents:
3571
diff
changeset
|
85 static bool client_handle_args(struct pop3_client *client, |
5173
723cf9d39692
If authentication failed but it still returns proxy, don't do the proxying.
Timo Sirainen <tss@iki.fi>
parents:
5150
diff
changeset
|
86 const char *const *args, bool success) |
2766
26a091f3add6
Implemented support for LOGIN-REFERRALS using "referral" and "reason"
Timo Sirainen <tss@iki.fi>
parents:
2763
diff
changeset
|
87 { |
2768
d344be0bb70f
Added IMAP and POP3 proxying support.
Timo Sirainen <tss@iki.fi>
parents:
2766
diff
changeset
|
88 const char *reason = NULL, *host = NULL, *destuser = NULL, *pass = NULL; |
2766
26a091f3add6
Implemented support for LOGIN-REFERRALS using "referral" and "reason"
Timo Sirainen <tss@iki.fi>
parents:
2763
diff
changeset
|
89 string_t *reply; |
2768
d344be0bb70f
Added IMAP and POP3 proxying support.
Timo Sirainen <tss@iki.fi>
parents:
2766
diff
changeset
|
90 unsigned int port = 110; |
5173
723cf9d39692
If authentication failed but it still returns proxy, don't do the proxying.
Timo Sirainen <tss@iki.fi>
parents:
5150
diff
changeset
|
91 bool proxy = FALSE, temp = FALSE, nologin = !success; |
2766
26a091f3add6
Implemented support for LOGIN-REFERRALS using "referral" and "reason"
Timo Sirainen <tss@iki.fi>
parents:
2763
diff
changeset
|
92 |
26a091f3add6
Implemented support for LOGIN-REFERRALS using "referral" and "reason"
Timo Sirainen <tss@iki.fi>
parents:
2763
diff
changeset
|
93 for (; *args != NULL; args++) { |
26a091f3add6
Implemented support for LOGIN-REFERRALS using "referral" and "reason"
Timo Sirainen <tss@iki.fi>
parents:
2763
diff
changeset
|
94 if (strcmp(*args, "nologin") == 0) |
26a091f3add6
Implemented support for LOGIN-REFERRALS using "referral" and "reason"
Timo Sirainen <tss@iki.fi>
parents:
2763
diff
changeset
|
95 nologin = TRUE; |
2768
d344be0bb70f
Added IMAP and POP3 proxying support.
Timo Sirainen <tss@iki.fi>
parents:
2766
diff
changeset
|
96 else if (strcmp(*args, "proxy") == 0) |
d344be0bb70f
Added IMAP and POP3 proxying support.
Timo Sirainen <tss@iki.fi>
parents:
2766
diff
changeset
|
97 proxy = TRUE; |
3059
08c640bdf749
If authentication failed because of temporary failure, show different error
Timo Sirainen <tss@iki.fi>
parents:
2838
diff
changeset
|
98 else if (strcmp(*args, "temp") == 0) |
08c640bdf749
If authentication failed because of temporary failure, show different error
Timo Sirainen <tss@iki.fi>
parents:
2838
diff
changeset
|
99 temp = TRUE; |
2766
26a091f3add6
Implemented support for LOGIN-REFERRALS using "referral" and "reason"
Timo Sirainen <tss@iki.fi>
parents:
2763
diff
changeset
|
100 else if (strncmp(*args, "reason=", 7) == 0) |
26a091f3add6
Implemented support for LOGIN-REFERRALS using "referral" and "reason"
Timo Sirainen <tss@iki.fi>
parents:
2763
diff
changeset
|
101 reason = *args + 7; |
2768
d344be0bb70f
Added IMAP and POP3 proxying support.
Timo Sirainen <tss@iki.fi>
parents:
2766
diff
changeset
|
102 else if (strncmp(*args, "host=", 5) == 0) |
d344be0bb70f
Added IMAP and POP3 proxying support.
Timo Sirainen <tss@iki.fi>
parents:
2766
diff
changeset
|
103 host = *args + 5; |
d344be0bb70f
Added IMAP and POP3 proxying support.
Timo Sirainen <tss@iki.fi>
parents:
2766
diff
changeset
|
104 else if (strncmp(*args, "port=", 5) == 0) |
d344be0bb70f
Added IMAP and POP3 proxying support.
Timo Sirainen <tss@iki.fi>
parents:
2766
diff
changeset
|
105 port = atoi(*args + 5); |
d344be0bb70f
Added IMAP and POP3 proxying support.
Timo Sirainen <tss@iki.fi>
parents:
2766
diff
changeset
|
106 else if (strncmp(*args, "destuser=", 9) == 0) |
d344be0bb70f
Added IMAP and POP3 proxying support.
Timo Sirainen <tss@iki.fi>
parents:
2766
diff
changeset
|
107 destuser = *args + 9; |
d344be0bb70f
Added IMAP and POP3 proxying support.
Timo Sirainen <tss@iki.fi>
parents:
2766
diff
changeset
|
108 else if (strncmp(*args, "pass=", 5) == 0) |
d344be0bb70f
Added IMAP and POP3 proxying support.
Timo Sirainen <tss@iki.fi>
parents:
2766
diff
changeset
|
109 pass = *args + 5; |
d344be0bb70f
Added IMAP and POP3 proxying support.
Timo Sirainen <tss@iki.fi>
parents:
2766
diff
changeset
|
110 } |
d344be0bb70f
Added IMAP and POP3 proxying support.
Timo Sirainen <tss@iki.fi>
parents:
2766
diff
changeset
|
111 |
d344be0bb70f
Added IMAP and POP3 proxying support.
Timo Sirainen <tss@iki.fi>
parents:
2766
diff
changeset
|
112 if (destuser == NULL) |
d344be0bb70f
Added IMAP and POP3 proxying support.
Timo Sirainen <tss@iki.fi>
parents:
2766
diff
changeset
|
113 destuser = client->common.virtual_user; |
d344be0bb70f
Added IMAP and POP3 proxying support.
Timo Sirainen <tss@iki.fi>
parents:
2766
diff
changeset
|
114 |
6472
6afb29dc9273
If proxy points to the same host/port/user combination as we currently have,
Timo Sirainen <tss@iki.fi>
parents:
6429
diff
changeset
|
115 if (proxy && |
6afb29dc9273
If proxy points to the same host/port/user combination as we currently have,
Timo Sirainen <tss@iki.fi>
parents:
6429
diff
changeset
|
116 !login_proxy_is_ourself(&client->common, host, port, destuser)) { |
2768
d344be0bb70f
Added IMAP and POP3 proxying support.
Timo Sirainen <tss@iki.fi>
parents:
2766
diff
changeset
|
117 /* we want to proxy the connection to another server. |
5173
723cf9d39692
If authentication failed but it still returns proxy, don't do the proxying.
Timo Sirainen <tss@iki.fi>
parents:
5150
diff
changeset
|
118 don't do this unless authentication succeeded. with |
723cf9d39692
If authentication failed but it still returns proxy, don't do the proxying.
Timo Sirainen <tss@iki.fi>
parents:
5150
diff
changeset
|
119 master user proxying we can get FAIL with proxy still set. |
2768
d344be0bb70f
Added IMAP and POP3 proxying support.
Timo Sirainen <tss@iki.fi>
parents:
2766
diff
changeset
|
120 |
d344be0bb70f
Added IMAP and POP3 proxying support.
Timo Sirainen <tss@iki.fi>
parents:
2766
diff
changeset
|
121 proxy host=.. [port=..] [destuser=..] pass=.. */ |
5173
723cf9d39692
If authentication failed but it still returns proxy, don't do the proxying.
Timo Sirainen <tss@iki.fi>
parents:
5150
diff
changeset
|
122 if (!success) |
723cf9d39692
If authentication failed but it still returns proxy, don't do the proxying.
Timo Sirainen <tss@iki.fi>
parents:
5150
diff
changeset
|
123 return FALSE; |
2768
d344be0bb70f
Added IMAP and POP3 proxying support.
Timo Sirainen <tss@iki.fi>
parents:
2766
diff
changeset
|
124 if (pop3_proxy_new(client, host, port, destuser, pass) < 0) |
d344be0bb70f
Added IMAP and POP3 proxying support.
Timo Sirainen <tss@iki.fi>
parents:
2766
diff
changeset
|
125 client_destroy_internal_failure(client); |
d344be0bb70f
Added IMAP and POP3 proxying support.
Timo Sirainen <tss@iki.fi>
parents:
2766
diff
changeset
|
126 return TRUE; |
2766
26a091f3add6
Implemented support for LOGIN-REFERRALS using "referral" and "reason"
Timo Sirainen <tss@iki.fi>
parents:
2763
diff
changeset
|
127 } |
26a091f3add6
Implemented support for LOGIN-REFERRALS using "referral" and "reason"
Timo Sirainen <tss@iki.fi>
parents:
2763
diff
changeset
|
128 |
26a091f3add6
Implemented support for LOGIN-REFERRALS using "referral" and "reason"
Timo Sirainen <tss@iki.fi>
parents:
2763
diff
changeset
|
129 if (!nologin) |
26a091f3add6
Implemented support for LOGIN-REFERRALS using "referral" and "reason"
Timo Sirainen <tss@iki.fi>
parents:
2763
diff
changeset
|
130 return FALSE; |
26a091f3add6
Implemented support for LOGIN-REFERRALS using "referral" and "reason"
Timo Sirainen <tss@iki.fi>
parents:
2763
diff
changeset
|
131 |
26a091f3add6
Implemented support for LOGIN-REFERRALS using "referral" and "reason"
Timo Sirainen <tss@iki.fi>
parents:
2763
diff
changeset
|
132 reply = t_str_new(128); |
26a091f3add6
Implemented support for LOGIN-REFERRALS using "referral" and "reason"
Timo Sirainen <tss@iki.fi>
parents:
2763
diff
changeset
|
133 str_append(reply, "-ERR "); |
26a091f3add6
Implemented support for LOGIN-REFERRALS using "referral" and "reason"
Timo Sirainen <tss@iki.fi>
parents:
2763
diff
changeset
|
134 if (reason != NULL) |
26a091f3add6
Implemented support for LOGIN-REFERRALS using "referral" and "reason"
Timo Sirainen <tss@iki.fi>
parents:
2763
diff
changeset
|
135 str_append(reply, reason); |
3059
08c640bdf749
If authentication failed because of temporary failure, show different error
Timo Sirainen <tss@iki.fi>
parents:
2838
diff
changeset
|
136 else if (temp) |
08c640bdf749
If authentication failed because of temporary failure, show different error
Timo Sirainen <tss@iki.fi>
parents:
2838
diff
changeset
|
137 str_append(reply, AUTH_TEMP_FAILED_MSG); |
2766
26a091f3add6
Implemented support for LOGIN-REFERRALS using "referral" and "reason"
Timo Sirainen <tss@iki.fi>
parents:
2763
diff
changeset
|
138 else |
2773
e624a9ad6a30
More smart IMAP and POP3 proxies. Now if remote login fails, it just
Timo Sirainen <tss@iki.fi>
parents:
2768
diff
changeset
|
139 str_append(reply, AUTH_FAILED_MSG); |
2766
26a091f3add6
Implemented support for LOGIN-REFERRALS using "referral" and "reason"
Timo Sirainen <tss@iki.fi>
parents:
2763
diff
changeset
|
140 |
26a091f3add6
Implemented support for LOGIN-REFERRALS using "referral" and "reason"
Timo Sirainen <tss@iki.fi>
parents:
2763
diff
changeset
|
141 client_send_line(client, str_c(reply)); |
26a091f3add6
Implemented support for LOGIN-REFERRALS using "referral" and "reason"
Timo Sirainen <tss@iki.fi>
parents:
2763
diff
changeset
|
142 |
5150
16240711734e
If authentication fails and we've already destroyed the client, don't go
Timo Sirainen <tss@iki.fi>
parents:
4924
diff
changeset
|
143 if (!client->destroyed) { |
16240711734e
If authentication fails and we've already destroyed the client, don't go
Timo Sirainen <tss@iki.fi>
parents:
4924
diff
changeset
|
144 /* get back to normal client input. */ |
16240711734e
If authentication fails and we've already destroyed the client, don't go
Timo Sirainen <tss@iki.fi>
parents:
4924
diff
changeset
|
145 if (client->io != NULL) |
16240711734e
If authentication fails and we've already destroyed the client, don't go
Timo Sirainen <tss@iki.fi>
parents:
4924
diff
changeset
|
146 io_remove(&client->io); |
16240711734e
If authentication fails and we've already destroyed the client, don't go
Timo Sirainen <tss@iki.fi>
parents:
4924
diff
changeset
|
147 client->io = io_add(client->common.fd, IO_READ, |
16240711734e
If authentication fails and we've already destroyed the client, don't go
Timo Sirainen <tss@iki.fi>
parents:
4924
diff
changeset
|
148 client_input, client); |
16240711734e
If authentication fails and we've already destroyed the client, don't go
Timo Sirainen <tss@iki.fi>
parents:
4924
diff
changeset
|
149 } |
2766
26a091f3add6
Implemented support for LOGIN-REFERRALS using "referral" and "reason"
Timo Sirainen <tss@iki.fi>
parents:
2763
diff
changeset
|
150 return TRUE; |
26a091f3add6
Implemented support for LOGIN-REFERRALS using "referral" and "reason"
Timo Sirainen <tss@iki.fi>
parents:
2763
diff
changeset
|
151 } |
26a091f3add6
Implemented support for LOGIN-REFERRALS using "referral" and "reason"
Timo Sirainen <tss@iki.fi>
parents:
2763
diff
changeset
|
152 |
2733
9b9d9c164a31
Login process cleanups. Share more authentication code between pop3/imap.
Timo Sirainen <tss@iki.fi>
parents:
2708
diff
changeset
|
153 static void sasl_callback(struct client *_client, enum sasl_server_reply reply, |
2766
26a091f3add6
Implemented support for LOGIN-REFERRALS using "referral" and "reason"
Timo Sirainen <tss@iki.fi>
parents:
2763
diff
changeset
|
154 const char *data, const char *const *args) |
2733
9b9d9c164a31
Login process cleanups. Share more authentication code between pop3/imap.
Timo Sirainen <tss@iki.fi>
parents:
2708
diff
changeset
|
155 { |
9b9d9c164a31
Login process cleanups. Share more authentication code between pop3/imap.
Timo Sirainen <tss@iki.fi>
parents:
2708
diff
changeset
|
156 struct pop3_client *client = (struct pop3_client *)_client; |
9b9d9c164a31
Login process cleanups. Share more authentication code between pop3/imap.
Timo Sirainen <tss@iki.fi>
parents:
2708
diff
changeset
|
157 struct const_iovec iov[3]; |
4301
0e10b01960a0
IMAP: Reply with tagged BAD if authentication is aborted because client sent
Timo Sirainen <tss@iki.fi>
parents:
4269
diff
changeset
|
158 const char *msg; |
2733
9b9d9c164a31
Login process cleanups. Share more authentication code between pop3/imap.
Timo Sirainen <tss@iki.fi>
parents:
2708
diff
changeset
|
159 size_t data_len; |
9b9d9c164a31
Login process cleanups. Share more authentication code between pop3/imap.
Timo Sirainen <tss@iki.fi>
parents:
2708
diff
changeset
|
160 |
4790
c6d77f917d12
Fixed potential problems with client disconnecting while master was handling
Timo Sirainen <tss@iki.fi>
parents:
4770
diff
changeset
|
161 i_assert(!client->destroyed || |
c6d77f917d12
Fixed potential problems with client disconnecting while master was handling
Timo Sirainen <tss@iki.fi>
parents:
4770
diff
changeset
|
162 reply == SASL_SERVER_REPLY_CLIENT_ERROR || |
c6d77f917d12
Fixed potential problems with client disconnecting while master was handling
Timo Sirainen <tss@iki.fi>
parents:
4770
diff
changeset
|
163 reply == SASL_SERVER_REPLY_MASTER_FAILED); |
4770
88c29111fcee
Crashfixes and more asserts. Mostly related to use of AUTHENTICATE/AUTH
Timo Sirainen <tss@iki.fi>
parents:
4301
diff
changeset
|
164 |
2733
9b9d9c164a31
Login process cleanups. Share more authentication code between pop3/imap.
Timo Sirainen <tss@iki.fi>
parents:
2708
diff
changeset
|
165 switch (reply) { |
9b9d9c164a31
Login process cleanups. Share more authentication code between pop3/imap.
Timo Sirainen <tss@iki.fi>
parents:
2708
diff
changeset
|
166 case SASL_SERVER_REPLY_SUCCESS: |
2766
26a091f3add6
Implemented support for LOGIN-REFERRALS using "referral" and "reason"
Timo Sirainen <tss@iki.fi>
parents:
2763
diff
changeset
|
167 if (args != NULL) { |
5173
723cf9d39692
If authentication failed but it still returns proxy, don't do the proxying.
Timo Sirainen <tss@iki.fi>
parents:
5150
diff
changeset
|
168 if (client_handle_args(client, args, TRUE)) |
2766
26a091f3add6
Implemented support for LOGIN-REFERRALS using "referral" and "reason"
Timo Sirainen <tss@iki.fi>
parents:
2763
diff
changeset
|
169 break; |
26a091f3add6
Implemented support for LOGIN-REFERRALS using "referral" and "reason"
Timo Sirainen <tss@iki.fi>
parents:
2763
diff
changeset
|
170 } |
26a091f3add6
Implemented support for LOGIN-REFERRALS using "referral" and "reason"
Timo Sirainen <tss@iki.fi>
parents:
2763
diff
changeset
|
171 |
2733
9b9d9c164a31
Login process cleanups. Share more authentication code between pop3/imap.
Timo Sirainen <tss@iki.fi>
parents:
2708
diff
changeset
|
172 client_send_line(client, "+OK Logged in."); |
3384
3b75956d20c4
Added configurable logging for login process. Added configurable pop3 logout
Timo Sirainen <tss@iki.fi>
parents:
3136
diff
changeset
|
173 client_destroy(client, "Login"); |
2733
9b9d9c164a31
Login process cleanups. Share more authentication code between pop3/imap.
Timo Sirainen <tss@iki.fi>
parents:
2708
diff
changeset
|
174 break; |
9b9d9c164a31
Login process cleanups. Share more authentication code between pop3/imap.
Timo Sirainen <tss@iki.fi>
parents:
2708
diff
changeset
|
175 case SASL_SERVER_REPLY_AUTH_FAILED: |
4301
0e10b01960a0
IMAP: Reply with tagged BAD if authentication is aborted because client sent
Timo Sirainen <tss@iki.fi>
parents:
4269
diff
changeset
|
176 case SASL_SERVER_REPLY_CLIENT_ERROR: |
2768
d344be0bb70f
Added IMAP and POP3 proxying support.
Timo Sirainen <tss@iki.fi>
parents:
2766
diff
changeset
|
177 if (args != NULL) { |
5173
723cf9d39692
If authentication failed but it still returns proxy, don't do the proxying.
Timo Sirainen <tss@iki.fi>
parents:
5150
diff
changeset
|
178 if (client_handle_args(client, args, FALSE)) |
2768
d344be0bb70f
Added IMAP and POP3 proxying support.
Timo Sirainen <tss@iki.fi>
parents:
2766
diff
changeset
|
179 break; |
d344be0bb70f
Added IMAP and POP3 proxying support.
Timo Sirainen <tss@iki.fi>
parents:
2766
diff
changeset
|
180 } |
d344be0bb70f
Added IMAP and POP3 proxying support.
Timo Sirainen <tss@iki.fi>
parents:
2766
diff
changeset
|
181 |
4301
0e10b01960a0
IMAP: Reply with tagged BAD if authentication is aborted because client sent
Timo Sirainen <tss@iki.fi>
parents:
4269
diff
changeset
|
182 msg = t_strconcat("-ERR ", data != NULL ? |
0e10b01960a0
IMAP: Reply with tagged BAD if authentication is aborted because client sent
Timo Sirainen <tss@iki.fi>
parents:
4269
diff
changeset
|
183 data : AUTH_FAILED_MSG, NULL); |
0e10b01960a0
IMAP: Reply with tagged BAD if authentication is aborted because client sent
Timo Sirainen <tss@iki.fi>
parents:
4269
diff
changeset
|
184 client_send_line(client, msg); |
2733
9b9d9c164a31
Login process cleanups. Share more authentication code between pop3/imap.
Timo Sirainen <tss@iki.fi>
parents:
2708
diff
changeset
|
185 |
5150
16240711734e
If authentication fails and we've already destroyed the client, don't go
Timo Sirainen <tss@iki.fi>
parents:
4924
diff
changeset
|
186 if (!client->destroyed) { |
16240711734e
If authentication fails and we've already destroyed the client, don't go
Timo Sirainen <tss@iki.fi>
parents:
4924
diff
changeset
|
187 /* get back to normal client input. */ |
16240711734e
If authentication fails and we've already destroyed the client, don't go
Timo Sirainen <tss@iki.fi>
parents:
4924
diff
changeset
|
188 if (client->io != NULL) |
16240711734e
If authentication fails and we've already destroyed the client, don't go
Timo Sirainen <tss@iki.fi>
parents:
4924
diff
changeset
|
189 io_remove(&client->io); |
16240711734e
If authentication fails and we've already destroyed the client, don't go
Timo Sirainen <tss@iki.fi>
parents:
4924
diff
changeset
|
190 client->io = io_add(client->common.fd, IO_READ, |
16240711734e
If authentication fails and we've already destroyed the client, don't go
Timo Sirainen <tss@iki.fi>
parents:
4924
diff
changeset
|
191 client_input, client); |
16240711734e
If authentication fails and we've already destroyed the client, don't go
Timo Sirainen <tss@iki.fi>
parents:
4924
diff
changeset
|
192 } |
2733
9b9d9c164a31
Login process cleanups. Share more authentication code between pop3/imap.
Timo Sirainen <tss@iki.fi>
parents:
2708
diff
changeset
|
193 break; |
9b9d9c164a31
Login process cleanups. Share more authentication code between pop3/imap.
Timo Sirainen <tss@iki.fi>
parents:
2708
diff
changeset
|
194 case SASL_SERVER_REPLY_MASTER_FAILED: |
5846
21e529b8a701
Initial implementation for mail_max_user_connections setting.
Timo Sirainen <tss@iki.fi>
parents:
5433
diff
changeset
|
195 if (data == NULL) |
21e529b8a701
Initial implementation for mail_max_user_connections setting.
Timo Sirainen <tss@iki.fi>
parents:
5433
diff
changeset
|
196 client_destroy_internal_failure(client); |
21e529b8a701
Initial implementation for mail_max_user_connections setting.
Timo Sirainen <tss@iki.fi>
parents:
5433
diff
changeset
|
197 else { |
21e529b8a701
Initial implementation for mail_max_user_connections setting.
Timo Sirainen <tss@iki.fi>
parents:
5433
diff
changeset
|
198 client_send_line(client, |
21e529b8a701
Initial implementation for mail_max_user_connections setting.
Timo Sirainen <tss@iki.fi>
parents:
5433
diff
changeset
|
199 t_strconcat("-ERR [IN-USE] ", data, NULL)); |
21e529b8a701
Initial implementation for mail_max_user_connections setting.
Timo Sirainen <tss@iki.fi>
parents:
5433
diff
changeset
|
200 client_destroy(client, data); |
21e529b8a701
Initial implementation for mail_max_user_connections setting.
Timo Sirainen <tss@iki.fi>
parents:
5433
diff
changeset
|
201 } |
2733
9b9d9c164a31
Login process cleanups. Share more authentication code between pop3/imap.
Timo Sirainen <tss@iki.fi>
parents:
2708
diff
changeset
|
202 break; |
9b9d9c164a31
Login process cleanups. Share more authentication code between pop3/imap.
Timo Sirainen <tss@iki.fi>
parents:
2708
diff
changeset
|
203 case SASL_SERVER_REPLY_CONTINUE: |
9b9d9c164a31
Login process cleanups. Share more authentication code between pop3/imap.
Timo Sirainen <tss@iki.fi>
parents:
2708
diff
changeset
|
204 data_len = strlen(data); |
9b9d9c164a31
Login process cleanups. Share more authentication code between pop3/imap.
Timo Sirainen <tss@iki.fi>
parents:
2708
diff
changeset
|
205 iov[0].iov_base = "+ "; |
9b9d9c164a31
Login process cleanups. Share more authentication code between pop3/imap.
Timo Sirainen <tss@iki.fi>
parents:
2708
diff
changeset
|
206 iov[0].iov_len = 2; |
9b9d9c164a31
Login process cleanups. Share more authentication code between pop3/imap.
Timo Sirainen <tss@iki.fi>
parents:
2708
diff
changeset
|
207 iov[1].iov_base = data; |
9b9d9c164a31
Login process cleanups. Share more authentication code between pop3/imap.
Timo Sirainen <tss@iki.fi>
parents:
2708
diff
changeset
|
208 iov[1].iov_len = data_len; |
9b9d9c164a31
Login process cleanups. Share more authentication code between pop3/imap.
Timo Sirainen <tss@iki.fi>
parents:
2708
diff
changeset
|
209 iov[2].iov_base = "\r\n"; |
9b9d9c164a31
Login process cleanups. Share more authentication code between pop3/imap.
Timo Sirainen <tss@iki.fi>
parents:
2708
diff
changeset
|
210 iov[2].iov_len = 2; |
9b9d9c164a31
Login process cleanups. Share more authentication code between pop3/imap.
Timo Sirainen <tss@iki.fi>
parents:
2708
diff
changeset
|
211 |
3955
295af5c1cce6
If client disconnected while we were trying to send authentication
Timo Sirainen <tss@iki.fi>
parents:
3879
diff
changeset
|
212 /* don't check return value here. it gets tricky if we try |
295af5c1cce6
If client disconnected while we were trying to send authentication
Timo Sirainen <tss@iki.fi>
parents:
3879
diff
changeset
|
213 to call client_destroy() in here. */ |
295af5c1cce6
If client disconnected while we were trying to send authentication
Timo Sirainen <tss@iki.fi>
parents:
3879
diff
changeset
|
214 (void)o_stream_sendv(client->output, iov, 3); |
6834
ff62b2323a97
Disable processing input while it's not expected, otherwise we could get
Timo Sirainen <tss@iki.fi>
parents:
6472
diff
changeset
|
215 |
ff62b2323a97
Disable processing input while it's not expected, otherwise we could get
Timo Sirainen <tss@iki.fi>
parents:
6472
diff
changeset
|
216 i_assert(client->io == NULL); |
ff62b2323a97
Disable processing input while it's not expected, otherwise we could get
Timo Sirainen <tss@iki.fi>
parents:
6472
diff
changeset
|
217 client->io = io_add(client->common.fd, IO_READ, |
ff62b2323a97
Disable processing input while it's not expected, otherwise we could get
Timo Sirainen <tss@iki.fi>
parents:
6472
diff
changeset
|
218 client_auth_input, client); |
ff62b2323a97
Disable processing input while it's not expected, otherwise we could get
Timo Sirainen <tss@iki.fi>
parents:
6472
diff
changeset
|
219 client_auth_input(client); |
3955
295af5c1cce6
If client disconnected while we were trying to send authentication
Timo Sirainen <tss@iki.fi>
parents:
3879
diff
changeset
|
220 return; |
2733
9b9d9c164a31
Login process cleanups. Share more authentication code between pop3/imap.
Timo Sirainen <tss@iki.fi>
parents:
2708
diff
changeset
|
221 } |
9b9d9c164a31
Login process cleanups. Share more authentication code between pop3/imap.
Timo Sirainen <tss@iki.fi>
parents:
2708
diff
changeset
|
222 |
9b9d9c164a31
Login process cleanups. Share more authentication code between pop3/imap.
Timo Sirainen <tss@iki.fi>
parents:
2708
diff
changeset
|
223 client_unref(client); |
9b9d9c164a31
Login process cleanups. Share more authentication code between pop3/imap.
Timo Sirainen <tss@iki.fi>
parents:
2708
diff
changeset
|
224 } |
9b9d9c164a31
Login process cleanups. Share more authentication code between pop3/imap.
Timo Sirainen <tss@iki.fi>
parents:
2708
diff
changeset
|
225 |
3863
55df57c028d4
Added "bool" type and changed all ints that were used as booleans to bool.
Timo Sirainen <tss@iki.fi>
parents:
3571
diff
changeset
|
226 bool cmd_auth(struct pop3_client *client, const char *args) |
1049
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
227 { |
2077
d5b20d679b8a
Removed hardcoded mechanism lists. It's now possible to add them
Timo Sirainen <tss@iki.fi>
parents:
2076
diff
changeset
|
228 const struct auth_mech_desc *mech; |
2733
9b9d9c164a31
Login process cleanups. Share more authentication code between pop3/imap.
Timo Sirainen <tss@iki.fi>
parents:
2708
diff
changeset
|
229 const char *mech_name, *p; |
1049
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
230 |
2698
55308ec89931
Advertise all SASL mechanisms in old-style SASL discovery. Patch by Andrey
Timo Sirainen <tss@iki.fi>
parents:
2691
diff
changeset
|
231 if (*args == '\0') { |
55308ec89931
Advertise all SASL mechanisms in old-style SASL discovery. Patch by Andrey
Timo Sirainen <tss@iki.fi>
parents:
2691
diff
changeset
|
232 /* Old-style SASL discovery, used by MS Outlook */ |
3571 | 233 unsigned int i, count; |
234 | |
2382
34d4c7a7b485
Added NTLM kludge. Patch by Andrey Panin
Timo Sirainen <tss@iki.fi>
parents:
2345
diff
changeset
|
235 client_send_line(client, "+OK"); |
2698
55308ec89931
Advertise all SASL mechanisms in old-style SASL discovery. Patch by Andrey
Timo Sirainen <tss@iki.fi>
parents:
2691
diff
changeset
|
236 mech = auth_client_get_available_mechs(auth_client, &count); |
55308ec89931
Advertise all SASL mechanisms in old-style SASL discovery. Patch by Andrey
Timo Sirainen <tss@iki.fi>
parents:
2691
diff
changeset
|
237 for (i = 0; i < count; i++) { |
2736
0f31778d3c34
Changed dovecot-auth protocol to ASCII based. Should be easier now to write
Timo Sirainen <tss@iki.fi>
parents:
2733
diff
changeset
|
238 if ((mech[i].flags & MECH_SEC_PRIVATE) == 0 && |
2763
ab14dffd0e91
tls/secured variables are in common client structure. Plaintext logins
Timo Sirainen <tss@iki.fi>
parents:
2759
diff
changeset
|
239 (client->common.secured || disable_plaintext_auth || |
2736
0f31778d3c34
Changed dovecot-auth protocol to ASCII based. Should be easier now to write
Timo Sirainen <tss@iki.fi>
parents:
2733
diff
changeset
|
240 (mech[i].flags & MECH_SEC_PLAINTEXT) == 0)) |
2698
55308ec89931
Advertise all SASL mechanisms in old-style SASL discovery. Patch by Andrey
Timo Sirainen <tss@iki.fi>
parents:
2691
diff
changeset
|
241 client_send_line(client, mech[i].name); |
55308ec89931
Advertise all SASL mechanisms in old-style SASL discovery. Patch by Andrey
Timo Sirainen <tss@iki.fi>
parents:
2691
diff
changeset
|
242 } |
2382
34d4c7a7b485
Added NTLM kludge. Patch by Andrey Panin
Timo Sirainen <tss@iki.fi>
parents:
2345
diff
changeset
|
243 client_send_line(client, "."); |
34d4c7a7b485
Added NTLM kludge. Patch by Andrey Panin
Timo Sirainen <tss@iki.fi>
parents:
2345
diff
changeset
|
244 return TRUE; |
2698
55308ec89931
Advertise all SASL mechanisms in old-style SASL discovery. Patch by Andrey
Timo Sirainen <tss@iki.fi>
parents:
2691
diff
changeset
|
245 } |
2382
34d4c7a7b485
Added NTLM kludge. Patch by Andrey Panin
Timo Sirainen <tss@iki.fi>
parents:
2345
diff
changeset
|
246 |
2077
d5b20d679b8a
Removed hardcoded mechanism lists. It's now possible to add them
Timo Sirainen <tss@iki.fi>
parents:
2076
diff
changeset
|
247 /* <mechanism name> <initial response> */ |
d5b20d679b8a
Removed hardcoded mechanism lists. It's now possible to add them
Timo Sirainen <tss@iki.fi>
parents:
2076
diff
changeset
|
248 p = strchr(args, ' '); |
d5b20d679b8a
Removed hardcoded mechanism lists. It's now possible to add them
Timo Sirainen <tss@iki.fi>
parents:
2076
diff
changeset
|
249 if (p == NULL) { |
d5b20d679b8a
Removed hardcoded mechanism lists. It's now possible to add them
Timo Sirainen <tss@iki.fi>
parents:
2076
diff
changeset
|
250 mech_name = args; |
d5b20d679b8a
Removed hardcoded mechanism lists. It's now possible to add them
Timo Sirainen <tss@iki.fi>
parents:
2076
diff
changeset
|
251 args = ""; |
d5b20d679b8a
Removed hardcoded mechanism lists. It's now possible to add them
Timo Sirainen <tss@iki.fi>
parents:
2076
diff
changeset
|
252 } else { |
d5b20d679b8a
Removed hardcoded mechanism lists. It's now possible to add them
Timo Sirainen <tss@iki.fi>
parents:
2076
diff
changeset
|
253 mech_name = t_strdup_until(args, p); |
d5b20d679b8a
Removed hardcoded mechanism lists. It's now possible to add them
Timo Sirainen <tss@iki.fi>
parents:
2076
diff
changeset
|
254 args = p+1; |
d5b20d679b8a
Removed hardcoded mechanism lists. It's now possible to add them
Timo Sirainen <tss@iki.fi>
parents:
2076
diff
changeset
|
255 } |
d5b20d679b8a
Removed hardcoded mechanism lists. It's now possible to add them
Timo Sirainen <tss@iki.fi>
parents:
2076
diff
changeset
|
256 |
2733
9b9d9c164a31
Login process cleanups. Share more authentication code between pop3/imap.
Timo Sirainen <tss@iki.fi>
parents:
2708
diff
changeset
|
257 client_ref(client); |
4856
f75041ec22ba
Changed the service name from uppercase IMAP/POP3 to lowercase imap/pop3 so
Timo Sirainen <tss@iki.fi>
parents:
4790
diff
changeset
|
258 sasl_server_auth_begin(&client->common, POP3_SERVICE_NAME, mech_name, |
2736
0f31778d3c34
Changed dovecot-auth protocol to ASCII based. Should be easier now to write
Timo Sirainen <tss@iki.fi>
parents:
2733
diff
changeset
|
259 args, sasl_callback); |
2733
9b9d9c164a31
Login process cleanups. Share more authentication code between pop3/imap.
Timo Sirainen <tss@iki.fi>
parents:
2708
diff
changeset
|
260 if (!client->common.authenticating) |
9b9d9c164a31
Login process cleanups. Share more authentication code between pop3/imap.
Timo Sirainen <tss@iki.fi>
parents:
2708
diff
changeset
|
261 return TRUE; |
9b9d9c164a31
Login process cleanups. Share more authentication code between pop3/imap.
Timo Sirainen <tss@iki.fi>
parents:
2708
diff
changeset
|
262 |
6834
ff62b2323a97
Disable processing input while it's not expected, otherwise we could get
Timo Sirainen <tss@iki.fi>
parents:
6472
diff
changeset
|
263 /* don't handle input until we get the initial auth reply */ |
2733
9b9d9c164a31
Login process cleanups. Share more authentication code between pop3/imap.
Timo Sirainen <tss@iki.fi>
parents:
2708
diff
changeset
|
264 if (client->io != NULL) |
3879
928229f8b3e6
deinit, unref, destroy, close, free, etc. functions now take a pointer to
Timo Sirainen <tss@iki.fi>
parents:
3863
diff
changeset
|
265 io_remove(&client->io); |
2733
9b9d9c164a31
Login process cleanups. Share more authentication code between pop3/imap.
Timo Sirainen <tss@iki.fi>
parents:
2708
diff
changeset
|
266 return TRUE; |
9b9d9c164a31
Login process cleanups. Share more authentication code between pop3/imap.
Timo Sirainen <tss@iki.fi>
parents:
2708
diff
changeset
|
267 } |
9b9d9c164a31
Login process cleanups. Share more authentication code between pop3/imap.
Timo Sirainen <tss@iki.fi>
parents:
2708
diff
changeset
|
268 |
4269
b8fd29a53d47
If PASS command is given (after unsuccessful USER) with plaintext auth
Timo Sirainen <tss@iki.fi>
parents:
4197
diff
changeset
|
269 static bool check_plaintext_auth(struct pop3_client *client) |
b8fd29a53d47
If PASS command is given (after unsuccessful USER) with plaintext auth
Timo Sirainen <tss@iki.fi>
parents:
4197
diff
changeset
|
270 { |
b8fd29a53d47
If PASS command is given (after unsuccessful USER) with plaintext auth
Timo Sirainen <tss@iki.fi>
parents:
4197
diff
changeset
|
271 if (client->common.secured || !disable_plaintext_auth) |
b8fd29a53d47
If PASS command is given (after unsuccessful USER) with plaintext auth
Timo Sirainen <tss@iki.fi>
parents:
4197
diff
changeset
|
272 return TRUE; |
b8fd29a53d47
If PASS command is given (after unsuccessful USER) with plaintext auth
Timo Sirainen <tss@iki.fi>
parents:
4197
diff
changeset
|
273 |
b8fd29a53d47
If PASS command is given (after unsuccessful USER) with plaintext auth
Timo Sirainen <tss@iki.fi>
parents:
4197
diff
changeset
|
274 if (verbose_auth) { |
b8fd29a53d47
If PASS command is given (after unsuccessful USER) with plaintext auth
Timo Sirainen <tss@iki.fi>
parents:
4197
diff
changeset
|
275 client_syslog(&client->common, "Login failed: " |
b8fd29a53d47
If PASS command is given (after unsuccessful USER) with plaintext auth
Timo Sirainen <tss@iki.fi>
parents:
4197
diff
changeset
|
276 "Plaintext authentication disabled"); |
b8fd29a53d47
If PASS command is given (after unsuccessful USER) with plaintext auth
Timo Sirainen <tss@iki.fi>
parents:
4197
diff
changeset
|
277 } |
4924
98780639b190
"Plaintext authentication disabled" -> "Plaintext authentication disallowed
Timo Sirainen <tss@iki.fi>
parents:
4907
diff
changeset
|
278 client_send_line(client, "-ERR "AUTH_PLAINTEXT_DISABLED_MSG); |
4269
b8fd29a53d47
If PASS command is given (after unsuccessful USER) with plaintext auth
Timo Sirainen <tss@iki.fi>
parents:
4197
diff
changeset
|
279 return FALSE; |
b8fd29a53d47
If PASS command is given (after unsuccessful USER) with plaintext auth
Timo Sirainen <tss@iki.fi>
parents:
4197
diff
changeset
|
280 } |
b8fd29a53d47
If PASS command is given (after unsuccessful USER) with plaintext auth
Timo Sirainen <tss@iki.fi>
parents:
4197
diff
changeset
|
281 |
3863
55df57c028d4
Added "bool" type and changed all ints that were used as booleans to bool.
Timo Sirainen <tss@iki.fi>
parents:
3571
diff
changeset
|
282 bool cmd_user(struct pop3_client *client, const char *args) |
2733
9b9d9c164a31
Login process cleanups. Share more authentication code between pop3/imap.
Timo Sirainen <tss@iki.fi>
parents:
2708
diff
changeset
|
283 { |
4269
b8fd29a53d47
If PASS command is given (after unsuccessful USER) with plaintext auth
Timo Sirainen <tss@iki.fi>
parents:
4197
diff
changeset
|
284 if (!check_plaintext_auth(client)) |
2733
9b9d9c164a31
Login process cleanups. Share more authentication code between pop3/imap.
Timo Sirainen <tss@iki.fi>
parents:
2708
diff
changeset
|
285 return TRUE; |
9b9d9c164a31
Login process cleanups. Share more authentication code between pop3/imap.
Timo Sirainen <tss@iki.fi>
parents:
2708
diff
changeset
|
286 |
9b9d9c164a31
Login process cleanups. Share more authentication code between pop3/imap.
Timo Sirainen <tss@iki.fi>
parents:
2708
diff
changeset
|
287 i_free(client->last_user); |
9b9d9c164a31
Login process cleanups. Share more authentication code between pop3/imap.
Timo Sirainen <tss@iki.fi>
parents:
2708
diff
changeset
|
288 client->last_user = i_strdup(args); |
9b9d9c164a31
Login process cleanups. Share more authentication code between pop3/imap.
Timo Sirainen <tss@iki.fi>
parents:
2708
diff
changeset
|
289 |
9b9d9c164a31
Login process cleanups. Share more authentication code between pop3/imap.
Timo Sirainen <tss@iki.fi>
parents:
2708
diff
changeset
|
290 client_send_line(client, "+OK"); |
9b9d9c164a31
Login process cleanups. Share more authentication code between pop3/imap.
Timo Sirainen <tss@iki.fi>
parents:
2708
diff
changeset
|
291 return TRUE; |
9b9d9c164a31
Login process cleanups. Share more authentication code between pop3/imap.
Timo Sirainen <tss@iki.fi>
parents:
2708
diff
changeset
|
292 } |
9b9d9c164a31
Login process cleanups. Share more authentication code between pop3/imap.
Timo Sirainen <tss@iki.fi>
parents:
2708
diff
changeset
|
293 |
3863
55df57c028d4
Added "bool" type and changed all ints that were used as booleans to bool.
Timo Sirainen <tss@iki.fi>
parents:
3571
diff
changeset
|
294 bool cmd_pass(struct pop3_client *client, const char *args) |
2733
9b9d9c164a31
Login process cleanups. Share more authentication code between pop3/imap.
Timo Sirainen <tss@iki.fi>
parents:
2708
diff
changeset
|
295 { |
2736
0f31778d3c34
Changed dovecot-auth protocol to ASCII based. Should be easier now to write
Timo Sirainen <tss@iki.fi>
parents:
2733
diff
changeset
|
296 string_t *plain_login, *base64; |
2733
9b9d9c164a31
Login process cleanups. Share more authentication code between pop3/imap.
Timo Sirainen <tss@iki.fi>
parents:
2708
diff
changeset
|
297 |
9b9d9c164a31
Login process cleanups. Share more authentication code between pop3/imap.
Timo Sirainen <tss@iki.fi>
parents:
2708
diff
changeset
|
298 if (client->last_user == NULL) { |
4269
b8fd29a53d47
If PASS command is given (after unsuccessful USER) with plaintext auth
Timo Sirainen <tss@iki.fi>
parents:
4197
diff
changeset
|
299 /* client may ignore the USER reply and only display the error |
b8fd29a53d47
If PASS command is given (after unsuccessful USER) with plaintext auth
Timo Sirainen <tss@iki.fi>
parents:
4197
diff
changeset
|
300 message from PASS */ |
b8fd29a53d47
If PASS command is given (after unsuccessful USER) with plaintext auth
Timo Sirainen <tss@iki.fi>
parents:
4197
diff
changeset
|
301 if (!check_plaintext_auth(client)) |
b8fd29a53d47
If PASS command is given (after unsuccessful USER) with plaintext auth
Timo Sirainen <tss@iki.fi>
parents:
4197
diff
changeset
|
302 return TRUE; |
b8fd29a53d47
If PASS command is given (after unsuccessful USER) with plaintext auth
Timo Sirainen <tss@iki.fi>
parents:
4197
diff
changeset
|
303 |
2733
9b9d9c164a31
Login process cleanups. Share more authentication code between pop3/imap.
Timo Sirainen <tss@iki.fi>
parents:
2708
diff
changeset
|
304 client_send_line(client, "-ERR No username given."); |
9b9d9c164a31
Login process cleanups. Share more authentication code between pop3/imap.
Timo Sirainen <tss@iki.fi>
parents:
2708
diff
changeset
|
305 return TRUE; |
9b9d9c164a31
Login process cleanups. Share more authentication code between pop3/imap.
Timo Sirainen <tss@iki.fi>
parents:
2708
diff
changeset
|
306 } |
9b9d9c164a31
Login process cleanups. Share more authentication code between pop3/imap.
Timo Sirainen <tss@iki.fi>
parents:
2708
diff
changeset
|
307 |
9b9d9c164a31
Login process cleanups. Share more authentication code between pop3/imap.
Timo Sirainen <tss@iki.fi>
parents:
2708
diff
changeset
|
308 /* authorization ID \0 authentication ID \0 pass */ |
9b9d9c164a31
Login process cleanups. Share more authentication code between pop3/imap.
Timo Sirainen <tss@iki.fi>
parents:
2708
diff
changeset
|
309 plain_login = t_str_new(128); |
9b9d9c164a31
Login process cleanups. Share more authentication code between pop3/imap.
Timo Sirainen <tss@iki.fi>
parents:
2708
diff
changeset
|
310 str_append_c(plain_login, '\0'); |
9b9d9c164a31
Login process cleanups. Share more authentication code between pop3/imap.
Timo Sirainen <tss@iki.fi>
parents:
2708
diff
changeset
|
311 str_append(plain_login, client->last_user); |
9b9d9c164a31
Login process cleanups. Share more authentication code between pop3/imap.
Timo Sirainen <tss@iki.fi>
parents:
2708
diff
changeset
|
312 str_append_c(plain_login, '\0'); |
9b9d9c164a31
Login process cleanups. Share more authentication code between pop3/imap.
Timo Sirainen <tss@iki.fi>
parents:
2708
diff
changeset
|
313 str_append(plain_login, args); |
2097
4e77cb0aff21
Added %l, %r and %P variables and mail_log_prefix setting.
Timo Sirainen <tss@iki.fi>
parents:
2077
diff
changeset
|
314 |
3089
a171aa34f0e8
Don't allow multiple PASS commands after a USER command. Patch by Andrey
Timo Sirainen <tss@iki.fi>
parents:
3059
diff
changeset
|
315 i_free(client->last_user); |
a171aa34f0e8
Don't allow multiple PASS commands after a USER command. Patch by Andrey
Timo Sirainen <tss@iki.fi>
parents:
3059
diff
changeset
|
316 client->last_user = NULL; |
a171aa34f0e8
Don't allow multiple PASS commands after a USER command. Patch by Andrey
Timo Sirainen <tss@iki.fi>
parents:
3059
diff
changeset
|
317 |
2736
0f31778d3c34
Changed dovecot-auth protocol to ASCII based. Should be easier now to write
Timo Sirainen <tss@iki.fi>
parents:
2733
diff
changeset
|
318 base64 = buffer_create_dynamic(pool_datastack_create(), |
0f31778d3c34
Changed dovecot-auth protocol to ASCII based. Should be easier now to write
Timo Sirainen <tss@iki.fi>
parents:
2733
diff
changeset
|
319 MAX_BASE64_ENCODED_SIZE(plain_login->used)); |
0f31778d3c34
Changed dovecot-auth protocol to ASCII based. Should be easier now to write
Timo Sirainen <tss@iki.fi>
parents:
2733
diff
changeset
|
320 base64_encode(plain_login->data, plain_login->used, base64); |
0f31778d3c34
Changed dovecot-auth protocol to ASCII based. Should be easier now to write
Timo Sirainen <tss@iki.fi>
parents:
2733
diff
changeset
|
321 |
1714 | 322 client_ref(client); |
4856
f75041ec22ba
Changed the service name from uppercase IMAP/POP3 to lowercase imap/pop3 so
Timo Sirainen <tss@iki.fi>
parents:
4790
diff
changeset
|
323 sasl_server_auth_begin(&client->common, POP3_SERVICE_NAME, "PLAIN", |
2736
0f31778d3c34
Changed dovecot-auth protocol to ASCII based. Should be easier now to write
Timo Sirainen <tss@iki.fi>
parents:
2733
diff
changeset
|
324 str_c(base64), sasl_callback); |
2733
9b9d9c164a31
Login process cleanups. Share more authentication code between pop3/imap.
Timo Sirainen <tss@iki.fi>
parents:
2708
diff
changeset
|
325 if (!client->common.authenticating) |
9b9d9c164a31
Login process cleanups. Share more authentication code between pop3/imap.
Timo Sirainen <tss@iki.fi>
parents:
2708
diff
changeset
|
326 return TRUE; |
9b9d9c164a31
Login process cleanups. Share more authentication code between pop3/imap.
Timo Sirainen <tss@iki.fi>
parents:
2708
diff
changeset
|
327 |
9b9d9c164a31
Login process cleanups. Share more authentication code between pop3/imap.
Timo Sirainen <tss@iki.fi>
parents:
2708
diff
changeset
|
328 /* don't read any input from client until login is finished */ |
3879
928229f8b3e6
deinit, unref, destroy, close, free, etc. functions now take a pointer to
Timo Sirainen <tss@iki.fi>
parents:
3863
diff
changeset
|
329 if (client->io != NULL) |
928229f8b3e6
deinit, unref, destroy, close, free, etc. functions now take a pointer to
Timo Sirainen <tss@iki.fi>
parents:
3863
diff
changeset
|
330 io_remove(&client->io); |
1049
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
331 return TRUE; |
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
332 } |
2267
d2e186f716d8
Added APOP authentication for POP3. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
2237
diff
changeset
|
333 |
3863
55df57c028d4
Added "bool" type and changed all ints that were used as booleans to bool.
Timo Sirainen <tss@iki.fi>
parents:
3571
diff
changeset
|
334 bool cmd_apop(struct pop3_client *client, const char *args) |
2267
d2e186f716d8
Added APOP authentication for POP3. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
2237
diff
changeset
|
335 { |
2736
0f31778d3c34
Changed dovecot-auth protocol to ASCII based. Should be easier now to write
Timo Sirainen <tss@iki.fi>
parents:
2733
diff
changeset
|
336 buffer_t *apop_data, *base64; |
2733
9b9d9c164a31
Login process cleanups. Share more authentication code between pop3/imap.
Timo Sirainen <tss@iki.fi>
parents:
2708
diff
changeset
|
337 const char *p; |
2267
d2e186f716d8
Added APOP authentication for POP3. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
2237
diff
changeset
|
338 |
d2e186f716d8
Added APOP authentication for POP3. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
2237
diff
changeset
|
339 if (client->apop_challenge == NULL) { |
2733
9b9d9c164a31
Login process cleanups. Share more authentication code between pop3/imap.
Timo Sirainen <tss@iki.fi>
parents:
2708
diff
changeset
|
340 if (verbose_auth) { |
9b9d9c164a31
Login process cleanups. Share more authentication code between pop3/imap.
Timo Sirainen <tss@iki.fi>
parents:
2708
diff
changeset
|
341 client_syslog(&client->common, |
9b9d9c164a31
Login process cleanups. Share more authentication code between pop3/imap.
Timo Sirainen <tss@iki.fi>
parents:
2708
diff
changeset
|
342 "APOP failed: APOP not enabled"); |
9b9d9c164a31
Login process cleanups. Share more authentication code between pop3/imap.
Timo Sirainen <tss@iki.fi>
parents:
2708
diff
changeset
|
343 } |
2267
d2e186f716d8
Added APOP authentication for POP3. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
2237
diff
changeset
|
344 client_send_line(client, "-ERR APOP not enabled."); |
d2e186f716d8
Added APOP authentication for POP3. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
2237
diff
changeset
|
345 return TRUE; |
d2e186f716d8
Added APOP authentication for POP3. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
2237
diff
changeset
|
346 } |
d2e186f716d8
Added APOP authentication for POP3. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
2237
diff
changeset
|
347 |
d2e186f716d8
Added APOP authentication for POP3. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
2237
diff
changeset
|
348 /* <username> <md5 sum in hex> */ |
d2e186f716d8
Added APOP authentication for POP3. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
2237
diff
changeset
|
349 p = strchr(args, ' '); |
d2e186f716d8
Added APOP authentication for POP3. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
2237
diff
changeset
|
350 if (p == NULL || strlen(p+1) != 32) { |
2691
46f879c46b45
auth_verbose now affects imap/pop3 login processes too. Every authentication
Timo Sirainen <tss@iki.fi>
parents:
2629
diff
changeset
|
351 if (verbose_auth) { |
2733
9b9d9c164a31
Login process cleanups. Share more authentication code between pop3/imap.
Timo Sirainen <tss@iki.fi>
parents:
2708
diff
changeset
|
352 client_syslog(&client->common, |
9b9d9c164a31
Login process cleanups. Share more authentication code between pop3/imap.
Timo Sirainen <tss@iki.fi>
parents:
2708
diff
changeset
|
353 "APOP failed: Invalid parameters"); |
2691
46f879c46b45
auth_verbose now affects imap/pop3 login processes too. Every authentication
Timo Sirainen <tss@iki.fi>
parents:
2629
diff
changeset
|
354 } |
2267
d2e186f716d8
Added APOP authentication for POP3. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
2237
diff
changeset
|
355 client_send_line(client, "-ERR Invalid parameters."); |
d2e186f716d8
Added APOP authentication for POP3. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
2237
diff
changeset
|
356 return TRUE; |
d2e186f716d8
Added APOP authentication for POP3. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
2237
diff
changeset
|
357 } |
d2e186f716d8
Added APOP authentication for POP3. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
2237
diff
changeset
|
358 |
d2e186f716d8
Added APOP authentication for POP3. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
2237
diff
changeset
|
359 /* APOP challenge \0 username \0 APOP response */ |
2708
f1e9f3ec8135
Buffer API change: we no longer support limited sized buffers where
Timo Sirainen <tss@iki.fi>
parents:
2698
diff
changeset
|
360 apop_data = buffer_create_dynamic(pool_datastack_create(), 128); |
2267
d2e186f716d8
Added APOP authentication for POP3. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
2237
diff
changeset
|
361 buffer_append(apop_data, client->apop_challenge, |
d2e186f716d8
Added APOP authentication for POP3. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
2237
diff
changeset
|
362 strlen(client->apop_challenge)+1); |
d2e186f716d8
Added APOP authentication for POP3. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
2237
diff
changeset
|
363 buffer_append(apop_data, args, (size_t)(p-args)); |
d2e186f716d8
Added APOP authentication for POP3. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
2237
diff
changeset
|
364 buffer_append_c(apop_data, '\0'); |
d2e186f716d8
Added APOP authentication for POP3. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
2237
diff
changeset
|
365 |
2708
f1e9f3ec8135
Buffer API change: we no longer support limited sized buffers where
Timo Sirainen <tss@iki.fi>
parents:
2698
diff
changeset
|
366 if (hex_to_binary(p+1, apop_data) < 0) { |
2691
46f879c46b45
auth_verbose now affects imap/pop3 login processes too. Every authentication
Timo Sirainen <tss@iki.fi>
parents:
2629
diff
changeset
|
367 if (verbose_auth) { |
2733
9b9d9c164a31
Login process cleanups. Share more authentication code between pop3/imap.
Timo Sirainen <tss@iki.fi>
parents:
2708
diff
changeset
|
368 client_syslog(&client->common, "APOP failed: " |
2691
46f879c46b45
auth_verbose now affects imap/pop3 login processes too. Every authentication
Timo Sirainen <tss@iki.fi>
parents:
2629
diff
changeset
|
369 "Invalid characters in MD5 response"); |
46f879c46b45
auth_verbose now affects imap/pop3 login processes too. Every authentication
Timo Sirainen <tss@iki.fi>
parents:
2629
diff
changeset
|
370 } |
2267
d2e186f716d8
Added APOP authentication for POP3. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
2237
diff
changeset
|
371 client_send_line(client, |
d2e186f716d8
Added APOP authentication for POP3. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
2237
diff
changeset
|
372 "-ERR Invalid characters in MD5 response."); |
d2e186f716d8
Added APOP authentication for POP3. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
2237
diff
changeset
|
373 return TRUE; |
d2e186f716d8
Added APOP authentication for POP3. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
2237
diff
changeset
|
374 } |
d2e186f716d8
Added APOP authentication for POP3. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
2237
diff
changeset
|
375 |
2736
0f31778d3c34
Changed dovecot-auth protocol to ASCII based. Should be easier now to write
Timo Sirainen <tss@iki.fi>
parents:
2733
diff
changeset
|
376 base64 = buffer_create_dynamic(pool_datastack_create(), |
0f31778d3c34
Changed dovecot-auth protocol to ASCII based. Should be easier now to write
Timo Sirainen <tss@iki.fi>
parents:
2733
diff
changeset
|
377 MAX_BASE64_ENCODED_SIZE(apop_data->used)); |
0f31778d3c34
Changed dovecot-auth protocol to ASCII based. Should be easier now to write
Timo Sirainen <tss@iki.fi>
parents:
2733
diff
changeset
|
378 base64_encode(apop_data->data, apop_data->used, base64); |
0f31778d3c34
Changed dovecot-auth protocol to ASCII based. Should be easier now to write
Timo Sirainen <tss@iki.fi>
parents:
2733
diff
changeset
|
379 |
2267
d2e186f716d8
Added APOP authentication for POP3. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
2237
diff
changeset
|
380 client_ref(client); |
4856
f75041ec22ba
Changed the service name from uppercase IMAP/POP3 to lowercase imap/pop3 so
Timo Sirainen <tss@iki.fi>
parents:
4790
diff
changeset
|
381 sasl_server_auth_begin(&client->common, POP3_SERVICE_NAME, "APOP", |
2736
0f31778d3c34
Changed dovecot-auth protocol to ASCII based. Should be easier now to write
Timo Sirainen <tss@iki.fi>
parents:
2733
diff
changeset
|
382 str_c(base64), sasl_callback); |
2733
9b9d9c164a31
Login process cleanups. Share more authentication code between pop3/imap.
Timo Sirainen <tss@iki.fi>
parents:
2708
diff
changeset
|
383 if (!client->common.authenticating) |
9b9d9c164a31
Login process cleanups. Share more authentication code between pop3/imap.
Timo Sirainen <tss@iki.fi>
parents:
2708
diff
changeset
|
384 return TRUE; |
2267
d2e186f716d8
Added APOP authentication for POP3. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
2237
diff
changeset
|
385 |
2733
9b9d9c164a31
Login process cleanups. Share more authentication code between pop3/imap.
Timo Sirainen <tss@iki.fi>
parents:
2708
diff
changeset
|
386 /* don't read any input from client until login is finished */ |
3879
928229f8b3e6
deinit, unref, destroy, close, free, etc. functions now take a pointer to
Timo Sirainen <tss@iki.fi>
parents:
3863
diff
changeset
|
387 if (client->io != NULL) |
928229f8b3e6
deinit, unref, destroy, close, free, etc. functions now take a pointer to
Timo Sirainen <tss@iki.fi>
parents:
3863
diff
changeset
|
388 io_remove(&client->io); |
2267
d2e186f716d8
Added APOP authentication for POP3. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
2237
diff
changeset
|
389 return TRUE; |
d2e186f716d8
Added APOP authentication for POP3. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
2237
diff
changeset
|
390 } |