dovecot/original-hg/dovecot-1.2: src/pop3-login/client-authenticate.c annotate

annotate src/pop3-login/client-authenticate.c @ 6834:ff62b2323a97 HEAD

Disable processing input while it's not expected, otherwise we could get there and crash while master is processing the login. Also allow client to send the SASL data within the same IP packet as the AUTH/AUTHENTICATE command without hanging.

author	Timo Sirainen <tss@iki.fi>
date	Sun, 18 Nov 2007 20:14:00 +0200
parents	6afb29dc9273
children	249e6c711e8d

rev	line source
6429 65c69a53a7be Replaced my Copyright notices. The year range always ends with 2007 now. Timo Sirainen <tss@iki.fi> parents: 6411 diff changeset	1 /* Copyright (c) 2002-2007 Dovecot authors, see the included COPYING file */
1049 c41787e8c3f4 Moved common login process code to login-common, created pop3-login. Timo Sirainen <tss@iki.fi> parents: diff changeset	2
c41787e8c3f4 Moved common login process code to login-common, created pop3-login. Timo Sirainen <tss@iki.fi> parents: diff changeset	3 #include "common.h"
c41787e8c3f4 Moved common login process code to login-common, created pop3-login. Timo Sirainen <tss@iki.fi> parents: diff changeset	4 #include "base64.h"
c41787e8c3f4 Moved common login process code to login-common, created pop3-login. Timo Sirainen <tss@iki.fi> parents: diff changeset	5 #include "buffer.h"
2267 d2e186f716d8 Added APOP authentication for POP3. Patch by Andrey Panin. Timo Sirainen <tss@iki.fi> parents: 2237 diff changeset	6 #include "hex-binary.h"
1049 c41787e8c3f4 Moved common login process code to login-common, created pop3-login. Timo Sirainen <tss@iki.fi> parents: diff changeset	7 #include "ioloop.h"
c41787e8c3f4 Moved common login process code to login-common, created pop3-login. Timo Sirainen <tss@iki.fi> parents: diff changeset	8 #include "istream.h"
c41787e8c3f4 Moved common login process code to login-common, created pop3-login. Timo Sirainen <tss@iki.fi> parents: diff changeset	9 #include "ostream.h"
c41787e8c3f4 Moved common login process code to login-common, created pop3-login. Timo Sirainen <tss@iki.fi> parents: diff changeset	10 #include "safe-memset.h"
c41787e8c3f4 Moved common login process code to login-common, created pop3-login. Timo Sirainen <tss@iki.fi> parents: diff changeset	11 #include "str.h"
2691 46f879c46b45 auth_verbose now affects imap/pop3 login processes too. Every authentication Timo Sirainen <tss@iki.fi> parents: 2629 diff changeset	12 #include "str-sanitize.h"
1702 43815588dd6b Moved client side code for auth process handling to lib-auth. Some other login process cleanups. Timo Sirainen <tss@iki.fi> parents: 1692 diff changeset	13 #include "auth-client.h"
1059 d805c2f1d6a9 Support for CAPA command (rfc2449). Timo Sirainen <tss@iki.fi> parents: 1054 diff changeset	14 #include "../pop3/capability.h"
2027 dc5d0da1abe9 Added ssl_require_client_cert auth-specific setting. Hide Timo Sirainen <tss@iki.fi> parents: 1949 diff changeset	15 #include "ssl-proxy.h"
1049 c41787e8c3f4 Moved common login process code to login-common, created pop3-login. Timo Sirainen <tss@iki.fi> parents: diff changeset	16 #include "client.h"
c41787e8c3f4 Moved common login process code to login-common, created pop3-login. Timo Sirainen <tss@iki.fi> parents: diff changeset	17 #include "client-authenticate.h"
2768 d344be0bb70f Added IMAP and POP3 proxying support. Timo Sirainen <tss@iki.fi> parents: 2766 diff changeset	18 #include "pop3-proxy.h"
d344be0bb70f Added IMAP and POP3 proxying support. Timo Sirainen <tss@iki.fi> parents: 2766 diff changeset	19
d344be0bb70f Added IMAP and POP3 proxying support. Timo Sirainen <tss@iki.fi> parents: 2766 diff changeset	20 #include <stdlib.h>
2691 46f879c46b45 auth_verbose now affects imap/pop3 login processes too. Every authentication Timo Sirainen <tss@iki.fi> parents: 2629 diff changeset	21
4856 f75041ec22ba Changed the service name from uppercase IMAP/POP3 to lowercase imap/pop3 so Timo Sirainen <tss@iki.fi> parents: 4790 diff changeset	22 #define POP3_SERVICE_NAME "pop3"
f75041ec22ba Changed the service name from uppercase IMAP/POP3 to lowercase imap/pop3 so Timo Sirainen <tss@iki.fi> parents: 4790 diff changeset	23
4197 c3ded5b815aa If we have plugins set and imap_capability unset, figure out the IMAP Timo Sirainen <tss@iki.fi> parents: 3986 diff changeset	24 const char *capability_string = POP3_CAPABILITY_REPLY;
c3ded5b815aa If we have plugins set and imap_capability unset, figure out the IMAP Timo Sirainen <tss@iki.fi> parents: 3986 diff changeset	25
6411 6a64e64fa3a3 Renamed __attr___ to ATTR_. Renamed __attrs_used__ to ATTRS_DEFINED. Timo Sirainen <tss@iki.fi> parents: 5846 diff changeset	26 bool cmd_capa(struct pop3_client client, const char args ATTR_UNUSED)
1059 d805c2f1d6a9 Support for CAPA command (rfc2449). Timo Sirainen <tss@iki.fi> parents: 1054 diff changeset	27 {
2077 d5b20d679b8a Removed hardcoded mechanism lists. It's now possible to add them Timo Sirainen <tss@iki.fi> parents: 2076 diff changeset	28 const struct auth_mech_desc *mech;
d5b20d679b8a Removed hardcoded mechanism lists. It's now possible to add them Timo Sirainen <tss@iki.fi> parents: 2076 diff changeset	29 unsigned int i, count;
1059 d805c2f1d6a9 Support for CAPA command (rfc2449). Timo Sirainen <tss@iki.fi> parents: 1054 diff changeset	30 string_t *str;
d805c2f1d6a9 Support for CAPA command (rfc2449). Timo Sirainen <tss@iki.fi> parents: 1054 diff changeset	31
2077 d5b20d679b8a Removed hardcoded mechanism lists. It's now possible to add them Timo Sirainen <tss@iki.fi> parents: 2076 diff changeset	32 str = t_str_new(128);
4197 c3ded5b815aa If we have plugins set and imap_capability unset, figure out the IMAP Timo Sirainen <tss@iki.fi> parents: 3986 diff changeset	33 str_append(str, "+OK\r\n");
c3ded5b815aa If we have plugins set and imap_capability unset, figure out the IMAP Timo Sirainen <tss@iki.fi> parents: 3986 diff changeset	34 str_append(str, capability_string);
3136 bf8bc07e546e Don't advertise USER capability if we're not allowing plaintext Timo Sirainen <tss@iki.fi> parents: 3089 diff changeset	35
bf8bc07e546e Don't advertise USER capability if we're not allowing plaintext Timo Sirainen <tss@iki.fi> parents: 3089 diff changeset	36 if (ssl_initialized && !client->common.tls)
bf8bc07e546e Don't advertise USER capability if we're not allowing plaintext Timo Sirainen <tss@iki.fi> parents: 3089 diff changeset	37 str_append(str, "STLS\r\n");
bf8bc07e546e Don't advertise USER capability if we're not allowing plaintext Timo Sirainen <tss@iki.fi> parents: 3089 diff changeset	38 if (!disable_plaintext_auth \|\| client->common.secured)
bf8bc07e546e Don't advertise USER capability if we're not allowing plaintext Timo Sirainen <tss@iki.fi> parents: 3089 diff changeset	39 str_append(str, "USER\r\n");
bf8bc07e546e Don't advertise USER capability if we're not allowing plaintext Timo Sirainen <tss@iki.fi> parents: 3089 diff changeset	40
2077 d5b20d679b8a Removed hardcoded mechanism lists. It's now possible to add them Timo Sirainen <tss@iki.fi> parents: 2076 diff changeset	41 str_append(str, "SASL");
d5b20d679b8a Removed hardcoded mechanism lists. It's now possible to add them Timo Sirainen <tss@iki.fi> parents: 2076 diff changeset	42 mech = auth_client_get_available_mechs(auth_client, &count);
d5b20d679b8a Removed hardcoded mechanism lists. It's now possible to add them Timo Sirainen <tss@iki.fi> parents: 2076 diff changeset	43 for (i = 0; i < count; i++) {
d5b20d679b8a Removed hardcoded mechanism lists. It's now possible to add them Timo Sirainen <tss@iki.fi> parents: 2076 diff changeset	44 /* a) transport is secured
d5b20d679b8a Removed hardcoded mechanism lists. It's now possible to add them Timo Sirainen <tss@iki.fi> parents: 2076 diff changeset	45 b) auth mechanism isn't plaintext
d5b20d679b8a Removed hardcoded mechanism lists. It's now possible to add them Timo Sirainen <tss@iki.fi> parents: 2076 diff changeset	46 c) we allow insecure authentication
d5b20d679b8a Removed hardcoded mechanism lists. It's now possible to add them Timo Sirainen <tss@iki.fi> parents: 2076 diff changeset	47 */
2736 0f31778d3c34 Changed dovecot-auth protocol to ASCII based. Should be easier now to write Timo Sirainen <tss@iki.fi> parents: 2733 diff changeset	48 if ((mech[i].flags & MECH_SEC_PRIVATE) == 0 &&
2838 62908cbe2299 typofix: advertise auth=plain only with disable_plaintext_auth = yes Timo Sirainen <tss@iki.fi> parents: 2773 diff changeset	49 (client->common.secured \|\| !disable_plaintext_auth \|\|
2736 0f31778d3c34 Changed dovecot-auth protocol to ASCII based. Should be easier now to write Timo Sirainen <tss@iki.fi> parents: 2733 diff changeset	50 (mech[i].flags & MECH_SEC_PLAINTEXT) == 0)) {
2077 d5b20d679b8a Removed hardcoded mechanism lists. It's now possible to add them Timo Sirainen <tss@iki.fi> parents: 2076 diff changeset	51 str_append_c(str, ' ');
d5b20d679b8a Removed hardcoded mechanism lists. It's now possible to add them Timo Sirainen <tss@iki.fi> parents: 2076 diff changeset	52 str_append(str, mech[i].name);
1059 d805c2f1d6a9 Support for CAPA command (rfc2449). Timo Sirainen <tss@iki.fi> parents: 1054 diff changeset	53 }
d805c2f1d6a9 Support for CAPA command (rfc2449). Timo Sirainen <tss@iki.fi> parents: 1054 diff changeset	54 }
3136 bf8bc07e546e Don't advertise USER capability if we're not allowing plaintext Timo Sirainen <tss@iki.fi> parents: 3089 diff changeset	55 str_append(str, "\r\n.");
1059 d805c2f1d6a9 Support for CAPA command (rfc2449). Timo Sirainen <tss@iki.fi> parents: 1054 diff changeset	56
3136 bf8bc07e546e Don't advertise USER capability if we're not allowing plaintext Timo Sirainen <tss@iki.fi> parents: 3089 diff changeset	57 client_send_line(client, str_c(str));
1059 d805c2f1d6a9 Support for CAPA command (rfc2449). Timo Sirainen <tss@iki.fi> parents: 1054 diff changeset	58 return TRUE;
d805c2f1d6a9 Support for CAPA command (rfc2449). Timo Sirainen <tss@iki.fi> parents: 1054 diff changeset	59 }
d805c2f1d6a9 Support for CAPA command (rfc2449). Timo Sirainen <tss@iki.fi> parents: 1054 diff changeset	60
4907 5b4c9b20eba0 Replaced void context from a lot of callbacks with the actual context Timo Sirainen <tss@iki.fi>* parents: 4856 diff changeset	61 static void client_auth_input(struct pop3_client *client)
1049 c41787e8c3f4 Moved common login process code to login-common, created pop3-login. Timo Sirainen <tss@iki.fi> parents: diff changeset	62 {
c41787e8c3f4 Moved common login process code to login-common, created pop3-login. Timo Sirainen <tss@iki.fi> parents: diff changeset	63 char *line;
c41787e8c3f4 Moved common login process code to login-common, created pop3-login. Timo Sirainen <tss@iki.fi> parents: diff changeset	64
2237 6b05e30c669a crashfix if client closes connection while authenticating Timo Sirainen <tss@iki.fi> parents: 2097 diff changeset	65 if (!client_read(client))
1049 c41787e8c3f4 Moved common login process code to login-common, created pop3-login. Timo Sirainen <tss@iki.fi> parents: diff changeset	66 return;
c41787e8c3f4 Moved common login process code to login-common, created pop3-login. Timo Sirainen <tss@iki.fi> parents: diff changeset	67
c41787e8c3f4 Moved common login process code to login-common, created pop3-login. Timo Sirainen <tss@iki.fi> parents: diff changeset	68 /* @UNSAFE */
c41787e8c3f4 Moved common login process code to login-common, created pop3-login. Timo Sirainen <tss@iki.fi> parents: diff changeset	69 line = i_stream_next_line(client->input);
c41787e8c3f4 Moved common login process code to login-common, created pop3-login. Timo Sirainen <tss@iki.fi> parents: diff changeset	70 if (line == NULL)
c41787e8c3f4 Moved common login process code to login-common, created pop3-login. Timo Sirainen <tss@iki.fi> parents: diff changeset	71 return;
c41787e8c3f4 Moved common login process code to login-common, created pop3-login. Timo Sirainen <tss@iki.fi> parents: diff changeset	72
c41787e8c3f4 Moved common login process code to login-common, created pop3-login. Timo Sirainen <tss@iki.fi> parents: diff changeset	73 if (strcmp(line, "*") == 0) {
4301 0e10b01960a0 IMAP: Reply with tagged BAD if authentication is aborted because client sent Timo Sirainen <tss@iki.fi> parents: 4269 diff changeset	74 sasl_server_auth_client_error(&client->common,
0e10b01960a0 IMAP: Reply with tagged BAD if authentication is aborted because client sent Timo Sirainen <tss@iki.fi> parents: 4269 diff changeset	75 "Authentication aborted");
1049 c41787e8c3f4 Moved common login process code to login-common, created pop3-login. Timo Sirainen <tss@iki.fi> parents: diff changeset	76 } else {
2736 0f31778d3c34 Changed dovecot-auth protocol to ASCII based. Should be easier now to write Timo Sirainen <tss@iki.fi> parents: 2733 diff changeset	77 auth_client_request_continue(client->common.auth_request, line);
6834 ff62b2323a97 Disable processing input while it's not expected, otherwise we could get Timo Sirainen <tss@iki.fi> parents: 6472 diff changeset	78 io_remove(&client->io);
5433 6f5ff9a7554f Potential crashfix Timo Sirainen <tss@iki.fi> parents: 5173 diff changeset	79
6f5ff9a7554f Potential crashfix Timo Sirainen <tss@iki.fi> parents: 5173 diff changeset	80 /* clear sensitive data */
6f5ff9a7554f Potential crashfix Timo Sirainen <tss@iki.fi> parents: 5173 diff changeset	81 safe_memset(line, 0, strlen(line));
1049 c41787e8c3f4 Moved common login process code to login-common, created pop3-login. Timo Sirainen <tss@iki.fi> parents: diff changeset	82 }
c41787e8c3f4 Moved common login process code to login-common, created pop3-login. Timo Sirainen <tss@iki.fi> parents: diff changeset	83 }
c41787e8c3f4 Moved common login process code to login-common, created pop3-login. Timo Sirainen <tss@iki.fi> parents: diff changeset	84
3863 55df57c028d4 Added "bool" type and changed all ints that were used as booleans to bool. Timo Sirainen <tss@iki.fi> parents: 3571 diff changeset	85 static bool client_handle_args(struct pop3_client *client,
5173 723cf9d39692 If authentication failed but it still returns proxy, don't do the proxying. Timo Sirainen <tss@iki.fi> parents: 5150 diff changeset	86 const char const args, bool success)
2766 26a091f3add6 Implemented support for LOGIN-REFERRALS using "referral" and "reason" Timo Sirainen <tss@iki.fi> parents: 2763 diff changeset	87 {
2768 d344be0bb70f Added IMAP and POP3 proxying support. Timo Sirainen <tss@iki.fi> parents: 2766 diff changeset	88 const char reason = NULL, host = NULL, destuser = NULL, pass = NULL;
2766 26a091f3add6 Implemented support for LOGIN-REFERRALS using "referral" and "reason" Timo Sirainen <tss@iki.fi> parents: 2763 diff changeset	89 string_t *reply;
2768 d344be0bb70f Added IMAP and POP3 proxying support. Timo Sirainen <tss@iki.fi> parents: 2766 diff changeset	90 unsigned int port = 110;
5173 723cf9d39692 If authentication failed but it still returns proxy, don't do the proxying. Timo Sirainen <tss@iki.fi> parents: 5150 diff changeset	91 bool proxy = FALSE, temp = FALSE, nologin = !success;
2766 26a091f3add6 Implemented support for LOGIN-REFERRALS using "referral" and "reason" Timo Sirainen <tss@iki.fi> parents: 2763 diff changeset	92
26a091f3add6 Implemented support for LOGIN-REFERRALS using "referral" and "reason" Timo Sirainen <tss@iki.fi> parents: 2763 diff changeset	93 for (; *args != NULL; args++) {
26a091f3add6 Implemented support for LOGIN-REFERRALS using "referral" and "reason" Timo Sirainen <tss@iki.fi> parents: 2763 diff changeset	94 if (strcmp(*args, "nologin") == 0)
26a091f3add6 Implemented support for LOGIN-REFERRALS using "referral" and "reason" Timo Sirainen <tss@iki.fi> parents: 2763 diff changeset	95 nologin = TRUE;
2768 d344be0bb70f Added IMAP and POP3 proxying support. Timo Sirainen <tss@iki.fi> parents: 2766 diff changeset	96 else if (strcmp(*args, "proxy") == 0)
d344be0bb70f Added IMAP and POP3 proxying support. Timo Sirainen <tss@iki.fi> parents: 2766 diff changeset	97 proxy = TRUE;
3059 08c640bdf749 If authentication failed because of temporary failure, show different error Timo Sirainen <tss@iki.fi> parents: 2838 diff changeset	98 else if (strcmp(*args, "temp") == 0)
08c640bdf749 If authentication failed because of temporary failure, show different error Timo Sirainen <tss@iki.fi> parents: 2838 diff changeset	99 temp = TRUE;
2766 26a091f3add6 Implemented support for LOGIN-REFERRALS using "referral" and "reason" Timo Sirainen <tss@iki.fi> parents: 2763 diff changeset	100 else if (strncmp(*args, "reason=", 7) == 0)
26a091f3add6 Implemented support for LOGIN-REFERRALS using "referral" and "reason" Timo Sirainen <tss@iki.fi> parents: 2763 diff changeset	101 reason = *args + 7;
2768 d344be0bb70f Added IMAP and POP3 proxying support. Timo Sirainen <tss@iki.fi> parents: 2766 diff changeset	102 else if (strncmp(*args, "host=", 5) == 0)
d344be0bb70f Added IMAP and POP3 proxying support. Timo Sirainen <tss@iki.fi> parents: 2766 diff changeset	103 host = *args + 5;
d344be0bb70f Added IMAP and POP3 proxying support. Timo Sirainen <tss@iki.fi> parents: 2766 diff changeset	104 else if (strncmp(*args, "port=", 5) == 0)
d344be0bb70f Added IMAP and POP3 proxying support. Timo Sirainen <tss@iki.fi> parents: 2766 diff changeset	105 port = atoi(*args + 5);
d344be0bb70f Added IMAP and POP3 proxying support. Timo Sirainen <tss@iki.fi> parents: 2766 diff changeset	106 else if (strncmp(*args, "destuser=", 9) == 0)
d344be0bb70f Added IMAP and POP3 proxying support. Timo Sirainen <tss@iki.fi> parents: 2766 diff changeset	107 destuser = *args + 9;
d344be0bb70f Added IMAP and POP3 proxying support. Timo Sirainen <tss@iki.fi> parents: 2766 diff changeset	108 else if (strncmp(*args, "pass=", 5) == 0)
d344be0bb70f Added IMAP and POP3 proxying support. Timo Sirainen <tss@iki.fi> parents: 2766 diff changeset	109 pass = *args + 5;
d344be0bb70f Added IMAP and POP3 proxying support. Timo Sirainen <tss@iki.fi> parents: 2766 diff changeset	110 }
d344be0bb70f Added IMAP and POP3 proxying support. Timo Sirainen <tss@iki.fi> parents: 2766 diff changeset	111
d344be0bb70f Added IMAP and POP3 proxying support. Timo Sirainen <tss@iki.fi> parents: 2766 diff changeset	112 if (destuser == NULL)
d344be0bb70f Added IMAP and POP3 proxying support. Timo Sirainen <tss@iki.fi> parents: 2766 diff changeset	113 destuser = client->common.virtual_user;
d344be0bb70f Added IMAP and POP3 proxying support. Timo Sirainen <tss@iki.fi> parents: 2766 diff changeset	114
6472 6afb29dc9273 If proxy points to the same host/port/user combination as we currently have, Timo Sirainen <tss@iki.fi> parents: 6429 diff changeset	115 if (proxy &&
6afb29dc9273 If proxy points to the same host/port/user combination as we currently have, Timo Sirainen <tss@iki.fi> parents: 6429 diff changeset	116 !login_proxy_is_ourself(&client->common, host, port, destuser)) {
2768 d344be0bb70f Added IMAP and POP3 proxying support. Timo Sirainen <tss@iki.fi> parents: 2766 diff changeset	117 /* we want to proxy the connection to another server.
5173 723cf9d39692 If authentication failed but it still returns proxy, don't do the proxying. Timo Sirainen <tss@iki.fi> parents: 5150 diff changeset	118 don't do this unless authentication succeeded. with
723cf9d39692 If authentication failed but it still returns proxy, don't do the proxying. Timo Sirainen <tss@iki.fi> parents: 5150 diff changeset	119 master user proxying we can get FAIL with proxy still set.
2768 d344be0bb70f Added IMAP and POP3 proxying support. Timo Sirainen <tss@iki.fi> parents: 2766 diff changeset	120
d344be0bb70f Added IMAP and POP3 proxying support. Timo Sirainen <tss@iki.fi> parents: 2766 diff changeset	121 proxy host=.. [port=..] [destuser=..] pass=.. */
5173 723cf9d39692 If authentication failed but it still returns proxy, don't do the proxying. Timo Sirainen <tss@iki.fi> parents: 5150 diff changeset	122 if (!success)
723cf9d39692 If authentication failed but it still returns proxy, don't do the proxying. Timo Sirainen <tss@iki.fi> parents: 5150 diff changeset	123 return FALSE;
2768 d344be0bb70f Added IMAP and POP3 proxying support. Timo Sirainen <tss@iki.fi> parents: 2766 diff changeset	124 if (pop3_proxy_new(client, host, port, destuser, pass) < 0)
d344be0bb70f Added IMAP and POP3 proxying support. Timo Sirainen <tss@iki.fi> parents: 2766 diff changeset	125 client_destroy_internal_failure(client);
d344be0bb70f Added IMAP and POP3 proxying support. Timo Sirainen <tss@iki.fi> parents: 2766 diff changeset	126 return TRUE;
2766 26a091f3add6 Implemented support for LOGIN-REFERRALS using "referral" and "reason" Timo Sirainen <tss@iki.fi> parents: 2763 diff changeset	127 }
26a091f3add6 Implemented support for LOGIN-REFERRALS using "referral" and "reason" Timo Sirainen <tss@iki.fi> parents: 2763 diff changeset	128
26a091f3add6 Implemented support for LOGIN-REFERRALS using "referral" and "reason" Timo Sirainen <tss@iki.fi> parents: 2763 diff changeset	129 if (!nologin)
26a091f3add6 Implemented support for LOGIN-REFERRALS using "referral" and "reason" Timo Sirainen <tss@iki.fi> parents: 2763 diff changeset	130 return FALSE;
26a091f3add6 Implemented support for LOGIN-REFERRALS using "referral" and "reason" Timo Sirainen <tss@iki.fi> parents: 2763 diff changeset	131
26a091f3add6 Implemented support for LOGIN-REFERRALS using "referral" and "reason" Timo Sirainen <tss@iki.fi> parents: 2763 diff changeset	132 reply = t_str_new(128);
26a091f3add6 Implemented support for LOGIN-REFERRALS using "referral" and "reason" Timo Sirainen <tss@iki.fi> parents: 2763 diff changeset	133 str_append(reply, "-ERR ");
26a091f3add6 Implemented support for LOGIN-REFERRALS using "referral" and "reason" Timo Sirainen <tss@iki.fi> parents: 2763 diff changeset	134 if (reason != NULL)
26a091f3add6 Implemented support for LOGIN-REFERRALS using "referral" and "reason" Timo Sirainen <tss@iki.fi> parents: 2763 diff changeset	135 str_append(reply, reason);
3059 08c640bdf749 If authentication failed because of temporary failure, show different error Timo Sirainen <tss@iki.fi> parents: 2838 diff changeset	136 else if (temp)
08c640bdf749 If authentication failed because of temporary failure, show different error Timo Sirainen <tss@iki.fi> parents: 2838 diff changeset	137 str_append(reply, AUTH_TEMP_FAILED_MSG);
2766 26a091f3add6 Implemented support for LOGIN-REFERRALS using "referral" and "reason" Timo Sirainen <tss@iki.fi> parents: 2763 diff changeset	138 else
2773 e624a9ad6a30 More smart IMAP and POP3 proxies. Now if remote login fails, it just Timo Sirainen <tss@iki.fi> parents: 2768 diff changeset	139 str_append(reply, AUTH_FAILED_MSG);
2766 26a091f3add6 Implemented support for LOGIN-REFERRALS using "referral" and "reason" Timo Sirainen <tss@iki.fi> parents: 2763 diff changeset	140
26a091f3add6 Implemented support for LOGIN-REFERRALS using "referral" and "reason" Timo Sirainen <tss@iki.fi> parents: 2763 diff changeset	141 client_send_line(client, str_c(reply));
26a091f3add6 Implemented support for LOGIN-REFERRALS using "referral" and "reason" Timo Sirainen <tss@iki.fi> parents: 2763 diff changeset	142
5150 16240711734e If authentication fails and we've already destroyed the client, don't go Timo Sirainen <tss@iki.fi> parents: 4924 diff changeset	143 if (!client->destroyed) {
16240711734e If authentication fails and we've already destroyed the client, don't go Timo Sirainen <tss@iki.fi> parents: 4924 diff changeset	144 /* get back to normal client input. */
16240711734e If authentication fails and we've already destroyed the client, don't go Timo Sirainen <tss@iki.fi> parents: 4924 diff changeset	145 if (client->io != NULL)
16240711734e If authentication fails and we've already destroyed the client, don't go Timo Sirainen <tss@iki.fi> parents: 4924 diff changeset	146 io_remove(&client->io);
16240711734e If authentication fails and we've already destroyed the client, don't go Timo Sirainen <tss@iki.fi> parents: 4924 diff changeset	147 client->io = io_add(client->common.fd, IO_READ,
16240711734e If authentication fails and we've already destroyed the client, don't go Timo Sirainen <tss@iki.fi> parents: 4924 diff changeset	148 client_input, client);
16240711734e If authentication fails and we've already destroyed the client, don't go Timo Sirainen <tss@iki.fi> parents: 4924 diff changeset	149 }
2766 26a091f3add6 Implemented support for LOGIN-REFERRALS using "referral" and "reason" Timo Sirainen <tss@iki.fi> parents: 2763 diff changeset	150 return TRUE;
26a091f3add6 Implemented support for LOGIN-REFERRALS using "referral" and "reason" Timo Sirainen <tss@iki.fi> parents: 2763 diff changeset	151 }
26a091f3add6 Implemented support for LOGIN-REFERRALS using "referral" and "reason" Timo Sirainen <tss@iki.fi> parents: 2763 diff changeset	152
2733 9b9d9c164a31 Login process cleanups. Share more authentication code between pop3/imap. Timo Sirainen <tss@iki.fi> parents: 2708 diff changeset	153 static void sasl_callback(struct client *_client, enum sasl_server_reply reply,
2766 26a091f3add6 Implemented support for LOGIN-REFERRALS using "referral" and "reason" Timo Sirainen <tss@iki.fi> parents: 2763 diff changeset	154 const char data, const char const *args)
2733 9b9d9c164a31 Login process cleanups. Share more authentication code between pop3/imap. Timo Sirainen <tss@iki.fi> parents: 2708 diff changeset	155 {
9b9d9c164a31 Login process cleanups. Share more authentication code between pop3/imap. Timo Sirainen <tss@iki.fi> parents: 2708 diff changeset	156 struct pop3_client client = (struct pop3_client )_client;
9b9d9c164a31 Login process cleanups. Share more authentication code between pop3/imap. Timo Sirainen <tss@iki.fi> parents: 2708 diff changeset	157 struct const_iovec iov[3];
4301 0e10b01960a0 IMAP: Reply with tagged BAD if authentication is aborted because client sent Timo Sirainen <tss@iki.fi> parents: 4269 diff changeset	158 const char *msg;
2733 9b9d9c164a31 Login process cleanups. Share more authentication code between pop3/imap. Timo Sirainen <tss@iki.fi> parents: 2708 diff changeset	159 size_t data_len;
9b9d9c164a31 Login process cleanups. Share more authentication code between pop3/imap. Timo Sirainen <tss@iki.fi> parents: 2708 diff changeset	160
4790 c6d77f917d12 Fixed potential problems with client disconnecting while master was handling Timo Sirainen <tss@iki.fi> parents: 4770 diff changeset	161 i_assert(!client->destroyed \|\|
c6d77f917d12 Fixed potential problems with client disconnecting while master was handling Timo Sirainen <tss@iki.fi> parents: 4770 diff changeset	162 reply == SASL_SERVER_REPLY_CLIENT_ERROR \|\|
c6d77f917d12 Fixed potential problems with client disconnecting while master was handling Timo Sirainen <tss@iki.fi> parents: 4770 diff changeset	163 reply == SASL_SERVER_REPLY_MASTER_FAILED);
4770 88c29111fcee Crashfixes and more asserts. Mostly related to use of AUTHENTICATE/AUTH Timo Sirainen <tss@iki.fi> parents: 4301 diff changeset	164
2733 9b9d9c164a31 Login process cleanups. Share more authentication code between pop3/imap. Timo Sirainen <tss@iki.fi> parents: 2708 diff changeset	165 switch (reply) {
9b9d9c164a31 Login process cleanups. Share more authentication code between pop3/imap. Timo Sirainen <tss@iki.fi> parents: 2708 diff changeset	166 case SASL_SERVER_REPLY_SUCCESS:
2766 26a091f3add6 Implemented support for LOGIN-REFERRALS using "referral" and "reason" Timo Sirainen <tss@iki.fi> parents: 2763 diff changeset	167 if (args != NULL) {
5173 723cf9d39692 If authentication failed but it still returns proxy, don't do the proxying. Timo Sirainen <tss@iki.fi> parents: 5150 diff changeset	168 if (client_handle_args(client, args, TRUE))
2766 26a091f3add6 Implemented support for LOGIN-REFERRALS using "referral" and "reason" Timo Sirainen <tss@iki.fi> parents: 2763 diff changeset	169 break;
26a091f3add6 Implemented support for LOGIN-REFERRALS using "referral" and "reason" Timo Sirainen <tss@iki.fi> parents: 2763 diff changeset	170 }
26a091f3add6 Implemented support for LOGIN-REFERRALS using "referral" and "reason" Timo Sirainen <tss@iki.fi> parents: 2763 diff changeset	171
2733 9b9d9c164a31 Login process cleanups. Share more authentication code between pop3/imap. Timo Sirainen <tss@iki.fi> parents: 2708 diff changeset	172 client_send_line(client, "+OK Logged in.");
3384 3b75956d20c4 Added configurable logging for login process. Added configurable pop3 logout Timo Sirainen <tss@iki.fi> parents: 3136 diff changeset	173 client_destroy(client, "Login");
2733 9b9d9c164a31 Login process cleanups. Share more authentication code between pop3/imap. Timo Sirainen <tss@iki.fi> parents: 2708 diff changeset	174 break;
9b9d9c164a31 Login process cleanups. Share more authentication code between pop3/imap. Timo Sirainen <tss@iki.fi> parents: 2708 diff changeset	175 case SASL_SERVER_REPLY_AUTH_FAILED:
4301 0e10b01960a0 IMAP: Reply with tagged BAD if authentication is aborted because client sent Timo Sirainen <tss@iki.fi> parents: 4269 diff changeset	176 case SASL_SERVER_REPLY_CLIENT_ERROR:
2768 d344be0bb70f Added IMAP and POP3 proxying support. Timo Sirainen <tss@iki.fi> parents: 2766 diff changeset	177 if (args != NULL) {
5173 723cf9d39692 If authentication failed but it still returns proxy, don't do the proxying. Timo Sirainen <tss@iki.fi> parents: 5150 diff changeset	178 if (client_handle_args(client, args, FALSE))
2768 d344be0bb70f Added IMAP and POP3 proxying support. Timo Sirainen <tss@iki.fi> parents: 2766 diff changeset	179 break;
d344be0bb70f Added IMAP and POP3 proxying support. Timo Sirainen <tss@iki.fi> parents: 2766 diff changeset	180 }
d344be0bb70f Added IMAP and POP3 proxying support. Timo Sirainen <tss@iki.fi> parents: 2766 diff changeset	181
4301 0e10b01960a0 IMAP: Reply with tagged BAD if authentication is aborted because client sent Timo Sirainen <tss@iki.fi> parents: 4269 diff changeset	182 msg = t_strconcat("-ERR ", data != NULL ?
0e10b01960a0 IMAP: Reply with tagged BAD if authentication is aborted because client sent Timo Sirainen <tss@iki.fi> parents: 4269 diff changeset	183 data : AUTH_FAILED_MSG, NULL);
0e10b01960a0 IMAP: Reply with tagged BAD if authentication is aborted because client sent Timo Sirainen <tss@iki.fi> parents: 4269 diff changeset	184 client_send_line(client, msg);
2733 9b9d9c164a31 Login process cleanups. Share more authentication code between pop3/imap. Timo Sirainen <tss@iki.fi> parents: 2708 diff changeset	185
5150 16240711734e If authentication fails and we've already destroyed the client, don't go Timo Sirainen <tss@iki.fi> parents: 4924 diff changeset	186 if (!client->destroyed) {
16240711734e If authentication fails and we've already destroyed the client, don't go Timo Sirainen <tss@iki.fi> parents: 4924 diff changeset	187 /* get back to normal client input. */
16240711734e If authentication fails and we've already destroyed the client, don't go Timo Sirainen <tss@iki.fi> parents: 4924 diff changeset	188 if (client->io != NULL)
16240711734e If authentication fails and we've already destroyed the client, don't go Timo Sirainen <tss@iki.fi> parents: 4924 diff changeset	189 io_remove(&client->io);
16240711734e If authentication fails and we've already destroyed the client, don't go Timo Sirainen <tss@iki.fi> parents: 4924 diff changeset	190 client->io = io_add(client->common.fd, IO_READ,
16240711734e If authentication fails and we've already destroyed the client, don't go Timo Sirainen <tss@iki.fi> parents: 4924 diff changeset	191 client_input, client);
16240711734e If authentication fails and we've already destroyed the client, don't go Timo Sirainen <tss@iki.fi> parents: 4924 diff changeset	192 }
2733 9b9d9c164a31 Login process cleanups. Share more authentication code between pop3/imap. Timo Sirainen <tss@iki.fi> parents: 2708 diff changeset	193 break;
9b9d9c164a31 Login process cleanups. Share more authentication code between pop3/imap. Timo Sirainen <tss@iki.fi> parents: 2708 diff changeset	194 case SASL_SERVER_REPLY_MASTER_FAILED:
5846 21e529b8a701 Initial implementation for mail_max_user_connections setting. Timo Sirainen <tss@iki.fi> parents: 5433 diff changeset	195 if (data == NULL)
21e529b8a701 Initial implementation for mail_max_user_connections setting. Timo Sirainen <tss@iki.fi> parents: 5433 diff changeset	196 client_destroy_internal_failure(client);
21e529b8a701 Initial implementation for mail_max_user_connections setting. Timo Sirainen <tss@iki.fi> parents: 5433 diff changeset	197 else {
21e529b8a701 Initial implementation for mail_max_user_connections setting. Timo Sirainen <tss@iki.fi> parents: 5433 diff changeset	198 client_send_line(client,
21e529b8a701 Initial implementation for mail_max_user_connections setting. Timo Sirainen <tss@iki.fi> parents: 5433 diff changeset	199 t_strconcat("-ERR [IN-USE] ", data, NULL));
21e529b8a701 Initial implementation for mail_max_user_connections setting. Timo Sirainen <tss@iki.fi> parents: 5433 diff changeset	200 client_destroy(client, data);
21e529b8a701 Initial implementation for mail_max_user_connections setting. Timo Sirainen <tss@iki.fi> parents: 5433 diff changeset	201 }
2733 9b9d9c164a31 Login process cleanups. Share more authentication code between pop3/imap. Timo Sirainen <tss@iki.fi> parents: 2708 diff changeset	202 break;
9b9d9c164a31 Login process cleanups. Share more authentication code between pop3/imap. Timo Sirainen <tss@iki.fi> parents: 2708 diff changeset	203 case SASL_SERVER_REPLY_CONTINUE:
9b9d9c164a31 Login process cleanups. Share more authentication code between pop3/imap. Timo Sirainen <tss@iki.fi> parents: 2708 diff changeset	204 data_len = strlen(data);
9b9d9c164a31 Login process cleanups. Share more authentication code between pop3/imap. Timo Sirainen <tss@iki.fi> parents: 2708 diff changeset	205 iov[0].iov_base = "+ ";
9b9d9c164a31 Login process cleanups. Share more authentication code between pop3/imap. Timo Sirainen <tss@iki.fi> parents: 2708 diff changeset	206 iov[0].iov_len = 2;
9b9d9c164a31 Login process cleanups. Share more authentication code between pop3/imap. Timo Sirainen <tss@iki.fi> parents: 2708 diff changeset	207 iov[1].iov_base = data;
9b9d9c164a31 Login process cleanups. Share more authentication code between pop3/imap. Timo Sirainen <tss@iki.fi> parents: 2708 diff changeset	208 iov[1].iov_len = data_len;
9b9d9c164a31 Login process cleanups. Share more authentication code between pop3/imap. Timo Sirainen <tss@iki.fi> parents: 2708 diff changeset	209 iov[2].iov_base = "\r\n";
9b9d9c164a31 Login process cleanups. Share more authentication code between pop3/imap. Timo Sirainen <tss@iki.fi> parents: 2708 diff changeset	210 iov[2].iov_len = 2;
9b9d9c164a31 Login process cleanups. Share more authentication code between pop3/imap. Timo Sirainen <tss@iki.fi> parents: 2708 diff changeset	211
3955 295af5c1cce6 If client disconnected while we were trying to send authentication Timo Sirainen <tss@iki.fi> parents: 3879 diff changeset	212 /* don't check return value here. it gets tricky if we try
295af5c1cce6 If client disconnected while we were trying to send authentication Timo Sirainen <tss@iki.fi> parents: 3879 diff changeset	213 to call client_destroy() in here. */
295af5c1cce6 If client disconnected while we were trying to send authentication Timo Sirainen <tss@iki.fi> parents: 3879 diff changeset	214 (void)o_stream_sendv(client->output, iov, 3);
6834 ff62b2323a97 Disable processing input while it's not expected, otherwise we could get Timo Sirainen <tss@iki.fi> parents: 6472 diff changeset	215
ff62b2323a97 Disable processing input while it's not expected, otherwise we could get Timo Sirainen <tss@iki.fi> parents: 6472 diff changeset	216 i_assert(client->io == NULL);
ff62b2323a97 Disable processing input while it's not expected, otherwise we could get Timo Sirainen <tss@iki.fi> parents: 6472 diff changeset	217 client->io = io_add(client->common.fd, IO_READ,
ff62b2323a97 Disable processing input while it's not expected, otherwise we could get Timo Sirainen <tss@iki.fi> parents: 6472 diff changeset	218 client_auth_input, client);
ff62b2323a97 Disable processing input while it's not expected, otherwise we could get Timo Sirainen <tss@iki.fi> parents: 6472 diff changeset	219 client_auth_input(client);
3955 295af5c1cce6 If client disconnected while we were trying to send authentication Timo Sirainen <tss@iki.fi> parents: 3879 diff changeset	220 return;
2733 9b9d9c164a31 Login process cleanups. Share more authentication code between pop3/imap. Timo Sirainen <tss@iki.fi> parents: 2708 diff changeset	221 }
9b9d9c164a31 Login process cleanups. Share more authentication code between pop3/imap. Timo Sirainen <tss@iki.fi> parents: 2708 diff changeset	222
9b9d9c164a31 Login process cleanups. Share more authentication code between pop3/imap. Timo Sirainen <tss@iki.fi> parents: 2708 diff changeset	223 client_unref(client);
9b9d9c164a31 Login process cleanups. Share more authentication code between pop3/imap. Timo Sirainen <tss@iki.fi> parents: 2708 diff changeset	224 }
9b9d9c164a31 Login process cleanups. Share more authentication code between pop3/imap. Timo Sirainen <tss@iki.fi> parents: 2708 diff changeset	225
3863 55df57c028d4 Added "bool" type and changed all ints that were used as booleans to bool. Timo Sirainen <tss@iki.fi> parents: 3571 diff changeset	226 bool cmd_auth(struct pop3_client client, const char args)
1049 c41787e8c3f4 Moved common login process code to login-common, created pop3-login. Timo Sirainen <tss@iki.fi> parents: diff changeset	227 {
2077 d5b20d679b8a Removed hardcoded mechanism lists. It's now possible to add them Timo Sirainen <tss@iki.fi> parents: 2076 diff changeset	228 const struct auth_mech_desc *mech;
2733 9b9d9c164a31 Login process cleanups. Share more authentication code between pop3/imap. Timo Sirainen <tss@iki.fi> parents: 2708 diff changeset	229 const char mech_name, p;
1049 c41787e8c3f4 Moved common login process code to login-common, created pop3-login. Timo Sirainen <tss@iki.fi> parents: diff changeset	230
2698 55308ec89931 Advertise all SASL mechanisms in old-style SASL discovery. Patch by Andrey Timo Sirainen <tss@iki.fi> parents: 2691 diff changeset	231 if (*args == '\0') {
55308ec89931 Advertise all SASL mechanisms in old-style SASL discovery. Patch by Andrey Timo Sirainen <tss@iki.fi> parents: 2691 diff changeset	232 /* Old-style SASL discovery, used by MS Outlook */
3571 b871cd1dc60c Compiler warning fixes Timo Sirainen <tss@iki.fi> parents: 3384 diff changeset	233 unsigned int i, count;
b871cd1dc60c Compiler warning fixes Timo Sirainen <tss@iki.fi> parents: 3384 diff changeset	234
2382 34d4c7a7b485 Added NTLM kludge. Patch by Andrey Panin Timo Sirainen <tss@iki.fi> parents: 2345 diff changeset	235 client_send_line(client, "+OK");
2698 55308ec89931 Advertise all SASL mechanisms in old-style SASL discovery. Patch by Andrey Timo Sirainen <tss@iki.fi> parents: 2691 diff changeset	236 mech = auth_client_get_available_mechs(auth_client, &count);
55308ec89931 Advertise all SASL mechanisms in old-style SASL discovery. Patch by Andrey Timo Sirainen <tss@iki.fi> parents: 2691 diff changeset	237 for (i = 0; i < count; i++) {
2736 0f31778d3c34 Changed dovecot-auth protocol to ASCII based. Should be easier now to write Timo Sirainen <tss@iki.fi> parents: 2733 diff changeset	238 if ((mech[i].flags & MECH_SEC_PRIVATE) == 0 &&
2763 ab14dffd0e91 tls/secured variables are in common client structure. Plaintext logins Timo Sirainen <tss@iki.fi> parents: 2759 diff changeset	239 (client->common.secured \|\| disable_plaintext_auth \|\|
2736 0f31778d3c34 Changed dovecot-auth protocol to ASCII based. Should be easier now to write Timo Sirainen <tss@iki.fi> parents: 2733 diff changeset	240 (mech[i].flags & MECH_SEC_PLAINTEXT) == 0))
2698 55308ec89931 Advertise all SASL mechanisms in old-style SASL discovery. Patch by Andrey Timo Sirainen <tss@iki.fi> parents: 2691 diff changeset	241 client_send_line(client, mech[i].name);
55308ec89931 Advertise all SASL mechanisms in old-style SASL discovery. Patch by Andrey Timo Sirainen <tss@iki.fi> parents: 2691 diff changeset	242 }
2382 34d4c7a7b485 Added NTLM kludge. Patch by Andrey Panin Timo Sirainen <tss@iki.fi> parents: 2345 diff changeset	243 client_send_line(client, ".");
34d4c7a7b485 Added NTLM kludge. Patch by Andrey Panin Timo Sirainen <tss@iki.fi> parents: 2345 diff changeset	244 return TRUE;
2698 55308ec89931 Advertise all SASL mechanisms in old-style SASL discovery. Patch by Andrey Timo Sirainen <tss@iki.fi> parents: 2691 diff changeset	245 }
2382 34d4c7a7b485 Added NTLM kludge. Patch by Andrey Panin Timo Sirainen <tss@iki.fi> parents: 2345 diff changeset	246
2077 d5b20d679b8a Removed hardcoded mechanism lists. It's now possible to add them Timo Sirainen <tss@iki.fi> parents: 2076 diff changeset	247 /* <mechanism name> <initial response> */
d5b20d679b8a Removed hardcoded mechanism lists. It's now possible to add them Timo Sirainen <tss@iki.fi> parents: 2076 diff changeset	248 p = strchr(args, ' ');
d5b20d679b8a Removed hardcoded mechanism lists. It's now possible to add them Timo Sirainen <tss@iki.fi> parents: 2076 diff changeset	249 if (p == NULL) {
d5b20d679b8a Removed hardcoded mechanism lists. It's now possible to add them Timo Sirainen <tss@iki.fi> parents: 2076 diff changeset	250 mech_name = args;
d5b20d679b8a Removed hardcoded mechanism lists. It's now possible to add them Timo Sirainen <tss@iki.fi> parents: 2076 diff changeset	251 args = "";
d5b20d679b8a Removed hardcoded mechanism lists. It's now possible to add them Timo Sirainen <tss@iki.fi> parents: 2076 diff changeset	252 } else {
d5b20d679b8a Removed hardcoded mechanism lists. It's now possible to add them Timo Sirainen <tss@iki.fi> parents: 2076 diff changeset	253 mech_name = t_strdup_until(args, p);
d5b20d679b8a Removed hardcoded mechanism lists. It's now possible to add them Timo Sirainen <tss@iki.fi> parents: 2076 diff changeset	254 args = p+1;
d5b20d679b8a Removed hardcoded mechanism lists. It's now possible to add them Timo Sirainen <tss@iki.fi> parents: 2076 diff changeset	255 }
d5b20d679b8a Removed hardcoded mechanism lists. It's now possible to add them Timo Sirainen <tss@iki.fi> parents: 2076 diff changeset	256
2733 9b9d9c164a31 Login process cleanups. Share more authentication code between pop3/imap. Timo Sirainen <tss@iki.fi> parents: 2708 diff changeset	257 client_ref(client);
4856 f75041ec22ba Changed the service name from uppercase IMAP/POP3 to lowercase imap/pop3 so Timo Sirainen <tss@iki.fi> parents: 4790 diff changeset	258 sasl_server_auth_begin(&client->common, POP3_SERVICE_NAME, mech_name,
2736 0f31778d3c34 Changed dovecot-auth protocol to ASCII based. Should be easier now to write Timo Sirainen <tss@iki.fi> parents: 2733 diff changeset	259 args, sasl_callback);
2733 9b9d9c164a31 Login process cleanups. Share more authentication code between pop3/imap. Timo Sirainen <tss@iki.fi> parents: 2708 diff changeset	260 if (!client->common.authenticating)
9b9d9c164a31 Login process cleanups. Share more authentication code between pop3/imap. Timo Sirainen <tss@iki.fi> parents: 2708 diff changeset	261 return TRUE;
9b9d9c164a31 Login process cleanups. Share more authentication code between pop3/imap. Timo Sirainen <tss@iki.fi> parents: 2708 diff changeset	262
6834 ff62b2323a97 Disable processing input while it's not expected, otherwise we could get Timo Sirainen <tss@iki.fi> parents: 6472 diff changeset	263 /* don't handle input until we get the initial auth reply */
2733 9b9d9c164a31 Login process cleanups. Share more authentication code between pop3/imap. Timo Sirainen <tss@iki.fi> parents: 2708 diff changeset	264 if (client->io != NULL)
3879 928229f8b3e6 deinit, unref, destroy, close, free, etc. functions now take a pointer to Timo Sirainen <tss@iki.fi> parents: 3863 diff changeset	265 io_remove(&client->io);
2733 9b9d9c164a31 Login process cleanups. Share more authentication code between pop3/imap. Timo Sirainen <tss@iki.fi> parents: 2708 diff changeset	266 return TRUE;
9b9d9c164a31 Login process cleanups. Share more authentication code between pop3/imap. Timo Sirainen <tss@iki.fi> parents: 2708 diff changeset	267 }
9b9d9c164a31 Login process cleanups. Share more authentication code between pop3/imap. Timo Sirainen <tss@iki.fi> parents: 2708 diff changeset	268
4269 b8fd29a53d47 If PASS command is given (after unsuccessful USER) with plaintext auth Timo Sirainen <tss@iki.fi> parents: 4197 diff changeset	269 static bool check_plaintext_auth(struct pop3_client *client)
b8fd29a53d47 If PASS command is given (after unsuccessful USER) with plaintext auth Timo Sirainen <tss@iki.fi> parents: 4197 diff changeset	270 {
b8fd29a53d47 If PASS command is given (after unsuccessful USER) with plaintext auth Timo Sirainen <tss@iki.fi> parents: 4197 diff changeset	271 if (client->common.secured \|\| !disable_plaintext_auth)
b8fd29a53d47 If PASS command is given (after unsuccessful USER) with plaintext auth Timo Sirainen <tss@iki.fi> parents: 4197 diff changeset	272 return TRUE;
b8fd29a53d47 If PASS command is given (after unsuccessful USER) with plaintext auth Timo Sirainen <tss@iki.fi> parents: 4197 diff changeset	273
b8fd29a53d47 If PASS command is given (after unsuccessful USER) with plaintext auth Timo Sirainen <tss@iki.fi> parents: 4197 diff changeset	274 if (verbose_auth) {
b8fd29a53d47 If PASS command is given (after unsuccessful USER) with plaintext auth Timo Sirainen <tss@iki.fi> parents: 4197 diff changeset	275 client_syslog(&client->common, "Login failed: "
b8fd29a53d47 If PASS command is given (after unsuccessful USER) with plaintext auth Timo Sirainen <tss@iki.fi> parents: 4197 diff changeset	276 "Plaintext authentication disabled");
b8fd29a53d47 If PASS command is given (after unsuccessful USER) with plaintext auth Timo Sirainen <tss@iki.fi> parents: 4197 diff changeset	277 }
4924 98780639b190 "Plaintext authentication disabled" -> "Plaintext authentication disallowed Timo Sirainen <tss@iki.fi> parents: 4907 diff changeset	278 client_send_line(client, "-ERR "AUTH_PLAINTEXT_DISABLED_MSG);
4269 b8fd29a53d47 If PASS command is given (after unsuccessful USER) with plaintext auth Timo Sirainen <tss@iki.fi> parents: 4197 diff changeset	279 return FALSE;
b8fd29a53d47 If PASS command is given (after unsuccessful USER) with plaintext auth Timo Sirainen <tss@iki.fi> parents: 4197 diff changeset	280 }
b8fd29a53d47 If PASS command is given (after unsuccessful USER) with plaintext auth Timo Sirainen <tss@iki.fi> parents: 4197 diff changeset	281
3863 55df57c028d4 Added "bool" type and changed all ints that were used as booleans to bool. Timo Sirainen <tss@iki.fi> parents: 3571 diff changeset	282 bool cmd_user(struct pop3_client client, const char args)
2733 9b9d9c164a31 Login process cleanups. Share more authentication code between pop3/imap. Timo Sirainen <tss@iki.fi> parents: 2708 diff changeset	283 {
4269 b8fd29a53d47 If PASS command is given (after unsuccessful USER) with plaintext auth Timo Sirainen <tss@iki.fi> parents: 4197 diff changeset	284 if (!check_plaintext_auth(client))
2733 9b9d9c164a31 Login process cleanups. Share more authentication code between pop3/imap. Timo Sirainen <tss@iki.fi> parents: 2708 diff changeset	285 return TRUE;
9b9d9c164a31 Login process cleanups. Share more authentication code between pop3/imap. Timo Sirainen <tss@iki.fi> parents: 2708 diff changeset	286
9b9d9c164a31 Login process cleanups. Share more authentication code between pop3/imap. Timo Sirainen <tss@iki.fi> parents: 2708 diff changeset	287 i_free(client->last_user);
9b9d9c164a31 Login process cleanups. Share more authentication code between pop3/imap. Timo Sirainen <tss@iki.fi> parents: 2708 diff changeset	288 client->last_user = i_strdup(args);
9b9d9c164a31 Login process cleanups. Share more authentication code between pop3/imap. Timo Sirainen <tss@iki.fi> parents: 2708 diff changeset	289
9b9d9c164a31 Login process cleanups. Share more authentication code between pop3/imap. Timo Sirainen <tss@iki.fi> parents: 2708 diff changeset	290 client_send_line(client, "+OK");
9b9d9c164a31 Login process cleanups. Share more authentication code between pop3/imap. Timo Sirainen <tss@iki.fi> parents: 2708 diff changeset	291 return TRUE;
9b9d9c164a31 Login process cleanups. Share more authentication code between pop3/imap. Timo Sirainen <tss@iki.fi> parents: 2708 diff changeset	292 }
9b9d9c164a31 Login process cleanups. Share more authentication code between pop3/imap. Timo Sirainen <tss@iki.fi> parents: 2708 diff changeset	293
3863 55df57c028d4 Added "bool" type and changed all ints that were used as booleans to bool. Timo Sirainen <tss@iki.fi> parents: 3571 diff changeset	294 bool cmd_pass(struct pop3_client client, const char args)
2733 9b9d9c164a31 Login process cleanups. Share more authentication code between pop3/imap. Timo Sirainen <tss@iki.fi> parents: 2708 diff changeset	295 {
2736 0f31778d3c34 Changed dovecot-auth protocol to ASCII based. Should be easier now to write Timo Sirainen <tss@iki.fi> parents: 2733 diff changeset	296 string_t plain_login, base64;
2733 9b9d9c164a31 Login process cleanups. Share more authentication code between pop3/imap. Timo Sirainen <tss@iki.fi> parents: 2708 diff changeset	297
9b9d9c164a31 Login process cleanups. Share more authentication code between pop3/imap. Timo Sirainen <tss@iki.fi> parents: 2708 diff changeset	298 if (client->last_user == NULL) {
4269 b8fd29a53d47 If PASS command is given (after unsuccessful USER) with plaintext auth Timo Sirainen <tss@iki.fi> parents: 4197 diff changeset	299 /* client may ignore the USER reply and only display the error
b8fd29a53d47 If PASS command is given (after unsuccessful USER) with plaintext auth Timo Sirainen <tss@iki.fi> parents: 4197 diff changeset	300 message from PASS */
b8fd29a53d47 If PASS command is given (after unsuccessful USER) with plaintext auth Timo Sirainen <tss@iki.fi> parents: 4197 diff changeset	301 if (!check_plaintext_auth(client))
b8fd29a53d47 If PASS command is given (after unsuccessful USER) with plaintext auth Timo Sirainen <tss@iki.fi> parents: 4197 diff changeset	302 return TRUE;
b8fd29a53d47 If PASS command is given (after unsuccessful USER) with plaintext auth Timo Sirainen <tss@iki.fi> parents: 4197 diff changeset	303
2733 9b9d9c164a31 Login process cleanups. Share more authentication code between pop3/imap. Timo Sirainen <tss@iki.fi> parents: 2708 diff changeset	304 client_send_line(client, "-ERR No username given.");
9b9d9c164a31 Login process cleanups. Share more authentication code between pop3/imap. Timo Sirainen <tss@iki.fi> parents: 2708 diff changeset	305 return TRUE;
9b9d9c164a31 Login process cleanups. Share more authentication code between pop3/imap. Timo Sirainen <tss@iki.fi> parents: 2708 diff changeset	306 }
9b9d9c164a31 Login process cleanups. Share more authentication code between pop3/imap. Timo Sirainen <tss@iki.fi> parents: 2708 diff changeset	307
9b9d9c164a31 Login process cleanups. Share more authentication code between pop3/imap. Timo Sirainen <tss@iki.fi> parents: 2708 diff changeset	308 /* authorization ID \0 authentication ID \0 pass */
9b9d9c164a31 Login process cleanups. Share more authentication code between pop3/imap. Timo Sirainen <tss@iki.fi> parents: 2708 diff changeset	309 plain_login = t_str_new(128);
9b9d9c164a31 Login process cleanups. Share more authentication code between pop3/imap. Timo Sirainen <tss@iki.fi> parents: 2708 diff changeset	310 str_append_c(plain_login, '\0');
9b9d9c164a31 Login process cleanups. Share more authentication code between pop3/imap. Timo Sirainen <tss@iki.fi> parents: 2708 diff changeset	311 str_append(plain_login, client->last_user);
9b9d9c164a31 Login process cleanups. Share more authentication code between pop3/imap. Timo Sirainen <tss@iki.fi> parents: 2708 diff changeset	312 str_append_c(plain_login, '\0');
9b9d9c164a31 Login process cleanups. Share more authentication code between pop3/imap. Timo Sirainen <tss@iki.fi> parents: 2708 diff changeset	313 str_append(plain_login, args);
2097 4e77cb0aff21 Added %l, %r and %P variables and mail_log_prefix setting. Timo Sirainen <tss@iki.fi> parents: 2077 diff changeset	314
3089 a171aa34f0e8 Don't allow multiple PASS commands after a USER command. Patch by Andrey Timo Sirainen <tss@iki.fi> parents: 3059 diff changeset	315 i_free(client->last_user);
a171aa34f0e8 Don't allow multiple PASS commands after a USER command. Patch by Andrey Timo Sirainen <tss@iki.fi> parents: 3059 diff changeset	316 client->last_user = NULL;
a171aa34f0e8 Don't allow multiple PASS commands after a USER command. Patch by Andrey Timo Sirainen <tss@iki.fi> parents: 3059 diff changeset	317
2736 0f31778d3c34 Changed dovecot-auth protocol to ASCII based. Should be easier now to write Timo Sirainen <tss@iki.fi> parents: 2733 diff changeset	318 base64 = buffer_create_dynamic(pool_datastack_create(),
0f31778d3c34 Changed dovecot-auth protocol to ASCII based. Should be easier now to write Timo Sirainen <tss@iki.fi> parents: 2733 diff changeset	319 MAX_BASE64_ENCODED_SIZE(plain_login->used));
0f31778d3c34 Changed dovecot-auth protocol to ASCII based. Should be easier now to write Timo Sirainen <tss@iki.fi> parents: 2733 diff changeset	320 base64_encode(plain_login->data, plain_login->used, base64);
0f31778d3c34 Changed dovecot-auth protocol to ASCII based. Should be easier now to write Timo Sirainen <tss@iki.fi> parents: 2733 diff changeset	321
1714 96dab004a87a fixes. maybe it works now. Timo Sirainen <tss@iki.fi> parents: 1702 diff changeset	322 client_ref(client);
4856 f75041ec22ba Changed the service name from uppercase IMAP/POP3 to lowercase imap/pop3 so Timo Sirainen <tss@iki.fi> parents: 4790 diff changeset	323 sasl_server_auth_begin(&client->common, POP3_SERVICE_NAME, "PLAIN",
2736 0f31778d3c34 Changed dovecot-auth protocol to ASCII based. Should be easier now to write Timo Sirainen <tss@iki.fi> parents: 2733 diff changeset	324 str_c(base64), sasl_callback);
2733 9b9d9c164a31 Login process cleanups. Share more authentication code between pop3/imap. Timo Sirainen <tss@iki.fi> parents: 2708 diff changeset	325 if (!client->common.authenticating)
9b9d9c164a31 Login process cleanups. Share more authentication code between pop3/imap. Timo Sirainen <tss@iki.fi> parents: 2708 diff changeset	326 return TRUE;
9b9d9c164a31 Login process cleanups. Share more authentication code between pop3/imap. Timo Sirainen <tss@iki.fi> parents: 2708 diff changeset	327
9b9d9c164a31 Login process cleanups. Share more authentication code between pop3/imap. Timo Sirainen <tss@iki.fi> parents: 2708 diff changeset	328 /* don't read any input from client until login is finished */
3879 928229f8b3e6 deinit, unref, destroy, close, free, etc. functions now take a pointer to Timo Sirainen <tss@iki.fi> parents: 3863 diff changeset	329 if (client->io != NULL)
928229f8b3e6 deinit, unref, destroy, close, free, etc. functions now take a pointer to Timo Sirainen <tss@iki.fi> parents: 3863 diff changeset	330 io_remove(&client->io);
1049 c41787e8c3f4 Moved common login process code to login-common, created pop3-login. Timo Sirainen <tss@iki.fi> parents: diff changeset	331 return TRUE;
c41787e8c3f4 Moved common login process code to login-common, created pop3-login. Timo Sirainen <tss@iki.fi> parents: diff changeset	332 }
2267 d2e186f716d8 Added APOP authentication for POP3. Patch by Andrey Panin. Timo Sirainen <tss@iki.fi> parents: 2237 diff changeset	333
3863 55df57c028d4 Added "bool" type and changed all ints that were used as booleans to bool. Timo Sirainen <tss@iki.fi> parents: 3571 diff changeset	334 bool cmd_apop(struct pop3_client client, const char args)
2267 d2e186f716d8 Added APOP authentication for POP3. Patch by Andrey Panin. Timo Sirainen <tss@iki.fi> parents: 2237 diff changeset	335 {
2736 0f31778d3c34 Changed dovecot-auth protocol to ASCII based. Should be easier now to write Timo Sirainen <tss@iki.fi> parents: 2733 diff changeset	336 buffer_t apop_data, base64;
2733 9b9d9c164a31 Login process cleanups. Share more authentication code between pop3/imap. Timo Sirainen <tss@iki.fi> parents: 2708 diff changeset	337 const char *p;
2267 d2e186f716d8 Added APOP authentication for POP3. Patch by Andrey Panin. Timo Sirainen <tss@iki.fi> parents: 2237 diff changeset	338
d2e186f716d8 Added APOP authentication for POP3. Patch by Andrey Panin. Timo Sirainen <tss@iki.fi> parents: 2237 diff changeset	339 if (client->apop_challenge == NULL) {
2733 9b9d9c164a31 Login process cleanups. Share more authentication code between pop3/imap. Timo Sirainen <tss@iki.fi> parents: 2708 diff changeset	340 if (verbose_auth) {
9b9d9c164a31 Login process cleanups. Share more authentication code between pop3/imap. Timo Sirainen <tss@iki.fi> parents: 2708 diff changeset	341 client_syslog(&client->common,
9b9d9c164a31 Login process cleanups. Share more authentication code between pop3/imap. Timo Sirainen <tss@iki.fi> parents: 2708 diff changeset	342 "APOP failed: APOP not enabled");
9b9d9c164a31 Login process cleanups. Share more authentication code between pop3/imap. Timo Sirainen <tss@iki.fi> parents: 2708 diff changeset	343 }
2267 d2e186f716d8 Added APOP authentication for POP3. Patch by Andrey Panin. Timo Sirainen <tss@iki.fi> parents: 2237 diff changeset	344 client_send_line(client, "-ERR APOP not enabled.");
d2e186f716d8 Added APOP authentication for POP3. Patch by Andrey Panin. Timo Sirainen <tss@iki.fi> parents: 2237 diff changeset	345 return TRUE;
d2e186f716d8 Added APOP authentication for POP3. Patch by Andrey Panin. Timo Sirainen <tss@iki.fi> parents: 2237 diff changeset	346 }
d2e186f716d8 Added APOP authentication for POP3. Patch by Andrey Panin. Timo Sirainen <tss@iki.fi> parents: 2237 diff changeset	347
d2e186f716d8 Added APOP authentication for POP3. Patch by Andrey Panin. Timo Sirainen <tss@iki.fi> parents: 2237 diff changeset	348 /* <username> <md5 sum in hex> */
d2e186f716d8 Added APOP authentication for POP3. Patch by Andrey Panin. Timo Sirainen <tss@iki.fi> parents: 2237 diff changeset	349 p = strchr(args, ' ');
d2e186f716d8 Added APOP authentication for POP3. Patch by Andrey Panin. Timo Sirainen <tss@iki.fi> parents: 2237 diff changeset	350 if (p == NULL \|\| strlen(p+1) != 32) {
2691 46f879c46b45 auth_verbose now affects imap/pop3 login processes too. Every authentication Timo Sirainen <tss@iki.fi> parents: 2629 diff changeset	351 if (verbose_auth) {
2733 9b9d9c164a31 Login process cleanups. Share more authentication code between pop3/imap. Timo Sirainen <tss@iki.fi> parents: 2708 diff changeset	352 client_syslog(&client->common,
9b9d9c164a31 Login process cleanups. Share more authentication code between pop3/imap. Timo Sirainen <tss@iki.fi> parents: 2708 diff changeset	353 "APOP failed: Invalid parameters");
2691 46f879c46b45 auth_verbose now affects imap/pop3 login processes too. Every authentication Timo Sirainen <tss@iki.fi> parents: 2629 diff changeset	354 }
2267 d2e186f716d8 Added APOP authentication for POP3. Patch by Andrey Panin. Timo Sirainen <tss@iki.fi> parents: 2237 diff changeset	355 client_send_line(client, "-ERR Invalid parameters.");
d2e186f716d8 Added APOP authentication for POP3. Patch by Andrey Panin. Timo Sirainen <tss@iki.fi> parents: 2237 diff changeset	356 return TRUE;
d2e186f716d8 Added APOP authentication for POP3. Patch by Andrey Panin. Timo Sirainen <tss@iki.fi> parents: 2237 diff changeset	357 }
d2e186f716d8 Added APOP authentication for POP3. Patch by Andrey Panin. Timo Sirainen <tss@iki.fi> parents: 2237 diff changeset	358
d2e186f716d8 Added APOP authentication for POP3. Patch by Andrey Panin. Timo Sirainen <tss@iki.fi> parents: 2237 diff changeset	359 /* APOP challenge \0 username \0 APOP response */
2708 f1e9f3ec8135 Buffer API change: we no longer support limited sized buffers where Timo Sirainen <tss@iki.fi> parents: 2698 diff changeset	360 apop_data = buffer_create_dynamic(pool_datastack_create(), 128);
2267 d2e186f716d8 Added APOP authentication for POP3. Patch by Andrey Panin. Timo Sirainen <tss@iki.fi> parents: 2237 diff changeset	361 buffer_append(apop_data, client->apop_challenge,
d2e186f716d8 Added APOP authentication for POP3. Patch by Andrey Panin. Timo Sirainen <tss@iki.fi> parents: 2237 diff changeset	362 strlen(client->apop_challenge)+1);
d2e186f716d8 Added APOP authentication for POP3. Patch by Andrey Panin. Timo Sirainen <tss@iki.fi> parents: 2237 diff changeset	363 buffer_append(apop_data, args, (size_t)(p-args));
d2e186f716d8 Added APOP authentication for POP3. Patch by Andrey Panin. Timo Sirainen <tss@iki.fi> parents: 2237 diff changeset	364 buffer_append_c(apop_data, '\0');
d2e186f716d8 Added APOP authentication for POP3. Patch by Andrey Panin. Timo Sirainen <tss@iki.fi> parents: 2237 diff changeset	365
2708 f1e9f3ec8135 Buffer API change: we no longer support limited sized buffers where Timo Sirainen <tss@iki.fi> parents: 2698 diff changeset	366 if (hex_to_binary(p+1, apop_data) < 0) {
2691 46f879c46b45 auth_verbose now affects imap/pop3 login processes too. Every authentication Timo Sirainen <tss@iki.fi> parents: 2629 diff changeset	367 if (verbose_auth) {
2733 9b9d9c164a31 Login process cleanups. Share more authentication code between pop3/imap. Timo Sirainen <tss@iki.fi> parents: 2708 diff changeset	368 client_syslog(&client->common, "APOP failed: "
2691 46f879c46b45 auth_verbose now affects imap/pop3 login processes too. Every authentication Timo Sirainen <tss@iki.fi> parents: 2629 diff changeset	369 "Invalid characters in MD5 response");
46f879c46b45 auth_verbose now affects imap/pop3 login processes too. Every authentication Timo Sirainen <tss@iki.fi> parents: 2629 diff changeset	370 }
2267 d2e186f716d8 Added APOP authentication for POP3. Patch by Andrey Panin. Timo Sirainen <tss@iki.fi> parents: 2237 diff changeset	371 client_send_line(client,
d2e186f716d8 Added APOP authentication for POP3. Patch by Andrey Panin. Timo Sirainen <tss@iki.fi> parents: 2237 diff changeset	372 "-ERR Invalid characters in MD5 response.");
d2e186f716d8 Added APOP authentication for POP3. Patch by Andrey Panin. Timo Sirainen <tss@iki.fi> parents: 2237 diff changeset	373 return TRUE;
d2e186f716d8 Added APOP authentication for POP3. Patch by Andrey Panin. Timo Sirainen <tss@iki.fi> parents: 2237 diff changeset	374 }
d2e186f716d8 Added APOP authentication for POP3. Patch by Andrey Panin. Timo Sirainen <tss@iki.fi> parents: 2237 diff changeset	375
2736 0f31778d3c34 Changed dovecot-auth protocol to ASCII based. Should be easier now to write Timo Sirainen <tss@iki.fi> parents: 2733 diff changeset	376 base64 = buffer_create_dynamic(pool_datastack_create(),
0f31778d3c34 Changed dovecot-auth protocol to ASCII based. Should be easier now to write Timo Sirainen <tss@iki.fi> parents: 2733 diff changeset	377 MAX_BASE64_ENCODED_SIZE(apop_data->used));
0f31778d3c34 Changed dovecot-auth protocol to ASCII based. Should be easier now to write Timo Sirainen <tss@iki.fi> parents: 2733 diff changeset	378 base64_encode(apop_data->data, apop_data->used, base64);
0f31778d3c34 Changed dovecot-auth protocol to ASCII based. Should be easier now to write Timo Sirainen <tss@iki.fi> parents: 2733 diff changeset	379
2267 d2e186f716d8 Added APOP authentication for POP3. Patch by Andrey Panin. Timo Sirainen <tss@iki.fi> parents: 2237 diff changeset	380 client_ref(client);
4856 f75041ec22ba Changed the service name from uppercase IMAP/POP3 to lowercase imap/pop3 so Timo Sirainen <tss@iki.fi> parents: 4790 diff changeset	381 sasl_server_auth_begin(&client->common, POP3_SERVICE_NAME, "APOP",
2736 0f31778d3c34 Changed dovecot-auth protocol to ASCII based. Should be easier now to write Timo Sirainen <tss@iki.fi> parents: 2733 diff changeset	382 str_c(base64), sasl_callback);
2733 9b9d9c164a31 Login process cleanups. Share more authentication code between pop3/imap. Timo Sirainen <tss@iki.fi> parents: 2708 diff changeset	383 if (!client->common.authenticating)
9b9d9c164a31 Login process cleanups. Share more authentication code between pop3/imap. Timo Sirainen <tss@iki.fi> parents: 2708 diff changeset	384 return TRUE;
2267 d2e186f716d8 Added APOP authentication for POP3. Patch by Andrey Panin. Timo Sirainen <tss@iki.fi> parents: 2237 diff changeset	385
2733 9b9d9c164a31 Login process cleanups. Share more authentication code between pop3/imap. Timo Sirainen <tss@iki.fi> parents: 2708 diff changeset	386 /* don't read any input from client until login is finished */
3879 928229f8b3e6 deinit, unref, destroy, close, free, etc. functions now take a pointer to Timo Sirainen <tss@iki.fi> parents: 3863 diff changeset	387 if (client->io != NULL)
928229f8b3e6 deinit, unref, destroy, close, free, etc. functions now take a pointer to Timo Sirainen <tss@iki.fi> parents: 3863 diff changeset	388 io_remove(&client->io);
2267 d2e186f716d8 Added APOP authentication for POP3. Patch by Andrey Panin. Timo Sirainen <tss@iki.fi> parents: 2237 diff changeset	389 return TRUE;
d2e186f716d8 Added APOP authentication for POP3. Patch by Andrey Panin. Timo Sirainen <tss@iki.fi> parents: 2237 diff changeset	390 }

Mercurial > dovecot > original-hg > dovecot-1.2

annotate src/pop3-login/client-authenticate.c @ 6834:ff62b2323a97 HEAD