dovecot-1.2: imap/pop3-login: Cleaned up proxying code. Don't di...
dovecot at dovecot.org
dovecot at dovecot.org
Sun Dec 21 09:43:25 EET 2008
details: http://hg.dovecot.org/dovecot-1.2/rev/2ff2cac3578b
changeset: 8583:2ff2cac3578b
user: Timo Sirainen <tss at iki.fi>
date: Sun Dec 21 09:43:20 2008 +0200
description:
imap/pop3-login: Cleaned up proxying code. Don't disconnect client on proxy failures.
Log proxy failures as errors.
diffstat:
13 files changed, 190 insertions(+), 146 deletions(-)
src/imap-login/client-authenticate.c | 23 +---
src/imap-login/client.c | 6 -
src/imap-login/client.h | 1
src/imap-login/imap-proxy.c | 77 +++++++++------
src/imap-login/imap-proxy.h | 2
src/login-common/client-common.c | 14 ++
src/login-common/client-common.h | 1
src/login-common/login-proxy.c | 27 +++--
src/login-common/login-proxy.h | 2
src/pop3-login/client-authenticate.c | 9 -
src/pop3-login/client.c | 6 -
src/pop3-login/client.h | 2
src/pop3-login/pop3-proxy.c | 166 ++++++++++++++++++----------------
diffs (truncated from 719 to 300 lines):
diff -r 467606dbabb7 -r 2ff2cac3578b src/imap-login/client-authenticate.c
--- a/src/imap-login/client-authenticate.c Fri Dec 19 18:08:09 2008 +0200
+++ b/src/imap-login/client-authenticate.c Sun Dec 21 09:43:20 2008 +0200
@@ -91,7 +91,7 @@ static void client_authfail_delay_timeou
client_input(client);
}
-static void client_auth_failed(struct imap_client *client, bool nodelay)
+void client_auth_failed(struct imap_client *client, bool nodelay)
{
unsigned int delay_msecs;
@@ -129,7 +129,7 @@ static bool client_handle_args(struct im
const char *master_user = NULL;
string_t *reply;
unsigned int port = 143;
- bool proxy = FALSE, temp = FALSE, nologin = !success, proxy_self;
+ bool proxy = FALSE, temp = FALSE, nologin = !success;
bool authz_failure = FALSE;
*nodelay_r = FALSE;
@@ -167,9 +167,7 @@ static bool client_handle_args(struct im
if (destuser == NULL)
destuser = client->common.virtual_user;
- proxy_self = proxy &&
- login_proxy_is_ourself(&client->common, host, port, destuser);
- if (proxy && !proxy_self) {
+ if (proxy) {
/* we want to proxy the connection to another server.
don't do this unless authentication succeeded. with
master user proxying we can get FAIL with proxy still set.
@@ -179,11 +177,11 @@ static bool client_handle_args(struct im
return FALSE;
if (imap_proxy_new(client, host, port, destuser, master_user,
pass) < 0)
- client_destroy_internal_failure(client);
+ client_auth_failed(client, TRUE);
return TRUE;
}
- if (!proxy && host != NULL) {
+ if (host != NULL) {
/* IMAP referral
[nologin] referral host=.. [port=..] [destuser=..]
@@ -213,18 +211,13 @@ static bool client_handle_args(struct im
client_destroy_success(client, "Login with referral");
return TRUE;
}
- } else if (nologin || proxy_self) {
+ } else if (nologin) {
/* Authentication went ok, but for some reason user isn't
allowed to log in. Shouldn't probably happen. */
- if (proxy_self) {
- client_syslog(&client->common,
- "Proxying loops to itself");
- }
-
reply = t_str_new(128);
if (reason != NULL)
str_printfa(reply, "NO %s", reason);
- else if (temp || proxy_self) {
+ else if (temp) {
str_append(reply, "NO ["IMAP_RESP_CODE_UNAVAILABLE"] "
AUTH_TEMP_FAILED_MSG);
} else if (authz_failure) {
@@ -238,7 +231,7 @@ static bool client_handle_args(struct im
return FALSE;
}
- i_assert(nologin || proxy_self);
+ i_assert(nologin);
if (!client->destroyed)
client_auth_failed(client, *nodelay_r);
diff -r 467606dbabb7 -r 2ff2cac3578b src/imap-login/client.c
--- a/src/imap-login/client.c Fri Dec 19 18:08:09 2008 +0200
+++ b/src/imap-login/client.c Sun Dec 21 09:43:20 2008 +0200
@@ -589,10 +589,8 @@ void client_destroy(struct imap_client *
i_free_and_null(client->proxy_user);
i_free_and_null(client->proxy_master_user);
- if (client->proxy != NULL) {
- login_proxy_free(client->proxy);
- client->proxy = NULL;
- }
+ if (client->proxy != NULL)
+ login_proxy_free(&client->proxy);
if (client->common.proxy != NULL) {
ssl_proxy_free(client->common.proxy);
diff -r 467606dbabb7 -r 2ff2cac3578b src/imap-login/client.h
--- a/src/imap-login/client.h Fri Dec 19 18:08:09 2008 +0200
+++ b/src/imap-login/client.h Sun Dec 21 09:43:20 2008 +0200
@@ -53,5 +53,6 @@ bool client_unref(struct imap_client *cl
bool client_unref(struct imap_client *client);
void client_set_auth_waiting(struct imap_client *client);
+void client_auth_failed(struct imap_client *client, bool nodelay);
#endif
diff -r 467606dbabb7 -r 2ff2cac3578b src/imap-login/imap-proxy.c
--- a/src/imap-login/imap-proxy.c Fri Dec 19 18:08:09 2008 +0200
+++ b/src/imap-login/imap-proxy.c Sun Dec 21 09:43:20 2008 +0200
@@ -9,8 +9,12 @@
#include "str-sanitize.h"
#include "safe-memset.h"
#include "client.h"
+#include "imap-resp-code.h"
#include "imap-quote.h"
#include "imap-proxy.h"
+
+#define PROXY_FAILURE_MSG \
+ "NO ["IMAP_RESP_CODE_UNAVAILABLE"] "AUTH_TEMP_FAILED_MSG
static bool imap_banner_has_capability(const char *line, const char *capability)
{
@@ -49,8 +53,25 @@ static void proxy_write_id(struct imap_c
static void proxy_free_password(struct imap_client *client)
{
+ if (client->proxy_password == NULL)
+ return;
+
safe_memset(client->proxy_password, 0, strlen(client->proxy_password));
i_free_and_null(client->proxy_password);
+}
+
+static void proxy_failed(struct imap_client *client, bool send_tagline)
+{
+ if (send_tagline)
+ client_send_tagline(client, PROXY_FAILURE_MSG);
+
+ login_proxy_free(&client->proxy);
+ proxy_free_password(client);
+ i_free_and_null(client->proxy_user);
+ i_free_and_null(client->proxy_master_user);
+
+ /* call this last - it may destroy the client */
+ client_auth_failed(client, TRUE);
}
static void get_plain_auth(struct imap_client *client, string_t *dest)
@@ -72,10 +93,9 @@ static int proxy_input_banner(struct ima
string_t *str;
if (strncmp(line, "* OK ", 5) != 0) {
- client_syslog(&client->common, t_strdup_printf(
+ client_syslog_err(&client->common, t_strdup_printf(
"proxy: Remote returned invalid banner: %s",
str_sanitize(line, 160)));
- client_destroy_internal_failure(client);
return -1;
}
@@ -116,7 +136,11 @@ static int proxy_input_line(struct imap_
if (!client->proxy_login_sent) {
/* this is a banner */
- return proxy_input_banner(client, output, line);
+ if (proxy_input_banner(client, output, line) < 0) {
+ proxy_failed(client, TRUE);
+ return -1;
+ }
+ return 0;
} else if (*line == '+') {
/* AUTHENTICATE started. finish it. */
str = t_str_new(128);
@@ -200,17 +224,7 @@ static int proxy_input_line(struct imap_
str_append(str, line + 2);
i_info("%s", str_c(str));
}
-
- /* allow client input again */
- i_assert(client->io == NULL);
- client->io = io_add(client->common.fd, IO_READ,
- client_input, client);
-
- login_proxy_free(client->proxy);
- client->proxy = NULL;
-
- i_free_and_null(client->proxy_user);
- i_free_and_null(client->proxy_master_user);
+ proxy_failed(client, FALSE);
return -1;
} else {
/* probably some untagged reply */
@@ -224,9 +238,8 @@ static void proxy_input(struct istream *
const char *line;
if (input == NULL) {
- if (client->io != NULL) {
- /* remote authentication failed, we're just
- freeing the proxy */
+ if (client->proxy == NULL) {
+ /* we're just freeing the proxy */
return;
}
@@ -236,8 +249,7 @@ static void proxy_input(struct istream *
}
/* failed for some reason, probably server disconnected */
- client_send_line(client, "* BYE Temporary login failure.");
- client_destroy_success(client, NULL);
+ proxy_failed(client, TRUE);
return;
}
@@ -245,14 +257,14 @@ static void proxy_input(struct istream *
switch (i_stream_read(input)) {
case -2:
- /* buffer full */
- client_syslog(&client->common,
- "proxy: Remote input buffer full");
- client_destroy_internal_failure(client);
+ client_syslog_err(&client->common,
+ "proxy: Remote input buffer full");
+ proxy_failed(client, TRUE);
return;
case -1:
- /* disconnected */
- client_destroy_success(client, "Proxy: Remote disconnected");
+ client_syslog_err(&client->common,
+ "proxy: Remote disconnected");
+ proxy_failed(client, TRUE);
return;
}
@@ -270,7 +282,8 @@ int imap_proxy_new(struct imap_client *c
i_assert(!client->destroyed);
if (password == NULL) {
- client_syslog(&client->common, "proxy: password not given");
+ client_syslog_err(&client->common, "proxy: password not given");
+ client_send_tagline(client, PROXY_FAILURE_MSG);
return -1;
}
@@ -282,11 +295,18 @@ int imap_proxy_new(struct imap_client *c
connection and killed us. */
return -1;
}
+ if (login_proxy_is_ourself(&client->common, host, port, user)) {
+ client_syslog_err(&client->common, "Proxying loops to itself");
+ client_send_tagline(client, PROXY_FAILURE_MSG);
+ return -1;
+ }
client->proxy = login_proxy_new(&client->common, host, port,
proxy_input, client);
- if (client->proxy == NULL)
- return -1;
+ if (client->proxy == NULL) {
+ client_send_tagline(client, PROXY_FAILURE_MSG);
+ return -1;
+ }
client->proxy_login_sent = FALSE;
client->proxy_user = i_strdup(user);
@@ -296,6 +316,5 @@ int imap_proxy_new(struct imap_client *c
/* disable input until authentication is finished */
if (client->io != NULL)
io_remove(&client->io);
-
return 0;
}
diff -r 467606dbabb7 -r 2ff2cac3578b src/imap-login/imap-proxy.h
--- a/src/imap-login/imap-proxy.h Fri Dec 19 18:08:09 2008 +0200
+++ b/src/imap-login/imap-proxy.h Sun Dec 21 09:43:20 2008 +0200
@@ -3,7 +3,7 @@
#include "login-proxy.h"
-int imap_proxy_new(struct imap_client *client, const char *host,
+int imap_proxy_new(struct imap_client *client, const char *hosts,
unsigned int port, const char *user, const char *master_user,
const char *password);
diff -r 467606dbabb7 -r 2ff2cac3578b src/login-common/client-common.c
--- a/src/login-common/client-common.c Fri Dec 19 18:08:09 2008 +0200
+++ b/src/login-common/client-common.c Sun Dec 21 09:43:20 2008 +0200
@@ -109,7 +109,8 @@ static bool have_key(const struct var_ex
return FALSE;
}
-static void client_syslog_real(struct client *client, const char *msg)
+static const char *
+client_get_log_str(struct client *client, const char *msg)
{
static struct var_expand_table static_tab[3] = {
{ 's', NULL, NULL },
@@ -147,13 +148,20 @@ static void client_syslog_real(struct cl
str_truncate(str, 0);
var_expand(str, log_format, tab);
- i_info("%s", str_c(str));
+ return str_c(str);
More information about the dovecot-cvs
mailing list