dovecot-2.0: imap: Remember if TLS compression is enabled.
dovecot at dovecot.org
dovecot at dovecot.org
Sat Feb 13 05:46:27 EET 2010
details: http://hg.dovecot.org/dovecot-2.0/rev/fd5141e85076
changeset: 10695:fd5141e85076
user: Timo Sirainen <tss at iki.fi>
date: Sat Feb 13 05:43:50 2010 +0200
description:
imap: Remember if TLS compression is enabled.
diffstat:
src/imap/imap-client.h | 1 +
src/imap/main.c | 10 ++++++++--
src/lib-master/master-auth.h | 7 +++++++
src/login-common/sasl-server.c | 3 +++
src/login-common/ssl-proxy-openssl.c | 24 ++++++++++++++----------
src/login-common/ssl-proxy.c | 5 +++++
src/login-common/ssl-proxy.h | 1 +
7 files changed, 39 insertions(+), 12 deletions(-)
diffs (169 lines):
diff -r 9f0014f19bd3 -r fd5141e85076 src/imap/imap-client.h
--- a/src/imap/imap-client.h Sat Feb 13 05:36:04 2010 +0200
+++ b/src/imap/imap-client.h Sat Feb 13 05:43:50 2010 +0200
@@ -142,6 +142,7 @@
unsigned int id_logged:1;
unsigned int mailbox_examined:1;
unsigned int anvil_sent:1;
+ unsigned int tls_compression:1;
unsigned int input_skip_line:1; /* skip all the data until we've
found a new line */
unsigned int modseqs_sent_since_sync:1;
diff -r 9f0014f19bd3 -r fd5141e85076 src/imap/main.c
--- a/src/imap/main.c Sat Feb 13 05:36:04 2010 +0200
+++ b/src/imap/main.c Sat Feb 13 05:43:50 2010 +0200
@@ -159,6 +159,7 @@
static int
client_create_from_input(const struct mail_storage_service_input *input,
+ const struct master_login_client *login_client,
int fd_in, int fd_out, const buffer_t *input_buf,
const char **error_r)
{
@@ -166,6 +167,7 @@
struct mail_user *mail_user;
struct client *client;
const struct imap_settings *set;
+ enum mail_auth_request_flags flags;
if (mail_storage_service_lookup_next(storage_service, input,
&user, &mail_user, error_r) <= 0)
@@ -180,6 +182,10 @@
T_BEGIN {
client_add_input(client, input_buf);
} T_END;
+
+ flags = login_client == NULL ? 0 : login_client->auth_req.flags;
+ if ((flags & MAIL_AUTH_REQUEST_FLAG_TLS_COMPRESSION) != 0)
+ client->tls_compression = TRUE;
return 0;
}
@@ -205,7 +211,7 @@
input_buf = input_base64 == NULL ? NULL :
t_base64_decode_str(input_base64);
- if (client_create_from_input(&input, STDIN_FILENO, STDOUT_FILENO,
+ if (client_create_from_input(&input, NULL, STDIN_FILENO, STDOUT_FILENO,
input_buf, &error) < 0)
i_fatal("%s", error);
}
@@ -227,7 +233,7 @@
buffer_create_const_data(&input_buf, client->data,
client->auth_req.data_size);
- if (client_create_from_input(&input, client->fd, client->fd,
+ if (client_create_from_input(&input, client, client->fd, client->fd,
&input_buf, &error) < 0) {
i_error("%s", error);
(void)close(client->fd);
diff -r 9f0014f19bd3 -r fd5141e85076 src/lib-master/master-auth.h
--- a/src/lib-master/master-auth.h Sat Feb 13 05:36:04 2010 +0200
+++ b/src/lib-master/master-auth.h Sat Feb 13 05:43:50 2010 +0200
@@ -17,6 +17,11 @@
to make sure there's space to transfer the command tag */
#define MASTER_AUTH_MAX_DATA_SIZE (1024*2)
+enum mail_auth_request_flags {
+ /* Connection has TLS compression enabled */
+ MAIL_AUTH_REQUEST_FLAG_TLS_COMPRESSION = 0x01
+};
+
/* Authentication request. File descriptor may be sent along with the
request. */
struct master_auth_request {
@@ -33,6 +38,8 @@
itself may be a local socketpair. */
struct ip_addr local_ip, remote_ip;
+ uint32_t flags;
+
/* request follows this many bytes of client input */
uint32_t data_size;
/* inode of the transferred fd. verified just to be sure that the
diff -r 9f0014f19bd3 -r fd5141e85076 src/login-common/sasl-server.c
--- a/src/login-common/sasl-server.c Sat Feb 13 05:36:04 2010 +0200
+++ b/src/login-common/sasl-server.c Sat Feb 13 05:43:50 2010 +0200
@@ -119,6 +119,9 @@
req.local_ip = client->local_ip;
req.remote_ip = client->ip;
req.client_pid = getpid();
+ if (client->ssl_proxy != NULL &&
+ ssl_proxy_get_compression(client->ssl_proxy))
+ req.flags |= MAIL_AUTH_REQUEST_FLAG_TLS_COMPRESSION;
memcpy(req.cookie, anvil_request->cookie, sizeof(req.cookie));
buf = buffer_create_dynamic(pool_datastack_create(), 256);
diff -r 9f0014f19bd3 -r fd5141e85076 src/login-common/ssl-proxy-openssl.c
--- a/src/login-common/ssl-proxy-openssl.c Sat Feb 13 05:36:04 2010 +0200
+++ b/src/login-common/ssl-proxy-openssl.c Sat Feb 13 05:43:50 2010 +0200
@@ -704,9 +704,6 @@
const char *ssl_proxy_get_security_string(struct ssl_proxy *proxy)
{
SSL_CIPHER *cipher;
-#ifdef HAVE_SSL_COMPRESSION
- const COMP_METHOD *comp;
-#endif
int bits, alg_bits;
const char *comp_str;
@@ -715,19 +712,26 @@
cipher = SSL_get_current_cipher(proxy->ssl);
bits = SSL_CIPHER_get_bits(cipher, &alg_bits);
-#ifdef HAVE_SSL_COMPRESSION
- comp = SSL_get_current_compression(proxy->ssl);
- comp_str = comp == NULL ? "" :
- t_strconcat(" ", SSL_COMP_get_name(comp), NULL);
-#else
- comp_str = "";
-#endif
+ comp_str = ssl_proxy_get_compression(proxy);
+ comp_str = comp_str == NULL ? "" : t_strconcat(" ", comp_str, NULL);
return t_strdup_printf("%s with cipher %s (%d/%d bits)%s",
SSL_get_version(proxy->ssl),
SSL_CIPHER_get_name(cipher),
bits, alg_bits, comp_str);
}
+const char *ssl_proxy_get_compression(struct ssl_proxy *proxy)
+{
+#ifdef HAVE_SSL_COMPRESSION
+ const COMP_METHOD *comp;
+
+ comp = SSL_get_current_compression(proxy->ssl);
+ return comp == NULL ? NULL : SSL_COMP_get_name(comp);
+#else
+ return NULL;
+#endif
+}
+
void ssl_proxy_free(struct ssl_proxy **_proxy)
{
struct ssl_proxy *proxy = *_proxy;
diff -r 9f0014f19bd3 -r fd5141e85076 src/login-common/ssl-proxy.c
--- a/src/login-common/ssl-proxy.c Sat Feb 13 05:36:04 2010 +0200
+++ b/src/login-common/ssl-proxy.c Sat Feb 13 05:43:50 2010 +0200
@@ -66,6 +66,11 @@
return "";
}
+const char *ssl_proxy_get_compression(struct ssl_proxy *proxy ATTR_UNUSED)
+{
+ return NULL;
+}
+
void ssl_proxy_free(struct ssl_proxy **proxy ATTR_UNUSED) {}
unsigned int ssl_proxy_get_count(void)
diff -r 9f0014f19bd3 -r fd5141e85076 src/login-common/ssl-proxy.h
--- a/src/login-common/ssl-proxy.h Sat Feb 13 05:36:04 2010 +0200
+++ b/src/login-common/ssl-proxy.h Sat Feb 13 05:43:50 2010 +0200
@@ -28,6 +28,7 @@
bool ssl_proxy_is_handshaked(const struct ssl_proxy *proxy) ATTR_PURE;
const char *ssl_proxy_get_last_error(const struct ssl_proxy *proxy) ATTR_PURE;
const char *ssl_proxy_get_security_string(struct ssl_proxy *proxy);
+const char *ssl_proxy_get_compression(struct ssl_proxy *proxy);
void ssl_proxy_free(struct ssl_proxy **proxy);
/* Return number of active SSL proxies */
More information about the dovecot-cvs
mailing list