dovecot-2.0: imap: Remember if TLS compression is enabled.

dovecot at dovecot.org dovecot at dovecot.org
Sat Feb 13 05:46:27 EET 2010 

details:   http://hg.dovecot.org/dovecot-2.0/rev/fd5141e85076
changeset: 10695:fd5141e85076
user:      Timo Sirainen <tss at iki.fi>
date:      Sat Feb 13 05:43:50 2010 +0200
description:
imap: Remember if TLS compression is enabled.

diffstat:

 src/imap/imap-client.h               |   1 +
 src/imap/main.c                      |  10 ++++++++--
 src/lib-master/master-auth.h         |   7 +++++++
 src/login-common/sasl-server.c       |   3 +++
 src/login-common/ssl-proxy-openssl.c |  24 ++++++++++++++----------
 src/login-common/ssl-proxy.c         |   5 +++++
 src/login-common/ssl-proxy.h         |   1 +
 7 files changed, 39 insertions(+), 12 deletions(-)

diffs (169 lines):

diff -r 9f0014f19bd3 -r fd5141e85076 src/imap/imap-client.h
--- a/src/imap/imap-client.h	Sat Feb 13 05:36:04 2010 +0200
+++ b/src/imap/imap-client.h	Sat Feb 13 05:43:50 2010 +0200
@@ -142,6 +142,7 @@
 	unsigned int id_logged:1;
 	unsigned int mailbox_examined:1;
 	unsigned int anvil_sent:1;
+	unsigned int tls_compression:1;
 	unsigned int input_skip_line:1; /* skip all the data until we've
 					   found a new line */
 	unsigned int modseqs_sent_since_sync:1;
diff -r 9f0014f19bd3 -r fd5141e85076 src/imap/main.c
--- a/src/imap/main.c	Sat Feb 13 05:36:04 2010 +0200
+++ b/src/imap/main.c	Sat Feb 13 05:43:50 2010 +0200
@@ -159,6 +159,7 @@
 
 static int
 client_create_from_input(const struct mail_storage_service_input *input,
+			 const struct master_login_client *login_client,
 			 int fd_in, int fd_out, const buffer_t *input_buf,
 			 const char **error_r)
 {
@@ -166,6 +167,7 @@
 	struct mail_user *mail_user;
 	struct client *client;
 	const struct imap_settings *set;
+	enum mail_auth_request_flags flags;
 
 	if (mail_storage_service_lookup_next(storage_service, input,
 					     &user, &mail_user, error_r) <= 0)
@@ -180,6 +182,10 @@
 	T_BEGIN {
 		client_add_input(client, input_buf);
 	} T_END;
+
+	flags = login_client == NULL ? 0 : login_client->auth_req.flags;
+	if ((flags & MAIL_AUTH_REQUEST_FLAG_TLS_COMPRESSION) != 0)
+		client->tls_compression = TRUE;
 	return 0;
 }
 
@@ -205,7 +211,7 @@
 	input_buf = input_base64 == NULL ? NULL :
 		t_base64_decode_str(input_base64);
 
-	if (client_create_from_input(&input, STDIN_FILENO, STDOUT_FILENO,
+	if (client_create_from_input(&input, NULL, STDIN_FILENO, STDOUT_FILENO,
 				     input_buf, &error) < 0)
 		i_fatal("%s", error);
 }
@@ -227,7 +233,7 @@
 
 	buffer_create_const_data(&input_buf, client->data,
 				 client->auth_req.data_size);
-	if (client_create_from_input(&input, client->fd, client->fd,
+	if (client_create_from_input(&input, client, client->fd, client->fd,
 				     &input_buf, &error) < 0) {
 		i_error("%s", error);
 		(void)close(client->fd);
diff -r 9f0014f19bd3 -r fd5141e85076 src/lib-master/master-auth.h
--- a/src/lib-master/master-auth.h	Sat Feb 13 05:36:04 2010 +0200
+++ b/src/lib-master/master-auth.h	Sat Feb 13 05:43:50 2010 +0200
@@ -17,6 +17,11 @@
    to make sure there's space to transfer the command tag  */
 #define MASTER_AUTH_MAX_DATA_SIZE (1024*2)
 
+enum mail_auth_request_flags {
+	/* Connection has TLS compression enabled */
+	MAIL_AUTH_REQUEST_FLAG_TLS_COMPRESSION	= 0x01
+};
+
 /* Authentication request. File descriptor may be sent along with the
    request. */
 struct master_auth_request {
@@ -33,6 +38,8 @@
 	   itself may be a local socketpair. */
 	struct ip_addr local_ip, remote_ip;
 
+	uint32_t flags;
+
 	/* request follows this many bytes of client input */
 	uint32_t data_size;
 	/* inode of the transferred fd. verified just to be sure that the
diff -r 9f0014f19bd3 -r fd5141e85076 src/login-common/sasl-server.c
--- a/src/login-common/sasl-server.c	Sat Feb 13 05:36:04 2010 +0200
+++ b/src/login-common/sasl-server.c	Sat Feb 13 05:43:50 2010 +0200
@@ -119,6 +119,9 @@
 	req.local_ip = client->local_ip;
 	req.remote_ip = client->ip;
 	req.client_pid = getpid();
+	if (client->ssl_proxy != NULL &&
+	    ssl_proxy_get_compression(client->ssl_proxy))
+		req.flags |= MAIL_AUTH_REQUEST_FLAG_TLS_COMPRESSION;
 	memcpy(req.cookie, anvil_request->cookie, sizeof(req.cookie));
 
 	buf = buffer_create_dynamic(pool_datastack_create(), 256);
diff -r 9f0014f19bd3 -r fd5141e85076 src/login-common/ssl-proxy-openssl.c
--- a/src/login-common/ssl-proxy-openssl.c	Sat Feb 13 05:36:04 2010 +0200
+++ b/src/login-common/ssl-proxy-openssl.c	Sat Feb 13 05:43:50 2010 +0200
@@ -704,9 +704,6 @@
 const char *ssl_proxy_get_security_string(struct ssl_proxy *proxy)
 {
 	SSL_CIPHER *cipher;
-#ifdef HAVE_SSL_COMPRESSION
-	const COMP_METHOD *comp;
-#endif
 	int bits, alg_bits;
 	const char *comp_str;
 
@@ -715,19 +712,26 @@
 
 	cipher = SSL_get_current_cipher(proxy->ssl);
 	bits = SSL_CIPHER_get_bits(cipher, &alg_bits);
-#ifdef HAVE_SSL_COMPRESSION
-	comp = SSL_get_current_compression(proxy->ssl);
-	comp_str = comp == NULL ? "" :
-		t_strconcat(" ", SSL_COMP_get_name(comp), NULL);
-#else
-	comp_str = "";
-#endif
+	comp_str = ssl_proxy_get_compression(proxy);
+	comp_str = comp_str == NULL ? "" : t_strconcat(" ", comp_str, NULL);
 	return t_strdup_printf("%s with cipher %s (%d/%d bits)%s",
 			       SSL_get_version(proxy->ssl),
 			       SSL_CIPHER_get_name(cipher),
 			       bits, alg_bits, comp_str);
 }
 
+const char *ssl_proxy_get_compression(struct ssl_proxy *proxy)
+{
+#ifdef HAVE_SSL_COMPRESSION
+	const COMP_METHOD *comp;
+
+	comp = SSL_get_current_compression(proxy->ssl);
+	return comp == NULL ? NULL : SSL_COMP_get_name(comp);
+#else
+	return NULL;
+#endif
+}
+
 void ssl_proxy_free(struct ssl_proxy **_proxy)
 {
 	struct ssl_proxy *proxy = *_proxy;
diff -r 9f0014f19bd3 -r fd5141e85076 src/login-common/ssl-proxy.c
--- a/src/login-common/ssl-proxy.c	Sat Feb 13 05:36:04 2010 +0200
+++ b/src/login-common/ssl-proxy.c	Sat Feb 13 05:43:50 2010 +0200
@@ -66,6 +66,11 @@
 	return "";
 }
 
+const char *ssl_proxy_get_compression(struct ssl_proxy *proxy ATTR_UNUSED)
+{
+	return NULL;
+}
+
 void ssl_proxy_free(struct ssl_proxy **proxy ATTR_UNUSED) {}
 
 unsigned int ssl_proxy_get_count(void)
diff -r 9f0014f19bd3 -r fd5141e85076 src/login-common/ssl-proxy.h
--- a/src/login-common/ssl-proxy.h	Sat Feb 13 05:36:04 2010 +0200
+++ b/src/login-common/ssl-proxy.h	Sat Feb 13 05:43:50 2010 +0200
@@ -28,6 +28,7 @@
 bool ssl_proxy_is_handshaked(const struct ssl_proxy *proxy) ATTR_PURE;
 const char *ssl_proxy_get_last_error(const struct ssl_proxy *proxy) ATTR_PURE;
 const char *ssl_proxy_get_security_string(struct ssl_proxy *proxy);
+const char *ssl_proxy_get_compression(struct ssl_proxy *proxy);
 void ssl_proxy_free(struct ssl_proxy **proxy);
 
 /* Return number of active SSL proxies */

More information about the dovecot-cvs mailing list