Updated copyright notices to include the year 2018.

login-common: Added support for login services that handle their own input io.

login-common: Move code in client_destroy_internal_failure() to its only caller No need to have a function that has only a single caller.

login-common: Avoid using client_destroy_success() when mail_max_userip_connections is reached This was currently the only way how data != NULL here. This change destroys ssl_proxy on client_destroy() instead of client_unref(), but that doesn't make much of a practical difference. This new behavior is a bit more correct though.

global: start relying on timeout_remove(NULL) being a no-op Cleanup performed with the following semantic patch: @@ expression E; @@ - if (E != NULL) { - timeout_remove(&E); - } + timeout_remove(&E);

global: start relying on io_remove{,_closed}(NULL) being a no-op Cleanup performed with the following semantic patch: @@ expression E; @@ - if (E != NULL) { - io_remove(&E); - } + io_remove(&E); @@ expression E; @@ - if (E != NULL) { - io_remove_closed(&E); - } + io_remove_closed(&E);

imap-login: Allow x-forward- to specify forward fields from trusted networks

*-login: Remove unused client.proxy_state

*-login: Add client.proxy_get_state() for providing human-readable proxy state If not implemented, it defaults to the old method of returning proxy_state number.

Updated copyright notices to include the year 2017.

global: Replaced all instances of memset(p, 0, sizeof(*p)) with the new i_zero() macro. Used the following script: C_FILES=`git ls-files *.c` H_FILES=`git ls-files *.h` for F in "$C_FILES $H_FILES"; do echo "$F" perl -p -i -e 's/safe_memset\(&\(?([^,]*)\)?,\s*0,\s*sizeof\(\g1\)\)/i_zero_safe(&$1)/g' $F perl -p -i -e 's/safe_memset\(([^,]*),\s*0,\s*sizeof\(\*\g1\)\)/i_zero_safe($1)/g' $F perl -p -i -e 's/memset\(&\(?([^,]*)\)?,\s*0,\s*sizeof\(\g1\)\)/i_zero(&$1)/g' $F perl -p -i -e 's/memset\(([^,]*),\s*0,\s*sizeof\(\*\g1\)\)/i_zero($1)/g' $F done

global: Change string position/length from unsigned int to size_t Mainly to avoid truncating >4GB strings, which might potentially cause some security holes. Normally there are other limits, which prevent such excessive strings from being created in the first place. I'm sure this didn't find everything. Maybe everything could be found with compiler warnings. -Wconversion kind of does it, but it gives way too many unnecessary warnings. These were mainly found with: grep " = strlen" egrep "unsigned int.*(size|len)"

auth,login-common: Added result code for invalid base64-encoded response data.

login-common: Added result codes for mechanism-related failures.

login-common: Added result code for a nologin code from the auth service.

login-common: Added result code for password-expired authentication failure.

auth: Added a code= field to the auth FAIL response that replaces the "authz", "temp", "pass_expired", and "user_disabled" fields.

imap/pop3 proxy: If passdb returns proxy_not_trusted, don't send ID/XCLIENT This allows using Dovecot proxying feature towards less trusted servers.

*-login: Store user_* passdb fields to client->alt_usernames.

global: Use only explicit int -> bool conversions These were checked with a patched clang.

lib: istream - migrate to i_stream_read_more() Scripted to find all the low-hanging-fruit (single line calls), but hand-checked: git grep i_stream_read_data.*,\ 0\) | sed s/:.*// | \ xargs sed -i -e 's/i_stream_read_data(\(.*\), \(.*\), \(.*\), 0)/i_stream_read_more(\1, \2, \3)/' Signed-off-by: Phil Carmody <phil@dovecot.fi>

login-proxy: When logging failures, include the client info prefix.

*-login: Call client.auth_result() also when proxying

*-login: Pass client_auth_reply to client.auth_result() whenever possible. This didn't matter normally, but some plugins might care about it.

*-login: Add all returned passdb fields to struct client_auth_reply.all_fields These will be mainly useful to plugins.

global: freshen copyright git ls-files | xargs perl -p -i -e 's/(\d+)-201[0-5]/$1-2016/g;s/ (201[0-5]) Dovecot/ $1-2016 Dovecot/'

*-login: Added postlogin_socket=path passdb extra field. By default e.g. "imap" or "pop3" is the post-login socket, but this can override it. This could be used for example for per-user debugging (e.g. setting executable to be run via strace or valgrind).

Removed all invocations of atoi().

Changed type of internet port values to in_port_t everywhere. Created special SET_IN_PORT setting type for internet port values. Created net_str2port() for parsing internet port values. Removed several atoi() invocations in the process.

Use io_stream_get_disconnect_reason() instead of duplicating its code all over the place.

global: freshen copyright Robomatically: git ls-files | xargs perl -p -i -e 's/(\d+)-201[0-4]/$1-2015/g;s/ (201[0-4]) Dovecot/ $1-2015 Dovecot/' Happy 2015 everyone! Signed-off-by: Phil Carmody <phil@dovecot.fi>

login proxy: Added login_source_ips setting. The setting contains a list of IPs/hosts. The setting may be prefixed with "?" character to indicate that only those IPs should be used that exist in the current server (allowing the same config to be shared by multiple servers). The IPs are used round robin as the source IP address when proxy creates TCP connections. This becomes useful when there are a ton of connections from the proxy to the same destination IP, because TCP ports run out after ~64k connections.

login proxy: If passdb returns "source_ip" extra field, use it for outgoing connections.

Updated copyright notices to include year 2014.

imap proxy: Added proxy_nopipelining passdb setting to work around other servers' bugs.

*-login: Send the auth reply back corked.

login proxy: Use corking when writing data.

lib-sasl: Use dsasl_ prefix so we don't conflict with Cyrus SASL library.

imap/pop3-login: Use libsasl for authenticating to remote IMAP/POP3 server. Also passdb lookup can return "proxy_mech" extra field to specify which SASL mechanism to use.

*-login: ssl=required should imply disable_plaintext_auth=yes

*-login: If auth failed with a specified reason, the reason wasn't actually shown to client.

login proxy: Set a default 30s timeout.

Oops :) Update copyrights to 2013 without breaking all .c files.

Updated copyright notices to include year 2013.