login-common: Indicate TLS encryption if haproxy says it was

login-common: Added flag to client that indicates whether connection is secured using SSL specifically.

login-common: Added client_disconnect(), which allows explicitly disconnecting the client before it is destroyed. This is sometimes needed to make sure the SSL layer is closed properly before destroying the underlying connection.

login-common: Added support for login services that handle their own input io.

login-common: Use lib-ssl-iostream for incoming SSL/TLS connections

login-common: Change process title to show different connection types Separate pre-login connections, proxy connections and post-login TLS proxies.

login-common: Destroy all fd proxies at deinit.

login-common: Implement post-login proxying and use it with SSL connections Note: This temporarily breaks the SSL connections a bit. If post-login process disconnects the client, it's not noticed by the login process. Client connections are noticed by the post-login though.

login-common: client_alloc() - remove unnecessary ssl parameter

login-common: Extract SSL/TLS initialization into client_init_ssl()

login-common: Split client_create() to client_alloc() and client_init() client_unref() can be used to free an allocated client that hasn't been fully created.

login-common: Move code in client_destroy_internal_failure() to its only caller No need to have a function that has only a single caller.

login-common: Avoid using client_destroy_success() when mail_max_userip_connections is reached This was currently the only way how data != NULL here. This change destroys ssl_proxy on client_destroy() instead of client_unref(), but that doesn't make much of a practical difference. This new behavior is a bit more correct though.

login-common: Use HAproxy provided proxy.ssl information If the connection is proxied via system that can terminate ssl for us, such as HAproxy, use that information only.

*-login: Cache director_username_hash between KICK-DIRECTOR-HASH commands This should make the kicking much faster, which is important when director is moving thousands of users.

*-login: Add client_vfuncs.free() that is called when client refcount=0 This can be useful for plugins that want to run something after proxying ends. Use an empty default function so plugins can call super.free() without having to check if it's NULL.

*-login: Add client_vfuncs.input_next_cmd() This allows plugins to hook into all the pre-login commands. For example with imap-login most of the commands could already be hooked into, except for ID and AUTHENTICATE because their parameters reading is handled specially. This allows hooking into them as well. This is actually internal to all the login binaries, so it wouldn't have to be in login-common. However, login-common already has all the code to handle overriding functions nicely and this is a rather useful feature for all the protocols anyway, so it's easier this way and not too ugly.

*-login: Add client_vfuncs.send_raw_data() This allows login plugins to hook into seeing all the data that is sent to the imap/pop3 client.

*-login: Minor logging cleanup if client is disconnected before sending banner. Avoid unnecessarily adding "(no auth attempts in 0 secs)" when the reason string already makes it clear that the user didn't even have a chance to authenticate. This kind of disconnection currently happens only with some plugins.

imap-login: Move forward_fields updating code to login-common This allows using the new client_add_forward_field() in e.g. plugins.

auth: Accept forward_fields from auth client

imap-login: Retain ID request without dovecot specials

auth: Accept client_id from auth client Client ID contains the ID client request string for IMAP.

login-common: Add preproxy pool preproxy pool can be used to do allocations that are released once proxying starts.

*-login: Change API for how login_plugins hook into client allocation. The previous API worked badly when there were more than one plugin. The current behavior works similarly to how mail_plugins work.

*-login: Remove unused client.proxy_state

*-login: Add client.proxy_get_state() for providing human-readable proxy state If not implemented, it defaults to the old method of returning proxy_state number.

auth,login-common: Added result code for invalid base64-encoded response data.

login-common: Added result codes for mechanism-related failures.

login-common: Added result code for a nologin code from the auth service.

login-common: Added result code for password-expired authentication failure.

auth: Added a code= field to the auth FAIL response that replaces the "authz", "temp", "pass_expired", and "user_disabled" fields.

imap/pop3 proxy: If passdb returns proxy_not_trusted, don't send ID/XCLIENT This allows using Dovecot proxying feature towards less trusted servers.

auth: Pass local_name to auth-request This allows using local_name in various places, such as passdb/userdb queries.

*-login: Store user_* passdb fields to client->alt_usernames.

global: unsigned int:1 -> bool:1 perl -i -pe 's/unsigned int ([^,:;]+):1;/bool $1:1;/' **/*.[ch]

*-login: Add all returned passdb fields to struct client_auth_reply.all_fields These will be mainly useful to plugins.

*-login: Allow plugins to hook into client allocation and add module-specific contexts to client.

*-login: Added postlogin_socket=path passdb extra field. By default e.g. "imap" or "pop3" is the post-login socket, but this can override it. This could be used for example for per-user debugging (e.g. setting executable to be run via strace or valgrind).

Changed type of internet port values to in_port_t everywhere. Created special SET_IN_PORT setting type for internet port values. Created net_str2port() for parsing internet port values. Removed several atoi() invocations in the process.

*-login: Added %{passdb:*} fields to login_log_format_elements

login_log_format_elements: Added %{listener} variable to expand to the listener socket name.

lmtp, *-login: Use ip/port values from struct master_service_connection instead of from the socket. This way, a proxy protocol like HAProxy can transparently override these addresses with what is seen by the proxy.

*-login: And actually make the previous changes work.

login proxy: If passdb returns "source_ip" extra field, use it for outgoing connections.

auth, login, mail: Added %{auth_user}, %{auth_username} and %{auth_domain} They expand to the SASL authentication ID. So if master user login is done, it expands to the master user. If username changes during authentication, it expands to the original username. Otherwise %{user} and %{auth_user} are equal.

imap proxy: Added proxy_nopipelining passdb setting to work around other servers' bugs.

*-login: Added %{orig_user}, %{orig_username} and %{orig_domain} variables. The original username is what the client sent to server before any translations.

lib-sasl: Use dsasl_ prefix so we don't conflict with Cyrus SASL library.

imap/pop3-login: Use libsasl for authenticating to remote IMAP/POP3 server. Also passdb lookup can return "proxy_mech" extra field to specify which SASL mechanism to use.

auth: Added real_[lr]ip, real_[lr]port variables. The unreal ones differ when a trusted proxy overrides them.

login_log_format_elements: Added %{real_rip} variable. It differs from %r when Dovecot proxy sends an updated client IP address. Patch by Jack Bates.

Renamed network.[ch] to net.[ch]. The function prefixes already started with net_ instead of network_. And icecap wants to use network.h for other purpose. :)

Moved ssl_* settings from login-common to lib-master. This allows creating other SSL servers more easily.

login: Don't allow STARTTLS if ssl=no in client's settings, even if ssl=yes globally.

Avoid using (void)s by adding ATTR_NOWARN_UNUSED_RESULT attributes and other ways.

login: If user is disabled or password expired, say it in logout reason.

SSL proxying: Remote's host never matched cert, because auth process changed it to IP. Now the "host" parameter isn't changed, but a new optional "hostip" parameter contains the IP address where to connect to.

Added a "session ID" string for imap/pop3 connections, available in %{session} variable. The session ID passes through Dovecot IMAP/POP3 proxying to backend server. The same session ID is can be reused after a long time (currently a bit under 9 years).

login: If session timeouts after authentication, log a better error about it.

imap/pop3/lmtp proxy: Implemented detection of proxy loops with TTL. If proxying tries to continue after 5 forward connections, it fails. The limit of 5 is hard coded currently.

login-common: Code cleanup

login: If auth client disconnects without having ever succeeded, destroy clients.

login-common API made more extensible for different kinds of protocols. Patch by Stephan Bosch.

login proxy: If remote auth fails, say so in disconnect message instead of "internal failure".

login: Make SASL auth buffer size define public.

imap-login: Handle SASL-IR without overflowing master_auth_request's buffer.

login: Added logging if auth process doesn't respond fast enough for greeting.

imap-login: LOGIN_MAX_INBUF_SIZE was too small, because of SASL-IR extension

login: Save final SASL reply to client struct.

login: Log a different disconnect message if client didn't finish SASL auth.

login: Differentiate between auth failure and auth process communication failure. Log a warning if auth connection dies.

login: Improved auth failed log messages.

login: If login fails for some reason, but auth was successful, don't log "auth failed". For example if proxy fails to connect to remote server.

login: When renegotiating SSL handshake, don't reread settings when TLS SNI is used.

login-common API redesign so that the library doesn't refer to nonexistent variables.

login: If master login fails, tell auth process to free the auth request.

login proxy: Show proxy state in "disconnected" error message.

login proxy: If passdb returns proxy_refresh=<secs>, send username to proxy-notify fifo every n secs. --HG-- branch : HEAD

auth/login related timeouts are now in one place and they make more sense. Most importantly now auth client doesn't abort lookup before server does. --HG-- branch : HEAD

login: Always disconnect clients after 3 minutes if they haven't logged in. --HG-- branch : HEAD

*-login: Removed per-connection auth failure penalties. Trust auth server to do it. --HG-- branch : HEAD

imap-login: If imap_capability is set, use it. --HG-- branch : HEAD

lib-auth: Changed API to connect to only a single specified auth socket. Login processes now always connect to socket called "auth". --HG-- branch : HEAD

*-login: Log more precise reasons for some auth failures. --HG-- branch : HEAD

*-login: Fixes to SSL/login proxy connection counting. --HG-- branch : HEAD

*-login: Allow auth input to be larger than the rest of the input. --HG-- branch : HEAD

*-login: Allow backend to parse SASL responses from client (for managesieve). --HG-- branch : HEAD

login proxy: Added client_proxy passdb extra field to specify proxy's connect timeout. --HG-- branch : HEAD

*-login: Abstract out SASL continue reply sending (for managesieve). --HG-- branch : HEAD

*-login: Moved most of the common code to login-common. --HG-- branch : HEAD

*-login: Use a common client_send_line() API. --HG-- branch : HEAD

imap-login now advertises only pre-login capabilities. If client had used CAPABILITY command before logging in, untagged CAPABILITY is sent to client in the hope that client understands this. This change could get reverted if it breaks too many clients. --HG-- branch : HEAD

login processes: Added initial support for per-connection configuration. --HG-- branch : HEAD

Initial commit for v2.0 master rewrite. Several features are still missing. --HG-- branch : HEAD

imap/pop3-login: Cleaned up proxying code. Don't disconnect client on proxy failures. Log proxy failures as errors. --HG-- branch : HEAD

Login process: Log auth failure reasons better in disconnect message. For example if client certs are required it now logs if the cert wasn't sent or if the cert was invalid. --HG-- branch : HEAD

Pass the created mail process PID back to login process so it can log it. Added %e log format element for it. --HG-- branch : HEAD

Just send CAPABILITY response code for all LOGIN/AUTHENTICATE commands. Simplifies things and Lemonade spec specifies it as a "MUST be sent" anyway. --HG-- branch : HEAD

Send login command OK reply in IMAP/POP3 process. --HG-- branch : HEAD

If commands are pipelined after the login command, pass them to the IMAP/POP3 process so it can process the command instead of discarding it. --HG-- branch : HEAD

Support transferring original IPs and ports through IMAP proxies. Clients from login_trusted_networks are allowed to override them. Dovecot's IMAP proxy sends them via IMAP ID command. They're always sent if the remote advertises ID in the banner's CAPABILITY. --HG-- branch : HEAD

Added more consts, ATTR_CONSTs and ATTR_PUREs. --HG-- branch : HEAD

Added clients_init() and clients_deinit() back (for Managesieve). --HG-- branch : HEAD

Forgot from imap/pop3-login clients hash -> linked list commit. --HG-- branch : HEAD

Instead of logging only "Aborted login", log also if client tried to use plaintext auth, or if not log the number of authentication attempts. --HG-- branch : HEAD

Disable processing input while it's not expected, otherwise we could get there and crash while master is processing the login. Also allow client to send the SASL data within the same IP packet as the AUTH/AUTHENTICATE command without hanging. --HG-- branch : HEAD

Changed .h ifdef/defines to use <NAME>_H format. --HG-- branch : HEAD

Added %a=local port and %b=remote port variables for login_log_format_elements. --HG-- branch : HEAD

Crashfixes and more asserts. Mostly related to use of AUTHENTICATE/AUTH commands. --HG-- branch : HEAD

Fixes for handling near-full connection queues. --HG-- branch : HEAD

Added "bool" type and changed all ints that were used as booleans to bool. --HG-- branch : HEAD

Added configurable logging for login process. Added configurable pop3 logout string. Based on a patch by Andrey Panin. --HG-- branch : HEAD

Login process cleanups. Share more authentication code between pop3/imap. --HG-- branch : HEAD

Added %l, %r and %P variables and mail_log_prefix setting. --HG-- branch : HEAD

Added ssl_require_client_cert auth-specific setting. Hide ssl_verify_client_cert from default config file as it's automatically set if needed and there's not much point in forcing it. --HG-- branch : HEAD

Moved client side code for auth process handling to lib-auth. Some other login process cleanups. --HG-- branch : HEAD

login: Wait until we're connected to auth process before executing command from client. inetd usage: --group=name can now specify which login group to use. Default is the binary name before '-' character (ie. imap or pop3). --HG-- branch : HEAD

Moved more auth code to login-common. --HG-- branch : HEAD

Moved common login process code to login-common, created pop3-login. --HG-- branch : HEAD