client.c revision 8372fc7efb6d64dff2e5f55fb4a3822c56869cfe
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen/* Copyright (c) 2002-2008 Dovecot authors, see the included COPYING file */
d6badc27cd6e8d3398877b6766cb0aaeef3a7800Timo Sirainen/* max. size of output buffer. if it gets full, the client is disconnected.
e4b09b008ab544eb8994beecbfffefa21d855e43Timo Sirainen SASL authentication gives the largest output. */
e4b09b008ab544eb8994beecbfffefa21d855e43Timo Sirainen/* maximum length for IMAP command line. */
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen/* Disconnect client when it sends too many bad commands */
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen/* When max. number of simultaneous connections is reached, few of the
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen oldest connections are disconnected. Since we have to go through all of the
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen clients, it's faster if we disconnect multiple clients. */
287ba82a8da3eaa473b5735d4eeac2fb4c5d8117Timo Sirainen/* If we've been waiting auth server to respond for over this many milliseconds,
c27f03fa8fd2ef4acd1db814fae7d90e0eb9d3aeTimo Sirainen send a "waiting" message. */
287ba82a8da3eaa473b5735d4eeac2fb4c5d8117Timo Sirainen#if CLIENT_LOGIN_IDLE_TIMEOUT_MSECS >= AUTH_REQUEST_TIMEOUT*1000
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen# error client idle timeout must be smaller than authentication timeout
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen "* OK Waiting for authentication process to respond.."
16c89b1260c9d07c01c83a9219424d3727069b2eTimo Sirainenconst char *capability_string = CAPABILITY_STRING;
41e1c7380edda701719d8ce1fb4d465d2ec4c84dTimo Sirainenstatic void client_set_title(struct imap_client *client)
bb10ebcf076c959c752f583746d83805d7686df8Timo Sirainen if (!verbose_proctitle || !process_per_connection)
d5cebe7f98e63d4e2822863ef2faa4971e8b3a5dTimo Sirainen process_title_set(t_strdup_printf(client->common.tls ?
bb10ebcf076c959c752f583746d83805d7686df8Timo Sirainenstatic void client_open_streams(struct imap_client *client, int fd)
ee246b46953e4b94b2f22e093373674fa9155500Timo Sirainen i_stream_create_fd(fd, LOGIN_MAX_INBUF_SIZE, FALSE);
287ba82a8da3eaa473b5735d4eeac2fb4c5d8117Timo Sirainen client->output = o_stream_create_fd(fd, MAX_OUTBUF_SIZE, FALSE);
bb10ebcf076c959c752f583746d83805d7686df8Timo Sirainen client->parser = imap_parser_create(client->common.input,
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen/* Skip incoming data until newline is found,
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen returns TRUE if newline was found. */
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainenbool client_skip_line(struct imap_client *client)
20a802016205bbcafc90f164f769ea801f88d014Timo Sirainen const unsigned char *data;
20a802016205bbcafc90f164f769ea801f88d014Timo Sirainen data = i_stream_get_data(client->common.input, &data_size);
20a802016205bbcafc90f164f769ea801f88d014Timo Sirainen for (i = 0; i < data_size; i++) {
024815ea2ffdda9ea79919f18e865663977f73eaTimo Sirainenstatic const char *get_capability(struct imap_client *client, bool full)
7797aa2479e99aeb71057b7a2584b2cb72e4d3f8Timo Sirainen auths = client_authenticate_get_capabilities(client->common.secured);
bbf796c17f02538058d7559bfe96d677e5b55015Timo Sirainen return t_strconcat(full ? capability_string : CAPABILITY_BANNER_STRING,
1175f27441385a7011629f295f42708f9a3a4ffcTimo Sirainen disable_plaintext_auth && !client->common.secured ?
c27f03fa8fd2ef4acd1db814fae7d90e0eb9d3aeTimo Sirainenstatic int cmd_capability(struct imap_client *client)
5a07b37a9df398b5189c14872a600384208ab74bTimo Sirainen "* CAPABILITY ", get_capability(client, TRUE), NULL));
c27f03fa8fd2ef4acd1db814fae7d90e0eb9d3aeTimo Sirainen client_send_tagline(client, "OK Capability completed.");
6a19e109ee8c5a6f688da83a86a7f6abeb71abddTimo Sirainenstatic void client_start_tls(struct imap_client *client)
519e0a461271843833a2b42626ad93f6e7ddc497Timo Sirainen if (!client_unref(client) || client->destroyed)
519e0a461271843833a2b42626ad93f6e7ddc497Timo Sirainen fd_ssl = ssl_proxy_new(client->common.fd, &client->common.ip,
da985034a708db2f61394b30d117050ae6829ee5Timo Sirainen client_send_line(client, "* BYE TLS initialization failed.");
519e0a461271843833a2b42626ad93f6e7ddc497Timo Sirainen "Disconnected: TLS initialization failed.");
5626ae5e3316eced244adb6485c0927f1c7fdc41Timo Sirainen /* CRLF is lost from buffer when streams are reopened. */
5626ae5e3316eced244adb6485c0927f1c7fdc41Timo Sirainen client->io = io_add(client->common.fd, IO_READ, client_input, client);
519e0a461271843833a2b42626ad93f6e7ddc497Timo Sirainenstatic int client_output_starttls(struct imap_client *client)
6a19e109ee8c5a6f688da83a86a7f6abeb71abddTimo Sirainen if ((ret = o_stream_flush(client->output)) < 0) {
8d80659e504ffb34bb0c6a633184fece35751b18Timo Sirainen o_stream_unset_flush_callback(client->output);
519e0a461271843833a2b42626ad93f6e7ddc497Timo Sirainenstatic int cmd_starttls(struct imap_client *client)
f23298fea47eecbeded985ee2537a34c4c4ef56bTimo Sirainen client_send_tagline(client, "BAD TLS is already active.");
519e0a461271843833a2b42626ad93f6e7ddc497Timo Sirainen client_send_tagline(client, "BAD TLS support isn't enabled.");
519e0a461271843833a2b42626ad93f6e7ddc497Timo Sirainen /* remove input handler, SSL proxy gives us a new fd. we also have to
519e0a461271843833a2b42626ad93f6e7ddc497Timo Sirainen remove it in case we have to wait for buffer to be flushed */
519e0a461271843833a2b42626ad93f6e7ddc497Timo Sirainen client_send_tagline(client, "OK Begin TLS negotiation now.");
519e0a461271843833a2b42626ad93f6e7ddc497Timo Sirainen /* uncork the old fd */
7797aa2479e99aeb71057b7a2584b2cb72e4d3f8Timo Sirainen /* the buffer has to be flushed */
5a07b37a9df398b5189c14872a600384208ab74bTimo Sirainen o_stream_set_flush_pending(client->output, TRUE);
7797aa2479e99aeb71057b7a2584b2cb72e4d3f8Timo Sirainenclient_update_info(struct imap_client *client, const struct imap_arg *args)
bbf796c17f02538058d7559bfe96d677e5b55015Timo Sirainen else if (strcasecmp(key, "x-originating-port") == 0)
bbf796c17f02538058d7559bfe96d677e5b55015Timo Sirainen else if (strcasecmp(key, "x-connected-ip") == 0)
287ba82a8da3eaa473b5735d4eeac2fb4c5d8117Timo Sirainen (void)net_addr2ip(value, &client->common.local_ip);
bbf796c17f02538058d7559bfe96d677e5b55015Timo Sirainen else if (strcasecmp(key, "x-connected-port") == 0)
bbf796c17f02538058d7559bfe96d677e5b55015Timo Sirainenstatic int cmd_id(struct imap_client *client, const struct imap_arg *args)
5a07b37a9df398b5189c14872a600384208ab74bTimo Sirainen value = imap_id_args_get_log_reply(args, env);
287ba82a8da3eaa473b5735d4eeac2fb4c5d8117Timo Sirainen client_send_line(client, t_strdup_printf("* ID %s",
b79ec51bdeef6ef950eb5e890e65cc0491cf5fe9Timo Sirainen client_send_tagline(client, "OK ID completed.");
7797aa2479e99aeb71057b7a2584b2cb72e4d3f8Timo Sirainenstatic int cmd_noop(struct imap_client *client)
bbf796c17f02538058d7559bfe96d677e5b55015Timo Sirainen client_send_tagline(client, "OK NOOP completed.");
5a07b37a9df398b5189c14872a600384208ab74bTimo Sirainenstatic int cmd_logout(struct imap_client *client)
287ba82a8da3eaa473b5735d4eeac2fb4c5d8117Timo Sirainen client_send_line(client, "* BYE Logging out");
ab286a8b58306eb8d22fc18342b6c199fd428e1eTimo Sirainen client_send_tagline(client, "OK Logout completed.");
287ba82a8da3eaa473b5735d4eeac2fb4c5d8117Timo Sirainenstatic int cmd_enable(struct imap_client *client)
6ef7e31619edfaa17ed044b45861d106a86191efTimo Sirainen "OK ENABLE ignored in non-authenticated state.");
bbf796c17f02538058d7559bfe96d677e5b55015Timo Sirainenstatic int client_command_execute(struct imap_client *client, const char *cmd,
5a07b37a9df398b5189c14872a600384208ab74bTimo Sirainenstatic bool client_handle_input(struct imap_client *client)
287ba82a8da3eaa473b5735d4eeac2fb4c5d8117Timo Sirainen const char *msg;
1b3bb8d39686ed24730cbc31cc9a33dc62c8c6c3Timo Sirainen /* clear the previous command from memory. don't do this
7797aa2479e99aeb71057b7a2584b2cb72e4d3f8Timo Sirainen immediately after handling command since we need the
5a07b37a9df398b5189c14872a600384208ab74bTimo Sirainen cmd_tag to stay some time after authentication commands. */
6a04c5112961c5f4fb2d2f25192b3dc424d62ad0Timo Sirainen /* remove \r\n */
5a07b37a9df398b5189c14872a600384208ab74bTimo Sirainen client->cmd_tag = imap_parser_read_word(client->parser);
5a07b37a9df398b5189c14872a600384208ab74bTimo Sirainen client->cmd_name = imap_parser_read_word(client->parser);
b79ec51bdeef6ef950eb5e890e65cc0491cf5fe9Timo Sirainen switch (imap_parser_read_args(client->parser, 0, 0, &args)) {
b79ec51bdeef6ef950eb5e890e65cc0491cf5fe9Timo Sirainen msg = imap_parser_get_error(client->parser, &fatal);
b79ec51bdeef6ef950eb5e890e65cc0491cf5fe9Timo Sirainen client_send_line(client, t_strconcat("* BYE ",
64541374b58e4c702b1926e87df421d180ffa006Timo Sirainen client_send_tagline(client, t_strconcat("BAD ", msg, NULL));
bbf796c17f02538058d7559bfe96d677e5b55015Timo Sirainen /* not enough data */
bbf796c17f02538058d7559bfe96d677e5b55015Timo Sirainen /* we read the entire line - skip over the CRLF */
5a07b37a9df398b5189c14872a600384208ab74bTimo Sirainen ret = client_command_execute(client, client->cmd_name, args);
bb10ebcf076c959c752f583746d83805d7686df8Timo Sirainen if (++client->bad_counter >= CLIENT_MAX_BAD_COMMANDS) {
bb10ebcf076c959c752f583746d83805d7686df8Timo Sirainen "* BYE Too many invalid IMAP commands.");
6a04c5112961c5f4fb2d2f25192b3dc424d62ad0Timo Sirainen "Disconnected: Too many invalid commands");
bb10ebcf076c959c752f583746d83805d7686df8Timo Sirainen "BAD Error in IMAP command received by server.");
bb10ebcf076c959c752f583746d83805d7686df8Timo Sirainen return ret != 0;
bb10ebcf076c959c752f583746d83805d7686df8Timo Sirainen switch (i_stream_read(client->common.input)) {
bb10ebcf076c959c752f583746d83805d7686df8Timo Sirainen /* buffer full */
bb10ebcf076c959c752f583746d83805d7686df8Timo Sirainen client_send_line(client, "* BYE Input buffer full, aborting");
bb10ebcf076c959c752f583746d83805d7686df8Timo Sirainen client_destroy(client, "Disconnected: Input buffer full");
bb10ebcf076c959c752f583746d83805d7686df8Timo Sirainen /* disconnected */
16c89b1260c9d07c01c83a9219424d3727069b2eTimo Sirainen /* nothing new read */
16c89b1260c9d07c01c83a9219424d3727069b2eTimo Sirainen /* something was read */
6a04c5112961c5f4fb2d2f25192b3dc424d62ad0Timo Sirainen /* we're not yet connected to auth process -
6a04c5112961c5f4fb2d2f25192b3dc424d62ad0Timo Sirainen don't allow any commands */
bb10ebcf076c959c752f583746d83805d7686df8Timo Sirainen struct imap_client *destroy_buf[CLIENT_DESTROY_OLDEST_COUNT];
bb10ebcf076c959c752f583746d83805d7686df8Timo Sirainen unsigned int i, destroy_count;
bb10ebcf076c959c752f583746d83805d7686df8Timo Sirainen /* find the oldest clients and put them to destroy-buffer */
bb10ebcf076c959c752f583746d83805d7686df8Timo Sirainen destroy_count = max_connections > CLIENT_DESTROY_OLDEST_COUNT*2 ?
bb10ebcf076c959c752f583746d83805d7686df8Timo Sirainen CLIENT_DESTROY_OLDEST_COUNT : I_MIN(max_connections/2, 1);
bb10ebcf076c959c752f583746d83805d7686df8Timo Sirainen for (client = clients; client != NULL; client = client->next) {
16c89b1260c9d07c01c83a9219424d3727069b2eTimo Sirainen struct imap_client *imap_client = (struct imap_client *)client;
16c89b1260c9d07c01c83a9219424d3727069b2eTimo Sirainen for (i = 0; i < destroy_count; i++) {
16c89b1260c9d07c01c83a9219424d3727069b2eTimo Sirainen destroy_buf[i]->created > imap_client->created) {
16c89b1260c9d07c01c83a9219424d3727069b2eTimo Sirainen /* @UNSAFE */
16c89b1260c9d07c01c83a9219424d3727069b2eTimo Sirainen /* then kill them */
6a04c5112961c5f4fb2d2f25192b3dc424d62ad0Timo Sirainen for (i = 0; i < destroy_count; i++) {
16c89b1260c9d07c01c83a9219424d3727069b2eTimo Sirainen "Disconnected: Connection queue full");
bb10ebcf076c959c752f583746d83805d7686df8Timo Sirainenstatic void client_send_greeting(struct imap_client *client)
6a04c5112961c5f4fb2d2f25192b3dc424d62ad0Timo Sirainen str_printfa(greet, "[CAPABILITY %s] ", get_capability(client, FALSE));
bb10ebcf076c959c752f583746d83805d7686df8Timo Sirainenstatic void client_idle_disconnect_timeout(struct imap_client *client)
bb10ebcf076c959c752f583746d83805d7686df8Timo Sirainen client_send_line(client, "* BYE Disconnected for inactivity.");
bb10ebcf076c959c752f583746d83805d7686df8Timo Sirainen client_destroy(client, "Disconnected: Inactivity");
bb10ebcf076c959c752f583746d83805d7686df8Timo Sirainenstatic void client_auth_waiting_timeout(struct imap_client *client)
bb10ebcf076c959c752f583746d83805d7686df8Timo Sirainenvoid client_set_auth_waiting(struct imap_client *client)
16c89b1260c9d07c01c83a9219424d3727069b2eTimo Sirainenstruct client *client_create(int fd, bool ssl, const struct ip_addr *local_ip,
16c89b1260c9d07c01c83a9219424d3727069b2eTimo Sirainen /* always use nonblocking I/O */
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen client->common.trusted = client_is_trusted(&client->common);
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen client->common.secured = ssl || client->common.trusted ||
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen client->io = io_add(fd, IO_READ, client_input, client);
8e7da21696c9f8a6d5e601243fb6172ec85d47b2Timo Sirainenvoid client_destroy(struct imap_client *client, const char *reason)
8e7da21696c9f8a6d5e601243fb6172ec85d47b2Timo Sirainen if (!client->login_success && reason != NULL) {
e12648867876aaec17e06ee4caef0bb60363449dTimo Sirainen client_get_extra_disconnect_reason(&client->common),
31ddc75584c5cde53d2e78a737587f2e7fdcb0d2Timo Sirainen sasl_server_auth_client_error(&client->common, NULL);
0ce3bbb0f03fb0ee99258b41b5a1d689c1158a75Timo Sirainenvoid client_destroy_success(struct imap_client *client, const char *reason)
0ce3bbb0f03fb0ee99258b41b5a1d689c1158a75Timo Sirainenvoid client_destroy_internal_failure(struct imap_client *client)
0ce3bbb0f03fb0ee99258b41b5a1d689c1158a75Timo Sirainen client_send_line(client, "* BYE Internal login failure. "
0ce3bbb0f03fb0ee99258b41b5a1d689c1158a75Timo Sirainen "Refer to server log for more information.");
0ce3bbb0f03fb0ee99258b41b5a1d689c1158a75Timo Sirainen client_destroy(client, "Internal login failure");
91b5eae18db48ebb70eee5407a7ab52bf798ee12Timo Sirainenvoid client_send_line(struct imap_client *client, const char *line)
b2105c78f0fd58281317e6d777ded860f33153a3Timo Sirainen if (ret < 0 || (size_t)ret != iov[0].iov_len + iov[1].iov_len) {
b2105c78f0fd58281317e6d777ded860f33153a3Timo Sirainen /* either disconnection or buffer full. in either case we
7e94cf9d70ce9fdeccb7a85ff400b899e6386f36Timo Sirainen want this connection destroyed. however destroying it here
b2105c78f0fd58281317e6d777ded860f33153a3Timo Sirainen might break things if client is still tried to be accessed
b2105c78f0fd58281317e6d777ded860f33153a3Timo Sirainen without being referenced.. */
b2105c78f0fd58281317e6d777ded860f33153a3Timo Sirainenvoid client_send_tagline(struct imap_client *client, const char *line)
5a07b37a9df398b5189c14872a600384208ab74bTimo Sirainen client_send_line(client, t_strconcat(client->cmd_tag, " ", line, NULL));
e86d0d34fe365da4c7ca4312d575bfcbf3a01c0eTimo Sirainen for (client = clients; client != NULL; client = client->next) {
1e47cfede3a0b62654105daab00e97b5d660bc6bTimo Sirainen struct imap_client *imap_client = (struct imap_client *)client;
e86d0d34fe365da4c7ca4312d575bfcbf3a01c0eTimo Sirainen timeout_remove(&imap_client->to_auth_waiting);
1e47cfede3a0b62654105daab00e97b5d660bc6bTimo Sirainen for (client = clients; client != NULL; client = client->next) {
1e47cfede3a0b62654105daab00e97b5d660bc6bTimo Sirainen struct imap_client *imap_client = (struct imap_client *)client;
e86d0d34fe365da4c7ca4312d575bfcbf3a01c0eTimo Sirainen client_destroy(imap_client, "Disconnected: Shutting down");
b2105c78f0fd58281317e6d777ded860f33153a3Timo Sirainen /* Nothing to initialize for IMAP */