bcb4e51a409d94ae670de96afb8483a4f7855294Stephan Bosch/* Copyright (c) 2013-2018 Dovecot authors, see the included COPYING file */
f9511e684858bf5f6ac77ab12254b85b737beae8Stephan Bosch const struct imap_urlauth_login_settings *set;
f9511e684858bf5f6ac77ab12254b85b737beae8Stephan Boschimap_urlauth_client_auth_result(struct client *client,
f9511e684858bf5f6ac77ab12254b85b737beae8Stephan Bosch const struct client_auth_reply *reply ATTR_UNUSED,
f9511e684858bf5f6ac77ab12254b85b737beae8Stephan Bosch /* failed or otherwise invalid status */
f9511e684858bf5f6ac77ab12254b85b737beae8Stephan Bosch client_destroy(client, "Disconnected: Authentication failed");
f9511e684858bf5f6ac77ab12254b85b737beae8Stephan Bosch /* authentication succeeded */
f9511e684858bf5f6ac77ab12254b85b737beae8Stephan Boschstatic void imap_urlauth_client_handle_input(struct client *client)
f9511e684858bf5f6ac77ab12254b85b737beae8Stephan Bosch if ((line = i_stream_next_line(client->input)) == NULL)
f9511e684858bf5f6ac77ab12254b85b737beae8Stephan Bosch if (!version_string_verify(line, "imap-urlauth",
f9511e684858bf5f6ac77ab12254b85b737beae8Stephan Bosch i_error("IMAP URLAUTH client not compatible with this server "
f9511e684858bf5f6ac77ab12254b85b737beae8Stephan Bosch client_destroy(client, "Disconnected: Version mismatch");
f9511e684858bf5f6ac77ab12254b85b737beae8Stephan Bosch if ((line = i_stream_next_line(client->input)) == NULL)
f9511e684858bf5f6ac77ab12254b85b737beae8Stephan Bosch /* read authentication info from input;
f1edf7f20661ef9627acbf4054acddcba4d2eb3fStephan Bosch "AUTH"\t<service>\t<session-pid>\t<auth-username>\t<session_id>\t<token> */
f9511e684858bf5f6ac77ab12254b85b737beae8Stephan Bosch if (str_array_length(args) < AUTH_ARG_COUNT ||
f1edf7f20661ef9627acbf4054acddcba4d2eb3fStephan Bosch strcmp(args[0], "AUTH") != 0 || str_to_pid(args[2], &pid) < 0) {
f9511e684858bf5f6ac77ab12254b85b737beae8Stephan Bosch i_error("IMAP URLAUTH client sent unexpected AUTH input: %s", line);
f9511e684858bf5f6ac77ab12254b85b737beae8Stephan Bosch client_destroy(client, "Disconnected: Unexpected input");
f1edf7f20661ef9627acbf4054acddcba4d2eb3fStephan Bosch /* only imap and submission have direct access to urlauth service */
f1edf7f20661ef9627acbf4054acddcba4d2eb3fStephan Bosch if (strcmp(args[1], "imap") != 0 && strcmp(args[1], "submission") != 0) {
f1edf7f20661ef9627acbf4054acddcba4d2eb3fStephan Bosch i_error("IMAP URLAUTH accessed from inappropriate service: %s", args[1]);
f1edf7f20661ef9627acbf4054acddcba4d2eb3fStephan Bosch client_destroy(client, "Disconnected: Unexpected input");
f9511e684858bf5f6ac77ab12254b85b737beae8Stephan Bosch /* verify session pid if possible */
f9511e684858bf5f6ac77ab12254b85b737beae8Stephan Bosch if (net_getunixcred(client->fd, &cred) == 0 &&
f9511e684858bf5f6ac77ab12254b85b737beae8Stephan Bosch i_error("IMAP URLAUTH client sent invalid session pid %ld in AUTH request: "
f9511e684858bf5f6ac77ab12254b85b737beae8Stephan Bosch "it did not match peer credentials (pid=%ld, uid=%ld)",
f9511e684858bf5f6ac77ab12254b85b737beae8Stephan Bosch client_destroy(client, "Disconnected: Invalid AUTH request");
f9511e684858bf5f6ac77ab12254b85b737beae8Stephan Bosch unsigned int i;
f9511e684858bf5f6ac77ab12254b85b737beae8Stephan Bosch (void)client_auth_begin(client, "DOVECOT-TOKEN",
f9511e684858bf5f6ac77ab12254b85b737beae8Stephan Boschstatic void imap_urlauth_client_input(struct client *client)
f9511e684858bf5f6ac77ab12254b85b737beae8Stephan Bosch /* we're not currently connected to auth process -
f9511e684858bf5f6ac77ab12254b85b737beae8Stephan Bosch don't allow any commands */
0d1b8b6bec79746c5d89d57dd8c1688946bd9237Josef 'Jeff' Sipek timeout_remove(&client->to_auth_waiting);
f9511e684858bf5f6ac77ab12254b85b737beae8Stephan Boschstatic struct client *imap_urlauth_client_alloc(pool_t pool)
f9511e684858bf5f6ac77ab12254b85b737beae8Stephan Bosch uauth_client = p_new(pool, struct imap_urlauth_client, 1);
d920a34dfe72ce74a362dae8083e021b4a1720ecTimo Sirainen client->io = io_add_istream(client->input, client_input, client);
f9511e684858bf5f6ac77ab12254b85b737beae8Stephan Bosch login_set_roots = imap_urlauth_login_setting_roots;
f9511e684858bf5f6ac77ab12254b85b737beae8Stephan Boschstatic struct client_vfuncs imap_urlauth_vfuncs = {
f9511e684858bf5f6ac77ab12254b85b737beae8Stephan Boschstatic const struct login_binary imap_urlauth_login_binary = {
f9511e684858bf5f6ac77ab12254b85b737beae8Stephan Bosch .default_login_socket = LOGIN_TOKEN_DEFAULT_SOCKET,