src/imap-urlauth/imap-urlauth.c

bcb4e51a409d94ae670de96afb8483a4f7855294Stephan Bosch/* Copyright (c) 2013-2018 Dovecot authors, see the included COPYING file */
f9511e684858bf5f6ac77ab12254b85b737beae8Stephan Bosch
f9511e684858bf5f6ac77ab12254b85b737beae8Stephan Bosch/*
f9511e684858bf5f6ac77ab12254b85b737beae8Stephan BoschThe imap-urlauth service provides URLAUTH access between different accounts. If
f9511e684858bf5f6ac77ab12254b85b737beae8Stephan Boschuser A has an URLAUTH that references a mail from user B, it makes a connection
f9511e684858bf5f6ac77ab12254b85b737beae8Stephan Boschto the imap-urlauth service to access user B's mail store to retrieve the
f9511e684858bf5f6ac77ab12254b85b737beae8Stephan Boschmail.
f9511e684858bf5f6ac77ab12254b85b737beae8Stephan Bosch
19557f192d37cd54a1a090a8a26d9d47265e4413Aki TuomiThe authentication and authorization of the URLAUTH is performed within
f9511e684858bf5f6ac77ab12254b85b737beae8Stephan Boschthis service. Because access to the mailbox and the associated mailbox keys is
f9511e684858bf5f6ac77ab12254b85b737beae8Stephan Boschnecessary to retrieve the message and for verification of the URLAUTH, the
f9511e684858bf5f6ac77ab12254b85b737beae8Stephan Boschurlauth services need root privileges. To mitigate security concerns, the
f9511e684858bf5f6ac77ab12254b85b737beae8Stephan Boschretrieval and verification of the URLs is performed in a worker service that
f9511e684858bf5f6ac77ab12254b85b737beae8Stephan Boschdrops root privileges and acts as target user B.
f9511e684858bf5f6ac77ab12254b85b737beae8Stephan Bosch
f9511e684858bf5f6ac77ab12254b85b737beae8Stephan BoschThe imap-urlauth service thus consists of three separate stages:
f9511e684858bf5f6ac77ab12254b85b737beae8Stephan Bosch
f9511e684858bf5f6ac77ab12254b85b737beae8Stephan Bosch- imap-urlauth-login:
f9511e684858bf5f6ac77ab12254b85b737beae8Stephan Bosch  This is the login service which operates identical to imap-login and
f9511e684858bf5f6ac77ab12254b85b737beae8Stephan Bosch  pop3-login equivalents, except for the fact that only token authentication is
f9511e684858bf5f6ac77ab12254b85b737beae8Stephan Bosch  allowed. It verifies that the connecting client is an IMAP service acting on
f9511e684858bf5f6ac77ab12254b85b737beae8Stephan Bosch  behaf of an authenticated user.
f9511e684858bf5f6ac77ab12254b85b737beae8Stephan Bosch
f9511e684858bf5f6ac77ab12254b85b737beae8Stephan Bosch- imap-urlauth:
f9511e684858bf5f6ac77ab12254b85b737beae8Stephan Bosch  Once the client is authenticated, the connection gets passed to the
f9511e684858bf5f6ac77ab12254b85b737beae8Stephan Bosch  imap-urlauth service (as implemented here). The goal of this stage is
f9511e684858bf5f6ac77ab12254b85b737beae8Stephan Bosch  to prevent the need for re-authenticating to the imap-urlauth service when
f9511e684858bf5f6ac77ab12254b85b737beae8Stephan Bosch  the clients wants to switch to a different target user. It normally runs as
f9511e684858bf5f6ac77ab12254b85b737beae8Stephan Bosch  $default_internal_user and starts workers to perform the actual work. To start
f9511e684858bf5f6ac77ab12254b85b737beae8Stephan Bosch  a worker, the imap-urlauth service establishes a control connection to the
f9511e684858bf5f6ac77ab12254b85b737beae8Stephan Bosch  imap-urlauth-worker service. In the handshake phase of the control protocol,
f9511e684858bf5f6ac77ab12254b85b737beae8Stephan Bosch  the connection of the client is passed to the worker. Once the worker
211c638d81d382517d196ad47565e0d85012c927klemens  finishes, a new worker is started and the client connection is transfered to
f9511e684858bf5f6ac77ab12254b85b737beae8Stephan Bosch  it, unless the client is disconnected.
f9511e684858bf5f6ac77ab12254b85b737beae8Stephan Bosch
f9511e684858bf5f6ac77ab12254b85b737beae8Stephan Bosch- imap-urlauth-worker:
f9511e684858bf5f6ac77ab12254b85b737beae8Stephan Bosch  The worker handles the URLAUTH requests from the client, so this is where the
f9511e684858bf5f6ac77ab12254b85b737beae8Stephan Bosch  mail store of the target user is accessed. The worker starts as root. In the
f9511e684858bf5f6ac77ab12254b85b737beae8Stephan Bosch  protocol interaction the client first indicates what the target user is.
f9511e684858bf5f6ac77ab12254b85b737beae8Stephan Bosch  The worker then performs a userdb lookup and drops privileges. The client can
f9511e684858bf5f6ac77ab12254b85b737beae8Stephan Bosch  then submit URLAUTH requests, which are limited to that user. Once the client
f9511e684858bf5f6ac77ab12254b85b737beae8Stephan Bosch  wants to access a different user, the worker terminates and the imap-urlauth
f9511e684858bf5f6ac77ab12254b85b737beae8Stephan Bosch  service starts a new worker for the next target user.
f9511e684858bf5f6ac77ab12254b85b737beae8Stephan Bosch*/
f9511e684858bf5f6ac77ab12254b85b737beae8Stephan Bosch
f9511e684858bf5f6ac77ab12254b85b737beae8Stephan Bosch#include "imap-urlauth-common.h"
f9511e684858bf5f6ac77ab12254b85b737beae8Stephan Bosch#include "lib-signals.h"
f9511e684858bf5f6ac77ab12254b85b737beae8Stephan Bosch#include "ioloop.h"
f9511e684858bf5f6ac77ab12254b85b737beae8Stephan Bosch#include "buffer.h"
f1edf7f20661ef9627acbf4054acddcba4d2eb3fStephan Bosch#include "array.h"
f9511e684858bf5f6ac77ab12254b85b737beae8Stephan Bosch#include "istream.h"
f9511e684858bf5f6ac77ab12254b85b737beae8Stephan Bosch#include "ostream.h"
dfa2201c6ac8ddb2d2798dee15662cfe774e644eMartti Rannanjärvi#include "path-util.h"
f9511e684858bf5f6ac77ab12254b85b737beae8Stephan Bosch#include "base64.h"
f9511e684858bf5f6ac77ab12254b85b737beae8Stephan Bosch#include "str.h"
f9511e684858bf5f6ac77ab12254b85b737beae8Stephan Bosch#include "process-title.h"
f9511e684858bf5f6ac77ab12254b85b737beae8Stephan Bosch#include "auth-master.h"
f9511e684858bf5f6ac77ab12254b85b737beae8Stephan Bosch#include "master-service.h"
f9511e684858bf5f6ac77ab12254b85b737beae8Stephan Bosch#include "master-service-settings.h"
f9511e684858bf5f6ac77ab12254b85b737beae8Stephan Bosch#include "master-login.h"
f9511e684858bf5f6ac77ab12254b85b737beae8Stephan Bosch#include "master-interface.h"
f9511e684858bf5f6ac77ab12254b85b737beae8Stephan Bosch#include "var-expand.h"
f9511e684858bf5f6ac77ab12254b85b737beae8Stephan Bosch
f9511e684858bf5f6ac77ab12254b85b737beae8Stephan Bosch#include <stdio.h>
f9511e684858bf5f6ac77ab12254b85b737beae8Stephan Bosch#include <unistd.h>
f9511e684858bf5f6ac77ab12254b85b737beae8Stephan Bosch
f9511e684858bf5f6ac77ab12254b85b737beae8Stephan Bosch#define IS_STANDALONE() \
f9511e684858bf5f6ac77ab12254b85b737beae8Stephan Bosch        (getenv(MASTER_IS_PARENT_ENV) == NULL)
f9511e684858bf5f6ac77ab12254b85b737beae8Stephan Bosch
f9511e684858bf5f6ac77ab12254b85b737beae8Stephan Boschbool verbose_proctitle = FALSE;
f9511e684858bf5f6ac77ab12254b85b737beae8Stephan Boschstatic struct master_login *master_login = NULL;
f9511e684858bf5f6ac77ab12254b85b737beae8Stephan Bosch
f9511e684858bf5f6ac77ab12254b85b737beae8Stephan Boschstatic const struct imap_urlauth_settings *imap_urlauth_settings;
f9511e684858bf5f6ac77ab12254b85b737beae8Stephan Bosch
f9511e684858bf5f6ac77ab12254b85b737beae8Stephan Boschvoid imap_urlauth_refresh_proctitle(void)
f9511e684858bf5f6ac77ab12254b85b737beae8Stephan Bosch{
f9511e684858bf5f6ac77ab12254b85b737beae8Stephan Bosch    struct client *client;
f9511e684858bf5f6ac77ab12254b85b737beae8Stephan Bosch    string_t *title = t_str_new(128);
f9511e684858bf5f6ac77ab12254b85b737beae8Stephan Bosch
f9511e684858bf5f6ac77ab12254b85b737beae8Stephan Bosch    if (!verbose_proctitle)
f9511e684858bf5f6ac77ab12254b85b737beae8Stephan Bosch        return;
f9511e684858bf5f6ac77ab12254b85b737beae8Stephan Bosch
f9511e684858bf5f6ac77ab12254b85b737beae8Stephan Bosch    str_append_c(title, '[');
f9511e684858bf5f6ac77ab12254b85b737beae8Stephan Bosch    switch (imap_urlauth_client_count) {
f9511e684858bf5f6ac77ab12254b85b737beae8Stephan Bosch    case 0:
f9511e684858bf5f6ac77ab12254b85b737beae8Stephan Bosch        str_append(title, "idling");
f9511e684858bf5f6ac77ab12254b85b737beae8Stephan Bosch        break;
f9511e684858bf5f6ac77ab12254b85b737beae8Stephan Bosch    case 1:
f9511e684858bf5f6ac77ab12254b85b737beae8Stephan Bosch        client = imap_urlauth_clients;
f9511e684858bf5f6ac77ab12254b85b737beae8Stephan Bosch        str_append(title, client->username);
f9511e684858bf5f6ac77ab12254b85b737beae8Stephan Bosch        break;
f9511e684858bf5f6ac77ab12254b85b737beae8Stephan Bosch    default:
f9511e684858bf5f6ac77ab12254b85b737beae8Stephan Bosch        str_printfa(title, "%u connections", imap_urlauth_client_count);
f9511e684858bf5f6ac77ab12254b85b737beae8Stephan Bosch        break;
f9511e684858bf5f6ac77ab12254b85b737beae8Stephan Bosch    }
f9511e684858bf5f6ac77ab12254b85b737beae8Stephan Bosch    str_append_c(title, ']');
f9511e684858bf5f6ac77ab12254b85b737beae8Stephan Bosch    process_title_set(str_c(title));
f9511e684858bf5f6ac77ab12254b85b737beae8Stephan Bosch}
f9511e684858bf5f6ac77ab12254b85b737beae8Stephan Bosch
f9511e684858bf5f6ac77ab12254b85b737beae8Stephan Boschstatic void imap_urlauth_die(void)
f9511e684858bf5f6ac77ab12254b85b737beae8Stephan Bosch{
f9511e684858bf5f6ac77ab12254b85b737beae8Stephan Bosch    /* do nothing. imap_urlauth connections typically die pretty quick anyway. */
f9511e684858bf5f6ac77ab12254b85b737beae8Stephan Bosch}
f9511e684858bf5f6ac77ab12254b85b737beae8Stephan Bosch
f9511e684858bf5f6ac77ab12254b85b737beae8Stephan Boschstatic int
f1edf7f20661ef9627acbf4054acddcba4d2eb3fStephan Boschclient_create_from_input(const char *service, const char *username,
f1edf7f20661ef9627acbf4054acddcba4d2eb3fStephan Bosch        int fd_in, int fd_out)
f9511e684858bf5f6ac77ab12254b85b737beae8Stephan Bosch{
f9511e684858bf5f6ac77ab12254b85b737beae8Stephan Bosch    struct client *client;
f9511e684858bf5f6ac77ab12254b85b737beae8Stephan Bosch
f1edf7f20661ef9627acbf4054acddcba4d2eb3fStephan Bosch    if (client_create(service, username, fd_in, fd_out,
f9511e684858bf5f6ac77ab12254b85b737beae8Stephan Bosch              imap_urlauth_settings, &client) < 0)
f9511e684858bf5f6ac77ab12254b85b737beae8Stephan Bosch        return -1;
f9511e684858bf5f6ac77ab12254b85b737beae8Stephan Bosch
f9511e684858bf5f6ac77ab12254b85b737beae8Stephan Bosch    if (!IS_STANDALONE())
f9511e684858bf5f6ac77ab12254b85b737beae8Stephan Bosch        client_send_line(client, "OK");
f9511e684858bf5f6ac77ab12254b85b737beae8Stephan Bosch    return 0;
f9511e684858bf5f6ac77ab12254b85b737beae8Stephan Bosch}
f9511e684858bf5f6ac77ab12254b85b737beae8Stephan Bosch
f9511e684858bf5f6ac77ab12254b85b737beae8Stephan Boschstatic void main_stdio_run(const char *username)
f9511e684858bf5f6ac77ab12254b85b737beae8Stephan Bosch{
f9511e684858bf5f6ac77ab12254b85b737beae8Stephan Bosch    username = username != NULL ? username : getenv("USER");
f9511e684858bf5f6ac77ab12254b85b737beae8Stephan Bosch    if (username == NULL && IS_STANDALONE())
f9511e684858bf5f6ac77ab12254b85b737beae8Stephan Bosch        username = getlogin();
f9511e684858bf5f6ac77ab12254b85b737beae8Stephan Bosch    if (username == NULL)
f9511e684858bf5f6ac77ab12254b85b737beae8Stephan Bosch        i_fatal("USER environment missing");
f9511e684858bf5f6ac77ab12254b85b737beae8Stephan Bosch
f1edf7f20661ef9627acbf4054acddcba4d2eb3fStephan Bosch    (void)client_create_from_input("", username, STDIN_FILENO, STDOUT_FILENO);
f9511e684858bf5f6ac77ab12254b85b737beae8Stephan Bosch}
f9511e684858bf5f6ac77ab12254b85b737beae8Stephan Bosch
f9511e684858bf5f6ac77ab12254b85b737beae8Stephan Boschstatic void
f9511e684858bf5f6ac77ab12254b85b737beae8Stephan Boschlogin_client_connected(const struct master_login_client *client,
f9511e684858bf5f6ac77ab12254b85b737beae8Stephan Bosch               const char *username, const char *const *extra_fields)
f9511e684858bf5f6ac77ab12254b85b737beae8Stephan Bosch{
f9511e684858bf5f6ac77ab12254b85b737beae8Stephan Bosch    const char *msg = "NO\n";
f9511e684858bf5f6ac77ab12254b85b737beae8Stephan Bosch    struct auth_user_reply reply;
f9511e684858bf5f6ac77ab12254b85b737beae8Stephan Bosch    struct net_unix_cred cred;
f1edf7f20661ef9627acbf4054acddcba4d2eb3fStephan Bosch    const char *const *fields;
f1edf7f20661ef9627acbf4054acddcba4d2eb3fStephan Bosch    const char *service = NULL;
f1edf7f20661ef9627acbf4054acddcba4d2eb3fStephan Bosch    unsigned int count, i;
f9511e684858bf5f6ac77ab12254b85b737beae8Stephan Bosch
f9511e684858bf5f6ac77ab12254b85b737beae8Stephan Bosch    auth_user_fields_parse(extra_fields, pool_datastack_create(), &reply);
f9511e684858bf5f6ac77ab12254b85b737beae8Stephan Bosch
f9511e684858bf5f6ac77ab12254b85b737beae8Stephan Bosch    /* check peer credentials if possible */
f9511e684858bf5f6ac77ab12254b85b737beae8Stephan Bosch    if (reply.uid != (uid_t)-1 && net_getunixcred(client->fd, &cred) == 0 &&
f9511e684858bf5f6ac77ab12254b85b737beae8Stephan Bosch        reply.uid != cred.uid) {
f9511e684858bf5f6ac77ab12254b85b737beae8Stephan Bosch        i_error("Peer's credentials (uid=%ld) do not match "
f9511e684858bf5f6ac77ab12254b85b737beae8Stephan Bosch            "the user that logged in (uid=%ld).",
f9511e684858bf5f6ac77ab12254b85b737beae8Stephan Bosch            (long)cred.uid, (long)reply.uid);
f87938eab9249ad84681f4fa747aab7b9a719670Timo Sirainen        if (write(client->fd, msg, strlen(msg)) < 0) {
f87938eab9249ad84681f4fa747aab7b9a719670Timo Sirainen            /* ignored */
f87938eab9249ad84681f4fa747aab7b9a719670Timo Sirainen        }
f9511e684858bf5f6ac77ab12254b85b737beae8Stephan Bosch        net_disconnect(client->fd);
f9511e684858bf5f6ac77ab12254b85b737beae8Stephan Bosch        return;
f9511e684858bf5f6ac77ab12254b85b737beae8Stephan Bosch    }
f9511e684858bf5f6ac77ab12254b85b737beae8Stephan Bosch
f1edf7f20661ef9627acbf4054acddcba4d2eb3fStephan Bosch    fields = array_get(&reply.extra_fields, &count);
f1edf7f20661ef9627acbf4054acddcba4d2eb3fStephan Bosch    for (i = 0; i < count; i++) {
f1edf7f20661ef9627acbf4054acddcba4d2eb3fStephan Bosch        if (strncmp(fields[i], "client_service=", 15) == 0) {
f1edf7f20661ef9627acbf4054acddcba4d2eb3fStephan Bosch            service = fields[i] + 15;
f1edf7f20661ef9627acbf4054acddcba4d2eb3fStephan Bosch            break;
f1edf7f20661ef9627acbf4054acddcba4d2eb3fStephan Bosch        }
f1edf7f20661ef9627acbf4054acddcba4d2eb3fStephan Bosch    }
f1edf7f20661ef9627acbf4054acddcba4d2eb3fStephan Bosch
f1edf7f20661ef9627acbf4054acddcba4d2eb3fStephan Bosch    if (service == NULL) {
f1edf7f20661ef9627acbf4054acddcba4d2eb3fStephan Bosch        i_error("Auth did not yield required client_service field (BUG).");
f1edf7f20661ef9627acbf4054acddcba4d2eb3fStephan Bosch        if (write(client->fd, msg, strlen(msg)) < 0) {
f1edf7f20661ef9627acbf4054acddcba4d2eb3fStephan Bosch            /* ignored */
f1edf7f20661ef9627acbf4054acddcba4d2eb3fStephan Bosch        }
f1edf7f20661ef9627acbf4054acddcba4d2eb3fStephan Bosch        net_disconnect(client->fd);
f1edf7f20661ef9627acbf4054acddcba4d2eb3fStephan Bosch        return;
f1edf7f20661ef9627acbf4054acddcba4d2eb3fStephan Bosch    }
f1edf7f20661ef9627acbf4054acddcba4d2eb3fStephan Bosch
f9511e684858bf5f6ac77ab12254b85b737beae8Stephan Bosch    if (reply.anonymous)
f9511e684858bf5f6ac77ab12254b85b737beae8Stephan Bosch        username = NULL;
f9511e684858bf5f6ac77ab12254b85b737beae8Stephan Bosch
f1edf7f20661ef9627acbf4054acddcba4d2eb3fStephan Bosch    if (client_create_from_input(service, username, client->fd, client->fd) < 0)
f9511e684858bf5f6ac77ab12254b85b737beae8Stephan Bosch        net_disconnect(client->fd);
f9511e684858bf5f6ac77ab12254b85b737beae8Stephan Bosch}
f9511e684858bf5f6ac77ab12254b85b737beae8Stephan Bosch
f9511e684858bf5f6ac77ab12254b85b737beae8Stephan Boschstatic void login_client_failed(const struct master_login_client *client,
f9511e684858bf5f6ac77ab12254b85b737beae8Stephan Bosch                const char *errormsg ATTR_UNUSED)
f9511e684858bf5f6ac77ab12254b85b737beae8Stephan Bosch{
f9511e684858bf5f6ac77ab12254b85b737beae8Stephan Bosch    const char *msg = "NO\n";
f87938eab9249ad84681f4fa747aab7b9a719670Timo Sirainen    if (write(client->fd, msg, strlen(msg)) < 0) {
f87938eab9249ad84681f4fa747aab7b9a719670Timo Sirainen        /* ignored */
f87938eab9249ad84681f4fa747aab7b9a719670Timo Sirainen    }
f9511e684858bf5f6ac77ab12254b85b737beae8Stephan Bosch}
f9511e684858bf5f6ac77ab12254b85b737beae8Stephan Bosch
f9511e684858bf5f6ac77ab12254b85b737beae8Stephan Boschstatic void client_connected(struct master_service_connection *conn)
f9511e684858bf5f6ac77ab12254b85b737beae8Stephan Bosch{
f9511e684858bf5f6ac77ab12254b85b737beae8Stephan Bosch    /* when running standalone, we shouldn't even get here */
f9511e684858bf5f6ac77ab12254b85b737beae8Stephan Bosch    i_assert(master_login != NULL);
f9511e684858bf5f6ac77ab12254b85b737beae8Stephan Bosch
f9511e684858bf5f6ac77ab12254b85b737beae8Stephan Bosch    master_service_client_connection_accept(conn);
f9511e684858bf5f6ac77ab12254b85b737beae8Stephan Bosch    master_login_add(master_login, conn->fd);
f9511e684858bf5f6ac77ab12254b85b737beae8Stephan Bosch}
f9511e684858bf5f6ac77ab12254b85b737beae8Stephan Bosch
f9511e684858bf5f6ac77ab12254b85b737beae8Stephan Boschint main(int argc, char *argv[])
f9511e684858bf5f6ac77ab12254b85b737beae8Stephan Bosch{
f9511e684858bf5f6ac77ab12254b85b737beae8Stephan Bosch    static const struct setting_parser_info *set_roots[] = {
f9511e684858bf5f6ac77ab12254b85b737beae8Stephan Bosch        &imap_urlauth_setting_parser_info,
f9511e684858bf5f6ac77ab12254b85b737beae8Stephan Bosch        NULL
f9511e684858bf5f6ac77ab12254b85b737beae8Stephan Bosch    };
f9511e684858bf5f6ac77ab12254b85b737beae8Stephan Bosch    struct master_login_settings login_set;
f9511e684858bf5f6ac77ab12254b85b737beae8Stephan Bosch    struct master_service_settings_input input;
f9511e684858bf5f6ac77ab12254b85b737beae8Stephan Bosch    struct master_service_settings_output output;
f9511e684858bf5f6ac77ab12254b85b737beae8Stephan Bosch    void **sets;
f9511e684858bf5f6ac77ab12254b85b737beae8Stephan Bosch    enum master_service_flags service_flags = 0;
f9511e684858bf5f6ac77ab12254b85b737beae8Stephan Bosch    const char *error = NULL, *username = NULL;
2812f5744f44ffb070bb6f8bede8dcaa04fe6337Timo Sirainen    const char *auth_socket_path = "auth-master";
2812f5744f44ffb070bb6f8bede8dcaa04fe6337Timo Sirainen    int c;
f9511e684858bf5f6ac77ab12254b85b737beae8Stephan Bosch
efe78d3ba24fc866af1c79b9223dc0809ba26cadStephan Bosch    i_zero(&login_set);
f9511e684858bf5f6ac77ab12254b85b737beae8Stephan Bosch    login_set.postlogin_timeout_secs = MASTER_POSTLOGIN_TIMEOUT_DEFAULT;
f9511e684858bf5f6ac77ab12254b85b737beae8Stephan Bosch
f9511e684858bf5f6ac77ab12254b85b737beae8Stephan Bosch    if (IS_STANDALONE() && getuid() == 0 &&
f9511e684858bf5f6ac77ab12254b85b737beae8Stephan Bosch        net_getpeername(1, NULL, NULL) == 0) {
f9511e684858bf5f6ac77ab12254b85b737beae8Stephan Bosch        printf("NO imap_urlauth binary must not be started from "
f9511e684858bf5f6ac77ab12254b85b737beae8Stephan Bosch               "inetd, use imap-urlauth-login instead.\n");
f9511e684858bf5f6ac77ab12254b85b737beae8Stephan Bosch        return 1;
f9511e684858bf5f6ac77ab12254b85b737beae8Stephan Bosch    }
f9511e684858bf5f6ac77ab12254b85b737beae8Stephan Bosch
f9511e684858bf5f6ac77ab12254b85b737beae8Stephan Bosch    if (IS_STANDALONE()) {
f9511e684858bf5f6ac77ab12254b85b737beae8Stephan Bosch        service_flags |= MASTER_SERVICE_FLAG_STANDALONE |
f9511e684858bf5f6ac77ab12254b85b737beae8Stephan Bosch            MASTER_SERVICE_FLAG_STD_CLIENT;
f9511e684858bf5f6ac77ab12254b85b737beae8Stephan Bosch    } else {
f9511e684858bf5f6ac77ab12254b85b737beae8Stephan Bosch        service_flags |= MASTER_SERVICE_FLAG_KEEP_CONFIG_OPEN;
f9511e684858bf5f6ac77ab12254b85b737beae8Stephan Bosch    }
f9511e684858bf5f6ac77ab12254b85b737beae8Stephan Bosch
f9511e684858bf5f6ac77ab12254b85b737beae8Stephan Bosch    master_service = master_service_init("imap-urlauth", service_flags,
2812f5744f44ffb070bb6f8bede8dcaa04fe6337Timo Sirainen                         &argc, &argv, "a:");
2812f5744f44ffb070bb6f8bede8dcaa04fe6337Timo Sirainen    while ((c = master_getopt(master_service)) > 0) {
2812f5744f44ffb070bb6f8bede8dcaa04fe6337Timo Sirainen        switch (c) {
2812f5744f44ffb070bb6f8bede8dcaa04fe6337Timo Sirainen        case 'a':
2812f5744f44ffb070bb6f8bede8dcaa04fe6337Timo Sirainen            auth_socket_path = optarg;
2812f5744f44ffb070bb6f8bede8dcaa04fe6337Timo Sirainen            break;
2812f5744f44ffb070bb6f8bede8dcaa04fe6337Timo Sirainen        default:
2812f5744f44ffb070bb6f8bede8dcaa04fe6337Timo Sirainen            return FATAL_DEFAULT;
2812f5744f44ffb070bb6f8bede8dcaa04fe6337Timo Sirainen        }
2812f5744f44ffb070bb6f8bede8dcaa04fe6337Timo Sirainen    }
f9511e684858bf5f6ac77ab12254b85b737beae8Stephan Bosch    master_service_init_log(master_service, "imap-urlauth: ");
f9511e684858bf5f6ac77ab12254b85b737beae8Stephan Bosch
efe78d3ba24fc866af1c79b9223dc0809ba26cadStephan Bosch    i_zero(&input);
f9511e684858bf5f6ac77ab12254b85b737beae8Stephan Bosch    input.roots = set_roots;
f9511e684858bf5f6ac77ab12254b85b737beae8Stephan Bosch    input.module = "imap-urlauth";
f9511e684858bf5f6ac77ab12254b85b737beae8Stephan Bosch    input.service = "imap-urlauth";
f9511e684858bf5f6ac77ab12254b85b737beae8Stephan Bosch    if (master_service_settings_read(master_service, &input, &output,
f9511e684858bf5f6ac77ab12254b85b737beae8Stephan Bosch                        &error) < 0)
f9511e684858bf5f6ac77ab12254b85b737beae8Stephan Bosch        i_fatal("Error reading configuration: %s", error);
f9511e684858bf5f6ac77ab12254b85b737beae8Stephan Bosch
f9511e684858bf5f6ac77ab12254b85b737beae8Stephan Bosch    sets = master_service_settings_get_others(master_service);
f9511e684858bf5f6ac77ab12254b85b737beae8Stephan Bosch    imap_urlauth_settings = sets[0];
f9511e684858bf5f6ac77ab12254b85b737beae8Stephan Bosch
f9511e684858bf5f6ac77ab12254b85b737beae8Stephan Bosch    if (imap_urlauth_settings->verbose_proctitle)
f9511e684858bf5f6ac77ab12254b85b737beae8Stephan Bosch        verbose_proctitle = TRUE;
f9511e684858bf5f6ac77ab12254b85b737beae8Stephan Bosch
b1c85a1f889a5e71f491e320bdac95df3c9fe550Martti Rannanjärvi    if (t_abspath(auth_socket_path, &login_set.auth_socket_path, &error) < 0) {
b1c85a1f889a5e71f491e320bdac95df3c9fe550Martti Rannanjärvi        i_fatal("t_abspath(%s) failed: %s", auth_socket_path, error);
b1c85a1f889a5e71f491e320bdac95df3c9fe550Martti Rannanjärvi    }
f9511e684858bf5f6ac77ab12254b85b737beae8Stephan Bosch    login_set.callback = login_client_connected;
f9511e684858bf5f6ac77ab12254b85b737beae8Stephan Bosch    login_set.failure_callback = login_client_failed;
f9511e684858bf5f6ac77ab12254b85b737beae8Stephan Bosch
f9511e684858bf5f6ac77ab12254b85b737beae8Stephan Bosch    master_service_init_finish(master_service);
f9511e684858bf5f6ac77ab12254b85b737beae8Stephan Bosch    master_service_set_die_callback(master_service, imap_urlauth_die);
f9511e684858bf5f6ac77ab12254b85b737beae8Stephan Bosch
f9511e684858bf5f6ac77ab12254b85b737beae8Stephan Bosch    /* fake that we're running, so we know if client was destroyed
f9511e684858bf5f6ac77ab12254b85b737beae8Stephan Bosch       while handling its initial input */
f9511e684858bf5f6ac77ab12254b85b737beae8Stephan Bosch    io_loop_set_running(current_ioloop);
f9511e684858bf5f6ac77ab12254b85b737beae8Stephan Bosch
f9511e684858bf5f6ac77ab12254b85b737beae8Stephan Bosch    if (IS_STANDALONE()) {
f9511e684858bf5f6ac77ab12254b85b737beae8Stephan Bosch        T_BEGIN {
f9511e684858bf5f6ac77ab12254b85b737beae8Stephan Bosch            main_stdio_run(username);
f9511e684858bf5f6ac77ab12254b85b737beae8Stephan Bosch        } T_END;
f9511e684858bf5f6ac77ab12254b85b737beae8Stephan Bosch    } else {
f9511e684858bf5f6ac77ab12254b85b737beae8Stephan Bosch        master_login = master_login_init(master_service, &login_set);
f9511e684858bf5f6ac77ab12254b85b737beae8Stephan Bosch        io_loop_set_running(current_ioloop);
f9511e684858bf5f6ac77ab12254b85b737beae8Stephan Bosch    }
f9511e684858bf5f6ac77ab12254b85b737beae8Stephan Bosch
f9511e684858bf5f6ac77ab12254b85b737beae8Stephan Bosch    if (io_loop_is_running(current_ioloop))
f9511e684858bf5f6ac77ab12254b85b737beae8Stephan Bosch        master_service_run(master_service, client_connected);
f9511e684858bf5f6ac77ab12254b85b737beae8Stephan Bosch    clients_destroy_all();
f9511e684858bf5f6ac77ab12254b85b737beae8Stephan Bosch
f9511e684858bf5f6ac77ab12254b85b737beae8Stephan Bosch    if (master_login != NULL)
f9511e684858bf5f6ac77ab12254b85b737beae8Stephan Bosch        master_login_deinit(&master_login);
f9511e684858bf5f6ac77ab12254b85b737beae8Stephan Bosch    master_service_deinit(&master_service);
f9511e684858bf5f6ac77ab12254b85b737beae8Stephan Bosch    return 0;
f9511e684858bf5f6ac77ab12254b85b737beae8Stephan Bosch}