src/lib-auth/auth-client-request.c

	auth-client-request.c revision a10ed8c47534b4c6b6bf2711ccfe577e720a47b4
5f5870385cff47efd2f58e7892f251cf13761528Timo Sirainen/* Copyright (c) 2003-2012 Dovecot authors, see the included COPYING file */
9137c55411aa39d41c1e705ddc34d5bd26c65021Timo Sirainen
9137c55411aa39d41c1e705ddc34d5bd26c65021Timo Sirainen#include "lib.h"
9137c55411aa39d41c1e705ddc34d5bd26c65021Timo Sirainen#include "str.h"
9137c55411aa39d41c1e705ddc34d5bd26c65021Timo Sirainen#include "strescape.h"
9137c55411aa39d41c1e705ddc34d5bd26c65021Timo Sirainen#include "ostream.h"
9137c55411aa39d41c1e705ddc34d5bd26c65021Timo Sirainen#include "auth-client-private.h"
9137c55411aa39d41c1e705ddc34d5bd26c65021Timo Sirainen#include "auth-server-connection.h"
9137c55411aa39d41c1e705ddc34d5bd26c65021Timo Sirainen#include "auth-client-request.h"
9137c55411aa39d41c1e705ddc34d5bd26c65021Timo Sirainen
9137c55411aa39d41c1e705ddc34d5bd26c65021Timo Sirainen#include <stdlib.h>
9137c55411aa39d41c1e705ddc34d5bd26c65021Timo Sirainen
9137c55411aa39d41c1e705ddc34d5bd26c65021Timo Sirainenstruct auth_client_request {
9137c55411aa39d41c1e705ddc34d5bd26c65021Timo Sirainen    pool_t pool;
9137c55411aa39d41c1e705ddc34d5bd26c65021Timo Sirainen
9137c55411aa39d41c1e705ddc34d5bd26c65021Timo Sirainen    struct auth_server_connection *conn;
9137c55411aa39d41c1e705ddc34d5bd26c65021Timo Sirainen    unsigned int id;
9ddd3d7d8651985e373a6c48e0ddc76b8a4ef1c7Timo Sirainen    time_t created;
9137c55411aa39d41c1e705ddc34d5bd26c65021Timo Sirainen
9137c55411aa39d41c1e705ddc34d5bd26c65021Timo Sirainen    struct auth_request_info request_info;
9137c55411aa39d41c1e705ddc34d5bd26c65021Timo Sirainen
9137c55411aa39d41c1e705ddc34d5bd26c65021Timo Sirainen    auth_request_callback_t *callback;
9137c55411aa39d41c1e705ddc34d5bd26c65021Timo Sirainen    void *context;
9137c55411aa39d41c1e705ddc34d5bd26c65021Timo Sirainen};
9137c55411aa39d41c1e705ddc34d5bd26c65021Timo Sirainen
9137c55411aa39d41c1e705ddc34d5bd26c65021Timo Sirainenstatic void auth_server_send_new_request(struct auth_server_connection *conn,
9137c55411aa39d41c1e705ddc34d5bd26c65021Timo Sirainen                     struct auth_client_request *request)
9137c55411aa39d41c1e705ddc34d5bd26c65021Timo Sirainen{
9137c55411aa39d41c1e705ddc34d5bd26c65021Timo Sirainen    struct auth_request_info *info = &request->request_info;
9137c55411aa39d41c1e705ddc34d5bd26c65021Timo Sirainen    string_t *str;
9137c55411aa39d41c1e705ddc34d5bd26c65021Timo Sirainen
9137c55411aa39d41c1e705ddc34d5bd26c65021Timo Sirainen    str = t_str_new(512);
9137c55411aa39d41c1e705ddc34d5bd26c65021Timo Sirainen    str_printfa(str, "AUTH\t%u\t", request->id);
9137c55411aa39d41c1e705ddc34d5bd26c65021Timo Sirainen    str_tabescape_write(str, info->mech);
9137c55411aa39d41c1e705ddc34d5bd26c65021Timo Sirainen    str_append(str, "\tservice=");
9137c55411aa39d41c1e705ddc34d5bd26c65021Timo Sirainen    str_tabescape_write(str, info->service);
9137c55411aa39d41c1e705ddc34d5bd26c65021Timo Sirainen
38505846b6d083e19f0a7d1373761bdda5d9a5a9Timo Sirainen    if ((info->flags & AUTH_REQUEST_FLAG_SUPPORT_FINAL_RESP) != 0)
38505846b6d083e19f0a7d1373761bdda5d9a5a9Timo Sirainen        str_append(str, "\tfinal-resp-ok");
9137c55411aa39d41c1e705ddc34d5bd26c65021Timo Sirainen    if ((info->flags & AUTH_REQUEST_FLAG_SECURED) != 0)
9137c55411aa39d41c1e705ddc34d5bd26c65021Timo Sirainen        str_append(str, "\tsecured");
d8702d15ee7721ed1fcfc8f00a589970bd6b3598Timo Sirainen    if ((info->flags & AUTH_REQUEST_FLAG_NO_PENALTY) != 0)
d8702d15ee7721ed1fcfc8f00a589970bd6b3598Timo Sirainen        str_append(str, "\tno-penalty");
9137c55411aa39d41c1e705ddc34d5bd26c65021Timo Sirainen    if ((info->flags & AUTH_REQUEST_FLAG_VALID_CLIENT_CERT) != 0)
9137c55411aa39d41c1e705ddc34d5bd26c65021Timo Sirainen        str_append(str, "\tvalid-client-cert");
9137c55411aa39d41c1e705ddc34d5bd26c65021Timo Sirainen
f016dec9837e6a41867708e4b89ca5308dedab05Timo Sirainen    if (info->session_id != NULL) {
f016dec9837e6a41867708e4b89ca5308dedab05Timo Sirainen        str_append(str, "\tsession=");
f016dec9837e6a41867708e4b89ca5308dedab05Timo Sirainen        str_tabescape_write(str, info->session_id);
f016dec9837e6a41867708e4b89ca5308dedab05Timo Sirainen    }
9137c55411aa39d41c1e705ddc34d5bd26c65021Timo Sirainen    if (info->cert_username != NULL) {
9137c55411aa39d41c1e705ddc34d5bd26c65021Timo Sirainen        str_append(str, "\tcert_username=");
9137c55411aa39d41c1e705ddc34d5bd26c65021Timo Sirainen        str_tabescape_write(str, info->cert_username);
9137c55411aa39d41c1e705ddc34d5bd26c65021Timo Sirainen    }
9137c55411aa39d41c1e705ddc34d5bd26c65021Timo Sirainen    if (info->local_ip.family != 0)
9137c55411aa39d41c1e705ddc34d5bd26c65021Timo Sirainen        str_printfa(str, "\tlip=%s", net_ip2addr(&info->local_ip));
9137c55411aa39d41c1e705ddc34d5bd26c65021Timo Sirainen    if (info->remote_ip.family != 0)
9137c55411aa39d41c1e705ddc34d5bd26c65021Timo Sirainen        str_printfa(str, "\trip=%s", net_ip2addr(&info->remote_ip));
9137c55411aa39d41c1e705ddc34d5bd26c65021Timo Sirainen    if (info->local_port != 0)
9137c55411aa39d41c1e705ddc34d5bd26c65021Timo Sirainen        str_printfa(str, "\tlport=%u", info->local_port);
9137c55411aa39d41c1e705ddc34d5bd26c65021Timo Sirainen    if (info->remote_port != 0)
9137c55411aa39d41c1e705ddc34d5bd26c65021Timo Sirainen        str_printfa(str, "\trport=%u", info->remote_port);
9137c55411aa39d41c1e705ddc34d5bd26c65021Timo Sirainen    if (info->initial_resp_base64 != NULL) {
9137c55411aa39d41c1e705ddc34d5bd26c65021Timo Sirainen        str_append(str, "\tresp=");
9137c55411aa39d41c1e705ddc34d5bd26c65021Timo Sirainen        str_tabescape_write(str, info->initial_resp_base64);
9137c55411aa39d41c1e705ddc34d5bd26c65021Timo Sirainen    }
9137c55411aa39d41c1e705ddc34d5bd26c65021Timo Sirainen    str_append_c(str, '\n');
9137c55411aa39d41c1e705ddc34d5bd26c65021Timo Sirainen
9137c55411aa39d41c1e705ddc34d5bd26c65021Timo Sirainen    if (o_stream_send(conn->output, str_data(str), str_len(str)) < 0)
9137c55411aa39d41c1e705ddc34d5bd26c65021Timo Sirainen        i_error("Error sending request to auth server: %m");
9137c55411aa39d41c1e705ddc34d5bd26c65021Timo Sirainen}
9137c55411aa39d41c1e705ddc34d5bd26c65021Timo Sirainen
9137c55411aa39d41c1e705ddc34d5bd26c65021Timo Sirainenstruct auth_client_request *
9137c55411aa39d41c1e705ddc34d5bd26c65021Timo Sirainenauth_client_request_new(struct auth_client *client,
9137c55411aa39d41c1e705ddc34d5bd26c65021Timo Sirainen            const struct auth_request_info *request_info,
9137c55411aa39d41c1e705ddc34d5bd26c65021Timo Sirainen            auth_request_callback_t *callback, void *context)
9137c55411aa39d41c1e705ddc34d5bd26c65021Timo Sirainen{
9137c55411aa39d41c1e705ddc34d5bd26c65021Timo Sirainen    struct auth_client_request *request;
9137c55411aa39d41c1e705ddc34d5bd26c65021Timo Sirainen    pool_t pool;
9137c55411aa39d41c1e705ddc34d5bd26c65021Timo Sirainen
9137c55411aa39d41c1e705ddc34d5bd26c65021Timo Sirainen    pool = pool_alloconly_create("auth client request", 512);
9137c55411aa39d41c1e705ddc34d5bd26c65021Timo Sirainen    request = p_new(pool, struct auth_client_request, 1);
9137c55411aa39d41c1e705ddc34d5bd26c65021Timo Sirainen    request->pool = pool;
9137c55411aa39d41c1e705ddc34d5bd26c65021Timo Sirainen    request->conn = client->conn;
9137c55411aa39d41c1e705ddc34d5bd26c65021Timo Sirainen
9137c55411aa39d41c1e705ddc34d5bd26c65021Timo Sirainen    request->request_info = *request_info;
9137c55411aa39d41c1e705ddc34d5bd26c65021Timo Sirainen    request->request_info.mech = p_strdup(pool, request_info->mech);
9137c55411aa39d41c1e705ddc34d5bd26c65021Timo Sirainen    request->request_info.service = p_strdup(pool, request_info->service);
f016dec9837e6a41867708e4b89ca5308dedab05Timo Sirainen    request->request_info.session_id =
f016dec9837e6a41867708e4b89ca5308dedab05Timo Sirainen        p_strdup_empty(pool, request_info->session_id);
9137c55411aa39d41c1e705ddc34d5bd26c65021Timo Sirainen    request->request_info.cert_username =
0ad9d535b04fe4a80534702617e17fd0d261fafaTimo Sirainen        p_strdup_empty(pool, request_info->cert_username);
9137c55411aa39d41c1e705ddc34d5bd26c65021Timo Sirainen    request->request_info.initial_resp_base64 =
0ad9d535b04fe4a80534702617e17fd0d261fafaTimo Sirainen        p_strdup_empty(pool, request_info->initial_resp_base64);
9137c55411aa39d41c1e705ddc34d5bd26c65021Timo Sirainen
9137c55411aa39d41c1e705ddc34d5bd26c65021Timo Sirainen    request->callback = callback;
9137c55411aa39d41c1e705ddc34d5bd26c65021Timo Sirainen    request->context = context;
9137c55411aa39d41c1e705ddc34d5bd26c65021Timo Sirainen
9137c55411aa39d41c1e705ddc34d5bd26c65021Timo Sirainen    request->id =
9137c55411aa39d41c1e705ddc34d5bd26c65021Timo Sirainen        auth_server_connection_add_request(request->conn, request);
9ddd3d7d8651985e373a6c48e0ddc76b8a4ef1c7Timo Sirainen    request->created = ioloop_time;
9137c55411aa39d41c1e705ddc34d5bd26c65021Timo Sirainen    T_BEGIN {
9137c55411aa39d41c1e705ddc34d5bd26c65021Timo Sirainen        auth_server_send_new_request(request->conn, request);
9137c55411aa39d41c1e705ddc34d5bd26c65021Timo Sirainen    } T_END;
9137c55411aa39d41c1e705ddc34d5bd26c65021Timo Sirainen    return request;
9137c55411aa39d41c1e705ddc34d5bd26c65021Timo Sirainen}
9137c55411aa39d41c1e705ddc34d5bd26c65021Timo Sirainen
9137c55411aa39d41c1e705ddc34d5bd26c65021Timo Sirainenvoid auth_client_request_continue(struct auth_client_request *request,
9137c55411aa39d41c1e705ddc34d5bd26c65021Timo Sirainen                                  const char *data_base64)
9137c55411aa39d41c1e705ddc34d5bd26c65021Timo Sirainen{
9137c55411aa39d41c1e705ddc34d5bd26c65021Timo Sirainen    struct const_iovec iov[3];
9137c55411aa39d41c1e705ddc34d5bd26c65021Timo Sirainen    const char *prefix;
9137c55411aa39d41c1e705ddc34d5bd26c65021Timo Sirainen
9137c55411aa39d41c1e705ddc34d5bd26c65021Timo Sirainen    prefix = t_strdup_printf("CONT\t%u\t", request->id);
9137c55411aa39d41c1e705ddc34d5bd26c65021Timo Sirainen
9137c55411aa39d41c1e705ddc34d5bd26c65021Timo Sirainen    iov[0].iov_base = prefix;
9137c55411aa39d41c1e705ddc34d5bd26c65021Timo Sirainen    iov[0].iov_len = strlen(prefix);
9137c55411aa39d41c1e705ddc34d5bd26c65021Timo Sirainen    iov[1].iov_base = data_base64;
9137c55411aa39d41c1e705ddc34d5bd26c65021Timo Sirainen    iov[1].iov_len = strlen(data_base64);
9137c55411aa39d41c1e705ddc34d5bd26c65021Timo Sirainen    iov[2].iov_base = "\n";
9137c55411aa39d41c1e705ddc34d5bd26c65021Timo Sirainen    iov[2].iov_len = 1;
9137c55411aa39d41c1e705ddc34d5bd26c65021Timo Sirainen
9137c55411aa39d41c1e705ddc34d5bd26c65021Timo Sirainen    if (o_stream_sendv(request->conn->output, iov, 3) < 0)
9137c55411aa39d41c1e705ddc34d5bd26c65021Timo Sirainen        i_error("Error sending continue request to auth server: %m");
9137c55411aa39d41c1e705ddc34d5bd26c65021Timo Sirainen}
9137c55411aa39d41c1e705ddc34d5bd26c65021Timo Sirainen
a10ed8c47534b4c6b6bf2711ccfe577e720a47b4Timo Sirainenstatic void ATTR_NULL(3, 4)
a10ed8c47534b4c6b6bf2711ccfe577e720a47b4Timo Sirainencall_callback(struct auth_client_request *request,
a10ed8c47534b4c6b6bf2711ccfe577e720a47b4Timo Sirainen          enum auth_request_status status,
a10ed8c47534b4c6b6bf2711ccfe577e720a47b4Timo Sirainen          const char *data_base64,
a10ed8c47534b4c6b6bf2711ccfe577e720a47b4Timo Sirainen          const char *const *args)
4a0641e1ff10f0b0299fd36baf38057c54268e48Timo Sirainen{
4a0641e1ff10f0b0299fd36baf38057c54268e48Timo Sirainen    auth_request_callback_t *callback = request->callback;
4a0641e1ff10f0b0299fd36baf38057c54268e48Timo Sirainen
57593ca3c443884bac880b8deff7c0655ddd9a30Timo Sirainen    if (status != AUTH_REQUEST_STATUS_CONTINUE)
57593ca3c443884bac880b8deff7c0655ddd9a30Timo Sirainen        request->callback = NULL;
4a0641e1ff10f0b0299fd36baf38057c54268e48Timo Sirainen    callback(request, status, data_base64, args, request->context);
4a0641e1ff10f0b0299fd36baf38057c54268e48Timo Sirainen}
4a0641e1ff10f0b0299fd36baf38057c54268e48Timo Sirainen
9137c55411aa39d41c1e705ddc34d5bd26c65021Timo Sirainenvoid auth_client_request_abort(struct auth_client_request **_request)
9137c55411aa39d41c1e705ddc34d5bd26c65021Timo Sirainen{
9137c55411aa39d41c1e705ddc34d5bd26c65021Timo Sirainen    struct auth_client_request *request = *_request;
9137c55411aa39d41c1e705ddc34d5bd26c65021Timo Sirainen
9137c55411aa39d41c1e705ddc34d5bd26c65021Timo Sirainen    *_request = NULL;
9137c55411aa39d41c1e705ddc34d5bd26c65021Timo Sirainen
4a0641e1ff10f0b0299fd36baf38057c54268e48Timo Sirainen    auth_client_send_cancel(request->conn->client, request->id);
7c849dbc7be089175c1a83a84ee7249ed695810dTimo Sirainen    call_callback(request, AUTH_REQUEST_STATUS_ABORT, NULL, NULL);
9137c55411aa39d41c1e705ddc34d5bd26c65021Timo Sirainen}
9137c55411aa39d41c1e705ddc34d5bd26c65021Timo Sirainen
9137c55411aa39d41c1e705ddc34d5bd26c65021Timo Sirainenunsigned int auth_client_request_get_id(struct auth_client_request *request)
9137c55411aa39d41c1e705ddc34d5bd26c65021Timo Sirainen{
9137c55411aa39d41c1e705ddc34d5bd26c65021Timo Sirainen    return request->id;
9137c55411aa39d41c1e705ddc34d5bd26c65021Timo Sirainen}
9137c55411aa39d41c1e705ddc34d5bd26c65021Timo Sirainen
9137c55411aa39d41c1e705ddc34d5bd26c65021Timo Sirainenunsigned int
9137c55411aa39d41c1e705ddc34d5bd26c65021Timo Sirainenauth_client_request_get_server_pid(struct auth_client_request *request)
9137c55411aa39d41c1e705ddc34d5bd26c65021Timo Sirainen{
9137c55411aa39d41c1e705ddc34d5bd26c65021Timo Sirainen    return request->conn->server_pid;
9137c55411aa39d41c1e705ddc34d5bd26c65021Timo Sirainen}
9137c55411aa39d41c1e705ddc34d5bd26c65021Timo Sirainen
66c3f635f2f33905af527d49b27f95322aa7dfa7Timo Sirainenconst char *auth_client_request_get_cookie(struct auth_client_request *request)
66c3f635f2f33905af527d49b27f95322aa7dfa7Timo Sirainen{
66c3f635f2f33905af527d49b27f95322aa7dfa7Timo Sirainen    return request->conn->cookie;
66c3f635f2f33905af527d49b27f95322aa7dfa7Timo Sirainen}
66c3f635f2f33905af527d49b27f95322aa7dfa7Timo Sirainen
9137c55411aa39d41c1e705ddc34d5bd26c65021Timo Sirainenbool auth_client_request_is_aborted(struct auth_client_request *request)
9137c55411aa39d41c1e705ddc34d5bd26c65021Timo Sirainen{
9137c55411aa39d41c1e705ddc34d5bd26c65021Timo Sirainen    return request->callback == NULL;
9137c55411aa39d41c1e705ddc34d5bd26c65021Timo Sirainen}
9137c55411aa39d41c1e705ddc34d5bd26c65021Timo Sirainen
9ddd3d7d8651985e373a6c48e0ddc76b8a4ef1c7Timo Sirainentime_t auth_client_request_get_create_time(struct auth_client_request *request)
9ddd3d7d8651985e373a6c48e0ddc76b8a4ef1c7Timo Sirainen{
9ddd3d7d8651985e373a6c48e0ddc76b8a4ef1c7Timo Sirainen    return request->created;
9ddd3d7d8651985e373a6c48e0ddc76b8a4ef1c7Timo Sirainen}
9ddd3d7d8651985e373a6c48e0ddc76b8a4ef1c7Timo Sirainen
9137c55411aa39d41c1e705ddc34d5bd26c65021Timo Sirainenvoid auth_client_request_server_input(struct auth_client_request *request,
9137c55411aa39d41c1e705ddc34d5bd26c65021Timo Sirainen                      enum auth_request_status status,
9137c55411aa39d41c1e705ddc34d5bd26c65021Timo Sirainen                      const char *const *args)
9137c55411aa39d41c1e705ddc34d5bd26c65021Timo Sirainen{
9137c55411aa39d41c1e705ddc34d5bd26c65021Timo Sirainen    const char *const *tmp, *base64_data = NULL;
9137c55411aa39d41c1e705ddc34d5bd26c65021Timo Sirainen
9137c55411aa39d41c1e705ddc34d5bd26c65021Timo Sirainen    if (request->callback == NULL) {
9137c55411aa39d41c1e705ddc34d5bd26c65021Timo Sirainen        /* aborted already */
9137c55411aa39d41c1e705ddc34d5bd26c65021Timo Sirainen        return;
9137c55411aa39d41c1e705ddc34d5bd26c65021Timo Sirainen    }
9137c55411aa39d41c1e705ddc34d5bd26c65021Timo Sirainen
9137c55411aa39d41c1e705ddc34d5bd26c65021Timo Sirainen    switch (status) {
9137c55411aa39d41c1e705ddc34d5bd26c65021Timo Sirainen    case AUTH_REQUEST_STATUS_OK:
9137c55411aa39d41c1e705ddc34d5bd26c65021Timo Sirainen        for (tmp = args; *tmp != NULL; tmp++) {
9137c55411aa39d41c1e705ddc34d5bd26c65021Timo Sirainen            if (strncmp(*tmp, "resp=", 5) == 0) {
9137c55411aa39d41c1e705ddc34d5bd26c65021Timo Sirainen                base64_data = *tmp + 5;
9137c55411aa39d41c1e705ddc34d5bd26c65021Timo Sirainen                break;
9137c55411aa39d41c1e705ddc34d5bd26c65021Timo Sirainen            }
9137c55411aa39d41c1e705ddc34d5bd26c65021Timo Sirainen        }
9137c55411aa39d41c1e705ddc34d5bd26c65021Timo Sirainen        break;
9137c55411aa39d41c1e705ddc34d5bd26c65021Timo Sirainen    case AUTH_REQUEST_STATUS_CONTINUE:
9137c55411aa39d41c1e705ddc34d5bd26c65021Timo Sirainen        base64_data = args[0];
9137c55411aa39d41c1e705ddc34d5bd26c65021Timo Sirainen        args = NULL;
9137c55411aa39d41c1e705ddc34d5bd26c65021Timo Sirainen        break;
9137c55411aa39d41c1e705ddc34d5bd26c65021Timo Sirainen    case AUTH_REQUEST_STATUS_FAIL:
7c849dbc7be089175c1a83a84ee7249ed695810dTimo Sirainen    case AUTH_REQUEST_STATUS_INTERNAL_FAIL:
7c849dbc7be089175c1a83a84ee7249ed695810dTimo Sirainen    case AUTH_REQUEST_STATUS_ABORT:
9137c55411aa39d41c1e705ddc34d5bd26c65021Timo Sirainen        break;
9137c55411aa39d41c1e705ddc34d5bd26c65021Timo Sirainen    }
9137c55411aa39d41c1e705ddc34d5bd26c65021Timo Sirainen
4a0641e1ff10f0b0299fd36baf38057c54268e48Timo Sirainen    call_callback(request, status, base64_data, args);
9137c55411aa39d41c1e705ddc34d5bd26c65021Timo Sirainen    if (status != AUTH_REQUEST_STATUS_CONTINUE)
9137c55411aa39d41c1e705ddc34d5bd26c65021Timo Sirainen        pool_unref(&request->pool);
9137c55411aa39d41c1e705ddc34d5bd26c65021Timo Sirainen}
3b8d05391336c0e4d24c8ddcc962f350409ffbd3Timo Sirainen
3b8d05391336c0e4d24c8ddcc962f350409ffbd3Timo Sirainenvoid auth_client_send_cancel(struct auth_client *client, unsigned int id)
3b8d05391336c0e4d24c8ddcc962f350409ffbd3Timo Sirainen{
3b8d05391336c0e4d24c8ddcc962f350409ffbd3Timo Sirainen    const char *str = t_strdup_printf("CANCEL\t%u\n", id);
3b8d05391336c0e4d24c8ddcc962f350409ffbd3Timo Sirainen
3b8d05391336c0e4d24c8ddcc962f350409ffbd3Timo Sirainen    if (o_stream_send_str(client->conn->output, str) < 0)
3b8d05391336c0e4d24c8ddcc962f350409ffbd3Timo Sirainen        i_error("Error sending request to auth server: %m");
3b8d05391336c0e4d24c8ddcc962f350409ffbd3Timo Sirainen}