bcb4e51a409d94ae670de96afb8483a4f7855294Stephan Bosch/* Copyright (c) 2003-2018 Dovecot authors, see the included COPYING file */
2a90d8a14b0e7cc1508814bc87d3dfa598ef46a8Timo Sirainen
2a90d8a14b0e7cc1508814bc87d3dfa598ef46a8Timo Sirainen#include "lib.h"
9137c55411aa39d41c1e705ddc34d5bd26c65021Timo Sirainen#include "array.h"
2a90d8a14b0e7cc1508814bc87d3dfa598ef46a8Timo Sirainen#include "hash.h"
9ddd3d7d8651985e373a6c48e0ddc76b8a4ef1c7Timo Sirainen#include "hostpid.h"
2a90d8a14b0e7cc1508814bc87d3dfa598ef46a8Timo Sirainen#include "ioloop.h"
2a90d8a14b0e7cc1508814bc87d3dfa598ef46a8Timo Sirainen#include "istream.h"
2a90d8a14b0e7cc1508814bc87d3dfa598ef46a8Timo Sirainen#include "ostream.h"
bdd36cfdba3ff66d25570a9ff568d69e1eb543cfTimo Sirainen#include "net.h"
7a60e1dc9e93ef3f7c7fe1af6385a0bfa1e31bc3Timo Sirainen#include "strescape.h"
9137c55411aa39d41c1e705ddc34d5bd26c65021Timo Sirainen#include "eacces-error.h"
9137c55411aa39d41c1e705ddc34d5bd26c65021Timo Sirainen#include "auth-client-private.h"
9137c55411aa39d41c1e705ddc34d5bd26c65021Timo Sirainen#include "auth-client-request.h"
2a90d8a14b0e7cc1508814bc87d3dfa598ef46a8Timo Sirainen#include "auth-server-connection.h"
2a90d8a14b0e7cc1508814bc87d3dfa598ef46a8Timo Sirainen
2a90d8a14b0e7cc1508814bc87d3dfa598ef46a8Timo Sirainen#include <unistd.h>
2a90d8a14b0e7cc1508814bc87d3dfa598ef46a8Timo Sirainen
9137c55411aa39d41c1e705ddc34d5bd26c65021Timo Sirainen#define AUTH_SERVER_CONN_MAX_LINE_LENGTH AUTH_CLIENT_MAX_LINE_LENGTH
0cb5a9bfbf40b3b323956792aa13d342a459585eTimo Sirainen#define AUTH_HANDSHAKE_TIMEOUT (30*1000)
9137c55411aa39d41c1e705ddc34d5bd26c65021Timo Sirainen#define AUTH_SERVER_RECONNECT_TIMEOUT_SECS 5
0cb5a9bfbf40b3b323956792aa13d342a459585eTimo Sirainen
9137c55411aa39d41c1e705ddc34d5bd26c65021Timo Sirainenstatic void
9ddd3d7d8651985e373a6c48e0ddc76b8a4ef1c7Timo Sirainenauth_server_connection_reconnect(struct auth_server_connection *conn,
9ddd3d7d8651985e373a6c48e0ddc76b8a4ef1c7Timo Sirainen const char *disconnect_reason);
a272994d43de80a306a8ed1f2983960d1f3102d0Timo Sirainen
9137c55411aa39d41c1e705ddc34d5bd26c65021Timo Sirainenstatic int
9137c55411aa39d41c1e705ddc34d5bd26c65021Timo Sirainenauth_server_input_mech(struct auth_server_connection *conn,
9137c55411aa39d41c1e705ddc34d5bd26c65021Timo Sirainen const char *const *args)
2a90d8a14b0e7cc1508814bc87d3dfa598ef46a8Timo Sirainen{
d1414c09cf0d58ac983054e2f4e1a1f329272dcfTimo Sirainen struct auth_mech_desc mech_desc;
d1414c09cf0d58ac983054e2f4e1a1f329272dcfTimo Sirainen
73bfdbe28c2ce6d143eadf0bab8ccfbe4cab0faeTimo Sirainen if (conn->handshake_received) {
73bfdbe28c2ce6d143eadf0bab8ccfbe4cab0faeTimo Sirainen i_error("BUG: Authentication server already sent handshake");
9137c55411aa39d41c1e705ddc34d5bd26c65021Timo Sirainen return -1;
d1414c09cf0d58ac983054e2f4e1a1f329272dcfTimo Sirainen }
9137c55411aa39d41c1e705ddc34d5bd26c65021Timo Sirainen if (args[0] == NULL) {
73bfdbe28c2ce6d143eadf0bab8ccfbe4cab0faeTimo Sirainen i_error("BUG: Authentication server sent broken MECH line");
9137c55411aa39d41c1e705ddc34d5bd26c65021Timo Sirainen return -1;
73bfdbe28c2ce6d143eadf0bab8ccfbe4cab0faeTimo Sirainen }
d1414c09cf0d58ac983054e2f4e1a1f329272dcfTimo Sirainen
efe78d3ba24fc866af1c79b9223dc0809ba26cadStephan Bosch i_zero(&mech_desc);
9137c55411aa39d41c1e705ddc34d5bd26c65021Timo Sirainen mech_desc.name = p_strdup(conn->pool, args[0]);
73bfdbe28c2ce6d143eadf0bab8ccfbe4cab0faeTimo Sirainen
73bfdbe28c2ce6d143eadf0bab8ccfbe4cab0faeTimo Sirainen if (strcmp(mech_desc.name, "PLAIN") == 0)
73bfdbe28c2ce6d143eadf0bab8ccfbe4cab0faeTimo Sirainen conn->has_plain_mech = TRUE;
73bfdbe28c2ce6d143eadf0bab8ccfbe4cab0faeTimo Sirainen
9137c55411aa39d41c1e705ddc34d5bd26c65021Timo Sirainen for (args++; *args != NULL; args++) {
9137c55411aa39d41c1e705ddc34d5bd26c65021Timo Sirainen if (strcmp(*args, "private") == 0)
73bfdbe28c2ce6d143eadf0bab8ccfbe4cab0faeTimo Sirainen mech_desc.flags |= MECH_SEC_PRIVATE;
9137c55411aa39d41c1e705ddc34d5bd26c65021Timo Sirainen else if (strcmp(*args, "anonymous") == 0)
73bfdbe28c2ce6d143eadf0bab8ccfbe4cab0faeTimo Sirainen mech_desc.flags |= MECH_SEC_ANONYMOUS;
9137c55411aa39d41c1e705ddc34d5bd26c65021Timo Sirainen else if (strcmp(*args, "plaintext") == 0)
73bfdbe28c2ce6d143eadf0bab8ccfbe4cab0faeTimo Sirainen mech_desc.flags |= MECH_SEC_PLAINTEXT;
9137c55411aa39d41c1e705ddc34d5bd26c65021Timo Sirainen else if (strcmp(*args, "dictionary") == 0)
73bfdbe28c2ce6d143eadf0bab8ccfbe4cab0faeTimo Sirainen mech_desc.flags |= MECH_SEC_DICTIONARY;
9137c55411aa39d41c1e705ddc34d5bd26c65021Timo Sirainen else if (strcmp(*args, "active") == 0)
73bfdbe28c2ce6d143eadf0bab8ccfbe4cab0faeTimo Sirainen mech_desc.flags |= MECH_SEC_ACTIVE;
9137c55411aa39d41c1e705ddc34d5bd26c65021Timo Sirainen else if (strcmp(*args, "forward-secrecy") == 0)
73bfdbe28c2ce6d143eadf0bab8ccfbe4cab0faeTimo Sirainen mech_desc.flags |= MECH_SEC_FORWARD_SECRECY;
9137c55411aa39d41c1e705ddc34d5bd26c65021Timo Sirainen else if (strcmp(*args, "mutual-auth") == 0)
73bfdbe28c2ce6d143eadf0bab8ccfbe4cab0faeTimo Sirainen mech_desc.flags |= MECH_SEC_MUTUAL_AUTH;
73bfdbe28c2ce6d143eadf0bab8ccfbe4cab0faeTimo Sirainen }
9137c55411aa39d41c1e705ddc34d5bd26c65021Timo Sirainen array_append(&conn->available_auth_mechs, &mech_desc, 1);
9137c55411aa39d41c1e705ddc34d5bd26c65021Timo Sirainen return 0;
73bfdbe28c2ce6d143eadf0bab8ccfbe4cab0faeTimo Sirainen}
d1414c09cf0d58ac983054e2f4e1a1f329272dcfTimo Sirainen
9137c55411aa39d41c1e705ddc34d5bd26c65021Timo Sirainenstatic int
9137c55411aa39d41c1e705ddc34d5bd26c65021Timo Sirainenauth_server_input_spid(struct auth_server_connection *conn,
9137c55411aa39d41c1e705ddc34d5bd26c65021Timo Sirainen const char *const *args)
73bfdbe28c2ce6d143eadf0bab8ccfbe4cab0faeTimo Sirainen{
73bfdbe28c2ce6d143eadf0bab8ccfbe4cab0faeTimo Sirainen if (conn->handshake_received) {
73bfdbe28c2ce6d143eadf0bab8ccfbe4cab0faeTimo Sirainen i_error("BUG: Authentication server already sent handshake");
9137c55411aa39d41c1e705ddc34d5bd26c65021Timo Sirainen return -1;
73bfdbe28c2ce6d143eadf0bab8ccfbe4cab0faeTimo Sirainen }
73bfdbe28c2ce6d143eadf0bab8ccfbe4cab0faeTimo Sirainen
9261dbf0675204898c6557591c7aa376e23a52b2Timo Sirainen if (str_to_uint(args[0], &conn->server_pid) < 0) {
9261dbf0675204898c6557591c7aa376e23a52b2Timo Sirainen i_error("BUG: Authentication server sent invalid PID");
9261dbf0675204898c6557591c7aa376e23a52b2Timo Sirainen return -1;
9261dbf0675204898c6557591c7aa376e23a52b2Timo Sirainen }
9137c55411aa39d41c1e705ddc34d5bd26c65021Timo Sirainen return 0;
73bfdbe28c2ce6d143eadf0bab8ccfbe4cab0faeTimo Sirainen}
d1414c09cf0d58ac983054e2f4e1a1f329272dcfTimo Sirainen
9137c55411aa39d41c1e705ddc34d5bd26c65021Timo Sirainenstatic int
9137c55411aa39d41c1e705ddc34d5bd26c65021Timo Sirainenauth_server_input_cuid(struct auth_server_connection *conn,
9137c55411aa39d41c1e705ddc34d5bd26c65021Timo Sirainen const char *const *args)
73bfdbe28c2ce6d143eadf0bab8ccfbe4cab0faeTimo Sirainen{
73bfdbe28c2ce6d143eadf0bab8ccfbe4cab0faeTimo Sirainen if (conn->handshake_received) {
73bfdbe28c2ce6d143eadf0bab8ccfbe4cab0faeTimo Sirainen i_error("BUG: Authentication server already sent handshake");
9137c55411aa39d41c1e705ddc34d5bd26c65021Timo Sirainen return -1;
d1414c09cf0d58ac983054e2f4e1a1f329272dcfTimo Sirainen }
9261dbf0675204898c6557591c7aa376e23a52b2Timo Sirainen if (args[0] == NULL ||
9261dbf0675204898c6557591c7aa376e23a52b2Timo Sirainen str_to_uint(args[0], &conn->connect_uid) < 0) {
419baa2c17c63ae516b2df6cc5695f15aaccbff8Timo Sirainen i_error("BUG: Authentication server sent broken CUID line");
419baa2c17c63ae516b2df6cc5695f15aaccbff8Timo Sirainen return -1;
419baa2c17c63ae516b2df6cc5695f15aaccbff8Timo Sirainen }
9137c55411aa39d41c1e705ddc34d5bd26c65021Timo Sirainen return 0;
73bfdbe28c2ce6d143eadf0bab8ccfbe4cab0faeTimo Sirainen}
73bfdbe28c2ce6d143eadf0bab8ccfbe4cab0faeTimo Sirainen
419baa2c17c63ae516b2df6cc5695f15aaccbff8Timo Sirainenstatic int
419baa2c17c63ae516b2df6cc5695f15aaccbff8Timo Sirainenauth_server_input_cookie(struct auth_server_connection *conn,
419baa2c17c63ae516b2df6cc5695f15aaccbff8Timo Sirainen const char *const *args)
419baa2c17c63ae516b2df6cc5695f15aaccbff8Timo Sirainen{
419baa2c17c63ae516b2df6cc5695f15aaccbff8Timo Sirainen if (conn->cookie != NULL) {
419baa2c17c63ae516b2df6cc5695f15aaccbff8Timo Sirainen i_error("BUG: Authentication server already sent cookie");
419baa2c17c63ae516b2df6cc5695f15aaccbff8Timo Sirainen return -1;
419baa2c17c63ae516b2df6cc5695f15aaccbff8Timo Sirainen }
419baa2c17c63ae516b2df6cc5695f15aaccbff8Timo Sirainen conn->cookie = p_strdup(conn->pool, args[0]);
419baa2c17c63ae516b2df6cc5695f15aaccbff8Timo Sirainen return 0;
419baa2c17c63ae516b2df6cc5695f15aaccbff8Timo Sirainen}
419baa2c17c63ae516b2df6cc5695f15aaccbff8Timo Sirainen
9137c55411aa39d41c1e705ddc34d5bd26c65021Timo Sirainenstatic int auth_server_input_done(struct auth_server_connection *conn)
73bfdbe28c2ce6d143eadf0bab8ccfbe4cab0faeTimo Sirainen{
9137c55411aa39d41c1e705ddc34d5bd26c65021Timo Sirainen if (array_count(&conn->available_auth_mechs) == 0) {
e2ae85924b0ef1a7c97e021a3b901b498f599c18Timo Sirainen i_error("BUG: Authentication server returned no mechanisms");
9137c55411aa39d41c1e705ddc34d5bd26c65021Timo Sirainen return -1;
e2ae85924b0ef1a7c97e021a3b901b498f599c18Timo Sirainen }
419baa2c17c63ae516b2df6cc5695f15aaccbff8Timo Sirainen if (conn->cookie == NULL) {
419baa2c17c63ae516b2df6cc5695f15aaccbff8Timo Sirainen i_error("BUG: Authentication server didn't send a cookie");
419baa2c17c63ae516b2df6cc5695f15aaccbff8Timo Sirainen return -1;
419baa2c17c63ae516b2df6cc5695f15aaccbff8Timo Sirainen }
e2ae85924b0ef1a7c97e021a3b901b498f599c18Timo Sirainen
0d1b8b6bec79746c5d89d57dd8c1688946bd9237Josef 'Jeff' Sipek timeout_remove(&conn->to);
0cb5a9bfbf40b3b323956792aa13d342a459585eTimo Sirainen
73bfdbe28c2ce6d143eadf0bab8ccfbe4cab0faeTimo Sirainen conn->handshake_received = TRUE;
9137c55411aa39d41c1e705ddc34d5bd26c65021Timo Sirainen if (conn->client->connect_notify_callback != NULL) {
2a90d8a14b0e7cc1508814bc87d3dfa598ef46a8Timo Sirainen conn->client->connect_notify_callback(conn->client, TRUE,
2a90d8a14b0e7cc1508814bc87d3dfa598ef46a8Timo Sirainen conn->client->connect_notify_context);
2a90d8a14b0e7cc1508814bc87d3dfa598ef46a8Timo Sirainen }
9137c55411aa39d41c1e705ddc34d5bd26c65021Timo Sirainen return 0;
9137c55411aa39d41c1e705ddc34d5bd26c65021Timo Sirainen}
9137c55411aa39d41c1e705ddc34d5bd26c65021Timo Sirainen
9137c55411aa39d41c1e705ddc34d5bd26c65021Timo Sirainenstatic int
9137c55411aa39d41c1e705ddc34d5bd26c65021Timo Sirainenauth_server_lookup_request(struct auth_server_connection *conn,
9137c55411aa39d41c1e705ddc34d5bd26c65021Timo Sirainen const char *id_arg, bool remove,
9137c55411aa39d41c1e705ddc34d5bd26c65021Timo Sirainen struct auth_client_request **request_r)
9137c55411aa39d41c1e705ddc34d5bd26c65021Timo Sirainen{
9137c55411aa39d41c1e705ddc34d5bd26c65021Timo Sirainen struct auth_client_request *request;
9137c55411aa39d41c1e705ddc34d5bd26c65021Timo Sirainen unsigned int id;
9137c55411aa39d41c1e705ddc34d5bd26c65021Timo Sirainen
9261dbf0675204898c6557591c7aa376e23a52b2Timo Sirainen if (id_arg == NULL || str_to_uint(id_arg, &id) < 0) {
9137c55411aa39d41c1e705ddc34d5bd26c65021Timo Sirainen i_error("BUG: Authentication server input missing ID");
9137c55411aa39d41c1e705ddc34d5bd26c65021Timo Sirainen return -1;
9137c55411aa39d41c1e705ddc34d5bd26c65021Timo Sirainen }
9137c55411aa39d41c1e705ddc34d5bd26c65021Timo Sirainen
a75d470c9223a75801418fcdda258885c36317e0Timo Sirainen request = hash_table_lookup(conn->requests, POINTER_CAST(id));
9137c55411aa39d41c1e705ddc34d5bd26c65021Timo Sirainen if (request == NULL) {
9137c55411aa39d41c1e705ddc34d5bd26c65021Timo Sirainen i_error("BUG: Authentication server sent unknown id %u", id);
9137c55411aa39d41c1e705ddc34d5bd26c65021Timo Sirainen return -1;
9137c55411aa39d41c1e705ddc34d5bd26c65021Timo Sirainen }
9137c55411aa39d41c1e705ddc34d5bd26c65021Timo Sirainen if (remove || auth_client_request_is_aborted(request))
a75d470c9223a75801418fcdda258885c36317e0Timo Sirainen hash_table_remove(conn->requests, POINTER_CAST(id));
9137c55411aa39d41c1e705ddc34d5bd26c65021Timo Sirainen
9137c55411aa39d41c1e705ddc34d5bd26c65021Timo Sirainen *request_r = request;
9137c55411aa39d41c1e705ddc34d5bd26c65021Timo Sirainen return 0;
9137c55411aa39d41c1e705ddc34d5bd26c65021Timo Sirainen}
9137c55411aa39d41c1e705ddc34d5bd26c65021Timo Sirainen
9137c55411aa39d41c1e705ddc34d5bd26c65021Timo Sirainenstatic int
9137c55411aa39d41c1e705ddc34d5bd26c65021Timo Sirainenauth_server_input_ok(struct auth_server_connection *conn,
9137c55411aa39d41c1e705ddc34d5bd26c65021Timo Sirainen const char *const *args)
9137c55411aa39d41c1e705ddc34d5bd26c65021Timo Sirainen{
9137c55411aa39d41c1e705ddc34d5bd26c65021Timo Sirainen struct auth_client_request *request;
9137c55411aa39d41c1e705ddc34d5bd26c65021Timo Sirainen
9137c55411aa39d41c1e705ddc34d5bd26c65021Timo Sirainen if (auth_server_lookup_request(conn, args[0], TRUE, &request) < 0)
9137c55411aa39d41c1e705ddc34d5bd26c65021Timo Sirainen return -1;
9137c55411aa39d41c1e705ddc34d5bd26c65021Timo Sirainen auth_client_request_server_input(request, AUTH_REQUEST_STATUS_OK,
9137c55411aa39d41c1e705ddc34d5bd26c65021Timo Sirainen args + 1);
9137c55411aa39d41c1e705ddc34d5bd26c65021Timo Sirainen return 0;
9137c55411aa39d41c1e705ddc34d5bd26c65021Timo Sirainen}
9137c55411aa39d41c1e705ddc34d5bd26c65021Timo Sirainen
9137c55411aa39d41c1e705ddc34d5bd26c65021Timo Sirainenstatic int auth_server_input_cont(struct auth_server_connection *conn,
9137c55411aa39d41c1e705ddc34d5bd26c65021Timo Sirainen const char *const *args)
9137c55411aa39d41c1e705ddc34d5bd26c65021Timo Sirainen{
9137c55411aa39d41c1e705ddc34d5bd26c65021Timo Sirainen struct auth_client_request *request;
9137c55411aa39d41c1e705ddc34d5bd26c65021Timo Sirainen
9137c55411aa39d41c1e705ddc34d5bd26c65021Timo Sirainen if (str_array_length(args) < 2) {
9137c55411aa39d41c1e705ddc34d5bd26c65021Timo Sirainen i_error("BUG: Authentication server sent broken CONT line");
9137c55411aa39d41c1e705ddc34d5bd26c65021Timo Sirainen return -1;
9137c55411aa39d41c1e705ddc34d5bd26c65021Timo Sirainen }
9137c55411aa39d41c1e705ddc34d5bd26c65021Timo Sirainen
9137c55411aa39d41c1e705ddc34d5bd26c65021Timo Sirainen if (auth_server_lookup_request(conn, args[0], FALSE, &request) < 0)
9137c55411aa39d41c1e705ddc34d5bd26c65021Timo Sirainen return -1;
9137c55411aa39d41c1e705ddc34d5bd26c65021Timo Sirainen auth_client_request_server_input(request, AUTH_REQUEST_STATUS_CONTINUE,
9137c55411aa39d41c1e705ddc34d5bd26c65021Timo Sirainen args + 1);
9137c55411aa39d41c1e705ddc34d5bd26c65021Timo Sirainen return 0;
9137c55411aa39d41c1e705ddc34d5bd26c65021Timo Sirainen}
9137c55411aa39d41c1e705ddc34d5bd26c65021Timo Sirainen
9137c55411aa39d41c1e705ddc34d5bd26c65021Timo Sirainenstatic int auth_server_input_fail(struct auth_server_connection *conn,
9137c55411aa39d41c1e705ddc34d5bd26c65021Timo Sirainen const char *const *args)
9137c55411aa39d41c1e705ddc34d5bd26c65021Timo Sirainen{
9137c55411aa39d41c1e705ddc34d5bd26c65021Timo Sirainen struct auth_client_request *request;
9137c55411aa39d41c1e705ddc34d5bd26c65021Timo Sirainen
9137c55411aa39d41c1e705ddc34d5bd26c65021Timo Sirainen if (auth_server_lookup_request(conn, args[0], TRUE, &request) < 0)
9137c55411aa39d41c1e705ddc34d5bd26c65021Timo Sirainen return -1;
9137c55411aa39d41c1e705ddc34d5bd26c65021Timo Sirainen auth_client_request_server_input(request, AUTH_REQUEST_STATUS_FAIL,
9137c55411aa39d41c1e705ddc34d5bd26c65021Timo Sirainen args + 1);
9137c55411aa39d41c1e705ddc34d5bd26c65021Timo Sirainen return 0;
2a90d8a14b0e7cc1508814bc87d3dfa598ef46a8Timo Sirainen}
2a90d8a14b0e7cc1508814bc87d3dfa598ef46a8Timo Sirainen
9137c55411aa39d41c1e705ddc34d5bd26c65021Timo Sirainenstatic int
9137c55411aa39d41c1e705ddc34d5bd26c65021Timo Sirainenauth_server_connection_input_line(struct auth_server_connection *conn,
9137c55411aa39d41c1e705ddc34d5bd26c65021Timo Sirainen const char *line)
eddd9bf1a1369aea4a2715f6be1137da6d17d293Timo Sirainen{
9137c55411aa39d41c1e705ddc34d5bd26c65021Timo Sirainen const char *const *args;
9137c55411aa39d41c1e705ddc34d5bd26c65021Timo Sirainen
9137c55411aa39d41c1e705ddc34d5bd26c65021Timo Sirainen if (conn->client->debug)
e5acc283bf030b0b5c79ca4e52d315c516a299faPascal Volk i_debug("auth input: %s", line);
9137c55411aa39d41c1e705ddc34d5bd26c65021Timo Sirainen
7a60e1dc9e93ef3f7c7fe1af6385a0bfa1e31bc3Timo Sirainen args = t_strsplit_tabescaped(line);
31fda2fc79d48e5186163972b52eb97b4bd8b6fdTimo Sirainen if (args[0] == NULL) {
31fda2fc79d48e5186163972b52eb97b4bd8b6fdTimo Sirainen i_error("Auth server sent empty line");
31fda2fc79d48e5186163972b52eb97b4bd8b6fdTimo Sirainen return -1;
31fda2fc79d48e5186163972b52eb97b4bd8b6fdTimo Sirainen }
9137c55411aa39d41c1e705ddc34d5bd26c65021Timo Sirainen if (strcmp(args[0], "OK") == 0)
9137c55411aa39d41c1e705ddc34d5bd26c65021Timo Sirainen return auth_server_input_ok(conn, args + 1);
9137c55411aa39d41c1e705ddc34d5bd26c65021Timo Sirainen else if (strcmp(args[0], "CONT") == 0)
9137c55411aa39d41c1e705ddc34d5bd26c65021Timo Sirainen return auth_server_input_cont(conn, args + 1);
9137c55411aa39d41c1e705ddc34d5bd26c65021Timo Sirainen else if (strcmp(args[0], "FAIL") == 0)
9137c55411aa39d41c1e705ddc34d5bd26c65021Timo Sirainen return auth_server_input_fail(conn, args + 1);
9137c55411aa39d41c1e705ddc34d5bd26c65021Timo Sirainen else if (strcmp(args[0], "MECH") == 0)
9137c55411aa39d41c1e705ddc34d5bd26c65021Timo Sirainen return auth_server_input_mech(conn, args + 1);
9137c55411aa39d41c1e705ddc34d5bd26c65021Timo Sirainen else if (strcmp(args[0], "SPID") == 0)
9137c55411aa39d41c1e705ddc34d5bd26c65021Timo Sirainen return auth_server_input_spid(conn, args + 1);
9137c55411aa39d41c1e705ddc34d5bd26c65021Timo Sirainen else if (strcmp(args[0], "CUID") == 0)
9137c55411aa39d41c1e705ddc34d5bd26c65021Timo Sirainen return auth_server_input_cuid(conn, args + 1);
419baa2c17c63ae516b2df6cc5695f15aaccbff8Timo Sirainen else if (strcmp(args[0], "COOKIE") == 0)
419baa2c17c63ae516b2df6cc5695f15aaccbff8Timo Sirainen return auth_server_input_cookie(conn, args + 1);
9137c55411aa39d41c1e705ddc34d5bd26c65021Timo Sirainen else if (strcmp(args[0], "DONE") == 0)
9137c55411aa39d41c1e705ddc34d5bd26c65021Timo Sirainen return auth_server_input_done(conn);
eddd9bf1a1369aea4a2715f6be1137da6d17d293Timo Sirainen else {
9137c55411aa39d41c1e705ddc34d5bd26c65021Timo Sirainen i_error("Auth server sent unknown command: %s", args[0]);
9137c55411aa39d41c1e705ddc34d5bd26c65021Timo Sirainen return -1;
eddd9bf1a1369aea4a2715f6be1137da6d17d293Timo Sirainen }
eddd9bf1a1369aea4a2715f6be1137da6d17d293Timo Sirainen}
eddd9bf1a1369aea4a2715f6be1137da6d17d293Timo Sirainen
9137c55411aa39d41c1e705ddc34d5bd26c65021Timo Sirainenstatic void auth_server_connection_input(struct auth_server_connection *conn)
2a90d8a14b0e7cc1508814bc87d3dfa598ef46a8Timo Sirainen{
b6e1d85292485a7fb4cfa5f40dd1ec131ab07cc1Timo Sirainen struct istream *input;
9ddd3d7d8651985e373a6c48e0ddc76b8a4ef1c7Timo Sirainen const char *line, *error;
73bfdbe28c2ce6d143eadf0bab8ccfbe4cab0faeTimo Sirainen int ret;
2a90d8a14b0e7cc1508814bc87d3dfa598ef46a8Timo Sirainen
2a90d8a14b0e7cc1508814bc87d3dfa598ef46a8Timo Sirainen switch (i_stream_read(conn->input)) {
2a90d8a14b0e7cc1508814bc87d3dfa598ef46a8Timo Sirainen case 0:
2a90d8a14b0e7cc1508814bc87d3dfa598ef46a8Timo Sirainen return;
2a90d8a14b0e7cc1508814bc87d3dfa598ef46a8Timo Sirainen case -1:
2a90d8a14b0e7cc1508814bc87d3dfa598ef46a8Timo Sirainen /* disconnected */
9ddd3d7d8651985e373a6c48e0ddc76b8a4ef1c7Timo Sirainen error = conn->input->stream_errno != 0 ?
9ddd3d7d8651985e373a6c48e0ddc76b8a4ef1c7Timo Sirainen strerror(conn->input->stream_errno) : "EOF";
9ddd3d7d8651985e373a6c48e0ddc76b8a4ef1c7Timo Sirainen auth_server_connection_reconnect(conn, error);
2a90d8a14b0e7cc1508814bc87d3dfa598ef46a8Timo Sirainen return;
2a90d8a14b0e7cc1508814bc87d3dfa598ef46a8Timo Sirainen case -2:
2a90d8a14b0e7cc1508814bc87d3dfa598ef46a8Timo Sirainen /* buffer full - can't happen unless auth is buggy */
2a90d8a14b0e7cc1508814bc87d3dfa598ef46a8Timo Sirainen i_error("BUG: Auth server sent us more than %d bytes of data",
9137c55411aa39d41c1e705ddc34d5bd26c65021Timo Sirainen AUTH_SERVER_CONN_MAX_LINE_LENGTH);
9ddd3d7d8651985e373a6c48e0ddc76b8a4ef1c7Timo Sirainen auth_server_connection_disconnect(conn, "buffer full");
2a90d8a14b0e7cc1508814bc87d3dfa598ef46a8Timo Sirainen return;
2a90d8a14b0e7cc1508814bc87d3dfa598ef46a8Timo Sirainen }
2a90d8a14b0e7cc1508814bc87d3dfa598ef46a8Timo Sirainen
9137c55411aa39d41c1e705ddc34d5bd26c65021Timo Sirainen if (!conn->version_received) {
b0df0e9a8ed8889ad4bf032043ab245ce8851fdeTimo Sirainen line = i_stream_next_line(conn->input);
b0df0e9a8ed8889ad4bf032043ab245ce8851fdeTimo Sirainen if (line == NULL)
b0df0e9a8ed8889ad4bf032043ab245ce8851fdeTimo Sirainen return;
b0df0e9a8ed8889ad4bf032043ab245ce8851fdeTimo Sirainen
b0df0e9a8ed8889ad4bf032043ab245ce8851fdeTimo Sirainen /* make sure the major version matches */
b0df0e9a8ed8889ad4bf032043ab245ce8851fdeTimo Sirainen if (strncmp(line, "VERSION\t", 8) != 0 ||
9261dbf0675204898c6557591c7aa376e23a52b2Timo Sirainen !str_uint_equals(t_strcut(line + 8, '\t'),
9261dbf0675204898c6557591c7aa376e23a52b2Timo Sirainen AUTH_CLIENT_PROTOCOL_MAJOR_VERSION)) {
b0df0e9a8ed8889ad4bf032043ab245ce8851fdeTimo Sirainen i_error("Authentication server not compatible with "
b0df0e9a8ed8889ad4bf032043ab245ce8851fdeTimo Sirainen "this client (mixed old and new binaries?)");
9ddd3d7d8651985e373a6c48e0ddc76b8a4ef1c7Timo Sirainen auth_server_connection_disconnect(conn,
7ab22fc4793e174b3455bc0d2afdb128a73efaa5Timo Sirainen "incompatible server");
b0df0e9a8ed8889ad4bf032043ab245ce8851fdeTimo Sirainen return;
b0df0e9a8ed8889ad4bf032043ab245ce8851fdeTimo Sirainen }
b0df0e9a8ed8889ad4bf032043ab245ce8851fdeTimo Sirainen conn->version_received = TRUE;
b0df0e9a8ed8889ad4bf032043ab245ce8851fdeTimo Sirainen }
b0df0e9a8ed8889ad4bf032043ab245ce8851fdeTimo Sirainen
b6e1d85292485a7fb4cfa5f40dd1ec131ab07cc1Timo Sirainen input = conn->input;
b6e1d85292485a7fb4cfa5f40dd1ec131ab07cc1Timo Sirainen i_stream_ref(input);
b6e1d85292485a7fb4cfa5f40dd1ec131ab07cc1Timo Sirainen while ((line = i_stream_next_line(input)) != NULL && !input->closed) {
19e8adccba16ff419f5675b1575358c2956dce83Timo Sirainen T_BEGIN {
9137c55411aa39d41c1e705ddc34d5bd26c65021Timo Sirainen ret = auth_server_connection_input_line(conn, line);
19e8adccba16ff419f5675b1575358c2956dce83Timo Sirainen } T_END;
a272994d43de80a306a8ed1f2983960d1f3102d0Timo Sirainen
9137c55411aa39d41c1e705ddc34d5bd26c65021Timo Sirainen if (ret < 0) {
9ddd3d7d8651985e373a6c48e0ddc76b8a4ef1c7Timo Sirainen auth_server_connection_disconnect(conn, t_strdup_printf(
9ddd3d7d8651985e373a6c48e0ddc76b8a4ef1c7Timo Sirainen "Received broken input: %s", line));
73bfdbe28c2ce6d143eadf0bab8ccfbe4cab0faeTimo Sirainen break;
73bfdbe28c2ce6d143eadf0bab8ccfbe4cab0faeTimo Sirainen }
73bfdbe28c2ce6d143eadf0bab8ccfbe4cab0faeTimo Sirainen }
b6e1d85292485a7fb4cfa5f40dd1ec131ab07cc1Timo Sirainen i_stream_unref(&input);
0cb5a9bfbf40b3b323956792aa13d342a459585eTimo Sirainen}
0cb5a9bfbf40b3b323956792aa13d342a459585eTimo Sirainen
2a90d8a14b0e7cc1508814bc87d3dfa598ef46a8Timo Sirainenstruct auth_server_connection *
9137c55411aa39d41c1e705ddc34d5bd26c65021Timo Sirainenauth_server_connection_init(struct auth_client *client)
2a90d8a14b0e7cc1508814bc87d3dfa598ef46a8Timo Sirainen{
2a90d8a14b0e7cc1508814bc87d3dfa598ef46a8Timo Sirainen struct auth_server_connection *conn;
2a90d8a14b0e7cc1508814bc87d3dfa598ef46a8Timo Sirainen pool_t pool;
2a90d8a14b0e7cc1508814bc87d3dfa598ef46a8Timo Sirainen
9137c55411aa39d41c1e705ddc34d5bd26c65021Timo Sirainen pool = pool_alloconly_create("auth server connection", 1024);
2a90d8a14b0e7cc1508814bc87d3dfa598ef46a8Timo Sirainen conn = p_new(pool, struct auth_server_connection, 1);
2a90d8a14b0e7cc1508814bc87d3dfa598ef46a8Timo Sirainen conn->pool = pool;
2a90d8a14b0e7cc1508814bc87d3dfa598ef46a8Timo Sirainen
2a90d8a14b0e7cc1508814bc87d3dfa598ef46a8Timo Sirainen conn->client = client;
9137c55411aa39d41c1e705ddc34d5bd26c65021Timo Sirainen conn->fd = -1;
678d0463849ba777106eb7875f27db07a5d8e3dfTimo Sirainen hash_table_create_direct(&conn->requests, pool, 100);
9137c55411aa39d41c1e705ddc34d5bd26c65021Timo Sirainen i_array_init(&conn->available_auth_mechs, 8);
2a90d8a14b0e7cc1508814bc87d3dfa598ef46a8Timo Sirainen return conn;
2a90d8a14b0e7cc1508814bc87d3dfa598ef46a8Timo Sirainen}
2a90d8a14b0e7cc1508814bc87d3dfa598ef46a8Timo Sirainen
9137c55411aa39d41c1e705ddc34d5bd26c65021Timo Sirainenstatic void
9ddd3d7d8651985e373a6c48e0ddc76b8a4ef1c7Timo Sirainenauth_server_connection_remove_requests(struct auth_server_connection *conn,
9ddd3d7d8651985e373a6c48e0ddc76b8a4ef1c7Timo Sirainen const char *disconnect_reason)
2a90d8a14b0e7cc1508814bc87d3dfa598ef46a8Timo Sirainen{
9137c55411aa39d41c1e705ddc34d5bd26c65021Timo Sirainen static const char *const temp_failure_args[] = { "temp", NULL };
9137c55411aa39d41c1e705ddc34d5bd26c65021Timo Sirainen struct hash_iterate_context *iter;
a75d470c9223a75801418fcdda258885c36317e0Timo Sirainen void *key;
a75d470c9223a75801418fcdda258885c36317e0Timo Sirainen struct auth_client_request *request;
9ddd3d7d8651985e373a6c48e0ddc76b8a4ef1c7Timo Sirainen time_t created, oldest = 0;
9ddd3d7d8651985e373a6c48e0ddc76b8a4ef1c7Timo Sirainen unsigned int request_count = 0;
d5cebe7f98e63d4e2822863ef2faa4971e8b3a5dTimo Sirainen
9ddd3d7d8651985e373a6c48e0ddc76b8a4ef1c7Timo Sirainen if (hash_table_count(conn->requests) == 0)
742b9a0fc1d5513552fe99aa726497d1250d762eTimo Sirainen return;
742b9a0fc1d5513552fe99aa726497d1250d762eTimo Sirainen
9137c55411aa39d41c1e705ddc34d5bd26c65021Timo Sirainen iter = hash_table_iterate_init(conn->requests);
a75d470c9223a75801418fcdda258885c36317e0Timo Sirainen while (hash_table_iterate(iter, conn->requests, &key, &request)) {
9ddd3d7d8651985e373a6c48e0ddc76b8a4ef1c7Timo Sirainen if (!auth_client_request_is_aborted(request)) {
9ddd3d7d8651985e373a6c48e0ddc76b8a4ef1c7Timo Sirainen request_count++;
9ddd3d7d8651985e373a6c48e0ddc76b8a4ef1c7Timo Sirainen created = auth_client_request_get_create_time(request);
9ddd3d7d8651985e373a6c48e0ddc76b8a4ef1c7Timo Sirainen if (oldest > created || oldest == 0)
9ddd3d7d8651985e373a6c48e0ddc76b8a4ef1c7Timo Sirainen oldest = created;
9ddd3d7d8651985e373a6c48e0ddc76b8a4ef1c7Timo Sirainen }
9ddd3d7d8651985e373a6c48e0ddc76b8a4ef1c7Timo Sirainen
9137c55411aa39d41c1e705ddc34d5bd26c65021Timo Sirainen auth_client_request_server_input(request,
7c849dbc7be089175c1a83a84ee7249ed695810dTimo Sirainen AUTH_REQUEST_STATUS_INTERNAL_FAIL,
7c849dbc7be089175c1a83a84ee7249ed695810dTimo Sirainen temp_failure_args);
2a90d8a14b0e7cc1508814bc87d3dfa598ef46a8Timo Sirainen }
9137c55411aa39d41c1e705ddc34d5bd26c65021Timo Sirainen hash_table_iterate_deinit(&iter);
bf05bf725add3686bdb1cb2723208b1562596d17Timo Sirainen hash_table_clear(conn->requests, FALSE);
84de4076ab3a33b34049a46e72ee0456afad8ad4Timo Sirainen
84de4076ab3a33b34049a46e72ee0456afad8ad4Timo Sirainen if (request_count > 0) {
84de4076ab3a33b34049a46e72ee0456afad8ad4Timo Sirainen i_warning("Auth connection closed with %u pending requests "
84de4076ab3a33b34049a46e72ee0456afad8ad4Timo Sirainen "(max %u secs, pid=%s, %s)", request_count,
84de4076ab3a33b34049a46e72ee0456afad8ad4Timo Sirainen (unsigned int)(ioloop_time - oldest),
84de4076ab3a33b34049a46e72ee0456afad8ad4Timo Sirainen my_pid, disconnect_reason);
84de4076ab3a33b34049a46e72ee0456afad8ad4Timo Sirainen }
9137c55411aa39d41c1e705ddc34d5bd26c65021Timo Sirainen}
2a90d8a14b0e7cc1508814bc87d3dfa598ef46a8Timo Sirainen
9ddd3d7d8651985e373a6c48e0ddc76b8a4ef1c7Timo Sirainenvoid auth_server_connection_disconnect(struct auth_server_connection *conn,
9ddd3d7d8651985e373a6c48e0ddc76b8a4ef1c7Timo Sirainen const char *reason)
9137c55411aa39d41c1e705ddc34d5bd26c65021Timo Sirainen{
d2b6189eb61fc0e8a37f8814427282304e39e72cAki Tuomi if (!conn->connected)
d2b6189eb61fc0e8a37f8814427282304e39e72cAki Tuomi return;
d2b6189eb61fc0e8a37f8814427282304e39e72cAki Tuomi conn->connected = FALSE;
991367db5ec720fa0b764bbd6df21b7f7c654d2cTimo Sirainen conn->handshake_received = FALSE;
991367db5ec720fa0b764bbd6df21b7f7c654d2cTimo Sirainen conn->version_received = FALSE;
991367db5ec720fa0b764bbd6df21b7f7c654d2cTimo Sirainen conn->has_plain_mech = FALSE;
991367db5ec720fa0b764bbd6df21b7f7c654d2cTimo Sirainen conn->server_pid = 0;
991367db5ec720fa0b764bbd6df21b7f7c654d2cTimo Sirainen conn->connect_uid = 0;
991367db5ec720fa0b764bbd6df21b7f7c654d2cTimo Sirainen conn->cookie = NULL;
991367db5ec720fa0b764bbd6df21b7f7c654d2cTimo Sirainen array_clear(&conn->available_auth_mechs);
991367db5ec720fa0b764bbd6df21b7f7c654d2cTimo Sirainen
0d1b8b6bec79746c5d89d57dd8c1688946bd9237Josef 'Jeff' Sipek timeout_remove(&conn->to);
5f1d689131a75c39f064cbd4202373e7edf78f18Josef 'Jeff' Sipek io_remove(&conn->io);
e63aa0fe623cee01975d57755381e2b873e5bf93Timo Sirainen if (conn->fd != -1) {
e63aa0fe623cee01975d57755381e2b873e5bf93Timo Sirainen i_stream_destroy(&conn->input);
e63aa0fe623cee01975d57755381e2b873e5bf93Timo Sirainen o_stream_destroy(&conn->output);
a272994d43de80a306a8ed1f2983960d1f3102d0Timo Sirainen
e63aa0fe623cee01975d57755381e2b873e5bf93Timo Sirainen if (close(conn->fd) < 0)
e63aa0fe623cee01975d57755381e2b873e5bf93Timo Sirainen i_error("close(auth server connection) failed: %m");
e63aa0fe623cee01975d57755381e2b873e5bf93Timo Sirainen conn->fd = -1;
e63aa0fe623cee01975d57755381e2b873e5bf93Timo Sirainen }
2a90d8a14b0e7cc1508814bc87d3dfa598ef46a8Timo Sirainen
9ddd3d7d8651985e373a6c48e0ddc76b8a4ef1c7Timo Sirainen auth_server_connection_remove_requests(conn, reason);
2a90d8a14b0e7cc1508814bc87d3dfa598ef46a8Timo Sirainen
9137c55411aa39d41c1e705ddc34d5bd26c65021Timo Sirainen if (conn->client->connect_notify_callback != NULL) {
9137c55411aa39d41c1e705ddc34d5bd26c65021Timo Sirainen conn->client->connect_notify_callback(conn->client, FALSE,
9137c55411aa39d41c1e705ddc34d5bd26c65021Timo Sirainen conn->client->connect_notify_context);
2a90d8a14b0e7cc1508814bc87d3dfa598ef46a8Timo Sirainen }
2a90d8a14b0e7cc1508814bc87d3dfa598ef46a8Timo Sirainen}
2a90d8a14b0e7cc1508814bc87d3dfa598ef46a8Timo Sirainen
9137c55411aa39d41c1e705ddc34d5bd26c65021Timo Sirainenstatic void auth_server_reconnect_timeout(struct auth_server_connection *conn)
a272994d43de80a306a8ed1f2983960d1f3102d0Timo Sirainen{
9137c55411aa39d41c1e705ddc34d5bd26c65021Timo Sirainen (void)auth_server_connection_connect(conn);
9137c55411aa39d41c1e705ddc34d5bd26c65021Timo Sirainen}
a272994d43de80a306a8ed1f2983960d1f3102d0Timo Sirainen
9137c55411aa39d41c1e705ddc34d5bd26c65021Timo Sirainenstatic void
9ddd3d7d8651985e373a6c48e0ddc76b8a4ef1c7Timo Sirainenauth_server_connection_reconnect(struct auth_server_connection *conn,
9ddd3d7d8651985e373a6c48e0ddc76b8a4ef1c7Timo Sirainen const char *disconnect_reason)
9137c55411aa39d41c1e705ddc34d5bd26c65021Timo Sirainen{
9137c55411aa39d41c1e705ddc34d5bd26c65021Timo Sirainen time_t next_connect;
a272994d43de80a306a8ed1f2983960d1f3102d0Timo Sirainen
9ddd3d7d8651985e373a6c48e0ddc76b8a4ef1c7Timo Sirainen auth_server_connection_disconnect(conn, disconnect_reason);
9137c55411aa39d41c1e705ddc34d5bd26c65021Timo Sirainen
9137c55411aa39d41c1e705ddc34d5bd26c65021Timo Sirainen next_connect = conn->last_connect + AUTH_SERVER_RECONNECT_TIMEOUT_SECS;
9137c55411aa39d41c1e705ddc34d5bd26c65021Timo Sirainen conn->to = timeout_add(ioloop_time >= next_connect ? 0 :
9137c55411aa39d41c1e705ddc34d5bd26c65021Timo Sirainen (next_connect - ioloop_time) * 1000,
9137c55411aa39d41c1e705ddc34d5bd26c65021Timo Sirainen auth_server_reconnect_timeout, conn);
a272994d43de80a306a8ed1f2983960d1f3102d0Timo Sirainen}
a272994d43de80a306a8ed1f2983960d1f3102d0Timo Sirainen
9137c55411aa39d41c1e705ddc34d5bd26c65021Timo Sirainenvoid auth_server_connection_deinit(struct auth_server_connection **_conn)
2a90d8a14b0e7cc1508814bc87d3dfa598ef46a8Timo Sirainen{
9137c55411aa39d41c1e705ddc34d5bd26c65021Timo Sirainen struct auth_server_connection *conn = *_conn;
2a90d8a14b0e7cc1508814bc87d3dfa598ef46a8Timo Sirainen
9137c55411aa39d41c1e705ddc34d5bd26c65021Timo Sirainen *_conn = NULL;
9137c55411aa39d41c1e705ddc34d5bd26c65021Timo Sirainen
9ddd3d7d8651985e373a6c48e0ddc76b8a4ef1c7Timo Sirainen auth_server_connection_disconnect(conn, "deinitializing");
742b9a0fc1d5513552fe99aa726497d1250d762eTimo Sirainen i_assert(hash_table_count(conn->requests) == 0);
9137c55411aa39d41c1e705ddc34d5bd26c65021Timo Sirainen hash_table_destroy(&conn->requests);
9137c55411aa39d41c1e705ddc34d5bd26c65021Timo Sirainen array_free(&conn->available_auth_mechs);
9137c55411aa39d41c1e705ddc34d5bd26c65021Timo Sirainen pool_unref(&conn->pool);
2a90d8a14b0e7cc1508814bc87d3dfa598ef46a8Timo Sirainen}
2a90d8a14b0e7cc1508814bc87d3dfa598ef46a8Timo Sirainen
9137c55411aa39d41c1e705ddc34d5bd26c65021Timo Sirainenstatic void auth_client_handshake_timeout(struct auth_server_connection *conn)
2a90d8a14b0e7cc1508814bc87d3dfa598ef46a8Timo Sirainen{
9137c55411aa39d41c1e705ddc34d5bd26c65021Timo Sirainen i_error("Timeout waiting for handshake from auth server. "
9137c55411aa39d41c1e705ddc34d5bd26c65021Timo Sirainen "my pid=%u, input bytes=%"PRIuUOFF_T,
9137c55411aa39d41c1e705ddc34d5bd26c65021Timo Sirainen conn->client->client_pid, conn->input->v_offset);
9ddd3d7d8651985e373a6c48e0ddc76b8a4ef1c7Timo Sirainen auth_server_connection_reconnect(conn, "auth server timeout");
9137c55411aa39d41c1e705ddc34d5bd26c65021Timo Sirainen}
9137c55411aa39d41c1e705ddc34d5bd26c65021Timo Sirainen
9137c55411aa39d41c1e705ddc34d5bd26c65021Timo Sirainenint auth_server_connection_connect(struct auth_server_connection *conn)
9137c55411aa39d41c1e705ddc34d5bd26c65021Timo Sirainen{
9137c55411aa39d41c1e705ddc34d5bd26c65021Timo Sirainen const char *handshake;
21c1655dbc5fe861a152dc9a8a388d0d64f5ae20Timo Sirainen int fd;
9137c55411aa39d41c1e705ddc34d5bd26c65021Timo Sirainen
d2b6189eb61fc0e8a37f8814427282304e39e72cAki Tuomi i_assert(!conn->connected);
9137c55411aa39d41c1e705ddc34d5bd26c65021Timo Sirainen i_assert(conn->fd == -1);
9137c55411aa39d41c1e705ddc34d5bd26c65021Timo Sirainen
9137c55411aa39d41c1e705ddc34d5bd26c65021Timo Sirainen conn->last_connect = ioloop_time;
0d1b8b6bec79746c5d89d57dd8c1688946bd9237Josef 'Jeff' Sipek timeout_remove(&conn->to);
9137c55411aa39d41c1e705ddc34d5bd26c65021Timo Sirainen
9137c55411aa39d41c1e705ddc34d5bd26c65021Timo Sirainen /* max. 1 second wait here. */
21c1655dbc5fe861a152dc9a8a388d0d64f5ae20Timo Sirainen fd = net_connect_unix_with_retries(conn->client->auth_socket_path,
21c1655dbc5fe861a152dc9a8a388d0d64f5ae20Timo Sirainen 1000);
9137c55411aa39d41c1e705ddc34d5bd26c65021Timo Sirainen if (fd == -1) {
9137c55411aa39d41c1e705ddc34d5bd26c65021Timo Sirainen if (errno == EACCES) {
9137c55411aa39d41c1e705ddc34d5bd26c65021Timo Sirainen i_error("auth: %s",
9137c55411aa39d41c1e705ddc34d5bd26c65021Timo Sirainen eacces_error_get("connect",
9137c55411aa39d41c1e705ddc34d5bd26c65021Timo Sirainen conn->client->auth_socket_path));
9137c55411aa39d41c1e705ddc34d5bd26c65021Timo Sirainen } else {
9137c55411aa39d41c1e705ddc34d5bd26c65021Timo Sirainen i_error("auth: connect(%s) failed: %m",
9137c55411aa39d41c1e705ddc34d5bd26c65021Timo Sirainen conn->client->auth_socket_path);
d1414c09cf0d58ac983054e2f4e1a1f329272dcfTimo Sirainen }
9137c55411aa39d41c1e705ddc34d5bd26c65021Timo Sirainen return -1;
2a90d8a14b0e7cc1508814bc87d3dfa598ef46a8Timo Sirainen }
9137c55411aa39d41c1e705ddc34d5bd26c65021Timo Sirainen conn->fd = fd;
9137c55411aa39d41c1e705ddc34d5bd26c65021Timo Sirainen conn->io = io_add(fd, IO_READ, auth_server_connection_input, conn);
e93184a9055c2530366dfe617e07199603c399ddMartti Rannanjärvi conn->input = i_stream_create_fd(fd, AUTH_SERVER_CONN_MAX_LINE_LENGTH);
e93184a9055c2530366dfe617e07199603c399ddMartti Rannanjärvi conn->output = o_stream_create_fd(fd, (size_t)-1);
d2b6189eb61fc0e8a37f8814427282304e39e72cAki Tuomi conn->connected = TRUE;
2a90d8a14b0e7cc1508814bc87d3dfa598ef46a8Timo Sirainen
9137c55411aa39d41c1e705ddc34d5bd26c65021Timo Sirainen handshake = t_strdup_printf("VERSION\t%u\t%u\nCPID\t%u\n",
9137c55411aa39d41c1e705ddc34d5bd26c65021Timo Sirainen AUTH_CLIENT_PROTOCOL_MAJOR_VERSION,
9137c55411aa39d41c1e705ddc34d5bd26c65021Timo Sirainen AUTH_CLIENT_PROTOCOL_MINOR_VERSION,
9137c55411aa39d41c1e705ddc34d5bd26c65021Timo Sirainen conn->client->client_pid);
9137c55411aa39d41c1e705ddc34d5bd26c65021Timo Sirainen if (o_stream_send_str(conn->output, handshake) < 0) {
0f3d4fbcf88e2ffd674893aed8cc1288fe17d290Timo Sirainen i_warning("Error sending handshake to auth server: %s",
0f3d4fbcf88e2ffd674893aed8cc1288fe17d290Timo Sirainen o_stream_get_error(conn->output));
9ddd3d7d8651985e373a6c48e0ddc76b8a4ef1c7Timo Sirainen auth_server_connection_disconnect(conn,
0f3d4fbcf88e2ffd674893aed8cc1288fe17d290Timo Sirainen o_stream_get_error(conn->output));
9137c55411aa39d41c1e705ddc34d5bd26c65021Timo Sirainen return -1;
f540662dd02e930cf704c1468cccd05d512bc663Timo Sirainen }
f540662dd02e930cf704c1468cccd05d512bc663Timo Sirainen
9137c55411aa39d41c1e705ddc34d5bd26c65021Timo Sirainen conn->to = timeout_add(AUTH_HANDSHAKE_TIMEOUT,
9137c55411aa39d41c1e705ddc34d5bd26c65021Timo Sirainen auth_client_handshake_timeout, conn);
9137c55411aa39d41c1e705ddc34d5bd26c65021Timo Sirainen return 0;
9137c55411aa39d41c1e705ddc34d5bd26c65021Timo Sirainen}
2a90d8a14b0e7cc1508814bc87d3dfa598ef46a8Timo Sirainen
9137c55411aa39d41c1e705ddc34d5bd26c65021Timo Sirainenunsigned int
9137c55411aa39d41c1e705ddc34d5bd26c65021Timo Sirainenauth_server_connection_add_request(struct auth_server_connection *conn,
9137c55411aa39d41c1e705ddc34d5bd26c65021Timo Sirainen struct auth_client_request *request)
9137c55411aa39d41c1e705ddc34d5bd26c65021Timo Sirainen{
9137c55411aa39d41c1e705ddc34d5bd26c65021Timo Sirainen unsigned int id;
9137c55411aa39d41c1e705ddc34d5bd26c65021Timo Sirainen
05a4fe649671ac5ca6b3beb085c73e6e85bc4f8bAki Tuomi i_assert(conn->handshake_received);
05a4fe649671ac5ca6b3beb085c73e6e85bc4f8bAki Tuomi
9137c55411aa39d41c1e705ddc34d5bd26c65021Timo Sirainen id = ++conn->client->request_id_counter;
9137c55411aa39d41c1e705ddc34d5bd26c65021Timo Sirainen if (id == 0) {
9137c55411aa39d41c1e705ddc34d5bd26c65021Timo Sirainen /* wrapped - ID 0 not allowed */
9137c55411aa39d41c1e705ddc34d5bd26c65021Timo Sirainen id = ++conn->client->request_id_counter;
9137c55411aa39d41c1e705ddc34d5bd26c65021Timo Sirainen }
fd05c47210cad1f6d8effbda5cba7f7d938ca9a0Timo Sirainen i_assert(hash_table_lookup(conn->requests, POINTER_CAST(id)) == NULL);
a75d470c9223a75801418fcdda258885c36317e0Timo Sirainen hash_table_insert(conn->requests, POINTER_CAST(id), request);
9137c55411aa39d41c1e705ddc34d5bd26c65021Timo Sirainen return id;
2a90d8a14b0e7cc1508814bc87d3dfa598ef46a8Timo Sirainen}
a9b135760aea6d1790d447d351c56b78889dac22Aki Tuomi
a9b135760aea6d1790d447d351c56b78889dac22Aki Tuomivoid auth_server_connection_remove_request(struct auth_server_connection *conn,
a9b135760aea6d1790d447d351c56b78889dac22Aki Tuomi unsigned int id)
a9b135760aea6d1790d447d351c56b78889dac22Aki Tuomi{
a9b135760aea6d1790d447d351c56b78889dac22Aki Tuomi i_assert(conn->handshake_received);
a9b135760aea6d1790d447d351c56b78889dac22Aki Tuomi hash_table_remove(conn->requests, POINTER_CAST(id));
a9b135760aea6d1790d447d351c56b78889dac22Aki Tuomi}