auth-server-connection.c revision 84de4076ab3a33b34049a46e72ee0456afad8ad4
505e75ba28b42bb3de7a6d55de825091b70cc2b2Stephen Gallagher/* Copyright (c) 2003-2011 Dovecot authors, see the included COPYING file */
505e75ba28b42bb3de7a6d55de825091b70cc2b2Stephen Gallagher#define AUTH_SERVER_CONN_MAX_LINE_LENGTH AUTH_CLIENT_MAX_LINE_LENGTH
505e75ba28b42bb3de7a6d55de825091b70cc2b2Stephen Gallagher#define AUTH_SERVER_RECONNECT_TIMEOUT_SECS 5
505e75ba28b42bb3de7a6d55de825091b70cc2b2Stephen Gallagherauth_server_connection_reconnect(struct auth_server_connection *conn,
505e75ba28b42bb3de7a6d55de825091b70cc2b2Stephen Gallagherauth_server_input_mech(struct auth_server_connection *conn,
505e75ba28b42bb3de7a6d55de825091b70cc2b2Stephen Gallagher const char *const *args)
505e75ba28b42bb3de7a6d55de825091b70cc2b2Stephen Gallagher i_error("BUG: Authentication server already sent handshake");
505e75ba28b42bb3de7a6d55de825091b70cc2b2Stephen Gallagher i_error("BUG: Authentication server sent broken MECH line");
949fbc93defad394648b2651b43a7bbfa5bff42bSumit Bose array_append(&conn->available_auth_mechs, &mech_desc, 1);
949fbc93defad394648b2651b43a7bbfa5bff42bSumit Boseauth_server_input_spid(struct auth_server_connection *conn,
949fbc93defad394648b2651b43a7bbfa5bff42bSumit Bose const char *const *args)
949fbc93defad394648b2651b43a7bbfa5bff42bSumit Bose i_error("BUG: Authentication server already sent handshake");
949fbc93defad394648b2651b43a7bbfa5bff42bSumit Bose if (str_to_uint(args[0], &conn->server_pid) < 0) {
949fbc93defad394648b2651b43a7bbfa5bff42bSumit Bose i_error("BUG: Authentication server sent invalid PID");
949fbc93defad394648b2651b43a7bbfa5bff42bSumit Boseauth_server_input_cuid(struct auth_server_connection *conn,
949fbc93defad394648b2651b43a7bbfa5bff42bSumit Bose const char *const *args)
949fbc93defad394648b2651b43a7bbfa5bff42bSumit Bose i_error("BUG: Authentication server already sent handshake");
949fbc93defad394648b2651b43a7bbfa5bff42bSumit Bose i_error("BUG: Authentication server sent broken CUID line");
bfb40893be20b45279a40188cf16ef0eec1f9423Sumit Boseauth_server_input_cookie(struct auth_server_connection *conn,
bfb40893be20b45279a40188cf16ef0eec1f9423Sumit Bose const char *const *args)
bfb40893be20b45279a40188cf16ef0eec1f9423Sumit Bose i_error("BUG: Authentication server already sent cookie");
bfb40893be20b45279a40188cf16ef0eec1f9423Sumit Bosestatic int auth_server_input_done(struct auth_server_connection *conn)
bfb40893be20b45279a40188cf16ef0eec1f9423Sumit Bose if (array_count(&conn->available_auth_mechs) == 0) {
bfb40893be20b45279a40188cf16ef0eec1f9423Sumit Bose i_error("BUG: Authentication server returned no mechanisms");
505e75ba28b42bb3de7a6d55de825091b70cc2b2Stephen Gallagher i_error("BUG: Authentication server didn't send a cookie");
505e75ba28b42bb3de7a6d55de825091b70cc2b2Stephen Gallagher if (conn->client->connect_notify_callback != NULL) {
505e75ba28b42bb3de7a6d55de825091b70cc2b2Stephen Gallagher conn->client->connect_notify_callback(conn->client, TRUE,
505e75ba28b42bb3de7a6d55de825091b70cc2b2Stephen Gallagherauth_server_lookup_request(struct auth_server_connection *conn,
505e75ba28b42bb3de7a6d55de825091b70cc2b2Stephen Gallagher unsigned int id;
505e75ba28b42bb3de7a6d55de825091b70cc2b2Stephen Gallagher if (id_arg == NULL || str_to_uint(id_arg, &id) < 0) {
505e75ba28b42bb3de7a6d55de825091b70cc2b2Stephen Gallagher i_error("BUG: Authentication server input missing ID");
46222e5191473f9a46aec581273eb2eef22e23beMichal Zidek request = hash_table_lookup(conn->requests, POINTER_CAST(id));
46222e5191473f9a46aec581273eb2eef22e23beMichal Zidek i_error("BUG: Authentication server sent unknown id %u", id);
46222e5191473f9a46aec581273eb2eef22e23beMichal Zidek if (remove || auth_client_request_is_aborted(request))
46222e5191473f9a46aec581273eb2eef22e23beMichal Zidek hash_table_remove(conn->requests, POINTER_CAST(id));
46222e5191473f9a46aec581273eb2eef22e23beMichal Zidekauth_server_input_ok(struct auth_server_connection *conn,
bfdb2eeed95bde6cd065a9a47a7cb1773990ccfbOndrej Kos const char *const *args)
bfdb2eeed95bde6cd065a9a47a7cb1773990ccfbOndrej Kos if (auth_server_lookup_request(conn, args[0], TRUE, &request) < 0)
46222e5191473f9a46aec581273eb2eef22e23beMichal Zidek auth_client_request_server_input(request, AUTH_REQUEST_STATUS_OK,
46222e5191473f9a46aec581273eb2eef22e23beMichal Zidekstatic int auth_server_input_cont(struct auth_server_connection *conn,
46222e5191473f9a46aec581273eb2eef22e23beMichal Zidek const char *const *args)
505e75ba28b42bb3de7a6d55de825091b70cc2b2Stephen Gallagher i_error("BUG: Authentication server sent broken CONT line");
505e75ba28b42bb3de7a6d55de825091b70cc2b2Stephen Gallagher if (auth_server_lookup_request(conn, args[0], FALSE, &request) < 0)
505e75ba28b42bb3de7a6d55de825091b70cc2b2Stephen Gallagher auth_client_request_server_input(request, AUTH_REQUEST_STATUS_CONTINUE,
505e75ba28b42bb3de7a6d55de825091b70cc2b2Stephen Gallagherstatic int auth_server_input_fail(struct auth_server_connection *conn,
46222e5191473f9a46aec581273eb2eef22e23beMichal Zidek const char *const *args)
46222e5191473f9a46aec581273eb2eef22e23beMichal Zidek if (auth_server_lookup_request(conn, args[0], TRUE, &request) < 0)
46222e5191473f9a46aec581273eb2eef22e23beMichal Zidek auth_client_request_server_input(request, AUTH_REQUEST_STATUS_FAIL,
949fbc93defad394648b2651b43a7bbfa5bff42bSumit Boseauth_server_connection_input_line(struct auth_server_connection *conn,
949fbc93defad394648b2651b43a7bbfa5bff42bSumit Bose const char *line)
949fbc93defad394648b2651b43a7bbfa5bff42bSumit Bose const char *const *args;
505e75ba28b42bb3de7a6d55de825091b70cc2b2Stephen Gallagher return auth_server_input_ok(conn, args + 1);
505e75ba28b42bb3de7a6d55de825091b70cc2b2Stephen Gallagher return auth_server_input_cont(conn, args + 1);
505e75ba28b42bb3de7a6d55de825091b70cc2b2Stephen Gallagher return auth_server_input_fail(conn, args + 1);
505e75ba28b42bb3de7a6d55de825091b70cc2b2Stephen Gallagher return auth_server_input_mech(conn, args + 1);
505e75ba28b42bb3de7a6d55de825091b70cc2b2Stephen Gallagher return auth_server_input_spid(conn, args + 1);
505e75ba28b42bb3de7a6d55de825091b70cc2b2Stephen Gallagher return auth_server_input_cuid(conn, args + 1);
505e75ba28b42bb3de7a6d55de825091b70cc2b2Stephen Gallagher return auth_server_input_cookie(conn, args + 1);
505e75ba28b42bb3de7a6d55de825091b70cc2b2Stephen Gallagher i_error("Auth server sent unknown command: %s", args[0]);
505e75ba28b42bb3de7a6d55de825091b70cc2b2Stephen Gallagherstatic void auth_server_connection_input(struct auth_server_connection *conn)
505e75ba28b42bb3de7a6d55de825091b70cc2b2Stephen Gallagher /* disconnected */
505e75ba28b42bb3de7a6d55de825091b70cc2b2Stephen Gallagher strerror(conn->input->stream_errno) : "EOF";
505e75ba28b42bb3de7a6d55de825091b70cc2b2Stephen Gallagher auth_server_connection_reconnect(conn, error);
505e75ba28b42bb3de7a6d55de825091b70cc2b2Stephen Gallagher /* buffer full - can't happen unless auth is buggy */
505e75ba28b42bb3de7a6d55de825091b70cc2b2Stephen Gallagher i_error("BUG: Auth server sent us more than %d bytes of data",
505e75ba28b42bb3de7a6d55de825091b70cc2b2Stephen Gallagher auth_server_connection_disconnect(conn, "buffer full");
4f3fd1fb264a7eaf3a9d062d49e071b0d17e4debStephen Gallagher /* make sure the major version matches */
4f3fd1fb264a7eaf3a9d062d49e071b0d17e4debStephen Gallagher !str_uint_equals(t_strcut(line + 8, '\t'),
4f3fd1fb264a7eaf3a9d062d49e071b0d17e4debStephen Gallagher i_error("Authentication server not compatible with "
4f3fd1fb264a7eaf3a9d062d49e071b0d17e4debStephen Gallagher "this client (mixed old and new binaries?)");
4f3fd1fb264a7eaf3a9d062d49e071b0d17e4debStephen Gallagher "incompatible serevr");
4f3fd1fb264a7eaf3a9d062d49e071b0d17e4debStephen Gallagher while ((line = i_stream_next_line(input)) != NULL && !input->closed) {
4f3fd1fb264a7eaf3a9d062d49e071b0d17e4debStephen Gallagher ret = auth_server_connection_input_line(conn, line);
4f3fd1fb264a7eaf3a9d062d49e071b0d17e4debStephen Gallagher auth_server_connection_disconnect(conn, t_strdup_printf(
4f3fd1fb264a7eaf3a9d062d49e071b0d17e4debStephen Gallagherauth_server_connection_init(struct auth_client *client)
505e75ba28b42bb3de7a6d55de825091b70cc2b2Stephen Gallagher pool = pool_alloconly_create("auth server connection", 1024);
505e75ba28b42bb3de7a6d55de825091b70cc2b2Stephen Gallagher conn = p_new(pool, struct auth_server_connection, 1);
505e75ba28b42bb3de7a6d55de825091b70cc2b2Stephen Gallagher conn->requests = hash_table_create(default_pool, pool, 100, NULL, NULL);
505e75ba28b42bb3de7a6d55de825091b70cc2b2Stephen Gallagher i_array_init(&conn->available_auth_mechs, 8);
505e75ba28b42bb3de7a6d55de825091b70cc2b2Stephen Gallagherauth_server_connection_remove_requests(struct auth_server_connection *conn,
505e75ba28b42bb3de7a6d55de825091b70cc2b2Stephen Gallagher static const char *const temp_failure_args[] = { "temp", NULL };
46222e5191473f9a46aec581273eb2eef22e23beMichal Zidek unsigned int request_count = 0;
505e75ba28b42bb3de7a6d55de825091b70cc2b2Stephen Gallagher if (hash_table_count(conn->requests) == 0)
46222e5191473f9a46aec581273eb2eef22e23beMichal Zidek iter = hash_table_iterate_init(conn->requests);
505e75ba28b42bb3de7a6d55de825091b70cc2b2Stephen Gallagher while (hash_table_iterate(iter, &key, &value)) {
505e75ba28b42bb3de7a6d55de825091b70cc2b2Stephen Gallagher struct auth_client_request *request = value;
46222e5191473f9a46aec581273eb2eef22e23beMichal Zidek if (!auth_client_request_is_aborted(request)) {
46222e5191473f9a46aec581273eb2eef22e23beMichal Zidek created = auth_client_request_get_create_time(request);
505e75ba28b42bb3de7a6d55de825091b70cc2b2Stephen Gallagher i_warning("Auth connection closed with %u pending requests "
505e75ba28b42bb3de7a6d55de825091b70cc2b2Stephen Gallagher "(max %u secs, pid=%s, %s)", request_count,
505e75ba28b42bb3de7a6d55de825091b70cc2b2Stephen Gallaghervoid auth_server_connection_disconnect(struct auth_server_connection *conn,
45f75fc8e98092fa48faa3d180fd42f7efd51486Stephen Gallagher i_error("close(auth server connection) failed: %m");
45f75fc8e98092fa48faa3d180fd42f7efd51486Stephen Gallagher auth_server_connection_remove_requests(conn, reason);
45f75fc8e98092fa48faa3d180fd42f7efd51486Stephen Gallagher if (conn->client->connect_notify_callback != NULL) {
45f75fc8e98092fa48faa3d180fd42f7efd51486Stephen Gallagher conn->client->connect_notify_callback(conn->client, FALSE,
45f75fc8e98092fa48faa3d180fd42f7efd51486Stephen Gallagherstatic void auth_server_reconnect_timeout(struct auth_server_connection *conn)
45f75fc8e98092fa48faa3d180fd42f7efd51486Stephen Gallagher (void)auth_server_connection_connect(conn);
45f75fc8e98092fa48faa3d180fd42f7efd51486Stephen Gallagherauth_server_connection_reconnect(struct auth_server_connection *conn,
45f75fc8e98092fa48faa3d180fd42f7efd51486Stephen Gallagher auth_server_connection_disconnect(conn, disconnect_reason);
45f75fc8e98092fa48faa3d180fd42f7efd51486Stephen Gallagher next_connect = conn->last_connect + AUTH_SERVER_RECONNECT_TIMEOUT_SECS;
45f75fc8e98092fa48faa3d180fd42f7efd51486Stephen Gallagher conn->to = timeout_add(ioloop_time >= next_connect ? 0 :
45f75fc8e98092fa48faa3d180fd42f7efd51486Stephen Gallaghervoid auth_server_connection_deinit(struct auth_server_connection **_conn)
45f75fc8e98092fa48faa3d180fd42f7efd51486Stephen Gallagher struct auth_server_connection *conn = *_conn;
45f75fc8e98092fa48faa3d180fd42f7efd51486Stephen Gallagher auth_server_connection_disconnect(conn, "deinitializing");
45f75fc8e98092fa48faa3d180fd42f7efd51486Stephen Gallagher i_assert(hash_table_count(conn->requests) == 0);
8be5e4497e5008f7807178acdfcbf97365ec4e73Stephen Gallagherstatic void auth_client_handshake_timeout(struct auth_server_connection *conn)
8be5e4497e5008f7807178acdfcbf97365ec4e73Stephen Gallagher i_error("Timeout waiting for handshake from auth server. "
8be5e4497e5008f7807178acdfcbf97365ec4e73Stephen Gallagher conn->client->client_pid, conn->input->v_offset);
8be5e4497e5008f7807178acdfcbf97365ec4e73Stephen Gallagher auth_server_connection_reconnect(conn, "auth server timeout");
8be5e4497e5008f7807178acdfcbf97365ec4e73Stephen Gallagherint auth_server_connection_connect(struct auth_server_connection *conn)
8be5e4497e5008f7807178acdfcbf97365ec4e73Stephen Gallagher /* max. 1 second wait here. */
8be5e4497e5008f7807178acdfcbf97365ec4e73Stephen Gallagher fd = net_connect_unix_with_retries(conn->client->auth_socket_path,
8be5e4497e5008f7807178acdfcbf97365ec4e73Stephen Gallagher conn->io = io_add(fd, IO_READ, auth_server_connection_input, conn);
8be5e4497e5008f7807178acdfcbf97365ec4e73Stephen Gallagher conn->input = i_stream_create_fd(fd, AUTH_SERVER_CONN_MAX_LINE_LENGTH,
8be5e4497e5008f7807178acdfcbf97365ec4e73Stephen Gallagher conn->output = o_stream_create_fd(fd, (size_t)-1, FALSE);
8be5e4497e5008f7807178acdfcbf97365ec4e73Stephen Gallagher handshake = t_strdup_printf("VERSION\t%u\t%u\nCPID\t%u\n",
8be5e4497e5008f7807178acdfcbf97365ec4e73Stephen Gallagher if (o_stream_send_str(conn->output, handshake) < 0) {
d6f283302268520c1506fb3da4f2a22f5a741be5Michal Zidek i_warning("Error sending handshake to auth server: %m");
d6f283302268520c1506fb3da4f2a22f5a741be5Michal Zidekauth_server_connection_add_request(struct auth_server_connection *conn,
8be5e4497e5008f7807178acdfcbf97365ec4e73Stephen Gallagher unsigned int id;
8be5e4497e5008f7807178acdfcbf97365ec4e73Stephen Gallagher /* wrapped - ID 0 not allowed */