master-login.c revision 5a580c3a38ced62d4bcc95b8ac7c4f2935b5d294
00e7c3010f7da4a49881a7feb05e413af353af0aTimo Sirainen/* Copyright (c) 2009-2013 Dovecot authors, see the included COPYING file */
00e7c3010f7da4a49881a7feb05e413af353af0aTimo Sirainen master_login_failure_callback_t *failure_callback;
00e7c3010f7da4a49881a7feb05e413af353af0aTimo Sirainenstatic void master_login_conn_close(struct master_login_connection *conn);
00e7c3010f7da4a49881a7feb05e413af353af0aTimo Sirainenstatic void master_login_conn_unref(struct master_login_connection **_conn);
00e7c3010f7da4a49881a7feb05e413af353af0aTimo Sirainenmaster_login_init(struct master_service *service,
00e7c3010f7da4a49881a7feb05e413af353af0aTimo Sirainen i_assert(set->postlogin_socket_path == NULL ||
00e7c3010f7da4a49881a7feb05e413af353af0aTimo Sirainen login->failure_callback = set->failure_callback;
00e7c3010f7da4a49881a7feb05e413af353af0aTimo Sirainen login->auth = master_login_auth_init(set->auth_socket_path,
00e7c3010f7da4a49881a7feb05e413af353af0aTimo Sirainen login->postlogin_socket_path = i_strdup(set->postlogin_socket_path);
00e7c3010f7da4a49881a7feb05e413af353af0aTimo Sirainen login->postlogin_timeout_secs = set->postlogin_timeout_secs;
00e7c3010f7da4a49881a7feb05e413af353af0aTimo Sirainenvoid master_login_deinit(struct master_login **_login)
7ca63fa4166f89fee900b7c14d87d53fbac47242Timo Sirainen struct master_login_connection *conn = login->conns;
7ca63fa4166f89fee900b7c14d87d53fbac47242Timo Sirainenmaster_login_conn_read_request(struct master_login_connection *conn,
7ca63fa4166f89fee900b7c14d87d53fbac47242Timo Sirainen unsigned char data[MASTER_AUTH_MAX_DATA_SIZE],
00e7c3010f7da4a49881a7feb05e413af353af0aTimo Sirainen ret = fd_read(conn->fd, req_r, sizeof(*req_r), client_fd_r);
00e7c3010f7da4a49881a7feb05e413af353af0aTimo Sirainen /* disconnected */
00e7c3010f7da4a49881a7feb05e413af353af0aTimo Sirainen i_error("Login client disconnected too early");
00e7c3010f7da4a49881a7feb05e413af353af0aTimo Sirainen } else if (ret > 0) {
00e7c3010f7da4a49881a7feb05e413af353af0aTimo Sirainen /* request wasn't fully read */
7ca63fa4166f89fee900b7c14d87d53fbac47242Timo Sirainen if (req_r->data_size > MASTER_AUTH_MAX_DATA_SIZE) {
00e7c3010f7da4a49881a7feb05e413af353af0aTimo Sirainen /* @UNSAFE */
00e7c3010f7da4a49881a7feb05e413af353af0aTimo Sirainen /* disconnected */
7ca63fa4166f89fee900b7c14d87d53fbac47242Timo Sirainen i_error("Login client disconnected too early "
7ca63fa4166f89fee900b7c14d87d53fbac47242Timo Sirainen "(while reading data)");
9dcb7a41eaaf832f641b7743060b5cf5ed7c80b3Timo Sirainen } else if (ret > 0) {
00e7c3010f7da4a49881a7feb05e413af353af0aTimo Sirainen /* request wasn't fully read */
00e7c3010f7da4a49881a7feb05e413af353af0aTimo Sirainen i_error("Auth request missing a file descriptor");
00e7c3010f7da4a49881a7feb05e413af353af0aTimo Sirainen i_error("Auth request inode mismatch: %s != %s",
00e7c3010f7da4a49881a7feb05e413af353af0aTimo Sirainenstatic void master_login_client_free(struct master_login_client **_client)
00e7c3010f7da4a49881a7feb05e413af353af0aTimo Sirainen struct master_login_client *client = *_client;
00e7c3010f7da4a49881a7feb05e413af353af0aTimo Sirainen /* this client failed (login callback wasn't called).
00e7c3010f7da4a49881a7feb05e413af353af0aTimo Sirainen reset prefix to default. */
00e7c3010f7da4a49881a7feb05e413af353af0aTimo Sirainen i_set_failure_prefix("%s: ", client->conn->login->service->name);
00e7c3010f7da4a49881a7feb05e413af353af0aTimo Sirainen /* FIXME: currently we create a separate connection for each request,
00e7c3010f7da4a49881a7feb05e413af353af0aTimo Sirainen so close the connection after we're done with this client */
00e7c3010f7da4a49881a7feb05e413af353af0aTimo Sirainen if (!master_login_conn_is_closed(client->conn)) {
00e7c3010f7da4a49881a7feb05e413af353af0aTimo Sirainenstatic void master_login_auth_finish(struct master_login_client *client,
00e7c3010f7da4a49881a7feb05e413af353af0aTimo Sirainen const char *const *auth_args)
00e7c3010f7da4a49881a7feb05e413af353af0aTimo Sirainen struct master_login *login = client->conn->login;
00e7c3010f7da4a49881a7feb05e413af353af0aTimo Sirainen struct master_service *service = login->service;
00e7c3010f7da4a49881a7feb05e413af353af0aTimo Sirainen close_sockets = service->master_status.available_count == 0 &&
00e7c3010f7da4a49881a7feb05e413af353af0aTimo Sirainen login->callback(client, auth_args[0], auth_args+1);
00e7c3010f7da4a49881a7feb05e413af353af0aTimo Sirainen /* we're dying as soon as this connection closes. */
00e7c3010f7da4a49881a7feb05e413af353af0aTimo Sirainen i_assert(master_login_auth_request_count(login->auth) == 0);
00e7c3010f7da4a49881a7feb05e413af353af0aTimo Sirainen /* try stopping again */
00e7c3010f7da4a49881a7feb05e413af353af0aTimo Sirainenstatic void master_login_postlogin_free(struct master_login_postlogin *pl)
00e7c3010f7da4a49881a7feb05e413af353af0aTimo Sirainenstatic void master_login_postlogin_input(struct master_login_postlogin *pl)
00e7c3010f7da4a49881a7feb05e413af353af0aTimo Sirainen struct master_login *login = pl->client->conn->login;
00e7c3010f7da4a49881a7feb05e413af353af0aTimo Sirainen const char **auth_args, **p;
00e7c3010f7da4a49881a7feb05e413af353af0aTimo Sirainen unsigned int len;
00e7c3010f7da4a49881a7feb05e413af353af0aTimo Sirainen while ((ret = fd_read(pl->fd, buf, sizeof(buf), &fd)) > 0) {
00e7c3010f7da4a49881a7feb05e413af353af0aTimo Sirainen /* post-login script replaced fd */
00e7c3010f7da4a49881a7feb05e413af353af0aTimo Sirainen if (len > 0 && str_c(pl->input)[len-1] == '\n') {
00e7c3010f7da4a49881a7feb05e413af353af0aTimo Sirainen /* finished reading the input */
00e7c3010f7da4a49881a7feb05e413af353af0aTimo Sirainen i_info("Post-login script denied access to user %s",
00e7c3010f7da4a49881a7feb05e413af353af0aTimo Sirainen master_login_auth_finish(pl->client, auth_args);
00e7c3010f7da4a49881a7feb05e413af353af0aTimo Sirainenstatic void master_login_postlogin_timeout(struct master_login_postlogin *pl)
00e7c3010f7da4a49881a7feb05e413af353af0aTimo Sirainen struct master_login *login = pl->client->conn->login;
00e7c3010f7da4a49881a7feb05e413af353af0aTimo Sirainen i_error("%s: Timeout waiting for post-login script to finish, aborting",
00e7c3010f7da4a49881a7feb05e413af353af0aTimo Sirainenstatic int master_login_postlogin(struct master_login_client *client,
00e7c3010f7da4a49881a7feb05e413af353af0aTimo Sirainen const char *const *auth_args)
7ca63fa4166f89fee900b7c14d87d53fbac47242Timo Sirainen struct master_login *login = client->conn->login;
7ca63fa4166f89fee900b7c14d87d53fbac47242Timo Sirainen unsigned int i;
7ca63fa4166f89fee900b7c14d87d53fbac47242Timo Sirainen fd = net_connect_unix_with_retries(login->postlogin_socket_path, 1000);
00e7c3010f7da4a49881a7feb05e413af353af0aTimo Sirainen str_printfa(str, "VERSION\tscript-login\t1\t0\n"
00e7c3010f7da4a49881a7feb05e413af353af0aTimo Sirainen "%s\t%s", net_ip2addr(&client->auth_req.local_ip),
7ca63fa4166f89fee900b7c14d87d53fbac47242Timo Sirainen ret = fd_send(fd, client->fd, str_data(str), str_len(str));
0a53eb0283d7ec28c6105f61e118b96fce8ecb95Timo Sirainen pl->io = io_add(fd, IO_READ, master_login_postlogin_input, pl);
00e7c3010f7da4a49881a7feb05e413af353af0aTimo Sirainen pl->to = timeout_add(login->postlogin_timeout_secs * 1000,
00e7c3010f7da4a49881a7feb05e413af353af0aTimo Sirainenmaster_login_auth_callback(const char *const *auth_args, const char *errormsg,
00e7c3010f7da4a49881a7feb05e413af353af0aTimo Sirainen struct master_login_connection *conn = client->conn;
00e7c3010f7da4a49881a7feb05e413af353af0aTimo Sirainen reply.status = errormsg == NULL ? MASTER_AUTH_STATUS_OK :
00e7c3010f7da4a49881a7feb05e413af353af0aTimo Sirainen o_stream_nsend(conn->output, &reply, sizeof(reply));
00e7c3010f7da4a49881a7feb05e413af353af0aTimo Sirainen if (errormsg != NULL || auth_args[0] == NULL) {
7ca63fa4166f89fee900b7c14d87d53fbac47242Timo Sirainen i_error("login client: Username missing from auth reply");
7ca63fa4166f89fee900b7c14d87d53fbac47242Timo Sirainen errormsg = MASTER_AUTH_ERRMSG_INTERNAL_FAILURE;
7ca63fa4166f89fee900b7c14d87d53fbac47242Timo Sirainen conn->login->failure_callback(client, errormsg);
00e7c3010f7da4a49881a7feb05e413af353af0aTimo Sirainen i_set_failure_prefix("%s(%s): ", client->conn->login->service->name,
7ca63fa4166f89fee900b7c14d87d53fbac47242Timo Sirainen if (conn->login->postlogin_socket_path == NULL)
00e7c3010f7da4a49881a7feb05e413af353af0aTimo Sirainen /* we've sent the reply. the connection is no longer needed,
00e7c3010f7da4a49881a7feb05e413af353af0aTimo Sirainen so disconnect it (before login process disconnects us and
00e7c3010f7da4a49881a7feb05e413af353af0aTimo Sirainen logs an error) */
00e7c3010f7da4a49881a7feb05e413af353af0aTimo Sirainen /* execute post-login scripts before finishing auth */
00e7c3010f7da4a49881a7feb05e413af353af0aTimo Sirainen if (master_login_postlogin(client, auth_args) < 0)
00e7c3010f7da4a49881a7feb05e413af353af0aTimo Sirainenstatic void master_login_conn_input(struct master_login_connection *conn)
00e7c3010f7da4a49881a7feb05e413af353af0aTimo Sirainen unsigned char data[MASTER_AUTH_MAX_DATA_SIZE];
00e7c3010f7da4a49881a7feb05e413af353af0aTimo Sirainen unsigned int i, session_len = 0;
00e7c3010f7da4a49881a7feb05e413af353af0aTimo Sirainen ret = master_login_conn_read_request(conn, &req, data, &client_fd);
7ca63fa4166f89fee900b7c14d87d53fbac47242Timo Sirainen /* extract the session ID from the request data */
7ca63fa4166f89fee900b7c14d87d53fbac47242Timo Sirainen if (session_len >= sizeof(client->session_id)) {
7ca63fa4166f89fee900b7c14d87d53fbac47242Timo Sirainen /* @UNSAFE: we have a request. do userdb lookup for it. */
0a53eb0283d7ec28c6105f61e118b96fce8ecb95Timo Sirainen client = i_malloc(sizeof(struct master_login_client) + req.data_size);
7ca63fa4166f89fee900b7c14d87d53fbac47242Timo Sirainen memcpy(client->session_id, data, session_len);
7ca63fa4166f89fee900b7c14d87d53fbac47242Timo Sirainenvoid master_login_add(struct master_login *login, int fd)
00e7c3010f7da4a49881a7feb05e413af353af0aTimo Sirainen conn = i_new(struct master_login_connection, 1);
00e7c3010f7da4a49881a7feb05e413af353af0aTimo Sirainen conn->io = io_add(conn->fd, IO_READ, master_login_conn_input, conn);
00e7c3010f7da4a49881a7feb05e413af353af0aTimo Sirainen conn->output = o_stream_create_fd(fd, (size_t)-1, FALSE);
00e7c3010f7da4a49881a7feb05e413af353af0aTimo Sirainen o_stream_set_no_error_handling(conn->output, TRUE);
7ca63fa4166f89fee900b7c14d87d53fbac47242Timo Sirainen /* NOTE: currently there's a separate connection for each request. */
00e7c3010f7da4a49881a7feb05e413af353af0aTimo Sirainenstatic void master_login_conn_close(struct master_login_connection *conn)
00e7c3010f7da4a49881a7feb05e413af353af0aTimo Sirainenstatic void master_login_conn_unref(struct master_login_connection **_conn)
00e7c3010f7da4a49881a7feb05e413af353af0aTimo Sirainen struct master_login_connection *conn = *_conn;
00e7c3010f7da4a49881a7feb05e413af353af0aTimo Sirainen master_service_client_connection_destroyed(conn->login->service);
7ca63fa4166f89fee900b7c14d87d53fbac47242Timo Sirainenvoid master_login_stop(struct master_login *login)
7ca63fa4166f89fee900b7c14d87d53fbac47242Timo Sirainen if (master_login_auth_request_count(login->auth) == 0) {