client-common.c revision 8601157bee434e08be01912a81ba8d6ccbe0a4f4
/* Copyright (c) 2002-2012 Dovecot authors, see the included COPYING file */
#include "login-common.h"
#include "hostpid.h"
#include "llist.h"
#include "istream.h"
#include "ostream.h"
#include "iostream-rawlog.h"
#include "process-title.h"
#include "buffer.h"
#include "str.h"
#include "base64.h"
#include "str-sanitize.h"
#include "safe-memset.h"
#include "var-expand.h"
#include "master-interface.h"
#include "master-service.h"
#include "master-auth.h"
#include "auth-client.h"
#include "login-proxy.h"
#include "ssl-proxy.h"
#include "client-common.h"
#include <stdlib.h>
static unsigned int clients_count = 0;
{
const char *user_reason, *destroy_reason;
unsigned int secs;
if (client->master_tag != 0) {
user_reason = "Timeout while finishing login.";
"Timeout while finishing login (waited %u secs)", secs);
"Disconnected for inactivity during authentication.";
"Disconnected: Inactivity during authentication";
user_reason = "Timeout while finishing login.";
"proxy: Logging in to %s:%u timed out "
"(state=%u, duration=%us)",
} else {
user_reason = "Disconnected for inactivity.";
destroy_reason = "Disconnected: Inactivity";
}
}
{
if (login_rawlog_dir != NULL) {
}
}
struct client *
{
if (last_client == NULL)
else
return client;
}
{
return;
}
if (last_client == client)
if (client->master_tag != 0) {
} else {
}
}
}
/* as soon as this connection is done with proxying
(or whatever), the process will die. there's no need for
authentication anymore, so close the connection.
do this only with initial service_count=1, in case there
are other clients with pending authentications */
}
}
{
}
{
"Internal login failure. "
"Refer to server log for more information.");
"Internal login failure (pid=%s id=%u)",
}
{
}
{
return TRUE;
i_assert(clients_count > 0);
return FALSE;
}
void client_destroy_oldest(void)
{
if (last_client == NULL) {
/* we have no clients */
return;
}
/* destroy the last client that hasn't successfully authenticated yet.
this is usually the last client, but don't kill it if it's just
waiting for master to finish its job. */
if (client->master_tag == 0)
break;
}
}
void clients_destroy_all_reason(const char *reason)
{
}
}
void clients_destroy_all(void)
{
clients_destroy_all_reason("Disconnected: Shutting down");
}
{
int fd_ssl;
return;
if (fd_ssl == -1) {
"TLS initialization failed.");
"Disconnected: TLS initialization failed.");
return;
}
}
{
int ret;
return 1;
}
if (ret > 0) {
}
return 1;
}
{
"TLS is already active.");
return;
}
if (!ssl_initialized) {
"TLS support isn't enabled.");
return;
}
/* remove input handler, SSL proxy gives us a new fd. we also have to
remove it in case we have to wait for buffer to be flushed */
"Begin TLS negotiation now.");
/* uncork the old fd */
/* the buffer has to be flushed */
} else {
}
}
unsigned int clients_get_count(void)
{
return clients_count;
}
{
unsigned int i;
return client->session_id;
i_fatal("gettimeofday(): %m");
/* add lowest 48 bits of the timestamp. this gives us a bit less than
9 years until it wraps */
for (i = 0; i < 48; i += 8)
#ifdef HAVE_IPV6
else
#endif
return client->session_id;
}
static struct var_expand_table login_var_expand_empty_tab[] = {
};
static const struct var_expand_table *
{
struct var_expand_table *tab;
unsigned int i;
sizeof(login_var_expand_empty_tab));
for (i = 0; i < 3; i++)
}
} else {
const char *ssl_state =
"TLS" : "TLS handshaking";
const char *ssl_error =
}
return tab;
}
static bool have_username_key(const char *str)
{
char key;
str++;
return TRUE;
}
}
return FALSE;
}
static const char *
{
};
const struct var_expand_table *var_expand_table;
struct var_expand_table *tab;
char *const *e;
unsigned int pos;
if (have_username_key(*e)) {
/* username is added even if it's empty */
} else {
str_truncate(str2, 0);
/* empty %variables, don't add */
continue;
}
}
}
str_truncate(str, 0);
}
{
T_BEGIN {
} T_END;
}
{
T_BEGIN {
} T_END;
}
{
T_BEGIN {
} T_END;
}
{
const char *const *net;
unsigned int bits;
return FALSE;
i_error("login_trusted_networks: "
"Invalid network '%s'", *net);
break;
}
return TRUE;
}
return FALSE;
}
{
return "(client sent an invalid cert)";
return "(client didn't send a cert)";
}
if (!client->greeting_sent)
return t_strdup_printf(
"(disconnected before greeting, waited %u secs)",
if (client->auth_attempts == 0) {
return t_strdup_printf("(no auth attempts in %u secs)",
}
return "(tried to use disallowed plaintext auth)";
return "(cert required, client didn't start TLS)";
return "(tried to use unsupported auth mechanism)";
return t_strdup_printf("(client didn't finish SASL auth, "
"waited %u secs)", auth_secs);
}
return t_strdup_printf("(disconnected while authenticating, "
"waited %u secs)", auth_secs);
}
return t_strdup_printf("(disconnected while finishing login, "
"waited %u secs)", auth_secs);
}
return "(aborted authentication)";
if (client->auth_process_comm_fail)
return "(auth process communication failure)";
if (client->proxy_auth_failed)
return "(proxy dest auth failed)";
if (client->auth_successes > 0) {
return t_strdup_printf("(internal failure, %u succesful auths)",
}
return t_strdup_printf("(auth failed, %u attempts in %u secs)",
}
const char *text)
{
}
{
/* either disconnection or buffer full. in either case we want
this connection destroyed. however destroying it here might
break things if client is still tried to be accessed without
being referenced.. */
}
}
{
}
{
case -2:
/* buffer full */
"Input buffer full, aborting");
return FALSE;
case -1:
/* disconnected */
return FALSE;
case 0:
/* nothing new read */
return TRUE;
default:
/* something was read */
return TRUE;
}
}
{
}