src/login-common/client-common.h

	client-common.h revision 3609e0b9b8fcd1a183a785af690cdcad33c345aa
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen#ifndef CLIENT_COMMON_H
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen#define CLIENT_COMMON_H
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen
bbce20cb4e5739e9a06058cf8ee1f38a7f6884f6Timo Sirainenstruct module;
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen#include "net.h"
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen#include "login-proxy.h"
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen#include "sasl-server.h"
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen#include "master-login.h" /* for LOGIN_MAX_SESSION_ID_LEN */
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen#define LOGIN_MAX_SESSION_ID_LEN 64
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen#define LOGIN_MAX_MASTER_PREFIX_LEN 128
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen#define LOGIN_MAX_CLIENT_ID_LEN 256
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen/* max. size of input buffer. this means:
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen   IMAP: Max. length of command's all parameters. SASL-IR is read into
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen         a separate larger buffer.
bbce20cb4e5739e9a06058cf8ee1f38a7f6884f6Timo Sirainen   POP3: Max. length of a command line (spec says 512 would be enough)
bbce20cb4e5739e9a06058cf8ee1f38a7f6884f6Timo Sirainen*/
bbce20cb4e5739e9a06058cf8ee1f38a7f6884f6Timo Sirainen#define LOGIN_MAX_INBUF_SIZE \
213b139965e8bde6c8aff02ffd9fd39a74c887a9Timo Sirainen    (MASTER_AUTH_MAX_DATA_SIZE - LOGIN_MAX_MASTER_PREFIX_LEN - \
a24f6b02ed8d0dde933a715be1c86f01977bf610Timo Sirainen     LOGIN_MAX_SESSION_ID_LEN)
a24f6b02ed8d0dde933a715be1c86f01977bf610Timo Sirainen/* max. size of output buffer. if it gets full, the client is disconnected.
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen   SASL authentication gives the largest output. */
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen#define LOGIN_MAX_OUTBUF_SIZE 4096
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen/* Max. length of SASL authentication buffer. */
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen#define LOGIN_MAX_AUTH_BUF_SIZE 8192
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen/* Disconnect client after this many milliseconds if it hasn't managed
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen   to log in yet. */
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen#define CLIENT_LOGIN_TIMEOUT_MSECS (MASTER_LOGIN_TIMEOUT_SECS*1000)
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen#define AUTH_SERVER_WAITING_MSG \
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen    "Waiting for authentication process to respond.."
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen#define AUTH_MASTER_WAITING_MSG \
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen    "Waiting for authentication master process to respond.."
7888a9d2008eab9985096c46e1da9ee985c22a2aTimo Sirainen
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainenstruct master_service_connection;
a24f6b02ed8d0dde933a715be1c86f01977bf610Timo Sirainen
a24f6b02ed8d0dde933a715be1c86f01977bf610Timo Sirainenenum client_disconnect_reason {
213b139965e8bde6c8aff02ffd9fd39a74c887a9Timo Sirainen    CLIENT_DISCONNECT_TIMEOUT,
bbce20cb4e5739e9a06058cf8ee1f38a7f6884f6Timo Sirainen    CLIENT_DISCONNECT_SYSTEM_SHUTDOWN,
a24f6b02ed8d0dde933a715be1c86f01977bf610Timo Sirainen    CLIENT_DISCONNECT_RESOURCE_CONSTRAINT,
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen    CLIENT_DISCONNECT_INTERNAL_ERROR
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen};
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainenenum client_auth_fail_code {
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen    CLIENT_AUTH_FAIL_CODE_NONE = 0,
bbce20cb4e5739e9a06058cf8ee1f38a7f6884f6Timo Sirainen    CLIENT_AUTH_FAIL_CODE_AUTHZFAILED,
bbce20cb4e5739e9a06058cf8ee1f38a7f6884f6Timo Sirainen    CLIENT_AUTH_FAIL_CODE_TEMPFAIL,
bbce20cb4e5739e9a06058cf8ee1f38a7f6884f6Timo Sirainen    CLIENT_AUTH_FAIL_CODE_USER_DISABLED,
bbce20cb4e5739e9a06058cf8ee1f38a7f6884f6Timo Sirainen    CLIENT_AUTH_FAIL_CODE_PASS_EXPIRED,
bbce20cb4e5739e9a06058cf8ee1f38a7f6884f6Timo Sirainen    CLIENT_AUTH_FAIL_CODE_INVALID_BASE64,
bbce20cb4e5739e9a06058cf8ee1f38a7f6884f6Timo Sirainen    CLIENT_AUTH_FAIL_CODE_LOGIN_DISABLED,
bbce20cb4e5739e9a06058cf8ee1f38a7f6884f6Timo Sirainen    CLIENT_AUTH_FAIL_CODE_MECH_INVALID,
bbce20cb4e5739e9a06058cf8ee1f38a7f6884f6Timo Sirainen    CLIENT_AUTH_FAIL_CODE_MECH_SSL_REQUIRED,
bbce20cb4e5739e9a06058cf8ee1f38a7f6884f6Timo Sirainen};
bbce20cb4e5739e9a06058cf8ee1f38a7f6884f6Timo Sirainen
bbce20cb4e5739e9a06058cf8ee1f38a7f6884f6Timo Sirainenenum client_auth_result {
bbce20cb4e5739e9a06058cf8ee1f38a7f6884f6Timo Sirainen    CLIENT_AUTH_RESULT_SUCCESS,
bbce20cb4e5739e9a06058cf8ee1f38a7f6884f6Timo Sirainen    CLIENT_AUTH_RESULT_REFERRAL_SUCCESS,
d5cebe7f98e63d4e2822863ef2faa4971e8b3a5dTimo Sirainen    CLIENT_AUTH_RESULT_REFERRAL_NOLOGIN,
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen    CLIENT_AUTH_RESULT_ABORTED,
d5cebe7f98e63d4e2822863ef2faa4971e8b3a5dTimo Sirainen    CLIENT_AUTH_RESULT_AUTHFAILED,
93b29720c5141f787bd1861796867e4595c9d084Timo Sirainen    CLIENT_AUTH_RESULT_AUTHFAILED_REASON,
93b29720c5141f787bd1861796867e4595c9d084Timo Sirainen    CLIENT_AUTH_RESULT_AUTHZFAILED,
d5cebe7f98e63d4e2822863ef2faa4971e8b3a5dTimo Sirainen    CLIENT_AUTH_RESULT_TEMPFAIL,
d5cebe7f98e63d4e2822863ef2faa4971e8b3a5dTimo Sirainen    CLIENT_AUTH_RESULT_PASS_EXPIRED,
93b29720c5141f787bd1861796867e4595c9d084Timo Sirainen    CLIENT_AUTH_RESULT_SSL_REQUIRED,
93b29720c5141f787bd1861796867e4595c9d084Timo Sirainen    CLIENT_AUTH_RESULT_INVALID_BASE64,
93b29720c5141f787bd1861796867e4595c9d084Timo Sirainen    CLIENT_AUTH_RESULT_LOGIN_DISABLED,
93b29720c5141f787bd1861796867e4595c9d084Timo Sirainen    CLIENT_AUTH_RESULT_MECH_INVALID,
93b29720c5141f787bd1861796867e4595c9d084Timo Sirainen    CLIENT_AUTH_RESULT_MECH_SSL_REQUIRED
93b29720c5141f787bd1861796867e4595c9d084Timo Sirainen};
93b29720c5141f787bd1861796867e4595c9d084Timo Sirainen
bbce20cb4e5739e9a06058cf8ee1f38a7f6884f6Timo Sirainenstruct client_auth_reply {
a24f6b02ed8d0dde933a715be1c86f01977bf610Timo Sirainen    const char *master_user, *reason;
bbce20cb4e5739e9a06058cf8ee1f38a7f6884f6Timo Sirainen    enum client_auth_fail_code fail_code;
bbce20cb4e5739e9a06058cf8ee1f38a7f6884f6Timo Sirainen
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen    /* for proxying */
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen    const char *host, *hostip, *source_ip;
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen    const char *destuser, *password, *proxy_mech;
93b29720c5141f787bd1861796867e4595c9d084Timo Sirainen    in_port_t port;
93b29720c5141f787bd1861796867e4595c9d084Timo Sirainen    unsigned int proxy_timeout_msecs;
93b29720c5141f787bd1861796867e4595c9d084Timo Sirainen    unsigned int proxy_refresh_secs;
93b29720c5141f787bd1861796867e4595c9d084Timo Sirainen    enum login_proxy_ssl_flags ssl_flags;
93b29720c5141f787bd1861796867e4595c9d084Timo Sirainen
93b29720c5141f787bd1861796867e4595c9d084Timo Sirainen    /* all the key=value fields returned by passdb */
93b29720c5141f787bd1861796867e4595c9d084Timo Sirainen    const char *const *all_fields;
93b29720c5141f787bd1861796867e4595c9d084Timo Sirainen
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen    bool proxy:1;
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen    bool proxy_nopipelining:1;
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen    bool proxy_not_trusted:1;
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen    bool nologin:1;
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen};
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainenstruct client_vfuncs {
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen    struct client *(*alloc)(pool_t pool);
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen    void (*create)(struct client *client, void **other_sets);
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen    void (*destroy)(struct client *client);
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen    void (*notify_auth_ready)(struct client *client);
a050ca9def13949dbaa67bd6574a41c4f397ae26Timo Sirainen    void (*notify_disconnect)(struct client *client,
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen                  enum client_disconnect_reason reason,
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen                  const char *text);
a050ca9def13949dbaa67bd6574a41c4f397ae26Timo Sirainen    void (*notify_status)(struct client *client,
a050ca9def13949dbaa67bd6574a41c4f397ae26Timo Sirainen                  bool bad, const char *text);
a050ca9def13949dbaa67bd6574a41c4f397ae26Timo Sirainen    void (*notify_starttls)(struct client *client,
93b29720c5141f787bd1861796867e4595c9d084Timo Sirainen                bool success, const char *text);
a050ca9def13949dbaa67bd6574a41c4f397ae26Timo Sirainen    void (*starttls)(struct client *client);
93b29720c5141f787bd1861796867e4595c9d084Timo Sirainen    void (*input)(struct client *client);
0d658231054332c3f4c04aab0422af649de89a8cTimo Sirainen    void (*auth_send_challenge)(struct client *client, const char *data);
0d658231054332c3f4c04aab0422af649de89a8cTimo Sirainen    void (*auth_parse_response)(struct client *client);
0d658231054332c3f4c04aab0422af649de89a8cTimo Sirainen    void (*auth_result)(struct client *client,
f2786c07cbd4a7a0a6a46c3e06dc4545aaf2f278Timo Sirainen                enum client_auth_result result,
0d658231054332c3f4c04aab0422af649de89a8cTimo Sirainen                const struct client_auth_reply *reply,
0d658231054332c3f4c04aab0422af649de89a8cTimo Sirainen                const char *text);
0d658231054332c3f4c04aab0422af649de89a8cTimo Sirainen    void (*proxy_reset)(struct client *client);
0d658231054332c3f4c04aab0422af649de89a8cTimo Sirainen    int (*proxy_parse_line)(struct client *client, const char *line);
0d658231054332c3f4c04aab0422af649de89a8cTimo Sirainen    void (*proxy_error)(struct client *client, const char *text);
f2786c07cbd4a7a0a6a46c3e06dc4545aaf2f278Timo Sirainen    const char *(*proxy_get_state)(struct client *client);
0d658231054332c3f4c04aab0422af649de89a8cTimo Sirainen    void (*send_raw_data)(struct client *client,
45e62043058738e294f89504c319d852e25943ccTimo Sirainen                  const void *data, size_t size);
45e62043058738e294f89504c319d852e25943ccTimo Sirainen    bool (*input_next_cmd)(struct client *client);
9df8c9225140d9d1df5ddf4c6c9da61662ae6c44Timo Sirainen    void (*free)(struct client *client);
45e62043058738e294f89504c319d852e25943ccTimo Sirainen};
f2786c07cbd4a7a0a6a46c3e06dc4545aaf2f278Timo Sirainen
9df8c9225140d9d1df5ddf4c6c9da61662ae6c44Timo Sirainenstruct client {
9df8c9225140d9d1df5ddf4c6c9da61662ae6c44Timo Sirainen    /* If disconnected=FALSE, the client is in "clients" list.
9df8c9225140d9d1df5ddf4c6c9da61662ae6c44Timo Sirainen       If fd_proxying=TRUE, the client is in "client_fd_proxies" list.
9df8c9225140d9d1df5ddf4c6c9da61662ae6c44Timo Sirainen       Otherwise, either the client will soon be freed or it's only
9df8c9225140d9d1df5ddf4c6c9da61662ae6c44Timo Sirainen       referenced via "login_proxies" which doesn't use these pointers. */
40ef82c46f6652412b068ebcdac7c3e74840a284Timo Sirainen    struct client *prev, *next;
9df8c9225140d9d1df5ddf4c6c9da61662ae6c44Timo Sirainen
40ef82c46f6652412b068ebcdac7c3e74840a284Timo Sirainen    pool_t pool;
fc7b17677ac1a5fa3f7fe13d5ef7dcfea8d9b4a1Timo Sirainen    /* this pool gets free'd once proxying starts */
9df8c9225140d9d1df5ddf4c6c9da61662ae6c44Timo Sirainen    pool_t preproxy_pool;
a050ca9def13949dbaa67bd6574a41c4f397ae26Timo Sirainen    struct client_vfuncs v;
a050ca9def13949dbaa67bd6574a41c4f397ae26Timo Sirainen    struct client_vfuncs *vlast;
ed1f14af0d426b5550521a58fc414d130aa14172Timo Sirainen
f2786c07cbd4a7a0a6a46c3e06dc4545aaf2f278Timo Sirainen    time_t created;
f2786c07cbd4a7a0a6a46c3e06dc4545aaf2f278Timo Sirainen    int refcount;
f2786c07cbd4a7a0a6a46c3e06dc4545aaf2f278Timo Sirainen
f2786c07cbd4a7a0a6a46c3e06dc4545aaf2f278Timo Sirainen    struct ip_addr local_ip;
f2786c07cbd4a7a0a6a46c3e06dc4545aaf2f278Timo Sirainen    struct ip_addr ip;
f2786c07cbd4a7a0a6a46c3e06dc4545aaf2f278Timo Sirainen    struct ip_addr real_remote_ip, real_local_ip;
f2786c07cbd4a7a0a6a46c3e06dc4545aaf2f278Timo Sirainen    in_port_t local_port, remote_port;
f2786c07cbd4a7a0a6a46c3e06dc4545aaf2f278Timo Sirainen    in_port_t real_local_port, real_remote_port;
f2786c07cbd4a7a0a6a46c3e06dc4545aaf2f278Timo Sirainen    struct ssl_iostream *ssl_iostream;
95a284736b8b11319a3f575ba249ba2eb7dbac1bTimo Sirainen    const struct login_settings *set;
95a284736b8b11319a3f575ba249ba2eb7dbac1bTimo Sirainen    const struct master_service_ssl_settings *ssl_set;
95a284736b8b11319a3f575ba249ba2eb7dbac1bTimo Sirainen    const char *session_id, *listener_name, *postlogin_socket_path;
95a284736b8b11319a3f575ba249ba2eb7dbac1bTimo Sirainen    const char *local_name;
95a284736b8b11319a3f575ba249ba2eb7dbac1bTimo Sirainen    const char *client_cert_common_name;
95a284736b8b11319a3f575ba249ba2eb7dbac1bTimo Sirainen
95a284736b8b11319a3f575ba249ba2eb7dbac1bTimo Sirainen    string_t *client_id;
95a284736b8b11319a3f575ba249ba2eb7dbac1bTimo Sirainen    string_t *forward_fields;
95a284736b8b11319a3f575ba249ba2eb7dbac1bTimo Sirainen
8eeafcb306872435f3171e6acf5a9937aec3a175Timo Sirainen    int fd;
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen    struct istream *input;
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen    struct ostream *output;
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen    struct io *io;
a050ca9def13949dbaa67bd6574a41c4f397ae26Timo Sirainen    struct iostream_proxy *iostream_fd_proxy;
a050ca9def13949dbaa67bd6574a41c4f397ae26Timo Sirainen    struct timeout *to_auth_waiting;
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen    struct timeout *to_disconnect;
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen    unsigned char *master_data_prefix;
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen    unsigned int master_data_prefix_len;
fc7b17677ac1a5fa3f7fe13d5ef7dcfea8d9b4a1Timo Sirainen
fc7b17677ac1a5fa3f7fe13d5ef7dcfea8d9b4a1Timo Sirainen    struct login_proxy *login_proxy;
fc7b17677ac1a5fa3f7fe13d5ef7dcfea8d9b4a1Timo Sirainen    char *proxy_user, *proxy_master_user, *proxy_password;
fc7b17677ac1a5fa3f7fe13d5ef7dcfea8d9b4a1Timo Sirainen    const struct dsasl_client_mech *proxy_mech;
fc7b17677ac1a5fa3f7fe13d5ef7dcfea8d9b4a1Timo Sirainen    struct dsasl_client *proxy_sasl_client;
fc7b17677ac1a5fa3f7fe13d5ef7dcfea8d9b4a1Timo Sirainen    unsigned int proxy_ttl;
fc7b17677ac1a5fa3f7fe13d5ef7dcfea8d9b4a1Timo Sirainen
fc7b17677ac1a5fa3f7fe13d5ef7dcfea8d9b4a1Timo Sirainen    char *auth_mech_name;
fc7b17677ac1a5fa3f7fe13d5ef7dcfea8d9b4a1Timo Sirainen    struct auth_client_request *auth_request;
fc7b17677ac1a5fa3f7fe13d5ef7dcfea8d9b4a1Timo Sirainen    string_t *auth_response;
fc7b17677ac1a5fa3f7fe13d5ef7dcfea8d9b4a1Timo Sirainen    time_t auth_first_started, auth_finished;
fc7b17677ac1a5fa3f7fe13d5ef7dcfea8d9b4a1Timo Sirainen    const char *sasl_final_resp;
fc7b17677ac1a5fa3f7fe13d5ef7dcfea8d9b4a1Timo Sirainen    const char *const *auth_passdb_args;
fc7b17677ac1a5fa3f7fe13d5ef7dcfea8d9b4a1Timo Sirainen
e86d0d34fe365da4c7ca4312d575bfcbf3a01c0eTimo Sirainen    unsigned int master_auth_id;
e86d0d34fe365da4c7ca4312d575bfcbf3a01c0eTimo Sirainen    unsigned int master_tag;
ccb77e2f63626ec46e5745ef4f38baa8e8e504fcTimo Sirainen    sasl_server_callback_t *sasl_callback;
e86d0d34fe365da4c7ca4312d575bfcbf3a01c0eTimo Sirainen
e86d0d34fe365da4c7ca4312d575bfcbf3a01c0eTimo Sirainen    unsigned int bad_counter;
e86d0d34fe365da4c7ca4312d575bfcbf3a01c0eTimo Sirainen    unsigned int auth_attempts, auth_successes;
e86d0d34fe365da4c7ca4312d575bfcbf3a01c0eTimo Sirainen    enum client_auth_fail_code last_auth_fail;
fc7b17677ac1a5fa3f7fe13d5ef7dcfea8d9b4a1Timo Sirainen    pid_t mail_pid;
a050ca9def13949dbaa67bd6574a41c4f397ae26Timo Sirainen
1b56f5fdd415270c743a38719d41b4d9497bcacdTimo Sirainen    /* Module-specific contexts. */
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen    ARRAY(union login_client_module_context *) module_contexts;
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen    char *virtual_user, *virtual_user_orig, *virtual_auth_user;
f2786c07cbd4a7a0a6a46c3e06dc4545aaf2f278Timo Sirainen    /* passdb user_* fields are set here after a successful auth.
f2786c07cbd4a7a0a6a46c3e06dc4545aaf2f278Timo Sirainen       This is a NULL-terminated array where fields are in the same order
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen       as in global_alt_usernames. If some field doesn't exist, it's "".
a050ca9def13949dbaa67bd6574a41c4f397ae26Timo Sirainen       Can also be NULL if there are no user_* fields. */
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen    const char **alt_usernames;
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen    /* director_username_hash cached, if non-zero */
527ed64bc924b4a13b570a8450f8be3efdf71879Timo Sirainen    unsigned int director_username_hash_cache;
527ed64bc924b4a13b570a8450f8be3efdf71879Timo Sirainen
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen    bool create_finished:1;
a24f6b02ed8d0dde933a715be1c86f01977bf610Timo Sirainen    bool disconnected:1;
bbce20cb4e5739e9a06058cf8ee1f38a7f6884f6Timo Sirainen    bool destroyed:1;
bbce20cb4e5739e9a06058cf8ee1f38a7f6884f6Timo Sirainen    bool input_blocked:1;
02a3001389237da331e70c1cf7c85ebc9cf94888Timo Sirainen    bool login_success:1;
bbce20cb4e5739e9a06058cf8ee1f38a7f6884f6Timo Sirainen    bool no_extra_disconnect_reason:1;
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen    bool starttls:1;
bbce20cb4e5739e9a06058cf8ee1f38a7f6884f6Timo Sirainen    bool tls:1;
bbce20cb4e5739e9a06058cf8ee1f38a7f6884f6Timo Sirainen    bool proxied_ssl:1;
bbce20cb4e5739e9a06058cf8ee1f38a7f6884f6Timo Sirainen    bool secured:1;
a24f6b02ed8d0dde933a715be1c86f01977bf610Timo Sirainen    bool ssl_secured:1;
bbce20cb4e5739e9a06058cf8ee1f38a7f6884f6Timo Sirainen    bool trusted:1;
a24f6b02ed8d0dde933a715be1c86f01977bf610Timo Sirainen    bool ssl_servername_settings_read:1;
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen    bool banner_sent:1;
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen    bool authenticating:1;
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen    bool auth_try_aborted:1;
a24f6b02ed8d0dde933a715be1c86f01977bf610Timo Sirainen    bool auth_initializing:1;
a24f6b02ed8d0dde933a715be1c86f01977bf610Timo Sirainen    bool auth_process_comm_fail:1;
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen    bool proxy_auth_failed:1;
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen    bool proxy_nopipelining:1;
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen    bool proxy_not_trusted:1;
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen    bool auth_waiting:1;
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen    bool notified_auth_ready:1;
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen    bool notified_disconnect:1;
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen    bool fd_proxying:1;
f2786c07cbd4a7a0a6a46c3e06dc4545aaf2f278Timo Sirainen    /* ... */
fadd878cd6098f5b873c21c121209a922679dae4Timo Sirainen};
f2786c07cbd4a7a0a6a46c3e06dc4545aaf2f278Timo Sirainen
a050ca9def13949dbaa67bd6574a41c4f397ae26Timo Sirainenunion login_client_module_context {
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen    struct client_vfuncs super;
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen    struct login_module_register *reg;
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen};
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainenstruct login_client_hooks {
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen    void (*client_allocated)(struct client *client);
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen};
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainenextern struct client *clients;
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainentypedef void login_client_allocated_func_t(struct client *client);
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainenvoid login_client_hooks_add(struct module *module,
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen                const struct login_client_hooks *hooks);
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainenvoid login_client_hooks_remove(const struct login_client_hooks *hooks);
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainenstruct client *
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainenclient_alloc(int fd, pool_t pool,
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen         const struct master_service_connection *conn,
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen         const struct login_settings *set,
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen         const struct master_service_ssl_settings *ssl_set);
c1d45cada20777e1973579d40d0ebe43f89bb053Timo Sirainenvoid client_init(struct client *client, void **other_sets);
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainenvoid client_disconnect(struct client *client, const char *reason);
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainenvoid client_destroy(struct client *client, const char *reason);
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen/* Destroy the client after a successful login. Either the client fd was
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen   sent to the post-login process, or the connection will be proxied. */
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainenvoid client_destroy_success(struct client *client, const char *reason);
6ef7e31619edfaa17ed044b45861d106a86191efTimo Sirainen
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainenvoid client_ref(struct client *client);
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainenbool client_unref(struct client **client) ATTR_NOWARN_UNUSED_RESULT;
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainenint client_init_ssl(struct client *client);
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainenvoid client_cmd_starttls(struct client *client);
a8012fea2a7315033bc467acbf46be8e7323318cTimo Sirainen
a8012fea2a7315033bc467acbf46be8e7323318cTimo Sirainenint client_get_plaintext_fd(struct client *client, int *fd_r, bool *close_fd_r);
a8012fea2a7315033bc467acbf46be8e7323318cTimo Sirainen
834b90e1f426d1e3308670e09c050bcdea546eb8Timo Sirainenunsigned int clients_get_count(void) ATTR_PURE;
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainenunsigned int clients_get_fd_proxies_count(void);
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainenstruct client *clients_get_first_fd_proxy(void);
0add8c99ca65e56dbf613595fc37c41aafff3f7fTimo Sirainen
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainenvoid client_add_forward_field(struct client *client, const char *key,
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen                  const char *value);
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainenvoid client_set_title(struct client *client);
a942db367328a91e3a0b6c810bb8abbcb7663707Timo Sirainenvoid client_log(struct client *client, const char *msg);
44ff75ca53188056ff5a3e50428e3f2078800b3cTimo Sirainenvoid client_log_err(struct client *client, const char *msg);
f1e1d821d93e4a1dc6ed8f23febde868b5d64cd5Timo Sirainenvoid client_log_warn(struct client *client, const char *msg);
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainenconst char *client_get_extra_disconnect_reason(struct client *client);
f2786c07cbd4a7a0a6a46c3e06dc4545aaf2f278Timo Sirainen
f2786c07cbd4a7a0a6a46c3e06dc4545aaf2f278Timo Sirainenvoid client_auth_respond(struct client *client, const char *response);
f2786c07cbd4a7a0a6a46c3e06dc4545aaf2f278Timo Sirainenvoid client_auth_abort(struct client *client);
fadd878cd6098f5b873c21c121209a922679dae4Timo Sirainenbool client_is_tls_enabled(struct client *client);
fadd878cd6098f5b873c21c121209a922679dae4Timo Sirainenvoid client_auth_fail(struct client *client, const char *text);
fadd878cd6098f5b873c21c121209a922679dae4Timo Sirainenconst char *client_get_session_id(struct client *client);
f2786c07cbd4a7a0a6a46c3e06dc4545aaf2f278Timo Sirainen
f2786c07cbd4a7a0a6a46c3e06dc4545aaf2f278Timo Sirainenbool client_read(struct client *client);
f2786c07cbd4a7a0a6a46c3e06dc4545aaf2f278Timo Sirainen
fadd878cd6098f5b873c21c121209a922679dae4Timo Sirainenvoid client_input(struct client *client);
fadd878cd6098f5b873c21c121209a922679dae4Timo Sirainen
fadd878cd6098f5b873c21c121209a922679dae4Timo Sirainenstatic inline bool
fadd878cd6098f5b873c21c121209a922679dae4Timo Sirainenclient_does_custom_io(struct client *client)
fadd878cd6098f5b873c21c121209a922679dae4Timo Sirainen{
fadd878cd6098f5b873c21c121209a922679dae4Timo Sirainen    return (client->v.input == NULL);
fadd878cd6098f5b873c21c121209a922679dae4Timo Sirainen}
fadd878cd6098f5b873c21c121209a922679dae4Timo Sirainen
fadd878cd6098f5b873c21c121209a922679dae4Timo Sirainenvoid client_notify_auth_ready(struct client *client);
fadd878cd6098f5b873c21c121209a922679dae4Timo Sirainenvoid client_notify_status(struct client *client, bool bad, const char *text);
fadd878cd6098f5b873c21c121209a922679dae4Timo Sirainenvoid client_notify_disconnect(struct client *client,
fadd878cd6098f5b873c21c121209a922679dae4Timo Sirainen                  enum client_disconnect_reason reason,
d6f50f100ce17fa4b3a89e9567a5ff993b38b872Timo Sirainen                  const char *text);
0add8c99ca65e56dbf613595fc37c41aafff3f7fTimo Sirainen
fadd878cd6098f5b873c21c121209a922679dae4Timo Sirainenvoid client_send_raw_data(struct client *client, const void *data, size_t size);
fadd878cd6098f5b873c21c121209a922679dae4Timo Sirainenvoid client_send_raw(struct client *client, const char *data);
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainenvoid client_common_send_raw_data(struct client *client,
fadd878cd6098f5b873c21c121209a922679dae4Timo Sirainen                 const void *data, size_t size);
b7cf555b699d73f2d71de0dabc088af6a7be3627Timo Sirainenvoid client_common_default_free(struct client *client);
f1e1d821d93e4a1dc6ed8f23febde868b5d64cd5Timo Sirainen
f1e1d821d93e4a1dc6ed8f23febde868b5d64cd5Timo Sirainenvoid client_set_auth_waiting(struct client *client);
f1e1d821d93e4a1dc6ed8f23febde868b5d64cd5Timo Sirainenvoid client_auth_send_challenge(struct client *client, const char *data);
a24f6b02ed8d0dde933a715be1c86f01977bf610Timo Sirainenvoid client_auth_parse_response(struct client *client);
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainenint client_auth_begin(struct client *client, const char *mech_name,
f1e1d821d93e4a1dc6ed8f23febde868b5d64cd5Timo Sirainen              const char *init_resp);
f1e1d821d93e4a1dc6ed8f23febde868b5d64cd5Timo Sirainenbool client_check_plaintext_auth(struct client *client, bool pass_sent);
a24f6b02ed8d0dde933a715be1c86f01977bf610Timo Sirainenint client_auth_read_line(struct client *client);
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainenvoid client_proxy_finish_destroy_client(struct client *client);
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainenvoid client_proxy_log_failure(struct client *client, const char *line);
6eb30032b4a50c383dea4c9c74342d906de6ad36Timo Sirainenvoid client_proxy_failed(struct client *client, bool send_line);
a24f6b02ed8d0dde933a715be1c86f01977bf610Timo Sirainenconst char *client_proxy_get_state(struct client *client);
1175f27441385a7011629f295f42708f9a3a4ffcTimo Sirainen
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainenvoid clients_notify_auth_connected(void);
a942db367328a91e3a0b6c810bb8abbcb7663707Timo Sirainenvoid client_destroy_oldest(void);
44ff75ca53188056ff5a3e50428e3f2078800b3cTimo Sirainenvoid clients_destroy_all(void);
44ff75ca53188056ff5a3e50428e3f2078800b3cTimo Sirainenvoid clients_destroy_all_reason(const char *reason);
5a07b37a9df398b5189c14872a600384208ab74bTimo Sirainen
5a07b37a9df398b5189c14872a600384208ab74bTimo Sirainenvoid client_destroy_fd_proxies(void);
5a07b37a9df398b5189c14872a600384208ab74bTimo Sirainenvoid client_common_init(void);
5a07b37a9df398b5189c14872a600384208ab74bTimo Sirainenvoid client_common_deinit(void);
5a07b37a9df398b5189c14872a600384208ab74bTimo Sirainen
5a07b37a9df398b5189c14872a600384208ab74bTimo Sirainen#endif
5a07b37a9df398b5189c14872a600384208ab74bTimo Sirainen