src/login-common/client-common.h

	client-common.h revision 38cb3d139aefb7c65919cf4aba5ded7b5fd50e6f
2454dfa32c93c20a8522c6ed42fe057baaac9f9aStephan Bosch#ifndef CLIENT_COMMON_H
02b32cf39a098edf60981fc228e4b034f11f3b90Timo Sirainen#define CLIENT_COMMON_H
02b32cf39a098edf60981fc228e4b034f11f3b90Timo Sirainen
b5ff746939712c6a9bef71405fa786d5471cf177Timo Sirainen#include "network.h"
02b32cf39a098edf60981fc228e4b034f11f3b90Timo Sirainen#include "login-proxy.h"
4a7e04d325db0c03f575f98f045246fceb0de279Timo Sirainen#include "sasl-server.h"
02b32cf39a098edf60981fc228e4b034f11f3b90Timo Sirainen
4eb418849d5c6bf77b2721e4e6aef2e97deaa197Timo Sirainen/* max. size of input buffer. this means:
b5ff746939712c6a9bef71405fa786d5471cf177Timo Sirainen
d9fdacd5fb3e07997e5c389739d2054f0c8441d8Timo Sirainen   IMAP: Max. length of a single parameter
d9fdacd5fb3e07997e5c389739d2054f0c8441d8Timo Sirainen   POP3: Max. length of a command line (spec says 512 would be enough)
d9fdacd5fb3e07997e5c389739d2054f0c8441d8Timo Sirainen*/
9e86ad9eb313004cd4c8b5427daeb4c241b57af6Timo Sirainen#define LOGIN_MAX_INBUF_SIZE 1024
d9fdacd5fb3e07997e5c389739d2054f0c8441d8Timo Sirainen/* max. size of output buffer. if it gets full, the client is disconnected.
d9fdacd5fb3e07997e5c389739d2054f0c8441d8Timo Sirainen   SASL authentication gives the largest output. */
d9fdacd5fb3e07997e5c389739d2054f0c8441d8Timo Sirainen#define LOGIN_MAX_OUTBUF_SIZE 4096
d9fdacd5fb3e07997e5c389739d2054f0c8441d8Timo Sirainen
1ea0aa8e14e843f2776746776a429b0a1aae299dTimo Sirainen/* Disconnect client after this many milliseconds if it hasn't managed
d9fdacd5fb3e07997e5c389739d2054f0c8441d8Timo Sirainen   to log in yet. */
d9fdacd5fb3e07997e5c389739d2054f0c8441d8Timo Sirainen#define CLIENT_LOGIN_TIMEOUT_MSECS (MASTER_LOGIN_TIMEOUT_SECS*1000)
68332e3a49dea15013aa8f4daa16b5e07eb3d543Timo Sirainen
d9fdacd5fb3e07997e5c389739d2054f0c8441d8Timo Sirainen#define AUTH_SERVER_WAITING_MSG \
48f78a48f2e1cf299026544444666471ae16ad97Timo Sirainen    "Waiting for authentication process to respond.."
4a7e04d325db0c03f575f98f045246fceb0de279Timo Sirainen#define AUTH_MASTER_WAITING_MSG \
4a7e04d325db0c03f575f98f045246fceb0de279Timo Sirainen    "Waiting for authentication master process to respond.."
f83fd83f9c6708d198748e714aa947cad9362c02Timo Sirainen
4a7e04d325db0c03f575f98f045246fceb0de279Timo Sirainenenum client_cmd_reply {
1ea0aa8e14e843f2776746776a429b0a1aae299dTimo Sirainen    CLIENT_CMD_REPLY_OK,
1ea0aa8e14e843f2776746776a429b0a1aae299dTimo Sirainen    CLIENT_CMD_REPLY_AUTH_FAILED,
6e77746e501c2b45850b1c530836058ed75e09eeTimo Sirainen    CLIENT_CMD_REPLY_AUTHZ_FAILED,
6e77746e501c2b45850b1c530836058ed75e09eeTimo Sirainen    CLIENT_CMD_REPLY_AUTH_FAIL_TEMP,
6e77746e501c2b45850b1c530836058ed75e09eeTimo Sirainen    CLIENT_CMD_REPLY_AUTH_FAIL_REASON,
6e77746e501c2b45850b1c530836058ed75e09eeTimo Sirainen    CLIENT_CMD_REPLY_AUTH_FAIL_NOSSL,
6e77746e501c2b45850b1c530836058ed75e09eeTimo Sirainen    CLIENT_CMD_REPLY_BAD,
6e77746e501c2b45850b1c530836058ed75e09eeTimo Sirainen    CLIENT_CMD_REPLY_BYE,
6e77746e501c2b45850b1c530836058ed75e09eeTimo Sirainen    CLIENT_CMD_REPLY_STATUS,
6e77746e501c2b45850b1c530836058ed75e09eeTimo Sirainen    CLIENT_CMD_REPLY_STATUS_BAD
6e77746e501c2b45850b1c530836058ed75e09eeTimo Sirainen};
6e77746e501c2b45850b1c530836058ed75e09eeTimo Sirainen
6e77746e501c2b45850b1c530836058ed75e09eeTimo Sirainenstruct client_auth_reply {
6e77746e501c2b45850b1c530836058ed75e09eeTimo Sirainen    const char *master_user, *reason;
6e77746e501c2b45850b1c530836058ed75e09eeTimo Sirainen    /* for proxying */
8c8f7ac580b661aee3d8b8dd37df4a9b41c77000Timo Sirainen    const char *host, *destuser, *password;
8c8f7ac580b661aee3d8b8dd37df4a9b41c77000Timo Sirainen    unsigned int port;
8c8f7ac580b661aee3d8b8dd37df4a9b41c77000Timo Sirainen    unsigned int proxy_timeout_msecs;
8c8f7ac580b661aee3d8b8dd37df4a9b41c77000Timo Sirainen    unsigned int proxy_refresh_secs;
8c8f7ac580b661aee3d8b8dd37df4a9b41c77000Timo Sirainen    enum login_proxy_ssl_flags ssl_flags;
8c8f7ac580b661aee3d8b8dd37df4a9b41c77000Timo Sirainen
8c8f7ac580b661aee3d8b8dd37df4a9b41c77000Timo Sirainen    unsigned int proxy:1;
8c8f7ac580b661aee3d8b8dd37df4a9b41c77000Timo Sirainen    unsigned int temp:1;
8c8f7ac580b661aee3d8b8dd37df4a9b41c77000Timo Sirainen    unsigned int nologin:1;
8c8f7ac580b661aee3d8b8dd37df4a9b41c77000Timo Sirainen    unsigned int authz_failure:1;
8c8f7ac580b661aee3d8b8dd37df4a9b41c77000Timo Sirainen};
8c8f7ac580b661aee3d8b8dd37df4a9b41c77000Timo Sirainen
8c8f7ac580b661aee3d8b8dd37df4a9b41c77000Timo Sirainenstruct client_vfuncs {
d9fdacd5fb3e07997e5c389739d2054f0c8441d8Timo Sirainen    struct client *(*alloc)(pool_t pool);
d9fdacd5fb3e07997e5c389739d2054f0c8441d8Timo Sirainen    void (*create)(struct client *client, void **other_sets);
d9fdacd5fb3e07997e5c389739d2054f0c8441d8Timo Sirainen    void (*destroy)(struct client *client);
48f78a48f2e1cf299026544444666471ae16ad97Timo Sirainen    void (*send_greeting)(struct client *client);
d9fdacd5fb3e07997e5c389739d2054f0c8441d8Timo Sirainen    void (*starttls)(struct client *client);
48f78a48f2e1cf299026544444666471ae16ad97Timo Sirainen    void (*input)(struct client *client);
48f78a48f2e1cf299026544444666471ae16ad97Timo Sirainen    void (*send_line)(struct client *client, enum client_cmd_reply reply,
0dc7891233a973829f00371b27810f849b987c66Timo Sirainen              const char *text);
0dc7891233a973829f00371b27810f849b987c66Timo Sirainen    bool (*auth_handle_reply)(struct client *client,
0dc7891233a973829f00371b27810f849b987c66Timo Sirainen                  const struct client_auth_reply *reply);
0dc7891233a973829f00371b27810f849b987c66Timo Sirainen    void (*auth_send_challenge)(struct client *client, const char *data);
0dc7891233a973829f00371b27810f849b987c66Timo Sirainen    int (*auth_parse_response)(struct client *client);
0dc7891233a973829f00371b27810f849b987c66Timo Sirainen    void (*proxy_reset)(struct client *client);
0dc7891233a973829f00371b27810f849b987c66Timo Sirainen    int (*proxy_parse_line)(struct client *client, const char *line);
0dc7891233a973829f00371b27810f849b987c66Timo Sirainen};
b5ff746939712c6a9bef71405fa786d5471cf177Timo Sirainen
b5ff746939712c6a9bef71405fa786d5471cf177Timo Sirainenstruct client {
b5ff746939712c6a9bef71405fa786d5471cf177Timo Sirainen    struct client *prev, *next;
b5ff746939712c6a9bef71405fa786d5471cf177Timo Sirainen    pool_t pool;
b5ff746939712c6a9bef71405fa786d5471cf177Timo Sirainen    struct client_vfuncs v;
efe78d3ba24fc866af1c79b9223dc0809ba26cadStephan Bosch
b5ff746939712c6a9bef71405fa786d5471cf177Timo Sirainen    time_t created;
b5ff746939712c6a9bef71405fa786d5471cf177Timo Sirainen    int refcount;
b5ff746939712c6a9bef71405fa786d5471cf177Timo Sirainen
b5ff746939712c6a9bef71405fa786d5471cf177Timo Sirainen    struct ip_addr local_ip;
b5ff746939712c6a9bef71405fa786d5471cf177Timo Sirainen    struct ip_addr ip;
b5ff746939712c6a9bef71405fa786d5471cf177Timo Sirainen    unsigned int local_port, remote_port;
b5ff746939712c6a9bef71405fa786d5471cf177Timo Sirainen    struct ssl_proxy *ssl_proxy;
b5ff746939712c6a9bef71405fa786d5471cf177Timo Sirainen    const struct login_settings *set;
b5ff746939712c6a9bef71405fa786d5471cf177Timo Sirainen
b5ff746939712c6a9bef71405fa786d5471cf177Timo Sirainen    int fd;
b5ff746939712c6a9bef71405fa786d5471cf177Timo Sirainen    struct istream *input;
b5ff746939712c6a9bef71405fa786d5471cf177Timo Sirainen    struct ostream *output;
b5ff746939712c6a9bef71405fa786d5471cf177Timo Sirainen    struct io *io;
b5ff746939712c6a9bef71405fa786d5471cf177Timo Sirainen    struct timeout *to_auth_waiting;
b5ff746939712c6a9bef71405fa786d5471cf177Timo Sirainen    struct timeout *to_disconnect;
b5ff746939712c6a9bef71405fa786d5471cf177Timo Sirainen
b5ff746939712c6a9bef71405fa786d5471cf177Timo Sirainen    unsigned char *master_data_prefix;
b5ff746939712c6a9bef71405fa786d5471cf177Timo Sirainen    unsigned int master_data_prefix_len;
b5ff746939712c6a9bef71405fa786d5471cf177Timo Sirainen
b5ff746939712c6a9bef71405fa786d5471cf177Timo Sirainen    struct login_proxy *login_proxy;
b5ff746939712c6a9bef71405fa786d5471cf177Timo Sirainen    char *proxy_user, *proxy_master_user, *proxy_password;
b5ff746939712c6a9bef71405fa786d5471cf177Timo Sirainen    unsigned int proxy_state;
b5ff746939712c6a9bef71405fa786d5471cf177Timo Sirainen
b5ff746939712c6a9bef71405fa786d5471cf177Timo Sirainen    char *auth_mech_name;
b5ff746939712c6a9bef71405fa786d5471cf177Timo Sirainen    struct auth_client_request *auth_request;
b5ff746939712c6a9bef71405fa786d5471cf177Timo Sirainen    string_t *auth_response;
b5ff746939712c6a9bef71405fa786d5471cf177Timo Sirainen
d9a7e950a9cd21f2b4a90ec7759fca9e8fcc7995Timo Sirainen    unsigned int master_auth_id;
b5ff746939712c6a9bef71405fa786d5471cf177Timo Sirainen    unsigned int master_tag;
b5ff746939712c6a9bef71405fa786d5471cf177Timo Sirainen    sasl_server_callback_t *sasl_callback;
b5ff746939712c6a9bef71405fa786d5471cf177Timo Sirainen
b5ff746939712c6a9bef71405fa786d5471cf177Timo Sirainen    unsigned int bad_counter;
b5ff746939712c6a9bef71405fa786d5471cf177Timo Sirainen    unsigned int auth_attempts;
b5ff746939712c6a9bef71405fa786d5471cf177Timo Sirainen    pid_t mail_pid;
b5ff746939712c6a9bef71405fa786d5471cf177Timo Sirainen
b5ff746939712c6a9bef71405fa786d5471cf177Timo Sirainen    char *virtual_user;
b5ff746939712c6a9bef71405fa786d5471cf177Timo Sirainen    unsigned int destroyed:1;
b5ff746939712c6a9bef71405fa786d5471cf177Timo Sirainen    unsigned int input_blocked:1;
b5ff746939712c6a9bef71405fa786d5471cf177Timo Sirainen    unsigned int login_success:1;
b5ff746939712c6a9bef71405fa786d5471cf177Timo Sirainen    unsigned int greeting_sent:1;
b5ff746939712c6a9bef71405fa786d5471cf177Timo Sirainen    unsigned int starttls:1;
b5ff746939712c6a9bef71405fa786d5471cf177Timo Sirainen    unsigned int tls:1;
b5ff746939712c6a9bef71405fa786d5471cf177Timo Sirainen    unsigned int secured:1;
b5ff746939712c6a9bef71405fa786d5471cf177Timo Sirainen    unsigned int trusted:1;
b5ff746939712c6a9bef71405fa786d5471cf177Timo Sirainen    unsigned int authenticating:1;
14cac26dcb71108abfdc95ea524e74be1f95774cPhil Carmody    unsigned int auth_tried_disabled_plaintext:1;
14cac26dcb71108abfdc95ea524e74be1f95774cPhil Carmody    unsigned int auth_tried_unsupported_mech:1;
14cac26dcb71108abfdc95ea524e74be1f95774cPhil Carmody    unsigned int auth_try_aborted:1;
b5ff746939712c6a9bef71405fa786d5471cf177Timo Sirainen    unsigned int auth_initializing:1;
b5ff746939712c6a9bef71405fa786d5471cf177Timo Sirainen    /* ... */
b5ff746939712c6a9bef71405fa786d5471cf177Timo Sirainen};
b5ff746939712c6a9bef71405fa786d5471cf177Timo Sirainen
b5ff746939712c6a9bef71405fa786d5471cf177Timo Sirainenextern struct client *clients;
b5ff746939712c6a9bef71405fa786d5471cf177Timo Sirainenextern struct client_vfuncs client_vfuncs;
b5ff746939712c6a9bef71405fa786d5471cf177Timo Sirainen
b5ff746939712c6a9bef71405fa786d5471cf177Timo Sirainenstruct client *
b5ff746939712c6a9bef71405fa786d5471cf177Timo Sirainenclient_create(int fd, bool ssl, pool_t pool,
b5ff746939712c6a9bef71405fa786d5471cf177Timo Sirainen          const struct login_settings *set, void **other_sets,
b5ff746939712c6a9bef71405fa786d5471cf177Timo Sirainen          const struct ip_addr *local_ip, const struct ip_addr *remote_ip);
b5ff746939712c6a9bef71405fa786d5471cf177Timo Sirainenvoid client_destroy(struct client *client, const char *reason);
b5ff746939712c6a9bef71405fa786d5471cf177Timo Sirainenvoid client_destroy_success(struct client *client, const char *reason);
b5ff746939712c6a9bef71405fa786d5471cf177Timo Sirainenvoid client_destroy_internal_failure(struct client *client);
b5ff746939712c6a9bef71405fa786d5471cf177Timo Sirainen
b5ff746939712c6a9bef71405fa786d5471cf177Timo Sirainenvoid client_ref(struct client *client);
b5ff746939712c6a9bef71405fa786d5471cf177Timo Sirainenbool client_unref(struct client **client);
b5ff746939712c6a9bef71405fa786d5471cf177Timo Sirainen
b5ff746939712c6a9bef71405fa786d5471cf177Timo Sirainenvoid client_cmd_starttls(struct client *client);
1107c86ff3fa4f29796c2e76134b78d0b4a0db50Timo Sirainen
1107c86ff3fa4f29796c2e76134b78d0b4a0db50Timo Sirainenunsigned int clients_get_count(void) ATTR_PURE;
b5ff746939712c6a9bef71405fa786d5471cf177Timo Sirainen
b5ff746939712c6a9bef71405fa786d5471cf177Timo Sirainenvoid client_set_title(struct client *client);
b5ff746939712c6a9bef71405fa786d5471cf177Timo Sirainenvoid client_log(struct client *client, const char *msg);
b5ff746939712c6a9bef71405fa786d5471cf177Timo Sirainenvoid client_log_err(struct client *client, const char *msg);
b5ff746939712c6a9bef71405fa786d5471cf177Timo Sirainenconst char *client_get_extra_disconnect_reason(struct client *client);
b5ff746939712c6a9bef71405fa786d5471cf177Timo Sirainenbool client_is_trusted(struct client *client);
b5ff746939712c6a9bef71405fa786d5471cf177Timo Sirainenvoid client_auth_failed(struct client *client);
b5ff746939712c6a9bef71405fa786d5471cf177Timo Sirainen
b5ff746939712c6a9bef71405fa786d5471cf177Timo Sirainenbool client_read(struct client *client);
b5ff746939712c6a9bef71405fa786d5471cf177Timo Sirainenvoid client_input(struct client *client);
b5ff746939712c6a9bef71405fa786d5471cf177Timo Sirainen
4eb418849d5c6bf77b2721e4e6aef2e97deaa197Timo Sirainenvoid client_send_line(struct client *client, enum client_cmd_reply reply,
4eb418849d5c6bf77b2721e4e6aef2e97deaa197Timo Sirainen              const char *text);
4eb418849d5c6bf77b2721e4e6aef2e97deaa197Timo Sirainenvoid client_send_raw_data(struct client *client, const void *data, size_t size);
4eb418849d5c6bf77b2721e4e6aef2e97deaa197Timo Sirainenvoid client_send_raw(struct client *client, const char *data);
4eb418849d5c6bf77b2721e4e6aef2e97deaa197Timo Sirainen
4eb418849d5c6bf77b2721e4e6aef2e97deaa197Timo Sirainenvoid client_set_auth_waiting(struct client *client);
a8b37b688ceaa3ed3d40b3ccbdba5bb75cfb64b0Timo Sirainenvoid client_auth_send_challenge(struct client *client, const char *data);
a8b37b688ceaa3ed3d40b3ccbdba5bb75cfb64b0Timo Sirainenint client_auth_parse_response(struct client *client);
4eb418849d5c6bf77b2721e4e6aef2e97deaa197Timo Sirainenint client_auth_begin(struct client *client, const char *mech_name,
4eb418849d5c6bf77b2721e4e6aef2e97deaa197Timo Sirainen              const char *init_resp);
d9fdacd5fb3e07997e5c389739d2054f0c8441d8Timo Sirainenbool client_check_plaintext_auth(struct client *client, bool pass_sent);
d9fdacd5fb3e07997e5c389739d2054f0c8441d8Timo Sirainen
0dc7891233a973829f00371b27810f849b987c66Timo Sirainenvoid client_proxy_finish_destroy_client(struct client *client);
02b32cf39a098edf60981fc228e4b034f11f3b90Timo Sirainenvoid client_proxy_log_failure(struct client *client, const char *line);
0dc7891233a973829f00371b27810f849b987c66Timo Sirainenvoid client_proxy_failed(struct client *client, bool send_line);
4eb418849d5c6bf77b2721e4e6aef2e97deaa197Timo Sirainen
d9fdacd5fb3e07997e5c389739d2054f0c8441d8Timo Sirainenvoid clients_notify_auth_connected(void);
02b32cf39a098edf60981fc228e4b034f11f3b90Timo Sirainenvoid client_destroy_oldest(void);
d9fdacd5fb3e07997e5c389739d2054f0c8441d8Timo Sirainenvoid clients_destroy_all(void);
02b32cf39a098edf60981fc228e4b034f11f3b90Timo Sirainen
4a7e04d325db0c03f575f98f045246fceb0de279Timo Sirainenvoid clients_init(void);
d9fdacd5fb3e07997e5c389739d2054f0c8441d8Timo Sirainenvoid clients_deinit(void);
4a7e04d325db0c03f575f98f045246fceb0de279Timo Sirainen
4a7e04d325db0c03f575f98f045246fceb0de279Timo Sirainen#endif
d9fdacd5fb3e07997e5c389739d2054f0c8441d8Timo Sirainen