src/login-common/client-common.h

	client-common.h revision 9f627b360ed38fdc54cb02ec5e67246c3f0d5b0f
76b43e4417bab52e913da39b5f5bc2a130d3f149Timo Sirainen#ifndef CLIENT_COMMON_H
503a863a317acba125a4e46435694e35fad769e4Timo Sirainen#define CLIENT_COMMON_H
503a863a317acba125a4e46435694e35fad769e4Timo Sirainen
503a863a317acba125a4e46435694e35fad769e4Timo Sirainen#include "network.h"
503a863a317acba125a4e46435694e35fad769e4Timo Sirainen#include "login-proxy.h"
503a863a317acba125a4e46435694e35fad769e4Timo Sirainen#include "sasl-server.h"
eb5ea3f4513ff2999892b8d904551f58b74f65f9Timo Sirainen
8d80659e504ffb34bb0c6a633184fece35751b18Timo Sirainen#define LOGIN_MAX_MASTER_PREFIX_LEN 128
503a863a317acba125a4e46435694e35fad769e4Timo Sirainen
eb5ea3f4513ff2999892b8d904551f58b74f65f9Timo Sirainen/* max. size of input buffer. this means:
503a863a317acba125a4e46435694e35fad769e4Timo Sirainen
503a863a317acba125a4e46435694e35fad769e4Timo Sirainen   IMAP: Max. length of command's all parameters. SASL-IR is read into
eb5ea3f4513ff2999892b8d904551f58b74f65f9Timo Sirainen         a separate larger buffer.
503a863a317acba125a4e46435694e35fad769e4Timo Sirainen   POP3: Max. length of a command line (spec says 512 would be enough)
503a863a317acba125a4e46435694e35fad769e4Timo Sirainen*/
503a863a317acba125a4e46435694e35fad769e4Timo Sirainen#define LOGIN_MAX_INBUF_SIZE \
503a863a317acba125a4e46435694e35fad769e4Timo Sirainen    (MASTER_AUTH_MAX_DATA_SIZE - LOGIN_MAX_MASTER_PREFIX_LEN)
503a863a317acba125a4e46435694e35fad769e4Timo Sirainen/* max. size of output buffer. if it gets full, the client is disconnected.
503a863a317acba125a4e46435694e35fad769e4Timo Sirainen   SASL authentication gives the largest output. */
503a863a317acba125a4e46435694e35fad769e4Timo Sirainen#define LOGIN_MAX_OUTBUF_SIZE 4096
503a863a317acba125a4e46435694e35fad769e4Timo Sirainen
503a863a317acba125a4e46435694e35fad769e4Timo Sirainen/* Max. length of SASL authentication buffer. */
503a863a317acba125a4e46435694e35fad769e4Timo Sirainen#define LOGIN_MAX_AUTH_BUF_SIZE 8192
503a863a317acba125a4e46435694e35fad769e4Timo Sirainen
503a863a317acba125a4e46435694e35fad769e4Timo Sirainen/* Disconnect client after this many milliseconds if it hasn't managed
503a863a317acba125a4e46435694e35fad769e4Timo Sirainen   to log in yet. */
503a863a317acba125a4e46435694e35fad769e4Timo Sirainen#define CLIENT_LOGIN_TIMEOUT_MSECS (MASTER_LOGIN_TIMEOUT_SECS*1000)
503a863a317acba125a4e46435694e35fad769e4Timo Sirainen
503a863a317acba125a4e46435694e35fad769e4Timo Sirainen#define AUTH_SERVER_WAITING_MSG \
355fe8b5d02904df39e793f66da5432d86649d4aTimo Sirainen    "Waiting for authentication process to respond.."
355fe8b5d02904df39e793f66da5432d86649d4aTimo Sirainen#define AUTH_MASTER_WAITING_MSG \
503a863a317acba125a4e46435694e35fad769e4Timo Sirainen    "Waiting for authentication master process to respond.."
503a863a317acba125a4e46435694e35fad769e4Timo Sirainen
503a863a317acba125a4e46435694e35fad769e4Timo Sirainenenum client_disconnect_reason {
503a863a317acba125a4e46435694e35fad769e4Timo Sirainen    CLIENT_DISCONNECT_TIMEOUT,
8d80659e504ffb34bb0c6a633184fece35751b18Timo Sirainen    CLIENT_DISCONNECT_SYSTEM_SHUTDOWN,
8d80659e504ffb34bb0c6a633184fece35751b18Timo Sirainen    CLIENT_DISCONNECT_RESOURCE_CONSTRAINT,
503a863a317acba125a4e46435694e35fad769e4Timo Sirainen    CLIENT_DISCONNECT_INTERNAL_ERROR
503a863a317acba125a4e46435694e35fad769e4Timo Sirainen};
503a863a317acba125a4e46435694e35fad769e4Timo Sirainen
503a863a317acba125a4e46435694e35fad769e4Timo Sirainenenum client_auth_result {
503a863a317acba125a4e46435694e35fad769e4Timo Sirainen    CLIENT_AUTH_RESULT_SUCCESS,
503a863a317acba125a4e46435694e35fad769e4Timo Sirainen    CLIENT_AUTH_RESULT_REFERRAL_SUCCESS,
8d80659e504ffb34bb0c6a633184fece35751b18Timo Sirainen    CLIENT_AUTH_RESULT_REFERRAL_NOLOGIN,
91dca97b367c54a139c268b56a0c67f564bd9197Timo Sirainen    CLIENT_AUTH_RESULT_ABORTED,
503a863a317acba125a4e46435694e35fad769e4Timo Sirainen    CLIENT_AUTH_RESULT_AUTHFAILED,
8d80659e504ffb34bb0c6a633184fece35751b18Timo Sirainen    CLIENT_AUTH_RESULT_AUTHFAILED_REASON,
503a863a317acba125a4e46435694e35fad769e4Timo Sirainen    CLIENT_AUTH_RESULT_AUTHZFAILED,
503a863a317acba125a4e46435694e35fad769e4Timo Sirainen    CLIENT_AUTH_RESULT_TEMPFAIL,
503a863a317acba125a4e46435694e35fad769e4Timo Sirainen    CLIENT_AUTH_RESULT_SSL_REQUIRED
503a863a317acba125a4e46435694e35fad769e4Timo Sirainen};
503a863a317acba125a4e46435694e35fad769e4Timo Sirainen
503a863a317acba125a4e46435694e35fad769e4Timo Sirainenstruct client_auth_reply {
503a863a317acba125a4e46435694e35fad769e4Timo Sirainen    const char *master_user, *reason;
503a863a317acba125a4e46435694e35fad769e4Timo Sirainen    /* for proxying */
503a863a317acba125a4e46435694e35fad769e4Timo Sirainen    const char *host, *destuser, *password;
503a863a317acba125a4e46435694e35fad769e4Timo Sirainen    unsigned int port;
503a863a317acba125a4e46435694e35fad769e4Timo Sirainen    unsigned int proxy_timeout_msecs;
503a863a317acba125a4e46435694e35fad769e4Timo Sirainen    unsigned int proxy_refresh_secs;
503a863a317acba125a4e46435694e35fad769e4Timo Sirainen    enum login_proxy_ssl_flags ssl_flags;
503a863a317acba125a4e46435694e35fad769e4Timo Sirainen
503a863a317acba125a4e46435694e35fad769e4Timo Sirainen    unsigned int proxy:1;
503a863a317acba125a4e46435694e35fad769e4Timo Sirainen    unsigned int temp:1;
503a863a317acba125a4e46435694e35fad769e4Timo Sirainen    unsigned int nologin:1;
503a863a317acba125a4e46435694e35fad769e4Timo Sirainen    unsigned int authz_failure:1;
503a863a317acba125a4e46435694e35fad769e4Timo Sirainen};
503a863a317acba125a4e46435694e35fad769e4Timo Sirainen
503a863a317acba125a4e46435694e35fad769e4Timo Sirainenstruct client_vfuncs {
503a863a317acba125a4e46435694e35fad769e4Timo Sirainen    struct client *(*alloc)(pool_t pool);
503a863a317acba125a4e46435694e35fad769e4Timo Sirainen    void (*create)(struct client *client, void **other_sets);
503a863a317acba125a4e46435694e35fad769e4Timo Sirainen    void (*destroy)(struct client *client);
503a863a317acba125a4e46435694e35fad769e4Timo Sirainen    void (*notify_auth_ready)(struct client *client);
503a863a317acba125a4e46435694e35fad769e4Timo Sirainen    void (*notify_disconnect)(struct client *client,
503a863a317acba125a4e46435694e35fad769e4Timo Sirainen                  enum client_disconnect_reason reason,
503a863a317acba125a4e46435694e35fad769e4Timo Sirainen                  const char *text);
503a863a317acba125a4e46435694e35fad769e4Timo Sirainen    void (*notify_status)(struct client *client,
503a863a317acba125a4e46435694e35fad769e4Timo Sirainen                  bool bad, const char *text);
355fe8b5d02904df39e793f66da5432d86649d4aTimo Sirainen    void (*notify_starttls)(struct client *client,
503a863a317acba125a4e46435694e35fad769e4Timo Sirainen                bool success, const char *text);
503a863a317acba125a4e46435694e35fad769e4Timo Sirainen    void (*starttls)(struct client *client);
503a863a317acba125a4e46435694e35fad769e4Timo Sirainen    void (*input)(struct client *client);
503a863a317acba125a4e46435694e35fad769e4Timo Sirainen    void (*auth_send_challenge)(struct client *client, const char *data);
503a863a317acba125a4e46435694e35fad769e4Timo Sirainen    void (*auth_parse_response)(struct client *client);
503a863a317acba125a4e46435694e35fad769e4Timo Sirainen    void (*auth_result)(struct client *client,
503a863a317acba125a4e46435694e35fad769e4Timo Sirainen                enum client_auth_result result,
503a863a317acba125a4e46435694e35fad769e4Timo Sirainen                const struct client_auth_reply *reply,
503a863a317acba125a4e46435694e35fad769e4Timo Sirainen                const char *text);
503a863a317acba125a4e46435694e35fad769e4Timo Sirainen    void (*proxy_reset)(struct client *client);
503a863a317acba125a4e46435694e35fad769e4Timo Sirainen    int (*proxy_parse_line)(struct client *client, const char *line);
503a863a317acba125a4e46435694e35fad769e4Timo Sirainen    void (*proxy_error)(struct client *client, const char *text);
503a863a317acba125a4e46435694e35fad769e4Timo Sirainen};
503a863a317acba125a4e46435694e35fad769e4Timo Sirainen
503a863a317acba125a4e46435694e35fad769e4Timo Sirainenstruct client {
503a863a317acba125a4e46435694e35fad769e4Timo Sirainen    struct client *prev, *next;
503a863a317acba125a4e46435694e35fad769e4Timo Sirainen    pool_t pool;
503a863a317acba125a4e46435694e35fad769e4Timo Sirainen    struct client_vfuncs v;
503a863a317acba125a4e46435694e35fad769e4Timo Sirainen
503a863a317acba125a4e46435694e35fad769e4Timo Sirainen    time_t created;
503a863a317acba125a4e46435694e35fad769e4Timo Sirainen    int refcount;
503a863a317acba125a4e46435694e35fad769e4Timo Sirainen
503a863a317acba125a4e46435694e35fad769e4Timo Sirainen    struct ip_addr local_ip;
605eca549c08af753e05c25937bcccd66079c321Timo Sirainen    struct ip_addr ip;
605eca549c08af753e05c25937bcccd66079c321Timo Sirainen    unsigned int local_port, remote_port;
605eca549c08af753e05c25937bcccd66079c321Timo Sirainen    struct ssl_proxy *ssl_proxy;
355fe8b5d02904df39e793f66da5432d86649d4aTimo Sirainen    const struct login_settings *set;
355fe8b5d02904df39e793f66da5432d86649d4aTimo Sirainen
355fe8b5d02904df39e793f66da5432d86649d4aTimo Sirainen    int fd;
355fe8b5d02904df39e793f66da5432d86649d4aTimo Sirainen    struct istream *input;
355fe8b5d02904df39e793f66da5432d86649d4aTimo Sirainen    struct ostream *output;
355fe8b5d02904df39e793f66da5432d86649d4aTimo Sirainen    struct io *io;
355fe8b5d02904df39e793f66da5432d86649d4aTimo Sirainen    struct timeout *to_auth_waiting;
355fe8b5d02904df39e793f66da5432d86649d4aTimo Sirainen    struct timeout *to_disconnect;
355fe8b5d02904df39e793f66da5432d86649d4aTimo Sirainen
355fe8b5d02904df39e793f66da5432d86649d4aTimo Sirainen    unsigned char *master_data_prefix;
355fe8b5d02904df39e793f66da5432d86649d4aTimo Sirainen    unsigned int master_data_prefix_len;
355fe8b5d02904df39e793f66da5432d86649d4aTimo Sirainen
355fe8b5d02904df39e793f66da5432d86649d4aTimo Sirainen    struct login_proxy *login_proxy;
355fe8b5d02904df39e793f66da5432d86649d4aTimo Sirainen    char *proxy_user, *proxy_master_user, *proxy_password;
355fe8b5d02904df39e793f66da5432d86649d4aTimo Sirainen    unsigned int proxy_state;
355fe8b5d02904df39e793f66da5432d86649d4aTimo Sirainen
355fe8b5d02904df39e793f66da5432d86649d4aTimo Sirainen    char *auth_mech_name;
355fe8b5d02904df39e793f66da5432d86649d4aTimo Sirainen    struct auth_client_request *auth_request;
355fe8b5d02904df39e793f66da5432d86649d4aTimo Sirainen    string_t *auth_response;
355fe8b5d02904df39e793f66da5432d86649d4aTimo Sirainen    time_t auth_first_started;
355fe8b5d02904df39e793f66da5432d86649d4aTimo Sirainen    const char *sasl_final_resp;
355fe8b5d02904df39e793f66da5432d86649d4aTimo Sirainen
355fe8b5d02904df39e793f66da5432d86649d4aTimo Sirainen    unsigned int master_auth_id;
355fe8b5d02904df39e793f66da5432d86649d4aTimo Sirainen    unsigned int master_tag;
355fe8b5d02904df39e793f66da5432d86649d4aTimo Sirainen    sasl_server_callback_t *sasl_callback;
355fe8b5d02904df39e793f66da5432d86649d4aTimo Sirainen
355fe8b5d02904df39e793f66da5432d86649d4aTimo Sirainen    unsigned int bad_counter;
355fe8b5d02904df39e793f66da5432d86649d4aTimo Sirainen    unsigned int auth_attempts, auth_successes;
355fe8b5d02904df39e793f66da5432d86649d4aTimo Sirainen    pid_t mail_pid;
355fe8b5d02904df39e793f66da5432d86649d4aTimo Sirainen
355fe8b5d02904df39e793f66da5432d86649d4aTimo Sirainen    char *virtual_user;
355fe8b5d02904df39e793f66da5432d86649d4aTimo Sirainen    unsigned int destroyed:1;
355fe8b5d02904df39e793f66da5432d86649d4aTimo Sirainen    unsigned int input_blocked:1;
355fe8b5d02904df39e793f66da5432d86649d4aTimo Sirainen    unsigned int login_success:1;
605eca549c08af753e05c25937bcccd66079c321Timo Sirainen    unsigned int starttls:1;
605eca549c08af753e05c25937bcccd66079c321Timo Sirainen    unsigned int tls:1;
6646bd844c85d5b27451199d8868b6d2357cd293Timo Sirainen    unsigned int secured:1;
6646bd844c85d5b27451199d8868b6d2357cd293Timo Sirainen    unsigned int trusted:1;
6646bd844c85d5b27451199d8868b6d2357cd293Timo Sirainen    unsigned int ssl_servername_settings_read:1;
6646bd844c85d5b27451199d8868b6d2357cd293Timo Sirainen    unsigned int authenticating:1;
6646bd844c85d5b27451199d8868b6d2357cd293Timo Sirainen    unsigned int auth_tried_disabled_plaintext:1;
6646bd844c85d5b27451199d8868b6d2357cd293Timo Sirainen    unsigned int auth_tried_unsupported_mech:1;
6646bd844c85d5b27451199d8868b6d2357cd293Timo Sirainen    unsigned int auth_try_aborted:1;
6646bd844c85d5b27451199d8868b6d2357cd293Timo Sirainen    unsigned int auth_initializing:1;
6646bd844c85d5b27451199d8868b6d2357cd293Timo Sirainen    unsigned int auth_process_comm_fail:1;
6646bd844c85d5b27451199d8868b6d2357cd293Timo Sirainen    unsigned int proxy_auth_failed:1;
6646bd844c85d5b27451199d8868b6d2357cd293Timo Sirainen    unsigned int auth_waiting:1;
6646bd844c85d5b27451199d8868b6d2357cd293Timo Sirainen    unsigned int notified_auth_ready:1;
6646bd844c85d5b27451199d8868b6d2357cd293Timo Sirainen    unsigned int notified_disconnect:1;
6646bd844c85d5b27451199d8868b6d2357cd293Timo Sirainen    /* ... */
6646bd844c85d5b27451199d8868b6d2357cd293Timo Sirainen};
6646bd844c85d5b27451199d8868b6d2357cd293Timo Sirainen
1d3f7c1278168d5b1cbfa9a2cc9929a0909056b4Timo Sirainenextern struct client *clients;
503a863a317acba125a4e46435694e35fad769e4Timo Sirainen
503a863a317acba125a4e46435694e35fad769e4Timo Sirainenstruct client *
503a863a317acba125a4e46435694e35fad769e4Timo Sirainenclient_create(int fd, bool ssl, pool_t pool,
503a863a317acba125a4e46435694e35fad769e4Timo Sirainen          const struct login_settings *set, void **other_sets,
503a863a317acba125a4e46435694e35fad769e4Timo Sirainen          const struct ip_addr *local_ip, const struct ip_addr *remote_ip);
1d3f7c1278168d5b1cbfa9a2cc9929a0909056b4Timo Sirainenvoid client_destroy(struct client *client, const char *reason);
503a863a317acba125a4e46435694e35fad769e4Timo Sirainenvoid client_destroy_success(struct client *client, const char *reason);
8d80659e504ffb34bb0c6a633184fece35751b18Timo Sirainenvoid client_destroy_internal_failure(struct client *client);
e8ecd8f24ffc612f5d0be10f7931ac619f1eab88Timo Sirainen
1d3f7c1278168d5b1cbfa9a2cc9929a0909056b4Timo Sirainenvoid client_ref(struct client *client);
503a863a317acba125a4e46435694e35fad769e4Timo Sirainenbool client_unref(struct client **client);
503a863a317acba125a4e46435694e35fad769e4Timo Sirainen
503a863a317acba125a4e46435694e35fad769e4Timo Sirainenvoid client_cmd_starttls(struct client *client);
503a863a317acba125a4e46435694e35fad769e4Timo Sirainen
1d3f7c1278168d5b1cbfa9a2cc9929a0909056b4Timo Sirainenunsigned int clients_get_count(void) ATTR_PURE;
503a863a317acba125a4e46435694e35fad769e4Timo Sirainen
503a863a317acba125a4e46435694e35fad769e4Timo Sirainenvoid client_set_title(struct client *client);
503a863a317acba125a4e46435694e35fad769e4Timo Sirainenvoid client_log(struct client *client, const char *msg);
e262f3aa3429dbc74f668bc8bd501cf08b955778Timo Sirainenvoid client_log_err(struct client *client, const char *msg);
e262f3aa3429dbc74f668bc8bd501cf08b955778Timo Sirainenvoid client_log_warn(struct client *client, const char *msg);
e262f3aa3429dbc74f668bc8bd501cf08b955778Timo Sirainenconst char *client_get_extra_disconnect_reason(struct client *client);
e262f3aa3429dbc74f668bc8bd501cf08b955778Timo Sirainenbool client_is_trusted(struct client *client);
1d3f7c1278168d5b1cbfa9a2cc9929a0909056b4Timo Sirainen
503a863a317acba125a4e46435694e35fad769e4Timo Sirainenvoid client_auth_respond(struct client *client, const char *response);
503a863a317acba125a4e46435694e35fad769e4Timo Sirainenvoid client_auth_abort(struct client *client);
503a863a317acba125a4e46435694e35fad769e4Timo Sirainenvoid client_auth_fail(struct client *client, const char *text);
e262f3aa3429dbc74f668bc8bd501cf08b955778Timo Sirainen
e262f3aa3429dbc74f668bc8bd501cf08b955778Timo Sirainenbool client_read(struct client *client);
e262f3aa3429dbc74f668bc8bd501cf08b955778Timo Sirainenvoid client_input(struct client *client);
e262f3aa3429dbc74f668bc8bd501cf08b955778Timo Sirainen
1d3f7c1278168d5b1cbfa9a2cc9929a0909056b4Timo Sirainenvoid client_notify_auth_ready(struct client *client);
503a863a317acba125a4e46435694e35fad769e4Timo Sirainenvoid client_notify_status(struct client *client, bool bad, const char *text);
503a863a317acba125a4e46435694e35fad769e4Timo Sirainenvoid client_notify_disconnect(struct client *client,
503a863a317acba125a4e46435694e35fad769e4Timo Sirainen                  enum client_disconnect_reason reason,
503a863a317acba125a4e46435694e35fad769e4Timo Sirainen                  const char *text);
503a863a317acba125a4e46435694e35fad769e4Timo Sirainen
503a863a317acba125a4e46435694e35fad769e4Timo Sirainenvoid client_send_raw_data(struct client *client, const void *data, size_t size);
503a863a317acba125a4e46435694e35fad769e4Timo Sirainenvoid client_send_raw(struct client *client, const char *data);
503a863a317acba125a4e46435694e35fad769e4Timo Sirainen
503a863a317acba125a4e46435694e35fad769e4Timo Sirainenvoid client_set_auth_waiting(struct client *client);
503a863a317acba125a4e46435694e35fad769e4Timo Sirainenvoid client_auth_send_challenge(struct client *client, const char *data);
503a863a317acba125a4e46435694e35fad769e4Timo Sirainenvoid client_auth_parse_response(struct client *client);
503a863a317acba125a4e46435694e35fad769e4Timo Sirainenint client_auth_begin(struct client *client, const char *mech_name,
503a863a317acba125a4e46435694e35fad769e4Timo Sirainen              const char *init_resp);
503a863a317acba125a4e46435694e35fad769e4Timo Sirainenbool client_check_plaintext_auth(struct client *client, bool pass_sent);
503a863a317acba125a4e46435694e35fad769e4Timo Sirainenint client_auth_read_line(struct client *client);
503a863a317acba125a4e46435694e35fad769e4Timo Sirainen
503a863a317acba125a4e46435694e35fad769e4Timo Sirainenvoid client_proxy_finish_destroy_client(struct client *client);
503a863a317acba125a4e46435694e35fad769e4Timo Sirainenvoid client_proxy_log_failure(struct client *client, const char *line);
503a863a317acba125a4e46435694e35fad769e4Timo Sirainenvoid client_proxy_failed(struct client *client, bool send_line);
503a863a317acba125a4e46435694e35fad769e4Timo Sirainen
503a863a317acba125a4e46435694e35fad769e4Timo Sirainenvoid clients_notify_auth_connected(void);
503a863a317acba125a4e46435694e35fad769e4Timo Sirainenvoid client_destroy_oldest(void);
503a863a317acba125a4e46435694e35fad769e4Timo Sirainenvoid clients_destroy_all(void);
503a863a317acba125a4e46435694e35fad769e4Timo Sirainen
503a863a317acba125a4e46435694e35fad769e4Timo Sirainen#endif
503a863a317acba125a4e46435694e35fad769e4Timo Sirainen