client-common.h revision fe791e96fdf796f7d8997ee0515b163dc5eddd72
1ac7c8e9040e0d0b7e9f849e45b94bfe919595a9Timo Sirainen#ifndef CLIENT_COMMON_H
1ac7c8e9040e0d0b7e9f849e45b94bfe919595a9Timo Sirainen#define CLIENT_COMMON_H
1ac7c8e9040e0d0b7e9f849e45b94bfe919595a9Timo Sirainen
1ac7c8e9040e0d0b7e9f849e45b94bfe919595a9Timo Sirainen#include "net.h"
1ac7c8e9040e0d0b7e9f849e45b94bfe919595a9Timo Sirainen#include "login-proxy.h"
1ac7c8e9040e0d0b7e9f849e45b94bfe919595a9Timo Sirainen#include "sasl-server.h"
1ac7c8e9040e0d0b7e9f849e45b94bfe919595a9Timo Sirainen#include "master-login.h" /* for LOGIN_MAX_SESSION_ID_LEN */
1ac7c8e9040e0d0b7e9f849e45b94bfe919595a9Timo Sirainen
1ac7c8e9040e0d0b7e9f849e45b94bfe919595a9Timo Sirainen#define LOGIN_MAX_SESSION_ID_LEN 64
1ac7c8e9040e0d0b7e9f849e45b94bfe919595a9Timo Sirainen#define LOGIN_MAX_MASTER_PREFIX_LEN 128
1ac7c8e9040e0d0b7e9f849e45b94bfe919595a9Timo Sirainen
1ac7c8e9040e0d0b7e9f849e45b94bfe919595a9Timo Sirainen/* max. size of input buffer. this means:
1ac7c8e9040e0d0b7e9f849e45b94bfe919595a9Timo Sirainen
04c3ac276103b56185119bcff9a66de7a8bb0e68Timo Sirainen IMAP: Max. length of command's all parameters. SASL-IR is read into
04c3ac276103b56185119bcff9a66de7a8bb0e68Timo Sirainen a separate larger buffer.
1ac7c8e9040e0d0b7e9f849e45b94bfe919595a9Timo Sirainen POP3: Max. length of a command line (spec says 512 would be enough)
1ac7c8e9040e0d0b7e9f849e45b94bfe919595a9Timo Sirainen*/
1ac7c8e9040e0d0b7e9f849e45b94bfe919595a9Timo Sirainen#define LOGIN_MAX_INBUF_SIZE \
1ac7c8e9040e0d0b7e9f849e45b94bfe919595a9Timo Sirainen (MASTER_AUTH_MAX_DATA_SIZE - LOGIN_MAX_MASTER_PREFIX_LEN - \
1ac7c8e9040e0d0b7e9f849e45b94bfe919595a9Timo Sirainen LOGIN_MAX_SESSION_ID_LEN)
1ac7c8e9040e0d0b7e9f849e45b94bfe919595a9Timo Sirainen/* max. size of output buffer. if it gets full, the client is disconnected.
1ac7c8e9040e0d0b7e9f849e45b94bfe919595a9Timo Sirainen SASL authentication gives the largest output. */
1ac7c8e9040e0d0b7e9f849e45b94bfe919595a9Timo Sirainen#define LOGIN_MAX_OUTBUF_SIZE 4096
1ac7c8e9040e0d0b7e9f849e45b94bfe919595a9Timo Sirainen
1ac7c8e9040e0d0b7e9f849e45b94bfe919595a9Timo Sirainen/* Max. length of SASL authentication buffer. */
1ac7c8e9040e0d0b7e9f849e45b94bfe919595a9Timo Sirainen#define LOGIN_MAX_AUTH_BUF_SIZE 8192
1ac7c8e9040e0d0b7e9f849e45b94bfe919595a9Timo Sirainen
1ac7c8e9040e0d0b7e9f849e45b94bfe919595a9Timo Sirainen/* Disconnect client after this many milliseconds if it hasn't managed
1ac7c8e9040e0d0b7e9f849e45b94bfe919595a9Timo Sirainen to log in yet. */
c18ff860dc22960fd37c272d929f889c7939a2c8Timo Sirainen#define CLIENT_LOGIN_TIMEOUT_MSECS (MASTER_LOGIN_TIMEOUT_SECS*1000)
1ac7c8e9040e0d0b7e9f849e45b94bfe919595a9Timo Sirainen
1ac7c8e9040e0d0b7e9f849e45b94bfe919595a9Timo Sirainen#define AUTH_SERVER_WAITING_MSG \
04c3ac276103b56185119bcff9a66de7a8bb0e68Timo Sirainen "Waiting for authentication process to respond.."
1dd054126238349e1a7d3d1ffe7f8bc5fdbacb7aTimo Sirainen#define AUTH_MASTER_WAITING_MSG \
5fb3f13537dffd15a31e997da133a721c0728af8Timo Sirainen "Waiting for authentication master process to respond.."
5fb3f13537dffd15a31e997da133a721c0728af8Timo Sirainen
5fb3f13537dffd15a31e997da133a721c0728af8Timo Sirainenstruct master_service_connection;
5b62dea2f88165f3f4d87bba9011343f3ff415ffTimo Sirainen
5b62dea2f88165f3f4d87bba9011343f3ff415ffTimo Sirainenenum client_disconnect_reason {
5b62dea2f88165f3f4d87bba9011343f3ff415ffTimo Sirainen CLIENT_DISCONNECT_TIMEOUT,
5b62dea2f88165f3f4d87bba9011343f3ff415ffTimo Sirainen CLIENT_DISCONNECT_SYSTEM_SHUTDOWN,
5b62dea2f88165f3f4d87bba9011343f3ff415ffTimo Sirainen CLIENT_DISCONNECT_RESOURCE_CONSTRAINT,
1dd054126238349e1a7d3d1ffe7f8bc5fdbacb7aTimo Sirainen CLIENT_DISCONNECT_INTERNAL_ERROR
1ac7c8e9040e0d0b7e9f849e45b94bfe919595a9Timo Sirainen};
1ac7c8e9040e0d0b7e9f849e45b94bfe919595a9Timo Sirainen
1ac7c8e9040e0d0b7e9f849e45b94bfe919595a9Timo Sirainenenum client_auth_result {
1ac7c8e9040e0d0b7e9f849e45b94bfe919595a9Timo Sirainen CLIENT_AUTH_RESULT_SUCCESS,
1ac7c8e9040e0d0b7e9f849e45b94bfe919595a9Timo Sirainen CLIENT_AUTH_RESULT_REFERRAL_SUCCESS,
1ac7c8e9040e0d0b7e9f849e45b94bfe919595a9Timo Sirainen CLIENT_AUTH_RESULT_REFERRAL_NOLOGIN,
1ac7c8e9040e0d0b7e9f849e45b94bfe919595a9Timo Sirainen CLIENT_AUTH_RESULT_ABORTED,
1ac7c8e9040e0d0b7e9f849e45b94bfe919595a9Timo Sirainen CLIENT_AUTH_RESULT_AUTHFAILED,
1ac7c8e9040e0d0b7e9f849e45b94bfe919595a9Timo Sirainen CLIENT_AUTH_RESULT_AUTHFAILED_REASON,
1ac7c8e9040e0d0b7e9f849e45b94bfe919595a9Timo Sirainen CLIENT_AUTH_RESULT_AUTHZFAILED,
d22301419109ed4a38351715e6760011421dadecTimo Sirainen CLIENT_AUTH_RESULT_TEMPFAIL,
1ac7c8e9040e0d0b7e9f849e45b94bfe919595a9Timo Sirainen CLIENT_AUTH_RESULT_SSL_REQUIRED
1ac7c8e9040e0d0b7e9f849e45b94bfe919595a9Timo Sirainen};
1ac7c8e9040e0d0b7e9f849e45b94bfe919595a9Timo Sirainen
1ac7c8e9040e0d0b7e9f849e45b94bfe919595a9Timo Sirainenstruct client_auth_reply {
1ac7c8e9040e0d0b7e9f849e45b94bfe919595a9Timo Sirainen const char *master_user, *reason;
1ac7c8e9040e0d0b7e9f849e45b94bfe919595a9Timo Sirainen /* for proxying */
1ac7c8e9040e0d0b7e9f849e45b94bfe919595a9Timo Sirainen const char *host, *hostip, *source_ip;
1ac7c8e9040e0d0b7e9f849e45b94bfe919595a9Timo Sirainen const char *destuser, *password, *proxy_mech;
1ac7c8e9040e0d0b7e9f849e45b94bfe919595a9Timo Sirainen in_port_t port;
1ac7c8e9040e0d0b7e9f849e45b94bfe919595a9Timo Sirainen unsigned int proxy_timeout_msecs;
1ac7c8e9040e0d0b7e9f849e45b94bfe919595a9Timo Sirainen unsigned int proxy_refresh_secs;
1ac7c8e9040e0d0b7e9f849e45b94bfe919595a9Timo Sirainen enum login_proxy_ssl_flags ssl_flags;
e5fd6dfd0a492e4708d4dbb7971d7fc5d7b8fd85Timo Sirainen
1ac7c8e9040e0d0b7e9f849e45b94bfe919595a9Timo Sirainen /* all the key=value fields returned by passdb */
1ac7c8e9040e0d0b7e9f849e45b94bfe919595a9Timo Sirainen const char *const *all_fields;
1ac7c8e9040e0d0b7e9f849e45b94bfe919595a9Timo Sirainen
1ac7c8e9040e0d0b7e9f849e45b94bfe919595a9Timo Sirainen bool proxy:1;
1ac7c8e9040e0d0b7e9f849e45b94bfe919595a9Timo Sirainen bool proxy_nopipelining:1;
1ac7c8e9040e0d0b7e9f849e45b94bfe919595a9Timo Sirainen bool temp:1;
1ac7c8e9040e0d0b7e9f849e45b94bfe919595a9Timo Sirainen bool nologin:1;
1ac7c8e9040e0d0b7e9f849e45b94bfe919595a9Timo Sirainen bool authz_failure:1;
1ac7c8e9040e0d0b7e9f849e45b94bfe919595a9Timo Sirainen};
1ac7c8e9040e0d0b7e9f849e45b94bfe919595a9Timo Sirainen
1ac7c8e9040e0d0b7e9f849e45b94bfe919595a9Timo Sirainenstruct client_vfuncs {
1ac7c8e9040e0d0b7e9f849e45b94bfe919595a9Timo Sirainen struct client *(*alloc)(pool_t pool);
1ac7c8e9040e0d0b7e9f849e45b94bfe919595a9Timo Sirainen void (*create)(struct client *client, void **other_sets);
1ac7c8e9040e0d0b7e9f849e45b94bfe919595a9Timo Sirainen void (*destroy)(struct client *client);
1ac7c8e9040e0d0b7e9f849e45b94bfe919595a9Timo Sirainen void (*notify_auth_ready)(struct client *client);
1ac7c8e9040e0d0b7e9f849e45b94bfe919595a9Timo Sirainen void (*notify_disconnect)(struct client *client,
1ac7c8e9040e0d0b7e9f849e45b94bfe919595a9Timo Sirainen enum client_disconnect_reason reason,
1ac7c8e9040e0d0b7e9f849e45b94bfe919595a9Timo Sirainen const char *text);
1ac7c8e9040e0d0b7e9f849e45b94bfe919595a9Timo Sirainen void (*notify_status)(struct client *client,
1ac7c8e9040e0d0b7e9f849e45b94bfe919595a9Timo Sirainen bool bad, const char *text);
1ac7c8e9040e0d0b7e9f849e45b94bfe919595a9Timo Sirainen void (*notify_starttls)(struct client *client,
1ac7c8e9040e0d0b7e9f849e45b94bfe919595a9Timo Sirainen bool success, const char *text);
1ac7c8e9040e0d0b7e9f849e45b94bfe919595a9Timo Sirainen void (*starttls)(struct client *client);
1ac7c8e9040e0d0b7e9f849e45b94bfe919595a9Timo Sirainen void (*input)(struct client *client);
1ac7c8e9040e0d0b7e9f849e45b94bfe919595a9Timo Sirainen void (*auth_send_challenge)(struct client *client, const char *data);
9f19a50d5966643c4d1c5ca06868ac2ad31bc4d5Timo Sirainen void (*auth_parse_response)(struct client *client);
9f19a50d5966643c4d1c5ca06868ac2ad31bc4d5Timo Sirainen void (*auth_result)(struct client *client,
1ac7c8e9040e0d0b7e9f849e45b94bfe919595a9Timo Sirainen enum client_auth_result result,
1ac7c8e9040e0d0b7e9f849e45b94bfe919595a9Timo Sirainen const struct client_auth_reply *reply,
1ac7c8e9040e0d0b7e9f849e45b94bfe919595a9Timo Sirainen const char *text);
1ac7c8e9040e0d0b7e9f849e45b94bfe919595a9Timo Sirainen void (*proxy_reset)(struct client *client);
5fb3f13537dffd15a31e997da133a721c0728af8Timo Sirainen int (*proxy_parse_line)(struct client *client, const char *line);
5fb3f13537dffd15a31e997da133a721c0728af8Timo Sirainen void (*proxy_error)(struct client *client, const char *text);
5fb3f13537dffd15a31e997da133a721c0728af8Timo Sirainen};
5b62dea2f88165f3f4d87bba9011343f3ff415ffTimo Sirainen
5b62dea2f88165f3f4d87bba9011343f3ff415ffTimo Sirainenstruct client {
1ac7c8e9040e0d0b7e9f849e45b94bfe919595a9Timo Sirainen struct client *prev, *next;
pool_t pool;
struct client_vfuncs v;
time_t created;
int refcount;
struct ip_addr local_ip;
struct ip_addr ip;
struct ip_addr real_remote_ip, real_local_ip;
in_port_t local_port, remote_port;
in_port_t real_local_port, real_remote_port;
struct ssl_proxy *ssl_proxy;
const struct login_settings *set;
const struct master_service_ssl_settings *ssl_set;
const char *session_id, *listener_name, *postlogin_socket_path;
const char *local_name;
int fd;
struct istream *input;
struct ostream *output;
struct io *io;
struct timeout *to_auth_waiting;
struct timeout *to_disconnect;
unsigned char *master_data_prefix;
unsigned int master_data_prefix_len;
struct login_proxy *login_proxy;
char *proxy_user, *proxy_master_user, *proxy_password;
const struct dsasl_client_mech *proxy_mech;
struct dsasl_client *proxy_sasl_client;
unsigned int proxy_state;
unsigned int proxy_ttl;
char *auth_mech_name;
struct auth_client_request *auth_request;
string_t *auth_response;
time_t auth_first_started, auth_finished;
const char *sasl_final_resp;
const char *const *auth_passdb_args;
unsigned int master_auth_id;
unsigned int master_tag;
sasl_server_callback_t *sasl_callback;
unsigned int bad_counter;
unsigned int auth_attempts, auth_successes;
pid_t mail_pid;
/* Module-specific contexts. */
ARRAY(union login_client_module_context *) module_contexts;
char *virtual_user, *virtual_user_orig, *virtual_auth_user;
/* passdb user_* fields are set here after a successful auth.
This is a NULL-terminated array where fields are in the same order
as in global_alt_usernames. If some field doesn't exist, it's "".
Can also be NULL if there are no user_* fields. */
const char **alt_usernames;
bool destroyed:1;
bool input_blocked:1;
bool login_success:1;
bool starttls:1;
bool tls:1;
bool secured:1;
bool trusted:1;
bool ssl_servername_settings_read:1;
bool authenticating:1;
bool auth_tried_disabled_plaintext:1;
bool auth_tried_unsupported_mech:1;
bool auth_try_aborted:1;
bool auth_initializing:1;
bool auth_process_comm_fail:1;
bool proxy_auth_failed:1;
bool proxy_nopipelining:1;
bool auth_waiting:1;
bool auth_user_disabled:1;
bool auth_pass_expired:1;
bool notified_auth_ready:1;
bool notified_disconnect:1;
/* ... */
};
union login_client_module_context {
struct client_vfuncs super;
struct login_module_register *reg;
};
extern struct client *clients;
typedef void login_client_allocated_func_t(struct client *client);
/* Sets the client allocation hook and returns the previous hook,
which the new hook should call. */
login_client_allocated_func_t *
login_client_allocated_hook_set(login_client_allocated_func_t *new_hook);
struct client *
client_create(int fd, bool ssl, pool_t pool,
const struct master_service_connection *conn,
const struct login_settings *set,
const struct master_service_ssl_settings *ssl_set,
void **other_sets);
void client_destroy(struct client *client, const char *reason);
void client_destroy_success(struct client *client, const char *reason);
void client_destroy_internal_failure(struct client *client);
void client_ref(struct client *client);
bool client_unref(struct client **client) ATTR_NOWARN_UNUSED_RESULT;
void client_cmd_starttls(struct client *client);
unsigned int clients_get_count(void) ATTR_PURE;
void client_set_title(struct client *client);
void client_log(struct client *client, const char *msg);
void client_log_err(struct client *client, const char *msg);
void client_log_warn(struct client *client, const char *msg);
const char *client_get_extra_disconnect_reason(struct client *client);
void client_auth_respond(struct client *client, const char *response);
void client_auth_abort(struct client *client);
bool client_is_tls_enabled(struct client *client);
void client_auth_fail(struct client *client, const char *text);
const char *client_get_session_id(struct client *client);
bool client_read(struct client *client);
void client_input(struct client *client);
void client_notify_auth_ready(struct client *client);
void client_notify_status(struct client *client, bool bad, const char *text);
void client_notify_disconnect(struct client *client,
enum client_disconnect_reason reason,
const char *text);
void client_send_raw_data(struct client *client, const void *data, size_t size);
void client_send_raw(struct client *client, const char *data);
void client_set_auth_waiting(struct client *client);
void client_auth_send_challenge(struct client *client, const char *data);
void client_auth_parse_response(struct client *client);
int client_auth_begin(struct client *client, const char *mech_name,
const char *init_resp);
bool client_check_plaintext_auth(struct client *client, bool pass_sent);
int client_auth_read_line(struct client *client);
void client_proxy_finish_destroy_client(struct client *client);
void client_proxy_log_failure(struct client *client, const char *line);
void client_proxy_failed(struct client *client, bool send_line);
void clients_notify_auth_connected(void);
void client_destroy_oldest(void);
void clients_destroy_all(void);
void clients_destroy_all_reason(const char *reason);
#endif