is an IMAP and POP3 server, written with security primarily in mind.
| client-common-auth.c (dovecot-2.3.16) | : | client-common-auth.c (dovecot-2.3.17) |
|---|
| | |
| skipping to change at line 204 | | skipping to change at line 204 |
|---|
| value, error); | | value, error); |
| } | | } |
| } else if (strcmp(key, "proxy_refresh") == 0) { | | } else if (strcmp(key, "proxy_refresh") == 0) { |
| if (str_to_uint(value, &reply_r->proxy_refresh_secs) < 0)
{ | | if (str_to_uint(value, &reply_r->proxy_refresh_secs) < 0)
{ |
| e_error(client->event, | | e_error(client->event, |
| "BUG: Auth service returned invalid " | | "BUG: Auth service returned invalid " |
| "proxy_refresh value: %s", value); | | "proxy_refresh value: %s", value); |
| } | | } |
| } else if (strcmp(key, "proxy_mech") == 0) | | } else if (strcmp(key, "proxy_mech") == 0) |
| reply_r->proxy_mech = value; | | reply_r->proxy_mech = value; |
|
| | else if (strcmp(key, "proxy_noauth") == 0) |
| | reply_r->proxy_noauth = TRUE; |
| else if (strcmp(key, "proxy_nopipelining") == 0) | | else if (strcmp(key, "proxy_nopipelining") == 0) |
| reply_r->proxy_nopipelining = TRUE; | | reply_r->proxy_nopipelining = TRUE; |
| else if (strcmp(key, "proxy_not_trusted") == 0) | | else if (strcmp(key, "proxy_not_trusted") == 0) |
| reply_r->proxy_not_trusted = TRUE; | | reply_r->proxy_not_trusted = TRUE; |
|
| else if (strcmp(key, "master") == 0) | | else if (strcmp(key, "master") == 0) { |
| reply_r->master_user = value; | | /* ignore empty master field */ |
| else if (strcmp(key, "ssl") == 0) { | | if (*value != '\0') |
| | reply_r->master_user = value; |
| | } else if (strcmp(key, "ssl") == 0) { |
| reply_r->ssl_flags |= PROXY_SSL_FLAG_YES; | | reply_r->ssl_flags |= PROXY_SSL_FLAG_YES; |
| if (strcmp(value, "any-cert") == 0) | | if (strcmp(value, "any-cert") == 0) |
| reply_r->ssl_flags |= PROXY_SSL_FLAG_ANY_CERT; | | reply_r->ssl_flags |= PROXY_SSL_FLAG_ANY_CERT; |
| if (reply_r->port == 0) | | if (reply_r->port == 0) |
| reply_r->port = login_binary->default_ssl_port; | | reply_r->port = login_binary->default_ssl_port; |
| } else if (strcmp(key, "starttls") == 0) { | | } else if (strcmp(key, "starttls") == 0) { |
| reply_r->ssl_flags |= PROXY_SSL_FLAG_YES | | | reply_r->ssl_flags |= PROXY_SSL_FLAG_YES | |
| PROXY_SSL_FLAG_STARTTLS; | | PROXY_SSL_FLAG_STARTTLS; |
| if (strcmp(value, "any-cert") == 0) | | if (strcmp(value, "any-cert") == 0) |
| reply_r->ssl_flags |= PROXY_SSL_FLAG_ANY_CERT; | | reply_r->ssl_flags |= PROXY_SSL_FLAG_ANY_CERT; |
| | |
| skipping to change at line 363 | | skipping to change at line 367 |
|---|
| client_proxy_get_state(client), duration, | | client_proxy_get_state(client), duration, |
| line == NULL ? "" : t_strdup_printf( | | line == NULL ? "" : t_strdup_printf( |
| " - BUG: line not read: %s", line)); | | " - BUG: line not read: %s", line)); |
| login_proxy_failed(client->login_proxy, | | login_proxy_failed(client->login_proxy, |
| login_proxy_get_event(client->login_proxy), | | login_proxy_get_event(client->login_proxy), |
| LOGIN_PROXY_FAILURE_TYPE_CONNECT, reason); | | LOGIN_PROXY_FAILURE_TYPE_CONNECT, reason); |
| return; | | return; |
| } | | } |
| | |
| output = client->output; | | output = client->output; |
|
| | /* The "line" variable is allocated from the istream, but the istream |
| | may be freed by proxy_parse_line(). Keep the istream referenced to |
| | make sure the line isn't freed too early. */ |
| | i_stream_ref(input); |
| o_stream_ref(output); | | o_stream_ref(output); |
| o_stream_cork(output); | | o_stream_cork(output); |
| while ((line = i_stream_next_line(input)) != NULL) { | | while ((line = i_stream_next_line(input)) != NULL) { |
| if (client->v.proxy_parse_line(client, line) != 0) | | if (client->v.proxy_parse_line(client, line) != 0) |
| break; | | break; |
| } | | } |
| o_stream_uncork(output); | | o_stream_uncork(output); |
| o_stream_unref(&output); | | o_stream_unref(&output); |
|
| | i_stream_unref(&input); |
| } | | } |
| | |
| void client_common_proxy_failed(struct client *client, | | void client_common_proxy_failed(struct client *client, |
| enum login_proxy_failure_type type, | | enum login_proxy_failure_type type, |
| const char *reason ATTR_UNUSED, | | const char *reason ATTR_UNUSED, |
| bool reconnecting) | | bool reconnecting) |
| { | | { |
| if (client->proxy_sasl_client != NULL) | | if (client->proxy_sasl_client != NULL) |
| dsasl_client_free(&client->proxy_sasl_client); | | dsasl_client_free(&client->proxy_sasl_client); |
| if (reconnecting) { | | if (reconnecting) { |
| | |
| skipping to change at line 495 | | skipping to change at line 504 |
|---|
| (login_source_ips_idx + 1) % login_source_ips_count; | | (login_source_ips_idx + 1) % login_source_ips_count; |
| } | | } |
| proxy_set.port = reply->port; | | proxy_set.port = reply->port; |
| proxy_set.connect_timeout_msecs = reply->proxy_timeout_msecs; | | proxy_set.connect_timeout_msecs = reply->proxy_timeout_msecs; |
| if (proxy_set.connect_timeout_msecs == 0) | | if (proxy_set.connect_timeout_msecs == 0) |
| proxy_set.connect_timeout_msecs = client->set->login_proxy_timeou
t; | | proxy_set.connect_timeout_msecs = client->set->login_proxy_timeou
t; |
| proxy_set.notify_refresh_secs = reply->proxy_refresh_secs; | | proxy_set.notify_refresh_secs = reply->proxy_refresh_secs; |
| proxy_set.ssl_flags = reply->ssl_flags; | | proxy_set.ssl_flags = reply->ssl_flags; |
| proxy_set.host_immediate_failure_after_secs = | | proxy_set.host_immediate_failure_after_secs = |
| reply->proxy_host_immediate_failure_after_secs; | | reply->proxy_host_immediate_failure_after_secs; |
|
| | proxy_set.rawlog_dir = client->set->login_proxy_rawlog_dir; |
| | |
| /* Include destination ip:port also in the log prefix */ | | /* Include destination ip:port also in the log prefix */ |
| event_set_append_log_prefix(event, t_strdup_printf( | | event_set_append_log_prefix(event, t_strdup_printf( |
| "proxy(%s,%s:%u): ", client->virtual_user, | | "proxy(%s,%s:%u): ", client->virtual_user, |
| net_ip2addr(&proxy_set.ip), proxy_set.port)); | | net_ip2addr(&proxy_set.ip), proxy_set.port)); |
| | |
| if (login_proxy_new(client, event, &proxy_set, proxy_input, | | if (login_proxy_new(client, event, &proxy_set, proxy_input, |
| client->v.proxy_failed) < 0) { | | client->v.proxy_failed) < 0) { |
| event_unref(&event); | | event_unref(&event); |
| return -1; | | return -1; |
| } | | } |
| event_unref(&event); | | event_unref(&event); |
| | |
| client->proxy_mech = sasl_mech; | | client->proxy_mech = sasl_mech; |
| client->proxy_user = i_strdup(reply->destuser); | | client->proxy_user = i_strdup(reply->destuser); |
| client->proxy_master_user = i_strdup(reply->master_user); | | client->proxy_master_user = i_strdup(reply->master_user); |
| client->proxy_password = i_strdup(reply->password); | | client->proxy_password = i_strdup(reply->password); |
|
| | client->proxy_noauth = reply->proxy_noauth; |
| client->proxy_nopipelining = reply->proxy_nopipelining; | | client->proxy_nopipelining = reply->proxy_nopipelining; |
| client->proxy_not_trusted = reply->proxy_not_trusted; | | client->proxy_not_trusted = reply->proxy_not_trusted; |
| | |
| /* disable input until authentication is finished */ | | /* disable input until authentication is finished */ |
| io_remove(&client->io); | | io_remove(&client->io); |
| return 0; | | return 0; |
| } | | } |
| | |
| static void ATTR_NULL(3, 4) | | static void ATTR_NULL(3, 4) |
| client_auth_result(struct client *client, enum client_auth_result result, | | client_auth_result(struct client *client, enum client_auth_result result, |
| | | |
| End of changes. 6 change blocks. |
|---|
| 3 lines changed or deleted | | 14 lines changed or added |
|---|
"Fossies" - the Fresh Open Source Software Archive 