is an IMAP and POP3 server, written with security primarily in mind.
| login-proxy.c (dovecot-2.3.16) | : | login-proxy.c (dovecot-2.3.17) |
|---|
| /* Copyright (c) 2004-2018 Dovecot authors, see the included COPYING file */ | | /* Copyright (c) 2004-2018 Dovecot authors, see the included COPYING file */ |
| | |
| #include "login-common.h" | | #include "login-common.h" |
| #include "ioloop.h" | | #include "ioloop.h" |
| #include "istream.h" | | #include "istream.h" |
| #include "ostream.h" | | #include "ostream.h" |
| #include "iostream.h" | | #include "iostream.h" |
| #include "iostream-proxy.h" | | #include "iostream-proxy.h" |
|
| | #include "iostream-rawlog.h" |
| #include "iostream-ssl.h" | | #include "iostream-ssl.h" |
| #include "llist.h" | | #include "llist.h" |
| #include "array.h" | | #include "array.h" |
| #include "str.h" | | #include "str.h" |
| #include "strescape.h" | | #include "strescape.h" |
| #include "time-util.h" | | #include "time-util.h" |
| #include "master-service.h" | | #include "master-service.h" |
| #include "master-service-ssl-settings.h" | | #include "master-service-ssl-settings.h" |
| #include "ipc-server.h" | | #include "ipc-server.h" |
| #include "mail-user-hash.h" | | #include "mail-user-hash.h" |
| | |
| skipping to change at line 68 | | skipping to change at line 69 |
|---|
| struct login_proxy_record *state_rec; | | struct login_proxy_record *state_rec; |
| | |
| struct ip_addr ip, source_ip; | | struct ip_addr ip, source_ip; |
| char *host; | | char *host; |
| in_port_t port; | | in_port_t port; |
| unsigned int connect_timeout_msecs; | | unsigned int connect_timeout_msecs; |
| unsigned int notify_refresh_secs; | | unsigned int notify_refresh_secs; |
| unsigned int host_immediate_failure_after_secs; | | unsigned int host_immediate_failure_after_secs; |
| unsigned int reconnect_count; | | unsigned int reconnect_count; |
| enum login_proxy_ssl_flags ssl_flags; | | enum login_proxy_ssl_flags ssl_flags; |
|
| | char *rawlog_dir; |
| | |
| login_proxy_input_callback_t *input_callback; | | login_proxy_input_callback_t *input_callback; |
| login_proxy_failure_callback_t *failure_callback; | | login_proxy_failure_callback_t *failure_callback; |
| | |
| bool connected:1; | | bool connected:1; |
| bool detached:1; | | bool detached:1; |
| bool destroying:1; | | bool destroying:1; |
| bool delayed_disconnect:1; | | bool delayed_disconnect:1; |
| bool disable_reconnect:1; | | bool disable_reconnect:1; |
| bool num_waiting_connections_updated:1; | | bool num_waiting_connections_updated:1; |
| | |
| skipping to change at line 163 | | skipping to change at line 165 |
|---|
| static void proxy_plain_connected(struct login_proxy *proxy) | | static void proxy_plain_connected(struct login_proxy *proxy) |
| { | | { |
| proxy->server_input = | | proxy->server_input = |
| i_stream_create_fd(proxy->server_fd, MAX_PROXY_INPUT_SIZE); | | i_stream_create_fd(proxy->server_fd, MAX_PROXY_INPUT_SIZE); |
| proxy->server_output = | | proxy->server_output = |
| o_stream_create_fd(proxy->server_fd, SIZE_MAX); | | o_stream_create_fd(proxy->server_fd, SIZE_MAX); |
| o_stream_set_no_error_handling(proxy->server_output, TRUE); | | o_stream_set_no_error_handling(proxy->server_output, TRUE); |
| | |
| proxy->server_io = | | proxy->server_io = |
| io_add(proxy->server_fd, IO_READ, proxy_prelogin_input, proxy); | | io_add(proxy->server_fd, IO_READ, proxy_prelogin_input, proxy); |
|
| | |
| | if (proxy->rawlog_dir != NULL) { |
| | if (iostream_rawlog_create(proxy->rawlog_dir, |
| | &proxy->server_input, |
| | &proxy->server_output) < 0) |
| | i_free(proxy->rawlog_dir); |
| | } |
| } | | } |
| | |
| static void proxy_fail_connect(struct login_proxy *proxy) | | static void proxy_fail_connect(struct login_proxy *proxy) |
| { | | { |
| i_assert(!proxy->num_waiting_connections_updated); | | i_assert(!proxy->num_waiting_connections_updated); |
| | |
| if (timeval_cmp(&proxy->created, &proxy->state_rec->last_success) < 0) { | | if (timeval_cmp(&proxy->created, &proxy->state_rec->last_success) < 0) { |
| /* there was a successful connection done since we started | | /* there was a successful connection done since we started |
| connecting. perhaps this is just a temporary one-off | | connecting. perhaps this is just a temporary one-off |
| failure. */ | | failure. */ |
| | |
| skipping to change at line 373 | | skipping to change at line 382 |
|---|
| proxy->source_ip = set->source_ip; | | proxy->source_ip = set->source_ip; |
| proxy->host = i_strdup(set->host); | | proxy->host = i_strdup(set->host); |
| proxy->port = set->port; | | proxy->port = set->port; |
| proxy->connect_timeout_msecs = set->connect_timeout_msecs; | | proxy->connect_timeout_msecs = set->connect_timeout_msecs; |
| proxy->notify_refresh_secs = set->notify_refresh_secs; | | proxy->notify_refresh_secs = set->notify_refresh_secs; |
| proxy->host_immediate_failure_after_secs = | | proxy->host_immediate_failure_after_secs = |
| set->host_immediate_failure_after_secs; | | set->host_immediate_failure_after_secs; |
| proxy->ssl_flags = set->ssl_flags; | | proxy->ssl_flags = set->ssl_flags; |
| proxy->state_rec = login_proxy_state_get(proxy_state, &proxy->ip, | | proxy->state_rec = login_proxy_state_get(proxy_state, &proxy->ip, |
| proxy->port); | | proxy->port); |
|
| | proxy->rawlog_dir = i_strdup_empty(set->rawlog_dir); |
| | |
| client_ref(client); | | client_ref(client); |
| event_ref(proxy->event); | | event_ref(proxy->event); |
| | |
| DLLIST_PREPEND(&login_proxies_pending, proxy); | | DLLIST_PREPEND(&login_proxies_pending, proxy); |
| | |
| proxy->input_callback = input_callback; | | proxy->input_callback = input_callback; |
| proxy->failure_callback = failure_callback; | | proxy->failure_callback = failure_callback; |
| client->login_proxy = proxy; | | client->login_proxy = proxy; |
| | |
| return login_proxy_connect(proxy); | | return login_proxy_connect(proxy); |
| | |
| skipping to change at line 432 | | skipping to change at line 443 |
|---|
| proxy->state_rec->num_disconnects_since_ts = 0; | | proxy->state_rec->num_disconnects_since_ts = 0; |
| timeout_remove(&proxy->to); | | timeout_remove(&proxy->to); |
| } | | } |
| | |
| io_remove(&proxy->client_wait_io); | | io_remove(&proxy->client_wait_io); |
| i_stream_destroy(&proxy->client_input); | | i_stream_destroy(&proxy->client_input); |
| o_stream_destroy(&proxy->client_output); | | o_stream_destroy(&proxy->client_output); |
| client_unref(&proxy->client); | | client_unref(&proxy->client); |
| event_unref(&proxy->event); | | event_unref(&proxy->event); |
| i_free(proxy->host); | | i_free(proxy->host); |
|
| | i_free(proxy->rawlog_dir); |
| i_free(proxy); | | i_free(proxy); |
| } | | } |
| | |
| static unsigned int login_proxy_delay_disconnect(struct login_proxy *proxy) | | static unsigned int login_proxy_delay_disconnect(struct login_proxy *proxy) |
| { | | { |
| struct login_proxy_record *rec = proxy->state_rec; | | struct login_proxy_record *rec = proxy->state_rec; |
| const unsigned int max_delay = | | const unsigned int max_delay = |
| proxy->client->set->login_proxy_max_disconnect_delay; | | proxy->client->set->login_proxy_max_disconnect_delay; |
| struct timeval disconnect_time_offset; | | struct timeval disconnect_time_offset; |
| unsigned int max_disconnects_per_sec, delay_msecs_since_ts, max_conns; | | unsigned int max_disconnects_per_sec, delay_msecs_since_ts, max_conns; |
| | |
| skipping to change at line 750 | | skipping to change at line 762 |
|---|
| | |
| client->login_proxy = NULL; | | client->login_proxy = NULL; |
| } | | } |
| | |
| int login_proxy_starttls(struct login_proxy *proxy) | | int login_proxy_starttls(struct login_proxy *proxy) |
| { | | { |
| struct ssl_iostream_context *ssl_ctx; | | struct ssl_iostream_context *ssl_ctx; |
| struct ssl_iostream_settings ssl_set; | | struct ssl_iostream_settings ssl_set; |
| const char *error; | | const char *error; |
| | |
|
| master_service_ssl_settings_to_iostream_set(proxy->client->ssl_set, | | master_service_ssl_client_settings_to_iostream_set( |
| pool_datastack_create(), | | proxy->client->ssl_set, pool_datastack_create(), &ssl_set); |
| MASTER_SERVICE_SSL_SETTINGS_T | | |
| YPE_CLIENT, | | |
| &ssl_set); | | |
| if ((proxy->ssl_flags & PROXY_SSL_FLAG_ANY_CERT) != 0) | | if ((proxy->ssl_flags & PROXY_SSL_FLAG_ANY_CERT) != 0) |
| ssl_set.allow_invalid_cert = TRUE; | | ssl_set.allow_invalid_cert = TRUE; |
| /* NOTE: We're explicitly disabling ssl_client_ca_* settings for now | | /* NOTE: We're explicitly disabling ssl_client_ca_* settings for now |
| at least. The main problem is that we're chrooted, so we can't read | | at least. The main problem is that we're chrooted, so we can't read |
| them at this point anyway. The second problem is that especially | | them at this point anyway. The second problem is that especially |
| ssl_client_ca_dir does blocking disk I/O, which could cause | | ssl_client_ca_dir does blocking disk I/O, which could cause |
| unexpected hangs when login process handles multiple clients. */ | | unexpected hangs when login process handles multiple clients. */ |
| ssl_set.ca_file = ssl_set.ca_dir = NULL; | | ssl_set.ca_file = ssl_set.ca_dir = NULL; |
| | |
| io_remove(&proxy->server_io); | | io_remove(&proxy->server_io); |
| | | |
| End of changes. 6 change blocks. |
|---|
| 5 lines changed or deleted | | 14 lines changed or added |
|---|
"Fossies" - the Fresh Open Source Software Archive 