← Back to branch summary

~ubuntu-branches/ubuntu/maverick/postfix/maverick-security

« back to all changes in this revision

Viewing changes to src/xsasl/xsasl_dovecot_server.c

  • Committer: Bazaar Package Importer
  • Author(s): LaMont Jones, Wietse Venema, LaMont Jones
  • Date: 2009-06-03 14:17:08 UTC
  • mfrom: (1.1.22 upstream)
  • Revision ID: james.westby@ubuntu.com-20090603141708-o9u59xlor7nmd2x1
[Wietse Venema]

* New upstream release: 2.6.2~rc1

[LaMont Jones]

* move postfix-add-{filter,policy} manpages to section 8, and deliver
* provide: default-mta on ubuntu

Show diffs side-by-side

added added

removed removed

Lines of Context:
src/xsasl/xsasl_dovecot_server.c
65
65
#include <vstring_vstream.h>
66
66
#include <name_mask.h>
67
67
#include <argv.h>
 
68
#include <myaddrinfo.h>
68
69
 
69
70
/* Global library. */
70
71
 
160
161
    char   *username;                   /* authenticated user */
161
162
    VSTRING *sasl_line;
162
163
    unsigned int sec_props;             /* Postfix mechanism filter */
 
164
    int     tls_flag;                   /* TLS enabled in this session */
163
165
    char   *mechanism_list;             /* filtered mechanism list */
164
166
    ARGV   *mechanism_argv;             /* ditto */
 
167
    char   *client_addr;                /* remote IP address */
 
168
    char   *server_addr;                /* remote IP address */
165
169
} XSASL_DOVECOT_SERVER;
166
170
 
167
171
 /*
169
173
  */
170
174
static void xsasl_dovecot_server_done(XSASL_SERVER_IMPL *);
171
175
static XSASL_SERVER *xsasl_dovecot_server_create(XSASL_SERVER_IMPL *,
172
 
                                                         VSTREAM *,
173
 
                                                         const char *,
174
 
                                                         const char *,
175
 
                                                         const char *);
 
176
                                                XSASL_SERVER_CREATE_ARGS *);
176
177
static void xsasl_dovecot_server_free(XSASL_SERVER *);
177
178
static int xsasl_dovecot_server_first(XSASL_SERVER *, const char *,
178
179
                                              const char *, VSTRING *);
255
256
    unsigned int major_version, minor_version;
256
257
    int     fd, success;
257
258
    int     sec_props;
 
259
    const char *path;
258
260
 
259
261
    if (msg_verbose)
260
262
        msg_info("%s: Connecting", myname);
261
263
 
262
 
    if ((fd = unix_connect(xp->socket_path, BLOCKING, AUTH_TIMEOUT)) < 0) {
 
264
    /*
 
265
     * Not documented, but necessary for testing.
 
266
     */
 
267
    path = xp->socket_path;
 
268
    if (strncmp(path, "inet:", 5) == 0) {
 
269
        fd = inet_connect(path + 5, BLOCKING, AUTH_TIMEOUT);
 
270
    } else {
 
271
        if (strncmp(path, "unix:", 5) == 0)
 
272
            path += 5;
 
273
        fd = unix_connect(path, BLOCKING, AUTH_TIMEOUT);
 
274
    }
 
275
    if (fd < 0) {
263
276
        msg_warn("SASL: Connect to %s failed: %m", xp->socket_path);
264
277
        return (-1);
265
278
    }
269
282
                    VSTREAM_CTL_TIMEOUT, AUTH_TIMEOUT,
270
283
                    VSTREAM_CTL_END);
271
284
 
 
285
    /* XXX Encapsulate for logging. */
272
286
    vstream_fprintf(sasl_stream,
273
287
                    "VERSION\t%u\t%u\n"
274
288
                    "CPID\t%u\n",
281
295
    }
282
296
    success = 0;
283
297
    line_str = vstring_alloc(256);
 
298
    /* XXX Encapsulate for logging. */
284
299
    while (vstring_get_nonl(line_str, sasl_stream) != VSTREAM_EOF) {
285
300
        line = vstring_str(line_str);
286
301
 
379
394
/* xsasl_dovecot_server_create - create server instance */
380
395
 
381
396
static XSASL_SERVER *xsasl_dovecot_server_create(XSASL_SERVER_IMPL *impl,
382
 
                                                     VSTREAM *unused_stream,
383
 
                                                         const char *service,
384
 
                                                         const char *realm,
385
 
                                                      const char *sec_props)
 
397
                                             XSASL_SERVER_CREATE_ARGS *args)
386
398
{
387
399
    const char *myname = "xsasl_dovecot_server_create";
388
400
    XSASL_DOVECOT_SERVER *server;
 
401
    struct sockaddr_storage ss;
 
402
    struct sockaddr *sa = (struct sockaddr *) & ss;
 
403
    SOCKADDR_SIZE salen;
 
404
    MAI_HOSTADDR_STR server_addr;
389
405
 
390
406
    if (msg_verbose)
391
407
        msg_info("%s: SASL service=%s, realm=%s",
392
 
                 myname, service, realm ? realm : "(null)");
 
408
                 myname, args->service, args->user_realm ?
 
409
                 args->user_realm : "(null)");
393
410
 
394
411
    /*
395
412
     * Extend the XSASL_SERVER_IMPL object with our own data. We use
405
422
    server->impl = (XSASL_DOVECOT_SERVER_IMPL *) impl;
406
423
    server->sasl_line = vstring_alloc(256);
407
424
    server->username = 0;
408
 
    server->service = mystrdup(service);
 
425
    server->service = mystrdup(args->service);
409
426
    server->last_request_id = 0;
410
427
    server->mechanism_list = 0;
411
428
    server->mechanism_argv = 0;
 
429
    server->tls_flag = args->tls_flag;
412
430
    server->sec_props =
413
431
        name_mask_opt(myname, xsasl_dovecot_conf_sec_props,
414
 
                      sec_props, NAME_MASK_ANY_CASE | NAME_MASK_FATAL);
 
432
                      args->security_options,
 
433
                      NAME_MASK_ANY_CASE | NAME_MASK_FATAL);
 
434
    server->client_addr = mystrdup(args->client_addr);
 
435
 
 
436
    /*
 
437
     * XXX Temporary code until smtpd_peer.c is updated.
 
438
     */
 
439
    if (args->server_addr && *args->server_addr) {
 
440
        server->server_addr = mystrdup(args->server_addr);
 
441
    } else {
 
442
        salen = sizeof(ss);
 
443
        if (getsockname(vstream_fileno(args->stream), sa, &salen) < 0
 
444
            || sockaddr_to_hostaddr(sa, salen, &server_addr, 0, 0) != 0)
 
445
            server_addr.buf[0] = 0;
 
446
        server->server_addr = mystrdup(server_addr.buf);
 
447
    }
415
448
 
416
449
    return (&server->xsasl);
417
450
}
450
483
        argv_free(server->mechanism_argv);
451
484
    }
452
485
    myfree(server->service);
 
486
    myfree(server->server_addr);
 
487
    myfree(server->client_addr);
453
488
    myfree((char *) server);
454
489
}
455
490
 
510
545
    const char *myname = "xsasl_dovecot_handle_reply";
511
546
    char   *line, *cmd;
512
547
 
 
548
    /* XXX Encapsulate for logging. */
513
549
    while (vstring_get_nonl(server->sasl_line,
514
550
                            server->impl->sasl_stream) != VSTREAM_EOF) {
515
551
        line = vstring_str(server->sasl_line);
604
640
        }
605
641
        /* send the request */
606
642
        server->last_request_id = ++server->impl->request_id_counter;
 
643
        /* XXX Encapsulate for logging. */
607
644
        vstream_fprintf(server->impl->sasl_stream,
608
 
                        "AUTH\t%u\t%s\tservice=%s\tnologin",
 
645
                        "AUTH\t%u\t%s\tservice=%s\tnologin\tlip=%s\trip=%s",
609
646
                        server->last_request_id, sasl_method,
610
 
                        server->service);
 
647
                        server->service, server->server_addr,
 
648
                        server->client_addr);
 
649
        if (server->tls_flag)
 
650
            /* XXX Encapsulate for logging. */
 
651
            vstream_fputs("\tsecured", server->impl->sasl_stream);
611
652
        if (init_response) {
612
653
 
613
654
            /*
614
655
             * initial response is already base64 encoded, so we can send it
615
656
             * directly.
616
657
             */
 
658
            /* XXX Encapsulate for logging. */
617
659
            vstream_fprintf(server->impl->sasl_stream,
618
660
                            "\tresp=%s", init_response);
619
661
        }
 
662
        /* XXX Encapsulate for logging. */
620
663
        VSTREAM_PUTC('\n', server->impl->sasl_stream);
621
664
 
622
665
        if (vstream_fflush(server->impl->sasl_stream) != VSTREAM_EOF)
647
690
        vstring_strcpy(reply, "Invalid base64 data in continued response");
648
691
        return XSASL_AUTH_FAIL;
649
692
    }
 
693
    /* XXX Encapsulate for logging. */
650
694
    vstream_fprintf(server->impl->sasl_stream,
651
695
                    "CONT\t%u\t%s\n", server->last_request_id, request);
652
696
    if (vstream_fflush(server->impl->sasl_stream) == VSTREAM_EOF) {