25
25
#define OUTBUF_THROTTLE_SIZE (1024*50)
27
#define AUTH_DEBUG_SENSITIVE_SUFFIX \
28
" (previous base64 data may contain sensitive data)"
27
30
static void auth_client_disconnected(struct auth_client_connection **_conn);
28
31
static void auth_client_connection_unref(struct auth_client_connection **_conn);
29
32
static void auth_client_input(struct auth_client_connection *conn);
54
57
iov[0].iov_len = strlen(cmd);
55
58
iov[1].iov_base = "\n";
56
59
iov[1].iov_len = 1;
57
(void)o_stream_sendv(conn->output, iov, 2);
60
o_stream_nsendv(conn->output, iov, 2);
59
62
if (o_stream_get_buffer_used_size(conn->output) >=
60
63
OUTBUF_THROTTLE_SIZE) {
67
70
if (conn->auth->set->debug) {
68
i_debug("client out: %s", conn->auth->set->debug_passwords ?
71
i_debug("client passdb out: %s",
72
conn->auth->set->debug_passwords ?
69
73
cmd : reply_line_hide_pass(cmd));
73
static void auth_callback(struct auth_stream_reply *reply,
77
static void auth_callback(const char *reply,
74
78
struct auth_client_connection *conn)
76
80
if (reply == NULL) {
77
81
/* handler destroyed */
78
82
auth_client_connection_unref(&conn);
84
auth_client_send(conn, reply);
82
auth_client_send(conn, auth_stream_reply_export(reply));
124
127
/* handshake complete, we can now actually start serving requests */
125
128
conn->refcount++;
126
129
conn->request_handler =
127
auth_request_handler_create(auth_callback, conn,
130
auth_request_handler_create(conn->token_auth, auth_callback, conn,
128
131
!conn->login_requests ? NULL :
129
132
auth_master_request_callback);
130
133
auth_request_handler_set(conn->request_handler, conn->connect_uid, pid);
166
if (conn->auth->set->debug_passwords)
167
return t_strconcat(line, AUTH_DEBUG_SENSITIVE_SUFFIX, NULL);
162
169
p2 = strchr(p, '\t');
163
170
return t_strconcat(t_strdup_until(line, p), PASSWORD_HIDDEN_STR,
167
static const char *cont_line_hide_pass(const char *line)
175
cont_line_hide_pass(struct auth_client_connection *conn, const char *line)
179
if (conn->auth->set->debug_passwords)
180
return t_strconcat(line, AUTH_DEBUG_SENSITIVE_SUFFIX, NULL);
171
182
p = strchr(line, '\t');
195
206
if (strncmp(line, "AUTH\t", 5) == 0) {
196
207
if (conn->auth->set->debug) {
197
208
i_debug("client in: %s",
198
conn->auth->set->debug_passwords ? line :
199
auth_line_hide_pass(line));
209
auth_line_hide_pass(conn, line));
201
211
return auth_request_handler_auth_begin(conn->request_handler,
204
214
if (strncmp(line, "CONT\t", 5) == 0) {
205
215
if (conn->auth->set->debug) {
206
216
i_debug("client in: %s",
207
conn->auth->set->debug_passwords ? line :
208
cont_line_hide_pass(line));
217
cont_line_hide_pass(conn, line));
210
219
return auth_request_handler_auth_continue(conn->request_handler,
292
301
auth_client_connection_unref(&conn);
295
struct auth_client_connection *
296
auth_client_connection_create(struct auth *auth, int fd, bool login_requests)
304
void auth_client_connection_create(struct auth *auth, int fd,
305
bool login_requests, bool token_auth)
298
307
static unsigned int connect_uid_counter = 0;
299
308
struct auth_client_connection *conn;
309
const char *mechanisms;
302
312
conn = i_new(struct auth_client_connection, 1);
304
314
conn->refcount = 1;
305
315
conn->connect_uid = ++connect_uid_counter;
306
316
conn->login_requests = login_requests;
317
conn->token_auth = token_auth;
307
318
random_fill(conn->cookie, sizeof(conn->cookie));
310
321
conn->input = i_stream_create_fd(fd, AUTH_CLIENT_MAX_LINE_LENGTH,
312
323
conn->output = o_stream_create_fd(fd, (size_t)-1, FALSE);
324
o_stream_set_no_error_handling(conn->output, TRUE);
313
325
o_stream_set_flush_callback(conn->output, auth_client_output, conn);
314
326
conn->io = io_add(fd, IO_READ, auth_client_input, conn);
316
328
DLLIST_PREPEND(&auth_client_connections, conn);
331
mechanisms = t_strconcat("MECH\t",
332
mech_dovecot_token.mech_name, "\n", NULL);
334
mechanisms = str_c(auth->reg->handshake);
318
337
str = t_str_new(128);
319
338
str_printfa(str, "VERSION\t%u\t%u\n%sSPID\t%s\nCUID\t%u\nCOOKIE\t",
320
339
AUTH_CLIENT_PROTOCOL_MAJOR_VERSION,
321
340
AUTH_CLIENT_PROTOCOL_MINOR_VERSION,
322
str_c(auth->reg->handshake), my_pid, conn->connect_uid);
341
mechanisms, my_pid, conn->connect_uid);
323
342
binary_to_hex_append(str, conn->cookie, sizeof(conn->cookie));
324
343
str_append(str, "\nDONE\n");
326
345
if (o_stream_send(conn->output, str_data(str), str_len(str)) < 0)
327
346
auth_client_disconnected(&conn);
332
349
void auth_client_connection_destroy(struct auth_client_connection **_conn)