static
void test_hmac_test_vectors(void)
{
test_begin("test_hmac_test_vectors");
buffer_t *pt, *ct, *key, *res;
pt = buffer_create_dynamic(pool_datastack_create(), 50);
key = buffer_create_dynamic(pool_datastack_create(), 20);
ct = buffer_create_dynamic(pool_datastack_create(), 32);
res = buffer_create_dynamic(pool_datastack_create(), 32);
hex_to_binary("aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", key);
hex_to_binary("dddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddd", pt);
hex_to_binary("773ea91e36800e46854db8ebd09181a72959098b3ef8c122d9635514ced565fe", res);
struct dcrypt_context_hmac *hctx;
if (!dcrypt_ctx_hmac_create("sha256", &hctx, NULL)) {
test_assert_failed("dcrypt_ctx_hmac_create", __FILE__, __LINE__-1);
} else {
dcrypt_ctx_hmac_set_key(hctx, key->data, key->used);
test_assert(dcrypt_ctx_hmac_init(hctx, NULL));
test_assert(dcrypt_ctx_hmac_update(hctx, pt->data, pt->used, NULL));
test_assert(dcrypt_ctx_hmac_final(hctx, ct, NULL));
test_assert(buffer_cmp(ct, res));
dcrypt_ctx_hmac_destroy(&hctx);
}
test_end();
}
int cmd_login(struct imap_client *imap_client, const struct imap_arg *args)
{
struct client *client = &imap_client->common;
const char *user, *pass;
string_t *plain_login, *base64;
/* two arguments: username and password */
if (!imap_arg_get_astring(&args[0], &user) ||
!imap_arg_get_astring(&args[1], &pass) ||
!IMAP_ARG_IS_EOL(&args[2]))
return -1;
if (!client_check_plaintext_auth(client, TRUE))
return 1;
/* authorization ID \0 authentication ID \0 pass */
plain_login = buffer_create_dynamic(pool_datastack_create(), 64);
buffer_append_c(plain_login, '\0');
buffer_append(plain_login, user, strlen(user));
buffer_append_c(plain_login, '\0');
buffer_append(plain_login, pass, strlen(pass));
base64 = buffer_create_dynamic(pool_datastack_create(),
MAX_BASE64_ENCODED_SIZE(plain_login->used));
base64_encode(plain_login->data, plain_login->used, base64);
return imap_client_auth_begin(imap_client, "PLAIN", str_c(base64));
}
const char *client_get_session_id(struct client *client)
{
buffer_t *buf, *base64_buf;
struct timeval tv;
uint64_t timestamp;
unsigned int i;
if (client->session_id != NULL)
return client->session_id;
buf = buffer_create_dynamic(pool_datastack_create(), 24);
base64_buf = buffer_create_dynamic(pool_datastack_create(), 24*2);
if (gettimeofday(&tv, NULL) < 0)
i_fatal("gettimeofday(): %m");
timestamp = tv.tv_usec + (long long)tv.tv_sec * 1000ULL*1000ULL;
/* add lowest 48 bits of the timestamp. this gives us a bit less than
9 years until it wraps */
for (i = 0; i < 48; i += 8)
buffer_append_c(buf, (timestamp >> i) & 0xff);
buffer_append_c(buf, client->remote_port & 0xff);
buffer_append_c(buf, (client->remote_port >> 16) & 0xff);
#ifdef HAVE_IPV6
if (IPADDR_IS_V6(&client->ip))
buffer_append(buf, &client->ip.u.ip6, sizeof(client->ip.u.ip6));
else
#endif
buffer_append(buf, &client->ip.u.ip4, sizeof(client->ip.u.ip4));
base64_encode(buf->data, buf->used, base64_buf);
client->session_id = p_strdup(client->pool, str_c(base64_buf));
return client->session_id;
}
static void test_fts_icu_translate_resize(void)
{
const char *translit_id = "Any-Hex";
const char *src_utf8 = "FOO";
buffer_t *dest, *src_utf16;
UTransliterator *translit;
const char *error;
unsigned int i;
test_begin("fts_icu_translate_resize resize");
src_utf16 = buffer_create_dynamic(pool_datastack_create(), 16);
translit = get_translit(translit_id);
for (i = 2; i <= 20; i++) {
buffer_set_used_size(src_utf16, 0);
fts_icu_utf8_to_utf16(src_utf16, src_utf8);
dest = buffer_create_dynamic(pool_datastack_create(), i);
test_assert(buffer_get_size(dest) == i);
test_assert(fts_icu_translate(dest, src_utf16->data,
src_utf16->used/sizeof(UChar),
translit, &error) == 0);
}
utrans_close(translit);
test_end();
}
int index_storage_attribute_get(struct mailbox_transaction_context *t,
enum mail_attribute_type type, const char *key,
struct mail_attribute_value *value_r)
{
struct dict *dict;
const char *mailbox_prefix;
int ret;
memset(value_r, 0, sizeof(*value_r));
if (strncmp(key, MAILBOX_ATTRIBUTE_PREFIX_DOVECOT_PVT,
strlen(MAILBOX_ATTRIBUTE_PREFIX_DOVECOT_PVT)) == 0)
return 0;
if (index_storage_get_dict(t->box, type, &dict, &mailbox_prefix) < 0)
return -1;
ret = dict_lookup(dict, pool_datastack_create(),
key_get_prefixed(type, mailbox_prefix, key),
&value_r->value);
if (ret < 0) {
mail_storage_set_internal_error(t->box->storage);
return -1;
}
return ret;
}
static int acl_mailbox_exists(struct mailbox *box, bool auto_boxes,
enum mailbox_existence *existence_r)
{
struct acl_mailbox *abox = ACL_CONTEXT(box);
const char *const *rights;
unsigned int i;
if (acl_object_get_my_rights(abox->aclobj, pool_datastack_create(),
&rights) < 0)
return -1;
/* for now this is used only by IMAP SUBSCRIBE. we'll intentionally
violate RFC 4314 here, because it says SUBSCRIBE should succeed only
when mailbox has 'l' right. But there's no point in not allowing
a subscribe for a mailbox that can be selected anyway. Just the
opposite: subscribing to such mailboxes is a very useful feature. */
for (i = 0; rights[i] != NULL; i++) {
if (strcmp(rights[i], MAIL_ACL_LOOKUP) == 0 ||
strcmp(rights[i], MAIL_ACL_READ) == 0 ||
strcmp(rights[i], MAIL_ACL_INSERT) == 0)
return abox->module_ctx.super.exists(box, auto_boxes,
existence_r);
}
*existence_r = MAILBOX_EXISTENCE_NONE;
return 0;
}
static void test_ostream_dot_one(const struct dot_test *test)
{
struct istream *test_input;
struct ostream *output, *test_output;
buffer_t *output_data;
const unsigned char *data;
size_t size;
ssize_t ret;
test_input = test_istream_create(test->input);
output_data = buffer_create_dynamic(pool_datastack_create(), 1024);
test_output = o_stream_create_buffer(output_data);
output = o_stream_create_dot(test_output, FALSE);
while ((ret = i_stream_read(test_input)) > 0 || ret == -2) {
data = i_stream_get_data(test_input, &size);
ret = o_stream_send(output, data, size);
test_assert(ret >= 0);
if (ret <= 0)
break;
i_stream_skip(test_input, ret);
}
test_assert(test_input->eof);
test_assert(o_stream_flush(output) > 0);
o_stream_unref(&output);
o_stream_unref(&test_output);
test_assert(strcmp(str_c(output_data), test->output) == 0);
i_stream_unref(&test_input);
}
static void test_quoted_printable_decode_final(void)
{
static struct test_quoted_printable_decode_data data[] = {
{ "=0A=0D ", "\n\r", 2, 0 },
{ "foo=", "foo", 1, 0 },
{ "foo ", "foo", 2, 0 },
{ "foo= ", "foo", 3, 0 },
{ "foo=A", "foo", 2, -1 }
};
buffer_t *buf;
unsigned int i, len;
size_t src_pos;
int ret;
test_begin("quoted printable decode final");
buf = buffer_create_dynamic(pool_datastack_create(), 128);
for (i = 0; i < N_ELEMENTS(data); i++) {
len = strlen(data[i].input);
ret = quoted_printable_decode_final((const void *)data[i].input,
len, &src_pos, buf);
test_assert(ret == data[i].ret);
test_assert(src_pos + data[i].end_skip == len);
test_assert(strcmp(data[i].output, str_c(buf)) == 0);
buffer_set_used_size(buf, 0);
}
test_end();
}
int index_storage_attribute_get(struct mailbox *box,
enum mail_attribute_type type, const char *key,
struct mail_attribute_value *value_r,
bool internal_attribute)
{
struct dict *dict;
const char *mailbox_prefix, *error;
int ret;
memset(value_r, 0, sizeof(*value_r));
if (!internal_attribute &&
!MAILBOX_ATTRIBUTE_KEY_IS_USER_ACCESSIBLE(key))
return 0;
if (index_storage_get_dict(box, type, &dict, &mailbox_prefix) < 0)
return -1;
ret = dict_lookup(dict, pool_datastack_create(),
key_get_prefixed(type, mailbox_prefix, key),
&value_r->value, &error);
if (ret < 0) {
mail_storage_set_critical(box->storage,
"Failed to set attribute %s: %s", key, error);
return -1;
}
return ret;
}
static
int o_stream_encrypt_send_header_v2(struct encrypt_ostream *stream)
{
unsigned char c;
unsigned int i;
i_assert(!stream->prefix_written);
stream->prefix_written = TRUE;
buffer_t *values = buffer_create_dynamic(pool_datastack_create(), 256);
buffer_append(values, IOSTREAM_CRYPT_MAGIC, sizeof(IOSTREAM_CRYPT_MAGIC));
c = 2;
buffer_append(values, &c, 1);
i = htonl(stream->flags);
buffer_append(values, &i, 4);
/* store total length of header
9 = version + flags + length
8 = rounds + key data length
*/
i = htonl(sizeof(IOSTREAM_CRYPT_MAGIC) + 9 + stream->cipher_oid->used + stream->mac_oid->used + 8 + stream->key_data_len);
buffer_append(values, &i, 4);
buffer_append_buf(values, stream->cipher_oid, 0, (size_t)-1);
buffer_append_buf(values, stream->mac_oid, 0, (size_t)-1);
i = htonl(IO_STREAM_ENCRYPT_ROUNDS);
buffer_append(values, &i, 4);
i = htonl(stream->key_data_len);
buffer_append(values, &i, 4);
buffer_append(values, stream->key_data, stream->key_data_len);
i_free_and_null(stream->key_data);
return o_stream_encrypt_send(stream, values->data, values->used);
}
static const buffer_t *
log_get_hdr_update_buffer(struct mail_index_transaction *t, bool prepend)
{
buffer_t *buf;
const unsigned char *data, *mask;
struct mail_transaction_header_update u;
uint16_t offset;
int state = 0;
memset(&u, 0, sizeof(u));
data = prepend ? t->pre_hdr_change : t->post_hdr_change;
mask = prepend ? t->pre_hdr_mask : t->post_hdr_mask;
buf = buffer_create_dynamic(pool_datastack_create(), 256);
for (offset = 0; offset <= sizeof(t->pre_hdr_change); offset++) {
if (offset < sizeof(t->pre_hdr_change) && mask[offset]) {
if (state == 0) {
u.offset = offset;
state++;
}
} else {
if (state > 0) {
u.size = offset - u.offset;
buffer_append(buf, &u, sizeof(u));
buffer_append(buf, data + u.offset, u.size);
state = 0;
}
}
}
return buf;
}
static enum passdb_result
passdb_dict_lookup_key(struct auth_request *auth_request,
struct dict_passdb_module *module, const char *key)
{
const char *value;
int ret;
auth_request_log_debug(auth_request, "dict", "lookup %s", key);
ret = dict_lookup(module->conn->dict, pool_datastack_create(),
key, &value);
if (ret < 0) {
auth_request_log_error(auth_request, "dict", "Lookup failed");
return PASSDB_RESULT_INTERNAL_FAILURE;
} else if (ret == 0) {
auth_request_log_unknown_user(auth_request, "dict");
return PASSDB_RESULT_USER_UNKNOWN;
} else {
auth_request_log_debug(auth_request, "dict",
"result: %s", value);
if (dict_query_save_results(auth_request, module->conn, value) < 0)
return PASSDB_RESULT_INTERNAL_FAILURE;
if (auth_request->passdb_password == NULL &&
!auth_fields_exists(auth_request->extra_fields, "nopassword")) {
auth_request_log_info(auth_request, "dict",
"No password returned (and no nopassword)");
return PASSDB_RESULT_PASSWORD_MISMATCH;
} else {
return PASSDB_RESULT_OK;
}
}
}
int fts_icu_transliterator_create(const char *id,
UTransliterator **transliterator_r,
const char **error_r)
{
UErrorCode err = U_ZERO_ERROR;
UParseError perr;
buffer_t *id_utf16_buf = buffer_create_dynamic(pool_datastack_create(), 2 * strlen(id));
UChar *id_utf16;
memset(&perr, 0, sizeof(perr));
fts_icu_utf8_to_utf16(id_utf16_buf, id);
id_utf16 = (UChar *)str_c(id_utf16_buf);
*transliterator_r = utrans_openU(id_utf16,
id_utf16_buf->used / sizeof(UChar),
UTRANS_FORWARD, NULL, 0, &perr, &err);
if (U_FAILURE(err)) {
string_t *str = t_str_new(128);
str_printfa(str, "Failed to open transliterator for id '%s': %s",
id, u_errorName(err));
if (perr.line >= 1) {
/* we have only one line in our ID */
str_printfa(str, " (parse error on offset %u)",
perr.offset);
}
*error_r = str_c(str);
return -1;
}
return 0;
}
static void
acl_mailbox_try_list_fast(struct acl_mailbox_list_iterate_context *ctx)
{
struct acl_mailbox_list *alist = ACL_LIST_CONTEXT(ctx->ctx.list);
struct acl_backend *backend = alist->rights.backend;
const unsigned int *idxp;
const struct acl_mask *acl_mask;
struct acl_mailbox_list_context *nonowner_list_ctx;
struct mail_namespace *ns = ctx->ctx.list->ns;
struct mailbox_list_iter_update_context update_ctx;
const char *name;
int ret;
if ((ctx->ctx.flags & (MAILBOX_LIST_ITER_RAW_LIST |
MAILBOX_LIST_ITER_SELECT_SUBSCRIBED)) != 0)
return;
if (ns->type == MAIL_NAMESPACE_TYPE_PUBLIC) {
/* mailboxes in public namespace should all be listable to
someone. we don't benefit from fast listing. */
return;
}
/* if this namespace's default rights contain LOOKUP, we'll need to
go through all mailboxes in any case. */
idxp = alist->rights.acl_storage_right_idx + ACL_STORAGE_RIGHT_LOOKUP;
if (acl_backend_get_default_rights(backend, &acl_mask) < 0 ||
acl_cache_mask_isset(acl_mask, *idxp))
return;
/* no LOOKUP right by default, we can optimize this */
memset(&update_ctx, 0, sizeof(update_ctx));
update_ctx.iter_ctx = &ctx->ctx;
update_ctx.glob =
imap_match_init(pool_datastack_create(), "*",
(ns->flags & NAMESPACE_FLAG_INBOX_USER) != 0,
ctx->sep);
update_ctx.match_parents = TRUE;
update_ctx.tree_ctx = mailbox_tree_init(ctx->sep);
nonowner_list_ctx = acl_backend_nonowner_lookups_iter_init(backend);
while ((ret = acl_backend_nonowner_lookups_iter_next(nonowner_list_ctx,
&name)) > 0) {
T_BEGIN {
const char *vname =
mailbox_list_get_vname(ns->list, name);
mailbox_list_iter_update(&update_ctx, vname);
} T_END;
}
acl_backend_nonowner_lookups_iter_deinit(&nonowner_list_ctx);
if (ret == 0)
ctx->lookup_boxes = update_ctx.tree_ctx;
else
mailbox_tree_deinit(&update_ctx.tree_ctx);
}
static void main_init(void)
{
doveadm_server = TRUE;
doveadm_settings = master_service_settings_get_others(master_service)[0];
doveadm_settings = settings_dup(&doveadm_setting_parser_info,
doveadm_settings,
pool_datastack_create());
doveadm_mail_init();
doveadm_load_modules();
doveadm_print_init(DOVEADM_PRINT_TYPE_SERVER);
}
static void stats_add_session(struct mail_user *user)
{
struct stats_user *suser = STATS_USER_CONTEXT(user);
struct stats *new_stats, *diff_stats;
const char *error;
new_stats = stats_alloc(pool_datastack_create());
diff_stats = stats_alloc(pool_datastack_create());
mail_user_stats_fill(user, new_stats);
/* we'll count new_stats-pre_io_stats and add the changes to
session_stats. the new_stats can't be directly copied to
session_stats because there are some fields that don't start from
zero, like clock_time. (actually with stats_global_user code we're
requiring that clock_time is the only such field..) */
if (!stats_diff(suser->pre_io_stats, new_stats, diff_stats, &error))
i_error("stats: session stats shrank: %s", error);
stats_add(suser->session_stats, diff_stats);
/* copying is only needed if stats_global_user=NULL */
stats_copy(suser->pre_io_stats, new_stats);
}
int mail_session_update_parse(const char *const *args, const char **error_r)
{
struct mail_session *session;
struct stats *new_stats, *diff_stats;
buffer_t *buf;
const char *error;
/* <session id> <stats> */
if (mail_session_get(args[0], &session, error_r) < 0)
return -1;
buf = buffer_create_dynamic(pool_datastack_create(), 256);
if (args[1] == NULL ||
base64_decode(args[1], strlen(args[1]), NULL, buf) < 0) {
*error_r = t_strdup_printf("UPDATE-SESSION %s %s %s: Invalid base64 input",
session->user->name,
session->service, session->id);
return -1;
}
new_stats = stats_alloc(pool_datastack_create());
diff_stats = stats_alloc(pool_datastack_create());
if (!stats_import(buf->data, buf->used, session->stats, new_stats, &error)) {
*error_r = t_strdup_printf("UPDATE-SESSION %s %s %s: %s",
session->user->name,
session->service, session->id, error);
return -1;
}
if (!stats_diff(session->stats, new_stats, diff_stats, &error)) {
*error_r = t_strdup_printf("UPDATE-SESSION %s %s %s: stats shrank: %s",
session->user->name,
session->service, session->id, error);
i_panic("%s", *error_r);
return -1;
}
mail_session_refresh(session, diff_stats);
return 0;
}
int message_snippet_generate(struct istream *input,
unsigned int max_snippet_chars,
string_t *snippet)
{
struct message_parser_ctx *parser;
struct message_part *parts;
struct message_decoder_context *decoder;
struct message_block raw_block, block;
struct snippet_context ctx;
pool_t pool;
int ret;
memset(&ctx, 0, sizeof(ctx));
pool = pool_alloconly_create("message snippet", 1024);
ctx.snippet = snippet;
ctx.chars_left = max_snippet_chars;
parser = message_parser_init(pool_datastack_create(), input, 0, 0);
decoder = message_decoder_init(NULL, 0);
while ((ret = message_parser_parse_next_block(parser, &raw_block)) > 0) {
if (!message_decoder_decode_next_block(decoder, &raw_block, &block))
continue;
if (block.size == 0) {
const char *ct;
if (block.hdr != NULL)
continue;
/* end of headers - verify that we can use this
Content-Type. we get here only once, because we
always handle only one non-multipart MIME part. */
ct = message_decoder_current_content_type(decoder);
if (ct == NULL)
/* text/plain */ ;
else if (mail_html2text_content_type_match(ct)) {
ctx.html2text = mail_html2text_init(MAIL_HTML2TEXT_FLAG_SKIP_QUOTED);
ctx.plain_output = buffer_create_dynamic(pool, 1024);
} else if (strncasecmp(ct, "text/", 5) != 0)
break;
continue;
}
if (!snippet_generate(&ctx, block.data, block.size))
break;
}
i_assert(ret != 0);
message_decoder_deinit(&decoder);
message_parser_deinit(&parser, &parts);
if (ctx.html2text != NULL)
mail_html2text_deinit(&ctx.html2text);
pool_unref(&pool);
return input->stream_errno == 0 ? 0 : -1;
}
int index_sort_header_get(struct mail_search_sort_program *program, uint32_t seq,
enum mail_sort_type sort_type, string_t *dest)
{
struct mail *mail = program->temp_mail;
const char *str;
int ret;
bool reply_or_fw;
index_sort_set_seq(program, mail, seq);
str_truncate(dest, 0);
switch (sort_type & MAIL_SORT_MASK) {
case MAIL_SORT_SUBJECT:
ret = mail_get_first_header(mail, "Subject", &str);
if (ret < 0)
break;
if (ret == 0) {
/* nonexistent header */
return 1;
}
str = imap_get_base_subject_cased(pool_datastack_create(),
str, &reply_or_fw);
str_append(dest, str);
return 1;
case MAIL_SORT_CC:
ret = get_first_mailbox(mail, "Cc", &str);
break;
case MAIL_SORT_FROM:
ret = get_first_mailbox(mail, "From", &str);
break;
case MAIL_SORT_TO:
ret = get_first_mailbox(mail, "To", &str);
break;
case MAIL_SORT_DISPLAYFROM:
ret = get_display_name(mail, "From", &str);
break;
case MAIL_SORT_DISPLAYTO:
ret = get_display_name(mail, "To", &str);
break;
default:
i_unreached();
}
if (ret < 0) {
index_sort_program_set_mail_failed(program, mail);
if (!program->failed)
return 0;
return -1;
}
(void)uni_utf8_to_decomposed_titlecase(str, strlen(str), dest);
return 1;
}
void checkpassword_child_output(struct chkpw_auth_request *request)
{
/* Send: username \0 password \0 timestamp \0.
Must be 512 bytes or less. The "timestamp" parameter is actually
useful only for APOP authentication. We don't support it, so
keep it empty */
struct auth_request *auth_request = request->request;
buffer_t *buf;
const unsigned char *data;
size_t size;
ssize_t ret;
buf = buffer_create_dynamic(pool_datastack_create(), 512+1);
buffer_append(buf, auth_request->user, strlen(auth_request->user)+1);
if (request->password != NULL)
buffer_append(buf, request->password, strlen(request->password)+1);
else
buffer_append_c(buf, '\0');
buffer_append_c(buf, '\0');
data = buffer_get_data(buf, &size);
if (size > 512) {
auth_request_log_error(request->request, "checkpassword",
"output larger than 512 bytes: %"PRIuSIZE_T, size);
request->finish_callback(request,
request->internal_failure_code);
return;
}
ret = write(request->fd_out, data + request->write_pos,
size - request->write_pos);
if (ret <= 0) {
if (ret < 0) {
auth_request_log_error(request->request,
"checkpassword", "write() failed: %m");
}
request->finish_callback(request,
request->internal_failure_code);
return;
}
request->write_pos += ret;
if (request->write_pos < size)
return;
io_remove(&request->io_out);
if (close(request->fd_out) < 0)
i_error("checkpassword: close() failed: %m");
request->fd_out = -1;
}
static UTransliterator *get_translit(const char *id)
{
UTransliterator *translit;
buffer_t *id_utf16;
UErrorCode err = U_ZERO_ERROR;
UParseError perr;
id_utf16 = buffer_create_dynamic(pool_datastack_create(), 16);
fts_icu_utf8_to_utf16(id_utf16, id);
translit = utrans_openU(id_utf16->data, id_utf16->used/sizeof(UChar),
UTRANS_FORWARD, NULL, 0, &perr, &err);
test_assert(!U_FAILURE(err));
return translit;
}
static const char *
auth_master_reply_hide_passwords(struct auth_master_connection *conn,
const char *str)
{
char **args, *p, *p2;
unsigned int i;
if (conn->auth->set->debug_passwords)
return str;
/* hide all parameters that have "pass" in their key */
args = p_strsplit(pool_datastack_create(), str, "\t");
for (i = 0; args[i] != NULL; i++) {
p = strstr(args[i], "pass");
p2 = strchr(args[i], '=');
if (p != NULL && p < p2) {
*p2 = '\0';
args[i] = p_strconcat(pool_datastack_create(),
args[i], "=<hidden>", NULL);
}
}
return t_strarray_join((void *)args, "\t");
}
static void test_quoted_printable_decode(void)
{
static struct test_quoted_printable_decode_data data[] = {
{ "foo \r\nbar=", "foo\r\nbar", 1, 0 },
{ "foo\t=\nbar", "foo\tbar", 0, 0 },
{ "foo = \n=01", "foo \001", 0, 0 },
{ "foo =\t\r\nbar", "foo bar", 0, 0 },
{ "foo =\r\n=01", "foo \001", 0, 0 },
{ "foo \nbar=", "foo\nbar", 1, 0 },
{ "=0A=0D ", "\n\r", 2, 0 },
{ "foo_bar", "foo_bar", 0, 0 },
{ "foo=", "foo", 1, 0 },
{ "foo= ", "foo", 3, 0 },
{ "foo=A", "foo", 2, 0 },
{ "foo=Ax", "foo=Ax", 0, -1 },
{ "foo=Ax=xy", "foo=Ax=xy", 0, -1 }
};
buffer_t *buf;
unsigned int i, start, end, len;
size_t src_pos;
int ret;
test_begin("quoted printable decode");
buf = buffer_create_dynamic(pool_datastack_create(), 128);
for (i = 0; i < N_ELEMENTS(data); i++) {
len = strlen(data[i].input);
ret = quoted_printable_decode((const void *)data[i].input, len,
&src_pos, buf);
test_assert(ret == data[i].ret);
test_assert(src_pos + data[i].end_skip == len);
test_assert(strcmp(data[i].output, str_c(buf)) == 0);
buffer_set_used_size(buf, 0);
for (start = 0, end = 1; end <= len; ) {
quoted_printable_decode(CONST_PTR_OFFSET(data[i].input, start),
end - start, &src_pos, buf);
src_pos += start;
start = src_pos;
if (src_pos <= end)
end++;
else
end = src_pos + 1;
}
test_assert(src_pos + data[i].end_skip == len);
test_assert(strcmp(data[i].output, str_c(buf)) == 0);
buffer_set_used_size(buf, 0);
}
test_end();
}
static void test_fts_icu_utf8_to_utf16_32bit_resize(void)
{
buffer_t *dest;
unsigned int i;
test_begin("fts_icu_utf8_to_utf16 32bit resize");
for (i = 2; i <= 5; i++) {
dest = buffer_create_dynamic(pool_datastack_create(), i);
test_assert(buffer_get_size(dest) == i);
fts_icu_utf8_to_utf16(dest, "\xF0\x90\x90\x80"); /* 0x10400 */
test_assert(dest->used == 4);
}
test_end();
}
int32_t elasticsearch_connection_init(const char *url, bool debug,
struct elasticsearch_connection **conn_r,
const char **error_r)
{
struct http_client_settings http_set;
struct elasticsearch_connection *conn = NULL;
struct http_url *http_url = NULL;
const char *error = NULL;
if (error_r == NULL || url == NULL || conn_r == NULL) {
i_debug("fts_elasticsearch: error initialising ElasticSearch connection");
return -1;
} else {
/* safe to continue */
}
/* validate the url */
if (http_url_parse(url, NULL, 0, pool_datastack_create(),
&http_url, &error) < 0) {
*error_r = t_strdup_printf(
"fts_elasticsearch: Failed to parse HTTP url: %s", error);
return -1;
}
conn = i_new(struct elasticsearch_connection, 1);
conn->http_host = i_strdup(http_url->host_name);
conn->http_port = http_url->port;
conn->http_base_url = i_strconcat(http_url->path, http_url->enc_query, NULL);
conn->http_ssl = http_url->have_ssl;
conn->debug = debug;
/* guard against init being called multiple times */
if (elasticsearch_http_client == NULL) {
memset(&http_set, 0, sizeof(http_set));
http_set.max_idle_time_msecs = 5 * 1000;
http_set.max_parallel_connections = 1;
http_set.max_pipelined_requests = 1;
http_set.max_redirects = 1;
http_set.max_attempts = 3;
http_set.debug = debug;
elasticsearch_http_client = http_client_init(&http_set);
}
*conn_r = conn;
return 0;
}
static void client_connection_input(struct client_connection *conn)
{
const char *line;
bool ok = TRUE;
int ret;
if (!conn->handshaked) {
if ((line = i_stream_read_next_line(conn->input)) == NULL) {
if (conn->input->eof || conn->input->stream_errno != 0) {
client_log_disconnect_error(conn);
client_connection_destroy(&conn);
}
return;
}
if (!version_string_verify(line, "doveadm-server",
DOVEADM_SERVER_PROTOCOL_VERSION_MAJOR)) {
i_error("doveadm client not compatible with this server "
"(mixed old and new binaries?)");
client_connection_destroy(&conn);
return;
}
conn->handshaked = TRUE;
}
if (!conn->authenticated) {
if ((ret = client_connection_authenticate(conn)) <= 0) {
if (ret < 0) {
o_stream_nsend(conn->output, "-\n", 2);
client_connection_destroy(&conn);
}
return;
}
o_stream_nsend(conn->output, "+\n", 2);
conn->authenticated = TRUE;
}
while (ok && !conn->input->closed &&
(line = i_stream_read_next_line(conn->input)) != NULL) {
T_BEGIN {
char **args;
args = p_strsplit(pool_datastack_create(), line, "\t");
ok = client_handle_command(conn, args);
} T_END;
}
if (conn->input->eof || conn->input->stream_errno != 0 || !ok)
client_connection_destroy(&conn);
}
static const char *
testsuite_message_get_address(struct mail *mail, const char *header)
{
struct message_address *addr;
const char *str;
if (mail_get_first_header(mail, header, &str) <= 0)
return NULL;
addr = message_address_parse(pool_datastack_create(),
(const unsigned char *)str,
strlen(str), 1, FALSE);
return (addr == NULL ||
addr->mailbox == NULL || *addr->mailbox == '\0' ? NULL :
( addr->domain == NULL || *addr->domain == '\0' ? addr->mailbox :
t_strconcat(addr->mailbox, "@", addr->domain, NULL)));
}
static int
client_connection_authenticate(struct client_connection *conn)
{
const char *line, *pass;
buffer_t *plain;
const unsigned char *data;
size_t size;
if ((line = i_stream_read_next_line(conn->input)) == NULL) {
if (conn->input->eof)
return -1;
return 0;
}
if (*conn->set->doveadm_password == '\0') {
i_error("doveadm_password not set, "
"remote authentication disabled");
return -1;
}
/* FIXME: some day we should probably let auth process do this and
support all kinds of authentication */
if (strncmp(line, "PLAIN\t", 6) != 0) {
i_error("doveadm client attempted non-PLAIN authentication");
return -1;
}
plain = buffer_create_dynamic(pool_datastack_create(), 128);
if (base64_decode(line + 6, strlen(line + 6), NULL, plain) < 0) {
i_error("doveadm client sent invalid base64 auth PLAIN data");
return -1;
}
data = plain->data;
size = plain->used;
if (size < 10 || data[0] != '\0' ||
memcmp(data+1, "doveadm", 7) != 0 || data[8] != '\0') {
i_error("doveadm client didn't authenticate as 'doveadm'");
return -1;
}
pass = t_strndup(data + 9, size - 9);
if (strcmp(pass, conn->set->doveadm_password) != 0) {
i_error("doveadm client authenticated with wrong password");
return -1;
}
return 1;
}
bool auth_request_handler_auth_continue(struct auth_request_handler *handler,
const char *args)
{
struct auth_request *request;
const char *data;
size_t data_len;
buffer_t *buf;
unsigned int id;
data = strchr(args, '\t');
if (data == NULL || str_to_uint(t_strdup_until(args, data), &id) < 0) {
i_error("BUG: Authentication client sent broken CONT request");
return FALSE;
}
data++;
request = hash_table_lookup(handler->requests, POINTER_CAST(id));
if (request == NULL) {
const char *reply = t_strdup_printf(
"FAIL\t%u\treason=Authentication request timed out", id);
handler->callback(reply, handler->context);
return TRUE;
}
/* accept input only once after mechanism has sent a CONT reply */
if (!request->accept_cont_input) {
auth_request_handler_auth_fail(handler, request,
"Unexpected continuation");
return TRUE;
}
request->accept_cont_input = FALSE;
data_len = strlen(data);
buf = buffer_create_dynamic(pool_datastack_create(),
MAX_BASE64_DECODED_SIZE(data_len));
if (base64_decode(data, data_len, NULL, buf) < 0) {
auth_request_handler_auth_fail(handler, request,
"Invalid base64 data in continued response");
return TRUE;
}
/* handler is referenced until auth_request_handler_reply()
is called. */
handler->refcount++;
auth_request_continue(request, buf->data, buf->used);
return TRUE;
}
static void
lookup_credentials_callback(enum passdb_result result,
const unsigned char *credentials, size_t size,
struct auth_request *request)
{
struct auth_worker_client *client = request->context;
struct auth_stream_reply *reply;
string_t *str;
if (request->passdb_failure && result == PASSDB_RESULT_OK)
result = PASSDB_RESULT_PASSWORD_MISMATCH;
reply = auth_stream_reply_init(pool_datastack_create());
auth_stream_reply_add(reply, NULL, dec2str(request->id));
if (result != PASSDB_RESULT_OK) {
auth_stream_reply_add(reply, "FAIL", NULL);
auth_stream_reply_add(reply, NULL,
t_strdup_printf("%d", result));
} else {
auth_stream_reply_add(reply, "OK", NULL);
auth_stream_reply_add(reply, NULL, request->user);
str = t_str_new(64);
str_printfa(str, "{%s.b64}", request->credentials_scheme);
base64_encode(credentials, size, str);
auth_stream_reply_add(reply, NULL, str_c(str));
if (request->extra_fields != NULL) {
const char *fields =
auth_stream_reply_export(request->extra_fields);
auth_stream_reply_import(reply, fields);
}
if (request->extra_cache_fields != NULL) {
const char *fields =
auth_stream_reply_export(request->extra_cache_fields);
auth_stream_reply_import(reply, fields);
}
}
str = auth_stream_reply_get_str(reply);
str_append_c(str, '\n');
auth_worker_send_reply(client, str);
auth_request_unref(&request);
auth_worker_client_check_throttle(client);
auth_worker_client_unref(&client);
}
