static void client_start_tls(struct client *client)
{
int fd_ssl;
client_ref(client);
if (!client_unref(&client) || client->destroyed)
return;
fd_ssl = ssl_proxy_alloc(client->fd, &client->ip, client->pool,
client->set, client->ssl_set,
&client->ssl_proxy);
if (fd_ssl == -1) {
client_notify_disconnect(client,
CLIENT_DISCONNECT_INTERNAL_ERROR,
"TLS initialization failed.");
client_destroy(client,
"Disconnected: TLS initialization failed.");
return;
}
ssl_proxy_set_client(client->ssl_proxy, client);
ssl_proxy_start(client->ssl_proxy);
client->starttls = TRUE;
client->tls = TRUE;
client->secured = TRUE;
login_refresh_proctitle();
client->fd = fd_ssl;
client->io = io_add(client->fd, IO_READ, client_input, client);
i_stream_unref(&client->input);
o_stream_unref(&client->output);
client_open_streams(client);
client->v.starttls(client);
}
int login_proxy_starttls(struct login_proxy *proxy)
{
int fd;
if (proxy->server_input != NULL)
i_stream_destroy(&proxy->server_input);
if (proxy->server_output != NULL)
o_stream_destroy(&proxy->server_output);
io_remove(&proxy->server_io);
fd = ssl_proxy_client_alloc(proxy->server_fd, &proxy->client->ip,
proxy->client->pool, proxy->client->set,
proxy->client->ssl_set,
login_proxy_ssl_handshaked, proxy,
&proxy->ssl_server_proxy);
if (fd < 0) {
client_log_err(proxy->client, t_strdup_printf(
"proxy: SSL handshake failed to %s:%u",
proxy->host, proxy->port));
return -1;
}
ssl_proxy_set_client(proxy->ssl_server_proxy, proxy->client);
ssl_proxy_start(proxy->ssl_server_proxy);
proxy->server_fd = fd;
proxy_plain_connected(proxy);
return 0;
}
static void
client_connected_finish(const struct master_service_connection *conn)
{
struct client *client;
struct ssl_proxy *proxy;
struct ip_addr local_ip;
const struct login_settings *set;
const struct master_service_ssl_settings *ssl_set;
unsigned int local_port;
pool_t pool;
int fd_ssl;
void **other_sets;
if (net_getsockname(conn->fd, &local_ip, &local_port) < 0) {
memset(&local_ip, 0, sizeof(local_ip));
local_port = 0;
}
pool = pool_alloconly_create("login client", 8*1024);
set = login_settings_read(pool, &local_ip,
&conn->remote_ip, NULL, &ssl_set, &other_sets);
if (!ssl_connections && !conn->ssl) {
client = client_create(conn->fd, FALSE, pool,
set, ssl_set, other_sets,
&local_ip, &conn->remote_ip);
} else {
fd_ssl = ssl_proxy_alloc(conn->fd, &conn->remote_ip, pool,
set, ssl_set, &proxy);
if (fd_ssl == -1) {
net_disconnect(conn->fd);
pool_unref(&pool);
master_service_client_connection_destroyed(master_service);
return;
}
client = client_create(fd_ssl, TRUE, pool,
set, ssl_set, other_sets,
&local_ip, &conn->remote_ip);
client->ssl_proxy = proxy;
ssl_proxy_set_client(proxy, client);
ssl_proxy_start(proxy);
}
client->real_remote_port = client->remote_port = conn->remote_port;
client->real_local_port = client->local_port = local_port;
if (auth_client_to != NULL)
timeout_remove(&auth_client_to);
}
static void
client_connected_finish(const struct master_service_connection *conn)
{
struct client *client;
struct ssl_proxy *proxy;
const struct login_settings *set;
const struct master_service_ssl_settings *ssl_set;
pool_t pool;
int fd_ssl;
void **other_sets;
pool = pool_alloconly_create("login client", 8*1024);
set = login_settings_read(pool, &conn->local_ip,
&conn->remote_ip, NULL, &ssl_set, &other_sets);
if (!ssl_connections && !conn->ssl) {
(void)client_create(conn->fd, FALSE, pool, conn,
set, ssl_set, other_sets);
} else {
fd_ssl = ssl_proxy_alloc(conn->fd, &conn->remote_ip, pool,
set, ssl_set, &proxy);
if (fd_ssl == -1) {
net_disconnect(conn->fd);
pool_unref(&pool);
master_service_client_connection_destroyed(master_service);
return;
}
client = client_create(fd_ssl, TRUE, pool, conn,
set, ssl_set, other_sets);
client->ssl_proxy = proxy;
ssl_proxy_set_client(proxy, client);
ssl_proxy_start(proxy);
}
if (auth_client_to != NULL)
timeout_remove(&auth_client_to);
}
