static const struct var_expand_table * get_var_expand_table(struct client *client) { struct var_expand_table *tab; tab = t_malloc(sizeof(login_var_expand_empty_tab)); memcpy(tab, login_var_expand_empty_tab, sizeof(login_var_expand_empty_tab)); if (client->virtual_user != NULL) get_var_expand_users(tab, client->virtual_user); tab[3].value = login_binary->protocol; tab[4].value = getenv("HOME"); tab[5].value = net_ip2addr(&client->local_ip); tab[6].value = net_ip2addr(&client->ip); tab[7].value = my_pid; tab[8].value = client->auth_mech_name == NULL ? NULL : str_sanitize(client->auth_mech_name, MAX_MECH_NAME); tab[9].value = dec2str(client->local_port); tab[10].value = dec2str(client->remote_port); if (!client->tls) { tab[11].value = client->secured ? "secured" : NULL; tab[12].value = ""; } else { const char *ssl_state = ssl_proxy_is_handshaked(client->ssl_proxy) ? "TLS" : "TLS handshaking"; const char *ssl_error = ssl_proxy_get_last_error(client->ssl_proxy); tab[11].value = ssl_error == NULL ? ssl_state : t_strdup_printf("%s: %s", ssl_state, ssl_error); tab[12].value = ssl_proxy_get_security_string(client->ssl_proxy); } tab[13].value = client->mail_pid == 0 ? "" : dec2str(client->mail_pid); tab[14].value = client_get_session_id(client); tab[15].value = net_ip2addr(&client->real_local_ip); tab[16].value = net_ip2addr(&client->real_remote_ip); tab[17].value = dec2str(client->real_local_port); tab[18].value = dec2str(client->real_remote_port); if (client->virtual_user_orig != NULL) get_var_expand_users(tab+19, client->virtual_user_orig); else { tab[19].value = tab[0].value; tab[20].value = tab[1].value; tab[21].value = tab[2].value; } if (client->virtual_auth_user != NULL) get_var_expand_users(tab+22, client->virtual_auth_user); else { tab[22].value = tab[19].value; tab[23].value = tab[20].value; tab[24].value = tab[21].value; } tab[25].value = client->listener_name; return tab; }
static void proxy_write_id(struct imap_client *client, string_t *str) { i_assert(client->common.proxy_ttl > 1); str_printfa(str, "I ID (" "\"x-session-id\" \"%s\" " "\"x-originating-ip\" \"%s\" " "\"x-originating-port\" \"%u\" " "\"x-connected-ip\" \"%s\" " "\"x-connected-port\" \"%u\" " "\"x-proxy-ttl\" \"%u\")\r\n", client_get_session_id(&client->common), net_ip2addr(&client->common.ip), client->common.remote_port, net_ip2addr(&client->common.local_ip), client->common.local_port, client->common.proxy_ttl - 1); }
static void proxy_write_id(struct imap_client *client, string_t *str) { i_assert(client->common.proxy_ttl > 1); str_append(str, "I ID ("); if (client->common.client_id != NULL && str_len(client->common.client_id) > 0) { str_append_str(str, client->common.client_id); str_append_c(str, ' '); } str_printfa(str, "\"x-session-id\" \"%s\" " "\"x-originating-ip\" \"%s\" " "\"x-originating-port\" \"%u\" " "\"x-connected-ip\" \"%s\" " "\"x-connected-port\" \"%u\" " "\"x-proxy-ttl\" \"%u\"", client_get_session_id(&client->common), net_ip2addr(&client->common.ip), client->common.remote_port, net_ip2addr(&client->common.local_ip), client->common.local_port, client->common.proxy_ttl - 1); /* append any forward_ variables to request */ for(const char *const *ptr = client->common.auth_passdb_args; *ptr != NULL; ptr++) { if (strncasecmp(*ptr, "forward_", 8) == 0) { const char *key = t_strconcat("x-forward-", t_strcut((*ptr)+8, '='), NULL); const char *val = i_strchr_to_next(*ptr, '='); str_append_c(str, ' '); imap_append_string(str, key); str_append_c(str, ' '); imap_append_nstring(str, val); } } str_append(str, ")\r\n"); }
static int proxy_send_login(struct pop3_client *client, struct ostream *output) { struct dsasl_client_settings sasl_set; const unsigned char *sasl_output; size_t len; const char *mech_name, *error; string_t *str = t_str_new(128); i_assert(client->common.proxy_ttl > 1); if (client->proxy_xclient && !client->common.proxy_not_trusted) { string_t *fwd = t_str_new(128); for(const char *const *ptr = client->common.auth_passdb_args;*ptr != NULL; ptr++) { if (strncasecmp(*ptr, "forward_", 8) == 0) { if (str_len(fwd) > 0) str_append_c(fwd, '\t'); str_append_tabescaped(fwd, (*ptr)+8); } } str_printfa(str, "XCLIENT ADDR=%s PORT=%u SESSION=%s TTL=%u", net_ip2addr(&client->common.ip), client->common.remote_port, client_get_session_id(&client->common), client->common.proxy_ttl - 1); if (str_len(fwd) > 0) { str_append(str, " FORWARD="); base64_encode(str_data(fwd), str_len(fwd), str); } str_append(str, "\r\n"); /* remote supports XCLIENT, send it */ o_stream_nsend(output, str_data(str), str_len(str)); client->proxy_state = POP3_PROXY_XCLIENT; } else { client->proxy_state = POP3_PROXY_LOGIN1; } str_truncate(str, 0); if (client->common.proxy_mech == NULL) { /* send USER command */ str_append(str, "USER "); str_append(str, client->common.proxy_user); str_append(str, "\r\n"); o_stream_nsend(output, str_data(str), str_len(str)); return 0; } i_assert(client->common.proxy_sasl_client == NULL); i_zero(&sasl_set); sasl_set.authid = client->common.proxy_master_user != NULL ? client->common.proxy_master_user : client->common.proxy_user; sasl_set.authzid = client->common.proxy_user; sasl_set.password = client->common.proxy_password; client->common.proxy_sasl_client = dsasl_client_new(client->common.proxy_mech, &sasl_set); mech_name = dsasl_client_mech_get_name(client->common.proxy_mech); str_printfa(str, "AUTH %s ", mech_name); if (dsasl_client_output(client->common.proxy_sasl_client, &sasl_output, &len, &error) < 0) { client_log_err(&client->common, t_strdup_printf( "proxy: SASL mechanism %s init failed: %s", mech_name, error)); return -1; } if (len == 0) str_append_c(str, '='); else base64_encode(sasl_output, len, str); str_append(str, "\r\n"); o_stream_nsend(output, str_data(str), str_len(str)); proxy_free_password(&client->common); if (client->proxy_state != POP3_PROXY_XCLIENT) client->proxy_state = POP3_PROXY_LOGIN2; return 0; }
static int proxy_send_login(struct pop3_client *client, struct ostream *output) { struct dsasl_client_settings sasl_set; const unsigned char *sasl_output; unsigned int len; const char *mech_name, *error; string_t *str; i_assert(client->common.proxy_ttl > 1); if (client->proxy_xclient && !client->common.proxy_not_trusted) { /* remote supports XCLIENT, send it */ o_stream_nsend_str(output, t_strdup_printf( "XCLIENT ADDR=%s PORT=%u SESSION=%s TTL=%u\r\n", net_ip2addr(&client->common.ip), client->common.remote_port, client_get_session_id(&client->common), client->common.proxy_ttl - 1)); client->common.proxy_state = POP3_PROXY_XCLIENT; } else { client->common.proxy_state = POP3_PROXY_LOGIN1; } str = t_str_new(128); if (client->common.proxy_mech == NULL) { /* send USER command */ str_append(str, "USER "); str_append(str, client->common.proxy_user); str_append(str, "\r\n"); o_stream_nsend(output, str_data(str), str_len(str)); return 0; } i_assert(client->common.proxy_sasl_client == NULL); memset(&sasl_set, 0, sizeof(sasl_set)); sasl_set.authid = client->common.proxy_master_user != NULL ? client->common.proxy_master_user : client->common.proxy_user; sasl_set.authzid = client->common.proxy_user; sasl_set.password = client->common.proxy_password; client->common.proxy_sasl_client = dsasl_client_new(client->common.proxy_mech, &sasl_set); mech_name = dsasl_client_mech_get_name(client->common.proxy_mech); str_printfa(str, "AUTH %s ", mech_name); if (dsasl_client_output(client->common.proxy_sasl_client, &sasl_output, &len, &error) < 0) { client_log_err(&client->common, t_strdup_printf( "proxy: SASL mechanism %s init failed: %s", mech_name, error)); return -1; } if (len == 0) str_append_c(str, '='); else base64_encode(sasl_output, len, str); str_append(str, "\r\n"); o_stream_nsend(output, str_data(str), str_len(str)); proxy_free_password(&client->common); if (client->common.proxy_state != POP3_PROXY_XCLIENT) client->common.proxy_state = POP3_PROXY_LOGIN2; return 0; }