static struct passdb_module *
passdb_imap_preinit(pool_t pool, const char *args)
{
struct imap_passdb_module *module;
char **tmp;
const char *key, *value;
bool port_set = FALSE;
module = p_new(pool, struct imap_passdb_module, 1);
module->module.default_pass_scheme = "PLAIN";
module->set.port = IMAP_DEFAULT_PORT;
module->set.ssl_mode = IMAPC_CLIENT_SSL_MODE_NONE;
module->set.username = "******";
module->set.rawlog_dir = "";
for (tmp = p_strsplit(pool, args, " "); *tmp != NULL; tmp++) {
key = *tmp;
value = strchr(key, '=');
if (value == NULL)
value = "";
else
key = t_strdup_until(key, value++);
if (strcmp(key, "host") == 0)
module->set.host = value;
else if (strcmp(key, "port") == 0) {
if (net_str2port(value, &module->set.port) < 0)
i_fatal("passdb imap: Invalid port: %s", value);
port_set = TRUE;
} else if (strcmp(key, "username") == 0)
module->set.username = value;
else if (strcmp(key, "ssl_ca_dir") == 0)
module->set.ssl_ca_dir = value;
else if (strcmp(key, "rawlog_dir") == 0)
module->set.rawlog_dir = value;
else if (strcmp(key, "ssl") == 0) {
if (strcmp(value, "imaps") == 0) {
if (!port_set)
module->set.port = IMAPS_DEFAULT_PORT;
module->set.ssl_mode =
IMAPC_CLIENT_SSL_MODE_IMMEDIATE;
} else if (strcmp(value, "starttls") == 0) {
module->set.ssl_mode =
IMAPC_CLIENT_SSL_MODE_STARTTLS;
} else {
i_fatal("passdb imap: Invalid ssl mode: %s",
value);
}
} else {
i_fatal("passdb imap: Unknown parameter: %s", key);
}
}
if (module->set.host == NULL)
i_fatal("passdb imap: Missing host parameter");
module->set_have_vars =
strchr(module->set.username, '%') != NULL ||
strchr(module->set.host, '%') != NULL;
return &module->module;
}
static bool
client_proxy_rcpt_parse_fields(struct lmtp_proxy_rcpt_settings *set,
const char *const *args, const char **address)
{
const char *p, *key, *value;
bool proxying = FALSE, port_set = FALSE;
for (; *args != NULL; args++) {
p = strchr(*args, '=');
if (p == NULL) {
key = *args;
value = "";
} else {
key = t_strdup_until(*args, p);
value = p + 1;
}
if (strcmp(key, "proxy") == 0)
proxying = TRUE;
else if (strcmp(key, "host") == 0)
set->host = value;
else if (strcmp(key, "port") == 0) {
if (net_str2port(value, &set->port) < 0) {
i_error("proxy: Invalid port number %s", value);
return FALSE;
}
port_set = TRUE;
} else if (strcmp(key, "proxy_timeout") == 0) {
if (str_to_uint(value, &set->timeout_msecs) < 0) {
i_error("proxy: Invalid proxy_timeout value %s", value);
return FALSE;
}
set->timeout_msecs *= 1000;
} else if (strcmp(key, "protocol") == 0) {
if (strcmp(value, "lmtp") == 0)
set->protocol = LMTP_CLIENT_PROTOCOL_LMTP;
else if (strcmp(value, "smtp") == 0) {
set->protocol = LMTP_CLIENT_PROTOCOL_SMTP;
if (!port_set)
set->port = 25;
} else {
i_error("proxy: Unknown protocol %s", value);
return FALSE;
}
} else if (strcmp(key, "user") == 0 ||
strcmp(key, "destuser") == 0) {
/* changing the username */
*address = value;
} else {
/* just ignore it */
}
}
if (proxying && set->host == NULL) {
i_error("proxy: host not given");
return FALSE;
}
return proxying;
}
static void auth_user_info_parse(struct auth_user_info *info, const char *arg)
{
if (strncmp(arg, "service=", 8) == 0)
info->service = arg + 8;
else if (strncmp(arg, "lip=", 4) == 0) {
if (net_addr2ip(arg + 4, &info->local_ip) < 0)
i_fatal("lip: Invalid ip");
} else if (strncmp(arg, "rip=", 4) == 0) {
if (net_addr2ip(arg + 4, &info->remote_ip) < 0)
i_fatal("rip: Invalid ip");
} else if (strncmp(arg, "lport=", 6) == 0) {
if (net_str2port(arg + 6, &info->local_port) < 0)
i_fatal("lport: Invalid port number");
} else if (strncmp(arg, "rport=", 6) == 0) {
if (net_str2port(arg + 6, &info->remote_port) < 0)
i_fatal("rport: Invalid port number");
} else {
i_fatal("Unknown -x argument: %s", arg);
}
}
static bool
parse_hostport(const char *str, in_port_t default_port,
const char **host_r, in_port_t *port_r)
{
const char *p;
/* host:port */
p = strrchr(str, ':');
if (p == NULL && default_port != 0) {
*host_r = str;
*port_r = default_port;
} else {
if (p == NULL || net_str2port(p+1, port_r) < 0)
return FALSE;
*host_r = t_strdup_until(str, p);
}
return TRUE;
}
static void cmd_zlibconnect(int argc ATTR_UNUSED, char *argv[])
{
struct client client;
struct ip_addr *ips;
unsigned int ips_count;
in_port_t port = 143;
int fd, ret;
if (argv[1] == NULL ||
(argv[2] != NULL && net_str2port(argv[2], &port) < 0))
help(&doveadm_cmd_zlibconnect);
ret = net_gethostbyname(argv[1], &ips, &ips_count);
if (ret != 0) {
i_fatal("Host %s lookup failed: %s", argv[1],
net_gethosterror(ret));
}
if ((fd = net_connect_ip(&ips[0], port, NULL)) == -1)
i_fatal("connect(%s, %u) failed: %m", argv[1], port);
i_info("Connected to %s port %u. Ctrl-D starts compression",
net_ip2addr(&ips[0]), port);
memset(&client, 0, sizeof(client));
client.fd = fd;
client.input = i_stream_create_fd(fd, (size_t)-1);
client.output = o_stream_create_fd(fd, 0);
o_stream_set_no_error_handling(client.output, TRUE);
client.io_client = io_add(STDIN_FILENO, IO_READ, client_input, &client);
client.io_server = io_add(fd, IO_READ, server_input, &client);
master_service_run(master_service, NULL);
io_remove(&client.io_client);
io_remove(&client.io_server);
i_stream_unref(&client.input);
o_stream_unref(&client.output);
if (close(fd) < 0)
i_fatal("close() failed: %m");
}
static void client_auth_parse_args(struct client *client,
const char *const *args,
struct client_auth_reply *reply_r)
{
const char *key, *value, *p;
memset(reply_r, 0, sizeof(*reply_r));
for (; *args != NULL; args++) {
p = strchr(*args, '=');
if (p == NULL) {
key = *args;
value = "";
} else {
key = t_strdup_until(*args, p);
value = p + 1;
}
if (strcmp(key, "nologin") == 0)
reply_r->nologin = TRUE;
else if (strcmp(key, "proxy") == 0)
reply_r->proxy = TRUE;
else if (strcmp(key, "temp") == 0)
reply_r->temp = TRUE;
else if (strcmp(key, "authz") == 0)
reply_r->authz_failure = TRUE;
else if (strcmp(key, "user_disabled") == 0)
client->auth_user_disabled = TRUE;
else if (strcmp(key, "pass_expired") == 0)
client->auth_pass_expired = TRUE;
else if (strcmp(key, "reason") == 0)
reply_r->reason = value;
else if (strcmp(key, "host") == 0)
reply_r->host = value;
else if (strcmp(key, "hostip") == 0)
reply_r->hostip = value;
else if (strcmp(key, "source_ip") == 0)
reply_r->source_ip = value;
else if (strcmp(key, "port") == 0) {
if (net_str2port(value, &reply_r->port) < 0) {
i_error("Auth service returned invalid "
"port number: %s", value);
}
} else if (strcmp(key, "destuser") == 0)
reply_r->destuser = value;
else if (strcmp(key, "pass") == 0)
reply_r->password = value;
else if (strcmp(key, "proxy_timeout") == 0) {
if (str_to_uint(value, &reply_r->proxy_timeout_msecs) < 0) {
i_error("BUG: Auth service returned invalid "
"proxy_timeout value: %s", value);
}
reply_r->proxy_timeout_msecs *= 1000;
} else if (strcmp(key, "proxy_refresh") == 0) {
if (str_to_uint(value, &reply_r->proxy_refresh_secs) < 0) {
i_error("BUG: Auth service returned invalid "
"proxy_refresh value: %s", value);
}
} else if (strcmp(key, "proxy_mech") == 0)
reply_r->proxy_mech = value;
else if (strcmp(key, "proxy_nopipelining") == 0)
reply_r->proxy_nopipelining = TRUE;
else if (strcmp(key, "master") == 0)
reply_r->master_user = value;
else if (strcmp(key, "ssl") == 0) {
reply_r->ssl_flags |= PROXY_SSL_FLAG_YES;
if (strcmp(value, "any-cert") == 0)
reply_r->ssl_flags |= PROXY_SSL_FLAG_ANY_CERT;
if (reply_r->port == 0)
reply_r->port = login_binary->default_ssl_port;
} else if (strcmp(key, "starttls") == 0) {
reply_r->ssl_flags |= PROXY_SSL_FLAG_YES |
PROXY_SSL_FLAG_STARTTLS;
if (strcmp(value, "any-cert") == 0)
reply_r->ssl_flags |= PROXY_SSL_FLAG_ANY_CERT;
} else if (strcmp(key, "user") == 0 ||
strcmp(key, "postlogin_socket") == 0) {
/* already handled in sasl-server.c */
} else if (client->set->auth_debug)
i_debug("Ignoring unknown passdb extra field: %s", key);
}
if (reply_r->port == 0)
reply_r->port = login_binary->default_port;
if (reply_r->destuser == NULL)
reply_r->destuser = client->virtual_user;
}
static void auth_input_line(const char *line, void *context)
{
struct login_connection *conn = context;
struct login_host_request *request, temp_request;
const char *const *args, *line_params, *username = NULL, *tag = "";
bool proxy = FALSE, host = FALSE;
if (line == NULL) {
/* auth connection died -> kill also this login connection */
login_connection_deinit(&conn);
return;
}
if (conn->type != LOGIN_CONNECTION_TYPE_USERDB &&
strncmp(line, "OK\t", 3) == 0)
line_params = line + 3;
else if (conn->type == LOGIN_CONNECTION_TYPE_USERDB &&
strncmp(line, "PASS\t", 5) == 0)
line_params = line + 5;
else {
login_connection_send_line(conn, line);
return;
}
/* OK <id> [<parameters>] */
args = t_strsplit_tab(line_params);
if (*args != NULL) {
/* we should always get here, but in case we don't just
forward as-is and let login process handle the error. */
args++;
}
memset(&temp_request, 0, sizeof(temp_request));
for (; *args != NULL; args++) {
if (strncmp(*args, "proxy", 5) == 0 &&
((*args)[5] == '=' || (*args)[5] == '\0'))
proxy = TRUE;
else if (strncmp(*args, "host=", 5) == 0)
host = TRUE;
else if (strncmp(*args, "lip=", 4) == 0) {
if (net_addr2ip((*args) + 4, &temp_request.local_ip) < 0)
i_error("auth sent invalid lip field: %s", (*args) + 6);
} else if (strncmp(*args, "lport=", 6) == 0) {
if (net_str2port((*args) + 6, &temp_request.local_port) < 0)
i_error("auth sent invalid lport field: %s", (*args) + 6);
} else if (strncmp(*args, "port=", 5) == 0) {
if (net_str2port((*args) + 5, &temp_request.dest_port) < 0)
i_error("auth sent invalid port field: %s", (*args) + 6);
} else if (strncmp(*args, "destuser="******"director_tag=", 13) == 0)
tag = *args + 13;
else if (strncmp(*args, "director_proxy_maybe", 20) == 0 &&
((*args)[20] == '=' || (*args)[20] == '\0'))
temp_request.director_proxy_maybe = TRUE;
else if (strncmp(*args, "user=", 5) == 0) {
if (username == NULL)
username = *args + 5;
}
}
if ((!proxy && !temp_request.director_proxy_maybe) ||
host || username == NULL) {
login_connection_send_line(conn, line);
return;
}
if (*conn->dir->set->master_user_separator != '\0') {
/* with master user logins we still want to use only the
login username */
username = t_strcut(username,
*conn->dir->set->master_user_separator);
}
/* we need to add the host. the lookup might be asynchronous */
request = i_new(struct login_host_request, 1);
*request = temp_request;
request->conn = conn;
request->line = i_strdup(line);
request->username = i_strdup(username);
conn->refcount++;
director_request(conn->dir, username, tag, login_host_callback, request);
}
