static void client_start_tls(struct client *client) { int fd_ssl; client_ref(client); if (!client_unref(&client) || client->destroyed) return; fd_ssl = ssl_proxy_alloc(client->fd, &client->ip, client->pool, client->set, client->ssl_set, &client->ssl_proxy); if (fd_ssl == -1) { client_notify_disconnect(client, CLIENT_DISCONNECT_INTERNAL_ERROR, "TLS initialization failed."); client_destroy(client, "Disconnected: TLS initialization failed."); return; } ssl_proxy_set_client(client->ssl_proxy, client); ssl_proxy_start(client->ssl_proxy); client->starttls = TRUE; client->tls = TRUE; client->secured = TRUE; login_refresh_proctitle(); client->fd = fd_ssl; client->io = io_add(client->fd, IO_READ, client_input, client); i_stream_unref(&client->input); o_stream_unref(&client->output); client_open_streams(client); client->v.starttls(client); }
int login_proxy_starttls(struct login_proxy *proxy) { int fd; if (proxy->server_input != NULL) i_stream_destroy(&proxy->server_input); if (proxy->server_output != NULL) o_stream_destroy(&proxy->server_output); io_remove(&proxy->server_io); fd = ssl_proxy_client_alloc(proxy->server_fd, &proxy->client->ip, proxy->client->pool, proxy->client->set, proxy->client->ssl_set, login_proxy_ssl_handshaked, proxy, &proxy->ssl_server_proxy); if (fd < 0) { client_log_err(proxy->client, t_strdup_printf( "proxy: SSL handshake failed to %s:%u", proxy->host, proxy->port)); return -1; } ssl_proxy_set_client(proxy->ssl_server_proxy, proxy->client); ssl_proxy_start(proxy->ssl_server_proxy); proxy->server_fd = fd; proxy_plain_connected(proxy); return 0; }
static void client_connected_finish(const struct master_service_connection *conn) { struct client *client; struct ssl_proxy *proxy; struct ip_addr local_ip; const struct login_settings *set; const struct master_service_ssl_settings *ssl_set; unsigned int local_port; pool_t pool; int fd_ssl; void **other_sets; if (net_getsockname(conn->fd, &local_ip, &local_port) < 0) { memset(&local_ip, 0, sizeof(local_ip)); local_port = 0; } pool = pool_alloconly_create("login client", 8*1024); set = login_settings_read(pool, &local_ip, &conn->remote_ip, NULL, &ssl_set, &other_sets); if (!ssl_connections && !conn->ssl) { client = client_create(conn->fd, FALSE, pool, set, ssl_set, other_sets, &local_ip, &conn->remote_ip); } else { fd_ssl = ssl_proxy_alloc(conn->fd, &conn->remote_ip, pool, set, ssl_set, &proxy); if (fd_ssl == -1) { net_disconnect(conn->fd); pool_unref(&pool); master_service_client_connection_destroyed(master_service); return; } client = client_create(fd_ssl, TRUE, pool, set, ssl_set, other_sets, &local_ip, &conn->remote_ip); client->ssl_proxy = proxy; ssl_proxy_set_client(proxy, client); ssl_proxy_start(proxy); } client->real_remote_port = client->remote_port = conn->remote_port; client->real_local_port = client->local_port = local_port; if (auth_client_to != NULL) timeout_remove(&auth_client_to); }
static void client_connected_finish(const struct master_service_connection *conn) { struct client *client; struct ssl_proxy *proxy; const struct login_settings *set; const struct master_service_ssl_settings *ssl_set; pool_t pool; int fd_ssl; void **other_sets; pool = pool_alloconly_create("login client", 8*1024); set = login_settings_read(pool, &conn->local_ip, &conn->remote_ip, NULL, &ssl_set, &other_sets); if (!ssl_connections && !conn->ssl) { (void)client_create(conn->fd, FALSE, pool, conn, set, ssl_set, other_sets); } else { fd_ssl = ssl_proxy_alloc(conn->fd, &conn->remote_ip, pool, set, ssl_set, &proxy); if (fd_ssl == -1) { net_disconnect(conn->fd); pool_unref(&pool); master_service_client_connection_destroyed(master_service); return; } client = client_create(fd_ssl, TRUE, pool, conn, set, ssl_set, other_sets); client->ssl_proxy = proxy; ssl_proxy_set_client(proxy, client); ssl_proxy_start(proxy); } if (auth_client_to != NULL) timeout_remove(&auth_client_to); }