if ((ssl_flags & PROXY_SSL_FLAG_STARTTLS) != 0) {
if (client->proxy_backend_capability != NULL &&
!str_array_icase_find(t_strsplit(client->proxy_backend_capability, " "), "STARTTLS")) {
- client_log_err(&client->common,
- "proxy: Remote doesn't support STARTTLS");
+ e_error(client->common.event,
+ "proxy: Remote doesn't support STARTTLS");
return -1;
}
str_append(str, "S STARTTLS\r\n");
/* logging in normally - use LOGIN command */
if (client->proxy_logindisabled &&
login_proxy_get_ssl_flags(client->common.login_proxy) == 0) {
- client_log_err(&client->common,
+ e_error(client->common.event,
"proxy: Remote advertised LOGINDISABLED and SSL/TLS not enabled");
return -1;
}
if (client->proxy_sasl_ir) {
if (dsasl_client_output(client->common.proxy_sasl_client,
&output, &len, &error) < 0) {
- client_log_err(&client->common, t_strdup_printf(
+ e_error(client->common.event,
"proxy: SASL mechanism %s init failed: %s",
- mech_name, error));
+ mech_name, error);
return -1;
}
str_append_c(str, ' ');
int ret;
if (!str_begins(line, "* OK ")) {
- client_log_err(&client->common, t_strdup_printf(
+ e_error(client->common.event,
"proxy: Remote returned invalid banner: %s",
- str_sanitize(line, 160)));
+ str_sanitize(line, 160));
return -1;
}
str = t_str_new(128);
if (line[1] != ' ' ||
base64_decode(line+2, strlen(line+2), NULL, str) < 0) {
- client_log_err(client,
+ e_error(client->event,
"proxy: Server sent invalid base64 data in AUTHENTICATE response");
client_proxy_failed(client, TRUE);
return -1;
&data, &data_len, &error);
}
if (ret < 0) {
- client_log_err(client, t_strdup_printf(
+ e_error(client->event,
"proxy: Server sent invalid authentication data: %s",
- error));
+ error);
client_proxy_failed(client, TRUE);
return -1;
}
if (!str_begins(line, "S OK ")) {
/* STARTTLS failed */
- client_log_err(client, t_strdup_printf(
+ e_error(client->event,
"proxy: Remote STARTTLS failed: %s",
- str_sanitize(line + 5, 160)));
+ str_sanitize(line + 5, 160));
client_proxy_failed(client, TRUE);
return -1;
}
return 0;
} else {
/* tagged reply, shouldn't happen. */
- client_log_err(client, t_strdup_printf(
+ e_error(client->event,
"proxy: Unexpected input, ignoring: %s",
- str_sanitize(line, 160)));
+ str_sanitize(line, 160));
return 0;
}
}
switch (i_stream_read(input)) {
case -2:
- client_log_err(client, "proxy: Remote input buffer full");
+ e_error(client->event, "proxy: Remote input buffer full");
client_proxy_failed(client, TRUE);
return;
case -1:
line = i_stream_next_line(input);
duration = ioloop_time - client->created;
- client_log_err(client, t_strdup_printf(
- "proxy: Remote %s:%u disconnected: %s "
+ e_error(client->event, "proxy: Remote %s:%u disconnected: %s "
"(state=%s, duration=%us)%s",
login_proxy_get_host(client->login_proxy),
login_proxy_get_port(client->login_proxy),
io_stream_get_disconnect_reason(input, NULL),
client_proxy_get_state(client), duration,
line == NULL ? "" : t_strdup_printf(
- " - BUG: line not read: %s", line)));
+ " - BUG: line not read: %s", line));
client_proxy_failed(client, TRUE);
return;
}
client->v.proxy_reset(client);
if (reply->password == NULL) {
- client_log_err(client, "proxy: password not given");
+ e_error(client->event, "proxy: password not given");
client_proxy_error(client, PROXY_FAILURE_MSG);
return -1;
}
if (reply->host == NULL || *reply->host == '\0') {
- client_log_err(client, "proxy: host not given");
+ e_error(client->event, "proxy: host not given");
client_proxy_error(client, PROXY_FAILURE_MSG);
return -1;
}
if (reply->proxy_mech != NULL) {
sasl_mech = dsasl_client_mech_find(reply->proxy_mech);
if (sasl_mech == NULL) {
- client_log_err(client, t_strdup_printf(
+ e_error(client->event,
"proxy: Unsupported SASL mechanism %s",
- reply->proxy_mech));
+ reply->proxy_mech);
client_proxy_error(client, PROXY_FAILURE_MSG);
return -1;
}
}
if (login_proxy_is_ourself(client, reply->host, reply->port,
reply->destuser)) {
- client_log_err(client, "Proxying loops to itself");
+ e_error(client->event, "Proxying loops to itself");
client_proxy_error(client, PROXY_FAILURE_MSG);
return -1;
}
user_reason = "Timeout while finishing login.";
destroy_reason = t_strdup_printf(
"Timeout while finishing login (waited %u secs)", secs);
- client_log_err(client, destroy_reason);
+ e_error(client->event, "%s", destroy_reason);
} else if (client->auth_request != NULL) {
user_reason =
"Disconnected for inactivity during authentication.";
login_proxy_get_host(client->login_proxy),
login_proxy_get_port(client->login_proxy),
client_proxy_get_state(client), secs);
- client_log_err(client, destroy_reason);
+ e_error(client->event, "%s", destroy_reason);
} else {
user_reason = "Disconnected for inactivity.";
destroy_reason = "Disconnected: Inactivity";
command. */
ssl_set.allow_invalid_cert = TRUE;
if (ssl_iostream_server_context_cache_get(&ssl_set, &ssl_ctx, &error) < 0) {
- client_log_err(client, t_strdup_printf(
- "Failed to initialize SSL server context: %s", error));
+ e_error(client->event,
+ "Failed to initialize SSL server context: %s", error);
return -1;
}
if (io_stream_create_ssl_server(ssl_ctx, &ssl_set,
&client->input, &client->output,
&client->ssl_iostream, &error) < 0) {
- client_log_err(client, t_strdup_printf(
- "Failed to initialize SSL connection: %s", error));
+ e_error(client->event,
+ "Failed to initialize SSL connection: %s", error);
ssl_iostream_context_unref(&ssl_ctx);
return -1;
}
disconnects. Create a socketpair where login process is proxying on
one side and the other side is sent to the post-login process. */
if (socketpair(AF_UNIX, SOCK_STREAM, 0, fds) < 0) {
- client_log_err(client, t_strdup_printf("socketpair() failed: %m"));
+ e_error(client->event, "socketpair() failed: %m");
return -1;
}
fd_set_nonblock(fds[0], TRUE);
}
str_append_c(str, ')');
- client_log_err(proxy->client, str_c(str));
+ e_error(proxy->client->event, "%s", str_c(str));
}
static void proxy_reconnect_timeout(struct login_proxy *proxy)
if (proxy->ip.family == 0 &&
net_addr2ip(proxy->host, &proxy->ip) < 0) {
- client_log_err(proxy->client, t_strdup_printf(
+ e_error(proxy->client->event,
"proxy(%s): BUG: host %s is not an IP "
"(auth should have changed it)",
- proxy->client->virtual_user, proxy->host));
+ proxy->client->virtual_user, proxy->host);
return -1;
}
rec->last_failure.tv_sec - rec->last_success.tv_sec > PROXY_IMMEDIATE_FAILURE_SECS &&
rec->num_waiting_connections > 1) {
/* the server is down. fail immediately */
- client_log_err(proxy->client, t_strdup_printf(
+ e_error(proxy->client->event,
"proxy(%s): Host %s:%u is down",
proxy->client->virtual_user,
- net_ip2addr(&proxy->ip), proxy->port));
+ net_ip2addr(&proxy->ip), proxy->port);
return -1;
}
i_assert(client->login_proxy == NULL);
if (set->host == NULL || *set->host == '\0') {
- client_log_err(client, t_strdup_printf(
- "proxy(%s): host not given", client->virtual_user));
+ e_error(client->event,
+ "proxy(%s): host not given", client->virtual_user);
return -1;
}
if (client->proxy_ttl <= 1) {
- client_log_err(client, t_strdup_printf(
+ e_error(client->event,
"proxy(%s): TTL reached zero - "
- "proxies appear to be looping?", client->virtual_user));
+ "proxies appear to be looping?", client->virtual_user);
return -1;
}
io_remove(&proxy->server_io);
if (ssl_iostream_client_context_cache_get(&ssl_set, &ssl_ctx, &error) < 0) {
- client_log_err(proxy->client, t_strdup_printf(
- "proxy: Failed to create SSL client context: %s", error));
+ e_error(proxy->client->event,
+ "proxy: Failed to create SSL client context: %s", error);
return -1;
}
&proxy->server_output,
&proxy->server_ssl_iostream,
&error) < 0) {
- client_log_err(proxy->client, t_strdup_printf(
+ e_error(proxy->client->event,
"proxy: Failed to create SSL client to %s:%u: %s",
- net_ip2addr(&proxy->ip), proxy->port, error));
+ net_ip2addr(&proxy->ip), proxy->port, error);
ssl_iostream_context_unref(&ssl_ctx);
return -1;
}
ssl_iostream_context_unref(&ssl_ctx);
if (ssl_iostream_handshake(proxy->server_ssl_iostream) < 0) {
error = ssl_iostream_get_last_error(proxy->server_ssl_iostream);
- client_log_err(proxy->client, t_strdup_printf(
+ e_error(proxy->client->event,
"proxy: Failed to start SSL handshake to %s:%u: %s",
net_ip2addr(&proxy->ip), proxy->port,
- ssl_iostream_get_last_error(proxy->server_ssl_iostream)));
+ ssl_iostream_get_last_error(proxy->server_ssl_iostream));
return -1;
}
info.session_id = client_get_session_id(client);
if (!get_cert_username(client, &info.cert_username, &error)) {
- client_log_err(client, t_strdup_printf("Cannot get username "
- "from certificate: %s", error));
+ e_error(client->event,
+ "Cannot get username from certificate: %s", error);
sasl_server_auth_failed(client,
"Unable to validate certificate",
AUTH_CLIENT_FAIL_CODE_AUTHZFAILED);
str_printfa(str, "AUTH %s ", mech_name);
if (dsasl_client_output(client->common.proxy_sasl_client,
&sasl_output, &len, &error) < 0) {
- client_log_err(&client->common, t_strdup_printf(
+ e_error(client->common.event,
"proxy: SASL mechanism %s init failed: %s",
- mech_name, error));
+ mech_name, error);
return -1;
}
if (len == 0)
str = t_str_new(128);
if (base64_decode(line, strlen(line), NULL, str) < 0) {
- client_log_err(client, "proxy: Server sent invalid base64 data in AUTH response");
+ e_error(client->event, "proxy: Server sent invalid base64 data in AUTH response");
return -1;
}
ret = dsasl_client_input(client->proxy_sasl_client,
&data, &data_len, &error);
}
if (ret < 0) {
- client_log_err(client, t_strdup_printf(
+ e_error(client->event,
"proxy: Server sent invalid authentication data: %s",
- error));
+ error);
return -1;
}
i_assert(ret == 0);
case POP3_PROXY_BANNER:
/* this is a banner */
if (!str_begins(line, "+OK")) {
- client_log_err(client, t_strdup_printf(
+ e_error(client->event,
"proxy: Remote returned invalid banner: %s",
- str_sanitize(line, 160)));
+ str_sanitize(line, 160));
client_proxy_failed(client, TRUE);
return -1;
}
return 0;
case POP3_PROXY_STARTTLS:
if (!str_begins(line, "+OK")) {
- client_log_err(client, t_strdup_printf(
- "proxy: Remote STLS failed: %s",
- str_sanitize(line, 160)));
+ e_error(client->event, "proxy: Remote STLS failed: %s",
+ str_sanitize(line, 160));
client_proxy_failed(client, TRUE);
return -1;
}
return 1;
case POP3_PROXY_XCLIENT:
if (!str_begins(line, "+OK")) {
- client_log_err(client, t_strdup_printf(
+ e_error(client->event,
"proxy: Remote XCLIENT failed: %s",
- str_sanitize(line, 160)));
+ str_sanitize(line, 160));
client_proxy_failed(client, TRUE);
return -1;
}
if ((client->proxy_capability & SMTP_CAPABILITY_AUTH) == 0) {
/* Prevent sending credentials to a server that has login
disabled; i.e., due to the lack of TLS */
- client_log_err(&client->common, "proxy: "
+ e_error(client->common.event, "proxy: "
"Server has disabled authentication (TLS required?)");
return -1;
}
str_printfa(str, "AUTH %s ", mech_name);
if (dsasl_client_output(client->common.proxy_sasl_client,
&sasl_output, &len, &error) < 0) {
- client_log_err(&client->common, t_strdup_printf(
+ e_error(client->common.event,
"proxy: SASL mechanism %s init failed: %s",
- mech_name, error));
+ mech_name, error);
return -1;
}
if (len == 0)
str = t_str_new(128);
if (base64_decode(line, strlen(line), NULL, str) < 0) {
- client_log_err(
- client, "proxy: "
+ e_error(client->event, "proxy: "
"Server sent invalid base64 data in AUTH response");
return -1;
}
&data, &data_len, &error);
}
if (ret < 0) {
- client_log_err(client, t_strdup_printf(
+ e_error(client->event,
"proxy: Server sent invalid authentication data: %s",
- error));
+ error);
return -1;
}
i_assert(ret == 0);
}
if (subm_client->proxy_reply_status != 0 &&
subm_client->proxy_reply_status != status) {
- client_log_err(client, t_strdup_printf(
+ e_error(client->event,
"proxy: Remote returned inconsistent SMTP reply: %s "
"(status != %u)", str_sanitize(line, 160),
- subm_client->proxy_reply_status));
+ subm_client->proxy_reply_status);
client_proxy_failed(client, TRUE);
return -1;
}
case SUBMISSION_PROXY_BANNER:
/* this is a banner */
if (invalid_line || status != 220) {
- client_log_err(client, t_strdup_printf(
+ e_error(client->event,
"proxy: Remote returned invalid banner: %s",
- str_sanitize(line, 160)));
+ str_sanitize(line, 160));
client_proxy_failed(client, TRUE);
return -1;
}
case SUBMISSION_PROXY_EHLO:
case SUBMISSION_PROXY_TLS_EHLO:
if (invalid_line || (status / 100) != 2) {
- client_log_err(client, t_strdup_printf(
+ e_error(client->event,
"proxy: Remote returned invalid EHLO line: %s",
- str_sanitize(line, 160)));
+ str_sanitize(line, 160));
client_proxy_failed(client, TRUE);
return -1;
}
} else {
if ((subm_client->proxy_capability &
SMTP_CAPABILITY_STARTTLS) == 0) {
- client_log_err(
- client, "proxy: "
+ e_error(client->event, "proxy: "
"Remote doesn't support STARTTLS");
return -1;
}
return 0;
case SUBMISSION_PROXY_STARTTLS:
if (invalid_line || status != 220) {
- client_log_err(client, t_strdup_printf(
+ e_error(client->event,
"proxy: Remote STARTTLS failed: %s",
- str_sanitize(line, 160)));
+ str_sanitize(line, 160));
client_proxy_failed(client, TRUE);
return -1;
}
return 0;
case SUBMISSION_PROXY_XCLIENT:
if (invalid_line || (status / 100) != 2) {
- client_log_err(client, t_strdup_printf(
+ e_error(client->event,
"proxy: Remote XCLIENT failed: %s",
- str_sanitize(line, 160)));
+ str_sanitize(line, 160));
client_proxy_failed(client, TRUE);
return -1;
}
projects / thirdparty / dovecot / core.git / commitdiff
