These don't check that they're entirely correct as required by HTTP
specifications. They're mainly there as a quick check that if the caller
didn't validate the key/value in any way, we'll crash instead of creating
a potential security hole. (Because with line feeds the attacker could
add extra headers or even entirely new HTTP requests.)
johnkwoods [Wed, 28 Dec 2016 18:02:14 +0000 (12:02 -0600)]
lib-ldap: Remove extra return
The ldap_connection_queue_request() function returns void. Trying to
"return" something from a void function caused compiling issues on
Solaris (Oracle Developer Studio 12.5).
J. Nick Koston [Sun, 22 Jan 2017 23:24:02 +0000 (17:24 -0600)]
fts-solr: Allow username/password for solr connction
Solr comes open to the world by default. For better
security, we protect our solr installs with a user
and password. This change allows dovecot to connect
to these instances.
Example usage in a fts.conf (permissions 0600)
fts_solr = url=http://nick:pass@127.0.0.1:8983/solr/dovecot/
Timo Sirainen [Sun, 5 Feb 2017 14:49:05 +0000 (16:49 +0200)]
imap: Add imap_fetch_failure setting
This controls what happens when FETCH fails for some mails. The possible
values are:
disconnect-immediately: This is the original behavior. Whenever FETCH
fails for a mail, the FETCH is aborted and client is disconnected.
disconnect-after: The FETCH runs for all the requested mails, skipping
any mails that returned failures, but at the end the client is still
disconnected.
no-after: The FETCH runs for all the requested mails, skipping any mails
that returned failures. At the end tagged NO reply is returned. If the
client attempts to FETCH the same failed mail more than once, the client
is disconnected. This is to avoid clients from going into infinite loops
trying to FETCH a broken mail.
Using such a library results in the same code being duplicated (in OSX) in
both libssl_iostream_openssl.so and libdcrypt_openssl.so. This breaks the
idea of openssl_init_refcount, because each one will have their own one.
libdcrypt_openssl.so now links to libssl_iostream_openssl.so, which
shouldn't really be a problem, because lib-ssl-iostream is part of the core
libdovecot.so already. It would have been possible to also install
libdovecot_openssl_common.so and link it to both libssl_iostream_openssl.so
and libdcrypt_openssl.so, but that seems unnecessarily complicated.
Timo Sirainen [Fri, 3 Feb 2017 14:16:26 +0000 (16:16 +0200)]
lib-storage: Once hooks have run, set vlast to NULL to make sure it's not used
The functions can't be correctly overridden outside their own specific
hooks. It would work only if hook_build_update() is called afterwards and
currently there's no public API for that.
Stephan Bosch [Thu, 2 Feb 2017 00:36:50 +0000 (01:36 +0100)]
lib-http: client: Fixed peer reconnection failure handling.
The addressed problem occurs in a very specific situation in which the original successful connection is dropped, yet a new connection fails.
It manifests as an assertion failure or panic:
Panic: file ioloop-epoll.c: line 189 (io_loop_handler_run_internal): assertion failed: (msecs >= 0)
Panic: BUG: No IOs or timeouts set. Not waiting for infinity.
The timing is very critical. However, this doesn't mean that the occurrence of this problem is very unlikely; it can happen frequently under high load.
Stephan Bosch [Tue, 31 Jan 2017 12:41:48 +0000 (13:41 +0100)]
lib-http: server: Fix premature connection destroy in http_server_connection_output().
Added a reference to the connection object while it is sending the remainder of a response's payload.
This is necessary, since http_server_response_send_more() can destroy the connection, for example when the request has a "Connection: close" header.
This will only occur for responses with a very large payload, because otherwise the payload is fully sent in in the initial pass.
Timo Sirainen [Mon, 9 Jan 2017 21:13:03 +0000 (23:13 +0200)]
lib-storage: When logging corrupted mail size, disable logging Message-ID for now
This was causing crashes in some situations. It was originally added to
figure out if there were problems with dovecot.index.cache containing
data for wrong messages. This was never found to happen, although now
thinking about it, the problem may have been 741287129c22cadc14c05584704685b31169dbce. So perhaps this code could be
removed permanently as well.
6b44fc75c0039d1006ce4d543544552449b8e229 also attempted to fix this, but it
wasn't enough. There was still some code path that lead to recursive header
parsing.
Timo Sirainen [Sat, 28 Jan 2017 23:06:55 +0000 (01:06 +0200)]
lib-storage: Add struct mailbox_status.flags
This is similar to permanent_flags, except it tells which flags can be
changed at all in the session. Mainly it allows plugins to make changes to
IMAP's untagged FLAGS reply.
Stephan Bosch [Sun, 22 Jan 2017 22:55:24 +0000 (23:55 +0100)]
lib-http: client: Fixed handling of errors occurring for unsubmitted requests during http_client_request_send_payload().
When http_client_request_send_payload() is executed for the first time, the request is submitted.
Errors occurring during submission don't trigger a callback immediately.
Instead, these are queued in the client and will trigger a callback when an ioloop is run with the client.
However, in http_client_request_send_payload() the ioloop is never executed when the request fails that way, meaning that
the callback was never called. Since for example SOLR assumes the callback is always called for an error in
http_client_request_send_payload(), this causes all kinds of problems.
Fixed by manually handling the delayed request errors in http_client_request_send_payload() explicitly.