From: Timo Sirainen Date: Tue, 3 Jun 2025 12:36:00 +0000 (+0300) Subject: login-common: Write client rawlogs in plaintext X-Git-Tag: 2.4.2~673 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=7d51098f42377bafdf4a3713f111eb93821598b4;p=thirdparty%2Fdovecot%2Fcore.git login-common: Write client rawlogs in plaintext --- diff --git a/src/login-common/client-common.c b/src/login-common/client-common.c index bb5b948c7f..3fd8aec7e3 100644 --- a/src/login-common/client-common.c +++ b/src/login-common/client-common.c @@ -156,17 +156,44 @@ static void client_idle_disconnect_timeout(struct client *client) client_destroy(client, destroy_reason); } +void client_rawlog_init(struct client *client) +{ + if (login_rawlog_dir == NULL) + return; + + client->pre_rawlog_input = client->input; + client->pre_rawlog_output = client->output; + if (iostream_rawlog_create(login_rawlog_dir, &client->input, + &client->output) < 0) { + login_rawlog_dir = NULL; + return; + } + client->rawlog_input = client->input; + client->rawlog_output = client->output; +} + +void client_rawlog_deinit(struct client *client) +{ + if (client->rawlog_input == NULL) + return; + + i_assert(client->rawlog_input == client->input); + i_assert(client->rawlog_output == client->output); + i_stream_ref(client->pre_rawlog_input); + o_stream_ref(client->pre_rawlog_output); + i_stream_destroy(&client->rawlog_input); + o_stream_destroy(&client->rawlog_output); + client->input = client->pre_rawlog_input; + client->output = client->pre_rawlog_output; +} + static void client_open_streams(struct client *client) { client->input = i_stream_create_fd(client->fd, LOGIN_MAX_INBUF_SIZE); client->output = o_stream_create_fd(client->fd, LOGIN_MAX_OUTBUF_SIZE); o_stream_set_no_error_handling(client->output, TRUE); - if (login_rawlog_dir != NULL) { - if (iostream_rawlog_create(login_rawlog_dir, &client->input, - &client->output) < 0) - login_rawlog_dir = NULL; - } + client_rawlog_init(client); } static const char * @@ -753,6 +780,7 @@ int client_init_ssl(struct client *client) if (client->v.iostream_change_pre != NULL) client->v.iostream_change_pre(client); + client_rawlog_deinit(client); const struct ssl_iostream_server_autocreate_parameters parameters = { .event_parent = client->event, .application_protocols = login_binary->application_protocols, @@ -762,6 +790,7 @@ int client_init_ssl(struct client *client) &client->ssl_iostream, &error); if (client->v.iostream_change_post != NULL) client->v.iostream_change_post(client); + client_rawlog_init(client); if (ret < 0) { e_error(client->event, "Failed to initialize SSL connection: %s", error); diff --git a/src/login-common/client-common.h b/src/login-common/client-common.h index 8f10bd7745..d3a5f87224 100644 --- a/src/login-common/client-common.h +++ b/src/login-common/client-common.h @@ -201,6 +201,9 @@ struct client { int fd; struct istream *input; struct ostream *output; + /* The rawlog streams don't hold any references */ + struct istream *pre_rawlog_input, *rawlog_input; + struct ostream *pre_rawlog_output, *rawlog_output; /* If non-NULL, this is the multiplex ostream. It is usually the same as the output pointer, but some plugins may make them different. This isn't holding a reference, so it must not be unreferenced. */ @@ -354,6 +357,9 @@ void client_destroy_success(struct client *client, const char *reason); void client_ref(struct client *client); bool client_unref(struct client **client) ATTR_NOWARN_UNUSED_RESULT; +void client_rawlog_init(struct client *client); +void client_rawlog_deinit(struct client *client); + int client_init_ssl(struct client *client); void client_cmd_starttls(struct client *client); diff --git a/src/login-common/login-proxy.c b/src/login-common/login-proxy.c index 5743ea8364..121748f183 100644 --- a/src/login-common/login-proxy.c +++ b/src/login-common/login-proxy.c @@ -958,11 +958,12 @@ void login_proxy_replace_client_iostream_pre(struct login_proxy *proxy) client->output = proxy->client_output; /* iostream_change_pre() may change iostreams */ - if (client->v.iostream_change_pre != NULL) { + if (client->v.iostream_change_pre != NULL) client->v.iostream_change_pre(client); - proxy->client_input = client->input; - proxy->client_output = client->output; - } + client_rawlog_deinit(client); + + proxy->client_input = client->input; + proxy->client_output = client->output; } void login_proxy_replace_client_iostream_post(struct login_proxy *proxy, @@ -984,6 +985,7 @@ void login_proxy_replace_client_iostream_post(struct login_proxy *proxy, if (client->v.iostream_change_post != NULL) client->v.iostream_change_post(client); + client_rawlog_init(client); /* iostream_change_post() may have replaced the iostreams */ proxy->client_input = client->input;