imap: Remember if TLS compression is enabled.

--HG--
branch : HEAD

diff --git a/src/imap/imap-client.h b/src/imap/imap-client.h
index dff070828b54c0ee4113088c2f8884e399f495b4..30203c7b47d4d12b9b293266206c47407a0de806 100644 (file)
--- a/src/imap/imap-client.h
+++ b/src/imap/imap-client.h
@@ -142,6 +142,7 @@ struct client {
        unsigned int id_logged:1;
        unsigned int mailbox_examined:1;
        unsigned int anvil_sent:1;
+       unsigned int tls_compression:1;
        unsigned int input_skip_line:1; /* skip all the data until we've
                                           found a new line */
        unsigned int modseqs_sent_since_sync:1;

diff --git a/src/imap/main.c b/src/imap/main.c
index 01455580d61adcd94f0198c4d833b7f46d2cffd0..cda31956f9f3cc05fd7cc3b714da076901b05a25 100644 (file)
--- a/src/imap/main.c
+++ b/src/imap/main.c
@@ -159,6 +159,7 @@ static void client_add_input(struct client *client, const buffer_t *buf)
 
 static int
 client_create_from_input(const struct mail_storage_service_input *input,
+                        const struct master_login_client *login_client,
                         int fd_in, int fd_out, const buffer_t *input_buf,
                         const char **error_r)
 {
@@ -166,6 +167,7 @@ client_create_from_input(const struct mail_storage_service_input *input,
        struct mail_user *mail_user;
        struct client *client;
        const struct imap_settings *set;
+       enum mail_auth_request_flags flags;
 
        if (mail_storage_service_lookup_next(storage_service, input,
                                             &user, &mail_user, error_r) <= 0)
@@ -180,6 +182,10 @@ client_create_from_input(const struct mail_storage_service_input *input,
        T_BEGIN {
                client_add_input(client, input_buf);
        } T_END;
+
+       flags = login_client == NULL ? 0 : login_client->auth_req.flags;
+       if ((flags & MAIL_AUTH_REQUEST_FLAG_TLS_COMPRESSION) != 0)
+               client->tls_compression = TRUE;
        return 0;
 }
 
@@ -205,7 +211,7 @@ static void main_stdio_run(void)
        input_buf = input_base64 == NULL ? NULL :
                t_base64_decode_str(input_base64);
 
-       if (client_create_from_input(&input, STDIN_FILENO, STDOUT_FILENO,
+       if (client_create_from_input(&input, NULL, STDIN_FILENO, STDOUT_FILENO,
                                     input_buf, &error) < 0)
                i_fatal("%s", error);
 }
@@ -227,7 +233,7 @@ login_client_connected(const struct master_login_client *client,
 
        buffer_create_const_data(&input_buf, client->data,
                                 client->auth_req.data_size);
-       if (client_create_from_input(&input, client->fd, client->fd,
+       if (client_create_from_input(&input, client, client->fd, client->fd,
                                     &input_buf, &error) < 0) {
                i_error("%s", error);
                (void)close(client->fd);

diff --git a/src/lib-master/master-auth.h b/src/lib-master/master-auth.h
index e4d28d61602d89480a84adee435b12a88181a610..1f729f8d7d97732e095bdd7311ee569280c1501e 100644 (file)
--- a/src/lib-master/master-auth.h
+++ b/src/lib-master/master-auth.h
@@ -17,6 +17,11 @@ struct master_service;
    to make sure there's space to transfer the command tag  */
 #define MASTER_AUTH_MAX_DATA_SIZE (1024*2)
 
+enum mail_auth_request_flags {
+       /* Connection has TLS compression enabled */
+       MAIL_AUTH_REQUEST_FLAG_TLS_COMPRESSION  = 0x01
+};
+
 /* Authentication request. File descriptor may be sent along with the
    request. */
 struct master_auth_request {
@@ -33,6 +38,8 @@ struct master_auth_request {
           itself may be a local socketpair. */
        struct ip_addr local_ip, remote_ip;
 
+       uint32_t flags;
+
        /* request follows this many bytes of client input */
        uint32_t data_size;
        /* inode of the transferred fd. verified just to be sure that the

diff --git a/src/login-common/sasl-server.c b/src/login-common/sasl-server.c
index e7c5468a246a35f60ae9101f5f5592dcfc64696f..c69a0def466129525ef3f5321276fb597d5cb368 100644 (file)
--- a/src/login-common/sasl-server.c
+++ b/src/login-common/sasl-server.c
@@ -119,6 +119,9 @@ static void master_send_request(struct anvil_request *anvil_request)
        req.local_ip = client->local_ip;
        req.remote_ip = client->ip;
        req.client_pid = getpid();
+       if (client->ssl_proxy != NULL &&
+           ssl_proxy_get_compression(client->ssl_proxy))
+               req.flags |= MAIL_AUTH_REQUEST_FLAG_TLS_COMPRESSION;
        memcpy(req.cookie, anvil_request->cookie, sizeof(req.cookie));
 
        buf = buffer_create_dynamic(pool_datastack_create(), 256);

diff --git a/src/login-common/ssl-proxy-openssl.c b/src/login-common/ssl-proxy-openssl.c
index 26330ba2706e56c4d3474a99e69c3f99ed849b9d..c4574c6afda05b1ec07063bb0d2e2e152d787987 100644 (file)
--- a/src/login-common/ssl-proxy-openssl.c
+++ b/src/login-common/ssl-proxy-openssl.c
@@ -704,9 +704,6 @@ const char *ssl_proxy_get_last_error(const struct ssl_proxy *proxy)
 const char *ssl_proxy_get_security_string(struct ssl_proxy *proxy)
 {
        SSL_CIPHER *cipher;
-#ifdef HAVE_SSL_COMPRESSION
-       const COMP_METHOD *comp;
-#endif
        int bits, alg_bits;
        const char *comp_str;
 
@@ -715,19 +712,26 @@ const char *ssl_proxy_get_security_string(struct ssl_proxy *proxy)
 
        cipher = SSL_get_current_cipher(proxy->ssl);
        bits = SSL_CIPHER_get_bits(cipher, &alg_bits);
-#ifdef HAVE_SSL_COMPRESSION
-       comp = SSL_get_current_compression(proxy->ssl);
-       comp_str = comp == NULL ? "" :
-               t_strconcat(" ", SSL_COMP_get_name(comp), NULL);
-#else
-       comp_str = "";
-#endif
+       comp_str = ssl_proxy_get_compression(proxy);
+       comp_str = comp_str == NULL ? "" : t_strconcat(" ", comp_str, NULL);
        return t_strdup_printf("%s with cipher %s (%d/%d bits)%s",
                               SSL_get_version(proxy->ssl),
                               SSL_CIPHER_get_name(cipher),
                               bits, alg_bits, comp_str);
 }
 
+const char *ssl_proxy_get_compression(struct ssl_proxy *proxy)
+{
+#ifdef HAVE_SSL_COMPRESSION
+       const COMP_METHOD *comp;
+
+       comp = SSL_get_current_compression(proxy->ssl);
+       return comp == NULL ? NULL : SSL_COMP_get_name(comp);
+#else
+       return NULL;
+#endif
+}
+
 void ssl_proxy_free(struct ssl_proxy **_proxy)
 {
        struct ssl_proxy *proxy = *_proxy;

diff --git a/src/login-common/ssl-proxy.c b/src/login-common/ssl-proxy.c
index f1259812e6e3d370a16f8a09ee01cfd69d6ff3c1..553c4279de249dcde6e002e52cd16bfcec4303a1 100644 (file)
--- a/src/login-common/ssl-proxy.c
+++ b/src/login-common/ssl-proxy.c
@@ -66,6 +66,11 @@ const char *ssl_proxy_get_security_string(struct ssl_proxy *proxy ATTR_UNUSED)
        return "";
 }
 
+const char *ssl_proxy_get_compression(struct ssl_proxy *proxy ATTR_UNUSED)
+{
+       return NULL;
+}
+
 void ssl_proxy_free(struct ssl_proxy **proxy ATTR_UNUSED) {}
 
 unsigned int ssl_proxy_get_count(void)

diff --git a/src/login-common/ssl-proxy.h b/src/login-common/ssl-proxy.h
index 7bf58c7a0f082af032c03c3bb7dee5d48534af30..7be84b76b5ae977ce6457adb9f335d092bbe9e6d 100644 (file)
--- a/src/login-common/ssl-proxy.h
+++ b/src/login-common/ssl-proxy.h
@@ -28,6 +28,7 @@ const char *ssl_proxy_get_peer_name(struct ssl_proxy *proxy);
 bool ssl_proxy_is_handshaked(const struct ssl_proxy *proxy) ATTR_PURE;
 const char *ssl_proxy_get_last_error(const struct ssl_proxy *proxy) ATTR_PURE;
 const char *ssl_proxy_get_security_string(struct ssl_proxy *proxy);
+const char *ssl_proxy_get_compression(struct ssl_proxy *proxy);
 void ssl_proxy_free(struct ssl_proxy **proxy);
 
 /* Return number of active SSL proxies */