{
unsigned int delay_msecs;
- client->common.auth_command_tag = NULL;
+ i_free_and_null(client->common.master_data_prefix);
if (client->auth_initializing)
return;
static int client_auth_begin(struct imap_client *client, const char *mech_name,
const char *init_resp)
{
- client->common.auth_command_tag = client->cmd_tag;
+ char *prefix;
+
+ prefix = i_strdup_printf("%d%s", client->capability_command_used,
+ client->cmd_tag);
+
+ i_free(client->common.master_data_prefix);
+ client->common.master_data_prefix = (void *)prefix;
+ client->common.master_data_prefix_len = strlen(prefix)+1;
client_ref(client);
client->auth_initializing = TRUE;
return FALSE;
}
-static const char *get_capability(struct imap_client *client, bool full)
+static const char *get_capability(struct imap_client *client)
{
const char *auths;
auths = client_authenticate_get_capabilities(client);
- return t_strconcat(full ? client->common.set->capability_string :
- CAPABILITY_BANNER_STRING,
+ return t_strconcat(CAPABILITY_BANNER_STRING,
(ssl_initialized && !client->common.tls) ?
" STARTTLS" : "",
client->common.set->disable_plaintext_auth &&
{
client->capability_command_used = TRUE;
client_send_line(client, t_strconcat(
- "* CAPABILITY ", get_capability(client, TRUE), NULL));
+ "* CAPABILITY ", get_capability(client), NULL));
client_send_tagline(client, "OK Capability completed.");
return 1;
}
greet = t_str_new(128);
str_append(greet, "* OK ");
- str_printfa(greet, "[CAPABILITY %s] ", get_capability(client, FALSE));
+ str_printfa(greet, "[CAPABILITY %s] ", get_capability(client));
str_append(greet, client->common.set->login_greeting);
client_send_line(client, str_c(greet));
#define PROXY_FAILURE_MSG \
"NO ["IMAP_RESP_CODE_UNAVAILABLE"] "AUTH_TEMP_FAILED_MSG
-static const char *const *
-capabilities_strip_prelogin(const char *const *capabilities)
-{
- ARRAY_TYPE(const_string) new_caps_arr;
- const char **new_caps, *str;
- unsigned int count;
-
- t_array_init(&new_caps_arr, 64);
- for (; *capabilities != NULL; capabilities++) {
- if (strncasecmp(*capabilities, "AUTH=", 5) == 0 ||
- strcasecmp(*capabilities, "STARTTLS") == 0 ||
- strcasecmp(*capabilities, "SASL-IR") == 0 ||
- strcasecmp(*capabilities, "LOGINDISABLED") == 0 ||
- strcasecmp(*capabilities, "LOGIN-REFERRALS") == 0)
- continue;
-
- str = *capabilities;
- array_append(&new_caps_arr, &str, 1);
- }
- new_caps = array_get_modifiable(&new_caps_arr, &count);
- qsort(new_caps, count, sizeof(*new_caps), i_strcasecmp_p);
-
- (void)array_append_space(&new_caps_arr);
- return array_idx(&new_caps_arr, 0);
-}
-
static void proxy_write_id(struct imap_client *client, string_t *str)
{
str_printfa(str, "I ID ("
base64_encode(str_data(str), str_len(str), dest);
}
-static bool str_array_icmp(const char *const *arr1, const char *const *arr2)
-{
- unsigned int i;
-
- for (i = 0; arr1[i] != NULL; i++) {
- if (arr2[i] == NULL || strcasecmp(arr1[i], arr2[i]) != 0)
- return FALSE;
- }
- return TRUE;
-}
-
static void
client_send_capability_if_needed(struct imap_client *client, string_t *str,
const char *capability)
{
- const char *const *backend_capabilities;
- const char *const *proxy_capabilities;
-
if (!client->capability_command_used || capability == NULL)
return;
client->capability_command_used = FALSE;
/* client has used CAPABILITY command, so it didn't understand the
- capabilities in the banner. if backend server has different
- capabilities than we advertised already, there's a problem.
- to solve that we'll send the backend's untagged CAPABILITY reply
- and hope that the client understands it */
- backend_capabilities =
- capabilities_strip_prelogin(t_strsplit(capability, " "));
- proxy_capabilities =
- capabilities_strip_prelogin(t_strsplit(client->common.set->capability_string, " "));
-
- if (str_array_icmp(backend_capabilities, proxy_capabilities))
- return;
-
+ capabilities in the banner. send the backend's untagged CAPABILITY
+ reply and hope that the client understands it */
str_printfa(str, "* CAPABILITY %s\r\n", capability);
}
buffer_t *buf;
const char *tag;
unsigned int data_pos;
+ bool send_untagged_capability = FALSE;
buf = input == NULL ? NULL : t_base64_decode_str(input);
if (buf != NULL && buf->used > 0) {
tag = t_strndup(buf->data, buf->used);
+ switch (*tag) {
+ case '0':
+ tag++;
+ break;
+ case '1':
+ send_untagged_capability = TRUE;
+ tag++;
+ break;
+ }
data_pos = strlen(tag) + 1;
if (data_pos > buf->used &&
!i_stream_add_data(client->input,
"* PREAUTH [CAPABILITY ",
str_c(client->capability_string), "] "
"Logged in as ", client->user->username, NULL));
+ } else if (send_untagged_capability) {
+ /* client doesn't seem to understand tagged capabilities. send
+ untagged instead and hope that it works. */
+ client_send_line(client, t_strconcat("* CAPABILITY ",
+ str_c(client->capability_string), NULL));
+ client_send_line(client, t_strconcat(tag, " Logged in", NULL));
} else {
client_send_line(client, t_strconcat(
tag, " OK [CAPABILITY ",
int fd;
struct istream *input;
- const char *auth_command_tag;
+ unsigned char *master_data_prefix;
+ unsigned int master_data_prefix_len;
char *auth_mech_name;
struct auth_request *auth_request;
DEF(SET_STR, login_log_format),
DEF(SET_BOOL, login_process_per_connection),
- DEF(SET_STR, capability_string),
DEF(SET_ENUM, ssl),
DEF(SET_STR, ssl_ca_file),
MEMBER(login_log_format) "%$: %s",
MEMBER(login_process_per_connection) TRUE,
- MEMBER(capability_string) NULL,
MEMBER(ssl) "yes:no:required",
MEMBER(ssl_ca_file) "",
const char *login_log_format_elements, *login_log_format;
bool login_process_per_connection;
- const char *capability_string;
const char *ssl;
const char *ssl_ca_file;
req.remote_ip = client->ip;
buf = buffer_create_dynamic(pool_datastack_create(), 256);
- if (client->auth_command_tag != NULL) {
- buffer_append(buf, client->auth_command_tag,
- strlen(client->auth_command_tag)+1);
- }
+ buffer_append(buf, client->master_data_prefix,
+ client->master_data_prefix_len);
data = i_stream_get_data(client->input, &size);
buffer_append(buf, data, size);
projects / thirdparty / dovecot / core.git / commitdiff
