if ((ssl_flags & PROXY_SSL_FLAG_STARTTLS) != 0) {
if (client->proxy_backend_capability != NULL &&
!str_array_icase_find(t_strsplit(client->proxy_backend_capability, " "), "STARTTLS")) {
- e_error(login_proxy_get_event(client->common.login_proxy),
- "Remote doesn't support STARTTLS");
- client_proxy_failed(&client->common, TRUE);
+ login_proxy_failed(client->common.login_proxy,
+ login_proxy_get_event(client->common.login_proxy),
+ LOGIN_PROXY_FAILURE_TYPE_REMOTE_CONFIG,
+ "STARTTLS not supported");
return -1;
}
str_append(str, "S STARTTLS\r\n");
/* logging in normally - use LOGIN command */
if (client->proxy_logindisabled &&
login_proxy_get_ssl_flags(client->common.login_proxy) == 0) {
- e_error(login_proxy_get_event(client->common.login_proxy),
- "Remote advertised LOGINDISABLED and SSL/TLS not enabled");
- client_proxy_failed(&client->common, TRUE);
+ login_proxy_failed(client->common.login_proxy,
+ login_proxy_get_event(client->common.login_proxy),
+ LOGIN_PROXY_FAILURE_TYPE_REMOTE_CONFIG,
+ "LOGINDISABLED advertised, but SSL/TLS not enabled");
return -1;
}
str_append(str, "L LOGIN ");
if (client->proxy_sasl_ir) {
if (dsasl_client_output(client->common.proxy_sasl_client,
&output, &len, &error) < 0) {
- e_error(login_proxy_get_event(client->common.login_proxy),
+ const char *reason = t_strdup_printf(
"SASL mechanism %s init failed: %s",
mech_name, error);
- client_proxy_failed(&client->common, TRUE);
+ login_proxy_failed(client->common.login_proxy,
+ login_proxy_get_event(client->common.login_proxy),
+ LOGIN_PROXY_FAILURE_TYPE_INTERNAL, reason);
return -1;
}
str_append_c(str, ' ');
int ret;
if (!str_begins(line, "* OK ")) {
- e_error(login_proxy_get_event(client->common.login_proxy),
- "Remote returned invalid banner: %s",
+ const char *reason = t_strdup_printf("Invalid banner: %s",
str_sanitize(line, 160));
- client_proxy_failed(&client->common, TRUE);
+ login_proxy_failed(client->common.login_proxy,
+ login_proxy_get_event(client->common.login_proxy),
+ LOGIN_PROXY_FAILURE_TYPE_PROTOCOL, reason);
return -1;
}
str = t_str_new(128);
if (line[1] != ' ' ||
base64_decode(line+2, strlen(line+2), NULL, str) < 0) {
- e_error(login_proxy_get_event(client->login_proxy),
- "Server sent invalid base64 data in AUTHENTICATE response");
- client_proxy_failed(client, TRUE);
+ const char *reason = t_strdup_printf(
+ "Invalid base64 data in AUTHENTICATE response");
+ login_proxy_failed(client->login_proxy,
+ login_proxy_get_event(client->login_proxy),
+ LOGIN_PROXY_FAILURE_TYPE_PROTOCOL, reason);
return -1;
}
ret = dsasl_client_input(client->proxy_sasl_client,
&data, &data_len, &error);
}
if (ret < 0) {
- e_error(login_proxy_get_event(client->login_proxy),
- "Server sent invalid authentication data: %s",
- error);
- client_proxy_failed(client, TRUE);
+ const char *reason = t_strdup_printf(
+ "Invalid authentication data: %s", error);
+ login_proxy_failed(client->login_proxy,
+ login_proxy_get_event(client->login_proxy),
+ LOGIN_PROXY_FAILURE_TYPE_PROTOCOL, reason);
return -1;
}
i_assert(ret == 0);
if (!str_begins(line, "S OK ")) {
/* STARTTLS failed */
- e_error(login_proxy_get_event(client->login_proxy),
- "Remote STARTTLS failed: %s",
+ const char *reason = t_strdup_printf(
+ "STARTTLS failed: %s",
str_sanitize(line + 5, 160));
- client_proxy_failed(client, TRUE);
+ login_proxy_failed(client->login_proxy,
+ login_proxy_get_event(client->login_proxy),
+ LOGIN_PROXY_FAILURE_TYPE_REMOTE, reason);
return -1;
}
/* STARTTLS successful, begin TLS negotiation. */
}
/* failed for some reason, probably server disconnected */
- client_proxy_failed(client, TRUE);
+ login_proxy_failed(client->login_proxy,
+ login_proxy_get_event(client->login_proxy),
+ LOGIN_PROXY_FAILURE_TYPE_CONNECT, NULL);
return;
}
switch (i_stream_read(input)) {
case -2:
- e_error(login_proxy_get_event(client->login_proxy),
- "Disconnected by proxy: "
- "Received too long line from remote server");
- client_proxy_failed(client, TRUE);
+ login_proxy_failed(client->login_proxy,
+ login_proxy_get_event(client->login_proxy),
+ LOGIN_PROXY_FAILURE_TYPE_PROTOCOL,
+ "Too long input line");
return;
case -1:
line = i_stream_next_line(input);
duration = ioloop_time - client->created;
- e_error(login_proxy_get_event(client->login_proxy),
+ const char *reason = t_strdup_printf(
"Disconnected by server: %s "
"(state=%s, duration=%us)%s",
io_stream_get_disconnect_reason(input, NULL),
client_proxy_get_state(client), duration,
line == NULL ? "" : t_strdup_printf(
" - BUG: line not read: %s", line));
- client_proxy_failed(client, TRUE);
+ login_proxy_failed(client->login_proxy,
+ login_proxy_get_event(client->login_proxy),
+ LOGIN_PROXY_FAILURE_TYPE_CONNECT, reason);
return;
}
io_remove(&proxy->server_io);
if (ssl_iostream_client_context_cache_get(&ssl_set, &ssl_ctx, &error) < 0) {
- e_error(proxy->event, "Failed to create SSL client context: %s",
- error);
- client_proxy_failed(proxy->client, TRUE);
+ const char *reason = t_strdup_printf(
+ "Failed to create SSL client context: %s", error);
+ login_proxy_failed(proxy, proxy->event,
+ LOGIN_PROXY_FAILURE_TYPE_INTERNAL, reason);
return -1;
}
&proxy->server_output,
&proxy->server_ssl_iostream,
&error) < 0) {
- e_error(proxy->event, "Failed to create SSL client: %s", error);
- client_proxy_failed(proxy->client, TRUE);
+ const char *reason = t_strdup_printf(
+ "Failed to create SSL client: %s", error);
+ login_proxy_failed(proxy, proxy->event,
+ LOGIN_PROXY_FAILURE_TYPE_INTERNAL, reason);
ssl_iostream_context_unref(&ssl_ctx);
return -1;
}
ssl_iostream_context_unref(&ssl_ctx);
if (ssl_iostream_handshake(proxy->server_ssl_iostream) < 0) {
error = ssl_iostream_get_last_error(proxy->server_ssl_iostream);
- e_error(proxy->event, "Failed to start SSL handshake: %s",
+ const char *reason = t_strdup_printf(
+ "Failed to start SSL handshake: %s",
ssl_iostream_get_last_error(proxy->server_ssl_iostream));
- client_proxy_failed(proxy->client, TRUE);
+ login_proxy_failed(proxy, proxy->event,
+ LOGIN_PROXY_FAILURE_TYPE_INTERNAL, reason);
return -1;
}
str_printfa(str, "AUTH %s ", mech_name);
if (dsasl_client_output(client->common.proxy_sasl_client,
&sasl_output, &len, &error) < 0) {
- e_error(login_proxy_get_event(client->common.login_proxy),
+ const char *reason = t_strdup_printf(
"SASL mechanism %s init failed: %s",
mech_name, error);
- client_proxy_failed(&client->common, TRUE);
+ login_proxy_failed(client->common.login_proxy,
+ login_proxy_get_event(client->common.login_proxy),
+ LOGIN_PROXY_FAILURE_TYPE_INTERNAL, reason);
return -1;
}
if (len == 0)
str = t_str_new(128);
if (base64_decode(line, strlen(line), NULL, str) < 0) {
- e_error(login_proxy_get_event(client->login_proxy),
- "Server sent invalid base64 data in AUTH response");
- client_proxy_failed(client, TRUE);
+ const char *reason = t_strdup_printf(
+ "Invalid base64 data in AUTH response");
+ login_proxy_failed(client->login_proxy,
+ login_proxy_get_event(client->login_proxy),
+ LOGIN_PROXY_FAILURE_TYPE_PROTOCOL, reason);
return -1;
}
ret = dsasl_client_input(client->proxy_sasl_client,
&data, &data_len, &error);
}
if (ret < 0) {
- e_error(login_proxy_get_event(client->login_proxy),
- "Server sent invalid authentication data: %s", error);
- client_proxy_failed(client, TRUE);
+ const char *reason = t_strdup_printf(
+ "Invalid authentication data: %s", error);
+ login_proxy_failed(client->login_proxy,
+ login_proxy_get_event(client->login_proxy),
+ LOGIN_PROXY_FAILURE_TYPE_PROTOCOL, reason);
return -1;
}
i_assert(ret == 0);
case POP3_PROXY_BANNER:
/* this is a banner */
if (!str_begins(line, "+OK")) {
- e_error(login_proxy_get_event(client->login_proxy),
- "Remote returned invalid banner: %s",
- str_sanitize(line, 160));
- client_proxy_failed(client, TRUE);
+ const char *reason = t_strdup_printf(
+ "Invalid banner: %s", str_sanitize(line, 160));
+ login_proxy_failed(client->login_proxy,
+ login_proxy_get_event(client->login_proxy),
+ LOGIN_PROXY_FAILURE_TYPE_PROTOCOL, reason);
return -1;
}
pop3_client->proxy_xclient =
return 0;
case POP3_PROXY_STARTTLS:
if (!str_begins(line, "+OK")) {
- e_error(login_proxy_get_event(client->login_proxy),
- "Remote STLS failed: %s",
- str_sanitize(line, 160));
- client_proxy_failed(client, TRUE);
+ const char *reason = t_strdup_printf(
+ "STLS failed: %s", str_sanitize(line, 160));
+ login_proxy_failed(client->login_proxy,
+ login_proxy_get_event(client->login_proxy),
+ LOGIN_PROXY_FAILURE_TYPE_REMOTE, reason);
return -1;
}
if (login_proxy_starttls(client->login_proxy) < 0)
return 1;
case POP3_PROXY_XCLIENT:
if (!str_begins(line, "+OK")) {
- e_error(login_proxy_get_event(client->login_proxy),
- "Remote XCLIENT failed: %s",
- str_sanitize(line, 160));
- client_proxy_failed(client, TRUE);
+ const char *reason = t_strdup_printf(
+ "XCLIENT failed: %s", str_sanitize(line, 160));
+ login_proxy_failed(client->login_proxy,
+ login_proxy_get_event(client->login_proxy),
+ LOGIN_PROXY_FAILURE_TYPE_REMOTE, reason);
return -1;
}
pop3_client->proxy_state = client->proxy_sasl_client == NULL ?
if ((client->proxy_capability & SMTP_CAPABILITY_AUTH) == 0) {
/* Prevent sending credentials to a server that has login
disabled; i.e., due to the lack of TLS */
- e_error(login_proxy_get_event(client->common.login_proxy),
- "Server has disabled authentication (TLS required?)");
- client_proxy_failed(&client->common, TRUE);
+ login_proxy_failed(client->common.login_proxy,
+ login_proxy_get_event(client->common.login_proxy),
+ LOGIN_PROXY_FAILURE_TYPE_REMOTE_CONFIG,
+ "Authentication support not advertised (TLS required?)");
return -1;
}
str_printfa(str, "AUTH %s ", mech_name);
if (dsasl_client_output(client->common.proxy_sasl_client,
&sasl_output, &len, &error) < 0) {
- e_error(login_proxy_get_event(client->common.login_proxy),
+ const char *reason = t_strdup_printf(
"SASL mechanism %s init failed: %s",
mech_name, error);
- client_proxy_failed(&client->common, TRUE);
+ login_proxy_failed(client->common.login_proxy,
+ login_proxy_get_event(client->common.login_proxy),
+ LOGIN_PROXY_FAILURE_TYPE_INTERNAL, reason);
return -1;
}
if (len == 0)
str = t_str_new(128);
if (base64_decode(line, strlen(line), NULL, str) < 0) {
- e_error(login_proxy_get_event(client->login_proxy),
- "Server sent invalid base64 data in AUTH response");
- client_proxy_failed(client, TRUE);
+ login_proxy_failed(client->login_proxy,
+ login_proxy_get_event(client->login_proxy),
+ LOGIN_PROXY_FAILURE_TYPE_PROTOCOL,
+ "Invalid base64 data in AUTH response");
return -1;
}
ret = dsasl_client_input(client->proxy_sasl_client,
&data, &data_len, &error);
}
if (ret < 0) {
- e_error(login_proxy_get_event(client->login_proxy),
- "Server sent invalid authentication data: %s", error);
- client_proxy_failed(client, TRUE);
+ const char *reason = t_strdup_printf(
+ "Invalid authentication data: %s", error);
+ login_proxy_failed(client->login_proxy,
+ login_proxy_get_event(client->login_proxy),
+ LOGIN_PROXY_FAILURE_TYPE_PROTOCOL, reason);
return -1;
}
i_assert(ret == 0);
}
if (subm_client->proxy_reply_status != 0 &&
subm_client->proxy_reply_status != status) {
- e_error(login_proxy_get_event(client->login_proxy),
- "Remote returned inconsistent SMTP reply: %s "
- "(status != %u)", str_sanitize(line, 160),
+ const char *reason = t_strdup_printf(
+ "Inconsistent SMTP reply: %s (status != %u)",
+ str_sanitize(line, 160),
subm_client->proxy_reply_status);
- client_proxy_failed(client, TRUE);
+ login_proxy_failed(client->login_proxy,
+ login_proxy_get_event(client->login_proxy),
+ LOGIN_PROXY_FAILURE_TYPE_PROTOCOL, reason);
return -1;
}
if (line[3] == ' ') {
case SUBMISSION_PROXY_BANNER:
/* this is a banner */
if (invalid_line || status != 220) {
- e_error(login_proxy_get_event(client->login_proxy),
- "Remote returned invalid banner: %s",
- str_sanitize(line, 160));
- client_proxy_failed(client, TRUE);
+ const char *reason = t_strdup_printf(
+ "Invalid banner: %s", str_sanitize(line, 160));
+ login_proxy_failed(client->login_proxy,
+ login_proxy_get_event(client->login_proxy),
+ LOGIN_PROXY_FAILURE_TYPE_PROTOCOL, reason);
return -1;
}
if (!last_line)
case SUBMISSION_PROXY_EHLO:
case SUBMISSION_PROXY_TLS_EHLO:
if (invalid_line || (status / 100) != 2) {
- e_error(login_proxy_get_event(client->login_proxy),
- "Remote returned invalid EHLO line: %s",
+ const char *reason = t_strdup_printf(
+ "Invalid EHLO line: %s",
str_sanitize(line, 160));
- client_proxy_failed(client, TRUE);
+ login_proxy_failed(client->login_proxy,
+ login_proxy_get_event(client->login_proxy),
+ LOGIN_PROXY_FAILURE_TYPE_PROTOCOL, reason);
return -1;
}
} else {
if ((subm_client->proxy_capability &
SMTP_CAPABILITY_STARTTLS) == 0) {
- e_error(login_proxy_get_event(client->login_proxy),
- "Remote doesn't support STARTTLS");
- client_proxy_failed(client, TRUE);
+ login_proxy_failed(client->login_proxy,
+ login_proxy_get_event(client->login_proxy),
+ LOGIN_PROXY_FAILURE_TYPE_REMOTE_CONFIG,
+ "STARTTLS not supported");
return -1;
}
o_stream_nsend_str(output, "STARTTLS\r\n");
return 0;
case SUBMISSION_PROXY_STARTTLS:
if (invalid_line || status != 220) {
- e_error(login_proxy_get_event(client->login_proxy),
- "Remote STARTTLS failed: %s",
+ const char *reason = t_strdup_printf(
+ "STARTTLS failed: %s",
str_sanitize(line, 160));
- client_proxy_failed(client, TRUE);
+ login_proxy_failed(client->login_proxy,
+ login_proxy_get_event(client->login_proxy),
+ LOGIN_PROXY_FAILURE_TYPE_REMOTE, reason);
return -1;
}
if (!last_line)
return 0;
case SUBMISSION_PROXY_XCLIENT:
if (invalid_line || (status / 100) != 2) {
- e_error(login_proxy_get_event(client->login_proxy),
- "Remote XCLIENT failed: %s",
- str_sanitize(line, 160));
- client_proxy_failed(client, TRUE);
+ const char *reason = t_strdup_printf(
+ "XCLIENT failed: %s", str_sanitize(line, 160));
+ login_proxy_failed(client->login_proxy,
+ login_proxy_get_event(client->login_proxy),
+ LOGIN_PROXY_FAILURE_TYPE_REMOTE, reason);
return -1;
}
if (!last_line)
projects / thirdparty / dovecot / core.git / commitdiff
