From: Timo Sirainen Date: Sat, 13 Feb 2010 03:43:50 +0000 (+0200) Subject: imap: Remember if TLS compression is enabled. X-Git-Tag: 2.0.beta3~103 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=7b1bdf60531f8d511e9983e2bd6375938d711cff;p=thirdparty%2Fdovecot%2Fcore.git imap: Remember if TLS compression is enabled. --HG-- branch : HEAD --- diff --git a/src/imap/imap-client.h b/src/imap/imap-client.h index dff070828b..30203c7b47 100644 --- a/src/imap/imap-client.h +++ b/src/imap/imap-client.h @@ -142,6 +142,7 @@ struct client { unsigned int id_logged:1; unsigned int mailbox_examined:1; unsigned int anvil_sent:1; + unsigned int tls_compression:1; unsigned int input_skip_line:1; /* skip all the data until we've found a new line */ unsigned int modseqs_sent_since_sync:1; diff --git a/src/imap/main.c b/src/imap/main.c index 01455580d6..cda31956f9 100644 --- a/src/imap/main.c +++ b/src/imap/main.c @@ -159,6 +159,7 @@ static void client_add_input(struct client *client, const buffer_t *buf) static int client_create_from_input(const struct mail_storage_service_input *input, + const struct master_login_client *login_client, int fd_in, int fd_out, const buffer_t *input_buf, const char **error_r) { @@ -166,6 +167,7 @@ client_create_from_input(const struct mail_storage_service_input *input, struct mail_user *mail_user; struct client *client; const struct imap_settings *set; + enum mail_auth_request_flags flags; if (mail_storage_service_lookup_next(storage_service, input, &user, &mail_user, error_r) <= 0) @@ -180,6 +182,10 @@ client_create_from_input(const struct mail_storage_service_input *input, T_BEGIN { client_add_input(client, input_buf); } T_END; + + flags = login_client == NULL ? 0 : login_client->auth_req.flags; + if ((flags & MAIL_AUTH_REQUEST_FLAG_TLS_COMPRESSION) != 0) + client->tls_compression = TRUE; return 0; } @@ -205,7 +211,7 @@ static void main_stdio_run(void) input_buf = input_base64 == NULL ? NULL : t_base64_decode_str(input_base64); - if (client_create_from_input(&input, STDIN_FILENO, STDOUT_FILENO, + if (client_create_from_input(&input, NULL, STDIN_FILENO, STDOUT_FILENO, input_buf, &error) < 0) i_fatal("%s", error); } @@ -227,7 +233,7 @@ login_client_connected(const struct master_login_client *client, buffer_create_const_data(&input_buf, client->data, client->auth_req.data_size); - if (client_create_from_input(&input, client->fd, client->fd, + if (client_create_from_input(&input, client, client->fd, client->fd, &input_buf, &error) < 0) { i_error("%s", error); (void)close(client->fd); diff --git a/src/lib-master/master-auth.h b/src/lib-master/master-auth.h index e4d28d6160..1f729f8d7d 100644 --- a/src/lib-master/master-auth.h +++ b/src/lib-master/master-auth.h @@ -17,6 +17,11 @@ struct master_service; to make sure there's space to transfer the command tag */ #define MASTER_AUTH_MAX_DATA_SIZE (1024*2) +enum mail_auth_request_flags { + /* Connection has TLS compression enabled */ + MAIL_AUTH_REQUEST_FLAG_TLS_COMPRESSION = 0x01 +}; + /* Authentication request. File descriptor may be sent along with the request. */ struct master_auth_request { @@ -33,6 +38,8 @@ struct master_auth_request { itself may be a local socketpair. */ struct ip_addr local_ip, remote_ip; + uint32_t flags; + /* request follows this many bytes of client input */ uint32_t data_size; /* inode of the transferred fd. verified just to be sure that the diff --git a/src/login-common/sasl-server.c b/src/login-common/sasl-server.c index e7c5468a24..c69a0def46 100644 --- a/src/login-common/sasl-server.c +++ b/src/login-common/sasl-server.c @@ -119,6 +119,9 @@ static void master_send_request(struct anvil_request *anvil_request) req.local_ip = client->local_ip; req.remote_ip = client->ip; req.client_pid = getpid(); + if (client->ssl_proxy != NULL && + ssl_proxy_get_compression(client->ssl_proxy)) + req.flags |= MAIL_AUTH_REQUEST_FLAG_TLS_COMPRESSION; memcpy(req.cookie, anvil_request->cookie, sizeof(req.cookie)); buf = buffer_create_dynamic(pool_datastack_create(), 256); diff --git a/src/login-common/ssl-proxy-openssl.c b/src/login-common/ssl-proxy-openssl.c index 26330ba270..c4574c6afd 100644 --- a/src/login-common/ssl-proxy-openssl.c +++ b/src/login-common/ssl-proxy-openssl.c @@ -704,9 +704,6 @@ const char *ssl_proxy_get_last_error(const struct ssl_proxy *proxy) const char *ssl_proxy_get_security_string(struct ssl_proxy *proxy) { SSL_CIPHER *cipher; -#ifdef HAVE_SSL_COMPRESSION - const COMP_METHOD *comp; -#endif int bits, alg_bits; const char *comp_str; @@ -715,19 +712,26 @@ const char *ssl_proxy_get_security_string(struct ssl_proxy *proxy) cipher = SSL_get_current_cipher(proxy->ssl); bits = SSL_CIPHER_get_bits(cipher, &alg_bits); -#ifdef HAVE_SSL_COMPRESSION - comp = SSL_get_current_compression(proxy->ssl); - comp_str = comp == NULL ? "" : - t_strconcat(" ", SSL_COMP_get_name(comp), NULL); -#else - comp_str = ""; -#endif + comp_str = ssl_proxy_get_compression(proxy); + comp_str = comp_str == NULL ? "" : t_strconcat(" ", comp_str, NULL); return t_strdup_printf("%s with cipher %s (%d/%d bits)%s", SSL_get_version(proxy->ssl), SSL_CIPHER_get_name(cipher), bits, alg_bits, comp_str); } +const char *ssl_proxy_get_compression(struct ssl_proxy *proxy) +{ +#ifdef HAVE_SSL_COMPRESSION + const COMP_METHOD *comp; + + comp = SSL_get_current_compression(proxy->ssl); + return comp == NULL ? NULL : SSL_COMP_get_name(comp); +#else + return NULL; +#endif +} + void ssl_proxy_free(struct ssl_proxy **_proxy) { struct ssl_proxy *proxy = *_proxy; diff --git a/src/login-common/ssl-proxy.c b/src/login-common/ssl-proxy.c index f1259812e6..553c4279de 100644 --- a/src/login-common/ssl-proxy.c +++ b/src/login-common/ssl-proxy.c @@ -66,6 +66,11 @@ const char *ssl_proxy_get_security_string(struct ssl_proxy *proxy ATTR_UNUSED) return ""; } +const char *ssl_proxy_get_compression(struct ssl_proxy *proxy ATTR_UNUSED) +{ + return NULL; +} + void ssl_proxy_free(struct ssl_proxy **proxy ATTR_UNUSED) {} unsigned int ssl_proxy_get_count(void) diff --git a/src/login-common/ssl-proxy.h b/src/login-common/ssl-proxy.h index 7bf58c7a0f..7be84b76b5 100644 --- a/src/login-common/ssl-proxy.h +++ b/src/login-common/ssl-proxy.h @@ -28,6 +28,7 @@ const char *ssl_proxy_get_peer_name(struct ssl_proxy *proxy); bool ssl_proxy_is_handshaked(const struct ssl_proxy *proxy) ATTR_PURE; const char *ssl_proxy_get_last_error(const struct ssl_proxy *proxy) ATTR_PURE; const char *ssl_proxy_get_security_string(struct ssl_proxy *proxy); +const char *ssl_proxy_get_compression(struct ssl_proxy *proxy); void ssl_proxy_free(struct ssl_proxy **proxy); /* Return number of active SSL proxies */