summaryrefslogtreecommitdiffstats
path: root/src/lib-master/master-auth.h
diff options
context:
space:
mode:
authorDaniel Baumann <daniel.baumann@progress-linux.org>2024-04-28 09:51:24 +0000
committerDaniel Baumann <daniel.baumann@progress-linux.org>2024-04-28 09:51:24 +0000
commitf7548d6d28c313cf80e6f3ef89aed16a19815df1 (patch)
treea3f6f2a3f247293bee59ecd28e8cd8ceb6ca064a /src/lib-master/master-auth.h
parentInitial commit. (diff)
downloaddovecot-upstream.tar.xz
dovecot-upstream.zip
Adding upstream version 1:2.3.19.1+dfsg1.upstream/1%2.3.19.1+dfsg1upstream
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'src/lib-master/master-auth.h')
-rw-r--r--src/lib-master/master-auth.h112
1 files changed, 112 insertions, 0 deletions
diff --git a/src/lib-master/master-auth.h b/src/lib-master/master-auth.h
new file mode 100644
index 0000000..8e0db74
--- /dev/null
+++ b/src/lib-master/master-auth.h
@@ -0,0 +1,112 @@
+#ifndef MASTER_AUTH_H
+#define MASTER_AUTH_H
+
+#include "net.h"
+
+struct master_service;
+
+/* Major version changes are not backwards compatible,
+ minor version numbers can be ignored. */
+#define AUTH_MASTER_PROTOCOL_MAJOR_VERSION 1
+#define AUTH_MASTER_PROTOCOL_MINOR_VERSION 1
+
+/* Authentication client process's cookie size */
+#define MASTER_AUTH_COOKIE_SIZE (128/8)
+
+/* LOGIN_MAX_INBUF_SIZE should be based on this. Keep this large enough so that
+ LOGIN_MAX_INBUF_SIZE will be 1024+2 bytes. This is because IMAP ID command's
+ values may be max. 1024 bytes plus 2 for "" quotes. (Although it could be
+ even double of that when value is full of \" quotes, but for now lets not
+ make it too easy to waste memory..) */
+#define MASTER_AUTH_MAX_DATA_SIZE (1024 + 128 + 64 + 2)
+
+#define MASTER_AUTH_ERRMSG_INTERNAL_FAILURE \
+ "Internal error occurred. Refer to server log for more information."
+
+enum mail_auth_request_flags {
+ /* Connection has TLS compression enabled */
+ MAIL_AUTH_REQUEST_FLAG_TLS_COMPRESSION = BIT(0),
+ /* Connection is secure (SSL or just trusted) */
+ MAIL_AUTH_REQUEST_FLAG_CONN_SECURED = BIT(1),
+ /* Connection is secured using SSL specifically */
+ MAIL_AUTH_REQUEST_FLAG_CONN_SSL_SECURED = BIT(2),
+ /* This login is implicit; no command reply is expected */
+ MAIL_AUTH_REQUEST_FLAG_IMPLICIT = BIT(3),
+};
+
+/* Authentication request. File descriptor may be sent along with the
+ request. */
+struct master_auth_request {
+ /* Request tag. Reply is sent back using same tag. */
+ unsigned int tag;
+
+ /* Authentication process, authentication ID and auth cookie. */
+ pid_t auth_pid;
+ unsigned int auth_id;
+ unsigned int client_pid;
+ uint8_t cookie[MASTER_AUTH_COOKIE_SIZE];
+
+ /* Properties of the connection. The file descriptor
+ itself may be a local socketpair. */
+ struct ip_addr local_ip, remote_ip;
+ in_port_t local_port, remote_port;
+
+ uint32_t flags;
+
+ /* request follows this many bytes of client input */
+ uint32_t data_size;
+ /* inode of the transferred fd. verified just to be sure that the
+ correct fd is mapped to the correct struct. */
+ ino_t ino;
+};
+
+enum master_auth_status {
+ MASTER_AUTH_STATUS_OK,
+ MASTER_AUTH_STATUS_INTERNAL_ERROR
+};
+
+struct master_auth_reply {
+ /* tag=0 are notifications from master */
+ unsigned int tag;
+ enum master_auth_status status;
+ /* PID of the post-login mail process handling this connection */
+ pid_t mail_pid;
+};
+
+struct master_auth_request_params {
+ /* Client fd to transfer to post-login process or -1 if no fd is
+ wanted to be transferred. */
+ int client_fd;
+ /* Override master_auth->default_path if non-NULL */
+ const char *socket_path;
+
+ /* Authentication request that is sent to post-login process.
+ tag is ignored. */
+ struct master_auth_request request;
+ /* Client input of size request.data_size */
+ const unsigned char *data;
+};
+
+/* reply=NULL if the auth lookup was cancelled due to some error */
+typedef void master_auth_callback_t(const struct master_auth_reply *reply,
+ void *context);
+
+struct master_auth *
+master_auth_init(struct master_service *service, const char *path);
+void master_auth_deinit(struct master_auth **auth);
+
+/* Send an authentication request. Returns tag which can be used to abort the
+ request (ie. ignore the reply from master). */
+void master_auth_request_full(struct master_auth *auth,
+ const struct master_auth_request_params *params,
+ master_auth_callback_t *callback, void *context,
+ unsigned int *tag_r);
+/* For backwards compatibility: */
+void master_auth_request(struct master_auth *auth, int fd,
+ const struct master_auth_request *request,
+ const unsigned char *data,
+ master_auth_callback_t *callback,
+ void *context, unsigned int *tag_r);
+void master_auth_request_abort(struct master_auth *auth, unsigned int tag);
+
+#endif