Added conditional capabilities functionality

This change adds a new 'capability' structure which contains both a
capability word and a set of flags which specify the circumstances
that must be met for the respective word to be advertised.

Some examples of circumstances that can be specified when adding
new capabilities are:

    - Only show at pre-login/post-login
    - Only show if STARTTLS is active/inactive (not RAW SSL)
    - Only show if raw SSL is active/inactive (not STARTTLS)
    - Only show if any TLS/SSL is active/inactive

The default operation is to show the capabaility word if at least
one of the circumstances is met, an additional flag provides the
ability to only show the capability word if exactly all of the
circumstances are met.

The API for adding capabilities now simply wraps the API for adding
entries to the capability list with the 'show always' flag set.

Retrieving the capability string is now a loop that iterates the list
of capability objects and evaluates whether each capability should be
added to the capability string based on the state of the current IMAP
session.

Author: shaun-a-johnson

src/imap-login/imap-login-client.c

@@ -20,6 +20,7 @@
 #include "imap-quote.h"
 #include "imap-login-commands.h"
 #include "imap-login-settings.h"
+#include "imap-capability-list.h"
 
 #if LOGIN_MAX_INBUF_SIZE < 1024+2
 #  error LOGIN_MAX_INBUF_SIZE too short to fit all ID command parameters
@@ -93,31 +94,80 @@ static const char *get_capability(struct client *client)
 {
 	struct imap_client *imap_client = (struct imap_client *)client;
 	string_t *cap_str = t_str_new(256);
-	bool explicit_capability = FALSE;
-
-	if (*imap_client->set->imap_capability == '\0')
-		str_append(cap_str, CAPABILITY_BANNER_STRING);
-	else if (*imap_client->set->imap_capability != '+') {
-		explicit_capability = TRUE;
-		str_append(cap_str, imap_client->set->imap_capability);
-	} else {
-		str_append(cap_str, CAPABILITY_BANNER_STRING);
-		str_append_c(cap_str, ' ');
-		str_append(cap_str, imap_client->set->imap_capability + 1);
-	}
 
-	if (!explicit_capability) {
-		if (imap_client->set->imap_literal_minus)
-			str_append(cap_str, " LITERAL-");
-		else
-			str_append(cap_str, " LITERAL+");
+	/* iterate capability list and append each capability if conditions met */
+	const struct imap_capability *capp;
+	array_foreach(&imap_client->capability_list->imap_capabilities, capp) {
+		/* local flags variable will get filled with all the flags
+		   that matched the current conditions -- then at the end
+		   if FLAG_REQUIRE_ALL is present the local flags variable
+		   is compared against the command flags to check for a
+		   perfect match */
+		uint32_t flags = 0;
+		if (capp->flags) {
+			/*  is this pre-auth? (yes) */
+			if ((capp->flags & CAP_PREAUTH) != 0) {
+				flags |= CAP_PREAUTH;
+			}
+			/*  is starttls active? */
+			if ((capp->flags & CAP_TLSACTIVE) != 0 &&
+					client->starttls) {
+				flags |= CAP_TLSACTIVE;
+			}
+			/*  is starttls inactive? */
+			if ((capp->flags & CAP_TLSINACTIVE) != 0 &&
+					!client->starttls) {
+				flags |= CAP_TLSINACTIVE;
+			}
+			/*  is ssl active? */
+			if ((capp->flags & CAP_SSLACTIVE) != 0 &&
+					(!client->starttls && client->tls)) {
+				flags |= CAP_SSLACTIVE;
+			}
+			/*  is ssl inactive? */
+			if ((capp->flags & CAP_SSLINACTIVE) != 0 &&
+					(client->starttls || !client->tls)) {
+				flags |= CAP_SSLINACTIVE;
+			}
+			/*  is login disabled? */
+			if ((capp->flags & CAP_NO_LOGIN) != 0 &&
+					is_login_cmd_disabled(client)) {
+				flags |= CAP_NO_LOGIN;
+			}
+			/*  are we secure? */
+			if ((capp->flags & CAP_SECURE) != 0 &&
+					client->tls) {
+				flags |= CAP_SECURE;
+			}
+			/*  are we insecure? */
+			if ((capp->flags & CAP_INSECURE) != 0 &&
+					!client->tls) {
+				flags |= CAP_INSECURE;
+			}
+
+			bool add = FALSE;
+			/*  now check if CAP_REQUIRE_ALL is present */
+			if ((capp->flags & CAP_REQUIRE_ALL) != 0) {
+				/*  did we match all? */
+				if ((capp->flags & ~CAP_REQUIRE_ALL) == flags) {
+					add = TRUE;
+				}
+			/*  no CAP_REQUIRE_ALL - did we match any flags? */
+			} else if (flags > 0) {
+				add = TRUE;
+			}
+
+			/*  should we add this entry? */
+			if (add) {
+				if (*str_c(cap_str) != '\0') {
+					str_append_c(cap_str, ' ');
+				}
+				str_append(cap_str, capp->command);
+			}
+		}
 	}
 
-	if (client_is_tls_enabled(client) && !client->tls)
-		str_append(cap_str, " STARTTLS");
-	if (is_login_cmd_disabled(client))
-		str_append(cap_str, " LOGINDISABLED");
-
+	/* grab the AUTH= capabilities from auth server */
 	client_authenticate_get_capabilities(client, cap_str);
 	return str_c(cap_str);
 }
@@ -381,6 +431,7 @@ static struct client *imap_client_alloc(pool_t pool)
 static void imap_client_create(struct client *client, void **other_sets)
 {
 	struct imap_client *imap_client = (struct imap_client *)client;
+	bool explicit_capability = FALSE;
 
 	imap_client->set = other_sets[0];
 	imap_client->parser =
@@ -389,6 +440,54 @@ static void imap_client_create(struct client *client, void **other_sets)
 				   IMAP_LOGIN_MAX_LINE_LENGTH);
 	if (imap_client->set->imap_literal_minus)
 		imap_parser_enable_literal_minus(imap_client->parser);
+
+	/* create our capability list from CAPABILITY_BANNER_STRING */
+	imap_client->capability_list =
+		 imap_capability_list_create(NULL);
+
+	/* do we have capabilities defined in our settings? */
+	if (*imap_client->set->imap_capability != '\0') {
+		/* does the configuration start with a + sign? */
+		if (*imap_client->set->imap_capability == '+') {
+			/* add the capability banner string to the cap list */
+			imap_capability_list_append_string(imap_client->capability_list,
+					CAPABILITY_BANNER_STRING);
+			/* add everything after the plus to our cap list */
+			imap_capability_list_append_string(imap_client->capability_list,
+					imap_client->set->imap_capability + 1);
+		} else {
+			/* add everything to our cap list */
+			imap_capability_list_append_string(imap_client->capability_list,
+					imap_client->set->imap_capability);
+			explicit_capability = TRUE;
+		}
+	} else {
+		/* add the capability banner string to the cap list */
+		imap_capability_list_append_string(imap_client->capability_list,
+				CAPABILITY_BANNER_STRING);
+	}
+
+	/* add STARTTLS to cap list if it is needed */
+	if (strcmp(client->ssl_set->ssl, "no") != 0) {
+		imap_capability_list_add(imap_client->capability_list,
+				"STARTTLS", CAP_REQUIRE_ALL | CAP_PREAUTH | CAP_INSECURE);
+	}
+
+	/* add LOGINDISABLED to cap list */
+	imap_capability_list_add(imap_client->capability_list,
+			"LOGINDISABLED", CAP_REQUIRE_ALL | CAP_PREAUTH | CAP_NO_LOGIN);
+
+	/* Add the LITERAL+/- if the capability isn't explicitly set */
+	if (!explicit_capability) {
+		if (imap_client->set->imap_literal_minus) {
+			imap_capability_list_add(imap_client->capability_list,
+					"LITERAL-", CAP_ALWAYS);
+		} else {
+			imap_capability_list_add(imap_client->capability_list,
+					"LITERAL+", CAP_ALWAYS);
+		}
+	}
+
 	client->io = io_add_istream(client->input, client_input, client);
 }
 

src/imap-login/imap-login-client.h

@@ -56,6 +56,7 @@ struct imap_client {
 
 	const struct imap_login_settings *set;
 	struct imap_parser *parser;
+	struct imap_capability_list *capability_list;
 	char *proxy_backend_capability;
 
 	const char *cmd_tag, *cmd_name;

src/imap/cmd-capability.c

@@ -7,7 +7,7 @@
 bool cmd_capability(struct client_command_context *cmd)
 {
 	client_send_line(cmd->client, t_strconcat(
-		"* CAPABILITY ", str_c(cmd->client->capability_string), NULL));
+		"* CAPABILITY ", client_get_capability(cmd->client), NULL));
 
 	client_send_tagline(cmd, "OK Capability completed.");
 	return TRUE;