dovecot-2.0: dovecot -p: And fixed it to really work this time.

Wed Sep 9 03:05:51 EEST 2009

details:   http://hg.dovecot.org/dovecot-2.0/rev/3e4f64af6c9a
changeset: 9914:3e4f64af6c9a
user:      Timo Sirainen <tss at iki.fi>
date:      Tue Sep 08 20:05:45 2009 -0400
description:
dovecot -p: And fixed it to really work this time.

diffstat:

4 files changed, 23 insertions(+), 18 deletions(-)
src/lib-master/master-interface.h    |    4 ++++
src/login-common/ssl-proxy-openssl.c |    3 ++-
src/master/main.c                    |   20 ++++++++++----------
src/master/service-process.c         |   14 +++++++-------

diffs (108 lines):

diff -r e819f6dfe5f4 -r 3e4f64af6c9a src/lib-master/master-interface.h

--- a/src/lib-master/master-interface.h	Tue Sep 08 20:00:18 2009 -0400
+++ b/src/lib-master/master-interface.h	Tue Sep 08 20:05:45 2009 -0400
@@ -87,6 +87,10 @@ struct master_auth_reply {
 /* getenv(MASTER_DOVECOT_VERSION_ENV) provides master's version number */
 #define MASTER_DOVECOT_VERSION_ENV "DOVECOT_VERSION"
 
+/* getenv(MASTER_SSL_KEY_PASSWORD_ENV) returns manually typed SSL key password,
+   if dovecot was started with -p parameter. */
+#define MASTER_SSL_KEY_PASSWORD_ENV "SSL_KEY_PASSWORD"
+
 /* Write pipe to anvil. Currently available only for auth destination
    services, for others it's /dev/null. */
 #define MASTER_ANVIL_FD 3
diff -r e819f6dfe5f4 -r 3e4f64af6c9a src/login-common/ssl-proxy-openssl.c
--- a/src/login-common/ssl-proxy-openssl.c	Tue Sep 08 20:00:18 2009 -0400
+++ b/src/login-common/ssl-proxy-openssl.c	Tue Sep 08 20:05:45 2009 -0400
@@ -9,6 +9,7 @@
 #include "safe-memset.h"
 #include "llist.h"
 #include "master-service.h"
+#include "master-interface.h"
 #include "ssl-proxy.h"
 
 #include <fcntl.h>
@@ -898,7 +899,7 @@ static EVP_PKEY *ssl_proxy_load_key(cons
 		i_fatal("BIO_new_mem_buf() failed");
 
 	password = *set->ssl_key_password != '\0' ? set->ssl_key_password :
-		getenv("SSL_KEY_PASSWORD");
+		getenv(MASTER_SSL_KEY_PASSWORD_ENV);
 	dup_password = t_strdup_noconst(password);
 	pkey = PEM_read_bio_PrivateKey(bio, NULL, pem_password_callback,
 				       dup_password);
diff -r e819f6dfe5f4 -r 3e4f64af6c9a src/master/main.c
--- a/src/master/main.c	Tue Sep 08 20:00:18 2009 -0400
+++ b/src/master/main.c	Tue Sep 08 20:05:45 2009 -0400
@@ -711,16 +711,22 @@ int main(int argc, char *argv[])
 		fd_close_on_exec(null_fd, TRUE);
 	} while (null_fd <= STDERR_FILENO);
 
-	if (dup2(null_fd, STDIN_FILENO) < 0 ||
-	    dup2(null_fd, STDOUT_FILENO) < 0)
-		i_fatal("dup2(null_fd) failed: %m");
-
 	if (master_service_settings_read_simple(master_service, set_roots,
 						&error) < 0)
 		i_fatal("Error reading configuration: %s", error);
 	sets = master_service_settings_get_others(master_service);
 	set = sets[0];
 
+	if (ask_key_pass) {
+		askpass("Give the password for SSL keys: ",
+			ssl_manual_key_password,
+			sizeof(ssl_manual_key_password));
+	}
+
+	if (dup2(null_fd, STDIN_FILENO) < 0 ||
+	    dup2(null_fd, STDOUT_FILENO) < 0)
+		i_fatal("dup2(null_fd) failed: %m");
+
 	pidfile_path =
 		i_strconcat(set->base_dir, "/"MASTER_PID_FILE_NAME, NULL);
 	if (send_signal != 0)
@@ -739,12 +745,6 @@ int main(int argc, char *argv[])
 		auth_warning_print(set);
 	}
 
-	if (ask_key_pass) {
-		askpass("Give the password for SSL keys",
-			ssl_manual_key_password,
-			sizeof(ssl_manual_key_password));
-	}
-
 	/* save TZ environment. AIX depends on it to get the timezone
 	   correctly. */
 	env_tz = getenv("TZ");
diff -r e819f6dfe5f4 -r 3e4f64af6c9a src/master/service-process.c
--- a/src/master/service-process.c	Tue Sep 08 20:00:18 2009 -0400
+++ b/src/master/service-process.c	Tue Sep 08 20:05:45 2009 -0400
@@ -426,6 +426,13 @@ service_process_setup_environment(struct
 
 	if (!service->set->master_set->version_ignore)
 		env_put(MASTER_DOVECOT_VERSION_ENV"="PACKAGE_VERSION);
+
+	if (*ssl_manual_key_password != '\0' && service->have_inet_listeners) {
+		/* manually given SSL password. give it only to services
+		   that have inet listeners. */
+		env_put(t_strconcat(MASTER_SSL_KEY_PASSWORD_ENV"=",
+				    ssl_manual_key_password, NULL));
+	}
 }
 
 static void service_process_status_timeout(struct service_process *process)
@@ -458,13 +465,6 @@ handle_request(const struct service_proc
 
 	env_put(t_strconcat("LOCAL_IP=", net_ip2addr(&request->local_ip), NULL));
 	env_put(t_strconcat("IP=", net_ip2addr(&request->remote_ip), NULL));
-	if (*ssl_manual_key_password != '\0' &&
-	    request->process->process.service->have_inet_listeners) {
-		/* manually given SSL password. give it only to services
-		   that have inet listeners. */
-		env_put(t_strconcat("SSL_KEY_PASSWORD=",
-				    ssl_manual_key_password, NULL));
-	}
 }
 
 struct service_process *
