dovecot-2.2: Read SSL settings only if service has SSL sockets o...

dovecot at dovecot.org dovecot at dovecot.org
Wed Sep 19 15:34:25 EEST 2012 

details:   http://hg.dovecot.org/dovecot-2.2/rev/14df6be0111f
changeset: 15088:14df6be0111f
user:      Timo Sirainen <tss at iki.fi>
date:      Wed Sep 19 15:34:00 2012 +0300
description:
Read SSL settings only if service has SSL sockets or MASTER_SERVICE_FLAG_USE_SSL_SETTINGS.

diffstat:

 src/auth/auth-settings.c                     |   7 +++--
 src/lib-master/master-service-private.h      |   1 +
 src/lib-master/master-service-settings.c     |  37 ++++++++++++++++++++-------
 src/lib-master/master-service-settings.h     |   7 ++---
 src/lib-master/master-service-ssl-settings.c |   2 +-
 src/lib-master/master-service.c              |   2 +
 src/lib-master/master-service.h              |   6 +++-
 src/lib-storage/mail-storage-service.c       |  18 +++++++++---
 src/lmtp/lmtp-settings.c                     |   4 +-
 src/login-common/login-settings.c            |   3 +-
 src/login-common/main.c                      |   3 +-
 11 files changed, 61 insertions(+), 29 deletions(-)

diffs (truncated from 303 to 300 lines):

diff -r 8c003fe6f5a6 -r 14df6be0111f src/auth/auth-settings.c
--- a/src/auth/auth-settings.c	Wed Sep 19 15:33:10 2012 +0300
+++ b/src/auth/auth-settings.c	Wed Sep 19 15:34:00 2012 +0300
@@ -392,8 +392,8 @@
 	};
  	struct master_service_settings_input input;
 	struct setting_parser_context *set_parser;
-	struct auth_settings *set;
 	const char *error;
+	void **sets;
 
 	memset(&input, 0, sizeof(input));
 	input.roots = set_roots;
@@ -408,7 +408,8 @@
 	if (!settings_parser_check(set_parser, pool, &error))
 		i_unreached();
 
-	set = settings_parser_get_list(set_parser)[MASTER_SERVICE_INTERNAL_SET_PARSERS];
+	sets = master_service_settings_parser_get_others(master_service,
+							 set_parser);
 	settings_parser_deinit(&set_parser);
-	return set;
+	return sets[0];
 }
diff -r 8c003fe6f5a6 -r 14df6be0111f src/lib-master/master-service-private.h
--- a/src/lib-master/master-service-private.h	Wed Sep 19 15:33:10 2012 +0300
+++ b/src/lib-master/master-service-private.h	Wed Sep 19 15:34:00 2012 +0300
@@ -70,6 +70,7 @@
 	unsigned int die_with_master:1;
 	unsigned int call_avail_overflow:1;
 	unsigned int config_path_is_default:1;
+	unsigned int want_ssl_settings:1;
 	unsigned int ssl_ctx_initialized:1;
 };
 
diff -r 8c003fe6f5a6 -r 14df6be0111f src/lib-master/master-service-settings.c
--- a/src/lib-master/master-service-settings.c	Wed Sep 19 15:33:10 2012 +0300
+++ b/src/lib-master/master-service-settings.c	Wed Sep 19 15:34:00 2012 +0300
@@ -116,7 +116,7 @@
 
 	/* @UNSAFE */
 	i = 0;
-	argv_max_count = 9 + (service->argc + 1) + 1;
+	argv_max_count = 11 + (service->argc + 1) + 1;
 	conf_argv = t_new(const char *, argv_max_count);
 	conf_argv[i++] = DOVECOT_CONFIG_BIN_PATH;
 	conf_argv[i++] = "-f";
@@ -126,6 +126,10 @@
 	if (input->module != NULL) {
 		conf_argv[i++] = "-m";
 		conf_argv[i++] = input->module;
+		if (service->want_ssl_settings) {
+			conf_argv[i++] = "-m";
+			conf_argv[i++] = "ssl";
+		}
 	}
 	if (input->parse_full_config)
 		conf_argv[i++] = "-p";
@@ -216,12 +220,15 @@
 }
 
 static void
-config_build_request(string_t *str,
+config_build_request(struct master_service *service, string_t *str,
 		     const struct master_service_settings_input *input)
 {
 	str_append(str, "REQ");
-	if (input->module != NULL)
+	if (input->module != NULL) {
 		str_printfa(str, "\tmodule=%s", input->module);
+		if (service->want_ssl_settings)
+			str_append(str, "\tmodule=ssl");
+	}
 	if (input->service != NULL)
 		str_printfa(str, "\tservice=%s", input->service);
 	if (input->username != NULL)
@@ -236,7 +243,8 @@
 }
 
 static int
-config_send_request(const struct master_service_settings_input *input,
+config_send_request(struct master_service *service,
+		    const struct master_service_settings_input *input,
 		    int fd, const char *path, const char **error_r)
 {
 	int ret;
@@ -246,7 +254,7 @@
 
 		str = t_str_new(128);
 		str_append(str, CONFIG_HANDSHAKE);
-		config_build_request(str, input);
+		config_build_request(service, str, input);
 		ret = write_full(fd, str_data(str), str_len(str));
 	} T_END;
 	if (ret < 0) {
@@ -352,7 +360,7 @@
 		if (fd == -1)
 			return -1;
 
-		if (config_send_request(input, fd, path, error_r) < 0) {
+		if (config_send_request(service, input, fd, path, error_r) < 0) {
 			i_close_fd(&fd);
 			config_exec_fallback(service, input);
 			return -1;
@@ -371,8 +379,10 @@
 	p_array_init(&all_roots, service->set_pool, 8);
 	tmp_root = &master_service_setting_parser_info;
 	array_append(&all_roots, &tmp_root, 1);
-	tmp_root = &master_service_ssl_setting_parser_info;
-	array_append(&all_roots, &tmp_root, 1);
+	if (service->want_ssl_settings) {
+		tmp_root = &master_service_ssl_setting_parser_info;
+		array_append(&all_roots, &tmp_root, 1);
+	}
 	if (input->roots != NULL) {
 		for (i = 0; input->roots[i] != NULL; i++)
 			array_append(&all_roots, &input->roots[i], 1);
@@ -498,8 +508,15 @@
 
 void **master_service_settings_get_others(struct master_service *service)
 {
-	return settings_parser_get_list(service->set_parser) +
-		MASTER_SERVICE_INTERNAL_SET_PARSERS;
+	return master_service_settings_parser_get_others(service,
+							 service->set_parser);
+}
+
+void **master_service_settings_parser_get_others(struct master_service *service,
+						 const struct setting_parser_context *set_parser)
+{
+	return settings_parser_get_list(set_parser) + 1 +
+		(service->want_ssl_settings ? 1 : 0);
 }
 
 struct setting_parser_context *
diff -r 8c003fe6f5a6 -r 14df6be0111f src/lib-master/master-service-settings.h
--- a/src/lib-master/master-service-settings.h	Wed Sep 19 15:33:10 2012 +0300
+++ b/src/lib-master/master-service-settings.h	Wed Sep 19 15:34:00 2012 +0300
@@ -3,11 +3,8 @@
 
 #include "network.h"
 
-/* Number of settings roots used by lib-master internally. Typically you should
-   use master_service_settings_get_others() to avoid knowing about this. */
-#define MASTER_SERVICE_INTERNAL_SET_PARSERS 2
-
 struct setting_parser_info;
+struct setting_parser_context;
 struct master_service;
 
 struct master_service_settings {
@@ -74,6 +71,8 @@
 const struct master_service_settings *
 master_service_settings_get(struct master_service *service);
 void **master_service_settings_get_others(struct master_service *service);
+void **master_service_settings_parser_get_others(struct master_service *service,
+						 const struct setting_parser_context *set_parser);
 struct setting_parser_context *
 master_service_get_settings_parser(struct master_service *service);
 
diff -r 8c003fe6f5a6 -r 14df6be0111f src/lib-master/master-service-ssl-settings.c
--- a/src/lib-master/master-service-ssl-settings.c	Wed Sep 19 15:33:10 2012 +0300
+++ b/src/lib-master/master-service-ssl-settings.c	Wed Sep 19 15:34:00 2012 +0300
@@ -51,7 +51,7 @@
 };
 
 const struct setting_parser_info master_service_ssl_setting_parser_info = {
-	.module_name = "master",
+	.module_name = "ssl",
 	.defines = master_service_ssl_setting_defines,
 	.defaults = &master_service_ssl_default_settings,
 
diff -r 8c003fe6f5a6 -r 14df6be0111f src/lib-master/master-service.c
--- a/src/lib-master/master-service.c	Wed Sep 19 15:33:10 2012 +0300
+++ b/src/lib-master/master-service.c	Wed Sep 19 15:34:00 2012 +0300
@@ -182,6 +182,8 @@
 		service->listener_names_count =
 			str_array_length((void *)service->listener_names);
 	}
+	service->want_ssl_settings = service->ssl_socket_count > 0 ||
+		(flags & MASTER_SERVICE_FLAG_USE_SSL_SETTINGS) != 0;
 
 	/* set up some kind of logging until we know exactly how and where
 	   we want to log */
diff -r 8c003fe6f5a6 -r 14df6be0111f src/lib-master/master-service.h
--- a/src/lib-master/master-service.h	Wed Sep 19 15:33:10 2012 +0300
+++ b/src/lib-master/master-service.h	Wed Sep 19 15:34:00 2012 +0300
@@ -22,7 +22,11 @@
 	MASTER_SERVICE_FLAG_NO_IDLE_DIE		= 0x80,
 	/* Show number of connections in process title
 	   (only if verbose_proctitle setting is enabled) */
-	MASTER_SERVICE_FLAG_UPDATE_PROCTITLE	= 0x100
+	MASTER_SERVICE_FLAG_UPDATE_PROCTITLE	= 0x100,
+	/* SSL settings are always looked up when we have ssl listeners.
+	   This flag enables looking up SSL settings even without ssl
+	   listeners (i.e. the service does STARTTLS). */
+	MASTER_SERVICE_FLAG_USE_SSL_SETTINGS	= 0x200
 };
 
 struct master_service_connection {
diff -r 8c003fe6f5a6 -r 14df6be0111f src/lib-storage/mail-storage-service.c
--- a/src/lib-storage/mail-storage-service.c	Wed Sep 19 15:33:10 2012 +0300
+++ b/src/lib-storage/mail-storage-service.c	Wed Sep 19 15:34:00 2012 +0300
@@ -950,6 +950,7 @@
 	const char *const *userdb_fields, *error;
 	struct auth_user_reply reply;
 	const struct setting_parser_context *set_parser;
+	void **sets;
 	pool_t user_pool, temp_pool;
 	int ret = 1;
 
@@ -973,7 +974,9 @@
 		master_service_init_log(ctx->service,
 			t_strconcat(ctx->service->name, ": ", NULL));
 	}
-	user_set = settings_parser_get_list(set_parser)[MASTER_SERVICE_INTERNAL_SET_PARSERS];
+	sets = master_service_settings_parser_get_others(master_service,
+							 set_parser);
+	user_set = sets[0];
 
 	if (ctx->conn == NULL)
 		mail_storage_service_first_init(ctx, user_info, user_set);
@@ -1007,7 +1010,9 @@
 	if (!settings_parser_check(user->set_parser, user_pool, &error))
 		i_panic("settings_parser_check() failed: %s", error);
 
-	user->user_set = settings_parser_get_list(user->set_parser)[MASTER_SERVICE_INTERNAL_SET_PARSERS];
+	sets = master_service_settings_parser_get_others(master_service,
+							 user->set_parser);
+	user->user_set = sets[0];
 	user->gid_source = "mail_gid setting";
 	user->uid_source = "mail_uid setting";
 
@@ -1189,6 +1194,7 @@
 	const struct setting_parser_context *set_parser;
 	const char *error;
 	pool_t temp_pool;
+	void **sets;
 
 	if (ctx->conn != NULL)
 		return;
@@ -1198,7 +1204,9 @@
 					       &user_info, &set_parser,
 					       &error) < 0)
 		i_fatal("%s", error);
-	user_set = settings_parser_get_list(set_parser)[MASTER_SERVICE_INTERNAL_SET_PARSERS];
+	sets = master_service_settings_parser_get_others(master_service,
+							 set_parser);
+	user_set = sets[0];
 
 	mail_storage_service_first_init(ctx, user_info, user_set);
 	pool_unref(&temp_pool);
@@ -1249,8 +1257,8 @@
 
 void **mail_storage_service_user_get_set(struct mail_storage_service_user *user)
 {
-	return settings_parser_get_list(user->set_parser) +
-		MASTER_SERVICE_INTERNAL_SET_PARSERS;
+	return master_service_settings_parser_get_others(master_service,
+							 user->set_parser);
 }
 
 const struct mail_storage_settings *
diff -r 8c003fe6f5a6 -r 14df6be0111f src/lmtp/lmtp-settings.c
--- a/src/lmtp/lmtp-settings.c	Wed Sep 19 15:33:10 2012 +0300
+++ b/src/lmtp/lmtp-settings.c	Wed Sep 19 15:34:00 2012 +0300
@@ -99,8 +99,8 @@
 {
 	void **sets;
 
-	sets = settings_parser_get_list(set_parser) +
-		MASTER_SERVICE_INTERNAL_SET_PARSERS;
+	sets = master_service_settings_parser_get_others(master_service,
+							 set_parser);
 	*lda_set_r = settings_dup(&lda_setting_parser_info, sets[1], pool);
 	*lmtp_set_r = settings_dup(&lmtp_setting_parser_info, sets[2], pool);
 }
diff -r 8c003fe6f5a6 -r 14df6be0111f src/login-common/login-settings.c
--- a/src/login-common/login-settings.c	Wed Sep 19 15:33:10 2012 +0300
+++ b/src/login-common/login-settings.c	Wed Sep 19 15:34:00 2012 +0300
@@ -179,8 +179,7 @@
 					       &parser, &error) < 0)
 		i_fatal("Error reading configuration: %s", error);
 
-	cache_sets = settings_parser_get_list(parser) +
-		MASTER_SERVICE_INTERNAL_SET_PARSERS;
+	cache_sets = master_service_settings_parser_get_others(master_service, parser);
 	for (count = 0; input.roots[count] != NULL; count++) ;
 	i_assert(cache_sets[count] == NULL);
 	sets = p_new(pool, void *, count + 1);
diff -r 8c003fe6f5a6 -r 14df6be0111f src/login-common/main.c
--- a/src/login-common/main.c	Wed Sep 19 15:33:10 2012 +0300
+++ b/src/login-common/main.c	Wed Sep 19 15:34:00 2012 +0300
@@ -364,7 +364,8 @@
 {
 	enum master_service_flags service_flags =
 		MASTER_SERVICE_FLAG_KEEP_CONFIG_OPEN |
-		MASTER_SERVICE_FLAG_TRACK_LOGIN_STATE;
+		MASTER_SERVICE_FLAG_TRACK_LOGIN_STATE |
+		MASTER_SERVICE_FLAG_USE_SSL_SETTINGS;

More information about the dovecot-cvs mailing list