dovecot-2.0: master: Removed all SSL related code. It doesn't be...
dovecot at dovecot.org
dovecot at dovecot.org
Thu Oct 8 00:55:17 EEST 2009
details: http://hg.dovecot.org/dovecot-2.0/rev/9716b5a4b14a
changeset: 9983:9716b5a4b14a
user: Timo Sirainen <tss at iki.fi>
date: Wed Oct 07 17:44:38 2009 -0400
description:
master: Removed all SSL related code. It doesn't belong there.
diffstat:
6 files changed, 431 deletions(-)
src/master/Makefile.am | 1
src/master/ssl-init-gnutls.c | 86 -------------------
src/master/ssl-init-main.c | 82 ------------------
src/master/ssl-init-openssl.c | 71 ----------------
src/master/ssl-init.c | 179 -----------------------------------------
src/master/ssl-init.h | 12 --
diffs (truncated from 461 to 300 lines):
diff -r 9e28fcdc74ab -r 9716b5a4b14a src/master/Makefile.am
--- a/src/master/Makefile.am Wed Oct 07 17:44:01 2009 -0400
+++ b/src/master/Makefile.am Wed Oct 07 17:44:38 2009 -0400
@@ -1,7 +1,6 @@ pkglibexecdir = $(libexecdir)/dovecot
pkglibexecdir = $(libexecdir)/dovecot
sbin_PROGRAMS = dovecot
-#pkglibexec_PROGRAMS = ssl-build-param
AM_CPPFLAGS = \
-I$(top_srcdir)/src/lib \
diff -r 9e28fcdc74ab -r 9716b5a4b14a src/master/ssl-init-gnutls.c
--- a/src/master/ssl-init-gnutls.c Wed Oct 07 17:44:01 2009 -0400
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,86 +0,0 @@
-/* Copyright (c) 2002-2009 Dovecot authors, see the included COPYING file */
-
-#include "common.h"
-#include "write-full.h"
-#include "ssl-init.h"
-
-#ifdef HAVE_GNUTLS
-
-#include <stdlib.h>
-#include <gnutls/gnutls.h>
-
-static int prime_nums[] = { 768, 1024, 0 };
-
-static void write_datum(int fd, const char *fname, gnutls_datum *dbits)
-{
- if (write_full(fd, &dbits->size, sizeof(dbits->size)) < 0)
- i_fatal("write_full() failed for file %s: %m", fname);
-
- if (write_full(fd, dbits->data, dbits->size) < 0)
- i_fatal("write_full() failed for file %s: %m", fname);
-}
-
-static void generate_dh_parameters(int fd, const char *fname)
-{
- gnutls_datum dbits, prime, generator;
- int ret, bits, i;
-
- dbits.size = sizeof(bits);
- dbits.data = (unsigned char *) &bits;
-
- for (i = 0; prime_nums[i] != 0; i++) {
- bits = prime_nums[i];
-
- ret = gnutls_dh_params_generate(&prime, &generator, bits);
- if (ret < 0) {
- i_fatal("gnutls_dh_params_generate(%d) failed: %s",
- bits, gnutls_strerror(ret));
- }
-
- write_datum(fd, fname, &dbits);
- write_datum(fd, fname, &prime);
- write_datum(fd, fname, &generator);
-
- free(prime.data);
- free(generator.data);
- }
-
- bits = 0;
- write_datum(fd, fname, &dbits);
-}
-
-static void generate_rsa_parameters(int fd, const char *fname)
-{
- gnutls_datum m, e, d, p, q, u;
- int ret;
-
- ret = gnutls_rsa_params_generate(&m, &e, &d, &p, &q, &u, 512);
- if (ret < 0) {
- i_fatal("gnutls_rsa_params_generate() faile: %s",
- strerror(ret));
- }
-
- write_datum(fd, fname, &m);
- write_datum(fd, fname, &e);
- write_datum(fd, fname, &d);
- write_datum(fd, fname, &p);
- write_datum(fd, fname, &q);
- write_datum(fd, fname, &u);
-}
-
-void ssl_generate_parameters(int fd, const char *fname)
-{
- int ret;
-
- if ((ret = gnutls_global_init() < 0)) {
- i_fatal("gnu_tls_global_init() failed: %s",
- gnutls_strerror(ret));
- }
-
- generate_dh_parameters(fd, fname);
- generate_rsa_parameters(fd, fname);
-
- gnutls_global_deinit();
-}
-
-#endif
diff -r 9e28fcdc74ab -r 9716b5a4b14a src/master/ssl-init-main.c
--- a/src/master/ssl-init-main.c Wed Oct 07 17:44:01 2009 -0400
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,82 +0,0 @@
-/* Copyright (c) 2006-2009 Dovecot authors, see the included COPYING file */
-
-#include "lib.h"
-#include "lib-signals.h"
-#include "file-lock.h"
-#include "randgen.h"
-#include "ssl-init.h"
-
-#include <stdio.h>
-#include <fcntl.h>
-#include <unistd.h>
-#include <sys/stat.h>
-
-#ifdef HAVE_SSL
-static int generate_parameters_file(const char *fname)
-{
- const char *temp_fname;
- struct file_lock *lock;
- mode_t old_mask;
- int fd, ret;
-
- temp_fname = t_strconcat(fname, ".tmp", NULL);
-
- old_mask = umask(0);
- fd = open(temp_fname, O_WRONLY | O_CREAT, 0644);
- umask(old_mask);
-
- if (fd == -1) {
- i_fatal("Can't create temporary SSL parameters file %s: %m",
- temp_fname);
- }
-
- /* If multiple dovecot instances are running, only one of them needs
- to regenerate this file. */
- ret = file_try_lock(fd, temp_fname, F_WRLCK,
- FILE_LOCK_METHOD_FCNTL, &lock);
- if (ret < 0)
- i_fatal("file_try_lock(%s) failed: %m", temp_fname);
- if (ret == 0) {
- /* someone else is writing this */
- return -1;
- }
- if (ftruncate(fd, 0) < 0)
- i_fatal("ftruncate(%s) failed: %m", temp_fname);
-
- ssl_generate_parameters(fd, temp_fname);
-
- if (rename(temp_fname, fname) < 0)
- i_fatal("rename(%s, %s) failed: %m", temp_fname, fname);
- if (close(fd) < 0)
- i_fatal("close(%s) failed: %m", temp_fname);
- file_lock_free(&lock);
-
- i_info("SSL parameters regeneration completed");
- return 0;
-}
-#else
-static int generate_parameters_file(const char *fname ATTR_UNUSED)
-{
- i_fatal("Dovecot built without SSL support");
- return -1;
-}
-#endif
-
-int main(int argc, char *argv[])
-{
- int ret = 0;
-
- lib_init();
- i_set_failure_internal();
-
- if (argc < 2)
- i_fatal("Usage: ssl-build-param <path>");
-
- random_init();
- if (generate_parameters_file(argv[1]) < 0)
- ret = 1;
-
- random_deinit();
- lib_deinit();
- return ret;
-}
diff -r 9e28fcdc74ab -r 9716b5a4b14a src/master/ssl-init-openssl.c
--- a/src/master/ssl-init-openssl.c Wed Oct 07 17:44:01 2009 -0400
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,71 +0,0 @@
-/* Copyright (c) 2002-2009 Dovecot authors, see the included COPYING file */
-
-#include "common.h"
-#include "write-full.h"
-#include "ssl-init.h"
-
-#ifdef HAVE_OPENSSL
-
-#include <openssl/err.h>
-#include <openssl/ssl.h>
-
-/* 2 or 5. Haven't seen their difference explained anywhere, but 2 is the
- default.. */
-#define DH_GENERATOR 2
-
-static int dh_param_bitsizes[] = { 512, 1024 };
-
-static const char *ssl_last_error(void)
-{
- unsigned long err;
- char *buf;
- size_t err_size = 256;
-
- err = ERR_get_error();
- if (err == 0)
- return strerror(errno);
-
- buf = t_malloc(err_size);
- buf[err_size-1] = '\0';
- ERR_error_string_n(err, buf, err_size-1);
- return buf;
-}
-
-static void generate_dh_parameters(int bitsize, int fd, const char *fname)
-{
- DH *dh = DH_generate_parameters(bitsize, DH_GENERATOR, NULL, NULL);
- unsigned char *buf, *p;
- int len;
-
- if (dh == NULL) {
- i_fatal("DH_generate_parameters(bits=%d, gen=%d) failed: %s",
- bitsize, DH_GENERATOR, ssl_last_error());
- }
-
- len = i2d_DHparams(dh, NULL);
- if (len < 0)
- i_fatal("i2d_DHparams() failed: %s", ssl_last_error());
-
- buf = p = i_malloc(len);
- len = i2d_DHparams(dh, &p);
-
- if (write_full(fd, &bitsize, sizeof(bitsize)) < 0 ||
- write_full(fd, &len, sizeof(len)) < 0 ||
- write_full(fd, buf, len) < 0)
- i_fatal("write_full() failed for file %s: %m", fname);
- i_free(buf);
-}
-
-void ssl_generate_parameters(int fd, const char *fname)
-{
- unsigned int i;
- int bits;
-
- for (i = 0; i < N_ELEMENTS(dh_param_bitsizes); i++)
- generate_dh_parameters(dh_param_bitsizes[i], fd, fname);
- bits = 0;
- if (write_full(fd, &bits, sizeof(bits)) < 0)
- i_fatal("write_full() failed for file %s: %m", fname);
-}
-
-#endif
diff -r 9e28fcdc74ab -r 9716b5a4b14a src/master/ssl-init.c
--- a/src/master/ssl-init.c Wed Oct 07 17:44:01 2009 -0400
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,179 +0,0 @@
-/* Copyright (c) 2002-2009 Dovecot authors, see the included COPYING file */
-
-#include "common.h"
-#include "ioloop.h"
-#include "env-util.h"
-#include "file-copy.h"
-#include "log.h"
-#include "child-process.h"
-#include "ssl-init.h"
-
-#ifdef HAVE_SSL
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <unistd.h>
-#include <fcntl.h>
-#include <utime.h>
-#include <sys/stat.h>
-
-static struct child_process ssl_param_child_process =
- { MEMBER(type) PROCESS_TYPE_SSL_PARAM };
-
-static struct timeout *to;
-static char *generating_path = NULL;
-
-#define SSL_PARAMETERS_PERM_PATH PKG_STATEDIR"/"SSL_PARAMETERS_FILENAME
-
-static void start_generate_process(const char *fname)
-{
- const char *binpath = PKG_LIBEXECDIR"/ssl-build-param";
- struct log_io *log;
- pid_t pid;
- int log_fd;
-
More information about the dovecot-cvs
mailing list