dovecot-2.0: inet_listeners now support ssl=yes. For now only lo...
dovecot at dovecot.org
dovecot at dovecot.org
Tue May 5 03:50:19 EEST 2009
details: http://hg.dovecot.org/dovecot-2.0/rev/4a42f694b762
changeset: 9218:4a42f694b762
user: Timo Sirainen <tss at iki.fi>
date: Mon May 04 20:50:13 2009 -0400
description:
inet_listeners now support ssl=yes. For now only login processes support it.
diffstat:
7 files changed, 36 insertions(+), 11 deletions(-)
src/lib-master/master-service-private.h | 3 ++-
src/lib-master/master-service.c | 7 +++++++
src/lib-master/master-service.h | 2 ++
src/login-common/main.c | 3 +--
src/master/master-settings.c | 4 +++-
src/master/master-settings.h | 1 +
src/master/service-process.c | 27 ++++++++++++++++++++-------
diffs (159 lines):
diff -r 5595d6d07a47 -r 4a42f694b762 src/lib-master/master-service-private.h
--- a/src/lib-master/master-service-private.h Mon May 04 20:49:31 2009 -0400
+++ b/src/lib-master/master-service-private.h Mon May 04 20:50:13 2009 -0400
@@ -7,6 +7,7 @@ struct master_service_listener {
struct master_service_listener {
struct master_service *service;
int fd;
+ bool ssl;
struct io *io;
};
@@ -23,7 +24,7 @@ struct master_service {
const char *config_path;
int syslog_facility;
- unsigned int socket_count;
+ unsigned int socket_count, ssl_socket_count;
struct master_service_listener *listeners;
struct io *io_status_write, *io_status_error;
diff -r 5595d6d07a47 -r 4a42f694b762 src/lib-master/master-service.c
--- a/src/lib-master/master-service.c Mon May 04 20:49:31 2009 -0400
+++ b/src/lib-master/master-service.c Mon May 04 20:50:13 2009 -0400
@@ -109,6 +109,9 @@ master_service_init(const char *name, en
str = getenv("SOCKET_COUNT");
if (str != NULL)
service->socket_count = atoi(str);
+ str = getenv("SSL_SOCKET_COUNT");
+ if (str != NULL)
+ service->ssl_socket_count = atoi(str);
/* set up some kind of logging until we know exactly how and where
we want to log */
@@ -437,6 +440,7 @@ static void master_service_listen(struct
io_remove(&l->io);
conn.fd = l->fd;
}
+ conn.ssl = l->ssl;
l->service->master_status.available_count--;
master_status_update(l->service);
@@ -461,6 +465,9 @@ static void io_listeners_add(struct mast
l->fd = MASTER_LISTEN_FD_FIRST + i;
l->io = io_add(MASTER_LISTEN_FD_FIRST + i, IO_READ,
master_service_listen, l);
+
+ if (i >= service->socket_count - service->ssl_socket_count)
+ l->ssl = TRUE;
}
}
diff -r 5595d6d07a47 -r 4a42f694b762 src/lib-master/master-service.h
--- a/src/lib-master/master-service.h Mon May 04 20:49:31 2009 -0400
+++ b/src/lib-master/master-service.h Mon May 04 20:50:13 2009 -0400
@@ -18,6 +18,8 @@ struct master_service_connection {
struct ip_addr remote_ip;
unsigned int remote_port;
+
+ bool ssl;
};
typedef void
diff -r 5595d6d07a47 -r 4a42f694b762 src/login-common/main.c
--- a/src/login-common/main.c Mon May 04 20:49:31 2009 -0400
+++ b/src/login-common/main.c Mon May 04 20:50:13 2009 -0400
@@ -39,8 +39,7 @@ static void client_connected(const struc
local_port = 0;
}
- // FIXME: a global ssl_connections isn't enough!
- if (!ssl_connections) {
+ if (!ssl_connections && !conn->ssl) {
client = client_create(conn->fd, FALSE, &local_ip,
&conn->remote_ip);
} else {
diff -r 5595d6d07a47 -r 4a42f694b762 src/master/master-settings.c
--- a/src/master/master-settings.c Mon May 04 20:49:31 2009 -0400
+++ b/src/master/master-settings.c Mon May 04 20:50:13 2009 -0400
@@ -55,13 +55,15 @@ static struct setting_define inet_listen
static struct setting_define inet_listener_setting_defines[] = {
DEF(SET_STR, address),
DEF(SET_UINT, port),
+ DEF(SET_BOOL, ssl),
SETTING_DEFINE_LIST_END
};
static struct inet_listener_settings inet_listener_default_settings = {
MEMBER(address) "*",
- MEMBER(port) 0
+ MEMBER(port) 0,
+ MEMBER(ssl) FALSE
};
static struct setting_parser_info inet_listener_setting_parser_info = {
diff -r 5595d6d07a47 -r 4a42f694b762 src/master/master-settings.h
--- a/src/master/master-settings.h Mon May 04 20:49:31 2009 -0400
+++ b/src/master/master-settings.h Mon May 04 20:50:13 2009 -0400
@@ -12,6 +12,7 @@ struct inet_listener_settings {
struct inet_listener_settings {
const char *address;
unsigned int port;
+ bool ssl;
};
struct service_settings {
diff -r 5595d6d07a47 -r 4a42f694b762 src/master/service-process.c
--- a/src/master/service-process.c Mon May 04 20:49:31 2009 -0400
+++ b/src/master/service-process.c Mon May 04 20:50:13 2009 -0400
@@ -33,7 +33,7 @@ service_dup_fds(struct service *service,
{
struct service_listener *const *listeners;
ARRAY_TYPE(dup2) dups;
- unsigned int i, count, n = 0, socket_listener_count;
+ unsigned int i, count, n = 0, socket_listener_count, ssl_socket_count;
/* stdin/stdout is already redirected to /dev/null. Other master fds
should have been opened with fd_close_on_exec() so we don't have to
@@ -53,13 +53,25 @@ service_dup_fds(struct service *service,
n += socket_listener_count;
}
+ /* first add non-ssl listeners */
for (i = 0; i < count; i++) {
- if (listeners[i]->fd == -1)
- continue;
-
- dup2_append(&dups, listeners[i]->fd,
- MASTER_LISTEN_FD_FIRST + n);
- n++; socket_listener_count++;
+ if (listeners[i]->fd != -1 &&
+ !listeners[i]->set.inetset.set->ssl) {
+ dup2_append(&dups, listeners[i]->fd,
+ MASTER_LISTEN_FD_FIRST + n);
+ n++; socket_listener_count++;
+ }
+ }
+ /* then ssl-listeners */
+ ssl_socket_count = 0;
+ for (i = 0; i < count; i++) {
+ if (listeners[i]->fd != -1 &&
+ listeners[i]->set.inetset.set->ssl) {
+ dup2_append(&dups, listeners[i]->fd,
+ MASTER_LISTEN_FD_FIRST + n);
+ n++; socket_listener_count++;
+ ssl_socket_count++;
+ }
}
dup2_append(&dups, null_fd, MASTER_RESERVED_FD);
@@ -106,6 +118,7 @@ service_dup_fds(struct service *service,
service_error(service, "dup2s failed");
env_put(t_strdup_printf("SOCKET_COUNT=%d", socket_listener_count));
+ env_put(t_strdup_printf("SSL_SOCKET_COUNT=%d", ssl_socket_count));
}
static int validate_uid_gid(struct master_settings *set, uid_t uid, gid_t gid,
More information about the dovecot-cvs
mailing list