dovecot-2.2: lmtp, *-login: Use ip/port values from struct maste...
dovecot at dovecot.org
dovecot at dovecot.org
Tue Aug 18 18:02:14 UTC 2015
details: http://hg.dovecot.org/dovecot-2.2/rev/a0e8c6b88072
changeset: 18950:a0e8c6b88072
user: Stephan Bosch <stephan at rename-it.nl>
date: Mon Jun 15 18:50:53 2015 +0200
description:
lmtp, *-login: Use ip/port values from struct master_service_connection instead of from the socket.
This way, a proxy protocol like HAProxy can transparently override these
addresses with what is seen by the proxy.
diffstat:
src/lmtp/client.c | 3 ++-
src/login-common/client-common.c | 19 ++++++++++++++-----
src/login-common/client-common.h | 6 ++++--
src/login-common/main.c | 22 +++++-----------------
4 files changed, 25 insertions(+), 25 deletions(-)
diffs (134 lines):
diff -r 71f4b77c519f -r a0e8c6b88072 src/lmtp/client.c
--- a/src/lmtp/client.c Mon Jun 15 18:50:53 2015 +0200
+++ b/src/lmtp/client.c Mon Jun 15 18:50:53 2015 +0200
@@ -249,7 +249,8 @@
client->fd_out = fd_out;
client->remote_ip = conn->remote_ip;
client->remote_port = conn->remote_port;
- (void)net_getsockname(conn->fd, &client->local_ip, &client->local_port);
+ client->local_ip = conn->local_ip;
+ client->local_port = conn->local_port;
client->input = i_stream_create_fd(fd_in, CLIENT_MAX_INPUT_SIZE, FALSE);
client->output = o_stream_create_fd(fd_out, (size_t)-1, FALSE);
diff -r 71f4b77c519f -r a0e8c6b88072 src/login-common/client-common.c
--- a/src/login-common/client-common.c Mon Jun 15 18:50:53 2015 +0200
+++ b/src/login-common/client-common.c Mon Jun 15 18:50:53 2015 +0200
@@ -103,10 +103,10 @@
struct client *
client_create(int fd, bool ssl, pool_t pool,
+ const struct master_service_connection *conn,
const struct login_settings *set,
const struct master_service_ssl_settings *ssl_set,
- void **other_sets,
- const struct ip_addr *local_ip, const struct ip_addr *remote_ip)
+ void **other_sets)
{
struct client *client;
@@ -125,13 +125,22 @@
client->pool = pool;
client->set = set;
client->ssl_set = ssl_set;
- client->real_local_ip = client->local_ip = *local_ip;
- client->real_remote_ip = client->ip = *remote_ip;
+
client->fd = fd;
client->tls = ssl;
+
+ client->local_ip = conn->local_ip;
+ client->local_port = conn->local_port;
+ client->ip = conn->remote_ip;
+ client->remote_port = conn->remote_port;
+ client->real_local_ip = conn->real_local_ip;
+ client->real_local_port = conn->real_local_port;
+ client->real_remote_ip = conn->real_remote_ip;
+ client->real_remote_port = conn->real_remote_port;
+
client->trusted = client_is_trusted(client);
client->secured = ssl || client->trusted ||
- net_ip_compare(remote_ip, local_ip);
+ net_ip_compare(&conn->real_remote_ip, &conn->real_local_ip);
client->proxy_ttl = LOGIN_PROXY_TTL;
if (last_client == NULL)
diff -r 71f4b77c519f -r a0e8c6b88072 src/login-common/client-common.h
--- a/src/login-common/client-common.h Mon Jun 15 18:50:53 2015 +0200
+++ b/src/login-common/client-common.h Mon Jun 15 18:50:53 2015 +0200
@@ -34,6 +34,8 @@
#define AUTH_MASTER_WAITING_MSG \
"Waiting for authentication master process to respond.."
+struct master_service_connection;
+
enum client_disconnect_reason {
CLIENT_DISCONNECT_TIMEOUT,
CLIENT_DISCONNECT_SYSTEM_SHUTDOWN,
@@ -173,10 +175,10 @@
struct client *
client_create(int fd, bool ssl, pool_t pool,
+ const struct master_service_connection *conn,
const struct login_settings *set,
const struct master_service_ssl_settings *ssl_set,
- void **other_sets,
- const struct ip_addr *local_ip, const struct ip_addr *remote_ip);
+ void **other_sets);
void client_destroy(struct client *client, const char *reason);
void client_destroy_success(struct client *client, const char *reason);
void client_destroy_internal_failure(struct client *client);
diff -r 71f4b77c519f -r a0e8c6b88072 src/login-common/main.c
--- a/src/login-common/main.c Mon Jun 15 18:50:53 2015 +0200
+++ b/src/login-common/main.c Mon Jun 15 18:50:53 2015 +0200
@@ -112,27 +112,19 @@
{
struct client *client;
struct ssl_proxy *proxy;
- struct ip_addr local_ip;
const struct login_settings *set;
const struct master_service_ssl_settings *ssl_set;
- unsigned int local_port;
pool_t pool;
int fd_ssl;
void **other_sets;
- if (net_getsockname(conn->fd, &local_ip, &local_port) < 0) {
- memset(&local_ip, 0, sizeof(local_ip));
- local_port = 0;
- }
-
pool = pool_alloconly_create("login client", 8*1024);
- set = login_settings_read(pool, &local_ip,
+ set = login_settings_read(pool, &conn->local_ip,
&conn->remote_ip, NULL, &ssl_set, &other_sets);
if (!ssl_connections && !conn->ssl) {
- client = client_create(conn->fd, FALSE, pool,
- set, ssl_set, other_sets,
- &local_ip, &conn->remote_ip);
+ client = client_create(conn->fd, FALSE, pool, conn,
+ set, ssl_set, other_sets);
} else {
fd_ssl = ssl_proxy_alloc(conn->fd, &conn->remote_ip, pool,
set, ssl_set, &proxy);
@@ -143,17 +135,13 @@
return;
}
- client = client_create(fd_ssl, TRUE, pool,
- set, ssl_set, other_sets,
- &local_ip, &conn->remote_ip);
+ client = client_create(fd_ssl, TRUE, pool, conn,
+ set, ssl_set, other_sets);
client->ssl_proxy = proxy;
ssl_proxy_set_client(proxy, client);
ssl_proxy_start(proxy);
}
- client->real_remote_port = client->remote_port = conn->remote_port;
- client->real_local_port = client->local_port = local_port;
-
if (auth_client_to != NULL)
timeout_remove(&auth_client_to);
}
More information about the dovecot-cvs
mailing list