dovecot-2.2: lmtp, *-login: Use ip/port values from struct maste...

dovecot at dovecot.org dovecot at dovecot.org
Tue Aug 18 18:02:14 UTC 2015 

details:   http://hg.dovecot.org/dovecot-2.2/rev/a0e8c6b88072
changeset: 18950:a0e8c6b88072
user:      Stephan Bosch <stephan at rename-it.nl>
date:      Mon Jun 15 18:50:53 2015 +0200
description:
lmtp, *-login: Use ip/port values from struct master_service_connection instead of from the socket.
This way, a proxy protocol like HAProxy can transparently override these
addresses with what is seen by the proxy.

diffstat:

 src/lmtp/client.c                |   3 ++-
 src/login-common/client-common.c |  19 ++++++++++++++-----
 src/login-common/client-common.h |   6 ++++--
 src/login-common/main.c          |  22 +++++-----------------
 4 files changed, 25 insertions(+), 25 deletions(-)

diffs (134 lines):

diff -r 71f4b77c519f -r a0e8c6b88072 src/lmtp/client.c
--- a/src/lmtp/client.c	Mon Jun 15 18:50:53 2015 +0200
+++ b/src/lmtp/client.c	Mon Jun 15 18:50:53 2015 +0200
@@ -249,7 +249,8 @@
 	client->fd_out = fd_out;
 	client->remote_ip = conn->remote_ip;
 	client->remote_port = conn->remote_port;
-	(void)net_getsockname(conn->fd, &client->local_ip, &client->local_port);
+	client->local_ip = conn->local_ip;
+	client->local_port = conn->local_port;
 
 	client->input = i_stream_create_fd(fd_in, CLIENT_MAX_INPUT_SIZE, FALSE);
 	client->output = o_stream_create_fd(fd_out, (size_t)-1, FALSE);
diff -r 71f4b77c519f -r a0e8c6b88072 src/login-common/client-common.c
--- a/src/login-common/client-common.c	Mon Jun 15 18:50:53 2015 +0200
+++ b/src/login-common/client-common.c	Mon Jun 15 18:50:53 2015 +0200
@@ -103,10 +103,10 @@
 
 struct client *
 client_create(int fd, bool ssl, pool_t pool,
+	      const struct master_service_connection *conn,
 	      const struct login_settings *set,
 	      const struct master_service_ssl_settings *ssl_set,
-	      void **other_sets,
-	      const struct ip_addr *local_ip, const struct ip_addr *remote_ip)
+	      void **other_sets)
 {
 	struct client *client;
 
@@ -125,13 +125,22 @@
 	client->pool = pool;
 	client->set = set;
 	client->ssl_set = ssl_set;
-	client->real_local_ip = client->local_ip = *local_ip;
-	client->real_remote_ip = client->ip = *remote_ip;
+
 	client->fd = fd;
 	client->tls = ssl;
+
+	client->local_ip = conn->local_ip;
+	client->local_port = conn->local_port;
+	client->ip = conn->remote_ip;
+	client->remote_port = conn->remote_port;
+	client->real_local_ip = conn->real_local_ip;
+	client->real_local_port = conn->real_local_port;
+	client->real_remote_ip = conn->real_remote_ip;
+	client->real_remote_port = conn->real_remote_port; 
+
 	client->trusted = client_is_trusted(client);
 	client->secured = ssl || client->trusted ||
-		net_ip_compare(remote_ip, local_ip);
+		net_ip_compare(&conn->real_remote_ip, &conn->real_local_ip);
 	client->proxy_ttl = LOGIN_PROXY_TTL;
 
 	if (last_client == NULL)
diff -r 71f4b77c519f -r a0e8c6b88072 src/login-common/client-common.h
--- a/src/login-common/client-common.h	Mon Jun 15 18:50:53 2015 +0200
+++ b/src/login-common/client-common.h	Mon Jun 15 18:50:53 2015 +0200
@@ -34,6 +34,8 @@
 #define AUTH_MASTER_WAITING_MSG \
 	"Waiting for authentication master process to respond.."
 
+struct master_service_connection;
+
 enum client_disconnect_reason {
 	CLIENT_DISCONNECT_TIMEOUT,
 	CLIENT_DISCONNECT_SYSTEM_SHUTDOWN,
@@ -173,10 +175,10 @@
 
 struct client *
 client_create(int fd, bool ssl, pool_t pool,
+	      const struct master_service_connection *conn,
 	      const struct login_settings *set,
 	      const struct master_service_ssl_settings *ssl_set,
-	      void **other_sets,
-	      const struct ip_addr *local_ip, const struct ip_addr *remote_ip);
+	      void **other_sets);
 void client_destroy(struct client *client, const char *reason);
 void client_destroy_success(struct client *client, const char *reason);
 void client_destroy_internal_failure(struct client *client);
diff -r 71f4b77c519f -r a0e8c6b88072 src/login-common/main.c
--- a/src/login-common/main.c	Mon Jun 15 18:50:53 2015 +0200
+++ b/src/login-common/main.c	Mon Jun 15 18:50:53 2015 +0200
@@ -112,27 +112,19 @@
 {
 	struct client *client;
 	struct ssl_proxy *proxy;
-	struct ip_addr local_ip;
 	const struct login_settings *set;
 	const struct master_service_ssl_settings *ssl_set;
-	unsigned int local_port;
 	pool_t pool;
 	int fd_ssl;
 	void **other_sets;
 
-	if (net_getsockname(conn->fd, &local_ip, &local_port) < 0) {
-		memset(&local_ip, 0, sizeof(local_ip));
-		local_port = 0;
-	}
-
 	pool = pool_alloconly_create("login client", 8*1024);
-	set = login_settings_read(pool, &local_ip,
+	set = login_settings_read(pool, &conn->local_ip,
 				  &conn->remote_ip, NULL, &ssl_set, &other_sets);
 
 	if (!ssl_connections && !conn->ssl) {
-		client = client_create(conn->fd, FALSE, pool,
-				       set, ssl_set, other_sets,
-				       &local_ip, &conn->remote_ip);
+		client = client_create(conn->fd, FALSE, pool, conn,
+				       set, ssl_set, other_sets);
 	} else {
 		fd_ssl = ssl_proxy_alloc(conn->fd, &conn->remote_ip, pool,
 					 set, ssl_set, &proxy);
@@ -143,17 +135,13 @@
 			return;
 		}
 
-		client = client_create(fd_ssl, TRUE, pool,
-				       set, ssl_set, other_sets,
-				       &local_ip, &conn->remote_ip);
+		client = client_create(fd_ssl, TRUE, pool, conn,
+				       set, ssl_set, other_sets);
 		client->ssl_proxy = proxy;
 		ssl_proxy_set_client(proxy, client);
 		ssl_proxy_start(proxy);
 	}
 
-	client->real_remote_port = client->remote_port = conn->remote_port;
-	client->real_local_port = client->local_port = local_port;
-
 	if (auth_client_to != NULL)
 		timeout_remove(&auth_client_to);
 }

More information about the dovecot-cvs mailing list