login-common: Remove login_access_sockets

diff --git a/doc/example-config/dovecot.conf b/doc/example-config/dovecot.conf
index b67e9eb4a424e60a561f466fb6d71806e04560bb..feb755c4466e15d83e6b06fe13f4e0332b704deb 100644 (file)
--- a/doc/example-config/dovecot.conf
+++ b/doc/example-config/dovecot.conf
@@ -47,9 +47,6 @@
 # these networks. Typically you'd specify your IMAP proxy servers here.
 #login_trusted_networks =
 
-# Space separated list of login access check sockets (e.g. tcpwrap)
-#login_access_sockets = 
-
 # With proxy_maybe=yes if proxy destination matches any of these IPs, don't do
 # proxying. This isn't necessary normally, but may be useful if the destination
 # IP is e.g. a load balancer's IP.

diff --git a/src/config/old-set-parser.c b/src/config/old-set-parser.c
index 2f99978f272c0efb1943d42778926309b1054bc6..6671833816bbdd37438fadf176ca397e9c4ff839 100644 (file)
--- a/src/config/old-set-parser.c
+++ b/src/config/old-set-parser.c
@@ -283,6 +283,13 @@ old_settings_handle_root(struct config_parser_context *ctx,
                                  NULL);
                return TRUE;
        }
+       if (strcmp(key, "login_access_sockets") == 0) {
+               if (value != NULL && *value != '\0')
+                       i_fatal("%s is no longer supported", key);
+               else
+                       obsolete(ctx, "%s is no longer supported", key);
+               return TRUE;
+       }
        if (ctx->old->auth_section == 1) {
                if (!str_begins_with(key, "auth_"))
                        key = t_strconcat("auth_", key, NULL);

diff --git a/src/login-common/login-settings.c b/src/login-common/login-settings.c
index e680677b762436ab6b7aefc3d30ebba8ec524aa4..30f7399dc26e17f33a169d045cfbca5590576f89 100644 (file)
--- a/src/login-common/login-settings.c
+++ b/src/login-common/login-settings.c
@@ -25,7 +25,6 @@ static const struct setting_define login_setting_defines[] = {
        DEF(STR_VARS, login_greeting),
        DEF(STR, login_log_format_elements),
        DEF(STR, login_log_format),
-       DEF(STR, login_access_sockets),
        DEF(STR_VARS, login_proxy_notify_path),
        DEF(STR, login_plugin_dir),
        DEF(STR, login_plugins),
@@ -54,7 +53,6 @@ static const struct login_settings login_default_settings = {
        .login_greeting = PACKAGE_NAME" ready.",
        .login_log_format_elements = "user=<%u> method=%m rip=%r lip=%l mpid=%e %c session=<%{session}>",
        .login_log_format = "%$: %s",
-       .login_access_sockets = "",
        .login_proxy_notify_path = "proxy-notify",
        .login_plugin_dir = MODULEDIR"/login",
        .login_plugins = "",

diff --git a/src/login-common/main.c b/src/login-common/main.c
index ee87b8cda45de0d583522c49c5e3a99d490dd4f7..3c3bb3eba467f707458e34bd94e973351e237e54 100644 (file)
--- a/src/login-common/main.c
+++ b/src/login-common/main.c
@@ -28,14 +28,6 @@
 
 #define AUTH_CLIENT_IDLE_TIMEOUT_MSECS (1000*60)
 
-struct login_access_lookup {
-       struct master_service_connection conn;
-       struct io *io;
-
-       char **sockets, **next_socket;
-       struct access_lookup *access;
-};
-
 struct event *event_auth;
 static struct event_category event_category_auth = {
        .name = "auth",
@@ -68,8 +60,6 @@ static bool shutting_down = FALSE;
 static bool ssl_connections = FALSE;
 static bool auth_connected_once = FALSE;
 
-static void login_access_lookup_next(struct login_access_lookup *lookup);
-
 static bool get_first_client(struct client **client_r)
 {
        struct client *client = clients;
@@ -191,70 +181,6 @@ client_connected_finish(const struct master_service_connection *conn)
        timeout_remove(&auth_client_to);
 }
 
-static void login_access_lookup_free(struct login_access_lookup *lookup)
-{
-       io_remove(&lookup->io);
-       if (lookup->access != NULL)
-               access_lookup_destroy(&lookup->access);
-       if (lookup->conn.fd != -1) {
-               if (close(lookup->conn.fd) < 0)
-                       i_error("close(client) failed: %m");
-               master_service_client_connection_destroyed(master_service);
-       }
-
-       p_strsplit_free(default_pool, lookup->sockets);
-       i_free(lookup);
-}
-
-static void login_access_callback(bool success, void *context)
-{
-       struct login_access_lookup *lookup = context;
-
-       if (!success) {
-               i_info("access(%s): Client refused (rip=%s)",
-                      *lookup->next_socket,
-                      net_ip2addr(&lookup->conn.remote_ip));
-               login_access_lookup_free(lookup);
-       } else {
-               lookup->next_socket++;
-               login_access_lookup_next(lookup);
-       }
-}
-
-static void login_access_lookup_next(struct login_access_lookup *lookup)
-{
-       if (*lookup->next_socket == NULL) {
-               /* last one */
-               io_remove(&lookup->io);
-               client_connected_finish(&lookup->conn);
-               lookup->conn.fd = -1;
-               login_access_lookup_free(lookup);
-               return;
-       }
-       lookup->access = access_lookup(*lookup->next_socket, lookup->conn.fd,
-                                      login_binary->protocol,
-                                      login_access_callback, lookup);
-       if (lookup->access == NULL)
-               login_access_lookup_free(lookup);
-}
-
-static void client_input_error(struct login_access_lookup *lookup)
-{
-       char c;
-       int ret;
-
-       ret = recv(lookup->conn.fd, &c, 1, MSG_PEEK);
-       if (ret <= 0) {
-               i_info("access(%s): Client disconnected during lookup (rip=%s)",
-                      *lookup->next_socket,
-                      net_ip2addr(&lookup->conn.remote_ip));
-               login_access_lookup_free(lookup);
-       } else {
-               /* actual input. stop listening until lookup is done. */
-               io_remove(&lookup->io);
-       }
-}
-
 static unsigned int
 master_admin_cmd_kick_user(const char *user, const guid_128_t conn_guid)
 {
@@ -267,10 +193,6 @@ static const struct master_admin_client_callback admin_callbacks = {
 
 static void client_connected(struct master_service_connection *conn)
 {
-       const char *access_sockets =
-               global_login_settings->login_access_sockets;
-       struct login_access_lookup *lookup;
-
        master_service_client_connection_accept(conn);
 
        if (conn->remote_ip.family != 0) {
@@ -283,19 +205,7 @@ static void client_connected(struct master_service_connection *conn)
        /* make sure we're connected (or attempting to connect) to auth */
        auth_client_connect(auth_client);
 
-       if (*access_sockets == '\0') {
-               /* no access checks */
-               client_connected_finish(conn);
-               return;
-       }
-
-       lookup = i_new(struct login_access_lookup, 1);
-       lookup->conn = *conn;
-       lookup->io = io_add(conn->fd, IO_READ, client_input_error, lookup);
-       lookup->sockets = p_strsplit_spaces(default_pool, access_sockets, " ");
-       lookup->next_socket = lookup->sockets;
-
-       login_access_lookup_next(lookup);
+       client_connected_finish(conn);
 }
 
 static void auth_connect_notify(struct auth_client *client ATTR_UNUSED,