lmtp, *-login: Use ip/port values from struct master_service_connection instead of...

This way, a proxy protocol like HAProxy can transparently override these
addresses with what is seen by the proxy.

diff --git a/src/lmtp/client.c b/src/lmtp/client.c
index 990c1091c56c7ba84e446a53ff00bb3f65318c20..51a05f73b94ab52a04353cc2b2e53b3ddf8d670b 100644 (file)
--- a/src/lmtp/client.c
+++ b/src/lmtp/client.c
@@ -249,7 +249,8 @@ struct client *client_create(int fd_in, int fd_out,
        client->fd_out = fd_out;
        client->remote_ip = conn->remote_ip;
        client->remote_port = conn->remote_port;
-       (void)net_getsockname(conn->fd, &client->local_ip, &client->local_port);
+       client->local_ip = conn->local_ip;
+       client->local_port = conn->local_port;
 
        client->input = i_stream_create_fd(fd_in, CLIENT_MAX_INPUT_SIZE, FALSE);
        client->output = o_stream_create_fd(fd_out, (size_t)-1, FALSE);

diff --git a/src/login-common/client-common.c b/src/login-common/client-common.c
index eda2d9e3abcfc1719bba44ddc2f47702dd2bdda1..ed407ccaa13367309d45e83172a8174ca1d08fea 100644 (file)
--- a/src/login-common/client-common.c
+++ b/src/login-common/client-common.c
@@ -103,10 +103,10 @@ static bool client_is_trusted(struct client *client)
 
 struct client *
 client_create(int fd, bool ssl, pool_t pool,
+             const struct master_service_connection *conn,
              const struct login_settings *set,
              const struct master_service_ssl_settings *ssl_set,
-             void **other_sets,
-             const struct ip_addr *local_ip, const struct ip_addr *remote_ip)
+             void **other_sets)
 {
        struct client *client;
 
@@ -125,13 +125,22 @@ client_create(int fd, bool ssl, pool_t pool,
        client->pool = pool;
        client->set = set;
        client->ssl_set = ssl_set;
-       client->real_local_ip = client->local_ip = *local_ip;
-       client->real_remote_ip = client->ip = *remote_ip;
+
        client->fd = fd;
        client->tls = ssl;
+
+       client->local_ip = conn->local_ip;
+       client->local_port = conn->local_port;
+       client->ip = conn->remote_ip;
+       client->remote_port = conn->remote_port;
+       client->real_local_ip = conn->real_local_ip;
+       client->real_local_port = conn->real_local_port;
+       client->real_remote_ip = conn->real_remote_ip;
+       client->real_remote_port = conn->real_remote_port; 
+
        client->trusted = client_is_trusted(client);
        client->secured = ssl || client->trusted ||
-               net_ip_compare(remote_ip, local_ip);
+               net_ip_compare(&conn->real_remote_ip, &conn->real_local_ip);
        client->proxy_ttl = LOGIN_PROXY_TTL;
 
        if (last_client == NULL)

diff --git a/src/login-common/client-common.h b/src/login-common/client-common.h
index 3f44db91669573851b8f0c15730adebeedae9af6..21c5cab54715f1be913486ab90bda1c3663da2e8 100644 (file)
--- a/src/login-common/client-common.h
+++ b/src/login-common/client-common.h
@@ -34,6 +34,8 @@
 #define AUTH_MASTER_WAITING_MSG \
        "Waiting for authentication master process to respond.."
 
+struct master_service_connection;
+
 enum client_disconnect_reason {
        CLIENT_DISCONNECT_TIMEOUT,
        CLIENT_DISCONNECT_SYSTEM_SHUTDOWN,
@@ -173,10 +175,10 @@ extern struct client *clients;
 
 struct client *
 client_create(int fd, bool ssl, pool_t pool,
+             const struct master_service_connection *conn,
              const struct login_settings *set,
              const struct master_service_ssl_settings *ssl_set,
-             void **other_sets,
-             const struct ip_addr *local_ip, const struct ip_addr *remote_ip);
+             void **other_sets);
 void client_destroy(struct client *client, const char *reason);
 void client_destroy_success(struct client *client, const char *reason);
 void client_destroy_internal_failure(struct client *client);

diff --git a/src/login-common/main.c b/src/login-common/main.c
index 777b408f1abf483869d51bc92f234f5e60b92518..0db794b54ae18f1477edefb700fa0b066d444dac 100644 (file)
--- a/src/login-common/main.c
+++ b/src/login-common/main.c
@@ -112,27 +112,19 @@ client_connected_finish(const struct master_service_connection *conn)
 {
        struct client *client;
        struct ssl_proxy *proxy;
-       struct ip_addr local_ip;
        const struct login_settings *set;
        const struct master_service_ssl_settings *ssl_set;
-       unsigned int local_port;
        pool_t pool;
        int fd_ssl;
        void **other_sets;
 
-       if (net_getsockname(conn->fd, &local_ip, &local_port) < 0) {
-               memset(&local_ip, 0, sizeof(local_ip));
-               local_port = 0;
-       }
-
        pool = pool_alloconly_create("login client", 8*1024);
-       set = login_settings_read(pool, &local_ip,
+       set = login_settings_read(pool, &conn->local_ip,
                                  &conn->remote_ip, NULL, &ssl_set, &other_sets);
 
        if (!ssl_connections && !conn->ssl) {
-               client = client_create(conn->fd, FALSE, pool,
-                                      set, ssl_set, other_sets,
-                                      &local_ip, &conn->remote_ip);
+               client = client_create(conn->fd, FALSE, pool, conn,
+                                      set, ssl_set, other_sets);
        } else {
                fd_ssl = ssl_proxy_alloc(conn->fd, &conn->remote_ip, pool,
                                         set, ssl_set, &proxy);
@@ -143,17 +135,13 @@ client_connected_finish(const struct master_service_connection *conn)
                        return;
                }
 
-               client = client_create(fd_ssl, TRUE, pool,
-                                      set, ssl_set, other_sets,
-                                      &local_ip, &conn->remote_ip);
+               client = client_create(fd_ssl, TRUE, pool, conn,
+                                      set, ssl_set, other_sets);
                client->ssl_proxy = proxy;
                ssl_proxy_set_client(proxy, client);
                ssl_proxy_start(proxy);
        }
 
-       client->real_remote_port = client->remote_port = conn->remote_port;
-       client->real_local_port = client->local_port = local_port;
-
        if (auth_client_to != NULL)
                timeout_remove(&auth_client_to);
 }