login proxy: If passdb returns "source_ip" extra field, use it for outgoing connections.

author Timo Sirainen <tss@iki.fi>

Mon, 16 Jun 2014 16:21:36 +0000 (19:21 +0300)

committer Timo Sirainen <tss@iki.fi>

Mon, 16 Jun 2014 16:21:36 +0000 (19:21 +0300)
author Timo Sirainen <tss@iki.fi>
Mon, 16 Jun 2014 16:21:36 +0000 (19:21 +0300)
committer Timo Sirainen <tss@iki.fi>
Mon, 16 Jun 2014 16:21:36 +0000 (19:21 +0300)
diff --git a/src/login-common/client-common-auth.c b/src/login-common/client-common-auth.c

index bdcd3b310f58e8b56947b927c7e02f06236df155..e46c827f21b23086570e3d06a04616dab970a544 100644 (file)
--- a/src/login-common/client-common-auth.c
+++ b/src/login-common/client-common-auth.c
@@ -95,6 +95,8 @@ static void client_auth_parse_args(struct client *client,
                         reply_r->host = value;
                 else if (strcmp(key, "hostip") == 0)
                         reply_r->hostip = value;
+               else if (strcmp(key, "source_ip") == 0)
+                       reply_r->source_ip = value;
                 else if (strcmp(key, "port") == 0)
                         reply_r->port = atoi(value);
                 else if (strcmp(key, "destuser") == 0)
@@ -336,6 +338,9 @@ static int proxy_start(struct client *client,
         if (reply->hostip != NULL &&
             net_addr2ip(reply->hostip, &proxy_set.ip) < 0)
                 proxy_set.ip.family = 0;
+       if (reply->source_ip != NULL &&
+           net_addr2ip(reply->source_ip, &proxy_set.source_ip) < 0)
+               proxy_set.source_ip.family = 0;
         proxy_set.port = reply->port;
         proxy_set.connect_timeout_msecs = reply->proxy_timeout_msecs;
         if (proxy_set.connect_timeout_msecs == 0)
diff --git a/src/login-common/client-common.h b/src/login-common/client-common.h

index 915207186b172e193e997e5ef752e0edb41a1de8..38572b26275bd569c7800c91c719b2eabfb18a7e 100644 (file)
--- a/src/login-common/client-common.h
+++ b/src/login-common/client-common.h
@@ -55,7 +55,8 @@ enum client_auth_result {
  struct client_auth_reply {
         const char *master_user, *reason;
         /* for proxying */
-       const char *host, *hostip, *destuser, *password, *proxy_mech;
+       const char *host, *hostip, *source_ip;
+       const char *destuser, *password, *proxy_mech;
         unsigned int port;
         unsigned int proxy_timeout_msecs;
         unsigned int proxy_refresh_secs;
diff --git a/src/login-common/login-proxy.c b/src/login-common/login-proxy.c

index 25bc470d67d3eb8dea8219361e4b47998296fa24..bdbbb89242eccf02a745ea85f25d9892997a3462 100644 (file)
--- a/src/login-common/login-proxy.c
+++ b/src/login-common/login-proxy.c
@@ -39,7 +39,7 @@ struct login_proxy {
         struct timeout *to, *to_notify;
         struct login_proxy_record *state_rec;
  
-       struct ip_addr ip;
+       struct ip_addr ip, source_ip;
         char *host;
         unsigned int port;
         unsigned int connect_timeout_msecs;
@@ -229,6 +229,9 @@ proxy_log_connect_error(struct login_proxy *proxy)
             net_getsockname(proxy->server_fd, &local_ip, &local_port) == 0) {
                 str_printfa(str, ", local=%s:%u",
                             net_ip2addr(&local_ip), local_port);
+       } else if (proxy->source_ip.family != 0) {
+               str_printfa(str, ", local=%s",
+                           net_ip2addr(&proxy->source_ip));
         }
  
         str_append_c(str, ')');
@@ -285,7 +288,9 @@ static int login_proxy_connect(struct login_proxy *proxy)
                 return -1;
         }
  
-       proxy->server_fd = net_connect_ip(&proxy->ip, proxy->port, NULL);
+       proxy->server_fd = net_connect_ip(&proxy->ip, proxy->port,
+                                         proxy->source_ip.family == 0 ? NULL :
+                                         &proxy->source_ip);
         if (proxy->server_fd == -1) {
                 proxy_log_connect_error(proxy);
                 login_proxy_free(&proxy);
@@ -328,6 +333,7 @@ int login_proxy_new(struct client *client,
         proxy->server_fd = -1;
         proxy->created = ioloop_timeval;
         proxy->ip = set->ip;
+       proxy->source_ip = set->source_ip;
         proxy->host = i_strdup(set->host);
         proxy->port = set->port;
         proxy->connect_timeout_msecs = set->connect_timeout_msecs;
diff --git a/src/login-common/login-proxy.h b/src/login-common/login-proxy.h

index 58fe0122fe3c53896592e3316672df97584e514c..690e54d8b1841158466dd9fc22e80dbb93e7984d 100644 (file)
--- a/src/login-common/login-proxy.h
+++ b/src/login-common/login-proxy.h
@@ -24,7 +24,7 @@ enum login_proxy_ssl_flags {
  
  struct login_proxy_settings {
         const char *host;
-       struct ip_addr ip;
+       struct ip_addr ip, source_ip;
         unsigned int port;
         unsigned int connect_timeout_msecs;
         /* send a notification about proxy connection to proxy-notify pipe
author	Timo Sirainen <tss@iki.fi>
	Mon, 16 Jun 2014 16:21:36 +0000 (19:21 +0300)
committer	Timo Sirainen <tss@iki.fi>
	Mon, 16 Jun 2014 16:21:36 +0000 (19:21 +0300)
src/login-common/client-common-auth.c		patch \| blob \| blame \| history
src/login-common/client-common.h		patch \| blob \| blame \| history
src/login-common/login-proxy.c		patch \| blob \| blame \| history
src/login-common/login-proxy.h		patch \| blob \| blame \| history