From: Stephan Bosch Date: Mon, 15 Jun 2015 16:50:53 +0000 (+0200) Subject: lmtp, *-login: Use ip/port values from struct master_service_connection instead of... X-Git-Tag: 2.2.19.rc1~244 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=a05fec120ecd8c4ed6331c42100cba42adf22893;p=thirdparty%2Fdovecot%2Fcore.git lmtp, *-login: Use ip/port values from struct master_service_connection instead of from the socket. This way, a proxy protocol like HAProxy can transparently override these addresses with what is seen by the proxy. --- diff --git a/src/lmtp/client.c b/src/lmtp/client.c index 990c1091c5..51a05f73b9 100644 --- a/src/lmtp/client.c +++ b/src/lmtp/client.c @@ -249,7 +249,8 @@ struct client *client_create(int fd_in, int fd_out, client->fd_out = fd_out; client->remote_ip = conn->remote_ip; client->remote_port = conn->remote_port; - (void)net_getsockname(conn->fd, &client->local_ip, &client->local_port); + client->local_ip = conn->local_ip; + client->local_port = conn->local_port; client->input = i_stream_create_fd(fd_in, CLIENT_MAX_INPUT_SIZE, FALSE); client->output = o_stream_create_fd(fd_out, (size_t)-1, FALSE); diff --git a/src/login-common/client-common.c b/src/login-common/client-common.c index eda2d9e3ab..ed407ccaa1 100644 --- a/src/login-common/client-common.c +++ b/src/login-common/client-common.c @@ -103,10 +103,10 @@ static bool client_is_trusted(struct client *client) struct client * client_create(int fd, bool ssl, pool_t pool, + const struct master_service_connection *conn, const struct login_settings *set, const struct master_service_ssl_settings *ssl_set, - void **other_sets, - const struct ip_addr *local_ip, const struct ip_addr *remote_ip) + void **other_sets) { struct client *client; @@ -125,13 +125,22 @@ client_create(int fd, bool ssl, pool_t pool, client->pool = pool; client->set = set; client->ssl_set = ssl_set; - client->real_local_ip = client->local_ip = *local_ip; - client->real_remote_ip = client->ip = *remote_ip; + client->fd = fd; client->tls = ssl; + + client->local_ip = conn->local_ip; + client->local_port = conn->local_port; + client->ip = conn->remote_ip; + client->remote_port = conn->remote_port; + client->real_local_ip = conn->real_local_ip; + client->real_local_port = conn->real_local_port; + client->real_remote_ip = conn->real_remote_ip; + client->real_remote_port = conn->real_remote_port; + client->trusted = client_is_trusted(client); client->secured = ssl || client->trusted || - net_ip_compare(remote_ip, local_ip); + net_ip_compare(&conn->real_remote_ip, &conn->real_local_ip); client->proxy_ttl = LOGIN_PROXY_TTL; if (last_client == NULL) diff --git a/src/login-common/client-common.h b/src/login-common/client-common.h index 3f44db9166..21c5cab547 100644 --- a/src/login-common/client-common.h +++ b/src/login-common/client-common.h @@ -34,6 +34,8 @@ #define AUTH_MASTER_WAITING_MSG \ "Waiting for authentication master process to respond.." +struct master_service_connection; + enum client_disconnect_reason { CLIENT_DISCONNECT_TIMEOUT, CLIENT_DISCONNECT_SYSTEM_SHUTDOWN, @@ -173,10 +175,10 @@ extern struct client *clients; struct client * client_create(int fd, bool ssl, pool_t pool, + const struct master_service_connection *conn, const struct login_settings *set, const struct master_service_ssl_settings *ssl_set, - void **other_sets, - const struct ip_addr *local_ip, const struct ip_addr *remote_ip); + void **other_sets); void client_destroy(struct client *client, const char *reason); void client_destroy_success(struct client *client, const char *reason); void client_destroy_internal_failure(struct client *client); diff --git a/src/login-common/main.c b/src/login-common/main.c index 777b408f1a..0db794b54a 100644 --- a/src/login-common/main.c +++ b/src/login-common/main.c @@ -112,27 +112,19 @@ client_connected_finish(const struct master_service_connection *conn) { struct client *client; struct ssl_proxy *proxy; - struct ip_addr local_ip; const struct login_settings *set; const struct master_service_ssl_settings *ssl_set; - unsigned int local_port; pool_t pool; int fd_ssl; void **other_sets; - if (net_getsockname(conn->fd, &local_ip, &local_port) < 0) { - memset(&local_ip, 0, sizeof(local_ip)); - local_port = 0; - } - pool = pool_alloconly_create("login client", 8*1024); - set = login_settings_read(pool, &local_ip, + set = login_settings_read(pool, &conn->local_ip, &conn->remote_ip, NULL, &ssl_set, &other_sets); if (!ssl_connections && !conn->ssl) { - client = client_create(conn->fd, FALSE, pool, - set, ssl_set, other_sets, - &local_ip, &conn->remote_ip); + client = client_create(conn->fd, FALSE, pool, conn, + set, ssl_set, other_sets); } else { fd_ssl = ssl_proxy_alloc(conn->fd, &conn->remote_ip, pool, set, ssl_set, &proxy); @@ -143,17 +135,13 @@ client_connected_finish(const struct master_service_connection *conn) return; } - client = client_create(fd_ssl, TRUE, pool, - set, ssl_set, other_sets, - &local_ip, &conn->remote_ip); + client = client_create(fd_ssl, TRUE, pool, conn, + set, ssl_set, other_sets); client->ssl_proxy = proxy; ssl_proxy_set_client(proxy, client); ssl_proxy_start(proxy); } - client->real_remote_port = client->remote_port = conn->remote_port; - client->real_local_port = client->local_port = local_port; - if (auth_client_to != NULL) timeout_remove(&auth_client_to); }