Change all callers to set and use the pool properly.
const struct master_service_ssl_settings *master_ssl_set =
settings_get_or_fatal(master_service_get_event(master_service),
&master_service_ssl_setting_parser_info);
- struct ssl_iostream_settings ssl_set;
- i_zero(&ssl_set);
+ const struct ssl_iostream_settings *ssl_set;
http_client_set.request_absolute_timeout_msecs =
global_auth_settings->policy_server_timeout_msecs;
if (global_auth_settings->debug)
http_client_set.debug = 1;
- master_service_ssl_client_settings_to_iostream_set(
- master_ssl_set, pool_datastack_create(), &ssl_set);
- http_client_set.ssl = &ssl_set;
+ master_service_ssl_client_settings_to_iostream_set(master_ssl_set, &ssl_set);
+ http_client_set.ssl = ssl_set;
http_client_set.event_parent = auth_event;
http_client = http_client_init(&http_client_set);
settings_free(master_ssl_set);
+ settings_free(ssl_set);
/* prepare template */
{
struct db_oauth2 *db;
const char *error;
- struct ssl_iostream_settings ssl_set;
+ struct ssl_iostream_settings *ssl_set;
struct http_client_settings http_set;
for(db = db_oauth2_head; db != NULL; db = db->next) {
db->tmpl = passdb_template_build(pool, db->set.pass_attrs);
- i_zero(&ssl_set);
- i_zero(&http_set);
+ pool_t ssl_pool = pool_alloconly_create("oauth2 ssl settings",
+ sizeof(*ssl_set));
+ ssl_set = p_new(ssl_pool, struct ssl_iostream_settings, 1);
+ ssl_set->pool = ssl_pool;
- ssl_set.cipher_list = db->set.tls_cipher_suite;
- ssl_set.ca_file = db->set.tls_ca_cert_file;
- ssl_set.ca_dir = db->set.tls_ca_cert_dir;
+ ssl_set->cipher_list = db->set.tls_cipher_suite;
+ ssl_set->ca_file = db->set.tls_ca_cert_file;
+ ssl_set->ca_dir = db->set.tls_ca_cert_dir;
if (db->set.tls_cert_file != NULL && *db->set.tls_cert_file != '\0') {
- ssl_set.cert.cert = db->set.tls_cert_file;
- ssl_set.cert.key = db->set.tls_key_file;
+ ssl_set->cert.cert = db->set.tls_cert_file;
+ ssl_set->cert.key = db->set.tls_key_file;
}
- ssl_set.prefer_server_ciphers = TRUE;
- ssl_set.allow_invalid_cert = db->set.tls_allow_invalid_cert;
- http_set.ssl = &ssl_set;
+ ssl_set->prefer_server_ciphers = TRUE;
+ ssl_set->allow_invalid_cert = db->set.tls_allow_invalid_cert;
+
+ i_zero(&http_set);
+ http_set.ssl = ssl_set;
http_set.dns_client_socket_path = "dns-client";
http_set.user_agent = "dovecot-oauth2-passdb/" DOVECOT_VERSION;
http_set.event_parent = auth_event;
db->client = http_client_init(&http_set);
+ pool_unref(&ssl_pool);
i_zero(&db->oauth2_set);
db->oauth2_set.client = db->client;
if (ssl) {
if (mail_storage_service_user_init_ssl_client_settings(
- service_user, pool_datastack_create(),
- &conn_set.ssl_set, error_r) < 0)
+ service_user, &conn_set.ssl_set, error_r) < 0)
return -1;
if (ctx->ssl_ctx == NULL &&
- ssl_iostream_client_context_cache_get(&conn_set.ssl_set,
+ ssl_iostream_client_context_cache_get(conn_set.ssl_set,
&ctx->ssl_ctx,
&error) < 0) {
*error_r = t_strdup_printf(
#include "istream.h"
#include "ostream.h"
#include "iostream-ssl.h"
+#include "settings.h"
#include "fs-api.h"
#include "doveadm.h"
#include "doveadm-print.h"
static struct fs *
cmd_fs_init(struct doveadm_cmd_context *cctx)
{
- struct ssl_iostream_settings ssl_set;
+ const struct ssl_iostream_settings *ssl_set;
struct fs_settings fs_set;
struct fs *fs;
const char *fs_driver, *fs_args, *error;
!doveadm_cmd_param_str(cctx, "fs-args", &fs_args))
fs_cmd_help(cctx);
- doveadm_get_ssl_settings(&ssl_set, pool_datastack_create());
+ doveadm_get_ssl_settings(&ssl_set);
i_zero(&fs_set);
- fs_set.ssl_client_set = &ssl_set;
+ fs_set.ssl_client_set = ssl_set;
fs_set.temp_dir = doveadm_settings->mail_temp_dir;
fs_set.base_dir = doveadm_settings->base_dir;
fs_set.debug = doveadm_debug;
if (fs_init(fs_driver, fs_args, &fs_set, &fs, &error) < 0)
i_fatal("fs_init() failed: %s", error);
+ settings_free(ssl_set);
return fs;
}
#include "connection.h"
#include "ioloop.h"
#include "istream.h"
+#include "settings.h"
#include "master-service.h"
#include "iostream-ssl.h"
#include "auth-proxy.h"
request_copy = *request;
array_pop_front(&doveadm_server_request_queue);
- doveadm_get_ssl_settings(&request_copy.set.ssl_set,
- pool_datastack_create());
+ doveadm_get_ssl_settings(&request_copy.set.ssl_set);
if (doveadm_client_create(&request_copy.set, &conn, error_r) < 0) {
+ settings_free(request_copy.set.ssl_set);
internal_failure = TRUE;
return -1;
}
+ settings_free(request_copy.set.ssl_set);
doveadm_mail_server_handle(request_copy.server, conn, cmd_ctx,
request_copy.username,
request_copy.print_username);
}
if (doveadm_clients_count() <= limit) {
- doveadm_get_ssl_settings(&conn_set.ssl_set,
- pool_datastack_create());
+ doveadm_get_ssl_settings(&conn_set.ssl_set);
if (doveadm_client_create(&conn_set, &conn, error_r) < 0) {
+ settings_free(conn_set.ssl_set);
internal_failure = TRUE;
return -1;
} else {
+ settings_free(conn_set.ssl_set);
doveadm_mail_server_handle(server, conn, ctx,
proxy_set.username,
print_username);
const struct master_service_ssl_settings *doveadm_ssl_set = NULL;
-void doveadm_get_ssl_settings(struct ssl_iostream_settings *set_r, pool_t pool)
+void doveadm_get_ssl_settings(const struct ssl_iostream_settings **set_r)
{
- master_service_ssl_client_settings_to_iostream_set(doveadm_ssl_set,
- pool, set_r);
+ master_service_ssl_client_settings_to_iostream_set(doveadm_ssl_set, set_r);
}
void doveadm_read_settings(void)
extern const struct master_service_ssl_settings *doveadm_ssl_set;
extern bool doveadm_verbose_proctitle;
-void doveadm_get_ssl_settings(struct ssl_iostream_settings *set_r, pool_t pool);
+void doveadm_get_ssl_settings(const struct ssl_iostream_settings **set_r);
void doveadm_read_settings(void);
/* Returns the global binary config fd. Note that it may be -1 if doveadm was
dest_r->password = p_strdup(pool, src->password);
dest_r->ssl_flags = src->ssl_flags;
- dest_r->ssl_set = *ssl_iostream_settings_dup(pool, &src->ssl_set);
+ dest_r->ssl_set = src->ssl_set;
+ pool_add_external_ref(pool, src->ssl_set->pool);
if (src->ssl_ctx != NULL) {
dest_r->ssl_ctx = src->ssl_ctx;
ssl_iostream_context_ref(dest_r->ssl_ctx);
static int doveadm_client_init_ssl(struct doveadm_client *conn,
const char **error_r)
{
- struct ssl_iostream_settings ssl_set = conn->set.ssl_set;
+ struct ssl_iostream_settings ssl_set = *conn->set.ssl_set;
const char *error;
if (conn->set.ssl_flags == 0)
/* SSL flags. */
enum auth_proxy_ssl_flags ssl_flags;
/* SSL settings. */
- struct ssl_iostream_settings ssl_set;
+ const struct ssl_iostream_settings *ssl_set;
/* SSL context, or NULL to create a new one. */
struct ssl_iostream_context *ssl_ctx;
AM_CPPFLAGS = \
-I$(top_srcdir)/src/lib \
-I$(top_srcdir)/src/lib-test \
+ -I$(top_srcdir)/src/lib-settings \
-I$(top_srcdir)/src/lib-dns \
-I$(top_srcdir)/src/lib-ssl-iostream \
-I$(top_srcdir)/src/lib-master \
#include "dns-lookup.h"
#include "iostream-rawlog.h"
#include "iostream-ssl.h"
+#include "settings.h"
#include "http-url.h"
#include "http-client-private.h"
if (set->rawlog_dir != NULL && *set->rawlog_dir != '\0')
client->set.rawlog_dir = p_strdup_empty(pool, set->rawlog_dir);
- if (set->ssl != NULL)
- client->set.ssl = ssl_iostream_settings_dup(pool, set->ssl);
+ if (set->ssl != NULL) {
+ client->set.ssl = set->ssl;
+ pool_ref(client->set.ssl->pool);
+ }
if (set->proxy_socket_path != NULL && *set->proxy_socket_path != '\0') {
client->set.proxy_socket_path = p_strdup(pool, set->proxy_socket_path);
array_free(&client->delayed_failing_requests);
timeout_remove(&client->to_failing_requests);
+ settings_free(client->set.ssl);
if (client->ssl_ctx != NULL)
ssl_iostream_context_unref(&client->ssl_ctx);
http_client_context_remove_client(client->cctx, client);
cctx->set.user_agent = p_strdup_empty(pool, set->user_agent);
cctx->set.rawlog_dir = p_strdup_empty(pool, set->rawlog_dir);
- if (set->ssl != NULL)
- cctx->set.ssl = ssl_iostream_settings_dup(pool, set->ssl);
+ if (set->ssl != NULL) {
+ cctx->set.ssl = set->ssl;
+ pool_ref(cctx->set.ssl->pool);
+ }
if (set->proxy_socket_path != NULL &&
*set->proxy_socket_path != '\0') {
#include "dns-lookup.h"
#include "iostream-rawlog.h"
#include "iostream-ssl.h"
+#include "settings.h"
#include "http-url.h"
#include "http-server-private.h"
if (set->rawlog_dir != NULL && *set->rawlog_dir != '\0')
server->set.rawlog_dir = p_strdup(pool, set->rawlog_dir);
if (set->ssl != NULL) {
- server->set.ssl =
- ssl_iostream_settings_dup(server->pool, set->ssl);
+ server->set.ssl = set->ssl;
+ pool_ref(server->set.ssl->pool);
}
server->set.max_client_idle_time_msecs = set->max_client_idle_time_msecs;
server->set.max_pipelined_requests =
http_server_resource_free(&res);
i_assert(array_count(&server->locations) == 0);
+ settings_free(server->set.ssl);
if (server->ssl_ctx != NULL)
ssl_iostream_context_unref(&server->ssl_ctx);
event_unref(&server->event);
dns_client = NULL;
}
i_zero(&ssl_set);
+ ssl_set.pool = null_pool;
ssl_set.allow_invalid_cert = TRUE;
if (stat("/etc/ssl/certs", &st) == 0 && S_ISDIR(st.st_mode))
ssl_set.ca_dir = "/etc/ssl/certs"; /* debian */
AM_CPPFLAGS = \
-I$(top_srcdir)/src/lib \
-I$(top_srcdir)/src/lib-test \
+ -I$(top_srcdir)/src/lib-settings \
-I$(top_srcdir)/src/lib-dns \
-I$(top_srcdir)/src/lib-sasl \
-I$(top_srcdir)/src/lib-ssl-iostream \
#include "ioloop.h"
#include "safe-mkstemp.h"
#include "iostream-ssl.h"
+#include "settings.h"
#include "imapc-msgmap.h"
#include "imapc-connection.h"
#include "imapc-client-private.h"
if (set->ssl_mode != IMAPC_CLIENT_SSL_MODE_NONE) {
client->set.ssl_mode = set->ssl_mode;
- ssl_iostream_settings_init_from(pool, &client->set.ssl_set, &set->ssl_set);
- if (ssl_iostream_client_context_cache_get(&client->set.ssl_set,
+ if (ssl_iostream_client_context_cache_get(&set->ssl_set,
&client->ssl_ctx,
&error) < 0) {
e_error(client->event, "Couldn't initialize SSL context: %s", error);
struct http_client *client;
struct http_client_settings http_set;
- struct ssl_iostream_settings ssl_set;
+ const struct ssl_iostream_settings *ssl_set;
const char *error;
i_zero(&http_set);
&master_service_ssl_setting_parser_info,
0, &master_ssl_set, &error) < 0)
luaL_error(L, "%s", error);
- master_service_ssl_client_settings_to_iostream_set(master_ssl_set,
- pool_datastack_create(), &ssl_set);
- http_set.ssl = &ssl_set;
+ master_service_ssl_client_settings_to_iostream_set(master_ssl_set, &ssl_set);
+ http_set.ssl = ssl_set;
settings_free(master_ssl_set);
client = http_client_init(&http_set);
+ settings_free(ssl_set);
dlua_push_http_client(L, client);
return 1;
}
}
/* </settings checks> */
-static void master_service_ssl_common_settings_to_iostream_set(
- const struct master_service_ssl_settings *ssl_set, pool_t pool,
- struct ssl_iostream_settings *set_r)
+static struct ssl_iostream_settings *
+master_service_ssl_common_settings_to_iostream_set(
+ const struct master_service_ssl_settings *ssl_set)
{
- i_zero(set_r);
- set_r->min_protocol = p_strdup(pool, ssl_set->ssl_min_protocol);
- set_r->cipher_list = p_strdup(pool, ssl_set->ssl_cipher_list);
+ struct ssl_iostream_settings *set;
+ pool_t pool = pool_alloconly_create("ssl iostream settings", 256);
+ set = p_new(pool, struct ssl_iostream_settings, 1);
+ set->pool = pool;
+ set->min_protocol = p_strdup(pool, ssl_set->ssl_min_protocol);
+ set->cipher_list = p_strdup(pool, ssl_set->ssl_cipher_list);
/* leave NULL if empty - let library decide */
- set_r->ciphersuites = p_strdup_empty(pool, ssl_set->ssl_cipher_suites);
+ set->ciphersuites = p_strdup_empty(pool, ssl_set->ssl_cipher_suites);
- set_r->crypto_device = p_strdup(pool, ssl_set->ssl_crypto_device);
+ set->crypto_device = p_strdup(pool, ssl_set->ssl_crypto_device);
- set_r->compression = ssl_set->parsed_opts.compression;
- set_r->tickets = ssl_set->parsed_opts.tickets;
- set_r->curve_list = p_strdup(pool, ssl_set->ssl_curve_list);
+ set->compression = ssl_set->parsed_opts.compression;
+ set->tickets = ssl_set->parsed_opts.tickets;
+ set->curve_list = p_strdup(pool, ssl_set->ssl_curve_list);
+ return set;
}
void master_service_ssl_client_settings_to_iostream_set(
- const struct master_service_ssl_settings *ssl_set, pool_t pool,
- struct ssl_iostream_settings *set_r)
+ const struct master_service_ssl_settings *ssl_set,
+ const struct ssl_iostream_settings **set_r)
{
- master_service_ssl_common_settings_to_iostream_set(ssl_set, pool, set_r);
-
- set_r->ca = p_strdup_empty(pool, ssl_set->ssl_client_ca);
- set_r->ca_file = p_strdup_empty(pool, ssl_set->ssl_client_ca_file);
- set_r->ca_dir = p_strdup_empty(pool, ssl_set->ssl_client_ca_dir);
- set_r->cert.cert = p_strdup_empty(pool, ssl_set->ssl_client_cert);
- set_r->cert.key = p_strdup_empty(pool, ssl_set->ssl_client_key);
- set_r->verify_remote_cert = ssl_set->ssl_client_require_valid_cert;
- set_r->allow_invalid_cert = !set_r->verify_remote_cert;
+ struct ssl_iostream_settings *set =
+ master_service_ssl_common_settings_to_iostream_set(ssl_set);
+ pool_t pool = set->pool;
+
+ set->ca = p_strdup_empty(pool, ssl_set->ssl_client_ca);
+ set->ca_file = p_strdup_empty(pool, ssl_set->ssl_client_ca_file);
+ set->ca_dir = p_strdup_empty(pool, ssl_set->ssl_client_ca_dir);
+ set->cert.cert = p_strdup_empty(pool, ssl_set->ssl_client_cert);
+ set->cert.key = p_strdup_empty(pool, ssl_set->ssl_client_key);
+ set->verify_remote_cert = ssl_set->ssl_client_require_valid_cert;
+ set->allow_invalid_cert = !set->verify_remote_cert;
/* client-side CRL checking not supported currently */
- set_r->skip_crl_check = TRUE;
+ set->skip_crl_check = TRUE;
+ *set_r = set;
}
void master_service_ssl_server_settings_to_iostream_set(
const struct master_service_ssl_settings *ssl_set,
const struct master_service_ssl_server_settings *ssl_server_set,
- pool_t pool, struct ssl_iostream_settings *set_r)
+ const struct ssl_iostream_settings **set_r)
{
- master_service_ssl_common_settings_to_iostream_set(ssl_set, pool, set_r);
-
- set_r->ca = p_strdup_empty(pool, ssl_server_set->ssl_ca);
- set_r->cert.cert = p_strdup(pool, ssl_server_set->ssl_cert);
- set_r->cert.key = p_strdup(pool, ssl_server_set->ssl_key);
- set_r->cert.key_password = p_strdup(pool, ssl_server_set->ssl_key_password);
+ struct ssl_iostream_settings *set =
+ master_service_ssl_common_settings_to_iostream_set(ssl_set);
+ pool_t pool = set->pool;
+
+ set->ca = p_strdup_empty(pool, ssl_server_set->ssl_ca);
+ set->cert.cert = p_strdup(pool, ssl_server_set->ssl_cert);
+ set->cert.key = p_strdup(pool, ssl_server_set->ssl_key);
+ set->cert.key_password = p_strdup(pool, ssl_server_set->ssl_key_password);
if (ssl_server_set->ssl_alt_cert != NULL &&
*ssl_server_set->ssl_alt_cert != '\0') {
- set_r->alt_cert.cert = p_strdup(pool, ssl_server_set->ssl_alt_cert);
- set_r->alt_cert.key = p_strdup(pool, ssl_server_set->ssl_alt_key);
- set_r->alt_cert.key_password = p_strdup(pool, ssl_server_set->ssl_key_password);
+ set->alt_cert.cert = p_strdup(pool, ssl_server_set->ssl_alt_cert);
+ set->alt_cert.key = p_strdup(pool, ssl_server_set->ssl_alt_key);
+ set->alt_cert.key_password = p_strdup(pool, ssl_server_set->ssl_key_password);
}
- set_r->dh = p_strdup(pool, ssl_server_set->ssl_dh);
- set_r->cert_username_field =
+ set->dh = p_strdup(pool, ssl_server_set->ssl_dh);
+ set->cert_username_field =
p_strdup(pool, ssl_server_set->ssl_cert_username_field);
- set_r->prefer_server_ciphers = ssl_server_set->ssl_prefer_server_ciphers;
- set_r->verify_remote_cert = ssl_server_set->ssl_request_client_cert;
- set_r->allow_invalid_cert = !set_r->verify_remote_cert;
+ set->prefer_server_ciphers = ssl_server_set->ssl_prefer_server_ciphers;
+ set->verify_remote_cert = ssl_server_set->ssl_request_client_cert;
+ set->allow_invalid_cert = !set->verify_remote_cert;
/* ssl_require_crl is used only for checking client-provided SSL
certificate's CRL. */
- set_r->skip_crl_check = !ssl_server_set->ssl_require_crl;
+ set->skip_crl_check = !ssl_server_set->ssl_require_crl;
+ *set_r = set;
}
/* Provides master service ssl settings to iostream settings */
void master_service_ssl_client_settings_to_iostream_set(
- const struct master_service_ssl_settings *ssl_set, pool_t pool,
- struct ssl_iostream_settings *set_r);
+ const struct master_service_ssl_settings *ssl_set,
+ const struct ssl_iostream_settings **set_r);
void master_service_ssl_server_settings_to_iostream_set(
const struct master_service_ssl_settings *ssl_set,
const struct master_service_ssl_server_settings *ssl_server_set,
- pool_t pool, struct ssl_iostream_settings *set_r);
+ const struct ssl_iostream_settings **set_r);
#endif
}
i_zero(&ssl_set);
+ ssl_set.pool = set->pool;
+ pool_add_external_ref(ssl_set.pool, server_set->pool);
ssl_set.min_protocol = set->ssl_min_protocol;
ssl_set.cipher_list = set->ssl_cipher_list;
ssl_set.curve_list = set->ssl_curve_list;
#include "iostream-rawlog.h"
#include "iostream-ssl.h"
#include "str.h"
+#include "settings.h"
#include "dsasl-client.h"
#include "dns-lookup.h"
#include "smtp-syntax.h"
timeout_remove(&conn->to_cmd_fail);
ssl_iostream_destroy(&conn->ssl_iostream);
+ settings_free(conn->set.ssl);
if (conn->ssl_ctx != NULL)
ssl_iostream_context_unref(&conn->ssl_ctx);
smtp_client_connection_auth_deinit(conn);
}
if (set->ssl != NULL) {
- conn->set.ssl =
- ssl_iostream_settings_dup(pool, set->ssl);
+ conn->set.ssl = set->ssl;
+ pool_ref(conn->set.ssl->pool);
}
if (set->master_user != NULL && *set->master_user != '\0') {
#include "istream.h"
#include "ostream.h"
#include "connection.h"
+#include "settings.h"
#include "dns-lookup.h"
#include "iostream-rawlog.h"
#include "iostream-ssl.h"
client->set.rawlog_dir = p_strdup_empty(pool, set->rawlog_dir);
if (set->ssl != NULL) {
- client->set.ssl =
- ssl_iostream_settings_dup(client->pool, set->ssl);
+ client->set.ssl = set->ssl;
+ pool_ref(client->set.ssl->pool);
}
client->set.master_user = p_strdup_empty(pool, set->master_user);
connection_list_deinit(&client->conn_list);
+ settings_free(client->set.ssl);
if (client->ssl_ctx != NULL)
ssl_iostream_context_unref(&client->ssl_ctx);
event_unref(&client->event);
#include "connection.h"
#include "iostream-rawlog.h"
#include "iostream-ssl.h"
+#include "settings.h"
#include "master-service.h"
#include "master-service-ssl.h"
if (set->rawlog_dir != NULL && *set->rawlog_dir != '\0')
conn->set.rawlog_dir = p_strdup(pool, set->rawlog_dir);
- if (set->ssl != NULL)
- conn->set.ssl = ssl_iostream_settings_dup(pool, set->ssl);
+ if (set->ssl != NULL) {
+ conn->set.ssl = set->ssl;
+ pool_ref(conn->set.ssl->pool);
+ }
if (set->hostname != NULL && *set->hostname != '\0')
conn->set.hostname = p_strdup(pool, set->hostname);
if (conn->smtp_parser != NULL)
smtp_command_parser_deinit(&conn->smtp_parser);
ssl_iostream_destroy(&conn->ssl_iostream);
+ settings_free(conn->set.ssl);
if (conn->ssl_ctx != NULL)
ssl_iostream_context_unref(&conn->ssl_ctx);
#include "istream.h"
#include "ostream.h"
#include "connection.h"
+#include "settings.h"
#include "dns-lookup.h"
#include "iostream-rawlog.h"
#include "iostream-ssl.h"
server->set.rawlog_dir = p_strdup_empty(pool, set->rawlog_dir);
if (set->ssl != NULL) {
- server->set.ssl =
- ssl_iostream_settings_dup(server->pool, set->ssl);
+ server->set.ssl = set->ssl;
+ pool_ref(server->set.ssl->pool);
}
if (set->hostname != NULL && *set->hostname != '\0')
connection_list_deinit(&server->conn_list);
+ settings_free(server->set.ssl);
if (server->ssl_ctx != NULL)
ssl_iostream_context_unref(&server->ssl_ctx);
event_unref(&server->event);
#include "ostream.h"
#include "iostream-temp.h"
#include "iostream-ssl.h"
+#include "settings.h"
#include "master-service.h"
#include "program-client.h"
#include "smtp-client.h"
struct smtp_submit_session {
pool_t pool;
struct smtp_submit_settings set;
- struct ssl_iostream_settings ssl_set;
+ const struct ssl_iostream_settings *ssl_set;
struct event *event;
bool allow_root:1;
};
p_strdup_empty(pool, set->submission_ssl);
if (input->ssl != NULL) {
- ssl_iostream_settings_init_from(pool, &session->ssl_set,
- input->ssl);
+ session->ssl_set = input->ssl;
+ pool_ref(session->ssl_set->pool);
}
session->allow_root = input->allow_root;
*_session = NULL;
+ settings_free(session->ssl_set);
event_unref(&session->event);
pool_unref(&session->pool);
}
smtp_set.connect_timeout_msecs = set->submission_timeout*1000;
smtp_set.command_timeout_msecs = set->submission_timeout*1000;
smtp_set.debug = set->mail_debug;
- smtp_set.ssl = &subm->session->ssl_set;
+ smtp_set.ssl = subm->session->ssl_set;
smtp_set.event_parent = subm->event;
ssl_mode = SMTP_CLIENT_SSL_MODE_NONE;
void ssl_iostream_test_settings_server(struct ssl_iostream_settings *test_set)
{
i_zero(test_set);
+ test_set->pool = null_pool;
test_set->ca = test_ca_cert;
test_set->cert.cert = test_server_cert;
test_set->cert.key = test_server_key;
void ssl_iostream_test_settings_client(struct ssl_iostream_settings *test_set)
{
i_zero(test_set);
+ test_set->pool = null_pool;
test_set->ca = test_ca_cert;
test_set->skip_crl_check = TRUE;
}
};
struct ssl_iostream_settings {
+ pool_t pool;
/* NOTE: when updating, remember to update:
ssl_iostream_settings_string_offsets[] */
const char *min_protocol;
#include "safe-mkstemp.h"
#include "base64.h"
#include "str.h"
+#include "settings.h"
#include "dns-lookup.h"
#include "pop3c-client.h"
client->set.ssl_mode = set->ssl_mode;
if (set->ssl_mode != POP3C_CLIENT_SSL_MODE_NONE) {
- ssl_iostream_settings_init_from(client->pool, &client->set.ssl_set, &set->ssl_set);
+ client->set.ssl_set = set->ssl_set;
+ pool_ref(client->set.ssl_set.pool);
if (ssl_iostream_client_context_cache_get(&set->ssl_set,
&client->ssl_ctx,
&error) < 0) {
void pop3c_client_deinit(struct pop3c_client **_client)
{
struct pop3c_client *client = *_client;
+ const struct ssl_iostream_settings *ssl_set = &client->set.ssl_set;
pop3c_client_disconnect(client);
+ settings_free(ssl_set);
if (client->ssl_ctx != NULL)
ssl_iostream_context_unref(&client->ssl_ctx);
event_unref(&client->event);
}
int mail_storage_service_user_init_ssl_client_settings(
- struct mail_storage_service_user *user, pool_t pool,
- struct ssl_iostream_settings *ssl_set_r, const char **error_r)
+ struct mail_storage_service_user *user,
+ const struct ssl_iostream_settings **ssl_set_r, const char **error_r)
{
const struct master_service_ssl_settings *ssl_set;
if (settings_get(user->event, &master_service_ssl_setting_parser_info,
0, &ssl_set, error_r) < 0)
return -1;
- master_service_ssl_client_settings_to_iostream_set(ssl_set, pool,
- ssl_set_r);
+ master_service_ssl_client_settings_to_iostream_set(ssl_set, ssl_set_r);
settings_free(ssl_set);
return 0;
}
struct settings_instance *
mail_storage_service_user_get_settings_instance(struct mail_storage_service_user *user);
int mail_storage_service_user_init_ssl_client_settings(
- struct mail_storage_service_user *user, pool_t pool,
- struct ssl_iostream_settings *ssl_set_r, const char **error_r);
+ struct mail_storage_service_user *user,
+ const struct ssl_iostream_settings **ssl_set_r, const char **error_r);
struct mail_storage_service_ctx *
mail_storage_service_user_get_service_ctx(struct mail_storage_service_user *user);
pool_t mail_storage_service_user_get_pool(struct mail_storage_service_user *user);
if (storage->v.list_index_rebuild != NULL &&
storage->mailboxes_fs == NULL) {
struct fs_settings fs_set;
- struct ssl_iostream_settings ssl_set;
+ const struct ssl_iostream_settings *ssl_set;
const char *error;
i_zero(&fs_set);
else
mail_user_expand_plugins_envs(user, user->_mail_set);
- user->ssl_set = p_new(user->pool, struct ssl_iostream_settings, 1);
if (user->error == NULL &&
mail_storage_service_user_init_ssl_client_settings(
- user->service_user, user->pool,
- user->ssl_set, &error) < 0)
+ user->service_user, &user->ssl_set, &error) < 0)
user->error = p_strdup(user->pool, error);
/* autocreated users for shared mailboxes need to be fully initialized
void mail_user_init_fs_settings(struct mail_user *user,
struct fs_settings *fs_set,
- struct ssl_iostream_settings *ssl_set_r)
+ const struct ssl_iostream_settings **ssl_set_r)
{
fs_set->event_parent = user->event;
fs_set->username = user->username;
fs_set->debug = event_want_debug(user->event);
fs_set->enable_timing = user->stats_enabled;
- fs_set->ssl_client_set = ssl_set_r;
- *ssl_set_r = *user->ssl_set;
+ fs_set->ssl_client_set = user->ssl_set;
+ *ssl_set_r = user->ssl_set;
}
static int
const struct mail_user_settings *set;
struct mail_storage_settings *_mail_set;
- struct ssl_iostream_settings *ssl_set;
+ const struct ssl_iostream_settings *ssl_set;
struct mail_namespace *namespaces;
struct mail_storage *storages;
struct dict_op_settings *dict_op_set;
/* Initialize fs_settings from mail_user settings. */
void mail_user_init_fs_settings(struct mail_user *user,
struct fs_settings *fs_set,
- struct ssl_iostream_settings *ssl_set_r);
+ const struct ssl_iostream_settings **ssl_set_r);
/* Try to mkdir() user's home directory. Ideally this should be called only
after the caller tries to create a file to the home directory, but it fails
struct fs **fs_r, const char **error_r)
{
struct fs_settings fs_set;
- struct ssl_iostream_settings ssl_set;
+ const struct ssl_iostream_settings *ssl_set;
struct mailbox_list_fs_context *ctx;
struct fs *parent_fs;
static int
lmtp_proxy_connection_init_ssl(struct lmtp_proxy_connection *conn,
- struct ssl_iostream_settings *ssl_set_r,
+ const struct ssl_iostream_settings **ssl_set_r,
enum smtp_client_connection_ssl_mode *ssl_mode_r,
const char **error_r)
{
*ssl_mode_r = SMTP_CLIENT_SSL_MODE_NONE;
if ((conn->set.set.ssl_flags & AUTH_PROXY_SSL_FLAG_YES) == 0) {
- i_zero(ssl_set_r);
+ *ssl_set_r = NULL;
return 0;
}
&master_ssl_set, error_r) < 0)
return -1;
master_service_ssl_client_settings_to_iostream_set(
- master_ssl_set, pool_datastack_create(), ssl_set_r);
- if ((conn->set.set.ssl_flags & AUTH_PROXY_SSL_FLAG_ANY_CERT) != 0)
- ssl_set_r->allow_invalid_cert = TRUE;
+ master_ssl_set, ssl_set_r);
+ if ((conn->set.set.ssl_flags & AUTH_PROXY_SSL_FLAG_ANY_CERT) != 0) {
+ pool_t pool = pool_alloconly_create("ssl iostream settings",
+ sizeof(**ssl_set_r));
+ struct ssl_iostream_settings *ssl_set_copy =
+ p_memdup(pool, *ssl_set_r, sizeof(**ssl_set_r));
+ ssl_set_copy->pool = pool;
+ pool_add_external_ref(pool, (*ssl_set_r)->pool);
+ ssl_set_copy->allow_invalid_cert = TRUE;
+ *ssl_set_r = ssl_set_copy;
+ }
if ((conn->set.set.ssl_flags & AUTH_PROXY_SSL_FLAG_STARTTLS) == 0)
*ssl_mode_r = SMTP_CLIENT_SSL_MODE_IMMEDIATE;
struct client *client = proxy->client;
struct lmtp_proxy_connection *conn;
enum smtp_client_connection_ssl_mode ssl_mode;
- struct ssl_iostream_settings ssl_set;
+ const struct ssl_iostream_settings *ssl_set;
i_assert(set->set.timeout_msecs > 0);
i_zero(&lmtp_set);
lmtp_set.my_ip = conn->set.set.source_ip;
- lmtp_set.ssl = &ssl_set;
+ lmtp_set.ssl = ssl_set;
lmtp_set.peer_trusted = !conn->set.set.remote_not_trusted;
lmtp_set.forced_capabilities = SMTP_CAPABILITY__ORCPT;
lmtp_set.mail_send_broken_path = TRUE;
conn->set.set.host, conn->set.set.port,
ssl_mode, &lmtp_set);
}
+ settings_free(ssl_set);
struct smtp_proxy_data proxy_data = {
.session = t_strdup_printf("%s:P%u", proxy->trans->id,
++proxy->proxy_session_seq),
{
struct client *client = context;
struct ssl_iostream_context *ssl_ctx;
- struct ssl_iostream_settings ssl_set;
+ const struct ssl_iostream_settings *ssl_set;
const char *error;
if (client->ssl_servername_settings_read)
settings_free(old_ssl_server_set);
master_service_ssl_server_settings_to_iostream_set(client->ssl_set,
- client->ssl_server_set, pool_datastack_create(), &ssl_set);
- if (ssl_iostream_server_context_cache_get(&ssl_set, &ssl_ctx, &error) < 0) {
+ client->ssl_server_set, &ssl_set);
+ if (ssl_iostream_server_context_cache_get(ssl_set, &ssl_ctx, &error) < 0) {
*error_r = t_strdup_printf(
"Failed to initialize SSL server context: %s", error);
+ settings_free(ssl_set);
return -1;
}
+ settings_free(ssl_set);
ssl_iostream_change_context(client->ssl_iostream, ssl_ctx);
ssl_iostream_context_unref(&ssl_ctx);
return 0;
int client_init_ssl(struct client *client)
{
struct ssl_iostream_context *ssl_ctx;
- struct ssl_iostream_settings ssl_set;
+ const struct ssl_iostream_settings *ssl_set;
const char *error;
i_assert(client->fd != -1);
}
master_service_ssl_server_settings_to_iostream_set(client->ssl_set,
- client->ssl_server_set, pool_datastack_create(), &ssl_set);
- if (ssl_iostream_server_context_cache_get(&ssl_set, &ssl_ctx, &error) < 0) {
+ client->ssl_server_set, &ssl_set);
+ if (ssl_iostream_server_context_cache_get(ssl_set, &ssl_ctx, &error) < 0) {
e_error(client->event,
"Failed to initialize SSL server context: %s", error);
+ settings_free(ssl_set);
return -1;
}
+ settings_free(ssl_set);
+
if (client->v.iostream_change_pre != NULL)
client->v.iostream_change_pre(client);
int ret = io_stream_create_ssl_server(ssl_ctx, client->event,
#include "str.h"
#include "strescape.h"
#include "time-util.h"
+#include "settings.h"
#include "master-service.h"
#include "master-service-ssl-settings.h"
#include "client-common.h"
int login_proxy_starttls(struct login_proxy *proxy)
{
struct ssl_iostream_context *ssl_ctx;
- struct ssl_iostream_settings ssl_set;
+ const struct ssl_iostream_settings *ssl_set;
+ struct ssl_iostream_settings *ssl_set_copy;
const char *error;
bool add_multiplex_istream = FALSE;
master_service_ssl_client_settings_to_iostream_set(
- proxy->client->ssl_set, pool_datastack_create(), &ssl_set);
+ proxy->client->ssl_set, &ssl_set);
+ pool_t pool = pool_alloconly_create("ssl iostream settings",
+ sizeof(*ssl_set));
+ ssl_set_copy = p_memdup(pool, ssl_set, sizeof(*ssl_set));
+ ssl_set_copy->pool = pool;
+ pool_add_external_ref(pool, ssl_set->pool);
if ((proxy->ssl_flags & AUTH_PROXY_SSL_FLAG_ANY_CERT) != 0)
- ssl_set.allow_invalid_cert = TRUE;
+ ssl_set_copy->allow_invalid_cert = TRUE;
/* NOTE: We're explicitly disabling ssl_client_ca_* settings for now
at least. The main problem is that we're chrooted, so we can't read
them at this point anyway. The second problem is that especially
ssl_client_ca_dir does blocking disk I/O, which could cause
unexpected hangs when login process handles multiple clients. */
- ssl_set.ca_file = ssl_set.ca_dir = NULL;
+ ssl_set_copy->ca_file = ssl_set_copy->ca_dir = NULL;
io_remove(&proxy->side_channel_io);
io_remove(&proxy->server_io);
- if (ssl_iostream_client_context_cache_get(&ssl_set, &ssl_ctx, &error) < 0) {
+ if (ssl_iostream_client_context_cache_get(ssl_set_copy, &ssl_ctx, &error) < 0) {
const char *reason = t_strdup_printf(
"Failed to create SSL client context: %s", error);
login_proxy_failed(proxy, proxy->event,
login_proxy_failed(proxy, proxy->event,
LOGIN_PROXY_FAILURE_TYPE_INTERNAL, reason);
ssl_iostream_context_unref(&ssl_ctx);
+ settings_free(ssl_set_copy);
return -1;
}
ssl_iostream_context_unref(&ssl_ctx);
+ settings_free(ssl_set_copy);
+
if (ssl_iostream_handshake(proxy->server_ssl_iostream) < 0) {
error = ssl_iostream_get_last_error(proxy->server_ssl_iostream);
const char *reason = t_strdup_printf(
static void login_ssl_init(void)
{
- struct ssl_iostream_settings ssl_set;
+ const struct ssl_iostream_settings *ssl_set;
const char *error;
if (strcmp(global_ssl_server_settings->ssl, "no") == 0)
return;
master_service_ssl_server_settings_to_iostream_set(global_ssl_settings,
- global_ssl_server_settings, pool_datastack_create(), &ssl_set);
- if (io_stream_ssl_global_init(&ssl_set, &error) < 0)
+ global_ssl_server_settings, &ssl_set);
+ if (io_stream_ssl_global_init(ssl_set, &error) < 0)
i_fatal("Failed to initialize SSL library: %s", error);
+ settings_free(ssl_set);
login_ssl_initialized = TRUE;
}
#include "ioloop.h"
#include "str.h"
#include "event-exporter.h"
+#include "settings.h"
#include "http-client.h"
#include "iostream-ssl.h"
#include "master-service.h"
struct http_client_request *req;
if (exporter_http_client == NULL) {
- struct ssl_iostream_settings ssl_set;
+ const struct ssl_iostream_settings *ssl_set = NULL;
struct http_client_settings set = {
.dns_client_socket_path = "dns-client",
};
if (master_ssl_set != NULL) {
master_service_ssl_client_settings_to_iostream_set(
- master_ssl_set, pool_datastack_create(),
- &ssl_set);
- set.ssl = &ssl_set;
+ master_ssl_set, &ssl_set);
+ set.ssl = ssl_set;
}
exporter_http_client = http_client_init(&set);
+ settings_free(ssl_set);
}
req = http_client_request_url_str(exporter_http_client, "POST",
#include "submission-common.h"
#include "str.h"
#include "str-sanitize.h"
+#include "settings.h"
#include "mail-user.h"
#include "iostream-ssl.h"
#include "smtp-client.h"
{
struct submission_backend_relay *rbackend;
struct mail_user *user = client->user;
- struct ssl_iostream_settings ssl_set;
+ const struct ssl_iostream_settings *ssl_set;
+ struct ssl_iostream_settings *ssl_set_copy = NULL;
struct smtp_client_settings smtp_set;
pool_t pool;
event_set_append_log_prefix(rbackend->backend.event, "relay: ");
- ssl_set = *user->ssl_set;
- if (!set->ssl_verify)
- ssl_set.allow_invalid_cert = TRUE;
+ ssl_set = user->ssl_set;
+ if (!set->ssl_verify) {
+ pool_t pool = pool_alloconly_create("ssl iostream settings",
+ sizeof(*ssl_set));
+ ssl_set_copy = p_memdup(pool, ssl_set, sizeof(*ssl_set));
+ ssl_set_copy->pool = pool;
+ pool_add_external_ref(pool, ssl_set->pool);
+ ssl_set_copy->allow_invalid_cert = TRUE;
+ ssl_set = ssl_set_copy;
+ }
/* make relay connection */
i_zero(&smtp_set);
smtp_set.my_hostname = set->my_hostname;
smtp_set.extra_capabilities = set->extra_capabilities;
- smtp_set.ssl = &ssl_set;
+ smtp_set.ssl = ssl_set;
smtp_set.debug = event_want_debug(rbackend->backend.event);
smtp_set.event_parent = rbackend->backend.event;
smtp_client, set->protocol, &set->ip, set->port,
set->host, set->ssl_mode, &smtp_set);
}
+ settings_free(ssl_set_copy);
return rbackend;
}
projects / thirdparty / dovecot / core.git / commitdiff
