From: Aki Tuomi <aki.tuomi@open-xchange.com>
Date: Fri, 25 Mar 2022 07:19:12 +0000 (+0200)
Subject: login-common: Remove login_access_sockets
X-Git-Tag: 2.4.0~4182
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=97815ea9;p=thirdparty%2Fdovecot%2Fcore.git

login-common: Remove login_access_sockets
---

diff --git a/doc/example-config/dovecot.conf b/doc/example-config/dovecot.conf
index b67e9eb4a4..feb755c446 100644
--- a/doc/example-config/dovecot.conf
+++ b/doc/example-config/dovecot.conf
@@ -47,9 +47,6 @@
 # these networks. Typically you'd specify your IMAP proxy servers here.
 #login_trusted_networks =
 
-# Space separated list of login access check sockets (e.g. tcpwrap)
-#login_access_sockets = 
-
 # With proxy_maybe=yes if proxy destination matches any of these IPs, don't do
 # proxying. This isn't necessary normally, but may be useful if the destination
 # IP is e.g. a load balancer's IP.
diff --git a/src/config/old-set-parser.c b/src/config/old-set-parser.c
index 2f99978f27..6671833816 100644
--- a/src/config/old-set-parser.c
+++ b/src/config/old-set-parser.c
@@ -283,6 +283,13 @@ old_settings_handle_root(struct config_parser_context *ctx,
 				  NULL);
 		return TRUE;
 	}
+	if (strcmp(key, "login_access_sockets") == 0) {
+		if (value != NULL && *value != '\0')
+			i_fatal("%s is no longer supported", key);
+		else
+			obsolete(ctx, "%s is no longer supported", key);
+		return TRUE;
+	}
 	if (ctx->old->auth_section == 1) {
 		if (!str_begins_with(key, "auth_"))
 			key = t_strconcat("auth_", key, NULL);
diff --git a/src/login-common/login-settings.c b/src/login-common/login-settings.c
index e680677b76..30f7399dc2 100644
--- a/src/login-common/login-settings.c
+++ b/src/login-common/login-settings.c
@@ -25,7 +25,6 @@ static const struct setting_define login_setting_defines[] = {
 	DEF(STR_VARS, login_greeting),
 	DEF(STR, login_log_format_elements),
 	DEF(STR, login_log_format),
-	DEF(STR, login_access_sockets),
 	DEF(STR_VARS, login_proxy_notify_path),
 	DEF(STR, login_plugin_dir),
 	DEF(STR, login_plugins),
@@ -54,7 +53,6 @@ static const struct login_settings login_default_settings = {
 	.login_greeting = PACKAGE_NAME" ready.",
 	.login_log_format_elements = "user=<%u> method=%m rip=%r lip=%l mpid=%e %c session=<%{session}>",
 	.login_log_format = "%$: %s",
-	.login_access_sockets = "",
 	.login_proxy_notify_path = "proxy-notify",
 	.login_plugin_dir = MODULEDIR"/login",
 	.login_plugins = "",
diff --git a/src/login-common/main.c b/src/login-common/main.c
index ee87b8cda4..3c3bb3eba4 100644
--- a/src/login-common/main.c
+++ b/src/login-common/main.c
@@ -28,14 +28,6 @@
 
 #define AUTH_CLIENT_IDLE_TIMEOUT_MSECS (1000*60)
 
-struct login_access_lookup {
-	struct master_service_connection conn;
-	struct io *io;
-
-	char **sockets, **next_socket;
-	struct access_lookup *access;
-};
-
 struct event *event_auth;
 static struct event_category event_category_auth = {
 	.name = "auth",
@@ -68,8 +60,6 @@ static bool shutting_down = FALSE;
 static bool ssl_connections = FALSE;
 static bool auth_connected_once = FALSE;
 
-static void login_access_lookup_next(struct login_access_lookup *lookup);
-
 static bool get_first_client(struct client **client_r)
 {
 	struct client *client = clients;
@@ -191,70 +181,6 @@ client_connected_finish(const struct master_service_connection *conn)
 	timeout_remove(&auth_client_to);
 }
 
-static void login_access_lookup_free(struct login_access_lookup *lookup)
-{
-	io_remove(&lookup->io);
-	if (lookup->access != NULL)
-		access_lookup_destroy(&lookup->access);
-	if (lookup->conn.fd != -1) {
-		if (close(lookup->conn.fd) < 0)
-			i_error("close(client) failed: %m");
-		master_service_client_connection_destroyed(master_service);
-	}
-
-	p_strsplit_free(default_pool, lookup->sockets);
-	i_free(lookup);
-}
-
-static void login_access_callback(bool success, void *context)
-{
-	struct login_access_lookup *lookup = context;
-
-	if (!success) {
-		i_info("access(%s): Client refused (rip=%s)",
-		       *lookup->next_socket,
-		       net_ip2addr(&lookup->conn.remote_ip));
-		login_access_lookup_free(lookup);
-	} else {
-		lookup->next_socket++;
-		login_access_lookup_next(lookup);
-	}
-}
-
-static void login_access_lookup_next(struct login_access_lookup *lookup)
-{
-	if (*lookup->next_socket == NULL) {
-		/* last one */
-		io_remove(&lookup->io);
-		client_connected_finish(&lookup->conn);
-		lookup->conn.fd = -1;
-		login_access_lookup_free(lookup);
-		return;
-	}
-	lookup->access = access_lookup(*lookup->next_socket, lookup->conn.fd,
-				       login_binary->protocol,
-				       login_access_callback, lookup);
-	if (lookup->access == NULL)
-		login_access_lookup_free(lookup);
-}
-
-static void client_input_error(struct login_access_lookup *lookup)
-{
-	char c;
-	int ret;
-
-	ret = recv(lookup->conn.fd, &c, 1, MSG_PEEK);
-	if (ret <= 0) {
-		i_info("access(%s): Client disconnected during lookup (rip=%s)",
-		       *lookup->next_socket,
-		       net_ip2addr(&lookup->conn.remote_ip));
-		login_access_lookup_free(lookup);
-	} else {
-		/* actual input. stop listening until lookup is done. */
-		io_remove(&lookup->io);
-	}
-}
-
 static unsigned int
 master_admin_cmd_kick_user(const char *user, const guid_128_t conn_guid)
 {
@@ -267,10 +193,6 @@ static const struct master_admin_client_callback admin_callbacks = {
 
 static void client_connected(struct master_service_connection *conn)
 {
-	const char *access_sockets =
-		global_login_settings->login_access_sockets;
-	struct login_access_lookup *lookup;
-
 	master_service_client_connection_accept(conn);
 
 	if (conn->remote_ip.family != 0) {
@@ -283,19 +205,7 @@ static void client_connected(struct master_service_connection *conn)
 	/* make sure we're connected (or attempting to connect) to auth */
 	auth_client_connect(auth_client);
 
-	if (*access_sockets == '\0') {
-		/* no access checks */
-		client_connected_finish(conn);
-		return;
-	}
-
-	lookup = i_new(struct login_access_lookup, 1);
-	lookup->conn = *conn;
-	lookup->io = io_add(conn->fd, IO_READ, client_input_error, lookup);
-	lookup->sockets = p_strsplit_spaces(default_pool, access_sockets, " ");
-	lookup->next_socket = lookup->sockets;
-
-	login_access_lookup_next(lookup);
+	client_connected_finish(conn);
 }
 
 static void auth_connect_notify(struct auth_client *client ATTR_UNUSED,