dovecot -p: And fixed it to really work this time.

--HG--
branch : HEAD

diff --git a/src/lib-master/master-interface.h b/src/lib-master/master-interface.h
index 168c847ba0413dc57ff9c17c9b70a2de11d937bf..03bceade55a603f0eabcae70a7bba0a1cde3dbba 100644 (file)
--- a/src/lib-master/master-interface.h
+++ b/src/lib-master/master-interface.h
@@ -87,6 +87,10 @@ struct master_auth_reply {
 /* getenv(MASTER_DOVECOT_VERSION_ENV) provides master's version number */
 #define MASTER_DOVECOT_VERSION_ENV "DOVECOT_VERSION"
 
+/* getenv(MASTER_SSL_KEY_PASSWORD_ENV) returns manually typed SSL key password,
+   if dovecot was started with -p parameter. */
+#define MASTER_SSL_KEY_PASSWORD_ENV "SSL_KEY_PASSWORD"
+
 /* Write pipe to anvil. Currently available only for auth destination
    services, for others it's /dev/null. */
 #define MASTER_ANVIL_FD 3

diff --git a/src/login-common/ssl-proxy-openssl.c b/src/login-common/ssl-proxy-openssl.c
index 9fc768de12c5519800d0b35c0823be99b243e484..0d2df23fc112f46e15928f9310ff8ba19d75aea1 100644 (file)
--- a/src/login-common/ssl-proxy-openssl.c
+++ b/src/login-common/ssl-proxy-openssl.c
@@ -9,6 +9,7 @@
 #include "safe-memset.h"
 #include "llist.h"
 #include "master-service.h"
+#include "master-interface.h"
 #include "ssl-proxy.h"
 
 #include <fcntl.h>
@@ -898,7 +899,7 @@ static EVP_PKEY *ssl_proxy_load_key(const struct login_settings *set)
                i_fatal("BIO_new_mem_buf() failed");
 
        password = *set->ssl_key_password != '\0' ? set->ssl_key_password :
-               getenv("SSL_KEY_PASSWORD");
+               getenv(MASTER_SSL_KEY_PASSWORD_ENV);
        dup_password = t_strdup_noconst(password);
        pkey = PEM_read_bio_PrivateKey(bio, NULL, pem_password_callback,
                                       dup_password);

diff --git a/src/master/main.c b/src/master/main.c
index e4dc59b522a2cf9016769045da5fc2313b1e9972..9a6a3d9a8c4f0dccca1cf706a90e2d0d606eb6a0 100644 (file)
--- a/src/master/main.c
+++ b/src/master/main.c
@@ -711,16 +711,22 @@ int main(int argc, char *argv[])
                fd_close_on_exec(null_fd, TRUE);
        } while (null_fd <= STDERR_FILENO);
 
-       if (dup2(null_fd, STDIN_FILENO) < 0 ||
-           dup2(null_fd, STDOUT_FILENO) < 0)
-               i_fatal("dup2(null_fd) failed: %m");
-
        if (master_service_settings_read_simple(master_service, set_roots,
                                                &error) < 0)
                i_fatal("Error reading configuration: %s", error);
        sets = master_service_settings_get_others(master_service);
        set = sets[0];
 
+       if (ask_key_pass) {
+               askpass("Give the password for SSL keys: ",
+                       ssl_manual_key_password,
+                       sizeof(ssl_manual_key_password));
+       }
+
+       if (dup2(null_fd, STDIN_FILENO) < 0 ||
+           dup2(null_fd, STDOUT_FILENO) < 0)
+               i_fatal("dup2(null_fd) failed: %m");
+
        pidfile_path =
                i_strconcat(set->base_dir, "/"MASTER_PID_FILE_NAME, NULL);
        if (send_signal != 0)
@@ -739,12 +745,6 @@ int main(int argc, char *argv[])
                auth_warning_print(set);
        }
 
-       if (ask_key_pass) {
-               askpass("Give the password for SSL keys",
-                       ssl_manual_key_password,
-                       sizeof(ssl_manual_key_password));
-       }
-
        /* save TZ environment. AIX depends on it to get the timezone
           correctly. */
        env_tz = getenv("TZ");

diff --git a/src/master/service-process.c b/src/master/service-process.c
index 008ce86d637b4eeb11bf478867761c5ba0deaa10..9c890cce548de3a2b470618f5442af1b18500cbb 100644 (file)
--- a/src/master/service-process.c
+++ b/src/master/service-process.c
@@ -426,6 +426,13 @@ service_process_setup_environment(struct service *service, unsigned int uid)
 
        if (!service->set->master_set->version_ignore)
                env_put(MASTER_DOVECOT_VERSION_ENV"="PACKAGE_VERSION);
+
+       if (*ssl_manual_key_password != '\0' && service->have_inet_listeners) {
+               /* manually given SSL password. give it only to services
+                  that have inet listeners. */
+               env_put(t_strconcat(MASTER_SSL_KEY_PASSWORD_ENV"=",
+                                   ssl_manual_key_password, NULL));
+       }
 }
 
 static void service_process_status_timeout(struct service_process *process)
@@ -458,13 +465,6 @@ handle_request(const struct service_process_auth_request *request)
 
        env_put(t_strconcat("LOCAL_IP=", net_ip2addr(&request->local_ip), NULL));
        env_put(t_strconcat("IP=", net_ip2addr(&request->remote_ip), NULL));
-       if (*ssl_manual_key_password != '\0' &&
-           request->process->process.service->have_inet_listeners) {
-               /* manually given SSL password. give it only to services
-                  that have inet listeners. */
-               env_put(t_strconcat("SSL_KEY_PASSWORD=",
-                                   ssl_manual_key_password, NULL));
-       }
 }
 
 struct service_process *