From: Timo Sirainen Date: Tue, 5 May 2009 00:50:13 +0000 (-0400) Subject: inet_listeners now support ssl=yes. For now only login processes support it. X-Git-Tag: 2.0.alpha1~834 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=7487ff578435377bbeefffdbfb78ca09ed1292df;p=thirdparty%2Fdovecot%2Fcore.git inet_listeners now support ssl=yes. For now only login processes support it. --HG-- branch : HEAD --- diff --git a/src/lib-master/master-service-private.h b/src/lib-master/master-service-private.h index e64f7ad746..e9e4812156 100644 --- a/src/lib-master/master-service-private.h +++ b/src/lib-master/master-service-private.h @@ -7,6 +7,7 @@ struct master_service_listener { struct master_service *service; int fd; + bool ssl; struct io *io; }; @@ -23,7 +24,7 @@ struct master_service { const char *config_path; int syslog_facility; - unsigned int socket_count; + unsigned int socket_count, ssl_socket_count; struct master_service_listener *listeners; struct io *io_status_write, *io_status_error; diff --git a/src/lib-master/master-service.c b/src/lib-master/master-service.c index 9670027768..f4144c5c9e 100644 --- a/src/lib-master/master-service.c +++ b/src/lib-master/master-service.c @@ -109,6 +109,9 @@ master_service_init(const char *name, enum master_service_flags flags, str = getenv("SOCKET_COUNT"); if (str != NULL) service->socket_count = atoi(str); + str = getenv("SSL_SOCKET_COUNT"); + if (str != NULL) + service->ssl_socket_count = atoi(str); /* set up some kind of logging until we know exactly how and where we want to log */ @@ -437,6 +440,7 @@ static void master_service_listen(struct master_service_listener *l) io_remove(&l->io); conn.fd = l->fd; } + conn.ssl = l->ssl; l->service->master_status.available_count--; master_status_update(l->service); @@ -461,6 +465,9 @@ static void io_listeners_add(struct master_service *service) l->fd = MASTER_LISTEN_FD_FIRST + i; l->io = io_add(MASTER_LISTEN_FD_FIRST + i, IO_READ, master_service_listen, l); + + if (i >= service->socket_count - service->ssl_socket_count) + l->ssl = TRUE; } } diff --git a/src/lib-master/master-service.h b/src/lib-master/master-service.h index 130283d8fa..69fc07e89d 100644 --- a/src/lib-master/master-service.h +++ b/src/lib-master/master-service.h @@ -18,6 +18,8 @@ struct master_service_connection { struct ip_addr remote_ip; unsigned int remote_port; + + bool ssl; }; typedef void diff --git a/src/login-common/main.c b/src/login-common/main.c index 2aabec1800..1ce6b8bc76 100644 --- a/src/login-common/main.c +++ b/src/login-common/main.c @@ -39,8 +39,7 @@ static void client_connected(const struct master_service_connection *conn) local_port = 0; } - // FIXME: a global ssl_connections isn't enough! - if (!ssl_connections) { + if (!ssl_connections && !conn->ssl) { client = client_create(conn->fd, FALSE, &local_ip, &conn->remote_ip); } else { diff --git a/src/master/master-settings.c b/src/master/master-settings.c index 46a8bf2728..ac28b57cab 100644 --- a/src/master/master-settings.c +++ b/src/master/master-settings.c @@ -55,13 +55,15 @@ static struct setting_parser_info file_listener_setting_parser_info = { static struct setting_define inet_listener_setting_defines[] = { DEF(SET_STR, address), DEF(SET_UINT, port), + DEF(SET_BOOL, ssl), SETTING_DEFINE_LIST_END }; static struct inet_listener_settings inet_listener_default_settings = { MEMBER(address) "*", - MEMBER(port) 0 + MEMBER(port) 0, + MEMBER(ssl) FALSE }; static struct setting_parser_info inet_listener_setting_parser_info = { diff --git a/src/master/master-settings.h b/src/master/master-settings.h index ead97d6d56..7d3ce97336 100644 --- a/src/master/master-settings.h +++ b/src/master/master-settings.h @@ -12,6 +12,7 @@ ARRAY_DEFINE_TYPE(file_listener_settings, struct file_listener_settings *); struct inet_listener_settings { const char *address; unsigned int port; + bool ssl; }; struct service_settings { diff --git a/src/master/service-process.c b/src/master/service-process.c index c33cc54b32..c32985aed9 100644 --- a/src/master/service-process.c +++ b/src/master/service-process.c @@ -33,7 +33,7 @@ service_dup_fds(struct service *service, int auth_fd, int std_fd) { struct service_listener *const *listeners; ARRAY_TYPE(dup2) dups; - unsigned int i, count, n = 0, socket_listener_count; + unsigned int i, count, n = 0, socket_listener_count, ssl_socket_count; /* stdin/stdout is already redirected to /dev/null. Other master fds should have been opened with fd_close_on_exec() so we don't have to @@ -53,13 +53,25 @@ service_dup_fds(struct service *service, int auth_fd, int std_fd) n += socket_listener_count; } + /* first add non-ssl listeners */ for (i = 0; i < count; i++) { - if (listeners[i]->fd == -1) - continue; - - dup2_append(&dups, listeners[i]->fd, - MASTER_LISTEN_FD_FIRST + n); - n++; socket_listener_count++; + if (listeners[i]->fd != -1 && + !listeners[i]->set.inetset.set->ssl) { + dup2_append(&dups, listeners[i]->fd, + MASTER_LISTEN_FD_FIRST + n); + n++; socket_listener_count++; + } + } + /* then ssl-listeners */ + ssl_socket_count = 0; + for (i = 0; i < count; i++) { + if (listeners[i]->fd != -1 && + listeners[i]->set.inetset.set->ssl) { + dup2_append(&dups, listeners[i]->fd, + MASTER_LISTEN_FD_FIRST + n); + n++; socket_listener_count++; + ssl_socket_count++; + } } dup2_append(&dups, null_fd, MASTER_RESERVED_FD); @@ -106,6 +118,7 @@ service_dup_fds(struct service *service, int auth_fd, int std_fd) service_error(service, "dup2s failed"); env_put(t_strdup_printf("SOCKET_COUNT=%d", socket_listener_count)); + env_put(t_strdup_printf("SSL_SOCKET_COUNT=%d", ssl_socket_count)); } static int validate_uid_gid(struct master_settings *set, uid_t uid, gid_t gid,