From 43d7e7ce608f5451e4907b5f5c48c00beb265802 Mon Sep 17 00:00:00 2001
From: Timo Sirainen <tss@iki.fi>
Date: Tue, 8 Sep 2009 20:05:45 -0400
Subject: [PATCH] dovecot -p: And fixed it to really work this time.

--HG--
branch : HEAD
---
 src/lib-master/master-interface.h    |  4 ++++
 src/login-common/ssl-proxy-openssl.c |  3 ++-
 src/master/main.c                    | 20 ++++++++++----------
 src/master/service-process.c         | 14 +++++++-------
 4 files changed, 23 insertions(+), 18 deletions(-)

diff --git a/src/lib-master/master-interface.h b/src/lib-master/master-interface.h
index 168c847ba0..03bceade55 100644
--- a/src/lib-master/master-interface.h
+++ b/src/lib-master/master-interface.h
@@ -87,6 +87,10 @@ struct master_auth_reply {
 /* getenv(MASTER_DOVECOT_VERSION_ENV) provides master's version number */
 #define MASTER_DOVECOT_VERSION_ENV "DOVECOT_VERSION"
 
+/* getenv(MASTER_SSL_KEY_PASSWORD_ENV) returns manually typed SSL key password,
+   if dovecot was started with -p parameter. */
+#define MASTER_SSL_KEY_PASSWORD_ENV "SSL_KEY_PASSWORD"
+
 /* Write pipe to anvil. Currently available only for auth destination
    services, for others it's /dev/null. */
 #define MASTER_ANVIL_FD 3
diff --git a/src/login-common/ssl-proxy-openssl.c b/src/login-common/ssl-proxy-openssl.c
index 9fc768de12..0d2df23fc1 100644
--- a/src/login-common/ssl-proxy-openssl.c
+++ b/src/login-common/ssl-proxy-openssl.c
@@ -9,6 +9,7 @@
 #include "safe-memset.h"
 #include "llist.h"
 #include "master-service.h"
+#include "master-interface.h"
 #include "ssl-proxy.h"
 
 #include <fcntl.h>
@@ -898,7 +899,7 @@ static EVP_PKEY *ssl_proxy_load_key(const struct login_settings *set)
 		i_fatal("BIO_new_mem_buf() failed");
 
 	password = *set->ssl_key_password != '\0' ? set->ssl_key_password :
-		getenv("SSL_KEY_PASSWORD");
+		getenv(MASTER_SSL_KEY_PASSWORD_ENV);
 	dup_password = t_strdup_noconst(password);
 	pkey = PEM_read_bio_PrivateKey(bio, NULL, pem_password_callback,
 				       dup_password);
diff --git a/src/master/main.c b/src/master/main.c
index e4dc59b522..9a6a3d9a8c 100644
--- a/src/master/main.c
+++ b/src/master/main.c
@@ -711,16 +711,22 @@ int main(int argc, char *argv[])
 		fd_close_on_exec(null_fd, TRUE);
 	} while (null_fd <= STDERR_FILENO);
 
-	if (dup2(null_fd, STDIN_FILENO) < 0 ||
-	    dup2(null_fd, STDOUT_FILENO) < 0)
-		i_fatal("dup2(null_fd) failed: %m");
-
 	if (master_service_settings_read_simple(master_service, set_roots,
 						&error) < 0)
 		i_fatal("Error reading configuration: %s", error);
 	sets = master_service_settings_get_others(master_service);
 	set = sets[0];
 
+	if (ask_key_pass) {
+		askpass("Give the password for SSL keys: ",
+			ssl_manual_key_password,
+			sizeof(ssl_manual_key_password));
+	}
+
+	if (dup2(null_fd, STDIN_FILENO) < 0 ||
+	    dup2(null_fd, STDOUT_FILENO) < 0)
+		i_fatal("dup2(null_fd) failed: %m");
+
 	pidfile_path =
 		i_strconcat(set->base_dir, "/"MASTER_PID_FILE_NAME, NULL);
 	if (send_signal != 0)
@@ -739,12 +745,6 @@ int main(int argc, char *argv[])
 		auth_warning_print(set);
 	}
 
-	if (ask_key_pass) {
-		askpass("Give the password for SSL keys",
-			ssl_manual_key_password,
-			sizeof(ssl_manual_key_password));
-	}
-
 	/* save TZ environment. AIX depends on it to get the timezone
 	   correctly. */
 	env_tz = getenv("TZ");
diff --git a/src/master/service-process.c b/src/master/service-process.c
index 008ce86d63..9c890cce54 100644
--- a/src/master/service-process.c
+++ b/src/master/service-process.c
@@ -426,6 +426,13 @@ service_process_setup_environment(struct service *service, unsigned int uid)
 
 	if (!service->set->master_set->version_ignore)
 		env_put(MASTER_DOVECOT_VERSION_ENV"="PACKAGE_VERSION);
+
+	if (*ssl_manual_key_password != '\0' && service->have_inet_listeners) {
+		/* manually given SSL password. give it only to services
+		   that have inet listeners. */
+		env_put(t_strconcat(MASTER_SSL_KEY_PASSWORD_ENV"=",
+				    ssl_manual_key_password, NULL));
+	}
 }
 
 static void service_process_status_timeout(struct service_process *process)
@@ -458,13 +465,6 @@ handle_request(const struct service_process_auth_request *request)
 
 	env_put(t_strconcat("LOCAL_IP=", net_ip2addr(&request->local_ip), NULL));
 	env_put(t_strconcat("IP=", net_ip2addr(&request->remote_ip), NULL));
-	if (*ssl_manual_key_password != '\0' &&
-	    request->process->process.service->have_inet_listeners) {
-		/* manually given SSL password. give it only to services
-		   that have inet listeners. */
-		env_put(t_strconcat("SSL_KEY_PASSWORD=",
-				    ssl_manual_key_password, NULL));
-	}
 }
 
 struct service_process *
-- 
2.47.3