dovecot/core-2.2: src/login-common/main.c annotate

annotate src/login-common/main.c @ 22659:69f827f71014

*-login: Add login_proxy_notify_path setting to configure proxy-notify path A single FIFO can be a bottleneck, so this could be set to e.g.: login_proxy_notify_path = proxy-notify%1R{pid} or: login_proxy_notify_path = proxy-notify%10N{pid}

author	Timo Sirainen <timo.sirainen@dovecot.fi>
date	Fri, 27 Oct 2017 16:45:16 +0300
parents	a85bccd23139
children	cb108f786fb4

rev	line source
21390 2e2563132d5f Updated copyright notices to include the year 2017. Stephan Bosch <stephan.bosch@dovecot.fi> parents: 21389 diff changeset	1 /* Copyright (c) 2002-2017 Dovecot authors, see the included COPYING file */
1049 c41787e8c3f4 Moved common login process code to login-common, created pop3-login. Timo Sirainen <tss@iki.fi> parents: diff changeset	2
10549 9ae939146ff7 login-common: Renamed common.h to login-common.h Timo Sirainen <tss@iki.fi> parents: 10449 diff changeset	3 #include "login-common.h"
1049 c41787e8c3f4 Moved common login process code to login-common, created pop3-login. Timo Sirainen <tss@iki.fi> parents: diff changeset	4 #include "ioloop.h"
17504 b6733f4777f1 login proxy: Added login_source_ips setting. Timo Sirainen <tss@iki.fi> parents: 17130 diff changeset	5 #include "array.h"
2622 033d2fd1cd38 Replaced timestamp in APOP challenge with 128 bits of randomness. Timo Sirainen <tss@iki.fi> parents: 2235 diff changeset	6 #include "randgen.h"
19567 11b714c6c31c -login: Added login_plugins and login_plugin_dir settings. Timo Sirainen <timo.sirainen@dovecot.fi>* parents: 19565 diff changeset	7 #include "module-dir.h"
10198 3e7e08af2991 -login: Show better state with verbose_proctitle=yes. Timo Sirainen <tss@iki.fi>* parents: 10171 diff changeset	8 #include "process-title.h"
1049 c41787e8c3f4 Moved common login process code to login-common, created pop3-login. Timo Sirainen <tss@iki.fi> parents: diff changeset	9 #include "restrict-access.h"
1398 b2a2edafdd91 Moved setting process limit after exec(). Timo Sirainen <tss@iki.fi> parents: 1281 diff changeset	10 #include "restrict-process-size.h"
9159 6324a79d3ee1 Initial commit for v2.0 master rewrite. Several features are still missing. Timo Sirainen <tss@iki.fi> parents: 9046 diff changeset	11 #include "master-auth.h"
6324a79d3ee1 Initial commit for v2.0 master rewrite. Several features are still missing. Timo Sirainen <tss@iki.fi> parents: 9046 diff changeset	12 #include "master-service.h"
6324a79d3ee1 Initial commit for v2.0 master rewrite. Several features are still missing. Timo Sirainen <tss@iki.fi> parents: 9046 diff changeset	13 #include "master-interface.h"
1049 c41787e8c3f4 Moved common login process code to login-common, created pop3-login. Timo Sirainen <tss@iki.fi> parents: diff changeset	14 #include "client-common.h"
10647 51a978045f47 Added support for tcpwrappers and potentially other login access checks. Timo Sirainen <tss@iki.fi> parents: 10582 diff changeset	15 #include "access-lookup.h"
10266 e99c02873d8c -login: Use new anvil library to do async anvil lookups. Timo Sirainen <tss@iki.fi>* parents: 10225 diff changeset	16 #include "anvil-client.h"
1702 43815588dd6b Moved client side code for auth process handling to lib-auth. Some other login process cleanups. Timo Sirainen <tss@iki.fi> parents: 1629 diff changeset	17 #include "auth-client.h"
16555 2dd27b0e7e49 lib-sasl: Use dsasl_ prefix so we don't conflict with Cyrus SASL library. Timo Sirainen <tss@iki.fi> parents: 16487 diff changeset	18 #include "dsasl-client.h"
14728 983c6ff12cc9 Moved ssl_* settings from login-common to lib-master. Timo Sirainen <tss@iki.fi> parents: 14368 diff changeset	19 #include "master-service-ssl-settings.h"
1049 c41787e8c3f4 Moved common login process code to login-common, created pop3-login. Timo Sirainen <tss@iki.fi> parents: diff changeset	20 #include "ssl-proxy.h"
2768 d344be0bb70f Added IMAP and POP3 proxying support. Timo Sirainen <tss@iki.fi> parents: 2691 diff changeset	21 #include "login-proxy.h"
1049 c41787e8c3f4 Moved common login process code to login-common, created pop3-login. Timo Sirainen <tss@iki.fi> parents: diff changeset	22
c41787e8c3f4 Moved common login process code to login-common, created pop3-login. Timo Sirainen <tss@iki.fi> parents: diff changeset	23 #include <unistd.h>
c41787e8c3f4 Moved common login process code to login-common, created pop3-login. Timo Sirainen <tss@iki.fi> parents: diff changeset	24 #include <syslog.h>
c41787e8c3f4 Moved common login process code to login-common, created pop3-login. Timo Sirainen <tss@iki.fi> parents: diff changeset	25
10760 fc77d1cd1201 -login: Disconnect from auth server after idling for a minute. Timo Sirainen <tss@iki.fi>* parents: 10684 diff changeset	26 #define AUTH_CLIENT_IDLE_TIMEOUT_MSECS (1000*60)
fc77d1cd1201 -login: Disconnect from auth server after idling for a minute. Timo Sirainen <tss@iki.fi>* parents: 10684 diff changeset	27
10647 51a978045f47 Added support for tcpwrappers and potentially other login access checks. Timo Sirainen <tss@iki.fi> parents: 10582 diff changeset	28 struct login_access_lookup {
51a978045f47 Added support for tcpwrappers and potentially other login access checks. Timo Sirainen <tss@iki.fi> parents: 10582 diff changeset	29 struct master_service_connection conn;
51a978045f47 Added support for tcpwrappers and potentially other login access checks. Timo Sirainen <tss@iki.fi> parents: 10582 diff changeset	30 struct io *io;
51a978045f47 Added support for tcpwrappers and potentially other login access checks. Timo Sirainen <tss@iki.fi> parents: 10582 diff changeset	31
51a978045f47 Added support for tcpwrappers and potentially other login access checks. Timo Sirainen <tss@iki.fi> parents: 10582 diff changeset	32 char sockets, next_socket;
51a978045f47 Added support for tcpwrappers and potentially other login access checks. Timo Sirainen <tss@iki.fi> parents: 10582 diff changeset	33 struct access_lookup *access;
51a978045f47 Added support for tcpwrappers and potentially other login access checks. Timo Sirainen <tss@iki.fi> parents: 10582 diff changeset	34 };
51a978045f47 Added support for tcpwrappers and potentially other login access checks. Timo Sirainen <tss@iki.fi> parents: 10582 diff changeset	35
12890 6f0396e35fd9 login-common API redesign so that the library doesn't refer to nonexistent variables. Timo Sirainen <tss@iki.fi> parents: 12782 diff changeset	36 const struct login_binary *login_binary;
1702 43815588dd6b Moved client side code for auth process handling to lib-auth. Some other login process cleanups. Timo Sirainen <tss@iki.fi> parents: 1629 diff changeset	37 struct auth_client *auth_client;
10101 4fe8c4382712 Redesigned how login process passes connections to mail processes and changed related APIs. Timo Sirainen <tss@iki.fi> parents: 10038 diff changeset	38 struct master_auth *master_auth;
19565 103896524313 -login: Changed -D parameter to mean a more generic login_debug option. Timo Sirainen <timo.sirainen@dovecot.fi>* parents: 19552 diff changeset	39 bool closing_down, login_debug;
10266 e99c02873d8c -login: Use new anvil library to do async anvil lookups. Timo Sirainen <tss@iki.fi>* parents: 10225 diff changeset	40 struct anvil_client *anvil;
13539 1ff636720b9f login: Added -R <dir> parameter to write pre-login rawlogs to given directory. Timo Sirainen <tss@iki.fi> parents: 12890 diff changeset	41 const char *login_rawlog_dir = NULL;
13721 80558d1b7040 login: Minor potential authentication fix when service_count>1 Timo Sirainen <tss@iki.fi> parents: 13689 diff changeset	42 unsigned int initial_service_count;
19572 8bb95d42e5ea -login: Allow plugins to hook into client allocation and add module-specific contexts to client. Timo Sirainen <timo.sirainen@dovecot.fi>* parents: 19567 diff changeset	43 struct login_module_register login_module_register;
20840 1b4a57403aef -login: Store user_ passdb fields to client->alt_usernames. Timo Sirainen <timo.sirainen@dovecot.fi> parents: 19705 diff changeset	44 ARRAY_TYPE(string) global_alt_usernames;
1049 c41787e8c3f4 Moved common login process code to login-common, created pop3-login. Timo Sirainen <tss@iki.fi> parents: diff changeset	45
9283 02721ba17309 login processes: Added initial support for per-connection configuration. Timo Sirainen <tss@iki.fi> parents: 9235 diff changeset	46 const struct login_settings *global_login_settings;
14728 983c6ff12cc9 Moved ssl_* settings from login-common to lib-master. Timo Sirainen <tss@iki.fi> parents: 14368 diff changeset	47 const struct master_service_ssl_settings *global_ssl_settings;
10111 9a71228ea41c imap-login: If imap_capability is set, use it. Timo Sirainen <tss@iki.fi> parents: 10101 diff changeset	48 void **global_other_settings;
1049 c41787e8c3f4 Moved common login process code to login-common, created pop3-login. Timo Sirainen <tss@iki.fi> parents: diff changeset	49
17504 b6733f4777f1 login proxy: Added login_source_ips setting. Timo Sirainen <tss@iki.fi> parents: 17130 diff changeset	50 const struct ip_addr *login_source_ips;
b6733f4777f1 login proxy: Added login_source_ips setting. Timo Sirainen <tss@iki.fi> parents: 17130 diff changeset	51 unsigned int login_source_ips_idx, login_source_ips_count;
b6733f4777f1 login proxy: Added login_source_ips setting. Timo Sirainen <tss@iki.fi> parents: 17130 diff changeset	52
19567 11b714c6c31c -login: Added login_plugins and login_plugin_dir settings. Timo Sirainen <timo.sirainen@dovecot.fi>* parents: 19565 diff changeset	53 static struct module *modules;
10760 fc77d1cd1201 -login: Disconnect from auth server after idling for a minute. Timo Sirainen <tss@iki.fi>* parents: 10684 diff changeset	54 static struct timeout *auth_client_to;
19705 9fb16176c200 -login: Added -l parameter to specify the socket where to connect to after authentication Timo Sirainen <timo.sirainen@dovecot.fi>* parents: 19588 diff changeset	55 static const char *post_login_socket;
10449 a164075ea33a -login: If we've a pending shutdown and auth connection gets lost, kill clients. Timo Sirainen <tss@iki.fi>* parents: 10300 diff changeset	56 static bool shutting_down = FALSE;
9159 6324a79d3ee1 Initial commit for v2.0 master rewrite. Several features are still missing. Timo Sirainen <tss@iki.fi> parents: 9046 diff changeset	57 static bool ssl_connections = FALSE;
14171 4462ceb09c0d login: If auth client disconnects without having ever succeeded, destroy clients. Timo Sirainen <tss@iki.fi> parents: 14133 diff changeset	58 static bool auth_connected_once = FALSE;
1049 c41787e8c3f4 Moved common login process code to login-common, created pop3-login. Timo Sirainen <tss@iki.fi> parents: diff changeset	59
10647 51a978045f47 Added support for tcpwrappers and potentially other login access checks. Timo Sirainen <tss@iki.fi> parents: 10582 diff changeset	60 static void login_access_lookup_next(struct login_access_lookup *lookup);
51a978045f47 Added support for tcpwrappers and potentially other login access checks. Timo Sirainen <tss@iki.fi> parents: 10582 diff changeset	61
10198 3e7e08af2991 -login: Show better state with verbose_proctitle=yes. Timo Sirainen <tss@iki.fi>* parents: 10171 diff changeset	62 void login_refresh_proctitle(void)
3e7e08af2991 -login: Show better state with verbose_proctitle=yes. Timo Sirainen <tss@iki.fi>* parents: 10171 diff changeset	63 {
3e7e08af2991 -login: Show better state with verbose_proctitle=yes. Timo Sirainen <tss@iki.fi>* parents: 10171 diff changeset	64 struct client *client = clients;
3e7e08af2991 -login: Show better state with verbose_proctitle=yes. Timo Sirainen <tss@iki.fi>* parents: 10171 diff changeset	65 const char *addr;
3e7e08af2991 -login: Show better state with verbose_proctitle=yes. Timo Sirainen <tss@iki.fi>* parents: 10171 diff changeset	66
3e7e08af2991 -login: Show better state with verbose_proctitle=yes. Timo Sirainen <tss@iki.fi>* parents: 10171 diff changeset	67 if (!global_login_settings->verbose_proctitle)
3e7e08af2991 -login: Show better state with verbose_proctitle=yes. Timo Sirainen <tss@iki.fi>* parents: 10171 diff changeset	68 return;
3e7e08af2991 -login: Show better state with verbose_proctitle=yes. Timo Sirainen <tss@iki.fi>* parents: 10171 diff changeset	69
3e7e08af2991 -login: Show better state with verbose_proctitle=yes. Timo Sirainen <tss@iki.fi>* parents: 10171 diff changeset	70 if (clients_get_count() == 0) {
3e7e08af2991 -login: Show better state with verbose_proctitle=yes. Timo Sirainen <tss@iki.fi>* parents: 10171 diff changeset	71 process_title_set("");
3e7e08af2991 -login: Show better state with verbose_proctitle=yes. Timo Sirainen <tss@iki.fi>* parents: 10171 diff changeset	72 } else if (clients_get_count() > 1 \|\| client == NULL) {
3e7e08af2991 -login: Show better state with verbose_proctitle=yes. Timo Sirainen <tss@iki.fi>* parents: 10171 diff changeset	73 process_title_set(t_strdup_printf("[%u connections (%u TLS)]",
3e7e08af2991 -login: Show better state with verbose_proctitle=yes. Timo Sirainen <tss@iki.fi>* parents: 10171 diff changeset	74 clients_get_count(), ssl_proxy_get_count()));
3e7e08af2991 -login: Show better state with verbose_proctitle=yes. Timo Sirainen <tss@iki.fi>* parents: 10171 diff changeset	75 } else {
16666 58be84a381e5 net_ip2addr() changed to return "" instead of NULL on failure. Timo Sirainen <tss@iki.fi> parents: 16555 diff changeset	76 addr = net_ip2addr(&client->ip);
58be84a381e5 net_ip2addr() changed to return "" instead of NULL on failure. Timo Sirainen <tss@iki.fi> parents: 16555 diff changeset	77 if (addr[0] != '\0') {
58be84a381e5 net_ip2addr() changed to return "" instead of NULL on failure. Timo Sirainen <tss@iki.fi> parents: 16555 diff changeset	78 process_title_set(t_strdup_printf(client->tls ?
58be84a381e5 net_ip2addr() changed to return "" instead of NULL on failure. Timo Sirainen <tss@iki.fi> parents: 16555 diff changeset	79 "[%s TLS]" : "[%s]", addr));
58be84a381e5 net_ip2addr() changed to return "" instead of NULL on failure. Timo Sirainen <tss@iki.fi> parents: 16555 diff changeset	80 } else {
58be84a381e5 net_ip2addr() changed to return "" instead of NULL on failure. Timo Sirainen <tss@iki.fi> parents: 16555 diff changeset	81 process_title_set(client->tls ? "[TLS]" : "");
58be84a381e5 net_ip2addr() changed to return "" instead of NULL on failure. Timo Sirainen <tss@iki.fi> parents: 16555 diff changeset	82 }
10198 3e7e08af2991 -login: Show better state with verbose_proctitle=yes. Timo Sirainen <tss@iki.fi>* parents: 10171 diff changeset	83 }
3e7e08af2991 -login: Show better state with verbose_proctitle=yes. Timo Sirainen <tss@iki.fi>* parents: 10171 diff changeset	84 }
3e7e08af2991 -login: Show better state with verbose_proctitle=yes. Timo Sirainen <tss@iki.fi>* parents: 10171 diff changeset	85
10760 fc77d1cd1201 -login: Disconnect from auth server after idling for a minute. Timo Sirainen <tss@iki.fi>* parents: 10684 diff changeset	86 static void auth_client_idle_timeout(struct auth_client *auth_client)
fc77d1cd1201 -login: Disconnect from auth server after idling for a minute. Timo Sirainen <tss@iki.fi>* parents: 10684 diff changeset	87 {
13724 dafa6dc27398 login: Added assert. Timo Sirainen <tss@iki.fi> parents: 13721 diff changeset	88 i_assert(clients == NULL);
dafa6dc27398 login: Added assert. Timo Sirainen <tss@iki.fi> parents: 13721 diff changeset	89
13959 3dae51fd4565 lib-auth: Improved warning message about aborting auth requests. Timo Sirainen <tss@iki.fi> parents: 13819 diff changeset	90 auth_client_disconnect(auth_client, "idle disconnect");
10760 fc77d1cd1201 -login: Disconnect from auth server after idling for a minute. Timo Sirainen <tss@iki.fi>* parents: 10684 diff changeset	91 timeout_remove(&auth_client_to);
fc77d1cd1201 -login: Disconnect from auth server after idling for a minute. Timo Sirainen <tss@iki.fi>* parents: 10684 diff changeset	92 }
fc77d1cd1201 -login: Disconnect from auth server after idling for a minute. Timo Sirainen <tss@iki.fi>* parents: 10684 diff changeset	93
fc77d1cd1201 -login: Disconnect from auth server after idling for a minute. Timo Sirainen <tss@iki.fi>* parents: 10684 diff changeset	94 void login_client_destroyed(void)
fc77d1cd1201 -login: Disconnect from auth server after idling for a minute. Timo Sirainen <tss@iki.fi>* parents: 10684 diff changeset	95 {
fc77d1cd1201 -login: Disconnect from auth server after idling for a minute. Timo Sirainen <tss@iki.fi>* parents: 10684 diff changeset	96 if (clients == NULL && auth_client_to == NULL) {
fc77d1cd1201 -login: Disconnect from auth server after idling for a minute. Timo Sirainen <tss@iki.fi>* parents: 10684 diff changeset	97 auth_client_to = timeout_add(AUTH_CLIENT_IDLE_TIMEOUT_MSECS,
fc77d1cd1201 -login: Disconnect from auth server after idling for a minute. Timo Sirainen <tss@iki.fi>* parents: 10684 diff changeset	98 auth_client_idle_timeout,
fc77d1cd1201 -login: Disconnect from auth server after idling for a minute. Timo Sirainen <tss@iki.fi>* parents: 10684 diff changeset	99 auth_client);
fc77d1cd1201 -login: Disconnect from auth server after idling for a minute. Timo Sirainen <tss@iki.fi>* parents: 10684 diff changeset	100 }
fc77d1cd1201 -login: Disconnect from auth server after idling for a minute. Timo Sirainen <tss@iki.fi>* parents: 10684 diff changeset	101 }
fc77d1cd1201 -login: Disconnect from auth server after idling for a minute. Timo Sirainen <tss@iki.fi>* parents: 10684 diff changeset	102
10171 7f0ccd367351 Handle shutdown_clients globally for all services. Timo Sirainen <tss@iki.fi> parents: 10159 diff changeset	103 static void login_die(void)
7f0ccd367351 Handle shutdown_clients globally for all services. Timo Sirainen <tss@iki.fi> parents: 10159 diff changeset	104 {
10449 a164075ea33a -login: If we've a pending shutdown and auth connection gets lost, kill clients. Timo Sirainen <tss@iki.fi>* parents: 10300 diff changeset	105 shutting_down = TRUE;
10171 7f0ccd367351 Handle shutdown_clients globally for all services. Timo Sirainen <tss@iki.fi> parents: 10159 diff changeset	106 login_proxy_kill_idle();
10449 a164075ea33a -login: If we've a pending shutdown and auth connection gets lost, kill clients. Timo Sirainen <tss@iki.fi>* parents: 10300 diff changeset	107
10760 fc77d1cd1201 -login: Disconnect from auth server after idling for a minute. Timo Sirainen <tss@iki.fi>* parents: 10684 diff changeset	108 if (!auth_client_is_connected(auth_client)) {
10449 a164075ea33a -login: If we've a pending shutdown and auth connection gets lost, kill clients. Timo Sirainen <tss@iki.fi>* parents: 10300 diff changeset	109 /* we don't have auth client, and we might never get one */
a164075ea33a -login: If we've a pending shutdown and auth connection gets lost, kill clients. Timo Sirainen <tss@iki.fi>* parents: 10300 diff changeset	110 clients_destroy_all();
a164075ea33a -login: If we've a pending shutdown and auth connection gets lost, kill clients. Timo Sirainen <tss@iki.fi>* parents: 10300 diff changeset	111 }
10171 7f0ccd367351 Handle shutdown_clients globally for all services. Timo Sirainen <tss@iki.fi> parents: 10159 diff changeset	112 }
7f0ccd367351 Handle shutdown_clients globally for all services. Timo Sirainen <tss@iki.fi> parents: 10159 diff changeset	113
10647 51a978045f47 Added support for tcpwrappers and potentially other login access checks. Timo Sirainen <tss@iki.fi> parents: 10582 diff changeset	114 static void
51a978045f47 Added support for tcpwrappers and potentially other login access checks. Timo Sirainen <tss@iki.fi> parents: 10582 diff changeset	115 client_connected_finish(const struct master_service_connection *conn)
1049 c41787e8c3f4 Moved common login process code to login-common, created pop3-login. Timo Sirainen <tss@iki.fi> parents: diff changeset	116 {
2027 dc5d0da1abe9 Added ssl_require_client_cert auth-specific setting. Hide Timo Sirainen <tss@iki.fi> parents: 2000 diff changeset	117 struct client *client;
dc5d0da1abe9 Added ssl_require_client_cert auth-specific setting. Hide Timo Sirainen <tss@iki.fi> parents: 2000 diff changeset	118 struct ssl_proxy *proxy;
9283 02721ba17309 login processes: Added initial support for per-connection configuration. Timo Sirainen <tss@iki.fi> parents: 9235 diff changeset	119 const struct login_settings *set;
14728 983c6ff12cc9 Moved ssl_* settings from login-common to lib-master. Timo Sirainen <tss@iki.fi> parents: 14368 diff changeset	120 const struct master_service_ssl_settings *ssl_set;
9283 02721ba17309 login processes: Added initial support for per-connection configuration. Timo Sirainen <tss@iki.fi> parents: 9235 diff changeset	121 pool_t pool;
9159 6324a79d3ee1 Initial commit for v2.0 master rewrite. Several features are still missing. Timo Sirainen <tss@iki.fi> parents: 9046 diff changeset	122 int fd_ssl;
10111 9a71228ea41c imap-login: If imap_capability is set, use it. Timo Sirainen <tss@iki.fi> parents: 10101 diff changeset	123 void **other_sets;
1049 c41787e8c3f4 Moved common login process code to login-common, created pop3-login. Timo Sirainen <tss@iki.fi> parents: diff changeset	124
13642 402cff03919a login: Increased client's initial memory pool size. Timo Sirainen <tss@iki.fi> parents: 13539 diff changeset	125 pool = pool_alloconly_create("login client", 8*1024);
18950 a0e8c6b88072 lmtp, -login: Use ip/port values from struct master_service_connection instead of from the socket. Stephan Bosch <stephan@rename-it.nl>* parents: 18137 diff changeset	126 set = login_settings_read(pool, &conn->local_ip,
14728 983c6ff12cc9 Moved ssl_* settings from login-common to lib-master. Timo Sirainen <tss@iki.fi> parents: 14368 diff changeset	127 &conn->remote_ip, NULL, &ssl_set, &other_sets);
9283 02721ba17309 login processes: Added initial support for per-connection configuration. Timo Sirainen <tss@iki.fi> parents: 9235 diff changeset	128
9218 4a42f694b762 inet_listeners now support ssl=yes. For now only login processes support it. Timo Sirainen <tss@iki.fi> parents: 9159 diff changeset	129 if (!ssl_connections && !conn->ssl) {
18974 0f442376beae -login: Removed dead assignment to make static analyzer happy. Timo Sirainen <tss@iki.fi>* parents: 18950 diff changeset	130 (void)client_create(conn->fd, FALSE, pool, conn,
0f442376beae -login: Removed dead assignment to make static analyzer happy. Timo Sirainen <tss@iki.fi>* parents: 18950 diff changeset	131 set, ssl_set, other_sets);
9159 6324a79d3ee1 Initial commit for v2.0 master rewrite. Several features are still missing. Timo Sirainen <tss@iki.fi> parents: 9046 diff changeset	132 } else {
14728 983c6ff12cc9 Moved ssl_* settings from login-common to lib-master. Timo Sirainen <tss@iki.fi> parents: 14368 diff changeset	133 fd_ssl = ssl_proxy_alloc(conn->fd, &conn->remote_ip, pool,
983c6ff12cc9 Moved ssl_* settings from login-common to lib-master. Timo Sirainen <tss@iki.fi> parents: 14368 diff changeset	134 set, ssl_set, &proxy);
9159 6324a79d3ee1 Initial commit for v2.0 master rewrite. Several features are still missing. Timo Sirainen <tss@iki.fi> parents: 9046 diff changeset	135 if (fd_ssl == -1) {
6324a79d3ee1 Initial commit for v2.0 master rewrite. Several features are still missing. Timo Sirainen <tss@iki.fi> parents: 9046 diff changeset	136 net_disconnect(conn->fd);
9283 02721ba17309 login processes: Added initial support for per-connection configuration. Timo Sirainen <tss@iki.fi> parents: 9235 diff changeset	137 pool_unref(&pool);
10647 51a978045f47 Added support for tcpwrappers and potentially other login access checks. Timo Sirainen <tss@iki.fi> parents: 10582 diff changeset	138 master_service_client_connection_destroyed(master_service);
9159 6324a79d3ee1 Initial commit for v2.0 master rewrite. Several features are still missing. Timo Sirainen <tss@iki.fi> parents: 9046 diff changeset	139 return;
6324a79d3ee1 Initial commit for v2.0 master rewrite. Several features are still missing. Timo Sirainen <tss@iki.fi> parents: 9046 diff changeset	140 }
4538 9d9e72374164 Fixes to login process handling, especially with Timo Sirainen <tss@iki.fi> parents: 4253 diff changeset	141
18950 a0e8c6b88072 lmtp, -login: Use ip/port values from struct master_service_connection instead of from the socket. Stephan Bosch <stephan@rename-it.nl>* parents: 18137 diff changeset	142 client = client_create(fd_ssl, TRUE, pool, conn,
a0e8c6b88072 lmtp, -login: Use ip/port values from struct master_service_connection instead of from the socket. Stephan Bosch <stephan@rename-it.nl>* parents: 18137 diff changeset	143 set, ssl_set, other_sets);
9756 e30495ae11de -login: Moved most of the common code to login-common. Timo Sirainen <tss@iki.fi>* parents: 9448 diff changeset	144 client->ssl_proxy = proxy;
9929 d60fa42fbaac -login: Fixes to SSL/login proxy connection counting. Timo Sirainen <tss@iki.fi>* parents: 9923 diff changeset	145 ssl_proxy_set_client(proxy, client);
10224 3f1c47797dee ssl: Don't start handshake until client has been set. Timo Sirainen <tss@iki.fi> parents: 10198 diff changeset	146 ssl_proxy_start(proxy);
4538 9d9e72374164 Fixes to login process handling, especially with Timo Sirainen <tss@iki.fi> parents: 4253 diff changeset	147 }
9283 02721ba17309 login processes: Added initial support for per-connection configuration. Timo Sirainen <tss@iki.fi> parents: 9235 diff changeset	148
10760 fc77d1cd1201 -login: Disconnect from auth server after idling for a minute. Timo Sirainen <tss@iki.fi>* parents: 10684 diff changeset	149 if (auth_client_to != NULL)
fc77d1cd1201 -login: Disconnect from auth server after idling for a minute. Timo Sirainen <tss@iki.fi>* parents: 10684 diff changeset	150 timeout_remove(&auth_client_to);
4560 507088c0d511 Fixes for handling near-full connection queues. Timo Sirainen <tss@iki.fi> parents: 4553 diff changeset	151 }
507088c0d511 Fixes for handling near-full connection queues. Timo Sirainen <tss@iki.fi> parents: 4553 diff changeset	152
10647 51a978045f47 Added support for tcpwrappers and potentially other login access checks. Timo Sirainen <tss@iki.fi> parents: 10582 diff changeset	153 static void login_access_lookup_free(struct login_access_lookup *lookup)
51a978045f47 Added support for tcpwrappers and potentially other login access checks. Timo Sirainen <tss@iki.fi> parents: 10582 diff changeset	154 {
51a978045f47 Added support for tcpwrappers and potentially other login access checks. Timo Sirainen <tss@iki.fi> parents: 10582 diff changeset	155 if (lookup->io != NULL)
51a978045f47 Added support for tcpwrappers and potentially other login access checks. Timo Sirainen <tss@iki.fi> parents: 10582 diff changeset	156 io_remove(&lookup->io);
51a978045f47 Added support for tcpwrappers and potentially other login access checks. Timo Sirainen <tss@iki.fi> parents: 10582 diff changeset	157 if (lookup->access != NULL)
51a978045f47 Added support for tcpwrappers and potentially other login access checks. Timo Sirainen <tss@iki.fi> parents: 10582 diff changeset	158 access_lookup_destroy(&lookup->access);
51a978045f47 Added support for tcpwrappers and potentially other login access checks. Timo Sirainen <tss@iki.fi> parents: 10582 diff changeset	159 if (lookup->conn.fd != -1) {
51a978045f47 Added support for tcpwrappers and potentially other login access checks. Timo Sirainen <tss@iki.fi> parents: 10582 diff changeset	160 if (close(lookup->conn.fd) < 0)
51a978045f47 Added support for tcpwrappers and potentially other login access checks. Timo Sirainen <tss@iki.fi> parents: 10582 diff changeset	161 i_error("close(client) failed: %m");
51a978045f47 Added support for tcpwrappers and potentially other login access checks. Timo Sirainen <tss@iki.fi> parents: 10582 diff changeset	162 master_service_client_connection_destroyed(master_service);
51a978045f47 Added support for tcpwrappers and potentially other login access checks. Timo Sirainen <tss@iki.fi> parents: 10582 diff changeset	163 }
51a978045f47 Added support for tcpwrappers and potentially other login access checks. Timo Sirainen <tss@iki.fi> parents: 10582 diff changeset	164
51a978045f47 Added support for tcpwrappers and potentially other login access checks. Timo Sirainen <tss@iki.fi> parents: 10582 diff changeset	165 p_strsplit_free(default_pool, lookup->sockets);
51a978045f47 Added support for tcpwrappers and potentially other login access checks. Timo Sirainen <tss@iki.fi> parents: 10582 diff changeset	166 i_free(lookup);
51a978045f47 Added support for tcpwrappers and potentially other login access checks. Timo Sirainen <tss@iki.fi> parents: 10582 diff changeset	167 }
51a978045f47 Added support for tcpwrappers and potentially other login access checks. Timo Sirainen <tss@iki.fi> parents: 10582 diff changeset	168
51a978045f47 Added support for tcpwrappers and potentially other login access checks. Timo Sirainen <tss@iki.fi> parents: 10582 diff changeset	169 static void login_access_callback(bool success, void *context)
51a978045f47 Added support for tcpwrappers and potentially other login access checks. Timo Sirainen <tss@iki.fi> parents: 10582 diff changeset	170 {
51a978045f47 Added support for tcpwrappers and potentially other login access checks. Timo Sirainen <tss@iki.fi> parents: 10582 diff changeset	171 struct login_access_lookup *lookup = context;
51a978045f47 Added support for tcpwrappers and potentially other login access checks. Timo Sirainen <tss@iki.fi> parents: 10582 diff changeset	172
51a978045f47 Added support for tcpwrappers and potentially other login access checks. Timo Sirainen <tss@iki.fi> parents: 10582 diff changeset	173 if (!success) {
51a978045f47 Added support for tcpwrappers and potentially other login access checks. Timo Sirainen <tss@iki.fi> parents: 10582 diff changeset	174 i_info("access(%s): Client refused (rip=%s)",
51a978045f47 Added support for tcpwrappers and potentially other login access checks. Timo Sirainen <tss@iki.fi> parents: 10582 diff changeset	175 *lookup->next_socket,
51a978045f47 Added support for tcpwrappers and potentially other login access checks. Timo Sirainen <tss@iki.fi> parents: 10582 diff changeset	176 net_ip2addr(&lookup->conn.remote_ip));
51a978045f47 Added support for tcpwrappers and potentially other login access checks. Timo Sirainen <tss@iki.fi> parents: 10582 diff changeset	177 login_access_lookup_free(lookup);
51a978045f47 Added support for tcpwrappers and potentially other login access checks. Timo Sirainen <tss@iki.fi> parents: 10582 diff changeset	178 } else {
51a978045f47 Added support for tcpwrappers and potentially other login access checks. Timo Sirainen <tss@iki.fi> parents: 10582 diff changeset	179 lookup->next_socket++;
51a978045f47 Added support for tcpwrappers and potentially other login access checks. Timo Sirainen <tss@iki.fi> parents: 10582 diff changeset	180 login_access_lookup_next(lookup);
51a978045f47 Added support for tcpwrappers and potentially other login access checks. Timo Sirainen <tss@iki.fi> parents: 10582 diff changeset	181 }
51a978045f47 Added support for tcpwrappers and potentially other login access checks. Timo Sirainen <tss@iki.fi> parents: 10582 diff changeset	182 }
51a978045f47 Added support for tcpwrappers and potentially other login access checks. Timo Sirainen <tss@iki.fi> parents: 10582 diff changeset	183
51a978045f47 Added support for tcpwrappers and potentially other login access checks. Timo Sirainen <tss@iki.fi> parents: 10582 diff changeset	184 static void login_access_lookup_next(struct login_access_lookup *lookup)
51a978045f47 Added support for tcpwrappers and potentially other login access checks. Timo Sirainen <tss@iki.fi> parents: 10582 diff changeset	185 {
51a978045f47 Added support for tcpwrappers and potentially other login access checks. Timo Sirainen <tss@iki.fi> parents: 10582 diff changeset	186 if (*lookup->next_socket == NULL) {
51a978045f47 Added support for tcpwrappers and potentially other login access checks. Timo Sirainen <tss@iki.fi> parents: 10582 diff changeset	187 /* last one */
10682 9f0c4800cb13 login: tcpwrappers change caused crashes at startup. Timo Sirainen <tss@iki.fi> parents: 10647 diff changeset	188 if (lookup->io != NULL)
9f0c4800cb13 login: tcpwrappers change caused crashes at startup. Timo Sirainen <tss@iki.fi> parents: 10647 diff changeset	189 io_remove(&lookup->io);
10647 51a978045f47 Added support for tcpwrappers and potentially other login access checks. Timo Sirainen <tss@iki.fi> parents: 10582 diff changeset	190 client_connected_finish(&lookup->conn);
51a978045f47 Added support for tcpwrappers and potentially other login access checks. Timo Sirainen <tss@iki.fi> parents: 10582 diff changeset	191 lookup->conn.fd = -1;
51a978045f47 Added support for tcpwrappers and potentially other login access checks. Timo Sirainen <tss@iki.fi> parents: 10582 diff changeset	192 login_access_lookup_free(lookup);
51a978045f47 Added support for tcpwrappers and potentially other login access checks. Timo Sirainen <tss@iki.fi> parents: 10582 diff changeset	193 return;
51a978045f47 Added support for tcpwrappers and potentially other login access checks. Timo Sirainen <tss@iki.fi> parents: 10582 diff changeset	194 }
51a978045f47 Added support for tcpwrappers and potentially other login access checks. Timo Sirainen <tss@iki.fi> parents: 10582 diff changeset	195 lookup->access = access_lookup(*lookup->next_socket, lookup->conn.fd,
12890 6f0396e35fd9 login-common API redesign so that the library doesn't refer to nonexistent variables. Timo Sirainen <tss@iki.fi> parents: 12782 diff changeset	196 login_binary->protocol,
11156 57e53ecebbd3 login: Keep binary-specific defaults in a struct. Timo Sirainen <tss@iki.fi> parents: 10793 diff changeset	197 login_access_callback, lookup);
10647 51a978045f47 Added support for tcpwrappers and potentially other login access checks. Timo Sirainen <tss@iki.fi> parents: 10582 diff changeset	198 if (lookup->access == NULL)
51a978045f47 Added support for tcpwrappers and potentially other login access checks. Timo Sirainen <tss@iki.fi> parents: 10582 diff changeset	199 login_access_lookup_free(lookup);
51a978045f47 Added support for tcpwrappers and potentially other login access checks. Timo Sirainen <tss@iki.fi> parents: 10582 diff changeset	200 }
51a978045f47 Added support for tcpwrappers and potentially other login access checks. Timo Sirainen <tss@iki.fi> parents: 10582 diff changeset	201
51a978045f47 Added support for tcpwrappers and potentially other login access checks. Timo Sirainen <tss@iki.fi> parents: 10582 diff changeset	202 static void client_input_error(struct login_access_lookup *lookup)
51a978045f47 Added support for tcpwrappers and potentially other login access checks. Timo Sirainen <tss@iki.fi> parents: 10582 diff changeset	203 {
51a978045f47 Added support for tcpwrappers and potentially other login access checks. Timo Sirainen <tss@iki.fi> parents: 10582 diff changeset	204 char c;
51a978045f47 Added support for tcpwrappers and potentially other login access checks. Timo Sirainen <tss@iki.fi> parents: 10582 diff changeset	205 int ret;
51a978045f47 Added support for tcpwrappers and potentially other login access checks. Timo Sirainen <tss@iki.fi> parents: 10582 diff changeset	206
51a978045f47 Added support for tcpwrappers and potentially other login access checks. Timo Sirainen <tss@iki.fi> parents: 10582 diff changeset	207 ret = recv(lookup->conn.fd, &c, 1, MSG_PEEK);
51a978045f47 Added support for tcpwrappers and potentially other login access checks. Timo Sirainen <tss@iki.fi> parents: 10582 diff changeset	208 if (ret <= 0) {
51a978045f47 Added support for tcpwrappers and potentially other login access checks. Timo Sirainen <tss@iki.fi> parents: 10582 diff changeset	209 i_info("access(%s): Client disconnected during lookup (rip=%s)",
51a978045f47 Added support for tcpwrappers and potentially other login access checks. Timo Sirainen <tss@iki.fi> parents: 10582 diff changeset	210 *lookup->next_socket,
51a978045f47 Added support for tcpwrappers and potentially other login access checks. Timo Sirainen <tss@iki.fi> parents: 10582 diff changeset	211 net_ip2addr(&lookup->conn.remote_ip));
51a978045f47 Added support for tcpwrappers and potentially other login access checks. Timo Sirainen <tss@iki.fi> parents: 10582 diff changeset	212 login_access_lookup_free(lookup);
51a978045f47 Added support for tcpwrappers and potentially other login access checks. Timo Sirainen <tss@iki.fi> parents: 10582 diff changeset	213 } else {
51a978045f47 Added support for tcpwrappers and potentially other login access checks. Timo Sirainen <tss@iki.fi> parents: 10582 diff changeset	214 /* actual input. stop listening until lookup is done. */
51a978045f47 Added support for tcpwrappers and potentially other login access checks. Timo Sirainen <tss@iki.fi> parents: 10582 diff changeset	215 io_remove(&lookup->io);
51a978045f47 Added support for tcpwrappers and potentially other login access checks. Timo Sirainen <tss@iki.fi> parents: 10582 diff changeset	216 }
51a978045f47 Added support for tcpwrappers and potentially other login access checks. Timo Sirainen <tss@iki.fi> parents: 10582 diff changeset	217 }
51a978045f47 Added support for tcpwrappers and potentially other login access checks. Timo Sirainen <tss@iki.fi> parents: 10582 diff changeset	218
11388 b8d3c96e61a7 lib-master API changed to avoid accidentally leaking client connections. Timo Sirainen <tss@iki.fi> parents: 11324 diff changeset	219 static void client_connected(struct master_service_connection *conn)
10647 51a978045f47 Added support for tcpwrappers and potentially other login access checks. Timo Sirainen <tss@iki.fi> parents: 10582 diff changeset	220 {
51a978045f47 Added support for tcpwrappers and potentially other login access checks. Timo Sirainen <tss@iki.fi> parents: 10582 diff changeset	221 const char *access_sockets =
51a978045f47 Added support for tcpwrappers and potentially other login access checks. Timo Sirainen <tss@iki.fi> parents: 10582 diff changeset	222 global_login_settings->login_access_sockets;
51a978045f47 Added support for tcpwrappers and potentially other login access checks. Timo Sirainen <tss@iki.fi> parents: 10582 diff changeset	223 struct login_access_lookup *lookup;
51a978045f47 Added support for tcpwrappers and potentially other login access checks. Timo Sirainen <tss@iki.fi> parents: 10582 diff changeset	224
11388 b8d3c96e61a7 lib-master API changed to avoid accidentally leaking client connections. Timo Sirainen <tss@iki.fi> parents: 11324 diff changeset	225 master_service_client_connection_accept(conn);
13819 d9ad41825a34 login: Send the last connected client's IP address to log process. Timo Sirainen <tss@iki.fi> parents: 13739 diff changeset	226 if (conn->remote_ip.family != 0) {
d9ad41825a34 login: Send the last connected client's IP address to log process. Timo Sirainen <tss@iki.fi> parents: 13739 diff changeset	227 /* log the connection's IP address in case we crash. it's of
d9ad41825a34 login: Send the last connected client's IP address to log process. Timo Sirainen <tss@iki.fi> parents: 13739 diff changeset	228 course possible that another earlier client causes the
d9ad41825a34 login: Send the last connected client's IP address to log process. Timo Sirainen <tss@iki.fi> parents: 13739 diff changeset	229 crash, but this is better than nothing. */
d9ad41825a34 login: Send the last connected client's IP address to log process. Timo Sirainen <tss@iki.fi> parents: 13739 diff changeset	230 i_set_failure_send_ip(&conn->remote_ip);
d9ad41825a34 login: Send the last connected client's IP address to log process. Timo Sirainen <tss@iki.fi> parents: 13739 diff changeset	231 }
11388 b8d3c96e61a7 lib-master API changed to avoid accidentally leaking client connections. Timo Sirainen <tss@iki.fi> parents: 11324 diff changeset	232
10767 ce1dd7328b20 -login: If we disconnect from auth server, make sure we reconnect back when necessary. Timo Sirainen <tss@iki.fi>* parents: 10760 diff changeset	233 /* make sure we're connected (or attempting to connect) to auth */
ce1dd7328b20 -login: If we disconnect from auth server, make sure we reconnect back when necessary. Timo Sirainen <tss@iki.fi>* parents: 10760 diff changeset	234 auth_client_connect(auth_client);
ce1dd7328b20 -login: If we disconnect from auth server, make sure we reconnect back when necessary. Timo Sirainen <tss@iki.fi>* parents: 10760 diff changeset	235
10647 51a978045f47 Added support for tcpwrappers and potentially other login access checks. Timo Sirainen <tss@iki.fi> parents: 10582 diff changeset	236 if (*access_sockets == '\0') {
51a978045f47 Added support for tcpwrappers and potentially other login access checks. Timo Sirainen <tss@iki.fi> parents: 10582 diff changeset	237 /* no access checks */
51a978045f47 Added support for tcpwrappers and potentially other login access checks. Timo Sirainen <tss@iki.fi> parents: 10582 diff changeset	238 client_connected_finish(conn);
51a978045f47 Added support for tcpwrappers and potentially other login access checks. Timo Sirainen <tss@iki.fi> parents: 10582 diff changeset	239 return;
51a978045f47 Added support for tcpwrappers and potentially other login access checks. Timo Sirainen <tss@iki.fi> parents: 10582 diff changeset	240 }
51a978045f47 Added support for tcpwrappers and potentially other login access checks. Timo Sirainen <tss@iki.fi> parents: 10582 diff changeset	241
51a978045f47 Added support for tcpwrappers and potentially other login access checks. Timo Sirainen <tss@iki.fi> parents: 10582 diff changeset	242 lookup = i_new(struct login_access_lookup, 1);
51a978045f47 Added support for tcpwrappers and potentially other login access checks. Timo Sirainen <tss@iki.fi> parents: 10582 diff changeset	243 lookup->conn = *conn;
51a978045f47 Added support for tcpwrappers and potentially other login access checks. Timo Sirainen <tss@iki.fi> parents: 10582 diff changeset	244 lookup->io = io_add(conn->fd, IO_READ, client_input_error, lookup);
51a978045f47 Added support for tcpwrappers and potentially other login access checks. Timo Sirainen <tss@iki.fi> parents: 10582 diff changeset	245 lookup->sockets = p_strsplit_spaces(default_pool, access_sockets, " ");
51a978045f47 Added support for tcpwrappers and potentially other login access checks. Timo Sirainen <tss@iki.fi> parents: 10582 diff changeset	246 lookup->next_socket = lookup->sockets;
51a978045f47 Added support for tcpwrappers and potentially other login access checks. Timo Sirainen <tss@iki.fi> parents: 10582 diff changeset	247
51a978045f47 Added support for tcpwrappers and potentially other login access checks. Timo Sirainen <tss@iki.fi> parents: 10582 diff changeset	248 login_access_lookup_next(lookup);
51a978045f47 Added support for tcpwrappers and potentially other login access checks. Timo Sirainen <tss@iki.fi> parents: 10582 diff changeset	249 }
51a978045f47 Added support for tcpwrappers and potentially other login access checks. Timo Sirainen <tss@iki.fi> parents: 10582 diff changeset	250
6411 6a64e64fa3a3 Renamed __attr___ to ATTR_. Renamed __attrs_used__ to ATTRS_DEFINED. Timo Sirainen <tss@iki.fi> parents: 5887 diff changeset	251 static void auth_connect_notify(struct auth_client *client ATTR_UNUSED,
6a64e64fa3a3 Renamed __attr___ to ATTR_. Renamed __attrs_used__ to ATTRS_DEFINED. Timo Sirainen <tss@iki.fi> parents: 5887 diff changeset	252 bool connected, void *context ATTR_UNUSED)
1702 43815588dd6b Moved client side code for auth process handling to lib-auth. Some other login process cleanups. Timo Sirainen <tss@iki.fi> parents: 1629 diff changeset	253 {
14171 4462ceb09c0d login: If auth client disconnects without having ever succeeded, destroy clients. Timo Sirainen <tss@iki.fi> parents: 14133 diff changeset	254 if (connected) {
4462ceb09c0d login: If auth client disconnects without having ever succeeded, destroy clients. Timo Sirainen <tss@iki.fi> parents: 14133 diff changeset	255 auth_connected_once = TRUE;
10449 a164075ea33a -login: If we've a pending shutdown and auth connection gets lost, kill clients. Timo Sirainen <tss@iki.fi>* parents: 10300 diff changeset	256 clients_notify_auth_connected();
14171 4462ceb09c0d login: If auth client disconnects without having ever succeeded, destroy clients. Timo Sirainen <tss@iki.fi> parents: 14133 diff changeset	257 } else if (shutting_down)
10449 a164075ea33a -login: If we've a pending shutdown and auth connection gets lost, kill clients. Timo Sirainen <tss@iki.fi>* parents: 10300 diff changeset	258 clients_destroy_all();
14171 4462ceb09c0d login: If auth client disconnects without having ever succeeded, destroy clients. Timo Sirainen <tss@iki.fi> parents: 14133 diff changeset	259 else if (!auth_connected_once) {
4462ceb09c0d login: If auth client disconnects without having ever succeeded, destroy clients. Timo Sirainen <tss@iki.fi> parents: 14133 diff changeset	260 /* auth disconnected without having ever succeeded, so the
4462ceb09c0d login: If auth client disconnects without having ever succeeded, destroy clients. Timo Sirainen <tss@iki.fi> parents: 14133 diff changeset	261 auth process is probably misconfigured. no point in
4462ceb09c0d login: If auth client disconnects without having ever succeeded, destroy clients. Timo Sirainen <tss@iki.fi> parents: 14133 diff changeset	262 keeping the client connections hanging. */
4462ceb09c0d login: If auth client disconnects without having ever succeeded, destroy clients. Timo Sirainen <tss@iki.fi> parents: 14133 diff changeset	263 clients_destroy_all_reason("Disconnected: Auth process broken");
4462ceb09c0d login: If auth client disconnects without having ever succeeded, destroy clients. Timo Sirainen <tss@iki.fi> parents: 14133 diff changeset	264 }
1702 43815588dd6b Moved client side code for auth process handling to lib-auth. Some other login process cleanups. Timo Sirainen <tss@iki.fi> parents: 1629 diff changeset	265 }
43815588dd6b Moved client side code for auth process handling to lib-auth. Some other login process cleanups. Timo Sirainen <tss@iki.fi> parents: 1629 diff changeset	266
10266 e99c02873d8c -login: Use new anvil library to do async anvil lookups. Timo Sirainen <tss@iki.fi>* parents: 10225 diff changeset	267 static bool anvil_reconnect_callback(void)
9235 2e2b957f1cca Implemented anvil service, which is used to implement mail_max_userip_connections. Timo Sirainen <tss@iki.fi> parents: 9218 diff changeset	268 {
14185 119195278272 login: Added comment. Timo Sirainen <tss@iki.fi> parents: 14171 diff changeset	269 /* we got disconnected from anvil. we can't reconnect to it since we're
119195278272 login: Added comment. Timo Sirainen <tss@iki.fi> parents: 14171 diff changeset	270 chrooted, so just die after we've finished handling the current
119195278272 login: Added comment. Timo Sirainen <tss@iki.fi> parents: 14171 diff changeset	271 connections. */
10266 e99c02873d8c -login: Use new anvil library to do async anvil lookups. Timo Sirainen <tss@iki.fi>* parents: 10225 diff changeset	272 master_service_stop_new_connections(master_service);
e99c02873d8c -login: Use new anvil library to do async anvil lookups. Timo Sirainen <tss@iki.fi>* parents: 10225 diff changeset	273 return FALSE;
9235 2e2b957f1cca Implemented anvil service, which is used to implement mail_max_userip_connections. Timo Sirainen <tss@iki.fi> parents: 9218 diff changeset	274 }
2e2b957f1cca Implemented anvil service, which is used to implement mail_max_userip_connections. Timo Sirainen <tss@iki.fi> parents: 9218 diff changeset	275
21925 eb3ae53f8ac0 -login: Move code to login_anvil_init() Timo Sirainen <timo.sirainen@dovecot.fi>* parents: 21741 diff changeset	276 void login_anvil_init(void)
eb3ae53f8ac0 -login: Move code to login_anvil_init() Timo Sirainen <timo.sirainen@dovecot.fi>* parents: 21741 diff changeset	277 {
eb3ae53f8ac0 -login: Move code to login_anvil_init() Timo Sirainen <timo.sirainen@dovecot.fi>* parents: 21741 diff changeset	278 if (anvil != NULL)
eb3ae53f8ac0 -login: Move code to login_anvil_init() Timo Sirainen <timo.sirainen@dovecot.fi>* parents: 21741 diff changeset	279 return;
eb3ae53f8ac0 -login: Move code to login_anvil_init() Timo Sirainen <timo.sirainen@dovecot.fi>* parents: 21741 diff changeset	280
eb3ae53f8ac0 -login: Move code to login_anvil_init() Timo Sirainen <timo.sirainen@dovecot.fi>* parents: 21741 diff changeset	281 anvil = anvil_client_init("anvil", anvil_reconnect_callback, 0);
eb3ae53f8ac0 -login: Move code to login_anvil_init() Timo Sirainen <timo.sirainen@dovecot.fi>* parents: 21741 diff changeset	282 if (anvil_client_connect(anvil, TRUE) < 0)
eb3ae53f8ac0 -login: Move code to login_anvil_init() Timo Sirainen <timo.sirainen@dovecot.fi>* parents: 21741 diff changeset	283 i_fatal("Couldn't connect to anvil");
eb3ae53f8ac0 -login: Move code to login_anvil_init() Timo Sirainen <timo.sirainen@dovecot.fi>* parents: 21741 diff changeset	284 }
eb3ae53f8ac0 -login: Move code to login_anvil_init() Timo Sirainen <timo.sirainen@dovecot.fi>* parents: 21741 diff changeset	285
17504 b6733f4777f1 login proxy: Added login_source_ips setting. Timo Sirainen <tss@iki.fi> parents: 17130 diff changeset	286 static const struct ip_addr *
b6733f4777f1 login proxy: Added login_source_ips setting. Timo Sirainen <tss@iki.fi> parents: 17130 diff changeset	287 parse_login_source_ips(const char ips_str, unsigned int count_r)
b6733f4777f1 login proxy: Added login_source_ips setting. Timo Sirainen <tss@iki.fi> parents: 17130 diff changeset	288 {
b6733f4777f1 login proxy: Added login_source_ips setting. Timo Sirainen <tss@iki.fi> parents: 17130 diff changeset	289 ARRAY(struct ip_addr) ips;
b6733f4777f1 login proxy: Added login_source_ips setting. Timo Sirainen <tss@iki.fi> parents: 17130 diff changeset	290 const char const tmp;
b6733f4777f1 login proxy: Added login_source_ips setting. Timo Sirainen <tss@iki.fi> parents: 17130 diff changeset	291 struct ip_addr *tmp_ips;
b6733f4777f1 login proxy: Added login_source_ips setting. Timo Sirainen <tss@iki.fi> parents: 17130 diff changeset	292 bool skip_nonworking = FALSE;
b6733f4777f1 login proxy: Added login_source_ips setting. Timo Sirainen <tss@iki.fi> parents: 17130 diff changeset	293 unsigned int i, tmp_ips_count;
b6733f4777f1 login proxy: Added login_source_ips setting. Timo Sirainen <tss@iki.fi> parents: 17130 diff changeset	294 int ret;
b6733f4777f1 login proxy: Added login_source_ips setting. Timo Sirainen <tss@iki.fi> parents: 17130 diff changeset	295
b6733f4777f1 login proxy: Added login_source_ips setting. Timo Sirainen <tss@iki.fi> parents: 17130 diff changeset	296 if (ips_str[0] == '?') {
b6733f4777f1 login proxy: Added login_source_ips setting. Timo Sirainen <tss@iki.fi> parents: 17130 diff changeset	297 /* try binding to the IP immediately. if it doesn't
b6733f4777f1 login proxy: Added login_source_ips setting. Timo Sirainen <tss@iki.fi> parents: 17130 diff changeset	298 work, skip it. (this allows using the same config file for
b6733f4777f1 login proxy: Added login_source_ips setting. Timo Sirainen <tss@iki.fi> parents: 17130 diff changeset	299 all the servers.) */
b6733f4777f1 login proxy: Added login_source_ips setting. Timo Sirainen <tss@iki.fi> parents: 17130 diff changeset	300 skip_nonworking = TRUE;
b6733f4777f1 login proxy: Added login_source_ips setting. Timo Sirainen <tss@iki.fi> parents: 17130 diff changeset	301 ips_str++;
b6733f4777f1 login proxy: Added login_source_ips setting. Timo Sirainen <tss@iki.fi> parents: 17130 diff changeset	302 }
b6733f4777f1 login proxy: Added login_source_ips setting. Timo Sirainen <tss@iki.fi> parents: 17130 diff changeset	303 t_array_init(&ips, 4);
b6733f4777f1 login proxy: Added login_source_ips setting. Timo Sirainen <tss@iki.fi> parents: 17130 diff changeset	304 for (tmp = t_strsplit_spaces(ips_str, ", "); *tmp != NULL; tmp++) {
b6733f4777f1 login proxy: Added login_source_ips setting. Timo Sirainen <tss@iki.fi> parents: 17130 diff changeset	305 ret = net_gethostbyname(*tmp, &tmp_ips, &tmp_ips_count);
b6733f4777f1 login proxy: Added login_source_ips setting. Timo Sirainen <tss@iki.fi> parents: 17130 diff changeset	306 if (ret != 0) {
b6733f4777f1 login proxy: Added login_source_ips setting. Timo Sirainen <tss@iki.fi> parents: 17130 diff changeset	307 i_error("login_source_ips: net_gethostbyname(%s) failed: %s",
b6733f4777f1 login proxy: Added login_source_ips setting. Timo Sirainen <tss@iki.fi> parents: 17130 diff changeset	308 *tmp, net_gethosterror(ret));
b6733f4777f1 login proxy: Added login_source_ips setting. Timo Sirainen <tss@iki.fi> parents: 17130 diff changeset	309 continue;
b6733f4777f1 login proxy: Added login_source_ips setting. Timo Sirainen <tss@iki.fi> parents: 17130 diff changeset	310 }
b6733f4777f1 login proxy: Added login_source_ips setting. Timo Sirainen <tss@iki.fi> parents: 17130 diff changeset	311 for (i = 0; i < tmp_ips_count; i++) {
b6733f4777f1 login proxy: Added login_source_ips setting. Timo Sirainen <tss@iki.fi> parents: 17130 diff changeset	312 if (skip_nonworking && net_try_bind(&tmp_ips[i]) < 0)
b6733f4777f1 login proxy: Added login_source_ips setting. Timo Sirainen <tss@iki.fi> parents: 17130 diff changeset	313 continue;
b6733f4777f1 login proxy: Added login_source_ips setting. Timo Sirainen <tss@iki.fi> parents: 17130 diff changeset	314 array_append(&ips, &tmp_ips[i], 1);
b6733f4777f1 login proxy: Added login_source_ips setting. Timo Sirainen <tss@iki.fi> parents: 17130 diff changeset	315 }
b6733f4777f1 login proxy: Added login_source_ips setting. Timo Sirainen <tss@iki.fi> parents: 17130 diff changeset	316 }
b6733f4777f1 login proxy: Added login_source_ips setting. Timo Sirainen <tss@iki.fi> parents: 17130 diff changeset	317 return array_get(&ips, count_r);
b6733f4777f1 login proxy: Added login_source_ips setting. Timo Sirainen <tss@iki.fi> parents: 17130 diff changeset	318 }
b6733f4777f1 login proxy: Added login_source_ips setting. Timo Sirainen <tss@iki.fi> parents: 17130 diff changeset	319
19567 11b714c6c31c -login: Added login_plugins and login_plugin_dir settings. Timo Sirainen <timo.sirainen@dovecot.fi>* parents: 19565 diff changeset	320 static void login_load_modules(void)
11b714c6c31c -login: Added login_plugins and login_plugin_dir settings. Timo Sirainen <timo.sirainen@dovecot.fi>* parents: 19565 diff changeset	321 {
11b714c6c31c -login: Added login_plugins and login_plugin_dir settings. Timo Sirainen <timo.sirainen@dovecot.fi>* parents: 19565 diff changeset	322 struct module_dir_load_settings mod_set;
11b714c6c31c -login: Added login_plugins and login_plugin_dir settings. Timo Sirainen <timo.sirainen@dovecot.fi>* parents: 19565 diff changeset	323
11b714c6c31c -login: Added login_plugins and login_plugin_dir settings. Timo Sirainen <timo.sirainen@dovecot.fi>* parents: 19565 diff changeset	324 if (global_login_settings->login_plugins[0] == '\0')
11b714c6c31c -login: Added login_plugins and login_plugin_dir settings. Timo Sirainen <timo.sirainen@dovecot.fi>* parents: 19565 diff changeset	325 return;
11b714c6c31c -login: Added login_plugins and login_plugin_dir settings. Timo Sirainen <timo.sirainen@dovecot.fi>* parents: 19565 diff changeset	326
21389 59437f8764c6 global: Replaced all instances of memset(p, 0, sizeof(p)) with the new i_zero() macro. Stephan Bosch <stephan.bosch@dovecot.fi>* parents: 21000 diff changeset	327 i_zero(&mod_set);
19567 11b714c6c31c -login: Added login_plugins and login_plugin_dir settings. Timo Sirainen <timo.sirainen@dovecot.fi>* parents: 19565 diff changeset	328 mod_set.abi_version = DOVECOT_ABI_VERSION;
11b714c6c31c -login: Added login_plugins and login_plugin_dir settings. Timo Sirainen <timo.sirainen@dovecot.fi>* parents: 19565 diff changeset	329 mod_set.binary_name = login_binary->process_name;
19588 3ad2efd7e247 -login: Typofix for login_plugins error messages. Timo Sirainen <timo.sirainen@dovecot.fi>* parents: 19572 diff changeset	330 mod_set.setting_name = "login_plugins";
19567 11b714c6c31c -login: Added login_plugins and login_plugin_dir settings. Timo Sirainen <timo.sirainen@dovecot.fi>* parents: 19565 diff changeset	331 mod_set.require_init_funcs = TRUE;
11b714c6c31c -login: Added login_plugins and login_plugin_dir settings. Timo Sirainen <timo.sirainen@dovecot.fi>* parents: 19565 diff changeset	332 mod_set.debug = login_debug;
11b714c6c31c -login: Added login_plugins and login_plugin_dir settings. Timo Sirainen <timo.sirainen@dovecot.fi>* parents: 19565 diff changeset	333
11b714c6c31c -login: Added login_plugins and login_plugin_dir settings. Timo Sirainen <timo.sirainen@dovecot.fi>* parents: 19565 diff changeset	334 modules = module_dir_load(global_login_settings->login_plugin_dir,
11b714c6c31c -login: Added login_plugins and login_plugin_dir settings. Timo Sirainen <timo.sirainen@dovecot.fi>* parents: 19565 diff changeset	335 global_login_settings->login_plugins,
11b714c6c31c -login: Added login_plugins and login_plugin_dir settings. Timo Sirainen <timo.sirainen@dovecot.fi>* parents: 19565 diff changeset	336 &mod_set);
11b714c6c31c -login: Added login_plugins and login_plugin_dir settings. Timo Sirainen <timo.sirainen@dovecot.fi>* parents: 19565 diff changeset	337 module_dir_init(modules);
11b714c6c31c -login: Added login_plugins and login_plugin_dir settings. Timo Sirainen <timo.sirainen@dovecot.fi>* parents: 19565 diff changeset	338 }
11b714c6c31c -login: Added login_plugins and login_plugin_dir settings. Timo Sirainen <timo.sirainen@dovecot.fi>* parents: 19565 diff changeset	339
19565 103896524313 -login: Changed -D parameter to mean a more generic login_debug option. Timo Sirainen <timo.sirainen@dovecot.fi>* parents: 19552 diff changeset	340 static void main_preinit(void)
1049 c41787e8c3f4 Moved common login process code to login-common, created pop3-login. Timo Sirainen <tss@iki.fi> parents: diff changeset	341 {
9159 6324a79d3ee1 Initial commit for v2.0 master rewrite. Several features are still missing. Timo Sirainen <tss@iki.fi> parents: 9046 diff changeset	342 unsigned int max_fds;
9002 9d0037a997f4 Initial commit for config rewrite. Timo Sirainen <tss@iki.fi> parents: 8678 diff changeset	343
9159 6324a79d3ee1 Initial commit for v2.0 master rewrite. Several features are still missing. Timo Sirainen <tss@iki.fi> parents: 9046 diff changeset	344 random_init();
1049 c41787e8c3f4 Moved common login process code to login-common, created pop3-login. Timo Sirainen <tss@iki.fi> parents: diff changeset	345 /* Initialize SSL proxy so it can read certificate and private
c41787e8c3f4 Moved common login process code to login-common, created pop3-login. Timo Sirainen <tss@iki.fi> parents: diff changeset	346 key file. */
c41787e8c3f4 Moved common login process code to login-common, created pop3-login. Timo Sirainen <tss@iki.fi> parents: diff changeset	347 ssl_proxy_init();
16555 2dd27b0e7e49 lib-sasl: Use dsasl_ prefix so we don't conflict with Cyrus SASL library. Timo Sirainen <tss@iki.fi> parents: 16487 diff changeset	348 dsasl_clients_init();
21741 ad2aa897a8d7 -login: Change API for how login_plugins hook into client allocation. Timo Sirainen <timo.sirainen@dovecot.fi>* parents: 21390 diff changeset	349 client_common_init();
1049 c41787e8c3f4 Moved common login process code to login-common, created pop3-login. Timo Sirainen <tss@iki.fi> parents: diff changeset	350
7852 53604857c7d2 Change fd limit in login process after it's execed. This fixes OSes which Timo Sirainen <tss@iki.fi> parents: 7203 diff changeset	351 /* set the number of fds we want to use. it may get increased or
8073 f27ecc07d93a login processes: Another try at setting the correct fd limit. Timo Sirainen <tss@iki.fi> parents: 8072 diff changeset	352 decreased. leave a couple of extra fds for auth sockets and such.
9923 77228b5431e1 -login: Fixed dropping oldest connection when reaching all limits. Timo Sirainen <tss@iki.fi>* parents: 9912 diff changeset	353
77228b5431e1 -login: Fixed dropping oldest connection when reaching all limits. Timo Sirainen <tss@iki.fi>* parents: 9912 diff changeset	354 worst case each connection can use:
77228b5431e1 -login: Fixed dropping oldest connection when reaching all limits. Timo Sirainen <tss@iki.fi>* parents: 9912 diff changeset	355
77228b5431e1 -login: Fixed dropping oldest connection when reaching all limits. Timo Sirainen <tss@iki.fi>* parents: 9912 diff changeset	356 - 1 for client
77228b5431e1 -login: Fixed dropping oldest connection when reaching all limits. Timo Sirainen <tss@iki.fi>* parents: 9912 diff changeset	357 - 1 for login proxy
77228b5431e1 -login: Fixed dropping oldest connection when reaching all limits. Timo Sirainen <tss@iki.fi>* parents: 9912 diff changeset	358 - 2 for client-side ssl proxy
77228b5431e1 -login: Fixed dropping oldest connection when reaching all limits. Timo Sirainen <tss@iki.fi>* parents: 9912 diff changeset	359 - 2 for server-side ssl proxy (with login proxy)
21000 5782e4451c81 -login: Removed enforcing maximum calculated fd limit. Timo Sirainen <timo.sirainen@dovecot.fi>* parents: 20840 diff changeset	360
5782e4451c81 -login: Removed enforcing maximum calculated fd limit. Timo Sirainen <timo.sirainen@dovecot.fi>* parents: 20840 diff changeset	361 However, login process nowadays supports plugins, there are rawlogs
5782e4451c81 -login: Removed enforcing maximum calculated fd limit. Timo Sirainen <timo.sirainen@dovecot.fi>* parents: 20840 diff changeset	362 and so on. Don't enforce the fd limit anymore, but use this value
5782e4451c81 -login: Removed enforcing maximum calculated fd limit. Timo Sirainen <timo.sirainen@dovecot.fi>* parents: 20840 diff changeset	363 for optimizing the ioloop's fd table size.
9923 77228b5431e1 -login: Fixed dropping oldest connection when reaching all limits. Timo Sirainen <tss@iki.fi>* parents: 9912 diff changeset	364 */
9159 6324a79d3ee1 Initial commit for v2.0 master rewrite. Several features are still missing. Timo Sirainen <tss@iki.fi> parents: 9046 diff changeset	365 max_fds = MASTER_LISTEN_FD_FIRST + 16 +
9348 0c587f108916 lib-master has now a global master_service variable that all binaries use. Timo Sirainen <tss@iki.fi> parents: 9283 diff changeset	366 master_service_get_socket_count(master_service) +
9923 77228b5431e1 -login: Fixed dropping oldest connection when reaching all limits. Timo Sirainen <tss@iki.fi>* parents: 9912 diff changeset	367 master_service_get_client_limit(master_service)*6;
9159 6324a79d3ee1 Initial commit for v2.0 master rewrite. Several features are still missing. Timo Sirainen <tss@iki.fi> parents: 9046 diff changeset	368 io_loop_set_max_fd_count(current_ioloop, max_fds);
7852 53604857c7d2 Change fd limit in login process after it's execed. This fixes OSes which Timo Sirainen <tss@iki.fi> parents: 7203 diff changeset	369
14728 983c6ff12cc9 Moved ssl_* settings from login-common to lib-master. Timo Sirainen <tss@iki.fi> parents: 14368 diff changeset	370 i_assert(strcmp(global_ssl_settings->ssl, "no") == 0 \|\|
9283 02721ba17309 login processes: Added initial support for per-connection configuration. Timo Sirainen <tss@iki.fi> parents: 9235 diff changeset	371 ssl_initialized);
9159 6324a79d3ee1 Initial commit for v2.0 master rewrite. Several features are still missing. Timo Sirainen <tss@iki.fi> parents: 9046 diff changeset	372
21925 eb3ae53f8ac0 -login: Move code to login_anvil_init() Timo Sirainen <timo.sirainen@dovecot.fi>* parents: 21741 diff changeset	373 if (global_login_settings->mail_max_userip_connections > 0)
eb3ae53f8ac0 -login: Move code to login_anvil_init() Timo Sirainen <timo.sirainen@dovecot.fi>* parents: 21741 diff changeset	374 login_anvil_init();
9235 2e2b957f1cca Implemented anvil service, which is used to implement mail_max_userip_connections. Timo Sirainen <tss@iki.fi> parents: 9218 diff changeset	375
17504 b6733f4777f1 login proxy: Added login_source_ips setting. Timo Sirainen <tss@iki.fi> parents: 17130 diff changeset	376 /* read the login_source_ips before chrooting so it can access
b6733f4777f1 login proxy: Added login_source_ips setting. Timo Sirainen <tss@iki.fi> parents: 17130 diff changeset	377 /etc/hosts */
b6733f4777f1 login proxy: Added login_source_ips setting. Timo Sirainen <tss@iki.fi> parents: 17130 diff changeset	378 login_source_ips = parse_login_source_ips(global_login_settings->login_source_ips,
b6733f4777f1 login proxy: Added login_source_ips setting. Timo Sirainen <tss@iki.fi> parents: 17130 diff changeset	379 &login_source_ips_count);
b6733f4777f1 login proxy: Added login_source_ips setting. Timo Sirainen <tss@iki.fi> parents: 17130 diff changeset	380 if (login_source_ips_count > 0) {
b6733f4777f1 login proxy: Added login_source_ips setting. Timo Sirainen <tss@iki.fi> parents: 17130 diff changeset	381 /* randomize the initial index in case service_count=1
b6733f4777f1 login proxy: Added login_source_ips setting. Timo Sirainen <tss@iki.fi> parents: 17130 diff changeset	382 (although in that case it's unlikely this setting is
b6733f4777f1 login proxy: Added login_source_ips setting. Timo Sirainen <tss@iki.fi> parents: 17130 diff changeset	383 even used..) */
b6733f4777f1 login proxy: Added login_source_ips setting. Timo Sirainen <tss@iki.fi> parents: 17130 diff changeset	384 login_source_ips_idx = rand() % login_source_ips_count;
b6733f4777f1 login proxy: Added login_source_ips setting. Timo Sirainen <tss@iki.fi> parents: 17130 diff changeset	385 }
b6733f4777f1 login proxy: Added login_source_ips setting. Timo Sirainen <tss@iki.fi> parents: 17130 diff changeset	386
19567 11b714c6c31c -login: Added login_plugins and login_plugin_dir settings. Timo Sirainen <timo.sirainen@dovecot.fi>* parents: 19565 diff changeset	387 login_load_modules();
11b714c6c31c -login: Added login_plugins and login_plugin_dir settings. Timo Sirainen <timo.sirainen@dovecot.fi>* parents: 19565 diff changeset	388
9044 967bfafe6c0a Cleaned up restrict_access() API. Timo Sirainen <tss@iki.fi>* parents: 9015 diff changeset	389 restrict_access_by_env(NULL, TRUE);
19565 103896524313 -login: Changed -D parameter to mean a more generic login_debug option. Timo Sirainen <timo.sirainen@dovecot.fi>* parents: 19552 diff changeset	390 if (login_debug)
10116 50db5e7bddd9 Fixed login processes' core dump handling. Timo Sirainen <tss@iki.fi> parents: 10111 diff changeset	391 restrict_access_allow_coredumps(TRUE);
13721 80558d1b7040 login: Minor potential authentication fix when service_count>1 Timo Sirainen <tss@iki.fi> parents: 13689 diff changeset	392 initial_service_count = master_service_get_service_count(master_service);
1049 c41787e8c3f4 Moved common login process code to login-common, created pop3-login. Timo Sirainen <tss@iki.fi> parents: diff changeset	393
9159 6324a79d3ee1 Initial commit for v2.0 master rewrite. Several features are still missing. Timo Sirainen <tss@iki.fi> parents: 9046 diff changeset	394 if (restrict_access_get_current_chroot() == NULL) {
6324a79d3ee1 Initial commit for v2.0 master rewrite. Several features are still missing. Timo Sirainen <tss@iki.fi> parents: 9046 diff changeset	395 if (chdir("login") < 0)
6324a79d3ee1 Initial commit for v2.0 master rewrite. Several features are still missing. Timo Sirainen <tss@iki.fi> parents: 9046 diff changeset	396 i_fatal("chdir(login) failed: %m");
5887 3f2eb1b9c555 Support listening multiple sockets. SIGHUP also doesn't anymore recreate Timo Sirainen <tss@iki.fi> parents: 5845 diff changeset	397 }
1049 c41787e8c3f4 Moved common login process code to login-common, created pop3-login. Timo Sirainen <tss@iki.fi> parents: diff changeset	398
13539 1ff636720b9f login: Added -R <dir> parameter to write pre-login rawlogs to given directory. Timo Sirainen <tss@iki.fi> parents: 12890 diff changeset	399 if (login_rawlog_dir != NULL &&
1ff636720b9f login: Added -R <dir> parameter to write pre-login rawlogs to given directory. Timo Sirainen <tss@iki.fi> parents: 12890 diff changeset	400 access(login_rawlog_dir, W_OK \| X_OK) < 0) {
1ff636720b9f login: Added -R <dir> parameter to write pre-login rawlogs to given directory. Timo Sirainen <tss@iki.fi> parents: 12890 diff changeset	401 i_error("access(%s, wx) failed: %m - disabling rawlog",
1ff636720b9f login: Added -R <dir> parameter to write pre-login rawlogs to given directory. Timo Sirainen <tss@iki.fi> parents: 12890 diff changeset	402 login_rawlog_dir);
1ff636720b9f login: Added -R <dir> parameter to write pre-login rawlogs to given directory. Timo Sirainen <tss@iki.fi> parents: 12890 diff changeset	403 login_rawlog_dir = NULL;
1ff636720b9f login: Added -R <dir> parameter to write pre-login rawlogs to given directory. Timo Sirainen <tss@iki.fi> parents: 12890 diff changeset	404 }
13739 1827699b8156 login: Moved all i_fatal()s to preinit stage. Timo Sirainen <tss@iki.fi> parents: 13727 diff changeset	405 }
1827699b8156 login: Moved all i_fatal()s to preinit stage. Timo Sirainen <tss@iki.fi> parents: 13727 diff changeset	406
1827699b8156 login: Moved all i_fatal()s to preinit stage. Timo Sirainen <tss@iki.fi> parents: 13727 diff changeset	407 static void main_init(const char *login_socket)
1827699b8156 login: Moved all i_fatal()s to preinit stage. Timo Sirainen <tss@iki.fi> parents: 13727 diff changeset	408 {
1827699b8156 login: Moved all i_fatal()s to preinit stage. Timo Sirainen <tss@iki.fi> parents: 13727 diff changeset	409 /* make sure we can't fork() */
1827699b8156 login: Moved all i_fatal()s to preinit stage. Timo Sirainen <tss@iki.fi> parents: 13727 diff changeset	410 restrict_process_count(1);
13539 1ff636720b9f login: Added -R <dir> parameter to write pre-login rawlogs to given directory. Timo Sirainen <tss@iki.fi> parents: 12890 diff changeset	411
20840 1b4a57403aef -login: Store user_ passdb fields to client->alt_usernames. Timo Sirainen <timo.sirainen@dovecot.fi> parents: 19705 diff changeset	412 i_array_init(&global_alt_usernames, 4);
9923 77228b5431e1 -login: Fixed dropping oldest connection when reaching all limits. Timo Sirainen <tss@iki.fi>* parents: 9912 diff changeset	413 master_service_set_avail_overflow_callback(master_service,
77228b5431e1 -login: Fixed dropping oldest connection when reaching all limits. Timo Sirainen <tss@iki.fi>* parents: 9912 diff changeset	414 client_destroy_oldest);
10171 7f0ccd367351 Handle shutdown_clients globally for all services. Timo Sirainen <tss@iki.fi> parents: 10159 diff changeset	415 master_service_set_die_callback(master_service, login_die);
9923 77228b5431e1 -login: Fixed dropping oldest connection when reaching all limits. Timo Sirainen <tss@iki.fi>* parents: 9912 diff changeset	416
11308 df2599ab2cee login: Allow command line to override login socket path. Timo Sirainen <tss@iki.fi> parents: 11285 diff changeset	417 auth_client = auth_client_init(login_socket, (unsigned int)getpid(),
df2599ab2cee login: Allow command line to override login socket path. Timo Sirainen <tss@iki.fi> parents: 11285 diff changeset	418 FALSE);
9159 6324a79d3ee1 Initial commit for v2.0 master rewrite. Several features are still missing. Timo Sirainen <tss@iki.fi> parents: 9046 diff changeset	419 auth_client_set_connect_notify(auth_client, auth_connect_notify, NULL);
19705 9fb16176c200 -login: Added -l parameter to specify the socket where to connect to after authentication Timo Sirainen <timo.sirainen@dovecot.fi>* parents: 19588 diff changeset	420 master_auth = master_auth_init(master_service, post_login_socket);
9159 6324a79d3ee1 Initial commit for v2.0 master rewrite. Several features are still missing. Timo Sirainen <tss@iki.fi> parents: 9046 diff changeset	421
12890 6f0396e35fd9 login-common API redesign so that the library doesn't refer to nonexistent variables. Timo Sirainen <tss@iki.fi> parents: 12782 diff changeset	422 login_binary->init();
22659 69f827f71014 -login: Add login_proxy_notify_path setting to configure proxy-notify path Timo Sirainen <timo.sirainen@dovecot.fi>* parents: 21968 diff changeset	423
69f827f71014 -login: Add login_proxy_notify_path setting to configure proxy-notify path Timo Sirainen <timo.sirainen@dovecot.fi>* parents: 21968 diff changeset	424 login_proxy_init(global_login_settings->login_proxy_notify_path);
1049 c41787e8c3f4 Moved common login process code to login-common, created pop3-login. Timo Sirainen <tss@iki.fi> parents: diff changeset	425 }
c41787e8c3f4 Moved common login process code to login-common, created pop3-login. Timo Sirainen <tss@iki.fi> parents: diff changeset	426
c41787e8c3f4 Moved common login process code to login-common, created pop3-login. Timo Sirainen <tss@iki.fi> parents: diff changeset	427 static void main_deinit(void)
c41787e8c3f4 Moved common login process code to login-common, created pop3-login. Timo Sirainen <tss@iki.fi> parents: diff changeset	428 {
1230 e6d2b8c78519 Keep list of the SSL proxies, so they're deinitialized properly if we have Timo Sirainen <tss@iki.fi> parents: 1134 diff changeset	429 ssl_proxy_deinit();
2768 d344be0bb70f Added IMAP and POP3 proxying support. Timo Sirainen <tss@iki.fi> parents: 2691 diff changeset	430 login_proxy_deinit();
1230 e6d2b8c78519 Keep list of the SSL proxies, so they're deinitialized properly if we have Timo Sirainen <tss@iki.fi> parents: 1134 diff changeset	431
12890 6f0396e35fd9 login-common API redesign so that the library doesn't refer to nonexistent variables. Timo Sirainen <tss@iki.fi> parents: 12782 diff changeset	432 login_binary->deinit();
21968 a85bccd23139 -login: Unload plugins at deinit. Timo Sirainen <timo.sirainen@dovecot.fi>* parents: 21925 diff changeset	433 module_dir_unload(&modules);
10760 fc77d1cd1201 -login: Disconnect from auth server after idling for a minute. Timo Sirainen <tss@iki.fi>* parents: 10684 diff changeset	434 auth_client_deinit(&auth_client);
10101 4fe8c4382712 Redesigned how login process passes connections to mail processes and changed related APIs. Timo Sirainen <tss@iki.fi> parents: 10038 diff changeset	435 master_auth_deinit(&master_auth);
9235 2e2b957f1cca Implemented anvil service, which is used to implement mail_max_userip_connections. Timo Sirainen <tss@iki.fi> parents: 9218 diff changeset	436
20840 1b4a57403aef -login: Store user_ passdb fields to client->alt_usernames. Timo Sirainen <timo.sirainen@dovecot.fi> parents: 19705 diff changeset	437 char **strp;
1b4a57403aef -login: Store user_ passdb fields to client->alt_usernames. Timo Sirainen <timo.sirainen@dovecot.fi> parents: 19705 diff changeset	438 array_foreach_modifiable(&global_alt_usernames, strp)
1b4a57403aef -login: Store user_ passdb fields to client->alt_usernames. Timo Sirainen <timo.sirainen@dovecot.fi> parents: 19705 diff changeset	439 i_free(*strp);
1b4a57403aef -login: Store user_ passdb fields to client->alt_usernames. Timo Sirainen <timo.sirainen@dovecot.fi> parents: 19705 diff changeset	440 array_free(&global_alt_usernames);
1b4a57403aef -login: Store user_ passdb fields to client->alt_usernames. Timo Sirainen <timo.sirainen@dovecot.fi> parents: 19705 diff changeset	441
10266 e99c02873d8c -login: Use new anvil library to do async anvil lookups. Timo Sirainen <tss@iki.fi>* parents: 10225 diff changeset	442 if (anvil != NULL)
e99c02873d8c -login: Use new anvil library to do async anvil lookups. Timo Sirainen <tss@iki.fi>* parents: 10225 diff changeset	443 anvil_client_deinit(&anvil);
10760 fc77d1cd1201 -login: Disconnect from auth server after idling for a minute. Timo Sirainen <tss@iki.fi>* parents: 10684 diff changeset	444 if (auth_client_to != NULL)
fc77d1cd1201 -login: Disconnect from auth server after idling for a minute. Timo Sirainen <tss@iki.fi>* parents: 10684 diff changeset	445 timeout_remove(&auth_client_to);
21741 ad2aa897a8d7 -login: Change API for how login_plugins hook into client allocation. Timo Sirainen <timo.sirainen@dovecot.fi>* parents: 21390 diff changeset	446 client_common_deinit();
16555 2dd27b0e7e49 lib-sasl: Use dsasl_ prefix so we don't conflict with Cyrus SASL library. Timo Sirainen <tss@iki.fi> parents: 16487 diff changeset	447 dsasl_clients_deinit();
10793 bf4822f0846b lib-master: Added support for caching config lookups. Timo Sirainen <tss@iki.fi> parents: 10767 diff changeset	448 login_settings_deinit();
1049 c41787e8c3f4 Moved common login process code to login-common, created pop3-login. Timo Sirainen <tss@iki.fi> parents: diff changeset	449 }
c41787e8c3f4 Moved common login process code to login-common, created pop3-login. Timo Sirainen <tss@iki.fi> parents: diff changeset	450
12890 6f0396e35fd9 login-common API redesign so that the library doesn't refer to nonexistent variables. Timo Sirainen <tss@iki.fi> parents: 12782 diff changeset	451 int login_binary_run(const struct login_binary *binary,
6f0396e35fd9 login-common API redesign so that the library doesn't refer to nonexistent variables. Timo Sirainen <tss@iki.fi> parents: 12782 diff changeset	452 int argc, char *argv[])
1049 c41787e8c3f4 Moved common login process code to login-common, created pop3-login. Timo Sirainen <tss@iki.fi> parents: diff changeset	453 {
10101 4fe8c4382712 Redesigned how login process passes connections to mail processes and changed related APIs. Timo Sirainen <tss@iki.fi> parents: 10038 diff changeset	454 enum master_service_flags service_flags =
4fe8c4382712 Redesigned how login process passes connections to mail processes and changed related APIs. Timo Sirainen <tss@iki.fi> parents: 10038 diff changeset	455 MASTER_SERVICE_FLAG_KEEP_CONFIG_OPEN \|
15088 14df6be0111f Read SSL settings only if service has SSL sockets or MASTER_SERVICE_FLAG_USE_SSL_SETTINGS. Timo Sirainen <tss@iki.fi> parents: 15049 diff changeset	456 MASTER_SERVICE_FLAG_TRACK_LOGIN_STATE \|
15962 effecdd32cb0 login: Don't fail at startup by trying to load SSL plugin. Timo Sirainen <tss@iki.fi> parents: 15888 diff changeset	457 MASTER_SERVICE_FLAG_USE_SSL_SETTINGS \|
effecdd32cb0 login: Don't fail at startup by trying to load SSL plugin. Timo Sirainen <tss@iki.fi> parents: 15888 diff changeset	458 MASTER_SERVICE_FLAG_NO_SSL_INIT;
9283 02721ba17309 login processes: Added initial support for per-connection configuration. Timo Sirainen <tss@iki.fi> parents: 9235 diff changeset	459 pool_t set_pool;
15049 aa6027a0a78e Added support to perform token-based service process authentication. Stephan Bosch <stephan@rename-it.nl> parents: 14728 diff changeset	460 const char *login_socket;
9159 6324a79d3ee1 Initial commit for v2.0 master rewrite. Several features are still missing. Timo Sirainen <tss@iki.fi> parents: 9046 diff changeset	461 int c;
1273 2cf2e08a6ee9 Somewhat working code to support loading Dovecot from inetd and such. It Timo Sirainen <tss@iki.fi> parents: 1235 diff changeset	462
12890 6f0396e35fd9 login-common API redesign so that the library doesn't refer to nonexistent variables. Timo Sirainen <tss@iki.fi> parents: 12782 diff changeset	463 login_binary = binary;
15049 aa6027a0a78e Added support to perform token-based service process authentication. Stephan Bosch <stephan@rename-it.nl> parents: 14728 diff changeset	464 login_socket = binary->default_login_socket != NULL ?
aa6027a0a78e Added support to perform token-based service process authentication. Stephan Bosch <stephan@rename-it.nl> parents: 14728 diff changeset	465 binary->default_login_socket : LOGIN_DEFAULT_SOCKET;
19705 9fb16176c200 -login: Added -l parameter to specify the socket where to connect to after authentication Timo Sirainen <timo.sirainen@dovecot.fi>* parents: 19588 diff changeset	466 post_login_socket = binary->protocol;
12890 6f0396e35fd9 login-common API redesign so that the library doesn't refer to nonexistent variables. Timo Sirainen <tss@iki.fi> parents: 12782 diff changeset	467
6f0396e35fd9 login-common API redesign so that the library doesn't refer to nonexistent variables. Timo Sirainen <tss@iki.fi> parents: 12782 diff changeset	468 master_service = master_service_init(login_binary->process_name,
13539 1ff636720b9f login: Added -R <dir> parameter to write pre-login rawlogs to given directory. Timo Sirainen <tss@iki.fi> parents: 12890 diff changeset	469 service_flags, &argc, &argv,
19705 9fb16176c200 -login: Added -l parameter to specify the socket where to connect to after authentication Timo Sirainen <timo.sirainen@dovecot.fi>* parents: 19588 diff changeset	470 "Dl:R:S");
9348 0c587f108916 lib-master has now a global master_service variable that all binaries use. Timo Sirainen <tss@iki.fi> parents: 9283 diff changeset	471 master_service_init_log(master_service, t_strconcat(
12890 6f0396e35fd9 login-common API redesign so that the library doesn't refer to nonexistent variables. Timo Sirainen <tss@iki.fi> parents: 12782 diff changeset	472 login_binary->process_name, ": ", NULL));
1049 c41787e8c3f4 Moved common login process code to login-common, created pop3-login. Timo Sirainen <tss@iki.fi> parents: diff changeset	473
10119 1e63221f5c83 Moved most of getopt() handling to lib-master. Timo Sirainen <tss@iki.fi> parents: 10116 diff changeset	474 while ((c = master_getopt(master_service)) > 0) {
9159 6324a79d3ee1 Initial commit for v2.0 master rewrite. Several features are still missing. Timo Sirainen <tss@iki.fi> parents: 9046 diff changeset	475 switch (c) {
6324a79d3ee1 Initial commit for v2.0 master rewrite. Several features are still missing. Timo Sirainen <tss@iki.fi> parents: 9046 diff changeset	476 case 'D':
19565 103896524313 -login: Changed -D parameter to mean a more generic login_debug option. Timo Sirainen <timo.sirainen@dovecot.fi>* parents: 19552 diff changeset	477 login_debug = TRUE;
9159 6324a79d3ee1 Initial commit for v2.0 master rewrite. Several features are still missing. Timo Sirainen <tss@iki.fi> parents: 9046 diff changeset	478 break;
19705 9fb16176c200 -login: Added -l parameter to specify the socket where to connect to after authentication Timo Sirainen <timo.sirainen@dovecot.fi>* parents: 19588 diff changeset	479 case 'l':
9fb16176c200 -login: Added -l parameter to specify the socket where to connect to after authentication Timo Sirainen <timo.sirainen@dovecot.fi>* parents: 19588 diff changeset	480 post_login_socket = optarg;
9fb16176c200 -login: Added -l parameter to specify the socket where to connect to after authentication Timo Sirainen <timo.sirainen@dovecot.fi>* parents: 19588 diff changeset	481 break;
13539 1ff636720b9f login: Added -R <dir> parameter to write pre-login rawlogs to given directory. Timo Sirainen <tss@iki.fi> parents: 12890 diff changeset	482 case 'R':
1ff636720b9f login: Added -R <dir> parameter to write pre-login rawlogs to given directory. Timo Sirainen <tss@iki.fi> parents: 12890 diff changeset	483 login_rawlog_dir = optarg;
1ff636720b9f login: Added -R <dir> parameter to write pre-login rawlogs to given directory. Timo Sirainen <tss@iki.fi> parents: 12890 diff changeset	484 break;
9159 6324a79d3ee1 Initial commit for v2.0 master rewrite. Several features are still missing. Timo Sirainen <tss@iki.fi> parents: 9046 diff changeset	485 case 'S':
6324a79d3ee1 Initial commit for v2.0 master rewrite. Several features are still missing. Timo Sirainen <tss@iki.fi> parents: 9046 diff changeset	486 ssl_connections = TRUE;
6324a79d3ee1 Initial commit for v2.0 master rewrite. Several features are still missing. Timo Sirainen <tss@iki.fi> parents: 9046 diff changeset	487 break;
6324a79d3ee1 Initial commit for v2.0 master rewrite. Several features are still missing. Timo Sirainen <tss@iki.fi> parents: 9046 diff changeset	488 default:
10119 1e63221f5c83 Moved most of getopt() handling to lib-master. Timo Sirainen <tss@iki.fi> parents: 10116 diff changeset	489 return FATAL_DEFAULT;
9159 6324a79d3ee1 Initial commit for v2.0 master rewrite. Several features are still missing. Timo Sirainen <tss@iki.fi> parents: 9046 diff changeset	490 }
6324a79d3ee1 Initial commit for v2.0 master rewrite. Several features are still missing. Timo Sirainen <tss@iki.fi> parents: 9046 diff changeset	491 }
11308 df2599ab2cee login: Allow command line to override login socket path. Timo Sirainen <tss@iki.fi> parents: 11285 diff changeset	492 if (argv[optind] != NULL)
df2599ab2cee login: Allow command line to override login socket path. Timo Sirainen <tss@iki.fi> parents: 11285 diff changeset	493 login_socket = argv[optind];
5887 3f2eb1b9c555 Support listening multiple sockets. SIGHUP also doesn't anymore recreate Timo Sirainen <tss@iki.fi> parents: 5845 diff changeset	494
12890 6f0396e35fd9 login-common API redesign so that the library doesn't refer to nonexistent variables. Timo Sirainen <tss@iki.fi> parents: 12782 diff changeset	495 login_binary->preinit();
8820 6131143fef16 login processes: If -D parameter is given, allow dumping core file. Timo Sirainen <tss@iki.fi> parents: 8678 diff changeset	496
9448 1348d374e574 Increased some memory pool sizes. Timo Sirainen <tss@iki.fi> parents: 9348 diff changeset	497 set_pool = pool_alloconly_create("global login settings", 4096);
9283 02721ba17309 login processes: Added initial support for per-connection configuration. Timo Sirainen <tss@iki.fi> parents: 9235 diff changeset	498 global_login_settings =
10793 bf4822f0846b lib-master: Added support for caching config lookups. Timo Sirainen <tss@iki.fi> parents: 10767 diff changeset	499 login_settings_read(set_pool, NULL, NULL, NULL,
14728 983c6ff12cc9 Moved ssl_* settings from login-common to lib-master. Timo Sirainen <tss@iki.fi> parents: 14368 diff changeset	500 &global_ssl_settings,
10111 9a71228ea41c imap-login: If imap_capability is set, use it. Timo Sirainen <tss@iki.fi> parents: 10101 diff changeset	501 &global_other_settings);
9159 6324a79d3ee1 Initial commit for v2.0 master rewrite. Several features are still missing. Timo Sirainen <tss@iki.fi> parents: 9046 diff changeset	502
19565 103896524313 -login: Changed -D parameter to mean a more generic login_debug option. Timo Sirainen <timo.sirainen@dovecot.fi>* parents: 19552 diff changeset	503 main_preinit();
9951 0d5d10a3273c -login: fd limit wasn't set correctly. Timo Sirainen <tss@iki.fi>* parents: 9929 diff changeset	504 master_service_init_finish(master_service);
11308 df2599ab2cee login: Allow command line to override login socket path. Timo Sirainen <tss@iki.fi> parents: 11285 diff changeset	505 main_init(login_socket);
1049 c41787e8c3f4 Moved common login process code to login-common, created pop3-login. Timo Sirainen <tss@iki.fi> parents: diff changeset	506
9348 0c587f108916 lib-master has now a global master_service variable that all binaries use. Timo Sirainen <tss@iki.fi> parents: 9283 diff changeset	507 master_service_run(master_service, client_connected);
1275 af685269ead0 login: Wait until we're connected to auth process before executing command Timo Sirainen <tss@iki.fi> parents: 1273 diff changeset	508 main_deinit();
9283 02721ba17309 login processes: Added initial support for per-connection configuration. Timo Sirainen <tss@iki.fi> parents: 9235 diff changeset	509 pool_unref(&set_pool);
9348 0c587f108916 lib-master has now a global master_service variable that all binaries use. Timo Sirainen <tss@iki.fi> parents: 9283 diff changeset	510 master_service_deinit(&master_service);
1049 c41787e8c3f4 Moved common login process code to login-common, created pop3-login. Timo Sirainen <tss@iki.fi> parents: diff changeset	511 return 0;
c41787e8c3f4 Moved common login process code to login-common, created pop3-login. Timo Sirainen <tss@iki.fi> parents: diff changeset	512 }

Mercurial > dovecot > core-2.2

annotate src/login-common/main.c @ 22659:69f827f71014