Mercurial > dovecot > core-2.2
changeset 9218:4a42f694b762 HEAD
inet_listeners now support ssl=yes. For now only login processes support it.
| author | Timo Sirainen <tss@iki.fi> |
|---|---|
| date | Mon, 04 May 2009 20:50:13 -0400 |
| parents | 5595d6d07a47 |
| children | 97cdfeb57129 |
| files | src/lib-master/master-service-private.h src/lib-master/master-service.c src/lib-master/master-service.h src/login-common/main.c src/master/master-settings.c src/master/master-settings.h src/master/service-process.c |
| diffstat | 7 files changed, 36 insertions(+), 11 deletions(-) [+] |
line wrap: on
line diff
--- a/src/lib-master/master-service-private.h Mon May 04 20:49:31 2009 -0400 +++ b/src/lib-master/master-service-private.h Mon May 04 20:50:13 2009 -0400 @@ -7,6 +7,7 @@ struct master_service_listener { struct master_service *service; int fd; + bool ssl; struct io *io; }; @@ -23,7 +24,7 @@ const char *config_path; int syslog_facility; - unsigned int socket_count; + unsigned int socket_count, ssl_socket_count; struct master_service_listener *listeners; struct io *io_status_write, *io_status_error;
--- a/src/lib-master/master-service.c Mon May 04 20:49:31 2009 -0400 +++ b/src/lib-master/master-service.c Mon May 04 20:50:13 2009 -0400 @@ -109,6 +109,9 @@ str = getenv("SOCKET_COUNT"); if (str != NULL) service->socket_count = atoi(str); + str = getenv("SSL_SOCKET_COUNT"); + if (str != NULL) + service->ssl_socket_count = atoi(str); /* set up some kind of logging until we know exactly how and where we want to log */ @@ -437,6 +440,7 @@ io_remove(&l->io); conn.fd = l->fd; } + conn.ssl = l->ssl; l->service->master_status.available_count--; master_status_update(l->service); @@ -461,6 +465,9 @@ l->fd = MASTER_LISTEN_FD_FIRST + i; l->io = io_add(MASTER_LISTEN_FD_FIRST + i, IO_READ, master_service_listen, l); + + if (i >= service->socket_count - service->ssl_socket_count) + l->ssl = TRUE; } }
--- a/src/lib-master/master-service.h Mon May 04 20:49:31 2009 -0400 +++ b/src/lib-master/master-service.h Mon May 04 20:50:13 2009 -0400 @@ -18,6 +18,8 @@ struct ip_addr remote_ip; unsigned int remote_port; + + bool ssl; }; typedef void
--- a/src/login-common/main.c Mon May 04 20:49:31 2009 -0400 +++ b/src/login-common/main.c Mon May 04 20:50:13 2009 -0400 @@ -39,8 +39,7 @@ local_port = 0; } - // FIXME: a global ssl_connections isn't enough! - if (!ssl_connections) { + if (!ssl_connections && !conn->ssl) { client = client_create(conn->fd, FALSE, &local_ip, &conn->remote_ip); } else {
--- a/src/master/master-settings.c Mon May 04 20:49:31 2009 -0400 +++ b/src/master/master-settings.c Mon May 04 20:50:13 2009 -0400 @@ -55,13 +55,15 @@ static struct setting_define inet_listener_setting_defines[] = { DEF(SET_STR, address), DEF(SET_UINT, port), + DEF(SET_BOOL, ssl), SETTING_DEFINE_LIST_END }; static struct inet_listener_settings inet_listener_default_settings = { MEMBER(address) "*", - MEMBER(port) 0 + MEMBER(port) 0, + MEMBER(ssl) FALSE }; static struct setting_parser_info inet_listener_setting_parser_info = {
--- a/src/master/master-settings.h Mon May 04 20:49:31 2009 -0400 +++ b/src/master/master-settings.h Mon May 04 20:50:13 2009 -0400 @@ -12,6 +12,7 @@ struct inet_listener_settings { const char *address; unsigned int port; + bool ssl; }; struct service_settings {
--- a/src/master/service-process.c Mon May 04 20:49:31 2009 -0400 +++ b/src/master/service-process.c Mon May 04 20:50:13 2009 -0400 @@ -33,7 +33,7 @@ { struct service_listener *const *listeners; ARRAY_TYPE(dup2) dups; - unsigned int i, count, n = 0, socket_listener_count; + unsigned int i, count, n = 0, socket_listener_count, ssl_socket_count; /* stdin/stdout is already redirected to /dev/null. Other master fds should have been opened with fd_close_on_exec() so we don't have to @@ -53,13 +53,25 @@ n += socket_listener_count; } + /* first add non-ssl listeners */ for (i = 0; i < count; i++) { - if (listeners[i]->fd == -1) - continue; - - dup2_append(&dups, listeners[i]->fd, - MASTER_LISTEN_FD_FIRST + n); - n++; socket_listener_count++; + if (listeners[i]->fd != -1 && + !listeners[i]->set.inetset.set->ssl) { + dup2_append(&dups, listeners[i]->fd, + MASTER_LISTEN_FD_FIRST + n); + n++; socket_listener_count++; + } + } + /* then ssl-listeners */ + ssl_socket_count = 0; + for (i = 0; i < count; i++) { + if (listeners[i]->fd != -1 && + listeners[i]->set.inetset.set->ssl) { + dup2_append(&dups, listeners[i]->fd, + MASTER_LISTEN_FD_FIRST + n); + n++; socket_listener_count++; + ssl_socket_count++; + } } dup2_append(&dups, null_fd, MASTER_RESERVED_FD); @@ -106,6 +118,7 @@ service_error(service, "dup2s failed"); env_put(t_strdup_printf("SOCKET_COUNT=%d", socket_listener_count)); + env_put(t_strdup_printf("SSL_SOCKET_COUNT=%d", ssl_socket_count)); } static int validate_uid_gid(struct master_settings *set, uid_t uid, gid_t gid,