Mercurial > dovecot > core-2.2
changeset 9983:9716b5a4b14a HEAD
master: Removed all SSL related code. It doesn't belong there.
author | Timo Sirainen <tss@iki.fi> |
---|---|
date | Wed, 07 Oct 2009 17:44:38 -0400 |
parents | 9e28fcdc74ab |
children | 097588a7903c |
files | src/master/Makefile.am src/master/ssl-init-gnutls.c src/master/ssl-init-main.c src/master/ssl-init-openssl.c src/master/ssl-init.c src/master/ssl-init.h |
diffstat | 6 files changed, 0 insertions(+), 431 deletions(-) [+] |
line wrap: on
line diff
--- a/src/master/Makefile.am Wed Oct 07 17:44:01 2009 -0400 +++ b/src/master/Makefile.am Wed Oct 07 17:44:38 2009 -0400 @@ -1,7 +1,6 @@ pkglibexecdir = $(libexecdir)/dovecot sbin_PROGRAMS = dovecot -#pkglibexec_PROGRAMS = ssl-build-param AM_CPPFLAGS = \ -I$(top_srcdir)/src/lib \
--- a/src/master/ssl-init-gnutls.c Wed Oct 07 17:44:01 2009 -0400 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,86 +0,0 @@ -/* Copyright (c) 2002-2009 Dovecot authors, see the included COPYING file */ - -#include "common.h" -#include "write-full.h" -#include "ssl-init.h" - -#ifdef HAVE_GNUTLS - -#include <stdlib.h> -#include <gnutls/gnutls.h> - -static int prime_nums[] = { 768, 1024, 0 }; - -static void write_datum(int fd, const char *fname, gnutls_datum *dbits) -{ - if (write_full(fd, &dbits->size, sizeof(dbits->size)) < 0) - i_fatal("write_full() failed for file %s: %m", fname); - - if (write_full(fd, dbits->data, dbits->size) < 0) - i_fatal("write_full() failed for file %s: %m", fname); -} - -static void generate_dh_parameters(int fd, const char *fname) -{ - gnutls_datum dbits, prime, generator; - int ret, bits, i; - - dbits.size = sizeof(bits); - dbits.data = (unsigned char *) &bits; - - for (i = 0; prime_nums[i] != 0; i++) { - bits = prime_nums[i]; - - ret = gnutls_dh_params_generate(&prime, &generator, bits); - if (ret < 0) { - i_fatal("gnutls_dh_params_generate(%d) failed: %s", - bits, gnutls_strerror(ret)); - } - - write_datum(fd, fname, &dbits); - write_datum(fd, fname, &prime); - write_datum(fd, fname, &generator); - - free(prime.data); - free(generator.data); - } - - bits = 0; - write_datum(fd, fname, &dbits); -} - -static void generate_rsa_parameters(int fd, const char *fname) -{ - gnutls_datum m, e, d, p, q, u; - int ret; - - ret = gnutls_rsa_params_generate(&m, &e, &d, &p, &q, &u, 512); - if (ret < 0) { - i_fatal("gnutls_rsa_params_generate() faile: %s", - strerror(ret)); - } - - write_datum(fd, fname, &m); - write_datum(fd, fname, &e); - write_datum(fd, fname, &d); - write_datum(fd, fname, &p); - write_datum(fd, fname, &q); - write_datum(fd, fname, &u); -} - -void ssl_generate_parameters(int fd, const char *fname) -{ - int ret; - - if ((ret = gnutls_global_init() < 0)) { - i_fatal("gnu_tls_global_init() failed: %s", - gnutls_strerror(ret)); - } - - generate_dh_parameters(fd, fname); - generate_rsa_parameters(fd, fname); - - gnutls_global_deinit(); -} - -#endif
--- a/src/master/ssl-init-main.c Wed Oct 07 17:44:01 2009 -0400 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,82 +0,0 @@ -/* Copyright (c) 2006-2009 Dovecot authors, see the included COPYING file */ - -#include "lib.h" -#include "lib-signals.h" -#include "file-lock.h" -#include "randgen.h" -#include "ssl-init.h" - -#include <stdio.h> -#include <fcntl.h> -#include <unistd.h> -#include <sys/stat.h> - -#ifdef HAVE_SSL -static int generate_parameters_file(const char *fname) -{ - const char *temp_fname; - struct file_lock *lock; - mode_t old_mask; - int fd, ret; - - temp_fname = t_strconcat(fname, ".tmp", NULL); - - old_mask = umask(0); - fd = open(temp_fname, O_WRONLY | O_CREAT, 0644); - umask(old_mask); - - if (fd == -1) { - i_fatal("Can't create temporary SSL parameters file %s: %m", - temp_fname); - } - - /* If multiple dovecot instances are running, only one of them needs - to regenerate this file. */ - ret = file_try_lock(fd, temp_fname, F_WRLCK, - FILE_LOCK_METHOD_FCNTL, &lock); - if (ret < 0) - i_fatal("file_try_lock(%s) failed: %m", temp_fname); - if (ret == 0) { - /* someone else is writing this */ - return -1; - } - if (ftruncate(fd, 0) < 0) - i_fatal("ftruncate(%s) failed: %m", temp_fname); - - ssl_generate_parameters(fd, temp_fname); - - if (rename(temp_fname, fname) < 0) - i_fatal("rename(%s, %s) failed: %m", temp_fname, fname); - if (close(fd) < 0) - i_fatal("close(%s) failed: %m", temp_fname); - file_lock_free(&lock); - - i_info("SSL parameters regeneration completed"); - return 0; -} -#else -static int generate_parameters_file(const char *fname ATTR_UNUSED) -{ - i_fatal("Dovecot built without SSL support"); - return -1; -} -#endif - -int main(int argc, char *argv[]) -{ - int ret = 0; - - lib_init(); - i_set_failure_internal(); - - if (argc < 2) - i_fatal("Usage: ssl-build-param <path>"); - - random_init(); - if (generate_parameters_file(argv[1]) < 0) - ret = 1; - - random_deinit(); - lib_deinit(); - return ret; -}
--- a/src/master/ssl-init-openssl.c Wed Oct 07 17:44:01 2009 -0400 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,71 +0,0 @@ -/* Copyright (c) 2002-2009 Dovecot authors, see the included COPYING file */ - -#include "common.h" -#include "write-full.h" -#include "ssl-init.h" - -#ifdef HAVE_OPENSSL - -#include <openssl/err.h> -#include <openssl/ssl.h> - -/* 2 or 5. Haven't seen their difference explained anywhere, but 2 is the - default.. */ -#define DH_GENERATOR 2 - -static int dh_param_bitsizes[] = { 512, 1024 }; - -static const char *ssl_last_error(void) -{ - unsigned long err; - char *buf; - size_t err_size = 256; - - err = ERR_get_error(); - if (err == 0) - return strerror(errno); - - buf = t_malloc(err_size); - buf[err_size-1] = '\0'; - ERR_error_string_n(err, buf, err_size-1); - return buf; -} - -static void generate_dh_parameters(int bitsize, int fd, const char *fname) -{ - DH *dh = DH_generate_parameters(bitsize, DH_GENERATOR, NULL, NULL); - unsigned char *buf, *p; - int len; - - if (dh == NULL) { - i_fatal("DH_generate_parameters(bits=%d, gen=%d) failed: %s", - bitsize, DH_GENERATOR, ssl_last_error()); - } - - len = i2d_DHparams(dh, NULL); - if (len < 0) - i_fatal("i2d_DHparams() failed: %s", ssl_last_error()); - - buf = p = i_malloc(len); - len = i2d_DHparams(dh, &p); - - if (write_full(fd, &bitsize, sizeof(bitsize)) < 0 || - write_full(fd, &len, sizeof(len)) < 0 || - write_full(fd, buf, len) < 0) - i_fatal("write_full() failed for file %s: %m", fname); - i_free(buf); -} - -void ssl_generate_parameters(int fd, const char *fname) -{ - unsigned int i; - int bits; - - for (i = 0; i < N_ELEMENTS(dh_param_bitsizes); i++) - generate_dh_parameters(dh_param_bitsizes[i], fd, fname); - bits = 0; - if (write_full(fd, &bits, sizeof(bits)) < 0) - i_fatal("write_full() failed for file %s: %m", fname); -} - -#endif
--- a/src/master/ssl-init.c Wed Oct 07 17:44:01 2009 -0400 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,179 +0,0 @@ -/* Copyright (c) 2002-2009 Dovecot authors, see the included COPYING file */ - -#include "common.h" -#include "ioloop.h" -#include "env-util.h" -#include "file-copy.h" -#include "log.h" -#include "child-process.h" -#include "ssl-init.h" - -#ifdef HAVE_SSL - -#include <stdio.h> -#include <stdlib.h> -#include <unistd.h> -#include <fcntl.h> -#include <utime.h> -#include <sys/stat.h> - -static struct child_process ssl_param_child_process = - { MEMBER(type) PROCESS_TYPE_SSL_PARAM }; - -static struct timeout *to; -static char *generating_path = NULL; - -#define SSL_PARAMETERS_PERM_PATH PKG_STATEDIR"/"SSL_PARAMETERS_FILENAME - -static void start_generate_process(const char *fname) -{ - const char *binpath = PKG_LIBEXECDIR"/ssl-build-param"; - struct log_io *log; - pid_t pid; - int log_fd; - - log_fd = log_create_pipe(&log, 10); - if (log_fd == -1) - pid = -1; - else { - pid = fork(); - if (pid < 0) - i_error("fork() failed: %m"); - } - if (pid == -1) { - (void)close(log_fd); - return; - } - - log_set_prefix(log, "ssl-build-param: "); - if (pid != 0) { - /* parent */ - i_assert(generating_path == NULL); - generating_path = i_strdup(fname); - log_set_pid(log, pid); - child_process_add(pid, &ssl_param_child_process); - (void)close(log_fd); - return; - } - - /* child. */ - if (dup2(log_fd, 2) < 0) - i_fatal("dup2(stderr) failed: %m"); - - child_process_init_env(master_set->defaults); - client_process_exec(t_strconcat(binpath, " "SSL_PARAMETERS_PERM_PATH, - NULL), ""); - i_fatal_status(FATAL_EXEC, "execv(%s) failed: %m", binpath); -} - -static void -ssl_parameter_process_destroyed(struct child_process *process ATTR_UNUSED, - pid_t pid ATTR_UNUSED, bool abnormal_exit) -{ - if (!abnormal_exit) { - if (file_copy(SSL_PARAMETERS_PERM_PATH, - generating_path, TRUE) <= 0) { - i_error("file_copy(%s, %s) failed: %m", - SSL_PARAMETERS_PERM_PATH, generating_path); - } - } - i_free_and_null(generating_path); -} - -static bool check_parameters_file_set(struct master_settings *set) -{ - const char *path; - struct stat st, st2; - time_t regen_time; - - if (strcmp(set->ssl, "no") == 0) - return TRUE; - - path = t_strconcat(set->login_dir, "/"SSL_PARAMETERS_FILENAME, NULL); - if (stat(path, &st) < 0) { - if (errno != ENOENT) { - i_error("stat() failed for SSL parameters file %s: %m", - path); - return TRUE; - } - - st.st_mtime = 0; - } else if (st.st_size == 0) { - /* broken, delete it (mostly for backwards compatibility) */ - st.st_mtime = 0; - (void)unlink(path); - } - - if (stat(SSL_PARAMETERS_PERM_PATH, &st2) == 0 && - st.st_mtime < st2.st_mtime) { - /* permanent parameters file has changed. use it. */ - if (file_copy(SSL_PARAMETERS_PERM_PATH, path, TRUE) > 0) { - if (st.st_ino != st2.st_ino) { - /* preserve the mtime */ - struct utimbuf ut; - - ut.actime = ut.modtime = st2.st_mtime; - if (utime(path, &ut) < 0) - i_error("utime(%s) failed: %m", path); - } - if (stat(path, &st) < 0) - st.st_mtime = 0; - } - } - - /* make sure it's new enough, it's not 0 sized, and the permissions - are correct */ - regen_time = set->ssl_parameters_regenerate == 0 ? ioloop_time : - (st.st_mtime + (time_t)(set->ssl_parameters_regenerate*3600)); - if (regen_time < ioloop_time || st.st_size == 0 || - st.st_uid != master_uid) { - if (st.st_mtime == 0) { - i_info("Generating Diffie-Hellman parameters " - "for the first time. This may take " - "a while.."); - } - start_generate_process(path); - return FALSE; - } - - return TRUE; -} - -void ssl_check_parameters_file(void) -{ - if (generating_path != NULL) - return; - - (void)check_parameters_file_set(master_set->defaults); -} - -static void check_parameters_file_timeout(void *context ATTR_UNUSED) -{ - ssl_check_parameters_file(); -} - -void ssl_init(void) -{ - generating_path = NULL; - - child_process_set_destroy_callback(PROCESS_TYPE_SSL_PARAM, - ssl_parameter_process_destroyed); - - /* check every 10 mins */ - to = timeout_add(600 * 1000, check_parameters_file_timeout, NULL); - - ssl_check_parameters_file(); -} - -void ssl_deinit(void) -{ - timeout_remove(&to); -} - -#else - -void ssl_check_parameters_file(void) {} -void ssl_init(void) {} -void ssl_deinit(void) {} - -#endif
--- a/src/master/ssl-init.h Wed Oct 07 17:44:01 2009 -0400 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,12 +0,0 @@ -#ifndef SSL_INIT_H -#define SSL_INIT_H - -#define SSL_PARAMETERS_FILENAME "ssl-parameters.dat" - -void ssl_check_parameters_file(void); -void ssl_generate_parameters(int fd, const char *fname); - -void ssl_init(void); -void ssl_deinit(void); - -#endif