Mercurial > dovecot > core-2.2
changeset 14159:98d696965c91
auth: Added auth_proxy_self setting to specify IPs that are considered as "self" for proxy_maybe.
author | Timo Sirainen <tss@iki.fi> |
---|---|
date | Sat, 25 Feb 2012 05:42:05 +0200 |
parents | fb972ad3213d |
children | 9b79d71bff4e |
files | src/auth/auth-request.c src/auth/auth-settings.c src/auth/auth-settings.h src/config/settings-get.pl |
diffstat | 4 files changed, 49 insertions(+), 1 deletions(-) [+] |
line wrap: on
line diff
--- a/src/auth/auth-request.c Sat Feb 25 05:13:39 2012 +0200 +++ b/src/auth/auth-request.c Sat Feb 25 05:42:05 2012 +0200 @@ -1440,7 +1440,16 @@ auth_request_proxy_ip_is_self(struct auth_request *request, const struct ip_addr *ip) { - return net_ip_compare(ip, &request->local_ip); + unsigned int i; + + if (net_ip_compare(ip, &request->local_ip)) + return TRUE; + + for (i = 0; request->set->proxy_self_ips[i].family != 0; i++) { + if (net_ip_compare(ip, &request->set->proxy_self_ips[i])) + return TRUE; + } + return FALSE; } static void auth_request_proxy_finish_ip(struct auth_request *request)
--- a/src/auth/auth-settings.c Sat Feb 25 05:13:39 2012 +0200 +++ b/src/auth/auth-settings.c Sat Feb 25 05:42:05 2012 +0200 @@ -198,6 +198,7 @@ DEF(SET_STR, krb5_keytab), DEF(SET_STR, gssapi_hostname), DEF(SET_STR, winbind_helper_path), + DEF(SET_STR, proxy_self), DEF(SET_TIME, failure_delay), DEF(SET_UINT, first_valid_uid), DEF(SET_UINT, last_valid_uid), @@ -236,6 +237,7 @@ .krb5_keytab = "", .gssapi_hostname = "", .winbind_helper_path = "/usr/bin/ntlm_auth", + .proxy_self = "", .failure_delay = 2, .first_valid_uid = 500, .last_valid_uid = 0, @@ -271,6 +273,37 @@ }; /* <settings checks> */ +static bool +auth_settings_set_self_ips(struct auth_settings *set, pool_t pool, + const char **error_r) +{ + const char *const *tmp; + ARRAY_DEFINE(ips_array, struct ip_addr); + struct ip_addr *ips; + unsigned int ips_count; + int ret; + + if (*set->proxy_self == '\0') { + set->proxy_self_ips = p_new(pool, struct ip_addr, 1); + return TRUE; + } + + p_array_init(&ips_array, pool, 4); + tmp = t_strsplit_spaces(set->proxy_self, " "); + for (; *tmp != NULL; tmp++) { + ret = net_gethostbyname(*tmp, &ips, &ips_count); + if (ret != 0) { + *error_r = t_strdup_printf("auth_proxy_self_ips: " + "gethostbyname(%s) failed: %s", + *tmp, net_gethosterror(ret)); + } + array_append(&ips_array, ips, ips_count); + } + (void)array_append_space(&ips_array); + set->proxy_self_ips = array_idx(&ips_array, 0); + return TRUE; +} + static bool auth_settings_check(void *_set, pool_t pool, const char **error_r) { @@ -312,6 +345,9 @@ } set->realms_arr = (const char *const *)p_strsplit_spaces(pool, set->realms, " "); + + if (!auth_settings_set_self_ips(set, pool, error_r)) + return FALSE; return TRUE; }
--- a/src/auth/auth-settings.h Sat Feb 25 05:13:39 2012 +0200 +++ b/src/auth/auth-settings.h Sat Feb 25 05:42:05 2012 +0200 @@ -36,6 +36,7 @@ const char *krb5_keytab; const char *gssapi_hostname; const char *winbind_helper_path; + const char *proxy_self; unsigned int failure_delay; unsigned int first_valid_uid; unsigned int last_valid_uid; @@ -58,6 +59,7 @@ char username_chars_map[256]; char username_translation_map[256]; const char *const *realms_arr; + const struct ip_addr *proxy_self_ips; }; extern const struct setting_parser_info auth_setting_parser_info;
--- a/src/config/settings-get.pl Sat Feb 25 05:13:39 2012 +0200 +++ b/src/config/settings-get.pl Sat Feb 25 05:42:05 2012 +0200 @@ -8,6 +8,7 @@ print '#include "file-lock.h"'."\n"; print '#include "fsync-mode.h"'."\n"; print '#include "hash-format.h"'."\n"; +print '#include "network.h"'."\n"; print '#include "unichar.h"'."\n"; print '#include "settings-parser.h"'."\n"; print '#include "all-settings.h"'."\n";