Mercurial > dovecot > core-2.2
changeset 18950:a0e8c6b88072
lmtp, *-login: Use ip/port values from struct master_service_connection instead of from the socket.
This way, a proxy protocol like HAProxy can transparently override these
addresses with what is seen by the proxy.
author | Stephan Bosch <stephan@rename-it.nl> |
---|---|
date | Mon, 15 Jun 2015 18:50:53 +0200 |
parents | 71f4b77c519f |
children | 52368e60177c |
files | src/lmtp/client.c src/login-common/client-common.c src/login-common/client-common.h src/login-common/main.c |
diffstat | 4 files changed, 25 insertions(+), 25 deletions(-) [+] |
line wrap: on
line diff
--- a/src/lmtp/client.c Mon Jun 15 18:50:53 2015 +0200 +++ b/src/lmtp/client.c Mon Jun 15 18:50:53 2015 +0200 @@ -249,7 +249,8 @@ client->fd_out = fd_out; client->remote_ip = conn->remote_ip; client->remote_port = conn->remote_port; - (void)net_getsockname(conn->fd, &client->local_ip, &client->local_port); + client->local_ip = conn->local_ip; + client->local_port = conn->local_port; client->input = i_stream_create_fd(fd_in, CLIENT_MAX_INPUT_SIZE, FALSE); client->output = o_stream_create_fd(fd_out, (size_t)-1, FALSE);
--- a/src/login-common/client-common.c Mon Jun 15 18:50:53 2015 +0200 +++ b/src/login-common/client-common.c Mon Jun 15 18:50:53 2015 +0200 @@ -103,10 +103,10 @@ struct client * client_create(int fd, bool ssl, pool_t pool, + const struct master_service_connection *conn, const struct login_settings *set, const struct master_service_ssl_settings *ssl_set, - void **other_sets, - const struct ip_addr *local_ip, const struct ip_addr *remote_ip) + void **other_sets) { struct client *client; @@ -125,13 +125,22 @@ client->pool = pool; client->set = set; client->ssl_set = ssl_set; - client->real_local_ip = client->local_ip = *local_ip; - client->real_remote_ip = client->ip = *remote_ip; + client->fd = fd; client->tls = ssl; + + client->local_ip = conn->local_ip; + client->local_port = conn->local_port; + client->ip = conn->remote_ip; + client->remote_port = conn->remote_port; + client->real_local_ip = conn->real_local_ip; + client->real_local_port = conn->real_local_port; + client->real_remote_ip = conn->real_remote_ip; + client->real_remote_port = conn->real_remote_port; + client->trusted = client_is_trusted(client); client->secured = ssl || client->trusted || - net_ip_compare(remote_ip, local_ip); + net_ip_compare(&conn->real_remote_ip, &conn->real_local_ip); client->proxy_ttl = LOGIN_PROXY_TTL; if (last_client == NULL)
--- a/src/login-common/client-common.h Mon Jun 15 18:50:53 2015 +0200 +++ b/src/login-common/client-common.h Mon Jun 15 18:50:53 2015 +0200 @@ -34,6 +34,8 @@ #define AUTH_MASTER_WAITING_MSG \ "Waiting for authentication master process to respond.." +struct master_service_connection; + enum client_disconnect_reason { CLIENT_DISCONNECT_TIMEOUT, CLIENT_DISCONNECT_SYSTEM_SHUTDOWN, @@ -173,10 +175,10 @@ struct client * client_create(int fd, bool ssl, pool_t pool, + const struct master_service_connection *conn, const struct login_settings *set, const struct master_service_ssl_settings *ssl_set, - void **other_sets, - const struct ip_addr *local_ip, const struct ip_addr *remote_ip); + void **other_sets); void client_destroy(struct client *client, const char *reason); void client_destroy_success(struct client *client, const char *reason); void client_destroy_internal_failure(struct client *client);
--- a/src/login-common/main.c Mon Jun 15 18:50:53 2015 +0200 +++ b/src/login-common/main.c Mon Jun 15 18:50:53 2015 +0200 @@ -112,27 +112,19 @@ { struct client *client; struct ssl_proxy *proxy; - struct ip_addr local_ip; const struct login_settings *set; const struct master_service_ssl_settings *ssl_set; - unsigned int local_port; pool_t pool; int fd_ssl; void **other_sets; - if (net_getsockname(conn->fd, &local_ip, &local_port) < 0) { - memset(&local_ip, 0, sizeof(local_ip)); - local_port = 0; - } - pool = pool_alloconly_create("login client", 8*1024); - set = login_settings_read(pool, &local_ip, + set = login_settings_read(pool, &conn->local_ip, &conn->remote_ip, NULL, &ssl_set, &other_sets); if (!ssl_connections && !conn->ssl) { - client = client_create(conn->fd, FALSE, pool, - set, ssl_set, other_sets, - &local_ip, &conn->remote_ip); + client = client_create(conn->fd, FALSE, pool, conn, + set, ssl_set, other_sets); } else { fd_ssl = ssl_proxy_alloc(conn->fd, &conn->remote_ip, pool, set, ssl_set, &proxy); @@ -143,17 +135,13 @@ return; } - client = client_create(fd_ssl, TRUE, pool, - set, ssl_set, other_sets, - &local_ip, &conn->remote_ip); + client = client_create(fd_ssl, TRUE, pool, conn, + set, ssl_set, other_sets); client->ssl_proxy = proxy; ssl_proxy_set_client(proxy, client); ssl_proxy_start(proxy); } - client->real_remote_port = client->remote_port = conn->remote_port; - client->real_local_port = client->local_port = local_port; - if (auth_client_to != NULL) timeout_remove(&auth_client_to); }