Mercurial > dovecot > core-2.2
changeset 11503:b7fadc4eac7a HEAD
config: local_name foo {} is now for TLS SNI. local foo {} only resolves foo to its IP.
author | Timo Sirainen <tss@iki.fi> |
---|---|
date | Wed, 09 Jun 2010 16:16:40 +0100 |
parents | 1aaa4b51cb14 |
children | 279bf7435603 |
files | src/config/config-connection.c src/config/config-filter.c src/config/config-filter.h src/config/config-parser.c src/config/doveconf.c src/lib-master/master-service-settings-cache.c src/lib-master/master-service-settings.c src/lib-master/master-service-settings.h src/lib/network.h src/login-common/login-settings.c src/login-common/login-settings.h |
diffstat | 11 files changed, 75 insertions(+), 62 deletions(-) [+] |
line wrap: on
line diff
--- a/src/config/config-connection.c Tue Jun 08 21:00:11 2010 +0100 +++ b/src/config/config-connection.c Wed Jun 09 16:16:40 2010 +0100 @@ -78,10 +78,8 @@ filter.service = *args + 8; else if (strncmp(*args, "module=", 7) == 0) module = *args + 7; - else if (strncmp(*args, "lhost=", 6) == 0) - filter.local_host = *args + 6; - else if (strncmp(*args, "rhost=", 6) == 0) - filter.remote_host = *args + 6; + else if (strncmp(*args, "lname=", 6) == 0) + filter.local_name = *args + 6; else if (strncmp(*args, "lip=", 4) == 0) { if (net_addr2ip(*args + 4, &filter.local_net) == 0) { filter.local_bits =
--- a/src/config/config-filter.c Tue Jun 08 21:00:11 2010 +0100 +++ b/src/config/config-filter.c Wed Jun 09 16:16:40 2010 +0100 @@ -33,27 +33,21 @@ static bool config_filter_match_rest(const struct config_filter *mask, const struct config_filter *filter) { - if (mask->local_host != NULL) { - if (filter->local_host == NULL) - return FALSE; - if (strcmp(filter->local_host, mask->local_host) != 0) + if (mask->local_name != NULL) { + if (filter->local_name == NULL) return FALSE; - } - if (mask->remote_host != NULL) { - if (filter->remote_host == NULL) - return FALSE; - if (strcmp(filter->remote_host, mask->remote_host) != 0) + if (strcmp(filter->local_name, mask->local_name) != 0) return FALSE; } /* FIXME: it's not comparing full masks */ - if (mask->remote_bits != 0 && mask->remote_host == NULL) { + if (mask->remote_bits != 0) { if (filter->remote_bits == 0) return FALSE; if (!net_is_in_network(&filter->remote_net, &mask->remote_net, mask->remote_bits)) return FALSE; } - if (mask->local_bits != 0 && mask->local_host == NULL) { + if (mask->local_bits != 0) { if (filter->local_bits == 0) return FALSE; if (!net_is_in_network(&filter->local_net, &mask->local_net, @@ -88,9 +82,7 @@ if (!net_ip_compare(&f1->local_net, &f2->local_net)) return FALSE; - if (null_strcmp(f1->remote_host, f2->remote_host) != 0) - return FALSE; - if (null_strcmp(f1->local_host, f2->local_host) != 0) + if (null_strcmp(f1->local_name, f2->local_name) != 0) return FALSE; return TRUE; @@ -129,8 +121,13 @@ { const struct config_filter *f1 = &(*p1)->filter, *f2 = &(*p2)->filter; - /* remote and local are first, although it doesn't really + /* remote and locals are first, although it doesn't really matter which one comes first */ + if (f1->local_name != NULL && f2->local_name == NULL) + return -1; + if (f1->local_name == NULL && f2->local_name != NULL) + return 1; + if (f1->local_bits > f2->local_bits) return -1; if (f1->local_bits < f2->local_bits) @@ -211,12 +208,12 @@ continue; } - if (mask->local_bits > 0) + if (mask->local_bits > 0 || mask->local_name != NULL) output_r->service_uses_local = TRUE; if (mask->remote_bits > 0) output_r->service_uses_remote = TRUE; if (config_filter_match_rest(mask, filter)) { - if (mask->local_bits > 0) + if (mask->local_bits > 0 || mask->local_name != NULL) output_r->used_local = TRUE; if (mask->remote_bits > 0) output_r->used_remote = TRUE; @@ -251,10 +248,8 @@ } tmp_mask = *mask; - if (filter->local_host == NULL) - tmp_mask.local_host = NULL; - if (filter->remote_host == NULL) - tmp_mask.remote_host = NULL; + if (filter->local_name == NULL) + tmp_mask.local_name = NULL; if (filter->local_bits == 0) tmp_mask.local_bits = 0; if (filter->remote_bits == 0) @@ -278,6 +273,10 @@ return FALSE; if (sup->remote_bits > filter->remote_bits) return FALSE; + if (sup->local_name != NULL && filter->local_name == NULL) { + i_warning("%s", sup->local_name); + return FALSE; + } if (sup->service != NULL && filter->service == NULL) return FALSE; return TRUE;
--- a/src/config/config-filter.h Tue Jun 08 21:00:11 2010 +0100 +++ b/src/config/config-filter.h Wed Jun 09 16:16:40 2010 +0100 @@ -7,6 +7,10 @@ struct config_filter { const char *service; + /* local_name is for TLS SNI requests. + both local_name and local_bits can't be set at the same time. */ + const char *local_name; + /* the hosts are used only in doveconf output */ const char *local_host, *remote_host; struct ip_addr local_net, remote_net; unsigned int local_bits, remote_bits;
--- a/src/config/config-parser.c Tue Jun 08 21:00:11 2010 +0100 +++ b/src/config/config-parser.c Wed Jun 09 16:16:40 2010 +0100 @@ -238,6 +238,8 @@ ctx->error = "local must not be under remote"; else if (parent->service != NULL) ctx->error = "local must not be under protocol"; + else if (parent->local_name != NULL) + ctx->error = "local must not be under local_name"; else if (config_parse_net(ctx, value, &filter->local_host, &filter->local_net, &filter->local_bits, &error) < 0) @@ -248,6 +250,13 @@ &parent->local_net, parent->local_bits))) ctx->error = "local not a subset of parent local"; + } else if (strcmp(key, "local_name") == 0) { + if (parent->remote_bits > 0) + ctx->error = "local_name must not be under remote"; + else if (parent->service != NULL) + ctx->error = "local_name must not be under protocol"; + else + filter->local_name = p_strdup(ctx->pool, value); } else if (strcmp(key, "remote") == 0) { if (parent->service != NULL) ctx->error = "remote must not be under protocol";
--- a/src/config/doveconf.c Tue Jun 08 21:00:11 2010 +0100 +++ b/src/config/doveconf.c Wed Jun 09 16:16:40 2010 +0100 @@ -302,6 +302,12 @@ indent++; } + if (filter->local_name != NULL) { + str_append_n(str, indent_str, indent*2); + str_printfa(str, "local_name %s {\n", filter->local_name); + indent++; + } + if (filter->remote_bits > 0) { str_append_n(str, indent_str, indent*2); str_printfa(str, "remote %s", @@ -458,10 +464,8 @@ filter->service = arg + 8; else if (strncmp(arg, "protocol=", 9) == 0) filter->service = arg + 9; - else if (strncmp(arg, "lhost=", 6) == 0) - filter->local_host = arg + 6; - else if (strncmp(arg, "rhost=", 6) == 0) - filter->remote_host = arg + 6; + else if (strncmp(arg, "lname=", 6) == 0) + filter->local_name = arg + 6; else if (strncmp(arg, "lip=", 4) == 0) { if (net_parse_range(arg + 4, &filter->local_net, &filter->local_bits) < 0)
--- a/src/lib-master/master-service-settings-cache.c Tue Jun 08 21:00:11 2010 +0100 +++ b/src/lib-master/master-service-settings-cache.c Wed Jun 09 16:16:40 2010 +0100 @@ -16,7 +16,7 @@ struct settings_entry *prev, *next; pool_t pool; - const char *local_host; + const char *local_name; struct ip_addr local_ip; struct setting_parser_context *parser; @@ -33,12 +33,12 @@ /* global settings for this service (after they've been read) */ struct setting_parser_context *global_parser; - /* cache for other settings (local_ip/local_host set) */ + /* cache for other settings (local_ip/local_name set) */ struct settings_entry *oldest, *newest; /* separate list for entries whose parser=global_parser */ struct settings_entry *oldest_global, *newest_global; - /* local_host, local_ip => struct settings_entry */ - struct hash_table *local_host_hash; + /* local_name, local_ip => struct settings_entry */ + struct hash_table *local_name_hash; struct hash_table *local_ip_hash; /* Initial size for new settings entry pools */ @@ -85,8 +85,8 @@ settings_parser_deinit(&entry->parser); pool_unref(&entry->pool); } - if (cache->local_host_hash != NULL) - hash_table_destroy(&cache->local_host_hash); + if (cache->local_name_hash != NULL) + hash_table_destroy(&cache->local_name_hash); if (cache->local_ip_hash != NULL) hash_table_destroy(&cache->local_ip_hash); if (cache->global_parser != NULL) @@ -99,11 +99,11 @@ const struct master_service_settings_input *input) { if (cache->service_uses_local) { - if (input->local_host != NULL || input->local_ip.family != 0) + if (input->local_name != NULL || input->local_ip.family != 0) return FALSE; } if (cache->service_uses_remote) { - if (input->remote_host != NULL || input->remote_ip.family != 0) + if (input->remote_ip.family != 0) return FALSE; } return TRUE; @@ -130,13 +130,13 @@ if (cache->service_uses_remote) return FALSE; - /* see if we have it already in cache. if local_host is specified, + /* see if we have it already in cache. if local_name is specified, don't even try to use local_ip (even though we have it), because - there may be different settings specifically for local_host */ - if (input->local_host != NULL) { - if (cache->local_host_hash != NULL) { - entry = hash_table_lookup(cache->local_host_hash, - input->local_host); + there may be different settings specifically for local_name */ + if (input->local_name != NULL) { + if (cache->local_name_hash != NULL) { + entry = hash_table_lookup(cache->local_name_hash, + input->local_name); } } else if (cache->local_ip_hash != NULL && input->local_ip.family != 0) { @@ -159,8 +159,8 @@ cache->cache_malloc_size -= pool_alloconly_get_total_alloc_size(entry->pool); - if (entry->local_host != NULL) - hash_table_remove(cache->local_host_hash, entry->local_host); + if (entry->local_name != NULL) + hash_table_remove(cache->local_name_hash, entry->local_name); if (entry->local_ip.family != 0) hash_table_remove(cache->local_ip_hash, &entry->local_ip); settings_parser_deinit(&entry->parser); @@ -174,7 +174,7 @@ struct settings_entry *entry; pool_t pool; size_t pool_size; - char *entry_local_host; + char *entry_local_name; if (!output->used_local && !output->used_remote) { /* these are same as global settings */ @@ -188,7 +188,7 @@ return; } - if (input->local_host == NULL && input->local_ip.family == 0) + if (input->local_name == NULL && input->local_ip.family == 0) return; if (!output->used_local) { @@ -210,8 +210,8 @@ entry = p_new(pool, struct settings_entry, 1); } entry->pool = pool; - entry_local_host = p_strdup(pool, input->local_host); - entry->local_host = entry_local_host; + entry_local_name = p_strdup(pool, input->local_name); + entry->local_name = entry_local_name; entry->local_ip = input->local_ip; if (!output->used_local) { entry->parser = cache->global_parser; @@ -229,15 +229,15 @@ } cache->cache_malloc_size += pool_alloconly_get_total_alloc_size(pool); - if (input->local_host != NULL) { - if (cache->local_host_hash == NULL) { - cache->local_host_hash = + if (input->local_name != NULL) { + if (cache->local_name_hash == NULL) { + cache->local_name_hash = hash_table_create(default_pool, cache->pool, 0, str_hash, (hash_cmp_callback_t *)strcmp); } - hash_table_insert(cache->local_host_hash, - entry_local_host, entry); + hash_table_insert(cache->local_name_hash, + entry_local_name, entry); } if (input->local_ip.family != 0) { if (cache->local_ip_hash == NULL) {
--- a/src/lib-master/master-service-settings.c Tue Jun 08 21:00:11 2010 +0100 +++ b/src/lib-master/master-service-settings.c Wed Jun 09 16:16:40 2010 +0100 @@ -174,10 +174,8 @@ str_printfa(str, "\tlip=%s", net_ip2addr(&input->local_ip)); if (input->remote_ip.family != 0) str_printfa(str, "\trip=%s", net_ip2addr(&input->remote_ip)); - if (input->local_host != NULL) - str_printfa(str, "\tlhost=%s", input->local_host); - if (input->remote_host != NULL) - str_printfa(str, "\tlhost=%s", input->remote_host); + if (input->local_name != NULL) + str_printfa(str, "\tlname=%s", input->local_name); str_append_c(str, '\n'); }
--- a/src/lib-master/master-service-settings.h Tue Jun 08 21:00:11 2010 +0100 +++ b/src/lib-master/master-service-settings.h Wed Jun 09 16:16:40 2010 +0100 @@ -27,7 +27,7 @@ const char *service; const char *username; struct ip_addr local_ip, remote_ip; - const char *local_host, *remote_host; + const char *local_name; }; struct master_service_settings_output {
--- a/src/lib/network.h Tue Jun 08 21:00:11 2010 +0100 +++ b/src/lib/network.h Wed Jun 09 16:16:40 2010 +0100 @@ -29,6 +29,7 @@ struct in_addr ip4; } u; }; +ARRAY_DEFINE_TYPE(ip_addr, struct ip_addr); /* maxmimum string length of IP address */ #ifdef HAVE_IPV6
--- a/src/login-common/login-settings.c Tue Jun 08 21:00:11 2010 +0100 +++ b/src/login-common/login-settings.c Wed Jun 09 16:16:40 2010 +0100 @@ -180,7 +180,7 @@ login_settings_read(pool_t pool, const struct ip_addr *local_ip, const struct ip_addr *remote_ip, - const char *local_host, + const char *local_name, void ***other_settings_r) { struct master_service_settings_input input; @@ -194,7 +194,7 @@ input.roots = login_set_roots; input.module = login_binary.process_name; input.service = login_binary.protocol; - input.local_host = local_host; + input.local_name = local_name; if (local_ip != NULL) input.local_ip = *local_ip;
--- a/src/login-common/login-settings.h Tue Jun 08 21:00:11 2010 +0100 +++ b/src/login-common/login-settings.h Wed Jun 09 16:16:40 2010 +0100 @@ -38,7 +38,7 @@ login_settings_read(pool_t pool, const struct ip_addr *local_ip, const struct ip_addr *remote_ip, - const char *local_host, + const char *local_name, void ***other_settings_r); void login_settings_deinit(void);