Mercurial > dovecot > original-hg > dovecot-1.2

annotate src/master/login-process.c @ 1039:793f05a7e50e HEAD

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
signed/unsigned/const pointer fixes
author Timo Sirainen <tss@iki.fi>
date Mon, 27 Jan 2003 04:05:32 +0200
parents f782b3319553
children a72bba3f8a55
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
rev   line source
0
3b1985cbc908 Initial revision
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
1 /* Copyright (C) 2002 Timo Sirainen */
3b1985cbc908 Initial revision
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
2
3b1985cbc908 Initial revision
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
3 #include "common.h"
532
3b53dd1280c6 I/O buffers now use real blocking instead of setting up a sub-ioloop to
Timo Sirainen <tss@iki.fi>
parents: 410
diff changeset
4 #include "ioloop.h"
0
3b1985cbc908 Initial revision
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
5 #include "network.h"
764
f57c52738f90 Renamed IBuffer and OBuffer to IStream and OStream which describes their
Timo Sirainen <tss@iki.fi>
parents: 747
diff changeset
6 #include "ostream.h"
0
3b1985cbc908 Initial revision
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
7 #include "fdpass.h"
727
8dd8ebe6bcac We use close-on-exec flag now to make sure that master process closes the
Timo Sirainen <tss@iki.fi>
parents: 722
diff changeset
8 #include "fd-close-on-exec.h"
697
7814b29d0862 Created env_put() and env_clean() for a bit easier handling of environment
Timo Sirainen <tss@iki.fi>
parents: 666
diff changeset
9 #include "env-util.h"
0
3b1985cbc908 Initial revision
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
10 #include "restrict-access.h"
722
0438621d25ff Added virtual memory size limits to processes. Default values are pretty
Timo Sirainen <tss@iki.fi>
parents: 699
diff changeset
11 #include "restrict-process-size.h"
0
3b1985cbc908 Initial revision
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
12 #include "login-process.h"
3b1985cbc908 Initial revision
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
13 #include "auth-process.h"
1035
fe49ece0f3ea We have now separate "userdb" and "passdb". They aren't tied to each others
Timo Sirainen <tss@iki.fi>
parents: 1000
diff changeset
14 #include "imap-process.h"
fe49ece0f3ea We have now separate "userdb" and "passdb". They aren't tied to each others
Timo Sirainen <tss@iki.fi>
parents: 1000
diff changeset
15 #include "master-login-interface.h"
0
3b1985cbc908 Initial revision
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
16
3b1985cbc908 Initial revision
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
17 #include <unistd.h>
3b1985cbc908 Initial revision
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
18 #include <syslog.h>
3b1985cbc908 Initial revision
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
19
903
fd8888f6f037 Naming style changes, finally got tired of most of the typedefs. Also the
Timo Sirainen <tss@iki.fi>
parents: 876
diff changeset
20 struct login_process {
fd8888f6f037 Naming style changes, finally got tired of most of the typedefs. Also the
Timo Sirainen <tss@iki.fi>
parents: 876
diff changeset
21 struct login_process *prev_nonlisten, *next_nonlisten;
0
3b1985cbc908 Initial revision
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
22 int refcount;
3b1985cbc908 Initial revision
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
23
3b1985cbc908 Initial revision
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
24 pid_t pid;
3b1985cbc908 Initial revision
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
25 int fd;
903
fd8888f6f037 Naming style changes, finally got tired of most of the typedefs. Also the
Timo Sirainen <tss@iki.fi>
parents: 876
diff changeset
26 struct io *io;
fd8888f6f037 Naming style changes, finally got tired of most of the typedefs. Also the
Timo Sirainen <tss@iki.fi>
parents: 876
diff changeset
27 struct ostream *output;
925
2e649dec0f09 Auth and login processes send an "we're ok" reply at the end of
Timo Sirainen <tss@iki.fi>
parents: 903
diff changeset
28 unsigned int initialized:1;
613
1906116a62ce Finally support for handling each login connection in it's own process.
Timo Sirainen <tss@iki.fi>
parents: 596
diff changeset
29 unsigned int listening:1;
0
3b1985cbc908 Initial revision
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
30 unsigned int destroyed:1;
613
1906116a62ce Finally support for handling each login connection in it's own process.
Timo Sirainen <tss@iki.fi>
parents: 596
diff changeset
31 };
0
3b1985cbc908 Initial revision
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
32
903
fd8888f6f037 Naming style changes, finally got tired of most of the typedefs. Also the
Timo Sirainen <tss@iki.fi>
parents: 876
diff changeset
33 struct login_auth_request {
fd8888f6f037 Naming style changes, finally got tired of most of the typedefs. Also the
Timo Sirainen <tss@iki.fi>
parents: 876
diff changeset
34 struct login_process *process;
1035
fe49ece0f3ea We have now separate "userdb" and "passdb". They aren't tied to each others
Timo Sirainen <tss@iki.fi>
parents: 1000
diff changeset
35 unsigned int tag;
fe49ece0f3ea We have now separate "userdb" and "passdb". They aren't tied to each others
Timo Sirainen <tss@iki.fi>
parents: 1000
diff changeset
36
fe49ece0f3ea We have now separate "userdb" and "passdb". They aren't tied to each others
Timo Sirainen <tss@iki.fi>
parents: 1000
diff changeset
37 unsigned int login_tag;
0
3b1985cbc908 Initial revision
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
38 int fd;
3b1985cbc908 Initial revision
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
39
903
fd8888f6f037 Naming style changes, finally got tired of most of the typedefs. Also the
Timo Sirainen <tss@iki.fi>
parents: 876
diff changeset
40 struct ip_addr ip;
fd8888f6f037 Naming style changes, finally got tired of most of the typedefs. Also the
Timo Sirainen <tss@iki.fi>
parents: 876
diff changeset
41 };
0
3b1985cbc908 Initial revision
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
42
810
30f6811f4952 Instead of just trusting randomness of authentication cookies between
Timo Sirainen <tss@iki.fi>
parents: 807
diff changeset
43 static unsigned int auth_id_counter;
903
fd8888f6f037 Naming style changes, finally got tired of most of the typedefs. Also the
Timo Sirainen <tss@iki.fi>
parents: 876
diff changeset
44 static struct timeout *to;
613
1906116a62ce Finally support for handling each login connection in it's own process.
Timo Sirainen <tss@iki.fi>
parents: 596
diff changeset
45
903
fd8888f6f037 Naming style changes, finally got tired of most of the typedefs. Also the
Timo Sirainen <tss@iki.fi>
parents: 876
diff changeset
46 static struct hash_table *processes;
fd8888f6f037 Naming style changes, finally got tired of most of the typedefs. Also the
Timo Sirainen <tss@iki.fi>
parents: 876
diff changeset
47 static struct login_process *oldest_nonlisten_process;
fd8888f6f037 Naming style changes, finally got tired of most of the typedefs. Also the
Timo Sirainen <tss@iki.fi>
parents: 876
diff changeset
48 static struct login_process *newest_nonlisten_process;
613
1906116a62ce Finally support for handling each login connection in it's own process.
Timo Sirainen <tss@iki.fi>
parents: 596
diff changeset
49 static unsigned int listening_processes;
614
e60620644af3 login_process_per_connection = yes scales now better when multiple users are
Timo Sirainen <tss@iki.fi>
parents: 613
diff changeset
50 static unsigned int wanted_processes_count;
0
3b1985cbc908 Initial revision
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
51
903
fd8888f6f037 Naming style changes, finally got tired of most of the typedefs. Also the
Timo Sirainen <tss@iki.fi>
parents: 876
diff changeset
52 static void login_process_destroy(struct login_process *p);
fd8888f6f037 Naming style changes, finally got tired of most of the typedefs. Also the
Timo Sirainen <tss@iki.fi>
parents: 876
diff changeset
53 static void login_process_unref(struct login_process *p);
0
3b1985cbc908 Initial revision
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
54
1035
fe49ece0f3ea We have now separate "userdb" and "passdb". They aren't tied to each others
Timo Sirainen <tss@iki.fi>
parents: 1000
diff changeset
55 void auth_master_callback(struct auth_master_reply *reply,
fe49ece0f3ea We have now separate "userdb" and "passdb". They aren't tied to each others
Timo Sirainen <tss@iki.fi>
parents: 1000
diff changeset
56 const unsigned char *data, void *context)
0
3b1985cbc908 Initial revision
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
57 {
903
fd8888f6f037 Naming style changes, finally got tired of most of the typedefs. Also the
Timo Sirainen <tss@iki.fi>
parents: 876
diff changeset
58 struct login_auth_request *request = context;
1035
fe49ece0f3ea We have now separate "userdb" and "passdb". They aren't tied to each others
Timo Sirainen <tss@iki.fi>
parents: 1000
diff changeset
59 struct master_login_reply master_reply;
0
3b1985cbc908 Initial revision
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
60
1035
fe49ece0f3ea We have now separate "userdb" and "passdb". They aren't tied to each others
Timo Sirainen <tss@iki.fi>
parents: 1000
diff changeset
61 if (reply == NULL || !reply->success)
fe49ece0f3ea We have now separate "userdb" and "passdb". They aren't tied to each others
Timo Sirainen <tss@iki.fi>
parents: 1000
diff changeset
62 master_reply.success = FALSE;
0
3b1985cbc908 Initial revision
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
63 else {
1039
793f05a7e50e signed/unsigned/const pointer fixes
Timo Sirainen <tss@iki.fi>
parents: 1036
diff changeset
64 master_reply.success =
793f05a7e50e signed/unsigned/const pointer fixes
Timo Sirainen <tss@iki.fi>
parents: 1036
diff changeset
65 create_imap_process(request->fd, &request->ip, reply,
793f05a7e50e signed/unsigned/const pointer fixes
Timo Sirainen <tss@iki.fi>
parents: 1036
diff changeset
66 (const char *) data);
0
3b1985cbc908 Initial revision
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
67 }
3b1985cbc908 Initial revision
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
68
3b1985cbc908 Initial revision
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
69 /* reply to login */
1035
fe49ece0f3ea We have now separate "userdb" and "passdb". They aren't tied to each others
Timo Sirainen <tss@iki.fi>
parents: 1000
diff changeset
70 master_reply.tag = request->login_tag;
0
3b1985cbc908 Initial revision
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
71
1035
fe49ece0f3ea We have now separate "userdb" and "passdb". They aren't tied to each others
Timo Sirainen <tss@iki.fi>
parents: 1000
diff changeset
72 if (o_stream_send(request->process->output, &master_reply,
fe49ece0f3ea We have now separate "userdb" and "passdb". They aren't tied to each others
Timo Sirainen <tss@iki.fi>
parents: 1000
diff changeset
73 sizeof(master_reply)) < 0)
fe49ece0f3ea We have now separate "userdb" and "passdb". They aren't tied to each others
Timo Sirainen <tss@iki.fi>
parents: 1000
diff changeset
74 login_process_destroy(request->process);
0
3b1985cbc908 Initial revision
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
75
805
5ac361acb316 Marked all non-trivial buffer modifications with @UNSAFE tag. Several
Timo Sirainen <tss@iki.fi>
parents: 801
diff changeset
76 if (close(request->fd) < 0)
5ac361acb316 Marked all non-trivial buffer modifications with @UNSAFE tag. Several
Timo Sirainen <tss@iki.fi>
parents: 801
diff changeset
77 i_error("close(imap client) failed: %m");
1035
fe49ece0f3ea We have now separate "userdb" and "passdb". They aren't tied to each others
Timo Sirainen <tss@iki.fi>
parents: 1000
diff changeset
78 login_process_unref(request->process);
0
3b1985cbc908 Initial revision
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
79 i_free(request);
3b1985cbc908 Initial revision
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
80 }
3b1985cbc908 Initial revision
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
81
903
fd8888f6f037 Naming style changes, finally got tired of most of the typedefs. Also the
Timo Sirainen <tss@iki.fi>
parents: 876
diff changeset
82 static void login_process_mark_nonlistening(struct login_process *p)
614
e60620644af3 login_process_per_connection = yes scales now better when multiple users are
Timo Sirainen <tss@iki.fi>
parents: 613
diff changeset
83 {
e60620644af3 login_process_per_connection = yes scales now better when multiple users are
Timo Sirainen <tss@iki.fi>
parents: 613
diff changeset
84 if (!p->listening) {
e60620644af3 login_process_per_connection = yes scales now better when multiple users are
Timo Sirainen <tss@iki.fi>
parents: 613
diff changeset
85 i_error("login: received another \"not listening\" "
e60620644af3 login_process_per_connection = yes scales now better when multiple users are
Timo Sirainen <tss@iki.fi>
parents: 613
diff changeset
86 "notification");
e60620644af3 login_process_per_connection = yes scales now better when multiple users are
Timo Sirainen <tss@iki.fi>
parents: 613
diff changeset
87 return;
e60620644af3 login_process_per_connection = yes scales now better when multiple users are
Timo Sirainen <tss@iki.fi>
parents: 613
diff changeset
88 }
e60620644af3 login_process_per_connection = yes scales now better when multiple users are
Timo Sirainen <tss@iki.fi>
parents: 613
diff changeset
89
e60620644af3 login_process_per_connection = yes scales now better when multiple users are
Timo Sirainen <tss@iki.fi>
parents: 613
diff changeset
90 p->listening = FALSE;
e60620644af3 login_process_per_connection = yes scales now better when multiple users are
Timo Sirainen <tss@iki.fi>
parents: 613
diff changeset
91 listening_processes--;
e60620644af3 login_process_per_connection = yes scales now better when multiple users are
Timo Sirainen <tss@iki.fi>
parents: 613
diff changeset
92
e60620644af3 login_process_per_connection = yes scales now better when multiple users are
Timo Sirainen <tss@iki.fi>
parents: 613
diff changeset
93 p->prev_nonlisten = newest_nonlisten_process;
e60620644af3 login_process_per_connection = yes scales now better when multiple users are
Timo Sirainen <tss@iki.fi>
parents: 613
diff changeset
94
e60620644af3 login_process_per_connection = yes scales now better when multiple users are
Timo Sirainen <tss@iki.fi>
parents: 613
diff changeset
95 if (newest_nonlisten_process != NULL)
e60620644af3 login_process_per_connection = yes scales now better when multiple users are
Timo Sirainen <tss@iki.fi>
parents: 613
diff changeset
96 newest_nonlisten_process->next_nonlisten = p;
e60620644af3 login_process_per_connection = yes scales now better when multiple users are
Timo Sirainen <tss@iki.fi>
parents: 613
diff changeset
97 newest_nonlisten_process = p;
e60620644af3 login_process_per_connection = yes scales now better when multiple users are
Timo Sirainen <tss@iki.fi>
parents: 613
diff changeset
98
e60620644af3 login_process_per_connection = yes scales now better when multiple users are
Timo Sirainen <tss@iki.fi>
parents: 613
diff changeset
99 if (oldest_nonlisten_process == NULL)
e60620644af3 login_process_per_connection = yes scales now better when multiple users are
Timo Sirainen <tss@iki.fi>
parents: 613
diff changeset
100 oldest_nonlisten_process = p;
e60620644af3 login_process_per_connection = yes scales now better when multiple users are
Timo Sirainen <tss@iki.fi>
parents: 613
diff changeset
101 }
e60620644af3 login_process_per_connection = yes scales now better when multiple users are
Timo Sirainen <tss@iki.fi>
parents: 613
diff changeset
102
1036
f782b3319553 Removed useless parameters from io_callback_t and timeout_callback_t.
Timo Sirainen <tss@iki.fi>
parents: 1035
diff changeset
103 static void login_process_input(void *context)
0
3b1985cbc908 Initial revision
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
104 {
903
fd8888f6f037 Naming style changes, finally got tired of most of the typedefs. Also the
Timo Sirainen <tss@iki.fi>
parents: 876
diff changeset
105 struct login_process *p = context;
fd8888f6f037 Naming style changes, finally got tired of most of the typedefs. Also the
Timo Sirainen <tss@iki.fi>
parents: 876
diff changeset
106 struct auth_process *auth_process;
fd8888f6f037 Naming style changes, finally got tired of most of the typedefs. Also the
Timo Sirainen <tss@iki.fi>
parents: 876
diff changeset
107 struct login_auth_request *authreq;
1035
fe49ece0f3ea We have now separate "userdb" and "passdb". They aren't tied to each others
Timo Sirainen <tss@iki.fi>
parents: 1000
diff changeset
108 struct master_login_request req;
0
3b1985cbc908 Initial revision
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
109 int client_fd, ret;
3b1985cbc908 Initial revision
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
110
3b1985cbc908 Initial revision
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
111 ret = fd_read(p->fd, &req, sizeof(req), &client_fd);
3b1985cbc908 Initial revision
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
112 if (ret != sizeof(req)) {
3b1985cbc908 Initial revision
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
113 if (ret == 0) {
3b1985cbc908 Initial revision
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
114 /* disconnected, ie. the login process died */
3b1985cbc908 Initial revision
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
115 } else if (ret > 0) {
3b1985cbc908 Initial revision
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
116 /* req wasn't fully read */
3b1985cbc908 Initial revision
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
117 i_error("login: fd_read() couldn't read all req");
3b1985cbc908 Initial revision
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
118 } else {
3b1985cbc908 Initial revision
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
119 i_error("login: fd_read() failed: %m");
3b1985cbc908 Initial revision
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
120 }
3b1985cbc908 Initial revision
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
121
929
a763b3826762 Don't leak fds in case of errors.
Timo Sirainen <tss@iki.fi>
parents: 925
diff changeset
122 if (client_fd != -1) {
a763b3826762 Don't leak fds in case of errors.
Timo Sirainen <tss@iki.fi>
parents: 925
diff changeset
123 if (close(client_fd) < 0)
a763b3826762 Don't leak fds in case of errors.
Timo Sirainen <tss@iki.fi>
parents: 925
diff changeset
124 i_error("close(imap client) failed: %m");
a763b3826762 Don't leak fds in case of errors.
Timo Sirainen <tss@iki.fi>
parents: 925
diff changeset
125 }
a763b3826762 Don't leak fds in case of errors.
Timo Sirainen <tss@iki.fi>
parents: 925
diff changeset
126
0
3b1985cbc908 Initial revision
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
127 login_process_destroy(p);
3b1985cbc908 Initial revision
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
128 return;
3b1985cbc908 Initial revision
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
129 }
3b1985cbc908 Initial revision
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
130
613
1906116a62ce Finally support for handling each login connection in it's own process.
Timo Sirainen <tss@iki.fi>
parents: 596
diff changeset
131 if (client_fd == -1) {
925
2e649dec0f09 Auth and login processes send an "we're ok" reply at the end of
Timo Sirainen <tss@iki.fi>
parents: 903
diff changeset
132 /* just a notification that the login process */
2e649dec0f09 Auth and login processes send an "we're ok" reply at the end of
Timo Sirainen <tss@iki.fi>
parents: 903
diff changeset
133 if (!p->initialized) {
2e649dec0f09 Auth and login processes send an "we're ok" reply at the end of
Timo Sirainen <tss@iki.fi>
parents: 903
diff changeset
134 /* initialization notify */
2e649dec0f09 Auth and login processes send an "we're ok" reply at the end of
Timo Sirainen <tss@iki.fi>
parents: 903
diff changeset
135 p->initialized = TRUE;;
2e649dec0f09 Auth and login processes send an "we're ok" reply at the end of
Timo Sirainen <tss@iki.fi>
parents: 903
diff changeset
136 } else {
2e649dec0f09 Auth and login processes send an "we're ok" reply at the end of
Timo Sirainen <tss@iki.fi>
parents: 903
diff changeset
137 /* not listening for new connections anymore */
2e649dec0f09 Auth and login processes send an "we're ok" reply at the end of
Timo Sirainen <tss@iki.fi>
parents: 903
diff changeset
138 login_process_mark_nonlistening(p);
2e649dec0f09 Auth and login processes send an "we're ok" reply at the end of
Timo Sirainen <tss@iki.fi>
parents: 903
diff changeset
139 }
613
1906116a62ce Finally support for handling each login connection in it's own process.
Timo Sirainen <tss@iki.fi>
parents: 596
diff changeset
140 return;
1906116a62ce Finally support for handling each login connection in it's own process.
Timo Sirainen <tss@iki.fi>
parents: 596
diff changeset
141 }
1906116a62ce Finally support for handling each login connection in it's own process.
Timo Sirainen <tss@iki.fi>
parents: 596
diff changeset
142
1035
fe49ece0f3ea We have now separate "userdb" and "passdb". They aren't tied to each others
Timo Sirainen <tss@iki.fi>
parents: 1000
diff changeset
143 fd_close_on_exec(client_fd, TRUE);
0
3b1985cbc908 Initial revision
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
144
3b1985cbc908 Initial revision
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
145 /* ask the cookie from the auth process */
903
fd8888f6f037 Naming style changes, finally got tired of most of the typedefs. Also the
Timo Sirainen <tss@iki.fi>
parents: 876
diff changeset
146 authreq = i_new(struct login_auth_request, 1);
0
3b1985cbc908 Initial revision
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
147 p->refcount++;
3b1985cbc908 Initial revision
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
148 authreq->process = p;
1035
fe49ece0f3ea We have now separate "userdb" and "passdb". They aren't tied to each others
Timo Sirainen <tss@iki.fi>
parents: 1000
diff changeset
149 authreq->tag = ++auth_id_counter;
fe49ece0f3ea We have now separate "userdb" and "passdb". They aren't tied to each others
Timo Sirainen <tss@iki.fi>
parents: 1000
diff changeset
150 authreq->login_tag = req.tag;
0
3b1985cbc908 Initial revision
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
151 authreq->fd = client_fd;
1035
fe49ece0f3ea We have now separate "userdb" and "passdb". They aren't tied to each others
Timo Sirainen <tss@iki.fi>
parents: 1000
diff changeset
152 authreq->ip = req.ip;
0
3b1985cbc908 Initial revision
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
153
1035
fe49ece0f3ea We have now separate "userdb" and "passdb". They aren't tied to each others
Timo Sirainen <tss@iki.fi>
parents: 1000
diff changeset
154 auth_process = auth_process_find(req.auth_pid);
0
3b1985cbc908 Initial revision
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
155 if (auth_process == NULL) {
3b1985cbc908 Initial revision
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
156 i_error("login: Authentication process %u doesn't exist",
1035
fe49ece0f3ea We have now separate "userdb" and "passdb". They aren't tied to each others
Timo Sirainen <tss@iki.fi>
parents: 1000
diff changeset
157 req.auth_pid);
fe49ece0f3ea We have now separate "userdb" and "passdb". They aren't tied to each others
Timo Sirainen <tss@iki.fi>
parents: 1000
diff changeset
158 auth_master_callback(NULL, NULL, authreq);
0
3b1985cbc908 Initial revision
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
159 } else {
1035
fe49ece0f3ea We have now separate "userdb" and "passdb". They aren't tied to each others
Timo Sirainen <tss@iki.fi>
parents: 1000
diff changeset
160 auth_process_request(auth_process, p->pid,
fe49ece0f3ea We have now separate "userdb" and "passdb". They aren't tied to each others
Timo Sirainen <tss@iki.fi>
parents: 1000
diff changeset
161 req.auth_id, authreq);
0
3b1985cbc908 Initial revision
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
162 }
3b1985cbc908 Initial revision
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
163 }
3b1985cbc908 Initial revision
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
164
903
fd8888f6f037 Naming style changes, finally got tired of most of the typedefs. Also the
Timo Sirainen <tss@iki.fi>
parents: 876
diff changeset
165 static struct login_process *login_process_new(pid_t pid, int fd)
0
3b1985cbc908 Initial revision
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
166 {
903
fd8888f6f037 Naming style changes, finally got tired of most of the typedefs. Also the
Timo Sirainen <tss@iki.fi>
parents: 876
diff changeset
167 struct login_process *p;
0
3b1985cbc908 Initial revision
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
168
3b1985cbc908 Initial revision
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
169 PID_ADD_PROCESS_TYPE(pid, PROCESS_TYPE_LOGIN);
3b1985cbc908 Initial revision
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
170
903
fd8888f6f037 Naming style changes, finally got tired of most of the typedefs. Also the
Timo Sirainen <tss@iki.fi>
parents: 876
diff changeset
171 p = i_new(struct login_process, 1);
0
3b1985cbc908 Initial revision
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
172 p->refcount = 1;
3b1985cbc908 Initial revision
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
173 p->pid = pid;
3b1985cbc908 Initial revision
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
174 p->fd = fd;
613
1906116a62ce Finally support for handling each login connection in it's own process.
Timo Sirainen <tss@iki.fi>
parents: 596
diff changeset
175 p->listening = TRUE;
0
3b1985cbc908 Initial revision
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
176 p->io = io_add(fd, IO_READ, login_process_input, p);
764
f57c52738f90 Renamed IBuffer and OBuffer to IStream and OStream which describes their
Timo Sirainen <tss@iki.fi>
parents: 747
diff changeset
177 p->output = o_stream_create_file(fd, default_pool,
1035
fe49ece0f3ea We have now separate "userdb" and "passdb". They aren't tied to each others
Timo Sirainen <tss@iki.fi>
parents: 1000
diff changeset
178 sizeof(struct master_login_reply)*10,
410
1f0e7229ee58 Split IOBuffer into mmaped IBuffer, file IBuffer, memory data IBuffer and
Timo Sirainen <tss@iki.fi>
parents: 364
diff changeset
179 IO_PRIORITY_DEFAULT, FALSE);
0
3b1985cbc908 Initial revision
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
180
195
db6e288be0e9 Replaced INT_TO_POINTER and POINTER_TO_INT macros with POINTER_CAST and
Timo Sirainen <tss@iki.fi>
parents: 10
diff changeset
181 hash_insert(processes, POINTER_CAST(pid), p);
613
1906116a62ce Finally support for handling each login connection in it's own process.
Timo Sirainen <tss@iki.fi>
parents: 596
diff changeset
182 listening_processes++;
0
3b1985cbc908 Initial revision
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
183 return p;
3b1985cbc908 Initial revision
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
184 }
3b1985cbc908 Initial revision
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
185
903
fd8888f6f037 Naming style changes, finally got tired of most of the typedefs. Also the
Timo Sirainen <tss@iki.fi>
parents: 876
diff changeset
186 static void login_process_remove_from_lists(struct login_process *p)
613
1906116a62ce Finally support for handling each login connection in it's own process.
Timo Sirainen <tss@iki.fi>
parents: 596
diff changeset
187 {
1906116a62ce Finally support for handling each login connection in it's own process.
Timo Sirainen <tss@iki.fi>
parents: 596
diff changeset
188 if (p == oldest_nonlisten_process)
1906116a62ce Finally support for handling each login connection in it's own process.
Timo Sirainen <tss@iki.fi>
parents: 596
diff changeset
189 oldest_nonlisten_process = p->next_nonlisten;
1906116a62ce Finally support for handling each login connection in it's own process.
Timo Sirainen <tss@iki.fi>
parents: 596
diff changeset
190 else
1906116a62ce Finally support for handling each login connection in it's own process.
Timo Sirainen <tss@iki.fi>
parents: 596
diff changeset
191 p->prev_nonlisten->next_nonlisten = p->next_nonlisten;
1906116a62ce Finally support for handling each login connection in it's own process.
Timo Sirainen <tss@iki.fi>
parents: 596
diff changeset
192
1906116a62ce Finally support for handling each login connection in it's own process.
Timo Sirainen <tss@iki.fi>
parents: 596
diff changeset
193 if (p == newest_nonlisten_process)
1906116a62ce Finally support for handling each login connection in it's own process.
Timo Sirainen <tss@iki.fi>
parents: 596
diff changeset
194 newest_nonlisten_process = p->prev_nonlisten;
1906116a62ce Finally support for handling each login connection in it's own process.
Timo Sirainen <tss@iki.fi>
parents: 596
diff changeset
195 else
1906116a62ce Finally support for handling each login connection in it's own process.
Timo Sirainen <tss@iki.fi>
parents: 596
diff changeset
196 p->next_nonlisten->prev_nonlisten = p->prev_nonlisten;
1906116a62ce Finally support for handling each login connection in it's own process.
Timo Sirainen <tss@iki.fi>
parents: 596
diff changeset
197
1906116a62ce Finally support for handling each login connection in it's own process.
Timo Sirainen <tss@iki.fi>
parents: 596
diff changeset
198 p->next_nonlisten = p->prev_nonlisten = NULL;
1906116a62ce Finally support for handling each login connection in it's own process.
Timo Sirainen <tss@iki.fi>
parents: 596
diff changeset
199 }
1906116a62ce Finally support for handling each login connection in it's own process.
Timo Sirainen <tss@iki.fi>
parents: 596
diff changeset
200
903
fd8888f6f037 Naming style changes, finally got tired of most of the typedefs. Also the
Timo Sirainen <tss@iki.fi>
parents: 876
diff changeset
201 static void login_process_destroy(struct login_process *p)
0
3b1985cbc908 Initial revision
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
202 {
3b1985cbc908 Initial revision
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
203 if (p->destroyed)
3b1985cbc908 Initial revision
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
204 return;
3b1985cbc908 Initial revision
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
205 p->destroyed = TRUE;
3b1985cbc908 Initial revision
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
206
1035
fe49ece0f3ea We have now separate "userdb" and "passdb". They aren't tied to each others
Timo Sirainen <tss@iki.fi>
parents: 1000
diff changeset
207 if (!p->initialized && io_loop_is_running(ioloop)) {
1000
0fbafade2d85 If auth/login process died unexpectedly, the exit status or killing signal
Timo Sirainen <tss@iki.fi>
parents: 945
diff changeset
208 i_error("Login process died too early - shutting down");
0fbafade2d85 If auth/login process died unexpectedly, the exit status or killing signal
Timo Sirainen <tss@iki.fi>
parents: 945
diff changeset
209 io_loop_stop(ioloop);
0fbafade2d85 If auth/login process died unexpectedly, the exit status or killing signal
Timo Sirainen <tss@iki.fi>
parents: 945
diff changeset
210 }
613
1906116a62ce Finally support for handling each login connection in it's own process.
Timo Sirainen <tss@iki.fi>
parents: 596
diff changeset
211 if (p->listening)
1906116a62ce Finally support for handling each login connection in it's own process.
Timo Sirainen <tss@iki.fi>
parents: 596
diff changeset
212 listening_processes--;
1906116a62ce Finally support for handling each login connection in it's own process.
Timo Sirainen <tss@iki.fi>
parents: 596
diff changeset
213
764
f57c52738f90 Renamed IBuffer and OBuffer to IStream and OStream which describes their
Timo Sirainen <tss@iki.fi>
parents: 747
diff changeset
214 o_stream_close(p->output);
0
3b1985cbc908 Initial revision
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
215 io_remove(p->io);
805
5ac361acb316 Marked all non-trivial buffer modifications with @UNSAFE tag. Several
Timo Sirainen <tss@iki.fi>
parents: 801
diff changeset
216 if (close(p->fd) < 0)
5ac361acb316 Marked all non-trivial buffer modifications with @UNSAFE tag. Several
Timo Sirainen <tss@iki.fi>
parents: 801
diff changeset
217 i_error("close(login) failed: %m");
0
3b1985cbc908 Initial revision
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
218
613
1906116a62ce Finally support for handling each login connection in it's own process.
Timo Sirainen <tss@iki.fi>
parents: 596
diff changeset
219 if (!p->listening)
1906116a62ce Finally support for handling each login connection in it's own process.
Timo Sirainen <tss@iki.fi>
parents: 596
diff changeset
220 login_process_remove_from_lists(p);
1906116a62ce Finally support for handling each login connection in it's own process.
Timo Sirainen <tss@iki.fi>
parents: 596
diff changeset
221
195
db6e288be0e9 Replaced INT_TO_POINTER and POINTER_TO_INT macros with POINTER_CAST and
Timo Sirainen <tss@iki.fi>
parents: 10
diff changeset
222 hash_remove(processes, POINTER_CAST(p->pid));
613
1906116a62ce Finally support for handling each login connection in it's own process.
Timo Sirainen <tss@iki.fi>
parents: 596
diff changeset
223
0
3b1985cbc908 Initial revision
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
224 login_process_unref(p);
3b1985cbc908 Initial revision
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
225 }
3b1985cbc908 Initial revision
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
226
903
fd8888f6f037 Naming style changes, finally got tired of most of the typedefs. Also the
Timo Sirainen <tss@iki.fi>
parents: 876
diff changeset
227 static void login_process_unref(struct login_process *p)
0
3b1985cbc908 Initial revision
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
228 {
3b1985cbc908 Initial revision
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
229 if (--p->refcount > 0)
3b1985cbc908 Initial revision
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
230 return;
3b1985cbc908 Initial revision
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
231
764
f57c52738f90 Renamed IBuffer and OBuffer to IStream and OStream which describes their
Timo Sirainen <tss@iki.fi>
parents: 747
diff changeset
232 o_stream_unref(p->output);
0
3b1985cbc908 Initial revision
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
233 i_free(p);
3b1985cbc908 Initial revision
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
234 }
3b1985cbc908 Initial revision
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
235
3b1985cbc908 Initial revision
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
236 static pid_t create_login_process(void)
3b1985cbc908 Initial revision
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
237 {
699
cc795d74d08f Use more warnings with GCC by default. Fixed several warnings.
Timo Sirainen <tss@iki.fi>
parents: 697
diff changeset
238 static char *argv[] = { NULL, NULL };
0
3b1985cbc908 Initial revision
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
239 pid_t pid;
3b1985cbc908 Initial revision
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
240 int fd[2];
3b1985cbc908 Initial revision
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
241
613
1906116a62ce Finally support for handling each login connection in it's own process.
Timo Sirainen <tss@iki.fi>
parents: 596
diff changeset
242 if (set_login_process_per_connection &&
1906116a62ce Finally support for handling each login connection in it's own process.
Timo Sirainen <tss@iki.fi>
parents: 596
diff changeset
243 hash_size(processes)-listening_processes >= set_max_logging_users) {
1906116a62ce Finally support for handling each login connection in it's own process.
Timo Sirainen <tss@iki.fi>
parents: 596
diff changeset
244 if (oldest_nonlisten_process != NULL)
1906116a62ce Finally support for handling each login connection in it's own process.
Timo Sirainen <tss@iki.fi>
parents: 596
diff changeset
245 login_process_destroy(oldest_nonlisten_process);
1906116a62ce Finally support for handling each login connection in it's own process.
Timo Sirainen <tss@iki.fi>
parents: 596
diff changeset
246 }
1906116a62ce Finally support for handling each login connection in it's own process.
Timo Sirainen <tss@iki.fi>
parents: 596
diff changeset
247
0
3b1985cbc908 Initial revision
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
248 if (set_login_uid == 0)
3b1985cbc908 Initial revision
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
249 i_fatal("Login process must not run as root");
3b1985cbc908 Initial revision
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
250
3b1985cbc908 Initial revision
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
251 /* create communication to process with a socket pair */
3b1985cbc908 Initial revision
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
252 if (socketpair(AF_UNIX, SOCK_STREAM, 0, fd) == -1) {
3b1985cbc908 Initial revision
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
253 i_error("socketpair() failed: %m");
3b1985cbc908 Initial revision
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
254 return -1;
3b1985cbc908 Initial revision
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
255 }
3b1985cbc908 Initial revision
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
256
3b1985cbc908 Initial revision
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
257 pid = fork();
3b1985cbc908 Initial revision
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
258 if (pid < 0) {
3b1985cbc908 Initial revision
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
259 (void)close(fd[0]);
3b1985cbc908 Initial revision
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
260 (void)close(fd[1]);
3b1985cbc908 Initial revision
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
261 i_error("fork() failed: %m");
3b1985cbc908 Initial revision
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
262 return -1;
3b1985cbc908 Initial revision
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
263 }
3b1985cbc908 Initial revision
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
264
3b1985cbc908 Initial revision
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
265 if (pid != 0) {
3b1985cbc908 Initial revision
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
266 /* master */
727
8dd8ebe6bcac We use close-on-exec flag now to make sure that master process closes the
Timo Sirainen <tss@iki.fi>
parents: 722
diff changeset
267 fd_close_on_exec(fd[0], TRUE);
0
3b1985cbc908 Initial revision
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
268 login_process_new(pid, fd[0]);
3b1985cbc908 Initial revision
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
269 (void)close(fd[1]);
3b1985cbc908 Initial revision
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
270 return pid;
3b1985cbc908 Initial revision
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
271 }
3b1985cbc908 Initial revision
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
272
3b1985cbc908 Initial revision
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
273 /* move communication handle */
3b1985cbc908 Initial revision
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
274 if (dup2(fd[1], LOGIN_MASTER_SOCKET_FD) < 0)
805
5ac361acb316 Marked all non-trivial buffer modifications with @UNSAFE tag. Several
Timo Sirainen <tss@iki.fi>
parents: 801
diff changeset
275 i_fatal("login: dup2(master) failed: %m");
727
8dd8ebe6bcac We use close-on-exec flag now to make sure that master process closes the
Timo Sirainen <tss@iki.fi>
parents: 722
diff changeset
276 fd_close_on_exec(LOGIN_MASTER_SOCKET_FD, FALSE);
0
3b1985cbc908 Initial revision
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
277
3b1985cbc908 Initial revision
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
278 /* move the listen handle */
3b1985cbc908 Initial revision
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
279 if (dup2(imap_fd, LOGIN_IMAP_LISTEN_FD) < 0)
805
5ac361acb316 Marked all non-trivial buffer modifications with @UNSAFE tag. Several
Timo Sirainen <tss@iki.fi>
parents: 801
diff changeset
280 i_fatal("login: dup2(imap) failed: %m");
727
8dd8ebe6bcac We use close-on-exec flag now to make sure that master process closes the
Timo Sirainen <tss@iki.fi>
parents: 722
diff changeset
281 fd_close_on_exec(LOGIN_IMAP_LISTEN_FD, FALSE);
0
3b1985cbc908 Initial revision
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
282
3b1985cbc908 Initial revision
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
283 /* move the SSL listen handle */
876
ad8f7d2107b4 If ssl_disable is set to yes and we get SIGHUPed, don't feed the listening
Timo Sirainen <tss@iki.fi>
parents: 810
diff changeset
284 if (!set_ssl_disable) {
ad8f7d2107b4 If ssl_disable is set to yes and we get SIGHUPed, don't feed the listening
Timo Sirainen <tss@iki.fi>
parents: 810
diff changeset
285 if (dup2(imaps_fd, LOGIN_IMAPS_LISTEN_FD) < 0)
ad8f7d2107b4 If ssl_disable is set to yes and we get SIGHUPed, don't feed the listening
Timo Sirainen <tss@iki.fi>
parents: 810
diff changeset
286 i_fatal("login: dup2(imaps) failed: %m");
ad8f7d2107b4 If ssl_disable is set to yes and we get SIGHUPed, don't feed the listening
Timo Sirainen <tss@iki.fi>
parents: 810
diff changeset
287 } else {
ad8f7d2107b4 If ssl_disable is set to yes and we get SIGHUPed, don't feed the listening
Timo Sirainen <tss@iki.fi>
parents: 810
diff changeset
288 if (dup2(null_fd, LOGIN_IMAPS_LISTEN_FD) < 0)
ad8f7d2107b4 If ssl_disable is set to yes and we get SIGHUPed, don't feed the listening
Timo Sirainen <tss@iki.fi>
parents: 810
diff changeset
289 i_fatal("login: dup2(imaps) failed: %m");
ad8f7d2107b4 If ssl_disable is set to yes and we get SIGHUPed, don't feed the listening
Timo Sirainen <tss@iki.fi>
parents: 810
diff changeset
290 }
727
8dd8ebe6bcac We use close-on-exec flag now to make sure that master process closes the
Timo Sirainen <tss@iki.fi>
parents: 722
diff changeset
291 fd_close_on_exec(LOGIN_IMAPS_LISTEN_FD, FALSE);
0
3b1985cbc908 Initial revision
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
292
3b1985cbc908 Initial revision
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
293 /* imap_fd and imaps_fd are closed by clean_child_process() */
3b1985cbc908 Initial revision
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
294
3b1985cbc908 Initial revision
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
295 (void)close(fd[0]);
3b1985cbc908 Initial revision
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
296 (void)close(fd[1]);
3b1985cbc908 Initial revision
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
297
3b1985cbc908 Initial revision
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
298 clean_child_process();
3b1985cbc908 Initial revision
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
299
3b1985cbc908 Initial revision
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
300 /* setup access environment - needs to be done after
3b1985cbc908 Initial revision
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
301 clean_child_process() since it clears environment */
3b1985cbc908 Initial revision
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
302 restrict_access_set_env(set_login_user, set_login_uid, set_login_gid,
3b1985cbc908 Initial revision
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
303 set_login_chroot ? set_login_dir : NULL);
3b1985cbc908 Initial revision
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
304
3b1985cbc908 Initial revision
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
305 if (!set_login_chroot) {
3b1985cbc908 Initial revision
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
306 /* no chrooting, but still change to the directory */
805
5ac361acb316 Marked all non-trivial buffer modifications with @UNSAFE tag. Several
Timo Sirainen <tss@iki.fi>
parents: 801
diff changeset
307 if (chdir(set_login_dir) < 0)
5ac361acb316 Marked all non-trivial buffer modifications with @UNSAFE tag. Several
Timo Sirainen <tss@iki.fi>
parents: 801
diff changeset
308 i_fatal("chdir(%s) failed: %m", set_login_dir);
0
3b1985cbc908 Initial revision
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
309 }
3b1985cbc908 Initial revision
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
310
666
36ac2fd352ff Added ssl_disable setting.
Timo Sirainen <tss@iki.fi>
parents: 635
diff changeset
311 if (!set_ssl_disable) {
697
7814b29d0862 Created env_put() and env_clean() for a bit easier handling of environment
Timo Sirainen <tss@iki.fi>
parents: 666
diff changeset
312 env_put(t_strconcat("SSL_CERT_FILE=", set_ssl_cert_file, NULL));
7814b29d0862 Created env_put() and env_clean() for a bit easier handling of environment
Timo Sirainen <tss@iki.fi>
parents: 666
diff changeset
313 env_put(t_strconcat("SSL_KEY_FILE=", set_ssl_key_file, NULL));
7814b29d0862 Created env_put() and env_clean() for a bit easier handling of environment
Timo Sirainen <tss@iki.fi>
parents: 666
diff changeset
314 env_put(t_strconcat("SSL_PARAM_FILE=",
7814b29d0862 Created env_put() and env_clean() for a bit easier handling of environment
Timo Sirainen <tss@iki.fi>
parents: 666
diff changeset
315 set_ssl_parameters_file, NULL));
615
0d852af6842e Master process generates DH/RSA parameters now and stores them into file
Timo Sirainen <tss@iki.fi>
parents: 614
diff changeset
316 }
0d852af6842e Master process generates DH/RSA parameters now and stores them into file
Timo Sirainen <tss@iki.fi>
parents: 614
diff changeset
317
0
3b1985cbc908 Initial revision
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
318 if (set_disable_plaintext_auth)
697
7814b29d0862 Created env_put() and env_clean() for a bit easier handling of environment
Timo Sirainen <tss@iki.fi>
parents: 666
diff changeset
319 env_put("DISABLE_PLAINTEXT_AUTH=1");
747
db6fb0aa16d1 Let login process also know if verbose process titles are wanted..
Timo Sirainen <tss@iki.fi>
parents: 727
diff changeset
320 if (set_verbose_proctitle)
db6fb0aa16d1 Let login process also know if verbose process titles are wanted..
Timo Sirainen <tss@iki.fi>
parents: 727
diff changeset
321 env_put("VERBOSE_PROCTITLE=1");
0
3b1985cbc908 Initial revision
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
322
613
1906116a62ce Finally support for handling each login connection in it's own process.
Timo Sirainen <tss@iki.fi>
parents: 596
diff changeset
323 if (set_login_process_per_connection) {
697
7814b29d0862 Created env_put() and env_clean() for a bit easier handling of environment
Timo Sirainen <tss@iki.fi>
parents: 666
diff changeset
324 env_put("PROCESS_PER_CONNECTION=1");
7814b29d0862 Created env_put() and env_clean() for a bit easier handling of environment
Timo Sirainen <tss@iki.fi>
parents: 666
diff changeset
325 env_put("MAX_LOGGING_USERS=1");
613
1906116a62ce Finally support for handling each login connection in it's own process.
Timo Sirainen <tss@iki.fi>
parents: 596
diff changeset
326 } else {
810
30f6811f4952 Instead of just trusting randomness of authentication cookies between
Timo Sirainen <tss@iki.fi>
parents: 807
diff changeset
327 env_put(t_strdup_printf("MAX_LOGGING_USERS=%u",
697
7814b29d0862 Created env_put() and env_clean() for a bit easier handling of environment
Timo Sirainen <tss@iki.fi>
parents: 666
diff changeset
328 set_max_logging_users));
613
1906116a62ce Finally support for handling each login connection in it's own process.
Timo Sirainen <tss@iki.fi>
parents: 596
diff changeset
329 }
0
3b1985cbc908 Initial revision
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
330
810
30f6811f4952 Instead of just trusting randomness of authentication cookies between
Timo Sirainen <tss@iki.fi>
parents: 807
diff changeset
331 env_put(t_strdup_printf("PROCESS_UID=%s", dec2str(getpid())));
30f6811f4952 Instead of just trusting randomness of authentication cookies between
Timo Sirainen <tss@iki.fi>
parents: 807
diff changeset
332
722
0438621d25ff Added virtual memory size limits to processes. Default values are pretty
Timo Sirainen <tss@iki.fi>
parents: 699
diff changeset
333 restrict_process_size(set_login_process_size);
0438621d25ff Added virtual memory size limits to processes. Default values are pretty
Timo Sirainen <tss@iki.fi>
parents: 699
diff changeset
334
801
86224ff16bf6 Drop root privileges earlier. Close syslog more later in imap-master when
Timo Sirainen <tss@iki.fi>
parents: 791
diff changeset
335 /* make sure we don't leak syslog fd, but do it last so that
86224ff16bf6 Drop root privileges earlier. Close syslog more later in imap-master when
Timo Sirainen <tss@iki.fi>
parents: 791
diff changeset
336 any errors above will be logged */
86224ff16bf6 Drop root privileges earlier. Close syslog more later in imap-master when
Timo Sirainen <tss@iki.fi>
parents: 791
diff changeset
337 closelog();
86224ff16bf6 Drop root privileges earlier. Close syslog more later in imap-master when
Timo Sirainen <tss@iki.fi>
parents: 791
diff changeset
338
0
3b1985cbc908 Initial revision
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
339 /* hide the path, it's ugly */
3b1985cbc908 Initial revision
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
340 argv[0] = strrchr(set_login_executable, '/');
3b1985cbc908 Initial revision
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
341 if (argv[0] == NULL) argv[0] = set_login_executable; else argv[0]++;
3b1985cbc908 Initial revision
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
342
3b1985cbc908 Initial revision
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
343 execv(set_login_executable, (char **) argv);
3b1985cbc908 Initial revision
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
344
801
86224ff16bf6 Drop root privileges earlier. Close syslog more later in imap-master when
Timo Sirainen <tss@iki.fi>
parents: 791
diff changeset
345 i_fatal_status(FATAL_EXEC, "execv(%s) failed: %m", argv[0]);
0
3b1985cbc908 Initial revision
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
346 return -1;
3b1985cbc908 Initial revision
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
347 }
3b1985cbc908 Initial revision
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
348
615
0d852af6842e Master process generates DH/RSA parameters now and stores them into file
Timo Sirainen <tss@iki.fi>
parents: 614
diff changeset
349 void login_process_abormal_exit(pid_t pid __attr_unused__)
0d852af6842e Master process generates DH/RSA parameters now and stores them into file
Timo Sirainen <tss@iki.fi>
parents: 614
diff changeset
350 {
0d852af6842e Master process generates DH/RSA parameters now and stores them into file
Timo Sirainen <tss@iki.fi>
parents: 614
diff changeset
351 /* don't start raising the process count if they're dying all
0d852af6842e Master process generates DH/RSA parameters now and stores them into file
Timo Sirainen <tss@iki.fi>
parents: 614
diff changeset
352 the time */
0d852af6842e Master process generates DH/RSA parameters now and stores them into file
Timo Sirainen <tss@iki.fi>
parents: 614
diff changeset
353 wanted_processes_count = 0;
0d852af6842e Master process generates DH/RSA parameters now and stores them into file
Timo Sirainen <tss@iki.fi>
parents: 614
diff changeset
354 }
0d852af6842e Master process generates DH/RSA parameters now and stores them into file
Timo Sirainen <tss@iki.fi>
parents: 614
diff changeset
355
635
90a65c017bf0 SIGHUP reloads now settings. Logged in clients are left untouched, but
Timo Sirainen <tss@iki.fi>
parents: 615
diff changeset
356 static void login_hash_destroy(void *key __attr_unused__, void *value,
90a65c017bf0 SIGHUP reloads now settings. Logged in clients are left untouched, but
Timo Sirainen <tss@iki.fi>
parents: 615
diff changeset
357 void *context __attr_unused__)
90a65c017bf0 SIGHUP reloads now settings. Logged in clients are left untouched, but
Timo Sirainen <tss@iki.fi>
parents: 615
diff changeset
358 {
90a65c017bf0 SIGHUP reloads now settings. Logged in clients are left untouched, but
Timo Sirainen <tss@iki.fi>
parents: 615
diff changeset
359 login_process_destroy(value);
90a65c017bf0 SIGHUP reloads now settings. Logged in clients are left untouched, but
Timo Sirainen <tss@iki.fi>
parents: 615
diff changeset
360 }
90a65c017bf0 SIGHUP reloads now settings. Logged in clients are left untouched, but
Timo Sirainen <tss@iki.fi>
parents: 615
diff changeset
361
90a65c017bf0 SIGHUP reloads now settings. Logged in clients are left untouched, but
Timo Sirainen <tss@iki.fi>
parents: 615
diff changeset
362 void login_processes_destroy_all(void)
90a65c017bf0 SIGHUP reloads now settings. Logged in clients are left untouched, but
Timo Sirainen <tss@iki.fi>
parents: 615
diff changeset
363 {
90a65c017bf0 SIGHUP reloads now settings. Logged in clients are left untouched, but
Timo Sirainen <tss@iki.fi>
parents: 615
diff changeset
364 hash_foreach(processes, login_hash_destroy, NULL);
90a65c017bf0 SIGHUP reloads now settings. Logged in clients are left untouched, but
Timo Sirainen <tss@iki.fi>
parents: 615
diff changeset
365
90a65c017bf0 SIGHUP reloads now settings. Logged in clients are left untouched, but
Timo Sirainen <tss@iki.fi>
parents: 615
diff changeset
366 /* don't double their amount when restarting */
90a65c017bf0 SIGHUP reloads now settings. Logged in clients are left untouched, but
Timo Sirainen <tss@iki.fi>
parents: 615
diff changeset
367 wanted_processes_count = 0;
90a65c017bf0 SIGHUP reloads now settings. Logged in clients are left untouched, but
Timo Sirainen <tss@iki.fi>
parents: 615
diff changeset
368 }
90a65c017bf0 SIGHUP reloads now settings. Logged in clients are left untouched, but
Timo Sirainen <tss@iki.fi>
parents: 615
diff changeset
369
903
fd8888f6f037 Naming style changes, finally got tired of most of the typedefs. Also the
Timo Sirainen <tss@iki.fi>
parents: 876
diff changeset
370 static void
1036
f782b3319553 Removed useless parameters from io_callback_t and timeout_callback_t.
Timo Sirainen <tss@iki.fi>
parents: 1035
diff changeset
371 login_processes_start_missing(void *context __attr_unused__)
0
3b1985cbc908 Initial revision
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
372 {
614
e60620644af3 login_process_per_connection = yes scales now better when multiple users are
Timo Sirainen <tss@iki.fi>
parents: 613
diff changeset
373 if (!set_login_process_per_connection) {
e60620644af3 login_process_per_connection = yes scales now better when multiple users are
Timo Sirainen <tss@iki.fi>
parents: 613
diff changeset
374 /* create max. one process every second, that way if it keeps
e60620644af3 login_process_per_connection = yes scales now better when multiple users are
Timo Sirainen <tss@iki.fi>
parents: 613
diff changeset
375 dying all the time we don't eat all cpu with fork()ing. */
e60620644af3 login_process_per_connection = yes scales now better when multiple users are
Timo Sirainen <tss@iki.fi>
parents: 613
diff changeset
376 if (listening_processes < set_login_processes_count)
e60620644af3 login_process_per_connection = yes scales now better when multiple users are
Timo Sirainen <tss@iki.fi>
parents: 613
diff changeset
377 (void)create_login_process();
e60620644af3 login_process_per_connection = yes scales now better when multiple users are
Timo Sirainen <tss@iki.fi>
parents: 613
diff changeset
378 } else {
e60620644af3 login_process_per_connection = yes scales now better when multiple users are
Timo Sirainen <tss@iki.fi>
parents: 613
diff changeset
379 /* we want to respond fast when multiple clients are connecting
e60620644af3 login_process_per_connection = yes scales now better when multiple users are
Timo Sirainen <tss@iki.fi>
parents: 613
diff changeset
380 at once, but we also want to prevent fork-bombing. use the
e60620644af3 login_process_per_connection = yes scales now better when multiple users are
Timo Sirainen <tss@iki.fi>
parents: 613
diff changeset
381 same method as apache: check once a second if we need new
e60620644af3 login_process_per_connection = yes scales now better when multiple users are
Timo Sirainen <tss@iki.fi>
parents: 613
diff changeset
382 processes. if yes and we've used all the existing processes,
e60620644af3 login_process_per_connection = yes scales now better when multiple users are
Timo Sirainen <tss@iki.fi>
parents: 613
diff changeset
383 double their amount (unless we've hit the high limit).
e60620644af3 login_process_per_connection = yes scales now better when multiple users are
Timo Sirainen <tss@iki.fi>
parents: 613
diff changeset
384 Then for each second that didn't use all existing processes,
e60620644af3 login_process_per_connection = yes scales now better when multiple users are
Timo Sirainen <tss@iki.fi>
parents: 613
diff changeset
385 drop the max. process count by one. */
e60620644af3 login_process_per_connection = yes scales now better when multiple users are
Timo Sirainen <tss@iki.fi>
parents: 613
diff changeset
386 if (wanted_processes_count < set_login_processes_count)
e60620644af3 login_process_per_connection = yes scales now better when multiple users are
Timo Sirainen <tss@iki.fi>
parents: 613
diff changeset
387 wanted_processes_count = set_login_processes_count;
e60620644af3 login_process_per_connection = yes scales now better when multiple users are
Timo Sirainen <tss@iki.fi>
parents: 613
diff changeset
388 else if (listening_processes == 0)
e60620644af3 login_process_per_connection = yes scales now better when multiple users are
Timo Sirainen <tss@iki.fi>
parents: 613
diff changeset
389 wanted_processes_count *= 2;
e60620644af3 login_process_per_connection = yes scales now better when multiple users are
Timo Sirainen <tss@iki.fi>
parents: 613
diff changeset
390 else if (wanted_processes_count > set_login_processes_count)
e60620644af3 login_process_per_connection = yes scales now better when multiple users are
Timo Sirainen <tss@iki.fi>
parents: 613
diff changeset
391 wanted_processes_count--;
e60620644af3 login_process_per_connection = yes scales now better when multiple users are
Timo Sirainen <tss@iki.fi>
parents: 613
diff changeset
392
e60620644af3 login_process_per_connection = yes scales now better when multiple users are
Timo Sirainen <tss@iki.fi>
parents: 613
diff changeset
393 if (wanted_processes_count > set_login_max_processes_count)
e60620644af3 login_process_per_connection = yes scales now better when multiple users are
Timo Sirainen <tss@iki.fi>
parents: 613
diff changeset
394 wanted_processes_count = set_login_max_processes_count;
e60620644af3 login_process_per_connection = yes scales now better when multiple users are
Timo Sirainen <tss@iki.fi>
parents: 613
diff changeset
395
e60620644af3 login_process_per_connection = yes scales now better when multiple users are
Timo Sirainen <tss@iki.fi>
parents: 613
diff changeset
396 while (listening_processes < wanted_processes_count)
e60620644af3 login_process_per_connection = yes scales now better when multiple users are
Timo Sirainen <tss@iki.fi>
parents: 613
diff changeset
397 (void)create_login_process();
e60620644af3 login_process_per_connection = yes scales now better when multiple users are
Timo Sirainen <tss@iki.fi>
parents: 613
diff changeset
398 }
0
3b1985cbc908 Initial revision
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
399 }
3b1985cbc908 Initial revision
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
400
3b1985cbc908 Initial revision
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
401 void login_processes_init(void)
3b1985cbc908 Initial revision
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
402 {
3b1985cbc908 Initial revision
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
403 auth_id_counter = 0;
613
1906116a62ce Finally support for handling each login connection in it's own process.
Timo Sirainen <tss@iki.fi>
parents: 596
diff changeset
404 listening_processes = 0;
614
e60620644af3 login_process_per_connection = yes scales now better when multiple users are
Timo Sirainen <tss@iki.fi>
parents: 613
diff changeset
405 wanted_processes_count = 0;
613
1906116a62ce Finally support for handling each login connection in it's own process.
Timo Sirainen <tss@iki.fi>
parents: 596
diff changeset
406 oldest_nonlisten_process = newest_nonlisten_process = NULL;
1906116a62ce Finally support for handling each login connection in it's own process.
Timo Sirainen <tss@iki.fi>
parents: 596
diff changeset
407
945
501f076f2e74 Rewrote hash table code, works with less memory now. Also some memory
Timo Sirainen <tss@iki.fi>
parents: 929
diff changeset
408 processes = hash_create(default_pool, default_pool, 128, NULL, NULL);
0
3b1985cbc908 Initial revision
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
409 to = timeout_add(1000, login_processes_start_missing, NULL);
3b1985cbc908 Initial revision
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
410 }
3b1985cbc908 Initial revision
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
411
3b1985cbc908 Initial revision
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
412 void login_processes_deinit(void)
3b1985cbc908 Initial revision
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
413 {
3b1985cbc908 Initial revision
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
414 timeout_remove(to);
3b1985cbc908 Initial revision
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
415
635
90a65c017bf0 SIGHUP reloads now settings. Logged in clients are left untouched, but
Timo Sirainen <tss@iki.fi>
parents: 615
diff changeset
416 login_processes_destroy_all();
0
3b1985cbc908 Initial revision
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
417 hash_destroy(processes);
3b1985cbc908 Initial revision
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
418 }