Mercurial > dovecot > original-hg > dovecot-1.2
annotate src/master/login-process.c @ 727:8dd8ebe6bcac HEAD
We use close-on-exec flag now to make sure that master process closes the
fds when executing other processes.
author | Timo Sirainen <tss@iki.fi> |
---|---|
date | Sun, 01 Dec 2002 17:39:20 +0200 |
parents | 0438621d25ff |
children | db6fb0aa16d1 |
rev | line source |
---|---|
0 | 1 /* Copyright (C) 2002 Timo Sirainen */ |
2 | |
3 #include "common.h" | |
532
3b53dd1280c6
I/O buffers now use real blocking instead of setting up a sub-ioloop to
Timo Sirainen <tss@iki.fi>
parents:
410
diff
changeset
|
4 #include "ioloop.h" |
0 | 5 #include "network.h" |
410
1f0e7229ee58
Split IOBuffer into mmaped IBuffer, file IBuffer, memory data IBuffer and
Timo Sirainen <tss@iki.fi>
parents:
364
diff
changeset
|
6 #include "obuffer.h" |
0 | 7 #include "fdpass.h" |
727
8dd8ebe6bcac
We use close-on-exec flag now to make sure that master process closes the
Timo Sirainen <tss@iki.fi>
parents:
722
diff
changeset
|
8 #include "fd-close-on-exec.h" |
697
7814b29d0862
Created env_put() and env_clean() for a bit easier handling of environment
Timo Sirainen <tss@iki.fi>
parents:
666
diff
changeset
|
9 #include "env-util.h" |
0 | 10 #include "restrict-access.h" |
722
0438621d25ff
Added virtual memory size limits to processes. Default values are pretty
Timo Sirainen <tss@iki.fi>
parents:
699
diff
changeset
|
11 #include "restrict-process-size.h" |
0 | 12 #include "login-process.h" |
13 #include "auth-process.h" | |
14 #include "master-interface.h" | |
15 | |
16 #include <unistd.h> | |
17 #include <syslog.h> | |
18 | |
613
1906116a62ce
Finally support for handling each login connection in it's own process.
Timo Sirainen <tss@iki.fi>
parents:
596
diff
changeset
|
19 typedef struct _LoginProcess LoginProcess; |
1906116a62ce
Finally support for handling each login connection in it's own process.
Timo Sirainen <tss@iki.fi>
parents:
596
diff
changeset
|
20 |
1906116a62ce
Finally support for handling each login connection in it's own process.
Timo Sirainen <tss@iki.fi>
parents:
596
diff
changeset
|
21 struct _LoginProcess { |
1906116a62ce
Finally support for handling each login connection in it's own process.
Timo Sirainen <tss@iki.fi>
parents:
596
diff
changeset
|
22 LoginProcess *prev_nonlisten, *next_nonlisten; |
0 | 23 int refcount; |
24 | |
25 pid_t pid; | |
26 int fd; | |
27 IO io; | |
410
1f0e7229ee58
Split IOBuffer into mmaped IBuffer, file IBuffer, memory data IBuffer and
Timo Sirainen <tss@iki.fi>
parents:
364
diff
changeset
|
28 OBuffer *outbuf; |
613
1906116a62ce
Finally support for handling each login connection in it's own process.
Timo Sirainen <tss@iki.fi>
parents:
596
diff
changeset
|
29 unsigned int listening:1; |
0 | 30 unsigned int destroyed:1; |
613
1906116a62ce
Finally support for handling each login connection in it's own process.
Timo Sirainen <tss@iki.fi>
parents:
596
diff
changeset
|
31 }; |
0 | 32 |
33 typedef struct { | |
34 LoginProcess *process; | |
35 int login_id; | |
36 int auth_id; | |
37 int fd; | |
38 | |
596
ab3590c3a7d9
Added verbose_proctitle setting: Show more verbose process titles (in ps).
Timo Sirainen <tss@iki.fi>
parents:
532
diff
changeset
|
39 IPADDR ip; |
0 | 40 char login_tag[LOGIN_TAG_SIZE]; |
41 } LoginAuthRequest; | |
42 | |
43 static int auth_id_counter; | |
44 static Timeout to; | |
613
1906116a62ce
Finally support for handling each login connection in it's own process.
Timo Sirainen <tss@iki.fi>
parents:
596
diff
changeset
|
45 |
1906116a62ce
Finally support for handling each login connection in it's own process.
Timo Sirainen <tss@iki.fi>
parents:
596
diff
changeset
|
46 static HashTable *processes; |
1906116a62ce
Finally support for handling each login connection in it's own process.
Timo Sirainen <tss@iki.fi>
parents:
596
diff
changeset
|
47 static LoginProcess *oldest_nonlisten_process, *newest_nonlisten_process; |
1906116a62ce
Finally support for handling each login connection in it's own process.
Timo Sirainen <tss@iki.fi>
parents:
596
diff
changeset
|
48 static unsigned int listening_processes; |
614
e60620644af3
login_process_per_connection = yes scales now better when multiple users are
Timo Sirainen <tss@iki.fi>
parents:
613
diff
changeset
|
49 static unsigned int wanted_processes_count; |
0 | 50 |
51 static void login_process_destroy(LoginProcess *p); | |
52 static void login_process_unref(LoginProcess *p); | |
53 | |
10
82b7de533f98
s/user_data/context/ and some s/Data/Context/
Timo Sirainen <tss@iki.fi>
parents:
0
diff
changeset
|
54 static void auth_callback(AuthCookieReplyData *cookie_reply, void *context) |
0 | 55 { |
56 const char *env[] = { | |
57 "MAIL", NULL, | |
58 "LOGIN_TAG", NULL, | |
59 NULL | |
60 }; | |
10
82b7de533f98
s/user_data/context/ and some s/Data/Context/
Timo Sirainen <tss@iki.fi>
parents:
0
diff
changeset
|
61 LoginAuthRequest *request = context; |
0 | 62 LoginProcess *process; |
63 MasterReply reply; | |
64 | |
65 env[1] = cookie_reply->mail; | |
66 env[3] = request->login_tag; | |
67 | |
68 if (cookie_reply == NULL || !cookie_reply->success) | |
69 reply.result = MASTER_RESULT_FAILURE; | |
70 else { | |
71 reply.result = create_imap_process(request->fd, | |
596
ab3590c3a7d9
Added verbose_proctitle setting: Show more verbose process titles (in ps).
Timo Sirainen <tss@iki.fi>
parents:
532
diff
changeset
|
72 &request->ip, |
0 | 73 cookie_reply->user, |
74 cookie_reply->uid, | |
75 cookie_reply->gid, | |
76 cookie_reply->home, | |
77 cookie_reply->chroot, env); | |
78 } | |
79 | |
80 /* reply to login */ | |
81 reply.id = request->login_id; | |
82 | |
83 process = request->process; | |
410
1f0e7229ee58
Split IOBuffer into mmaped IBuffer, file IBuffer, memory data IBuffer and
Timo Sirainen <tss@iki.fi>
parents:
364
diff
changeset
|
84 if (o_buffer_send(process->outbuf, &reply, sizeof(reply)) < 0) |
0 | 85 login_process_destroy(process); |
86 | |
87 (void)close(request->fd); | |
88 login_process_unref(process); | |
89 i_free(request); | |
90 } | |
91 | |
699
cc795d74d08f
Use more warnings with GCC by default. Fixed several warnings.
Timo Sirainen <tss@iki.fi>
parents:
697
diff
changeset
|
92 static void login_process_mark_nonlistening(LoginProcess *p) |
614
e60620644af3
login_process_per_connection = yes scales now better when multiple users are
Timo Sirainen <tss@iki.fi>
parents:
613
diff
changeset
|
93 { |
e60620644af3
login_process_per_connection = yes scales now better when multiple users are
Timo Sirainen <tss@iki.fi>
parents:
613
diff
changeset
|
94 if (!p->listening) { |
e60620644af3
login_process_per_connection = yes scales now better when multiple users are
Timo Sirainen <tss@iki.fi>
parents:
613
diff
changeset
|
95 i_error("login: received another \"not listening\" " |
e60620644af3
login_process_per_connection = yes scales now better when multiple users are
Timo Sirainen <tss@iki.fi>
parents:
613
diff
changeset
|
96 "notification"); |
e60620644af3
login_process_per_connection = yes scales now better when multiple users are
Timo Sirainen <tss@iki.fi>
parents:
613
diff
changeset
|
97 return; |
e60620644af3
login_process_per_connection = yes scales now better when multiple users are
Timo Sirainen <tss@iki.fi>
parents:
613
diff
changeset
|
98 } |
e60620644af3
login_process_per_connection = yes scales now better when multiple users are
Timo Sirainen <tss@iki.fi>
parents:
613
diff
changeset
|
99 |
e60620644af3
login_process_per_connection = yes scales now better when multiple users are
Timo Sirainen <tss@iki.fi>
parents:
613
diff
changeset
|
100 p->listening = FALSE; |
e60620644af3
login_process_per_connection = yes scales now better when multiple users are
Timo Sirainen <tss@iki.fi>
parents:
613
diff
changeset
|
101 listening_processes--; |
e60620644af3
login_process_per_connection = yes scales now better when multiple users are
Timo Sirainen <tss@iki.fi>
parents:
613
diff
changeset
|
102 |
e60620644af3
login_process_per_connection = yes scales now better when multiple users are
Timo Sirainen <tss@iki.fi>
parents:
613
diff
changeset
|
103 p->prev_nonlisten = newest_nonlisten_process; |
e60620644af3
login_process_per_connection = yes scales now better when multiple users are
Timo Sirainen <tss@iki.fi>
parents:
613
diff
changeset
|
104 |
e60620644af3
login_process_per_connection = yes scales now better when multiple users are
Timo Sirainen <tss@iki.fi>
parents:
613
diff
changeset
|
105 if (newest_nonlisten_process != NULL) |
e60620644af3
login_process_per_connection = yes scales now better when multiple users are
Timo Sirainen <tss@iki.fi>
parents:
613
diff
changeset
|
106 newest_nonlisten_process->next_nonlisten = p; |
e60620644af3
login_process_per_connection = yes scales now better when multiple users are
Timo Sirainen <tss@iki.fi>
parents:
613
diff
changeset
|
107 newest_nonlisten_process = p; |
e60620644af3
login_process_per_connection = yes scales now better when multiple users are
Timo Sirainen <tss@iki.fi>
parents:
613
diff
changeset
|
108 |
e60620644af3
login_process_per_connection = yes scales now better when multiple users are
Timo Sirainen <tss@iki.fi>
parents:
613
diff
changeset
|
109 if (oldest_nonlisten_process == NULL) |
e60620644af3
login_process_per_connection = yes scales now better when multiple users are
Timo Sirainen <tss@iki.fi>
parents:
613
diff
changeset
|
110 oldest_nonlisten_process = p; |
e60620644af3
login_process_per_connection = yes scales now better when multiple users are
Timo Sirainen <tss@iki.fi>
parents:
613
diff
changeset
|
111 } |
e60620644af3
login_process_per_connection = yes scales now better when multiple users are
Timo Sirainen <tss@iki.fi>
parents:
613
diff
changeset
|
112 |
10
82b7de533f98
s/user_data/context/ and some s/Data/Context/
Timo Sirainen <tss@iki.fi>
parents:
0
diff
changeset
|
113 static void login_process_input(void *context, int fd __attr_unused__, |
0 | 114 IO io __attr_unused__) |
115 { | |
10
82b7de533f98
s/user_data/context/ and some s/Data/Context/
Timo Sirainen <tss@iki.fi>
parents:
0
diff
changeset
|
116 LoginProcess *p = context; |
0 | 117 AuthProcess *auth_process; |
118 LoginAuthRequest *authreq; | |
119 MasterRequest req; | |
120 int client_fd, ret; | |
121 | |
122 ret = fd_read(p->fd, &req, sizeof(req), &client_fd); | |
123 if (ret != sizeof(req)) { | |
124 if (ret == 0) { | |
125 /* disconnected, ie. the login process died */ | |
126 } else if (ret > 0) { | |
127 /* req wasn't fully read */ | |
128 i_error("login: fd_read() couldn't read all req"); | |
129 } else { | |
130 i_error("login: fd_read() failed: %m"); | |
131 } | |
132 | |
133 login_process_destroy(p); | |
134 return; | |
135 } | |
136 | |
613
1906116a62ce
Finally support for handling each login connection in it's own process.
Timo Sirainen <tss@iki.fi>
parents:
596
diff
changeset
|
137 if (client_fd == -1) { |
1906116a62ce
Finally support for handling each login connection in it's own process.
Timo Sirainen <tss@iki.fi>
parents:
596
diff
changeset
|
138 /* just a notification that the login process isn't |
1906116a62ce
Finally support for handling each login connection in it's own process.
Timo Sirainen <tss@iki.fi>
parents:
596
diff
changeset
|
139 listening for new connections anymore */ |
614
e60620644af3
login_process_per_connection = yes scales now better when multiple users are
Timo Sirainen <tss@iki.fi>
parents:
613
diff
changeset
|
140 login_process_mark_nonlistening(p); |
613
1906116a62ce
Finally support for handling each login connection in it's own process.
Timo Sirainen <tss@iki.fi>
parents:
596
diff
changeset
|
141 return; |
1906116a62ce
Finally support for handling each login connection in it's own process.
Timo Sirainen <tss@iki.fi>
parents:
596
diff
changeset
|
142 } |
1906116a62ce
Finally support for handling each login connection in it's own process.
Timo Sirainen <tss@iki.fi>
parents:
596
diff
changeset
|
143 |
0 | 144 /* login process isn't trusted, validate all data to make sure |
145 it's not trying to exploit us */ | |
146 if (!VALIDATE_STR(req.login_tag)) { | |
147 i_error("login: Received corrupted data"); | |
148 login_process_destroy(p); | |
149 return; | |
150 } | |
151 | |
152 /* ask the cookie from the auth process */ | |
153 authreq = i_new(LoginAuthRequest, 1); | |
154 p->refcount++; | |
155 authreq->process = p; | |
156 authreq->login_id = req.id; | |
157 authreq->auth_id = ++auth_id_counter; | |
158 authreq->fd = client_fd; | |
596
ab3590c3a7d9
Added verbose_proctitle setting: Show more verbose process titles (in ps).
Timo Sirainen <tss@iki.fi>
parents:
532
diff
changeset
|
159 memcpy(&authreq->ip, &req.ip, sizeof(IPADDR)); |
0 | 160 strcpy(authreq->login_tag, req.login_tag); |
161 | |
162 auth_process = auth_process_find(req.auth_process); | |
163 if (auth_process == NULL) { | |
164 i_error("login: Authentication process %u doesn't exist", | |
165 req.auth_process); | |
613
1906116a62ce
Finally support for handling each login connection in it's own process.
Timo Sirainen <tss@iki.fi>
parents:
596
diff
changeset
|
166 auth_callback(NULL, authreq); |
0 | 167 } else { |
168 auth_process_request(auth_process, authreq->auth_id, req.cookie, | |
169 auth_callback, authreq); | |
170 } | |
171 } | |
172 | |
173 static LoginProcess *login_process_new(pid_t pid, int fd) | |
174 { | |
175 LoginProcess *p; | |
176 | |
177 PID_ADD_PROCESS_TYPE(pid, PROCESS_TYPE_LOGIN); | |
178 | |
179 p = i_new(LoginProcess, 1); | |
180 p->refcount = 1; | |
181 p->pid = pid; | |
182 p->fd = fd; | |
613
1906116a62ce
Finally support for handling each login connection in it's own process.
Timo Sirainen <tss@iki.fi>
parents:
596
diff
changeset
|
183 p->listening = TRUE; |
0 | 184 p->io = io_add(fd, IO_READ, login_process_input, p); |
410
1f0e7229ee58
Split IOBuffer into mmaped IBuffer, file IBuffer, memory data IBuffer and
Timo Sirainen <tss@iki.fi>
parents:
364
diff
changeset
|
185 p->outbuf = o_buffer_create_file(fd, default_pool, |
1f0e7229ee58
Split IOBuffer into mmaped IBuffer, file IBuffer, memory data IBuffer and
Timo Sirainen <tss@iki.fi>
parents:
364
diff
changeset
|
186 sizeof(MasterReply)*10, |
1f0e7229ee58
Split IOBuffer into mmaped IBuffer, file IBuffer, memory data IBuffer and
Timo Sirainen <tss@iki.fi>
parents:
364
diff
changeset
|
187 IO_PRIORITY_DEFAULT, FALSE); |
0 | 188 |
195
db6e288be0e9
Replaced INT_TO_POINTER and POINTER_TO_INT macros with POINTER_CAST and
Timo Sirainen <tss@iki.fi>
parents:
10
diff
changeset
|
189 hash_insert(processes, POINTER_CAST(pid), p); |
613
1906116a62ce
Finally support for handling each login connection in it's own process.
Timo Sirainen <tss@iki.fi>
parents:
596
diff
changeset
|
190 listening_processes++; |
0 | 191 return p; |
192 } | |
193 | |
699
cc795d74d08f
Use more warnings with GCC by default. Fixed several warnings.
Timo Sirainen <tss@iki.fi>
parents:
697
diff
changeset
|
194 static void login_process_remove_from_lists(LoginProcess *p) |
613
1906116a62ce
Finally support for handling each login connection in it's own process.
Timo Sirainen <tss@iki.fi>
parents:
596
diff
changeset
|
195 { |
1906116a62ce
Finally support for handling each login connection in it's own process.
Timo Sirainen <tss@iki.fi>
parents:
596
diff
changeset
|
196 if (p == oldest_nonlisten_process) |
1906116a62ce
Finally support for handling each login connection in it's own process.
Timo Sirainen <tss@iki.fi>
parents:
596
diff
changeset
|
197 oldest_nonlisten_process = p->next_nonlisten; |
1906116a62ce
Finally support for handling each login connection in it's own process.
Timo Sirainen <tss@iki.fi>
parents:
596
diff
changeset
|
198 else |
1906116a62ce
Finally support for handling each login connection in it's own process.
Timo Sirainen <tss@iki.fi>
parents:
596
diff
changeset
|
199 p->prev_nonlisten->next_nonlisten = p->next_nonlisten; |
1906116a62ce
Finally support for handling each login connection in it's own process.
Timo Sirainen <tss@iki.fi>
parents:
596
diff
changeset
|
200 |
1906116a62ce
Finally support for handling each login connection in it's own process.
Timo Sirainen <tss@iki.fi>
parents:
596
diff
changeset
|
201 if (p == newest_nonlisten_process) |
1906116a62ce
Finally support for handling each login connection in it's own process.
Timo Sirainen <tss@iki.fi>
parents:
596
diff
changeset
|
202 newest_nonlisten_process = p->prev_nonlisten; |
1906116a62ce
Finally support for handling each login connection in it's own process.
Timo Sirainen <tss@iki.fi>
parents:
596
diff
changeset
|
203 else |
1906116a62ce
Finally support for handling each login connection in it's own process.
Timo Sirainen <tss@iki.fi>
parents:
596
diff
changeset
|
204 p->next_nonlisten->prev_nonlisten = p->prev_nonlisten; |
1906116a62ce
Finally support for handling each login connection in it's own process.
Timo Sirainen <tss@iki.fi>
parents:
596
diff
changeset
|
205 |
1906116a62ce
Finally support for handling each login connection in it's own process.
Timo Sirainen <tss@iki.fi>
parents:
596
diff
changeset
|
206 p->next_nonlisten = p->prev_nonlisten = NULL; |
1906116a62ce
Finally support for handling each login connection in it's own process.
Timo Sirainen <tss@iki.fi>
parents:
596
diff
changeset
|
207 } |
1906116a62ce
Finally support for handling each login connection in it's own process.
Timo Sirainen <tss@iki.fi>
parents:
596
diff
changeset
|
208 |
0 | 209 static void login_process_destroy(LoginProcess *p) |
210 { | |
211 if (p->destroyed) | |
212 return; | |
213 p->destroyed = TRUE; | |
214 | |
613
1906116a62ce
Finally support for handling each login connection in it's own process.
Timo Sirainen <tss@iki.fi>
parents:
596
diff
changeset
|
215 if (p->listening) |
1906116a62ce
Finally support for handling each login connection in it's own process.
Timo Sirainen <tss@iki.fi>
parents:
596
diff
changeset
|
216 listening_processes--; |
1906116a62ce
Finally support for handling each login connection in it's own process.
Timo Sirainen <tss@iki.fi>
parents:
596
diff
changeset
|
217 |
410
1f0e7229ee58
Split IOBuffer into mmaped IBuffer, file IBuffer, memory data IBuffer and
Timo Sirainen <tss@iki.fi>
parents:
364
diff
changeset
|
218 o_buffer_close(p->outbuf); |
0 | 219 io_remove(p->io); |
220 (void)close(p->fd); | |
221 | |
613
1906116a62ce
Finally support for handling each login connection in it's own process.
Timo Sirainen <tss@iki.fi>
parents:
596
diff
changeset
|
222 if (!p->listening) |
1906116a62ce
Finally support for handling each login connection in it's own process.
Timo Sirainen <tss@iki.fi>
parents:
596
diff
changeset
|
223 login_process_remove_from_lists(p); |
1906116a62ce
Finally support for handling each login connection in it's own process.
Timo Sirainen <tss@iki.fi>
parents:
596
diff
changeset
|
224 |
195
db6e288be0e9
Replaced INT_TO_POINTER and POINTER_TO_INT macros with POINTER_CAST and
Timo Sirainen <tss@iki.fi>
parents:
10
diff
changeset
|
225 hash_remove(processes, POINTER_CAST(p->pid)); |
613
1906116a62ce
Finally support for handling each login connection in it's own process.
Timo Sirainen <tss@iki.fi>
parents:
596
diff
changeset
|
226 |
0 | 227 login_process_unref(p); |
228 } | |
229 | |
230 static void login_process_unref(LoginProcess *p) | |
231 { | |
232 if (--p->refcount > 0) | |
233 return; | |
234 | |
410
1f0e7229ee58
Split IOBuffer into mmaped IBuffer, file IBuffer, memory data IBuffer and
Timo Sirainen <tss@iki.fi>
parents:
364
diff
changeset
|
235 o_buffer_unref(p->outbuf); |
0 | 236 i_free(p); |
237 } | |
238 | |
239 static pid_t create_login_process(void) | |
240 { | |
699
cc795d74d08f
Use more warnings with GCC by default. Fixed several warnings.
Timo Sirainen <tss@iki.fi>
parents:
697
diff
changeset
|
241 static char *argv[] = { NULL, NULL }; |
0 | 242 pid_t pid; |
243 int fd[2]; | |
244 | |
613
1906116a62ce
Finally support for handling each login connection in it's own process.
Timo Sirainen <tss@iki.fi>
parents:
596
diff
changeset
|
245 if (set_login_process_per_connection && |
1906116a62ce
Finally support for handling each login connection in it's own process.
Timo Sirainen <tss@iki.fi>
parents:
596
diff
changeset
|
246 hash_size(processes)-listening_processes >= set_max_logging_users) { |
1906116a62ce
Finally support for handling each login connection in it's own process.
Timo Sirainen <tss@iki.fi>
parents:
596
diff
changeset
|
247 if (oldest_nonlisten_process != NULL) |
1906116a62ce
Finally support for handling each login connection in it's own process.
Timo Sirainen <tss@iki.fi>
parents:
596
diff
changeset
|
248 login_process_destroy(oldest_nonlisten_process); |
1906116a62ce
Finally support for handling each login connection in it's own process.
Timo Sirainen <tss@iki.fi>
parents:
596
diff
changeset
|
249 } |
1906116a62ce
Finally support for handling each login connection in it's own process.
Timo Sirainen <tss@iki.fi>
parents:
596
diff
changeset
|
250 |
0 | 251 if (set_login_uid == 0) |
252 i_fatal("Login process must not run as root"); | |
253 | |
254 /* create communication to process with a socket pair */ | |
255 if (socketpair(AF_UNIX, SOCK_STREAM, 0, fd) == -1) { | |
256 i_error("socketpair() failed: %m"); | |
257 return -1; | |
258 } | |
259 | |
260 pid = fork(); | |
261 if (pid < 0) { | |
262 (void)close(fd[0]); | |
263 (void)close(fd[1]); | |
264 i_error("fork() failed: %m"); | |
265 return -1; | |
266 } | |
267 | |
268 if (pid != 0) { | |
269 /* master */ | |
727
8dd8ebe6bcac
We use close-on-exec flag now to make sure that master process closes the
Timo Sirainen <tss@iki.fi>
parents:
722
diff
changeset
|
270 fd_close_on_exec(fd[0], TRUE); |
0 | 271 login_process_new(pid, fd[0]); |
272 (void)close(fd[1]); | |
273 return pid; | |
274 } | |
275 | |
276 /* move communication handle */ | |
277 if (dup2(fd[1], LOGIN_MASTER_SOCKET_FD) < 0) | |
278 i_fatal("login: dup2() failed: %m"); | |
727
8dd8ebe6bcac
We use close-on-exec flag now to make sure that master process closes the
Timo Sirainen <tss@iki.fi>
parents:
722
diff
changeset
|
279 fd_close_on_exec(LOGIN_MASTER_SOCKET_FD, FALSE); |
0 | 280 |
281 /* move the listen handle */ | |
282 if (dup2(imap_fd, LOGIN_IMAP_LISTEN_FD) < 0) | |
283 i_fatal("login: dup2() failed: %m"); | |
727
8dd8ebe6bcac
We use close-on-exec flag now to make sure that master process closes the
Timo Sirainen <tss@iki.fi>
parents:
722
diff
changeset
|
284 fd_close_on_exec(LOGIN_IMAP_LISTEN_FD, FALSE); |
0 | 285 |
286 /* move the SSL listen handle */ | |
287 if (dup2(imaps_fd, LOGIN_IMAPS_LISTEN_FD) < 0) | |
288 i_fatal("login: dup2() failed: %m"); | |
727
8dd8ebe6bcac
We use close-on-exec flag now to make sure that master process closes the
Timo Sirainen <tss@iki.fi>
parents:
722
diff
changeset
|
289 fd_close_on_exec(LOGIN_IMAPS_LISTEN_FD, FALSE); |
0 | 290 |
291 /* imap_fd and imaps_fd are closed by clean_child_process() */ | |
292 | |
293 (void)close(fd[0]); | |
294 (void)close(fd[1]); | |
295 | |
296 clean_child_process(); | |
297 | |
298 /* setup access environment - needs to be done after | |
299 clean_child_process() since it clears environment */ | |
300 restrict_access_set_env(set_login_user, set_login_uid, set_login_gid, | |
301 set_login_chroot ? set_login_dir : NULL); | |
302 | |
303 if (!set_login_chroot) { | |
304 /* no chrooting, but still change to the directory */ | |
305 if (chdir(set_login_dir) < 0) { | |
306 i_fatal("chdir(%s) failed: %m", | |
307 set_login_dir); | |
308 } | |
309 } | |
310 | |
666 | 311 if (!set_ssl_disable) { |
697
7814b29d0862
Created env_put() and env_clean() for a bit easier handling of environment
Timo Sirainen <tss@iki.fi>
parents:
666
diff
changeset
|
312 env_put(t_strconcat("SSL_CERT_FILE=", set_ssl_cert_file, NULL)); |
7814b29d0862
Created env_put() and env_clean() for a bit easier handling of environment
Timo Sirainen <tss@iki.fi>
parents:
666
diff
changeset
|
313 env_put(t_strconcat("SSL_KEY_FILE=", set_ssl_key_file, NULL)); |
7814b29d0862
Created env_put() and env_clean() for a bit easier handling of environment
Timo Sirainen <tss@iki.fi>
parents:
666
diff
changeset
|
314 env_put(t_strconcat("SSL_PARAM_FILE=", |
7814b29d0862
Created env_put() and env_clean() for a bit easier handling of environment
Timo Sirainen <tss@iki.fi>
parents:
666
diff
changeset
|
315 set_ssl_parameters_file, NULL)); |
615
0d852af6842e
Master process generates DH/RSA parameters now and stores them into file
Timo Sirainen <tss@iki.fi>
parents:
614
diff
changeset
|
316 } |
0d852af6842e
Master process generates DH/RSA parameters now and stores them into file
Timo Sirainen <tss@iki.fi>
parents:
614
diff
changeset
|
317 |
0 | 318 if (set_disable_plaintext_auth) |
697
7814b29d0862
Created env_put() and env_clean() for a bit easier handling of environment
Timo Sirainen <tss@iki.fi>
parents:
666
diff
changeset
|
319 env_put("DISABLE_PLAINTEXT_AUTH=1"); |
0 | 320 |
613
1906116a62ce
Finally support for handling each login connection in it's own process.
Timo Sirainen <tss@iki.fi>
parents:
596
diff
changeset
|
321 if (set_login_process_per_connection) { |
697
7814b29d0862
Created env_put() and env_clean() for a bit easier handling of environment
Timo Sirainen <tss@iki.fi>
parents:
666
diff
changeset
|
322 env_put("PROCESS_PER_CONNECTION=1"); |
7814b29d0862
Created env_put() and env_clean() for a bit easier handling of environment
Timo Sirainen <tss@iki.fi>
parents:
666
diff
changeset
|
323 env_put("MAX_LOGGING_USERS=1"); |
613
1906116a62ce
Finally support for handling each login connection in it's own process.
Timo Sirainen <tss@iki.fi>
parents:
596
diff
changeset
|
324 } else { |
697
7814b29d0862
Created env_put() and env_clean() for a bit easier handling of environment
Timo Sirainen <tss@iki.fi>
parents:
666
diff
changeset
|
325 env_put(t_strdup_printf("MAX_LOGGING_USERS=%d", |
7814b29d0862
Created env_put() and env_clean() for a bit easier handling of environment
Timo Sirainen <tss@iki.fi>
parents:
666
diff
changeset
|
326 set_max_logging_users)); |
613
1906116a62ce
Finally support for handling each login connection in it's own process.
Timo Sirainen <tss@iki.fi>
parents:
596
diff
changeset
|
327 } |
0 | 328 |
722
0438621d25ff
Added virtual memory size limits to processes. Default values are pretty
Timo Sirainen <tss@iki.fi>
parents:
699
diff
changeset
|
329 restrict_process_size(set_login_process_size); |
0438621d25ff
Added virtual memory size limits to processes. Default values are pretty
Timo Sirainen <tss@iki.fi>
parents:
699
diff
changeset
|
330 |
0 | 331 /* hide the path, it's ugly */ |
332 argv[0] = strrchr(set_login_executable, '/'); | |
333 if (argv[0] == NULL) argv[0] = set_login_executable; else argv[0]++; | |
334 | |
335 execv(set_login_executable, (char **) argv); | |
336 | |
337 i_fatal("execv(%s) failed: %m", argv[0]); | |
338 return -1; | |
339 } | |
340 | |
615
0d852af6842e
Master process generates DH/RSA parameters now and stores them into file
Timo Sirainen <tss@iki.fi>
parents:
614
diff
changeset
|
341 void login_process_abormal_exit(pid_t pid __attr_unused__) |
0d852af6842e
Master process generates DH/RSA parameters now and stores them into file
Timo Sirainen <tss@iki.fi>
parents:
614
diff
changeset
|
342 { |
0d852af6842e
Master process generates DH/RSA parameters now and stores them into file
Timo Sirainen <tss@iki.fi>
parents:
614
diff
changeset
|
343 /* don't start raising the process count if they're dying all |
0d852af6842e
Master process generates DH/RSA parameters now and stores them into file
Timo Sirainen <tss@iki.fi>
parents:
614
diff
changeset
|
344 the time */ |
0d852af6842e
Master process generates DH/RSA parameters now and stores them into file
Timo Sirainen <tss@iki.fi>
parents:
614
diff
changeset
|
345 wanted_processes_count = 0; |
0d852af6842e
Master process generates DH/RSA parameters now and stores them into file
Timo Sirainen <tss@iki.fi>
parents:
614
diff
changeset
|
346 } |
0d852af6842e
Master process generates DH/RSA parameters now and stores them into file
Timo Sirainen <tss@iki.fi>
parents:
614
diff
changeset
|
347 |
635
90a65c017bf0
SIGHUP reloads now settings. Logged in clients are left untouched, but
Timo Sirainen <tss@iki.fi>
parents:
615
diff
changeset
|
348 static void login_hash_destroy(void *key __attr_unused__, void *value, |
90a65c017bf0
SIGHUP reloads now settings. Logged in clients are left untouched, but
Timo Sirainen <tss@iki.fi>
parents:
615
diff
changeset
|
349 void *context __attr_unused__) |
90a65c017bf0
SIGHUP reloads now settings. Logged in clients are left untouched, but
Timo Sirainen <tss@iki.fi>
parents:
615
diff
changeset
|
350 { |
90a65c017bf0
SIGHUP reloads now settings. Logged in clients are left untouched, but
Timo Sirainen <tss@iki.fi>
parents:
615
diff
changeset
|
351 login_process_destroy(value); |
90a65c017bf0
SIGHUP reloads now settings. Logged in clients are left untouched, but
Timo Sirainen <tss@iki.fi>
parents:
615
diff
changeset
|
352 } |
90a65c017bf0
SIGHUP reloads now settings. Logged in clients are left untouched, but
Timo Sirainen <tss@iki.fi>
parents:
615
diff
changeset
|
353 |
90a65c017bf0
SIGHUP reloads now settings. Logged in clients are left untouched, but
Timo Sirainen <tss@iki.fi>
parents:
615
diff
changeset
|
354 void login_processes_destroy_all(void) |
90a65c017bf0
SIGHUP reloads now settings. Logged in clients are left untouched, but
Timo Sirainen <tss@iki.fi>
parents:
615
diff
changeset
|
355 { |
90a65c017bf0
SIGHUP reloads now settings. Logged in clients are left untouched, but
Timo Sirainen <tss@iki.fi>
parents:
615
diff
changeset
|
356 hash_foreach(processes, login_hash_destroy, NULL); |
90a65c017bf0
SIGHUP reloads now settings. Logged in clients are left untouched, but
Timo Sirainen <tss@iki.fi>
parents:
615
diff
changeset
|
357 |
90a65c017bf0
SIGHUP reloads now settings. Logged in clients are left untouched, but
Timo Sirainen <tss@iki.fi>
parents:
615
diff
changeset
|
358 /* don't double their amount when restarting */ |
90a65c017bf0
SIGHUP reloads now settings. Logged in clients are left untouched, but
Timo Sirainen <tss@iki.fi>
parents:
615
diff
changeset
|
359 wanted_processes_count = 0; |
90a65c017bf0
SIGHUP reloads now settings. Logged in clients are left untouched, but
Timo Sirainen <tss@iki.fi>
parents:
615
diff
changeset
|
360 } |
90a65c017bf0
SIGHUP reloads now settings. Logged in clients are left untouched, but
Timo Sirainen <tss@iki.fi>
parents:
615
diff
changeset
|
361 |
10
82b7de533f98
s/user_data/context/ and some s/Data/Context/
Timo Sirainen <tss@iki.fi>
parents:
0
diff
changeset
|
362 static void login_processes_start_missing(void *context __attr_unused__, |
0 | 363 Timeout timeout __attr_unused__) |
364 { | |
614
e60620644af3
login_process_per_connection = yes scales now better when multiple users are
Timo Sirainen <tss@iki.fi>
parents:
613
diff
changeset
|
365 if (!set_login_process_per_connection) { |
e60620644af3
login_process_per_connection = yes scales now better when multiple users are
Timo Sirainen <tss@iki.fi>
parents:
613
diff
changeset
|
366 /* create max. one process every second, that way if it keeps |
e60620644af3
login_process_per_connection = yes scales now better when multiple users are
Timo Sirainen <tss@iki.fi>
parents:
613
diff
changeset
|
367 dying all the time we don't eat all cpu with fork()ing. */ |
e60620644af3
login_process_per_connection = yes scales now better when multiple users are
Timo Sirainen <tss@iki.fi>
parents:
613
diff
changeset
|
368 if (listening_processes < set_login_processes_count) |
e60620644af3
login_process_per_connection = yes scales now better when multiple users are
Timo Sirainen <tss@iki.fi>
parents:
613
diff
changeset
|
369 (void)create_login_process(); |
e60620644af3
login_process_per_connection = yes scales now better when multiple users are
Timo Sirainen <tss@iki.fi>
parents:
613
diff
changeset
|
370 } else { |
e60620644af3
login_process_per_connection = yes scales now better when multiple users are
Timo Sirainen <tss@iki.fi>
parents:
613
diff
changeset
|
371 /* we want to respond fast when multiple clients are connecting |
e60620644af3
login_process_per_connection = yes scales now better when multiple users are
Timo Sirainen <tss@iki.fi>
parents:
613
diff
changeset
|
372 at once, but we also want to prevent fork-bombing. use the |
e60620644af3
login_process_per_connection = yes scales now better when multiple users are
Timo Sirainen <tss@iki.fi>
parents:
613
diff
changeset
|
373 same method as apache: check once a second if we need new |
e60620644af3
login_process_per_connection = yes scales now better when multiple users are
Timo Sirainen <tss@iki.fi>
parents:
613
diff
changeset
|
374 processes. if yes and we've used all the existing processes, |
e60620644af3
login_process_per_connection = yes scales now better when multiple users are
Timo Sirainen <tss@iki.fi>
parents:
613
diff
changeset
|
375 double their amount (unless we've hit the high limit). |
e60620644af3
login_process_per_connection = yes scales now better when multiple users are
Timo Sirainen <tss@iki.fi>
parents:
613
diff
changeset
|
376 Then for each second that didn't use all existing processes, |
e60620644af3
login_process_per_connection = yes scales now better when multiple users are
Timo Sirainen <tss@iki.fi>
parents:
613
diff
changeset
|
377 drop the max. process count by one. */ |
e60620644af3
login_process_per_connection = yes scales now better when multiple users are
Timo Sirainen <tss@iki.fi>
parents:
613
diff
changeset
|
378 if (wanted_processes_count < set_login_processes_count) |
e60620644af3
login_process_per_connection = yes scales now better when multiple users are
Timo Sirainen <tss@iki.fi>
parents:
613
diff
changeset
|
379 wanted_processes_count = set_login_processes_count; |
e60620644af3
login_process_per_connection = yes scales now better when multiple users are
Timo Sirainen <tss@iki.fi>
parents:
613
diff
changeset
|
380 else if (listening_processes == 0) |
e60620644af3
login_process_per_connection = yes scales now better when multiple users are
Timo Sirainen <tss@iki.fi>
parents:
613
diff
changeset
|
381 wanted_processes_count *= 2; |
e60620644af3
login_process_per_connection = yes scales now better when multiple users are
Timo Sirainen <tss@iki.fi>
parents:
613
diff
changeset
|
382 else if (wanted_processes_count > set_login_processes_count) |
e60620644af3
login_process_per_connection = yes scales now better when multiple users are
Timo Sirainen <tss@iki.fi>
parents:
613
diff
changeset
|
383 wanted_processes_count--; |
e60620644af3
login_process_per_connection = yes scales now better when multiple users are
Timo Sirainen <tss@iki.fi>
parents:
613
diff
changeset
|
384 |
e60620644af3
login_process_per_connection = yes scales now better when multiple users are
Timo Sirainen <tss@iki.fi>
parents:
613
diff
changeset
|
385 if (wanted_processes_count > set_login_max_processes_count) |
e60620644af3
login_process_per_connection = yes scales now better when multiple users are
Timo Sirainen <tss@iki.fi>
parents:
613
diff
changeset
|
386 wanted_processes_count = set_login_max_processes_count; |
e60620644af3
login_process_per_connection = yes scales now better when multiple users are
Timo Sirainen <tss@iki.fi>
parents:
613
diff
changeset
|
387 |
e60620644af3
login_process_per_connection = yes scales now better when multiple users are
Timo Sirainen <tss@iki.fi>
parents:
613
diff
changeset
|
388 while (listening_processes < wanted_processes_count) |
e60620644af3
login_process_per_connection = yes scales now better when multiple users are
Timo Sirainen <tss@iki.fi>
parents:
613
diff
changeset
|
389 (void)create_login_process(); |
e60620644af3
login_process_per_connection = yes scales now better when multiple users are
Timo Sirainen <tss@iki.fi>
parents:
613
diff
changeset
|
390 } |
0 | 391 } |
392 | |
393 void login_processes_init(void) | |
394 { | |
395 auth_id_counter = 0; | |
613
1906116a62ce
Finally support for handling each login connection in it's own process.
Timo Sirainen <tss@iki.fi>
parents:
596
diff
changeset
|
396 listening_processes = 0; |
614
e60620644af3
login_process_per_connection = yes scales now better when multiple users are
Timo Sirainen <tss@iki.fi>
parents:
613
diff
changeset
|
397 wanted_processes_count = 0; |
613
1906116a62ce
Finally support for handling each login connection in it's own process.
Timo Sirainen <tss@iki.fi>
parents:
596
diff
changeset
|
398 oldest_nonlisten_process = newest_nonlisten_process = NULL; |
1906116a62ce
Finally support for handling each login connection in it's own process.
Timo Sirainen <tss@iki.fi>
parents:
596
diff
changeset
|
399 |
1906116a62ce
Finally support for handling each login connection in it's own process.
Timo Sirainen <tss@iki.fi>
parents:
596
diff
changeset
|
400 processes = hash_create(default_pool, 128, NULL, NULL); |
0 | 401 to = timeout_add(1000, login_processes_start_missing, NULL); |
402 } | |
403 | |
404 void login_processes_deinit(void) | |
405 { | |
406 timeout_remove(to); | |
407 | |
635
90a65c017bf0
SIGHUP reloads now settings. Logged in clients are left untouched, but
Timo Sirainen <tss@iki.fi>
parents:
615
diff
changeset
|
408 login_processes_destroy_all(); |
0 | 409 hash_destroy(processes); |
410 } |