Mercurial > dovecot > original-hg > dovecot-1.2

annotate src/master/login-process.c @ 876:ad8f7d2107b4 HEAD

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
If ssl_disable is set to yes and we get SIGHUPed, don't feed the listening socket to login processes anymore or they'll just keep dying. We still don't actually close the socket though..
author Timo Sirainen <tss@iki.fi>
date Sun, 29 Dec 2002 21:44:37 +0200
parents 30f6811f4952
children fd8888f6f037
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
rev   line source
0
3b1985cbc908 Initial revision
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
1 /* Copyright (C) 2002 Timo Sirainen */
3b1985cbc908 Initial revision
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
2
3b1985cbc908 Initial revision
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
3 #include "common.h"
532
3b53dd1280c6 I/O buffers now use real blocking instead of setting up a sub-ioloop to
Timo Sirainen <tss@iki.fi>
parents: 410
diff changeset
4 #include "ioloop.h"
0
3b1985cbc908 Initial revision
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
5 #include "network.h"
764
f57c52738f90 Renamed IBuffer and OBuffer to IStream and OStream which describes their
Timo Sirainen <tss@iki.fi>
parents: 747
diff changeset
6 #include "ostream.h"
0
3b1985cbc908 Initial revision
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
7 #include "fdpass.h"
727
8dd8ebe6bcac We use close-on-exec flag now to make sure that master process closes the
Timo Sirainen <tss@iki.fi>
parents: 722
diff changeset
8 #include "fd-close-on-exec.h"
697
7814b29d0862 Created env_put() and env_clean() for a bit easier handling of environment
Timo Sirainen <tss@iki.fi>
parents: 666
diff changeset
9 #include "env-util.h"
0
3b1985cbc908 Initial revision
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
10 #include "restrict-access.h"
722
0438621d25ff Added virtual memory size limits to processes. Default values are pretty
Timo Sirainen <tss@iki.fi>
parents: 699
diff changeset
11 #include "restrict-process-size.h"
0
3b1985cbc908 Initial revision
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
12 #include "login-process.h"
3b1985cbc908 Initial revision
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
13 #include "auth-process.h"
3b1985cbc908 Initial revision
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
14 #include "master-interface.h"
3b1985cbc908 Initial revision
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
15
3b1985cbc908 Initial revision
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
16 #include <unistd.h>
3b1985cbc908 Initial revision
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
17 #include <syslog.h>
3b1985cbc908 Initial revision
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
18
613
1906116a62ce Finally support for handling each login connection in it's own process.
Timo Sirainen <tss@iki.fi>
parents: 596
diff changeset
19 typedef struct _LoginProcess LoginProcess;
1906116a62ce Finally support for handling each login connection in it's own process.
Timo Sirainen <tss@iki.fi>
parents: 596
diff changeset
20
1906116a62ce Finally support for handling each login connection in it's own process.
Timo Sirainen <tss@iki.fi>
parents: 596
diff changeset
21 struct _LoginProcess {
1906116a62ce Finally support for handling each login connection in it's own process.
Timo Sirainen <tss@iki.fi>
parents: 596
diff changeset
22 LoginProcess *prev_nonlisten, *next_nonlisten;
0
3b1985cbc908 Initial revision
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
23 int refcount;
3b1985cbc908 Initial revision
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
24
3b1985cbc908 Initial revision
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
25 pid_t pid;
3b1985cbc908 Initial revision
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
26 int fd;
3b1985cbc908 Initial revision
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
27 IO io;
764
f57c52738f90 Renamed IBuffer and OBuffer to IStream and OStream which describes their
Timo Sirainen <tss@iki.fi>
parents: 747
diff changeset
28 OStream *output;
613
1906116a62ce Finally support for handling each login connection in it's own process.
Timo Sirainen <tss@iki.fi>
parents: 596
diff changeset
29 unsigned int listening:1;
0
3b1985cbc908 Initial revision
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
30 unsigned int destroyed:1;
613
1906116a62ce Finally support for handling each login connection in it's own process.
Timo Sirainen <tss@iki.fi>
parents: 596
diff changeset
31 };
0
3b1985cbc908 Initial revision
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
32
3b1985cbc908 Initial revision
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
33 typedef struct {
3b1985cbc908 Initial revision
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
34 LoginProcess *process;
810
30f6811f4952 Instead of just trusting randomness of authentication cookies between
Timo Sirainen <tss@iki.fi>
parents: 807
diff changeset
35 unsigned int login_id;
30f6811f4952 Instead of just trusting randomness of authentication cookies between
Timo Sirainen <tss@iki.fi>
parents: 807
diff changeset
36 unsigned int auth_id;
0
3b1985cbc908 Initial revision
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
37 int fd;
3b1985cbc908 Initial revision
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
38
596
ab3590c3a7d9 Added verbose_proctitle setting: Show more verbose process titles (in ps).
Timo Sirainen <tss@iki.fi>
parents: 532
diff changeset
39 IPADDR ip;
0
3b1985cbc908 Initial revision
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
40 char login_tag[LOGIN_TAG_SIZE];
3b1985cbc908 Initial revision
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
41 } LoginAuthRequest;
3b1985cbc908 Initial revision
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
42
810
30f6811f4952 Instead of just trusting randomness of authentication cookies between
Timo Sirainen <tss@iki.fi>
parents: 807
diff changeset
43 static unsigned int auth_id_counter;
0
3b1985cbc908 Initial revision
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
44 static Timeout to;
613
1906116a62ce Finally support for handling each login connection in it's own process.
Timo Sirainen <tss@iki.fi>
parents: 596
diff changeset
45
1906116a62ce Finally support for handling each login connection in it's own process.
Timo Sirainen <tss@iki.fi>
parents: 596
diff changeset
46 static HashTable *processes;
1906116a62ce Finally support for handling each login connection in it's own process.
Timo Sirainen <tss@iki.fi>
parents: 596
diff changeset
47 static LoginProcess *oldest_nonlisten_process, *newest_nonlisten_process;
1906116a62ce Finally support for handling each login connection in it's own process.
Timo Sirainen <tss@iki.fi>
parents: 596
diff changeset
48 static unsigned int listening_processes;
614
e60620644af3 login_process_per_connection = yes scales now better when multiple users are
Timo Sirainen <tss@iki.fi>
parents: 613
diff changeset
49 static unsigned int wanted_processes_count;
0
3b1985cbc908 Initial revision
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
50
3b1985cbc908 Initial revision
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
51 static void login_process_destroy(LoginProcess *p);
3b1985cbc908 Initial revision
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
52 static void login_process_unref(LoginProcess *p);
3b1985cbc908 Initial revision
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
53
10
82b7de533f98 s/user_data/context/ and some s/Data/Context/
Timo Sirainen <tss@iki.fi>
parents: 0
diff changeset
54 static void auth_callback(AuthCookieReplyData *cookie_reply, void *context)
0
3b1985cbc908 Initial revision
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
55 {
10
82b7de533f98 s/user_data/context/ and some s/Data/Context/
Timo Sirainen <tss@iki.fi>
parents: 0
diff changeset
56 LoginAuthRequest *request = context;
0
3b1985cbc908 Initial revision
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
57 LoginProcess *process;
3b1985cbc908 Initial revision
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
58 MasterReply reply;
3b1985cbc908 Initial revision
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
59
3b1985cbc908 Initial revision
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
60 if (cookie_reply == NULL || !cookie_reply->success)
3b1985cbc908 Initial revision
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
61 reply.result = MASTER_RESULT_FAILURE;
3b1985cbc908 Initial revision
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
62 else {
3b1985cbc908 Initial revision
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
63 reply.result = create_imap_process(request->fd,
596
ab3590c3a7d9 Added verbose_proctitle setting: Show more verbose process titles (in ps).
Timo Sirainen <tss@iki.fi>
parents: 532
diff changeset
64 &request->ip,
791
6efced4f80de Clear separation of virtual and system usernames. passwd-file didn't work
Timo Sirainen <tss@iki.fi>
parents: 764
diff changeset
65 cookie_reply->system_user,
6efced4f80de Clear separation of virtual and system usernames. passwd-file didn't work
Timo Sirainen <tss@iki.fi>
parents: 764
diff changeset
66 cookie_reply->virtual_user,
0
3b1985cbc908 Initial revision
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
67 cookie_reply->uid,
3b1985cbc908 Initial revision
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
68 cookie_reply->gid,
3b1985cbc908 Initial revision
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
69 cookie_reply->home,
801
86224ff16bf6 Drop root privileges earlier. Close syslog more later in imap-master when
Timo Sirainen <tss@iki.fi>
parents: 791
diff changeset
70 cookie_reply->chroot,
86224ff16bf6 Drop root privileges earlier. Close syslog more later in imap-master when
Timo Sirainen <tss@iki.fi>
parents: 791
diff changeset
71 cookie_reply->mail,
86224ff16bf6 Drop root privileges earlier. Close syslog more later in imap-master when
Timo Sirainen <tss@iki.fi>
parents: 791
diff changeset
72 request->login_tag);
0
3b1985cbc908 Initial revision
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
73 }
3b1985cbc908 Initial revision
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
74
3b1985cbc908 Initial revision
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
75 /* reply to login */
3b1985cbc908 Initial revision
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
76 reply.id = request->login_id;
3b1985cbc908 Initial revision
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
77
3b1985cbc908 Initial revision
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
78 process = request->process;
764
f57c52738f90 Renamed IBuffer and OBuffer to IStream and OStream which describes their
Timo Sirainen <tss@iki.fi>
parents: 747
diff changeset
79 if (o_stream_send(process->output, &reply, sizeof(reply)) < 0)
0
3b1985cbc908 Initial revision
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
80 login_process_destroy(process);
3b1985cbc908 Initial revision
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
81
805
5ac361acb316 Marked all non-trivial buffer modifications with @UNSAFE tag. Several
Timo Sirainen <tss@iki.fi>
parents: 801
diff changeset
82 if (close(request->fd) < 0)
5ac361acb316 Marked all non-trivial buffer modifications with @UNSAFE tag. Several
Timo Sirainen <tss@iki.fi>
parents: 801
diff changeset
83 i_error("close(imap client) failed: %m");
0
3b1985cbc908 Initial revision
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
84 login_process_unref(process);
3b1985cbc908 Initial revision
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
85 i_free(request);
3b1985cbc908 Initial revision
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
86 }
3b1985cbc908 Initial revision
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
87
699
cc795d74d08f Use more warnings with GCC by default. Fixed several warnings.
Timo Sirainen <tss@iki.fi>
parents: 697
diff changeset
88 static void login_process_mark_nonlistening(LoginProcess *p)
614
e60620644af3 login_process_per_connection = yes scales now better when multiple users are
Timo Sirainen <tss@iki.fi>
parents: 613
diff changeset
89 {
e60620644af3 login_process_per_connection = yes scales now better when multiple users are
Timo Sirainen <tss@iki.fi>
parents: 613
diff changeset
90 if (!p->listening) {
e60620644af3 login_process_per_connection = yes scales now better when multiple users are
Timo Sirainen <tss@iki.fi>
parents: 613
diff changeset
91 i_error("login: received another \"not listening\" "
e60620644af3 login_process_per_connection = yes scales now better when multiple users are
Timo Sirainen <tss@iki.fi>
parents: 613
diff changeset
92 "notification");
e60620644af3 login_process_per_connection = yes scales now better when multiple users are
Timo Sirainen <tss@iki.fi>
parents: 613
diff changeset
93 return;
e60620644af3 login_process_per_connection = yes scales now better when multiple users are
Timo Sirainen <tss@iki.fi>
parents: 613
diff changeset
94 }
e60620644af3 login_process_per_connection = yes scales now better when multiple users are
Timo Sirainen <tss@iki.fi>
parents: 613
diff changeset
95
e60620644af3 login_process_per_connection = yes scales now better when multiple users are
Timo Sirainen <tss@iki.fi>
parents: 613
diff changeset
96 p->listening = FALSE;
e60620644af3 login_process_per_connection = yes scales now better when multiple users are
Timo Sirainen <tss@iki.fi>
parents: 613
diff changeset
97 listening_processes--;
e60620644af3 login_process_per_connection = yes scales now better when multiple users are
Timo Sirainen <tss@iki.fi>
parents: 613
diff changeset
98
e60620644af3 login_process_per_connection = yes scales now better when multiple users are
Timo Sirainen <tss@iki.fi>
parents: 613
diff changeset
99 p->prev_nonlisten = newest_nonlisten_process;
e60620644af3 login_process_per_connection = yes scales now better when multiple users are
Timo Sirainen <tss@iki.fi>
parents: 613
diff changeset
100
e60620644af3 login_process_per_connection = yes scales now better when multiple users are
Timo Sirainen <tss@iki.fi>
parents: 613
diff changeset
101 if (newest_nonlisten_process != NULL)
e60620644af3 login_process_per_connection = yes scales now better when multiple users are
Timo Sirainen <tss@iki.fi>
parents: 613
diff changeset
102 newest_nonlisten_process->next_nonlisten = p;
e60620644af3 login_process_per_connection = yes scales now better when multiple users are
Timo Sirainen <tss@iki.fi>
parents: 613
diff changeset
103 newest_nonlisten_process = p;
e60620644af3 login_process_per_connection = yes scales now better when multiple users are
Timo Sirainen <tss@iki.fi>
parents: 613
diff changeset
104
e60620644af3 login_process_per_connection = yes scales now better when multiple users are
Timo Sirainen <tss@iki.fi>
parents: 613
diff changeset
105 if (oldest_nonlisten_process == NULL)
e60620644af3 login_process_per_connection = yes scales now better when multiple users are
Timo Sirainen <tss@iki.fi>
parents: 613
diff changeset
106 oldest_nonlisten_process = p;
e60620644af3 login_process_per_connection = yes scales now better when multiple users are
Timo Sirainen <tss@iki.fi>
parents: 613
diff changeset
107 }
e60620644af3 login_process_per_connection = yes scales now better when multiple users are
Timo Sirainen <tss@iki.fi>
parents: 613
diff changeset
108
10
82b7de533f98 s/user_data/context/ and some s/Data/Context/
Timo Sirainen <tss@iki.fi>
parents: 0
diff changeset
109 static void login_process_input(void *context, int fd __attr_unused__,
0
3b1985cbc908 Initial revision
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
110 IO io __attr_unused__)
3b1985cbc908 Initial revision
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
111 {
10
82b7de533f98 s/user_data/context/ and some s/Data/Context/
Timo Sirainen <tss@iki.fi>
parents: 0
diff changeset
112 LoginProcess *p = context;
0
3b1985cbc908 Initial revision
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
113 AuthProcess *auth_process;
3b1985cbc908 Initial revision
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
114 LoginAuthRequest *authreq;
3b1985cbc908 Initial revision
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
115 MasterRequest req;
3b1985cbc908 Initial revision
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
116 int client_fd, ret;
3b1985cbc908 Initial revision
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
117
3b1985cbc908 Initial revision
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
118 ret = fd_read(p->fd, &req, sizeof(req), &client_fd);
3b1985cbc908 Initial revision
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
119 if (ret != sizeof(req)) {
3b1985cbc908 Initial revision
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
120 if (ret == 0) {
3b1985cbc908 Initial revision
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
121 /* disconnected, ie. the login process died */
3b1985cbc908 Initial revision
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
122 } else if (ret > 0) {
3b1985cbc908 Initial revision
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
123 /* req wasn't fully read */
3b1985cbc908 Initial revision
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
124 i_error("login: fd_read() couldn't read all req");
3b1985cbc908 Initial revision
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
125 } else {
3b1985cbc908 Initial revision
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
126 i_error("login: fd_read() failed: %m");
3b1985cbc908 Initial revision
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
127 }
3b1985cbc908 Initial revision
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
128
3b1985cbc908 Initial revision
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
129 login_process_destroy(p);
3b1985cbc908 Initial revision
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
130 return;
3b1985cbc908 Initial revision
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
131 }
3b1985cbc908 Initial revision
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
132
613
1906116a62ce Finally support for handling each login connection in it's own process.
Timo Sirainen <tss@iki.fi>
parents: 596
diff changeset
133 if (client_fd == -1) {
1906116a62ce Finally support for handling each login connection in it's own process.
Timo Sirainen <tss@iki.fi>
parents: 596
diff changeset
134 /* just a notification that the login process isn't
1906116a62ce Finally support for handling each login connection in it's own process.
Timo Sirainen <tss@iki.fi>
parents: 596
diff changeset
135 listening for new connections anymore */
614
e60620644af3 login_process_per_connection = yes scales now better when multiple users are
Timo Sirainen <tss@iki.fi>
parents: 613
diff changeset
136 login_process_mark_nonlistening(p);
613
1906116a62ce Finally support for handling each login connection in it's own process.
Timo Sirainen <tss@iki.fi>
parents: 596
diff changeset
137 return;
1906116a62ce Finally support for handling each login connection in it's own process.
Timo Sirainen <tss@iki.fi>
parents: 596
diff changeset
138 }
1906116a62ce Finally support for handling each login connection in it's own process.
Timo Sirainen <tss@iki.fi>
parents: 596
diff changeset
139
0
3b1985cbc908 Initial revision
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
140 /* login process isn't trusted, validate all data to make sure
3b1985cbc908 Initial revision
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
141 it's not trying to exploit us */
3b1985cbc908 Initial revision
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
142 if (!VALIDATE_STR(req.login_tag)) {
3b1985cbc908 Initial revision
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
143 i_error("login: Received corrupted data");
3b1985cbc908 Initial revision
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
144 login_process_destroy(p);
3b1985cbc908 Initial revision
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
145 return;
3b1985cbc908 Initial revision
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
146 }
3b1985cbc908 Initial revision
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
147
3b1985cbc908 Initial revision
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
148 /* ask the cookie from the auth process */
3b1985cbc908 Initial revision
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
149 authreq = i_new(LoginAuthRequest, 1);
3b1985cbc908 Initial revision
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
150 p->refcount++;
3b1985cbc908 Initial revision
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
151 authreq->process = p;
3b1985cbc908 Initial revision
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
152 authreq->login_id = req.id;
3b1985cbc908 Initial revision
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
153 authreq->auth_id = ++auth_id_counter;
3b1985cbc908 Initial revision
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
154 authreq->fd = client_fd;
596
ab3590c3a7d9 Added verbose_proctitle setting: Show more verbose process titles (in ps).
Timo Sirainen <tss@iki.fi>
parents: 532
diff changeset
155 memcpy(&authreq->ip, &req.ip, sizeof(IPADDR));
807
35abd7a5d381 Buffer related cleanups. Use PATH_MAX instead of hardcoded 1024 for paths.
Timo Sirainen <tss@iki.fi>
parents: 805
diff changeset
156 if (strocpy(authreq->login_tag, req.login_tag,
35abd7a5d381 Buffer related cleanups. Use PATH_MAX instead of hardcoded 1024 for paths.
Timo Sirainen <tss@iki.fi>
parents: 805
diff changeset
157 sizeof(authreq->login_tag)) < 0)
35abd7a5d381 Buffer related cleanups. Use PATH_MAX instead of hardcoded 1024 for paths.
Timo Sirainen <tss@iki.fi>
parents: 805
diff changeset
158 i_panic("login_tag overflow");
0
3b1985cbc908 Initial revision
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
159
3b1985cbc908 Initial revision
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
160 auth_process = auth_process_find(req.auth_process);
3b1985cbc908 Initial revision
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
161 if (auth_process == NULL) {
3b1985cbc908 Initial revision
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
162 i_error("login: Authentication process %u doesn't exist",
3b1985cbc908 Initial revision
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
163 req.auth_process);
613
1906116a62ce Finally support for handling each login connection in it's own process.
Timo Sirainen <tss@iki.fi>
parents: 596
diff changeset
164 auth_callback(NULL, authreq);
0
3b1985cbc908 Initial revision
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
165 } else {
810
30f6811f4952 Instead of just trusting randomness of authentication cookies between
Timo Sirainen <tss@iki.fi>
parents: 807
diff changeset
166 auth_process_request(p->pid, auth_process, authreq->auth_id,
30f6811f4952 Instead of just trusting randomness of authentication cookies between
Timo Sirainen <tss@iki.fi>
parents: 807
diff changeset
167 req.cookie, auth_callback, authreq);
0
3b1985cbc908 Initial revision
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
168 }
3b1985cbc908 Initial revision
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
169 }
3b1985cbc908 Initial revision
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
170
3b1985cbc908 Initial revision
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
171 static LoginProcess *login_process_new(pid_t pid, int fd)
3b1985cbc908 Initial revision
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
172 {
3b1985cbc908 Initial revision
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
173 LoginProcess *p;
3b1985cbc908 Initial revision
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
174
3b1985cbc908 Initial revision
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
175 PID_ADD_PROCESS_TYPE(pid, PROCESS_TYPE_LOGIN);
3b1985cbc908 Initial revision
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
176
3b1985cbc908 Initial revision
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
177 p = i_new(LoginProcess, 1);
3b1985cbc908 Initial revision
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
178 p->refcount = 1;
3b1985cbc908 Initial revision
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
179 p->pid = pid;
3b1985cbc908 Initial revision
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
180 p->fd = fd;
613
1906116a62ce Finally support for handling each login connection in it's own process.
Timo Sirainen <tss@iki.fi>
parents: 596
diff changeset
181 p->listening = TRUE;
0
3b1985cbc908 Initial revision
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
182 p->io = io_add(fd, IO_READ, login_process_input, p);
764
f57c52738f90 Renamed IBuffer and OBuffer to IStream and OStream which describes their
Timo Sirainen <tss@iki.fi>
parents: 747
diff changeset
183 p->output = o_stream_create_file(fd, default_pool,
410
1f0e7229ee58 Split IOBuffer into mmaped IBuffer, file IBuffer, memory data IBuffer and
Timo Sirainen <tss@iki.fi>
parents: 364
diff changeset
184 sizeof(MasterReply)*10,
1f0e7229ee58 Split IOBuffer into mmaped IBuffer, file IBuffer, memory data IBuffer and
Timo Sirainen <tss@iki.fi>
parents: 364
diff changeset
185 IO_PRIORITY_DEFAULT, FALSE);
0
3b1985cbc908 Initial revision
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
186
195
db6e288be0e9 Replaced INT_TO_POINTER and POINTER_TO_INT macros with POINTER_CAST and
Timo Sirainen <tss@iki.fi>
parents: 10
diff changeset
187 hash_insert(processes, POINTER_CAST(pid), p);
613
1906116a62ce Finally support for handling each login connection in it's own process.
Timo Sirainen <tss@iki.fi>
parents: 596
diff changeset
188 listening_processes++;
0
3b1985cbc908 Initial revision
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
189 return p;
3b1985cbc908 Initial revision
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
190 }
3b1985cbc908 Initial revision
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
191
699
cc795d74d08f Use more warnings with GCC by default. Fixed several warnings.
Timo Sirainen <tss@iki.fi>
parents: 697
diff changeset
192 static void login_process_remove_from_lists(LoginProcess *p)
613
1906116a62ce Finally support for handling each login connection in it's own process.
Timo Sirainen <tss@iki.fi>
parents: 596
diff changeset
193 {
1906116a62ce Finally support for handling each login connection in it's own process.
Timo Sirainen <tss@iki.fi>
parents: 596
diff changeset
194 if (p == oldest_nonlisten_process)
1906116a62ce Finally support for handling each login connection in it's own process.
Timo Sirainen <tss@iki.fi>
parents: 596
diff changeset
195 oldest_nonlisten_process = p->next_nonlisten;
1906116a62ce Finally support for handling each login connection in it's own process.
Timo Sirainen <tss@iki.fi>
parents: 596
diff changeset
196 else
1906116a62ce Finally support for handling each login connection in it's own process.
Timo Sirainen <tss@iki.fi>
parents: 596
diff changeset
197 p->prev_nonlisten->next_nonlisten = p->next_nonlisten;
1906116a62ce Finally support for handling each login connection in it's own process.
Timo Sirainen <tss@iki.fi>
parents: 596
diff changeset
198
1906116a62ce Finally support for handling each login connection in it's own process.
Timo Sirainen <tss@iki.fi>
parents: 596
diff changeset
199 if (p == newest_nonlisten_process)
1906116a62ce Finally support for handling each login connection in it's own process.
Timo Sirainen <tss@iki.fi>
parents: 596
diff changeset
200 newest_nonlisten_process = p->prev_nonlisten;
1906116a62ce Finally support for handling each login connection in it's own process.
Timo Sirainen <tss@iki.fi>
parents: 596
diff changeset
201 else
1906116a62ce Finally support for handling each login connection in it's own process.
Timo Sirainen <tss@iki.fi>
parents: 596
diff changeset
202 p->next_nonlisten->prev_nonlisten = p->prev_nonlisten;
1906116a62ce Finally support for handling each login connection in it's own process.
Timo Sirainen <tss@iki.fi>
parents: 596
diff changeset
203
1906116a62ce Finally support for handling each login connection in it's own process.
Timo Sirainen <tss@iki.fi>
parents: 596
diff changeset
204 p->next_nonlisten = p->prev_nonlisten = NULL;
1906116a62ce Finally support for handling each login connection in it's own process.
Timo Sirainen <tss@iki.fi>
parents: 596
diff changeset
205 }
1906116a62ce Finally support for handling each login connection in it's own process.
Timo Sirainen <tss@iki.fi>
parents: 596
diff changeset
206
0
3b1985cbc908 Initial revision
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
207 static void login_process_destroy(LoginProcess *p)
3b1985cbc908 Initial revision
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
208 {
3b1985cbc908 Initial revision
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
209 if (p->destroyed)
3b1985cbc908 Initial revision
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
210 return;
3b1985cbc908 Initial revision
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
211 p->destroyed = TRUE;
3b1985cbc908 Initial revision
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
212
613
1906116a62ce Finally support for handling each login connection in it's own process.
Timo Sirainen <tss@iki.fi>
parents: 596
diff changeset
213 if (p->listening)
1906116a62ce Finally support for handling each login connection in it's own process.
Timo Sirainen <tss@iki.fi>
parents: 596
diff changeset
214 listening_processes--;
1906116a62ce Finally support for handling each login connection in it's own process.
Timo Sirainen <tss@iki.fi>
parents: 596
diff changeset
215
764
f57c52738f90 Renamed IBuffer and OBuffer to IStream and OStream which describes their
Timo Sirainen <tss@iki.fi>
parents: 747
diff changeset
216 o_stream_close(p->output);
0
3b1985cbc908 Initial revision
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
217 io_remove(p->io);
805
5ac361acb316 Marked all non-trivial buffer modifications with @UNSAFE tag. Several
Timo Sirainen <tss@iki.fi>
parents: 801
diff changeset
218 if (close(p->fd) < 0)
5ac361acb316 Marked all non-trivial buffer modifications with @UNSAFE tag. Several
Timo Sirainen <tss@iki.fi>
parents: 801
diff changeset
219 i_error("close(login) failed: %m");
0
3b1985cbc908 Initial revision
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
220
613
1906116a62ce Finally support for handling each login connection in it's own process.
Timo Sirainen <tss@iki.fi>
parents: 596
diff changeset
221 if (!p->listening)
1906116a62ce Finally support for handling each login connection in it's own process.
Timo Sirainen <tss@iki.fi>
parents: 596
diff changeset
222 login_process_remove_from_lists(p);
1906116a62ce Finally support for handling each login connection in it's own process.
Timo Sirainen <tss@iki.fi>
parents: 596
diff changeset
223
195
db6e288be0e9 Replaced INT_TO_POINTER and POINTER_TO_INT macros with POINTER_CAST and
Timo Sirainen <tss@iki.fi>
parents: 10
diff changeset
224 hash_remove(processes, POINTER_CAST(p->pid));
613
1906116a62ce Finally support for handling each login connection in it's own process.
Timo Sirainen <tss@iki.fi>
parents: 596
diff changeset
225
0
3b1985cbc908 Initial revision
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
226 login_process_unref(p);
3b1985cbc908 Initial revision
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
227 }
3b1985cbc908 Initial revision
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
228
3b1985cbc908 Initial revision
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
229 static void login_process_unref(LoginProcess *p)
3b1985cbc908 Initial revision
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
230 {
3b1985cbc908 Initial revision
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
231 if (--p->refcount > 0)
3b1985cbc908 Initial revision
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
232 return;
3b1985cbc908 Initial revision
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
233
764
f57c52738f90 Renamed IBuffer and OBuffer to IStream and OStream which describes their
Timo Sirainen <tss@iki.fi>
parents: 747
diff changeset
234 o_stream_unref(p->output);
0
3b1985cbc908 Initial revision
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
235 i_free(p);
3b1985cbc908 Initial revision
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
236 }
3b1985cbc908 Initial revision
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
237
3b1985cbc908 Initial revision
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
238 static pid_t create_login_process(void)
3b1985cbc908 Initial revision
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
239 {
699
cc795d74d08f Use more warnings with GCC by default. Fixed several warnings.
Timo Sirainen <tss@iki.fi>
parents: 697
diff changeset
240 static char *argv[] = { NULL, NULL };
0
3b1985cbc908 Initial revision
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
241 pid_t pid;
3b1985cbc908 Initial revision
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
242 int fd[2];
3b1985cbc908 Initial revision
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
243
613
1906116a62ce Finally support for handling each login connection in it's own process.
Timo Sirainen <tss@iki.fi>
parents: 596
diff changeset
244 if (set_login_process_per_connection &&
1906116a62ce Finally support for handling each login connection in it's own process.
Timo Sirainen <tss@iki.fi>
parents: 596
diff changeset
245 hash_size(processes)-listening_processes >= set_max_logging_users) {
1906116a62ce Finally support for handling each login connection in it's own process.
Timo Sirainen <tss@iki.fi>
parents: 596
diff changeset
246 if (oldest_nonlisten_process != NULL)
1906116a62ce Finally support for handling each login connection in it's own process.
Timo Sirainen <tss@iki.fi>
parents: 596
diff changeset
247 login_process_destroy(oldest_nonlisten_process);
1906116a62ce Finally support for handling each login connection in it's own process.
Timo Sirainen <tss@iki.fi>
parents: 596
diff changeset
248 }
1906116a62ce Finally support for handling each login connection in it's own process.
Timo Sirainen <tss@iki.fi>
parents: 596
diff changeset
249
0
3b1985cbc908 Initial revision
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
250 if (set_login_uid == 0)
3b1985cbc908 Initial revision
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
251 i_fatal("Login process must not run as root");
3b1985cbc908 Initial revision
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
252
3b1985cbc908 Initial revision
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
253 /* create communication to process with a socket pair */
3b1985cbc908 Initial revision
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
254 if (socketpair(AF_UNIX, SOCK_STREAM, 0, fd) == -1) {
3b1985cbc908 Initial revision
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
255 i_error("socketpair() failed: %m");
3b1985cbc908 Initial revision
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
256 return -1;
3b1985cbc908 Initial revision
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
257 }
3b1985cbc908 Initial revision
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
258
3b1985cbc908 Initial revision
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
259 pid = fork();
3b1985cbc908 Initial revision
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
260 if (pid < 0) {
3b1985cbc908 Initial revision
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
261 (void)close(fd[0]);
3b1985cbc908 Initial revision
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
262 (void)close(fd[1]);
3b1985cbc908 Initial revision
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
263 i_error("fork() failed: %m");
3b1985cbc908 Initial revision
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
264 return -1;
3b1985cbc908 Initial revision
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
265 }
3b1985cbc908 Initial revision
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
266
3b1985cbc908 Initial revision
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
267 if (pid != 0) {
3b1985cbc908 Initial revision
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
268 /* master */
727
8dd8ebe6bcac We use close-on-exec flag now to make sure that master process closes the
Timo Sirainen <tss@iki.fi>
parents: 722
diff changeset
269 fd_close_on_exec(fd[0], TRUE);
0
3b1985cbc908 Initial revision
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
270 login_process_new(pid, fd[0]);
3b1985cbc908 Initial revision
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
271 (void)close(fd[1]);
3b1985cbc908 Initial revision
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
272 return pid;
3b1985cbc908 Initial revision
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
273 }
3b1985cbc908 Initial revision
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
274
3b1985cbc908 Initial revision
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
275 /* move communication handle */
3b1985cbc908 Initial revision
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
276 if (dup2(fd[1], LOGIN_MASTER_SOCKET_FD) < 0)
805
5ac361acb316 Marked all non-trivial buffer modifications with @UNSAFE tag. Several
Timo Sirainen <tss@iki.fi>
parents: 801
diff changeset
277 i_fatal("login: dup2(master) failed: %m");
727
8dd8ebe6bcac We use close-on-exec flag now to make sure that master process closes the
Timo Sirainen <tss@iki.fi>
parents: 722
diff changeset
278 fd_close_on_exec(LOGIN_MASTER_SOCKET_FD, FALSE);
0
3b1985cbc908 Initial revision
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
279
3b1985cbc908 Initial revision
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
280 /* move the listen handle */
3b1985cbc908 Initial revision
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
281 if (dup2(imap_fd, LOGIN_IMAP_LISTEN_FD) < 0)
805
5ac361acb316 Marked all non-trivial buffer modifications with @UNSAFE tag. Several
Timo Sirainen <tss@iki.fi>
parents: 801
diff changeset
282 i_fatal("login: dup2(imap) failed: %m");
727
8dd8ebe6bcac We use close-on-exec flag now to make sure that master process closes the
Timo Sirainen <tss@iki.fi>
parents: 722
diff changeset
283 fd_close_on_exec(LOGIN_IMAP_LISTEN_FD, FALSE);
0
3b1985cbc908 Initial revision
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
284
3b1985cbc908 Initial revision
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
285 /* move the SSL listen handle */
876
ad8f7d2107b4 If ssl_disable is set to yes and we get SIGHUPed, don't feed the listening
Timo Sirainen <tss@iki.fi>
parents: 810
diff changeset
286 if (!set_ssl_disable) {
ad8f7d2107b4 If ssl_disable is set to yes and we get SIGHUPed, don't feed the listening
Timo Sirainen <tss@iki.fi>
parents: 810
diff changeset
287 if (dup2(imaps_fd, LOGIN_IMAPS_LISTEN_FD) < 0)
ad8f7d2107b4 If ssl_disable is set to yes and we get SIGHUPed, don't feed the listening
Timo Sirainen <tss@iki.fi>
parents: 810
diff changeset
288 i_fatal("login: dup2(imaps) failed: %m");
ad8f7d2107b4 If ssl_disable is set to yes and we get SIGHUPed, don't feed the listening
Timo Sirainen <tss@iki.fi>
parents: 810
diff changeset
289 } else {
ad8f7d2107b4 If ssl_disable is set to yes and we get SIGHUPed, don't feed the listening
Timo Sirainen <tss@iki.fi>
parents: 810
diff changeset
290 if (dup2(null_fd, LOGIN_IMAPS_LISTEN_FD) < 0)
ad8f7d2107b4 If ssl_disable is set to yes and we get SIGHUPed, don't feed the listening
Timo Sirainen <tss@iki.fi>
parents: 810
diff changeset
291 i_fatal("login: dup2(imaps) failed: %m");
ad8f7d2107b4 If ssl_disable is set to yes and we get SIGHUPed, don't feed the listening
Timo Sirainen <tss@iki.fi>
parents: 810
diff changeset
292 }
727
8dd8ebe6bcac We use close-on-exec flag now to make sure that master process closes the
Timo Sirainen <tss@iki.fi>
parents: 722
diff changeset
293 fd_close_on_exec(LOGIN_IMAPS_LISTEN_FD, FALSE);
0
3b1985cbc908 Initial revision
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
294
3b1985cbc908 Initial revision
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
295 /* imap_fd and imaps_fd are closed by clean_child_process() */
3b1985cbc908 Initial revision
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
296
3b1985cbc908 Initial revision
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
297 (void)close(fd[0]);
3b1985cbc908 Initial revision
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
298 (void)close(fd[1]);
3b1985cbc908 Initial revision
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
299
3b1985cbc908 Initial revision
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
300 clean_child_process();
3b1985cbc908 Initial revision
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
301
3b1985cbc908 Initial revision
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
302 /* setup access environment - needs to be done after
3b1985cbc908 Initial revision
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
303 clean_child_process() since it clears environment */
3b1985cbc908 Initial revision
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
304 restrict_access_set_env(set_login_user, set_login_uid, set_login_gid,
3b1985cbc908 Initial revision
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
305 set_login_chroot ? set_login_dir : NULL);
3b1985cbc908 Initial revision
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
306
3b1985cbc908 Initial revision
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
307 if (!set_login_chroot) {
3b1985cbc908 Initial revision
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
308 /* no chrooting, but still change to the directory */
805
5ac361acb316 Marked all non-trivial buffer modifications with @UNSAFE tag. Several
Timo Sirainen <tss@iki.fi>
parents: 801
diff changeset
309 if (chdir(set_login_dir) < 0)
5ac361acb316 Marked all non-trivial buffer modifications with @UNSAFE tag. Several
Timo Sirainen <tss@iki.fi>
parents: 801
diff changeset
310 i_fatal("chdir(%s) failed: %m", set_login_dir);
0
3b1985cbc908 Initial revision
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
311 }
3b1985cbc908 Initial revision
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
312
666
36ac2fd352ff Added ssl_disable setting.
Timo Sirainen <tss@iki.fi>
parents: 635
diff changeset
313 if (!set_ssl_disable) {
697
7814b29d0862 Created env_put() and env_clean() for a bit easier handling of environment
Timo Sirainen <tss@iki.fi>
parents: 666
diff changeset
314 env_put(t_strconcat("SSL_CERT_FILE=", set_ssl_cert_file, NULL));
7814b29d0862 Created env_put() and env_clean() for a bit easier handling of environment
Timo Sirainen <tss@iki.fi>
parents: 666
diff changeset
315 env_put(t_strconcat("SSL_KEY_FILE=", set_ssl_key_file, NULL));
7814b29d0862 Created env_put() and env_clean() for a bit easier handling of environment
Timo Sirainen <tss@iki.fi>
parents: 666
diff changeset
316 env_put(t_strconcat("SSL_PARAM_FILE=",
7814b29d0862 Created env_put() and env_clean() for a bit easier handling of environment
Timo Sirainen <tss@iki.fi>
parents: 666
diff changeset
317 set_ssl_parameters_file, NULL));
615
0d852af6842e Master process generates DH/RSA parameters now and stores them into file
Timo Sirainen <tss@iki.fi>
parents: 614
diff changeset
318 }
0d852af6842e Master process generates DH/RSA parameters now and stores them into file
Timo Sirainen <tss@iki.fi>
parents: 614
diff changeset
319
0
3b1985cbc908 Initial revision
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
320 if (set_disable_plaintext_auth)
697
7814b29d0862 Created env_put() and env_clean() for a bit easier handling of environment
Timo Sirainen <tss@iki.fi>
parents: 666
diff changeset
321 env_put("DISABLE_PLAINTEXT_AUTH=1");
747
db6fb0aa16d1 Let login process also know if verbose process titles are wanted..
Timo Sirainen <tss@iki.fi>
parents: 727
diff changeset
322 if (set_verbose_proctitle)
db6fb0aa16d1 Let login process also know if verbose process titles are wanted..
Timo Sirainen <tss@iki.fi>
parents: 727
diff changeset
323 env_put("VERBOSE_PROCTITLE=1");
0
3b1985cbc908 Initial revision
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
324
613
1906116a62ce Finally support for handling each login connection in it's own process.
Timo Sirainen <tss@iki.fi>
parents: 596
diff changeset
325 if (set_login_process_per_connection) {
697
7814b29d0862 Created env_put() and env_clean() for a bit easier handling of environment
Timo Sirainen <tss@iki.fi>
parents: 666
diff changeset
326 env_put("PROCESS_PER_CONNECTION=1");
7814b29d0862 Created env_put() and env_clean() for a bit easier handling of environment
Timo Sirainen <tss@iki.fi>
parents: 666
diff changeset
327 env_put("MAX_LOGGING_USERS=1");
613
1906116a62ce Finally support for handling each login connection in it's own process.
Timo Sirainen <tss@iki.fi>
parents: 596
diff changeset
328 } else {
810
30f6811f4952 Instead of just trusting randomness of authentication cookies between
Timo Sirainen <tss@iki.fi>
parents: 807
diff changeset
329 env_put(t_strdup_printf("MAX_LOGGING_USERS=%u",
697
7814b29d0862 Created env_put() and env_clean() for a bit easier handling of environment
Timo Sirainen <tss@iki.fi>
parents: 666
diff changeset
330 set_max_logging_users));
613
1906116a62ce Finally support for handling each login connection in it's own process.
Timo Sirainen <tss@iki.fi>
parents: 596
diff changeset
331 }
0
3b1985cbc908 Initial revision
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
332
810
30f6811f4952 Instead of just trusting randomness of authentication cookies between
Timo Sirainen <tss@iki.fi>
parents: 807
diff changeset
333 env_put(t_strdup_printf("PROCESS_UID=%s", dec2str(getpid())));
30f6811f4952 Instead of just trusting randomness of authentication cookies between
Timo Sirainen <tss@iki.fi>
parents: 807
diff changeset
334
722
0438621d25ff Added virtual memory size limits to processes. Default values are pretty
Timo Sirainen <tss@iki.fi>
parents: 699
diff changeset
335 restrict_process_size(set_login_process_size);
0438621d25ff Added virtual memory size limits to processes. Default values are pretty
Timo Sirainen <tss@iki.fi>
parents: 699
diff changeset
336
801
86224ff16bf6 Drop root privileges earlier. Close syslog more later in imap-master when
Timo Sirainen <tss@iki.fi>
parents: 791
diff changeset
337 /* make sure we don't leak syslog fd, but do it last so that
86224ff16bf6 Drop root privileges earlier. Close syslog more later in imap-master when
Timo Sirainen <tss@iki.fi>
parents: 791
diff changeset
338 any errors above will be logged */
86224ff16bf6 Drop root privileges earlier. Close syslog more later in imap-master when
Timo Sirainen <tss@iki.fi>
parents: 791
diff changeset
339 closelog();
86224ff16bf6 Drop root privileges earlier. Close syslog more later in imap-master when
Timo Sirainen <tss@iki.fi>
parents: 791
diff changeset
340
0
3b1985cbc908 Initial revision
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
341 /* hide the path, it's ugly */
3b1985cbc908 Initial revision
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
342 argv[0] = strrchr(set_login_executable, '/');
3b1985cbc908 Initial revision
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
343 if (argv[0] == NULL) argv[0] = set_login_executable; else argv[0]++;
3b1985cbc908 Initial revision
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
344
3b1985cbc908 Initial revision
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
345 execv(set_login_executable, (char **) argv);
3b1985cbc908 Initial revision
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
346
801
86224ff16bf6 Drop root privileges earlier. Close syslog more later in imap-master when
Timo Sirainen <tss@iki.fi>
parents: 791
diff changeset
347 i_fatal_status(FATAL_EXEC, "execv(%s) failed: %m", argv[0]);
0
3b1985cbc908 Initial revision
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
348 return -1;
3b1985cbc908 Initial revision
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
349 }
3b1985cbc908 Initial revision
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
350
615
0d852af6842e Master process generates DH/RSA parameters now and stores them into file
Timo Sirainen <tss@iki.fi>
parents: 614
diff changeset
351 void login_process_abormal_exit(pid_t pid __attr_unused__)
0d852af6842e Master process generates DH/RSA parameters now and stores them into file
Timo Sirainen <tss@iki.fi>
parents: 614
diff changeset
352 {
0d852af6842e Master process generates DH/RSA parameters now and stores them into file
Timo Sirainen <tss@iki.fi>
parents: 614
diff changeset
353 /* don't start raising the process count if they're dying all
0d852af6842e Master process generates DH/RSA parameters now and stores them into file
Timo Sirainen <tss@iki.fi>
parents: 614
diff changeset
354 the time */
0d852af6842e Master process generates DH/RSA parameters now and stores them into file
Timo Sirainen <tss@iki.fi>
parents: 614
diff changeset
355 wanted_processes_count = 0;
0d852af6842e Master process generates DH/RSA parameters now and stores them into file
Timo Sirainen <tss@iki.fi>
parents: 614
diff changeset
356 }
0d852af6842e Master process generates DH/RSA parameters now and stores them into file
Timo Sirainen <tss@iki.fi>
parents: 614
diff changeset
357
635
90a65c017bf0 SIGHUP reloads now settings. Logged in clients are left untouched, but
Timo Sirainen <tss@iki.fi>
parents: 615
diff changeset
358 static void login_hash_destroy(void *key __attr_unused__, void *value,
90a65c017bf0 SIGHUP reloads now settings. Logged in clients are left untouched, but
Timo Sirainen <tss@iki.fi>
parents: 615
diff changeset
359 void *context __attr_unused__)
90a65c017bf0 SIGHUP reloads now settings. Logged in clients are left untouched, but
Timo Sirainen <tss@iki.fi>
parents: 615
diff changeset
360 {
90a65c017bf0 SIGHUP reloads now settings. Logged in clients are left untouched, but
Timo Sirainen <tss@iki.fi>
parents: 615
diff changeset
361 login_process_destroy(value);
90a65c017bf0 SIGHUP reloads now settings. Logged in clients are left untouched, but
Timo Sirainen <tss@iki.fi>
parents: 615
diff changeset
362 }
90a65c017bf0 SIGHUP reloads now settings. Logged in clients are left untouched, but
Timo Sirainen <tss@iki.fi>
parents: 615
diff changeset
363
90a65c017bf0 SIGHUP reloads now settings. Logged in clients are left untouched, but
Timo Sirainen <tss@iki.fi>
parents: 615
diff changeset
364 void login_processes_destroy_all(void)
90a65c017bf0 SIGHUP reloads now settings. Logged in clients are left untouched, but
Timo Sirainen <tss@iki.fi>
parents: 615
diff changeset
365 {
90a65c017bf0 SIGHUP reloads now settings. Logged in clients are left untouched, but
Timo Sirainen <tss@iki.fi>
parents: 615
diff changeset
366 hash_foreach(processes, login_hash_destroy, NULL);
90a65c017bf0 SIGHUP reloads now settings. Logged in clients are left untouched, but
Timo Sirainen <tss@iki.fi>
parents: 615
diff changeset
367
90a65c017bf0 SIGHUP reloads now settings. Logged in clients are left untouched, but
Timo Sirainen <tss@iki.fi>
parents: 615
diff changeset
368 /* don't double their amount when restarting */
90a65c017bf0 SIGHUP reloads now settings. Logged in clients are left untouched, but
Timo Sirainen <tss@iki.fi>
parents: 615
diff changeset
369 wanted_processes_count = 0;
90a65c017bf0 SIGHUP reloads now settings. Logged in clients are left untouched, but
Timo Sirainen <tss@iki.fi>
parents: 615
diff changeset
370 }
90a65c017bf0 SIGHUP reloads now settings. Logged in clients are left untouched, but
Timo Sirainen <tss@iki.fi>
parents: 615
diff changeset
371
10
82b7de533f98 s/user_data/context/ and some s/Data/Context/
Timo Sirainen <tss@iki.fi>
parents: 0
diff changeset
372 static void login_processes_start_missing(void *context __attr_unused__,
0
3b1985cbc908 Initial revision
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
373 Timeout timeout __attr_unused__)
3b1985cbc908 Initial revision
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
374 {
614
e60620644af3 login_process_per_connection = yes scales now better when multiple users are
Timo Sirainen <tss@iki.fi>
parents: 613
diff changeset
375 if (!set_login_process_per_connection) {
e60620644af3 login_process_per_connection = yes scales now better when multiple users are
Timo Sirainen <tss@iki.fi>
parents: 613
diff changeset
376 /* create max. one process every second, that way if it keeps
e60620644af3 login_process_per_connection = yes scales now better when multiple users are
Timo Sirainen <tss@iki.fi>
parents: 613
diff changeset
377 dying all the time we don't eat all cpu with fork()ing. */
e60620644af3 login_process_per_connection = yes scales now better when multiple users are
Timo Sirainen <tss@iki.fi>
parents: 613
diff changeset
378 if (listening_processes < set_login_processes_count)
e60620644af3 login_process_per_connection = yes scales now better when multiple users are
Timo Sirainen <tss@iki.fi>
parents: 613
diff changeset
379 (void)create_login_process();
e60620644af3 login_process_per_connection = yes scales now better when multiple users are
Timo Sirainen <tss@iki.fi>
parents: 613
diff changeset
380 } else {
e60620644af3 login_process_per_connection = yes scales now better when multiple users are
Timo Sirainen <tss@iki.fi>
parents: 613
diff changeset
381 /* we want to respond fast when multiple clients are connecting
e60620644af3 login_process_per_connection = yes scales now better when multiple users are
Timo Sirainen <tss@iki.fi>
parents: 613
diff changeset
382 at once, but we also want to prevent fork-bombing. use the
e60620644af3 login_process_per_connection = yes scales now better when multiple users are
Timo Sirainen <tss@iki.fi>
parents: 613
diff changeset
383 same method as apache: check once a second if we need new
e60620644af3 login_process_per_connection = yes scales now better when multiple users are
Timo Sirainen <tss@iki.fi>
parents: 613
diff changeset
384 processes. if yes and we've used all the existing processes,
e60620644af3 login_process_per_connection = yes scales now better when multiple users are
Timo Sirainen <tss@iki.fi>
parents: 613
diff changeset
385 double their amount (unless we've hit the high limit).
e60620644af3 login_process_per_connection = yes scales now better when multiple users are
Timo Sirainen <tss@iki.fi>
parents: 613
diff changeset
386 Then for each second that didn't use all existing processes,
e60620644af3 login_process_per_connection = yes scales now better when multiple users are
Timo Sirainen <tss@iki.fi>
parents: 613
diff changeset
387 drop the max. process count by one. */
e60620644af3 login_process_per_connection = yes scales now better when multiple users are
Timo Sirainen <tss@iki.fi>
parents: 613
diff changeset
388 if (wanted_processes_count < set_login_processes_count)
e60620644af3 login_process_per_connection = yes scales now better when multiple users are
Timo Sirainen <tss@iki.fi>
parents: 613
diff changeset
389 wanted_processes_count = set_login_processes_count;
e60620644af3 login_process_per_connection = yes scales now better when multiple users are
Timo Sirainen <tss@iki.fi>
parents: 613
diff changeset
390 else if (listening_processes == 0)
e60620644af3 login_process_per_connection = yes scales now better when multiple users are
Timo Sirainen <tss@iki.fi>
parents: 613
diff changeset
391 wanted_processes_count *= 2;
e60620644af3 login_process_per_connection = yes scales now better when multiple users are
Timo Sirainen <tss@iki.fi>
parents: 613
diff changeset
392 else if (wanted_processes_count > set_login_processes_count)
e60620644af3 login_process_per_connection = yes scales now better when multiple users are
Timo Sirainen <tss@iki.fi>
parents: 613
diff changeset
393 wanted_processes_count--;
e60620644af3 login_process_per_connection = yes scales now better when multiple users are
Timo Sirainen <tss@iki.fi>
parents: 613
diff changeset
394
e60620644af3 login_process_per_connection = yes scales now better when multiple users are
Timo Sirainen <tss@iki.fi>
parents: 613
diff changeset
395 if (wanted_processes_count > set_login_max_processes_count)
e60620644af3 login_process_per_connection = yes scales now better when multiple users are
Timo Sirainen <tss@iki.fi>
parents: 613
diff changeset
396 wanted_processes_count = set_login_max_processes_count;
e60620644af3 login_process_per_connection = yes scales now better when multiple users are
Timo Sirainen <tss@iki.fi>
parents: 613
diff changeset
397
e60620644af3 login_process_per_connection = yes scales now better when multiple users are
Timo Sirainen <tss@iki.fi>
parents: 613
diff changeset
398 while (listening_processes < wanted_processes_count)
e60620644af3 login_process_per_connection = yes scales now better when multiple users are
Timo Sirainen <tss@iki.fi>
parents: 613
diff changeset
399 (void)create_login_process();
e60620644af3 login_process_per_connection = yes scales now better when multiple users are
Timo Sirainen <tss@iki.fi>
parents: 613
diff changeset
400 }
0
3b1985cbc908 Initial revision
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
401 }
3b1985cbc908 Initial revision
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
402
3b1985cbc908 Initial revision
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
403 void login_processes_init(void)
3b1985cbc908 Initial revision
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
404 {
3b1985cbc908 Initial revision
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
405 auth_id_counter = 0;
613
1906116a62ce Finally support for handling each login connection in it's own process.
Timo Sirainen <tss@iki.fi>
parents: 596
diff changeset
406 listening_processes = 0;
614
e60620644af3 login_process_per_connection = yes scales now better when multiple users are
Timo Sirainen <tss@iki.fi>
parents: 613
diff changeset
407 wanted_processes_count = 0;
613
1906116a62ce Finally support for handling each login connection in it's own process.
Timo Sirainen <tss@iki.fi>
parents: 596
diff changeset
408 oldest_nonlisten_process = newest_nonlisten_process = NULL;
1906116a62ce Finally support for handling each login connection in it's own process.
Timo Sirainen <tss@iki.fi>
parents: 596
diff changeset
409
1906116a62ce Finally support for handling each login connection in it's own process.
Timo Sirainen <tss@iki.fi>
parents: 596
diff changeset
410 processes = hash_create(default_pool, 128, NULL, NULL);
0
3b1985cbc908 Initial revision
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
411 to = timeout_add(1000, login_processes_start_missing, NULL);
3b1985cbc908 Initial revision
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
412 }
3b1985cbc908 Initial revision
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
413
3b1985cbc908 Initial revision
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
414 void login_processes_deinit(void)
3b1985cbc908 Initial revision
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
415 {
3b1985cbc908 Initial revision
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
416 timeout_remove(to);
3b1985cbc908 Initial revision
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
417
635
90a65c017bf0 SIGHUP reloads now settings. Logged in clients are left untouched, but
Timo Sirainen <tss@iki.fi>
parents: 615
diff changeset
418 login_processes_destroy_all();
0
3b1985cbc908 Initial revision
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
419 hash_destroy(processes);
3b1985cbc908 Initial revision
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
420 }