Mercurial > dovecot > original-hg > dovecot-1.2
annotate src/master/auth-process.c @ 9259:ea2eed32d59e HEAD
cache file: If offset isn't 32bit aligned, assume it's corrupted.
author | Timo Sirainen <tss@iki.fi> |
---|---|
date | Sun, 26 Jul 2009 22:40:02 -0400 |
parents | 774b0e8138bd |
children | 366a327b028b |
rev | line source |
---|---|
8590
b9faf4db2a9f
Updated copyright notices to include year 2009.
Timo Sirainen <tss@iki.fi>
parents:
8573
diff
changeset
|
1 /* Copyright (c) 2002-2009 Dovecot authors, see the included COPYING file */ |
0 | 2 |
3 #include "common.h" | |
5843
f655c4d4a419
Moved child process handling to child-process.[ch]. The hash table now uses
Timo Sirainen <tss@iki.fi>
parents:
5706
diff
changeset
|
4 #include "hash.h" |
532
3b53dd1280c6
I/O buffers now use real blocking instead of setting up a sub-ioloop to
Timo Sirainen <tss@iki.fi>
parents:
410
diff
changeset
|
5 #include "ioloop.h" |
697
7814b29d0862
Created env_put() and env_clean() for a bit easier handling of environment
Timo Sirainen <tss@iki.fi>
parents:
683
diff
changeset
|
6 #include "env-util.h" |
727
8dd8ebe6bcac
We use close-on-exec flag now to make sure that master process closes the
Timo Sirainen <tss@iki.fi>
parents:
723
diff
changeset
|
7 #include "fd-close-on-exec.h" |
3166
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3083
diff
changeset
|
8 #include "unix-socket-create.h" |
0 | 9 #include "network.h" |
1035
fe49ece0f3ea
We have now separate "userdb" and "passdb". They aren't tied to each others
Timo Sirainen <tss@iki.fi>
parents:
1000
diff
changeset
|
10 #include "istream.h" |
764
f57c52738f90
Renamed IBuffer and OBuffer to IStream and OStream which describes their
Timo Sirainen <tss@iki.fi>
parents:
727
diff
changeset
|
11 #include "ostream.h" |
2736
0f31778d3c34
Changed dovecot-auth protocol to ASCII based. Should be easier now to write
Timo Sirainen <tss@iki.fi>
parents:
2717
diff
changeset
|
12 #include "str.h" |
0 | 13 #include "restrict-access.h" |
722
0438621d25ff
Added virtual memory size limits to processes. Default values are pretty
Timo Sirainen <tss@iki.fi>
parents:
713
diff
changeset
|
14 #include "restrict-process-size.h" |
0 | 15 #include "auth-process.h" |
5843
f655c4d4a419
Moved child process handling to child-process.[ch]. The hash table now uses
Timo Sirainen <tss@iki.fi>
parents:
5706
diff
changeset
|
16 #include "child-process.h" |
2776
150f8151c971
Added VERSION command and checking to authentication protocol.
Timo Sirainen <tss@iki.fi>
parents:
2752
diff
changeset
|
17 #include "../auth/auth-master-interface.h" |
2000
c7c19f5071c3
Write all logging through master process. Fixes problems with log rotation,
Timo Sirainen <tss@iki.fi>
parents:
1897
diff
changeset
|
18 #include "log.h" |
0 | 19 |
20 #include <stdlib.h> | |
21 #include <unistd.h> | |
8301
d46579bb7a3c
Print a help message about authentication at startup until the first successful authentication.
Timo Sirainen <tss@iki.fi>
parents:
8095
diff
changeset
|
22 #include <fcntl.h> |
0 | 23 #include <pwd.h> |
801
86224ff16bf6
Drop root privileges earlier. Close syslog more later in imap-master when
Timo Sirainen <tss@iki.fi>
parents:
791
diff
changeset
|
24 #include <syslog.h> |
0 | 25 |
2736
0f31778d3c34
Changed dovecot-auth protocol to ASCII based. Should be easier now to write
Timo Sirainen <tss@iki.fi>
parents:
2717
diff
changeset
|
26 #define MAX_INBUF_SIZE 8192 |
0f31778d3c34
Changed dovecot-auth protocol to ASCII based. Should be easier now to write
Timo Sirainen <tss@iki.fi>
parents:
2717
diff
changeset
|
27 #define MAX_OUTBUF_SIZE 65536 |
1035
fe49ece0f3ea
We have now separate "userdb" and "passdb". They aren't tied to each others
Timo Sirainen <tss@iki.fi>
parents:
1000
diff
changeset
|
28 |
1144
6970c1d808ab
Creating more than one auth process per group didn't really work.
Timo Sirainen <tss@iki.fi>
parents:
1133
diff
changeset
|
29 struct auth_process_group { |
6970c1d808ab
Creating more than one auth process per group didn't really work.
Timo Sirainen <tss@iki.fi>
parents:
1133
diff
changeset
|
30 struct auth_process_group *next; |
6970c1d808ab
Creating more than one auth process per group didn't really work.
Timo Sirainen <tss@iki.fi>
parents:
1133
diff
changeset
|
31 |
6970c1d808ab
Creating more than one auth process per group didn't really work.
Timo Sirainen <tss@iki.fi>
parents:
1133
diff
changeset
|
32 int listen_fd; |
6970c1d808ab
Creating more than one auth process per group didn't really work.
Timo Sirainen <tss@iki.fi>
parents:
1133
diff
changeset
|
33 struct auth_settings *set; |
6970c1d808ab
Creating more than one auth process per group didn't really work.
Timo Sirainen <tss@iki.fi>
parents:
1133
diff
changeset
|
34 |
6970c1d808ab
Creating more than one auth process per group didn't really work.
Timo Sirainen <tss@iki.fi>
parents:
1133
diff
changeset
|
35 unsigned int process_count; |
6970c1d808ab
Creating more than one auth process per group didn't really work.
Timo Sirainen <tss@iki.fi>
parents:
1133
diff
changeset
|
36 struct auth_process *processes; |
6970c1d808ab
Creating more than one auth process per group didn't really work.
Timo Sirainen <tss@iki.fi>
parents:
1133
diff
changeset
|
37 }; |
6970c1d808ab
Creating more than one auth process per group didn't really work.
Timo Sirainen <tss@iki.fi>
parents:
1133
diff
changeset
|
38 |
903
fd8888f6f037
Naming style changes, finally got tired of most of the typedefs. Also the
Timo Sirainen <tss@iki.fi>
parents:
810
diff
changeset
|
39 struct auth_process { |
fd8888f6f037
Naming style changes, finally got tired of most of the typedefs. Also the
Timo Sirainen <tss@iki.fi>
parents:
810
diff
changeset
|
40 struct auth_process *next; |
0 | 41 |
1144
6970c1d808ab
Creating more than one auth process per group didn't really work.
Timo Sirainen <tss@iki.fi>
parents:
1133
diff
changeset
|
42 struct auth_process_group *group; |
0 | 43 pid_t pid; |
44 int fd; | |
903
fd8888f6f037
Naming style changes, finally got tired of most of the typedefs. Also the
Timo Sirainen <tss@iki.fi>
parents:
810
diff
changeset
|
45 struct io *io; |
1035
fe49ece0f3ea
We have now separate "userdb" and "passdb". They aren't tied to each others
Timo Sirainen <tss@iki.fi>
parents:
1000
diff
changeset
|
46 struct istream *input; |
903
fd8888f6f037
Naming style changes, finally got tired of most of the typedefs. Also the
Timo Sirainen <tss@iki.fi>
parents:
810
diff
changeset
|
47 struct ostream *output; |
0 | 48 |
3166
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3083
diff
changeset
|
49 int worker_listen_fd; |
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3083
diff
changeset
|
50 struct io *worker_io; |
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3083
diff
changeset
|
51 |
1035
fe49ece0f3ea
We have now separate "userdb" and "passdb". They aren't tied to each others
Timo Sirainen <tss@iki.fi>
parents:
1000
diff
changeset
|
52 struct hash_table *requests; |
925
2e649dec0f09
Auth and login processes send an "we're ok" reply at the end of
Timo Sirainen <tss@iki.fi>
parents:
907
diff
changeset
|
53 |
2236
43b82a35888d
Dovecot can now connect to externally running dovecot-auth.
Timo Sirainen <tss@iki.fi>
parents:
2230
diff
changeset
|
54 unsigned int external:1; |
2791
b12e61e55c01
Put SPID back, it's needed for standalone dovecot-auth.
Timo Sirainen <tss@iki.fi>
parents:
2778
diff
changeset
|
55 unsigned int version_received:1; |
925
2e649dec0f09
Auth and login processes send an "we're ok" reply at the end of
Timo Sirainen <tss@iki.fi>
parents:
907
diff
changeset
|
56 unsigned int initialized:1; |
1035
fe49ece0f3ea
We have now separate "userdb" and "passdb". They aren't tied to each others
Timo Sirainen <tss@iki.fi>
parents:
1000
diff
changeset
|
57 unsigned int in_auth_reply:1; |
0 | 58 }; |
59 | |
5136
86625faa49b5
Start auth processes immediately at startup, not after one second delay.
Timo Sirainen <tss@iki.fi>
parents:
4907
diff
changeset
|
60 bool have_initialized_auth_processes = FALSE; |
86625faa49b5
Start auth processes immediately at startup, not after one second delay.
Timo Sirainen <tss@iki.fi>
parents:
4907
diff
changeset
|
61 |
5843
f655c4d4a419
Moved child process handling to child-process.[ch]. The hash table now uses
Timo Sirainen <tss@iki.fi>
parents:
5706
diff
changeset
|
62 static struct child_process auth_child_process = |
8628
e85c7cb22ad7
If login process crashes, log the IP address that (maybe) caused it.
Timo Sirainen <tss@iki.fi>
parents:
8593
diff
changeset
|
63 { MEMBER(type) PROCESS_TYPE_AUTH }; |
5843
f655c4d4a419
Moved child process handling to child-process.[ch]. The hash table now uses
Timo Sirainen <tss@iki.fi>
parents:
5706
diff
changeset
|
64 static struct child_process auth_worker_child_process = |
8628
e85c7cb22ad7
If login process crashes, log the IP address that (maybe) caused it.
Timo Sirainen <tss@iki.fi>
parents:
8593
diff
changeset
|
65 { MEMBER(type) PROCESS_TYPE_AUTH_WORKER }; |
5843
f655c4d4a419
Moved child process handling to child-process.[ch]. The hash table now uses
Timo Sirainen <tss@iki.fi>
parents:
5706
diff
changeset
|
66 |
903
fd8888f6f037
Naming style changes, finally got tired of most of the typedefs. Also the
Timo Sirainen <tss@iki.fi>
parents:
810
diff
changeset
|
67 static struct timeout *to; |
1035
fe49ece0f3ea
We have now separate "userdb" and "passdb". They aren't tied to each others
Timo Sirainen <tss@iki.fi>
parents:
1000
diff
changeset
|
68 static unsigned int auth_tag; |
1144
6970c1d808ab
Creating more than one auth process per group didn't really work.
Timo Sirainen <tss@iki.fi>
parents:
1133
diff
changeset
|
69 static struct auth_process_group *process_groups; |
4148
f60d73c96618
If master process runs out of file descriptors, try to handle it more nicely
Timo Sirainen <tss@iki.fi>
parents:
4108
diff
changeset
|
70 static bool auth_stalled = FALSE; |
0 | 71 |
903
fd8888f6f037
Naming style changes, finally got tired of most of the typedefs. Also the
Timo Sirainen <tss@iki.fi>
parents:
810
diff
changeset
|
72 static void auth_process_destroy(struct auth_process *p); |
3166
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3083
diff
changeset
|
73 static int create_auth_worker(struct auth_process *process, int fd); |
4148
f60d73c96618
If master process runs out of file descriptors, try to handle it more nicely
Timo Sirainen <tss@iki.fi>
parents:
4108
diff
changeset
|
74 static void auth_processes_start_missing(void *context); |
0 | 75 |
1035
fe49ece0f3ea
We have now separate "userdb" and "passdb". They aren't tied to each others
Timo Sirainen <tss@iki.fi>
parents:
1000
diff
changeset
|
76 void auth_process_request(struct auth_process *process, unsigned int login_pid, |
4907
5b4c9b20eba0
Replaced void *context from a lot of callbacks with the actual context
Timo Sirainen <tss@iki.fi>
parents:
4472
diff
changeset
|
77 unsigned int login_id, |
5b4c9b20eba0
Replaced void *context from a lot of callbacks with the actual context
Timo Sirainen <tss@iki.fi>
parents:
4472
diff
changeset
|
78 struct login_auth_request *request) |
0 | 79 { |
2736
0f31778d3c34
Changed dovecot-auth protocol to ASCII based. Should be easier now to write
Timo Sirainen <tss@iki.fi>
parents:
2717
diff
changeset
|
80 string_t *str; |
1035
fe49ece0f3ea
We have now separate "userdb" and "passdb". They aren't tied to each others
Timo Sirainen <tss@iki.fi>
parents:
1000
diff
changeset
|
81 ssize_t ret; |
0 | 82 |
2736
0f31778d3c34
Changed dovecot-auth protocol to ASCII based. Should be easier now to write
Timo Sirainen <tss@iki.fi>
parents:
2717
diff
changeset
|
83 str = t_str_new(256); |
0f31778d3c34
Changed dovecot-auth protocol to ASCII based. Should be easier now to write
Timo Sirainen <tss@iki.fi>
parents:
2717
diff
changeset
|
84 str_printfa(str, "REQUEST\t%u\t%u\t%u\n", |
0f31778d3c34
Changed dovecot-auth protocol to ASCII based. Should be easier now to write
Timo Sirainen <tss@iki.fi>
parents:
2717
diff
changeset
|
85 ++auth_tag, login_pid, login_id); |
0 | 86 |
2736
0f31778d3c34
Changed dovecot-auth protocol to ASCII based. Should be easier now to write
Timo Sirainen <tss@iki.fi>
parents:
2717
diff
changeset
|
87 ret = o_stream_send(process->output, str_data(str), str_len(str)); |
0f31778d3c34
Changed dovecot-auth protocol to ASCII based. Should be easier now to write
Timo Sirainen <tss@iki.fi>
parents:
2717
diff
changeset
|
88 if (ret != (ssize_t)str_len(str)) { |
1035
fe49ece0f3ea
We have now separate "userdb" and "passdb". They aren't tied to each others
Timo Sirainen <tss@iki.fi>
parents:
1000
diff
changeset
|
89 if (ret >= 0) { |
fe49ece0f3ea
We have now separate "userdb" and "passdb". They aren't tied to each others
Timo Sirainen <tss@iki.fi>
parents:
1000
diff
changeset
|
90 /* FIXME: well .. I'm not sure if it'd be better to |
fe49ece0f3ea
We have now separate "userdb" and "passdb". They aren't tied to each others
Timo Sirainen <tss@iki.fi>
parents:
1000
diff
changeset
|
91 just block here. I don't think this condition should |
fe49ece0f3ea
We have now separate "userdb" and "passdb". They aren't tied to each others
Timo Sirainen <tss@iki.fi>
parents:
1000
diff
changeset
|
92 happen often, so this could mean that the auth |
fe49ece0f3ea
We have now separate "userdb" and "passdb". They aren't tied to each others
Timo Sirainen <tss@iki.fi>
parents:
1000
diff
changeset
|
93 process is stuck. Or that the computer is just |
fe49ece0f3ea
We have now separate "userdb" and "passdb". They aren't tied to each others
Timo Sirainen <tss@iki.fi>
parents:
1000
diff
changeset
|
94 too heavily loaded. Possibility to block infinitely |
fe49ece0f3ea
We have now separate "userdb" and "passdb". They aren't tied to each others
Timo Sirainen <tss@iki.fi>
parents:
1000
diff
changeset
|
95 is annoying though, so for now don't do it. */ |
fe49ece0f3ea
We have now separate "userdb" and "passdb". They aren't tied to each others
Timo Sirainen <tss@iki.fi>
parents:
1000
diff
changeset
|
96 i_warning("Auth process %s transmit buffer full, " |
fe49ece0f3ea
We have now separate "userdb" and "passdb". They aren't tied to each others
Timo Sirainen <tss@iki.fi>
parents:
1000
diff
changeset
|
97 "killing..", dec2str(process->pid)); |
fe49ece0f3ea
We have now separate "userdb" and "passdb". They aren't tied to each others
Timo Sirainen <tss@iki.fi>
parents:
1000
diff
changeset
|
98 } |
0 | 99 auth_process_destroy(process); |
2736
0f31778d3c34
Changed dovecot-auth protocol to ASCII based. Should be easier now to write
Timo Sirainen <tss@iki.fi>
parents:
2717
diff
changeset
|
100 } else { |
8573
f9166a09423a
Renamed hash_*() to hash_table_*() to avoid conflicts with OSX's strhash.h
Timo Sirainen <tss@iki.fi>
parents:
8560
diff
changeset
|
101 hash_table_insert(process->requests, |
f9166a09423a
Renamed hash_*() to hash_table_*() to avoid conflicts with OSX's strhash.h
Timo Sirainen <tss@iki.fi>
parents:
8560
diff
changeset
|
102 POINTER_CAST(auth_tag), request); |
2736
0f31778d3c34
Changed dovecot-auth protocol to ASCII based. Should be easier now to write
Timo Sirainen <tss@iki.fi>
parents:
2717
diff
changeset
|
103 } |
0f31778d3c34
Changed dovecot-auth protocol to ASCII based. Should be easier now to write
Timo Sirainen <tss@iki.fi>
parents:
2717
diff
changeset
|
104 } |
0f31778d3c34
Changed dovecot-auth protocol to ASCII based. Should be easier now to write
Timo Sirainen <tss@iki.fi>
parents:
2717
diff
changeset
|
105 |
3863
55df57c028d4
Added "bool" type and changed all ints that were used as booleans to bool.
Timo Sirainen <tss@iki.fi>
parents:
3853
diff
changeset
|
106 static bool |
2736
0f31778d3c34
Changed dovecot-auth protocol to ASCII based. Should be easier now to write
Timo Sirainen <tss@iki.fi>
parents:
2717
diff
changeset
|
107 auth_process_input_user(struct auth_process *process, const char *args) |
0f31778d3c34
Changed dovecot-auth protocol to ASCII based. Should be easier now to write
Timo Sirainen <tss@iki.fi>
parents:
2717
diff
changeset
|
108 { |
4907
5b4c9b20eba0
Replaced void *context from a lot of callbacks with the actual context
Timo Sirainen <tss@iki.fi>
parents:
4472
diff
changeset
|
109 struct login_auth_request *request; |
2736
0f31778d3c34
Changed dovecot-auth protocol to ASCII based. Should be easier now to write
Timo Sirainen <tss@iki.fi>
parents:
2717
diff
changeset
|
110 const char *const *list; |
0f31778d3c34
Changed dovecot-auth protocol to ASCII based. Should be easier now to write
Timo Sirainen <tss@iki.fi>
parents:
2717
diff
changeset
|
111 unsigned int id; |
0f31778d3c34
Changed dovecot-auth protocol to ASCII based. Should be easier now to write
Timo Sirainen <tss@iki.fi>
parents:
2717
diff
changeset
|
112 |
0f31778d3c34
Changed dovecot-auth protocol to ASCII based. Should be easier now to write
Timo Sirainen <tss@iki.fi>
parents:
2717
diff
changeset
|
113 /* <id> <userid> [..] */ |
0f31778d3c34
Changed dovecot-auth protocol to ASCII based. Should be easier now to write
Timo Sirainen <tss@iki.fi>
parents:
2717
diff
changeset
|
114 |
0f31778d3c34
Changed dovecot-auth protocol to ASCII based. Should be easier now to write
Timo Sirainen <tss@iki.fi>
parents:
2717
diff
changeset
|
115 list = t_strsplit(args, "\t"); |
0f31778d3c34
Changed dovecot-auth protocol to ASCII based. Should be easier now to write
Timo Sirainen <tss@iki.fi>
parents:
2717
diff
changeset
|
116 if (list[0] == NULL || list[1] == NULL) { |
0f31778d3c34
Changed dovecot-auth protocol to ASCII based. Should be easier now to write
Timo Sirainen <tss@iki.fi>
parents:
2717
diff
changeset
|
117 i_error("BUG: Auth process %s sent corrupted USER line", |
0f31778d3c34
Changed dovecot-auth protocol to ASCII based. Should be easier now to write
Timo Sirainen <tss@iki.fi>
parents:
2717
diff
changeset
|
118 dec2str(process->pid)); |
0f31778d3c34
Changed dovecot-auth protocol to ASCII based. Should be easier now to write
Timo Sirainen <tss@iki.fi>
parents:
2717
diff
changeset
|
119 return FALSE; |
0f31778d3c34
Changed dovecot-auth protocol to ASCII based. Should be easier now to write
Timo Sirainen <tss@iki.fi>
parents:
2717
diff
changeset
|
120 } |
0f31778d3c34
Changed dovecot-auth protocol to ASCII based. Should be easier now to write
Timo Sirainen <tss@iki.fi>
parents:
2717
diff
changeset
|
121 id = (unsigned int)strtoul(list[0], NULL, 10); |
0f31778d3c34
Changed dovecot-auth protocol to ASCII based. Should be easier now to write
Timo Sirainen <tss@iki.fi>
parents:
2717
diff
changeset
|
122 |
8573
f9166a09423a
Renamed hash_*() to hash_table_*() to avoid conflicts with OSX's strhash.h
Timo Sirainen <tss@iki.fi>
parents:
8560
diff
changeset
|
123 request = hash_table_lookup(process->requests, POINTER_CAST(id)); |
4907
5b4c9b20eba0
Replaced void *context from a lot of callbacks with the actual context
Timo Sirainen <tss@iki.fi>
parents:
4472
diff
changeset
|
124 if (request == NULL) { |
2736
0f31778d3c34
Changed dovecot-auth protocol to ASCII based. Should be easier now to write
Timo Sirainen <tss@iki.fi>
parents:
2717
diff
changeset
|
125 i_error("BUG: Auth process %s sent unrequested reply with ID " |
0f31778d3c34
Changed dovecot-auth protocol to ASCII based. Should be easier now to write
Timo Sirainen <tss@iki.fi>
parents:
2717
diff
changeset
|
126 "%u", dec2str(process->pid), id); |
0f31778d3c34
Changed dovecot-auth protocol to ASCII based. Should be easier now to write
Timo Sirainen <tss@iki.fi>
parents:
2717
diff
changeset
|
127 return FALSE; |
0f31778d3c34
Changed dovecot-auth protocol to ASCII based. Should be easier now to write
Timo Sirainen <tss@iki.fi>
parents:
2717
diff
changeset
|
128 } |
0f31778d3c34
Changed dovecot-auth protocol to ASCII based. Should be easier now to write
Timo Sirainen <tss@iki.fi>
parents:
2717
diff
changeset
|
129 |
8301
d46579bb7a3c
Print a help message about authentication at startup until the first successful authentication.
Timo Sirainen <tss@iki.fi>
parents:
8095
diff
changeset
|
130 if (!auth_success_written) { |
d46579bb7a3c
Print a help message about authentication at startup until the first successful authentication.
Timo Sirainen <tss@iki.fi>
parents:
8095
diff
changeset
|
131 int fd; |
d46579bb7a3c
Print a help message about authentication at startup until the first successful authentication.
Timo Sirainen <tss@iki.fi>
parents:
8095
diff
changeset
|
132 |
d46579bb7a3c
Print a help message about authentication at startup until the first successful authentication.
Timo Sirainen <tss@iki.fi>
parents:
8095
diff
changeset
|
133 fd = creat(AUTH_SUCCESS_PATH, 0666); |
d46579bb7a3c
Print a help message about authentication at startup until the first successful authentication.
Timo Sirainen <tss@iki.fi>
parents:
8095
diff
changeset
|
134 if (fd == -1) |
d46579bb7a3c
Print a help message about authentication at startup until the first successful authentication.
Timo Sirainen <tss@iki.fi>
parents:
8095
diff
changeset
|
135 i_error("creat(%s) failed: %m", AUTH_SUCCESS_PATH); |
d46579bb7a3c
Print a help message about authentication at startup until the first successful authentication.
Timo Sirainen <tss@iki.fi>
parents:
8095
diff
changeset
|
136 else |
d46579bb7a3c
Print a help message about authentication at startup until the first successful authentication.
Timo Sirainen <tss@iki.fi>
parents:
8095
diff
changeset
|
137 (void)close(fd); |
d46579bb7a3c
Print a help message about authentication at startup until the first successful authentication.
Timo Sirainen <tss@iki.fi>
parents:
8095
diff
changeset
|
138 auth_success_written = TRUE; |
d46579bb7a3c
Print a help message about authentication at startup until the first successful authentication.
Timo Sirainen <tss@iki.fi>
parents:
8095
diff
changeset
|
139 } |
d46579bb7a3c
Print a help message about authentication at startup until the first successful authentication.
Timo Sirainen <tss@iki.fi>
parents:
8095
diff
changeset
|
140 |
4907
5b4c9b20eba0
Replaced void *context from a lot of callbacks with the actual context
Timo Sirainen <tss@iki.fi>
parents:
4472
diff
changeset
|
141 auth_master_callback(list[1], list + 2, request); |
8573
f9166a09423a
Renamed hash_*() to hash_table_*() to avoid conflicts with OSX's strhash.h
Timo Sirainen <tss@iki.fi>
parents:
8560
diff
changeset
|
142 hash_table_remove(process->requests, POINTER_CAST(id)); |
2736
0f31778d3c34
Changed dovecot-auth protocol to ASCII based. Should be easier now to write
Timo Sirainen <tss@iki.fi>
parents:
2717
diff
changeset
|
143 return TRUE; |
0f31778d3c34
Changed dovecot-auth protocol to ASCII based. Should be easier now to write
Timo Sirainen <tss@iki.fi>
parents:
2717
diff
changeset
|
144 } |
0f31778d3c34
Changed dovecot-auth protocol to ASCII based. Should be easier now to write
Timo Sirainen <tss@iki.fi>
parents:
2717
diff
changeset
|
145 |
3863
55df57c028d4
Added "bool" type and changed all ints that were used as booleans to bool.
Timo Sirainen <tss@iki.fi>
parents:
3853
diff
changeset
|
146 static bool |
2736
0f31778d3c34
Changed dovecot-auth protocol to ASCII based. Should be easier now to write
Timo Sirainen <tss@iki.fi>
parents:
2717
diff
changeset
|
147 auth_process_input_notfound(struct auth_process *process, const char *args) |
0f31778d3c34
Changed dovecot-auth protocol to ASCII based. Should be easier now to write
Timo Sirainen <tss@iki.fi>
parents:
2717
diff
changeset
|
148 { |
4907
5b4c9b20eba0
Replaced void *context from a lot of callbacks with the actual context
Timo Sirainen <tss@iki.fi>
parents:
4472
diff
changeset
|
149 struct login_auth_request *request; |
2736
0f31778d3c34
Changed dovecot-auth protocol to ASCII based. Should be easier now to write
Timo Sirainen <tss@iki.fi>
parents:
2717
diff
changeset
|
150 unsigned int id; |
0f31778d3c34
Changed dovecot-auth protocol to ASCII based. Should be easier now to write
Timo Sirainen <tss@iki.fi>
parents:
2717
diff
changeset
|
151 |
0f31778d3c34
Changed dovecot-auth protocol to ASCII based. Should be easier now to write
Timo Sirainen <tss@iki.fi>
parents:
2717
diff
changeset
|
152 id = (unsigned int)strtoul(args, NULL, 10); |
0f31778d3c34
Changed dovecot-auth protocol to ASCII based. Should be easier now to write
Timo Sirainen <tss@iki.fi>
parents:
2717
diff
changeset
|
153 |
8573
f9166a09423a
Renamed hash_*() to hash_table_*() to avoid conflicts with OSX's strhash.h
Timo Sirainen <tss@iki.fi>
parents:
8560
diff
changeset
|
154 request = hash_table_lookup(process->requests, POINTER_CAST(id)); |
4907
5b4c9b20eba0
Replaced void *context from a lot of callbacks with the actual context
Timo Sirainen <tss@iki.fi>
parents:
4472
diff
changeset
|
155 if (request == NULL) { |
2736
0f31778d3c34
Changed dovecot-auth protocol to ASCII based. Should be easier now to write
Timo Sirainen <tss@iki.fi>
parents:
2717
diff
changeset
|
156 i_error("BUG: Auth process %s sent unrequested reply with ID " |
0f31778d3c34
Changed dovecot-auth protocol to ASCII based. Should be easier now to write
Timo Sirainen <tss@iki.fi>
parents:
2717
diff
changeset
|
157 "%u", dec2str(process->pid), id); |
0f31778d3c34
Changed dovecot-auth protocol to ASCII based. Should be easier now to write
Timo Sirainen <tss@iki.fi>
parents:
2717
diff
changeset
|
158 return FALSE; |
0 | 159 } |
160 | |
4907
5b4c9b20eba0
Replaced void *context from a lot of callbacks with the actual context
Timo Sirainen <tss@iki.fi>
parents:
4472
diff
changeset
|
161 auth_master_callback(NULL, NULL, request); |
8573
f9166a09423a
Renamed hash_*() to hash_table_*() to avoid conflicts with OSX's strhash.h
Timo Sirainen <tss@iki.fi>
parents:
8560
diff
changeset
|
162 hash_table_remove(process->requests, POINTER_CAST(id)); |
2736
0f31778d3c34
Changed dovecot-auth protocol to ASCII based. Should be easier now to write
Timo Sirainen <tss@iki.fi>
parents:
2717
diff
changeset
|
163 return TRUE; |
0f31778d3c34
Changed dovecot-auth protocol to ASCII based. Should be easier now to write
Timo Sirainen <tss@iki.fi>
parents:
2717
diff
changeset
|
164 } |
0f31778d3c34
Changed dovecot-auth protocol to ASCII based. Should be easier now to write
Timo Sirainen <tss@iki.fi>
parents:
2717
diff
changeset
|
165 |
3863
55df57c028d4
Added "bool" type and changed all ints that were used as booleans to bool.
Timo Sirainen <tss@iki.fi>
parents:
3853
diff
changeset
|
166 static bool |
2791
b12e61e55c01
Put SPID back, it's needed for standalone dovecot-auth.
Timo Sirainen <tss@iki.fi>
parents:
2778
diff
changeset
|
167 auth_process_input_spid(struct auth_process *process, const char *args) |
b12e61e55c01
Put SPID back, it's needed for standalone dovecot-auth.
Timo Sirainen <tss@iki.fi>
parents:
2778
diff
changeset
|
168 { |
b12e61e55c01
Put SPID back, it's needed for standalone dovecot-auth.
Timo Sirainen <tss@iki.fi>
parents:
2778
diff
changeset
|
169 unsigned int pid; |
b12e61e55c01
Put SPID back, it's needed for standalone dovecot-auth.
Timo Sirainen <tss@iki.fi>
parents:
2778
diff
changeset
|
170 |
b12e61e55c01
Put SPID back, it's needed for standalone dovecot-auth.
Timo Sirainen <tss@iki.fi>
parents:
2778
diff
changeset
|
171 if (process->initialized) { |
b12e61e55c01
Put SPID back, it's needed for standalone dovecot-auth.
Timo Sirainen <tss@iki.fi>
parents:
2778
diff
changeset
|
172 i_error("BUG: Authentication server re-handshaking"); |
b12e61e55c01
Put SPID back, it's needed for standalone dovecot-auth.
Timo Sirainen <tss@iki.fi>
parents:
2778
diff
changeset
|
173 return FALSE; |
b12e61e55c01
Put SPID back, it's needed for standalone dovecot-auth.
Timo Sirainen <tss@iki.fi>
parents:
2778
diff
changeset
|
174 } |
b12e61e55c01
Put SPID back, it's needed for standalone dovecot-auth.
Timo Sirainen <tss@iki.fi>
parents:
2778
diff
changeset
|
175 |
b12e61e55c01
Put SPID back, it's needed for standalone dovecot-auth.
Timo Sirainen <tss@iki.fi>
parents:
2778
diff
changeset
|
176 pid = (unsigned int)strtoul(args, NULL, 10); |
b12e61e55c01
Put SPID back, it's needed for standalone dovecot-auth.
Timo Sirainen <tss@iki.fi>
parents:
2778
diff
changeset
|
177 if (pid == 0) { |
b12e61e55c01
Put SPID back, it's needed for standalone dovecot-auth.
Timo Sirainen <tss@iki.fi>
parents:
2778
diff
changeset
|
178 i_error("BUG: Authentication server said it's PID 0"); |
b12e61e55c01
Put SPID back, it's needed for standalone dovecot-auth.
Timo Sirainen <tss@iki.fi>
parents:
2778
diff
changeset
|
179 return FALSE; |
b12e61e55c01
Put SPID back, it's needed for standalone dovecot-auth.
Timo Sirainen <tss@iki.fi>
parents:
2778
diff
changeset
|
180 } |
b12e61e55c01
Put SPID back, it's needed for standalone dovecot-auth.
Timo Sirainen <tss@iki.fi>
parents:
2778
diff
changeset
|
181 |
b12e61e55c01
Put SPID back, it's needed for standalone dovecot-auth.
Timo Sirainen <tss@iki.fi>
parents:
2778
diff
changeset
|
182 if (process->pid != 0 && process->pid != (pid_t)pid) { |
b12e61e55c01
Put SPID back, it's needed for standalone dovecot-auth.
Timo Sirainen <tss@iki.fi>
parents:
2778
diff
changeset
|
183 i_error("BUG: Authentication server sent invalid SPID " |
b12e61e55c01
Put SPID back, it's needed for standalone dovecot-auth.
Timo Sirainen <tss@iki.fi>
parents:
2778
diff
changeset
|
184 "(%u != %s)", pid, dec2str(process->pid)); |
b12e61e55c01
Put SPID back, it's needed for standalone dovecot-auth.
Timo Sirainen <tss@iki.fi>
parents:
2778
diff
changeset
|
185 return FALSE; |
b12e61e55c01
Put SPID back, it's needed for standalone dovecot-auth.
Timo Sirainen <tss@iki.fi>
parents:
2778
diff
changeset
|
186 } |
b12e61e55c01
Put SPID back, it's needed for standalone dovecot-auth.
Timo Sirainen <tss@iki.fi>
parents:
2778
diff
changeset
|
187 |
b12e61e55c01
Put SPID back, it's needed for standalone dovecot-auth.
Timo Sirainen <tss@iki.fi>
parents:
2778
diff
changeset
|
188 process->pid = pid; |
b12e61e55c01
Put SPID back, it's needed for standalone dovecot-auth.
Timo Sirainen <tss@iki.fi>
parents:
2778
diff
changeset
|
189 process->initialized = TRUE; |
5136
86625faa49b5
Start auth processes immediately at startup, not after one second delay.
Timo Sirainen <tss@iki.fi>
parents:
4907
diff
changeset
|
190 |
86625faa49b5
Start auth processes immediately at startup, not after one second delay.
Timo Sirainen <tss@iki.fi>
parents:
4907
diff
changeset
|
191 have_initialized_auth_processes = TRUE; |
2791
b12e61e55c01
Put SPID back, it's needed for standalone dovecot-auth.
Timo Sirainen <tss@iki.fi>
parents:
2778
diff
changeset
|
192 return TRUE; |
b12e61e55c01
Put SPID back, it's needed for standalone dovecot-auth.
Timo Sirainen <tss@iki.fi>
parents:
2778
diff
changeset
|
193 } |
b12e61e55c01
Put SPID back, it's needed for standalone dovecot-auth.
Timo Sirainen <tss@iki.fi>
parents:
2778
diff
changeset
|
194 |
3863
55df57c028d4
Added "bool" type and changed all ints that were used as booleans to bool.
Timo Sirainen <tss@iki.fi>
parents:
3853
diff
changeset
|
195 static bool |
2736
0f31778d3c34
Changed dovecot-auth protocol to ASCII based. Should be easier now to write
Timo Sirainen <tss@iki.fi>
parents:
2717
diff
changeset
|
196 auth_process_input_fail(struct auth_process *process, const char *args) |
0f31778d3c34
Changed dovecot-auth protocol to ASCII based. Should be easier now to write
Timo Sirainen <tss@iki.fi>
parents:
2717
diff
changeset
|
197 { |
4907
5b4c9b20eba0
Replaced void *context from a lot of callbacks with the actual context
Timo Sirainen <tss@iki.fi>
parents:
4472
diff
changeset
|
198 struct login_auth_request *request; |
2736
0f31778d3c34
Changed dovecot-auth protocol to ASCII based. Should be easier now to write
Timo Sirainen <tss@iki.fi>
parents:
2717
diff
changeset
|
199 const char *error; |
0f31778d3c34
Changed dovecot-auth protocol to ASCII based. Should be easier now to write
Timo Sirainen <tss@iki.fi>
parents:
2717
diff
changeset
|
200 unsigned int id; |
0f31778d3c34
Changed dovecot-auth protocol to ASCII based. Should be easier now to write
Timo Sirainen <tss@iki.fi>
parents:
2717
diff
changeset
|
201 |
0f31778d3c34
Changed dovecot-auth protocol to ASCII based. Should be easier now to write
Timo Sirainen <tss@iki.fi>
parents:
2717
diff
changeset
|
202 error = strchr(args, '\t'); |
0f31778d3c34
Changed dovecot-auth protocol to ASCII based. Should be easier now to write
Timo Sirainen <tss@iki.fi>
parents:
2717
diff
changeset
|
203 if (error != NULL) |
0f31778d3c34
Changed dovecot-auth protocol to ASCII based. Should be easier now to write
Timo Sirainen <tss@iki.fi>
parents:
2717
diff
changeset
|
204 error++; |
0f31778d3c34
Changed dovecot-auth protocol to ASCII based. Should be easier now to write
Timo Sirainen <tss@iki.fi>
parents:
2717
diff
changeset
|
205 |
0f31778d3c34
Changed dovecot-auth protocol to ASCII based. Should be easier now to write
Timo Sirainen <tss@iki.fi>
parents:
2717
diff
changeset
|
206 id = (unsigned int)strtoul(args, NULL, 10); |
0f31778d3c34
Changed dovecot-auth protocol to ASCII based. Should be easier now to write
Timo Sirainen <tss@iki.fi>
parents:
2717
diff
changeset
|
207 |
8573
f9166a09423a
Renamed hash_*() to hash_table_*() to avoid conflicts with OSX's strhash.h
Timo Sirainen <tss@iki.fi>
parents:
8560
diff
changeset
|
208 request = hash_table_lookup(process->requests, POINTER_CAST(id)); |
4907
5b4c9b20eba0
Replaced void *context from a lot of callbacks with the actual context
Timo Sirainen <tss@iki.fi>
parents:
4472
diff
changeset
|
209 if (request == NULL) { |
2736
0f31778d3c34
Changed dovecot-auth protocol to ASCII based. Should be easier now to write
Timo Sirainen <tss@iki.fi>
parents:
2717
diff
changeset
|
210 i_error("BUG: Auth process %s sent unrequested reply with ID " |
0f31778d3c34
Changed dovecot-auth protocol to ASCII based. Should be easier now to write
Timo Sirainen <tss@iki.fi>
parents:
2717
diff
changeset
|
211 "%u", dec2str(process->pid), id); |
0f31778d3c34
Changed dovecot-auth protocol to ASCII based. Should be easier now to write
Timo Sirainen <tss@iki.fi>
parents:
2717
diff
changeset
|
212 return FALSE; |
0f31778d3c34
Changed dovecot-auth protocol to ASCII based. Should be easier now to write
Timo Sirainen <tss@iki.fi>
parents:
2717
diff
changeset
|
213 } |
0f31778d3c34
Changed dovecot-auth protocol to ASCII based. Should be easier now to write
Timo Sirainen <tss@iki.fi>
parents:
2717
diff
changeset
|
214 |
4907
5b4c9b20eba0
Replaced void *context from a lot of callbacks with the actual context
Timo Sirainen <tss@iki.fi>
parents:
4472
diff
changeset
|
215 auth_master_callback(NULL, NULL, request); |
8573
f9166a09423a
Renamed hash_*() to hash_table_*() to avoid conflicts with OSX's strhash.h
Timo Sirainen <tss@iki.fi>
parents:
8560
diff
changeset
|
216 hash_table_remove(process->requests, POINTER_CAST(id)); |
2736
0f31778d3c34
Changed dovecot-auth protocol to ASCII based. Should be easier now to write
Timo Sirainen <tss@iki.fi>
parents:
2717
diff
changeset
|
217 return TRUE; |
0 | 218 } |
219 | |
6940
414c9d631a81
Replaced t_push/t_pop calls with T_FRAME*() macros.
Timo Sirainen <tss@iki.fi>
parents:
6542
diff
changeset
|
220 static bool |
414c9d631a81
Replaced t_push/t_pop calls with T_FRAME*() macros.
Timo Sirainen <tss@iki.fi>
parents:
6542
diff
changeset
|
221 auth_process_input_line(struct auth_process *process, const char *line) |
414c9d631a81
Replaced t_push/t_pop calls with T_FRAME*() macros.
Timo Sirainen <tss@iki.fi>
parents:
6542
diff
changeset
|
222 { |
414c9d631a81
Replaced t_push/t_pop calls with T_FRAME*() macros.
Timo Sirainen <tss@iki.fi>
parents:
6542
diff
changeset
|
223 if (strncmp(line, "USER\t", 5) == 0) |
414c9d631a81
Replaced t_push/t_pop calls with T_FRAME*() macros.
Timo Sirainen <tss@iki.fi>
parents:
6542
diff
changeset
|
224 return auth_process_input_user(process, line + 5); |
414c9d631a81
Replaced t_push/t_pop calls with T_FRAME*() macros.
Timo Sirainen <tss@iki.fi>
parents:
6542
diff
changeset
|
225 else if (strncmp(line, "NOTFOUND\t", 9) == 0) |
414c9d631a81
Replaced t_push/t_pop calls with T_FRAME*() macros.
Timo Sirainen <tss@iki.fi>
parents:
6542
diff
changeset
|
226 return auth_process_input_notfound(process, line + 9); |
414c9d631a81
Replaced t_push/t_pop calls with T_FRAME*() macros.
Timo Sirainen <tss@iki.fi>
parents:
6542
diff
changeset
|
227 else if (strncmp(line, "FAIL\t", 5) == 0) |
414c9d631a81
Replaced t_push/t_pop calls with T_FRAME*() macros.
Timo Sirainen <tss@iki.fi>
parents:
6542
diff
changeset
|
228 return auth_process_input_fail(process, line + 5); |
414c9d631a81
Replaced t_push/t_pop calls with T_FRAME*() macros.
Timo Sirainen <tss@iki.fi>
parents:
6542
diff
changeset
|
229 else if (strncmp(line, "SPID\t", 5) == 0) |
414c9d631a81
Replaced t_push/t_pop calls with T_FRAME*() macros.
Timo Sirainen <tss@iki.fi>
parents:
6542
diff
changeset
|
230 return auth_process_input_spid(process, line + 5); |
414c9d631a81
Replaced t_push/t_pop calls with T_FRAME*() macros.
Timo Sirainen <tss@iki.fi>
parents:
6542
diff
changeset
|
231 else |
414c9d631a81
Replaced t_push/t_pop calls with T_FRAME*() macros.
Timo Sirainen <tss@iki.fi>
parents:
6542
diff
changeset
|
232 return TRUE; |
414c9d631a81
Replaced t_push/t_pop calls with T_FRAME*() macros.
Timo Sirainen <tss@iki.fi>
parents:
6542
diff
changeset
|
233 } |
414c9d631a81
Replaced t_push/t_pop calls with T_FRAME*() macros.
Timo Sirainen <tss@iki.fi>
parents:
6542
diff
changeset
|
234 |
4907
5b4c9b20eba0
Replaced void *context from a lot of callbacks with the actual context
Timo Sirainen <tss@iki.fi>
parents:
4472
diff
changeset
|
235 static void auth_process_input(struct auth_process *process) |
0 | 236 { |
2736
0f31778d3c34
Changed dovecot-auth protocol to ASCII based. Should be easier now to write
Timo Sirainen <tss@iki.fi>
parents:
2717
diff
changeset
|
237 const char *line; |
3863
55df57c028d4
Added "bool" type and changed all ints that were used as booleans to bool.
Timo Sirainen <tss@iki.fi>
parents:
3853
diff
changeset
|
238 bool ret; |
0 | 239 |
2736
0f31778d3c34
Changed dovecot-auth protocol to ASCII based. Should be easier now to write
Timo Sirainen <tss@iki.fi>
parents:
2717
diff
changeset
|
240 switch (i_stream_read(process->input)) { |
1035
fe49ece0f3ea
We have now separate "userdb" and "passdb". They aren't tied to each others
Timo Sirainen <tss@iki.fi>
parents:
1000
diff
changeset
|
241 case 0: |
fe49ece0f3ea
We have now separate "userdb" and "passdb". They aren't tied to each others
Timo Sirainen <tss@iki.fi>
parents:
1000
diff
changeset
|
242 return; |
fe49ece0f3ea
We have now separate "userdb" and "passdb". They aren't tied to each others
Timo Sirainen <tss@iki.fi>
parents:
1000
diff
changeset
|
243 case -1: |
0 | 244 /* disconnected */ |
2736
0f31778d3c34
Changed dovecot-auth protocol to ASCII based. Should be easier now to write
Timo Sirainen <tss@iki.fi>
parents:
2717
diff
changeset
|
245 auth_process_destroy(process); |
0 | 246 return; |
1035
fe49ece0f3ea
We have now separate "userdb" and "passdb". They aren't tied to each others
Timo Sirainen <tss@iki.fi>
parents:
1000
diff
changeset
|
247 case -2: |
fe49ece0f3ea
We have now separate "userdb" and "passdb". They aren't tied to each others
Timo Sirainen <tss@iki.fi>
parents:
1000
diff
changeset
|
248 /* buffer full */ |
fe49ece0f3ea
We have now separate "userdb" and "passdb". They aren't tied to each others
Timo Sirainen <tss@iki.fi>
parents:
1000
diff
changeset
|
249 i_error("BUG: Auth process %s sent us more than %d " |
2736
0f31778d3c34
Changed dovecot-auth protocol to ASCII based. Should be easier now to write
Timo Sirainen <tss@iki.fi>
parents:
2717
diff
changeset
|
250 "bytes of data", dec2str(process->pid), |
0f31778d3c34
Changed dovecot-auth protocol to ASCII based. Should be easier now to write
Timo Sirainen <tss@iki.fi>
parents:
2717
diff
changeset
|
251 (int)MAX_INBUF_SIZE); |
0f31778d3c34
Changed dovecot-auth protocol to ASCII based. Should be easier now to write
Timo Sirainen <tss@iki.fi>
parents:
2717
diff
changeset
|
252 auth_process_destroy(process); |
1035
fe49ece0f3ea
We have now separate "userdb" and "passdb". They aren't tied to each others
Timo Sirainen <tss@iki.fi>
parents:
1000
diff
changeset
|
253 return; |
0 | 254 } |
255 | |
2791
b12e61e55c01
Put SPID back, it's needed for standalone dovecot-auth.
Timo Sirainen <tss@iki.fi>
parents:
2778
diff
changeset
|
256 if (!process->version_received) { |
2776
150f8151c971
Added VERSION command and checking to authentication protocol.
Timo Sirainen <tss@iki.fi>
parents:
2752
diff
changeset
|
257 line = i_stream_next_line(process->input); |
150f8151c971
Added VERSION command and checking to authentication protocol.
Timo Sirainen <tss@iki.fi>
parents:
2752
diff
changeset
|
258 if (line == NULL) |
150f8151c971
Added VERSION command and checking to authentication protocol.
Timo Sirainen <tss@iki.fi>
parents:
2752
diff
changeset
|
259 return; |
150f8151c971
Added VERSION command and checking to authentication protocol.
Timo Sirainen <tss@iki.fi>
parents:
2752
diff
changeset
|
260 |
150f8151c971
Added VERSION command and checking to authentication protocol.
Timo Sirainen <tss@iki.fi>
parents:
2752
diff
changeset
|
261 /* make sure the major version matches */ |
150f8151c971
Added VERSION command and checking to authentication protocol.
Timo Sirainen <tss@iki.fi>
parents:
2752
diff
changeset
|
262 if (strncmp(line, "VERSION\t", 8) != 0 || |
2809
0b1bef51f207
Separate major/minor version with TAB instead of dot in VERSION.
Timo Sirainen <tss@iki.fi>
parents:
2798
diff
changeset
|
263 atoi(t_strcut(line + 8, '\t')) != |
2776
150f8151c971
Added VERSION command and checking to authentication protocol.
Timo Sirainen <tss@iki.fi>
parents:
2752
diff
changeset
|
264 AUTH_MASTER_PROTOCOL_MAJOR_VERSION) { |
150f8151c971
Added VERSION command and checking to authentication protocol.
Timo Sirainen <tss@iki.fi>
parents:
2752
diff
changeset
|
265 i_error("Auth process %s not compatible with master " |
150f8151c971
Added VERSION command and checking to authentication protocol.
Timo Sirainen <tss@iki.fi>
parents:
2752
diff
changeset
|
266 "process (mixed old and new binaries?)", |
150f8151c971
Added VERSION command and checking to authentication protocol.
Timo Sirainen <tss@iki.fi>
parents:
2752
diff
changeset
|
267 dec2str(process->pid)); |
150f8151c971
Added VERSION command and checking to authentication protocol.
Timo Sirainen <tss@iki.fi>
parents:
2752
diff
changeset
|
268 auth_process_destroy(process); |
150f8151c971
Added VERSION command and checking to authentication protocol.
Timo Sirainen <tss@iki.fi>
parents:
2752
diff
changeset
|
269 return; |
150f8151c971
Added VERSION command and checking to authentication protocol.
Timo Sirainen <tss@iki.fi>
parents:
2752
diff
changeset
|
270 } |
2791
b12e61e55c01
Put SPID back, it's needed for standalone dovecot-auth.
Timo Sirainen <tss@iki.fi>
parents:
2778
diff
changeset
|
271 process->version_received = TRUE; |
2776
150f8151c971
Added VERSION command and checking to authentication protocol.
Timo Sirainen <tss@iki.fi>
parents:
2752
diff
changeset
|
272 } |
150f8151c971
Added VERSION command and checking to authentication protocol.
Timo Sirainen <tss@iki.fi>
parents:
2752
diff
changeset
|
273 |
2736
0f31778d3c34
Changed dovecot-auth protocol to ASCII based. Should be easier now to write
Timo Sirainen <tss@iki.fi>
parents:
2717
diff
changeset
|
274 while ((line = i_stream_next_line(process->input)) != NULL) { |
7226
e6693a0ec8e1
Renamed T_FRAME_BEGIN/END to T_BEGIN/END. Removed T_FRAME() macro and
Timo Sirainen <tss@iki.fi>
parents:
7109
diff
changeset
|
275 T_BEGIN { |
6940
414c9d631a81
Replaced t_push/t_pop calls with T_FRAME*() macros.
Timo Sirainen <tss@iki.fi>
parents:
6542
diff
changeset
|
276 ret = auth_process_input_line(process, line); |
7226
e6693a0ec8e1
Renamed T_FRAME_BEGIN/END to T_BEGIN/END. Removed T_FRAME() macro and
Timo Sirainen <tss@iki.fi>
parents:
7109
diff
changeset
|
277 } T_END; |
2736
0f31778d3c34
Changed dovecot-auth protocol to ASCII based. Should be easier now to write
Timo Sirainen <tss@iki.fi>
parents:
2717
diff
changeset
|
278 if (!ret) { |
0f31778d3c34
Changed dovecot-auth protocol to ASCII based. Should be easier now to write
Timo Sirainen <tss@iki.fi>
parents:
2717
diff
changeset
|
279 auth_process_destroy(process); |
1131
817718515e5f
Auth process communication was a bit broken
Timo Sirainen <tss@iki.fi>
parents:
1124
diff
changeset
|
280 break; |
817718515e5f
Auth process communication was a bit broken
Timo Sirainen <tss@iki.fi>
parents:
1124
diff
changeset
|
281 } |
1035
fe49ece0f3ea
We have now separate "userdb" and "passdb". They aren't tied to each others
Timo Sirainen <tss@iki.fi>
parents:
1000
diff
changeset
|
282 } |
0 | 283 } |
284 | |
4907
5b4c9b20eba0
Replaced void *context from a lot of callbacks with the actual context
Timo Sirainen <tss@iki.fi>
parents:
4472
diff
changeset
|
285 static void auth_worker_input(struct auth_process *p) |
3166
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3083
diff
changeset
|
286 { |
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3083
diff
changeset
|
287 int fd; |
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3083
diff
changeset
|
288 |
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3083
diff
changeset
|
289 fd = net_accept(p->worker_listen_fd, NULL, NULL); |
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3083
diff
changeset
|
290 if (fd < 0) { |
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3083
diff
changeset
|
291 if (fd == -2) |
5358
a977ad033903
net_listen_unix() API changed a bit. -1 is now returned for errors that can
Timo Sirainen <tss@iki.fi>
parents:
5137
diff
changeset
|
292 i_error("accept(worker) failed: %m"); |
3166
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3083
diff
changeset
|
293 return; |
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3083
diff
changeset
|
294 } |
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3083
diff
changeset
|
295 |
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3083
diff
changeset
|
296 net_set_nonblock(fd, TRUE); |
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3083
diff
changeset
|
297 fd_close_on_exec(fd, TRUE); |
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3083
diff
changeset
|
298 |
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3083
diff
changeset
|
299 create_auth_worker(p, fd); |
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3083
diff
changeset
|
300 } |
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3083
diff
changeset
|
301 |
903
fd8888f6f037
Naming style changes, finally got tired of most of the typedefs. Also the
Timo Sirainen <tss@iki.fi>
parents:
810
diff
changeset
|
302 static struct auth_process * |
3166
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3083
diff
changeset
|
303 auth_process_new(pid_t pid, int fd, struct auth_process_group *group) |
0 | 304 { |
903
fd8888f6f037
Naming style changes, finally got tired of most of the typedefs. Also the
Timo Sirainen <tss@iki.fi>
parents:
810
diff
changeset
|
305 struct auth_process *p; |
3166
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3083
diff
changeset
|
306 const char *path, *handshake; |
0 | 307 |
2236
43b82a35888d
Dovecot can now connect to externally running dovecot-auth.
Timo Sirainen <tss@iki.fi>
parents:
2230
diff
changeset
|
308 if (pid != 0) |
5843
f655c4d4a419
Moved child process handling to child-process.[ch]. The hash table now uses
Timo Sirainen <tss@iki.fi>
parents:
5706
diff
changeset
|
309 child_process_add(pid, &auth_child_process); |
0 | 310 |
903
fd8888f6f037
Naming style changes, finally got tired of most of the typedefs. Also the
Timo Sirainen <tss@iki.fi>
parents:
810
diff
changeset
|
311 p = i_new(struct auth_process, 1); |
1144
6970c1d808ab
Creating more than one auth process per group didn't really work.
Timo Sirainen <tss@iki.fi>
parents:
1133
diff
changeset
|
312 p->group = group; |
0 | 313 p->pid = pid; |
314 p->fd = fd; | |
315 p->io = io_add(fd, IO_READ, auth_process_input, p); | |
6162
896cc473c1f0
Renamed i_stream_create_file() to i_stream_create_fd().
Timo Sirainen <tss@iki.fi>
parents:
6161
diff
changeset
|
316 p->input = i_stream_create_fd(fd, MAX_INBUF_SIZE, FALSE); |
6161
c62f7ee79446
Split o_stream_create_file() to _create_fd() and _create_fd_file().
Timo Sirainen <tss@iki.fi>
parents:
6142
diff
changeset
|
317 p->output = o_stream_create_fd(fd, MAX_OUTBUF_SIZE, FALSE); |
8573
f9166a09423a
Renamed hash_*() to hash_table_*() to avoid conflicts with OSX's strhash.h
Timo Sirainen <tss@iki.fi>
parents:
8560
diff
changeset
|
318 p->requests = hash_table_create(default_pool, default_pool, 0, |
f9166a09423a
Renamed hash_*() to hash_table_*() to avoid conflicts with OSX's strhash.h
Timo Sirainen <tss@iki.fi>
parents:
8560
diff
changeset
|
319 NULL, NULL); |
0 | 320 |
3166
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3083
diff
changeset
|
321 group->process_count++; |
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3083
diff
changeset
|
322 |
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3083
diff
changeset
|
323 path = t_strdup_printf("%s/auth-worker.%s", |
4388
af61031c746f
Settings parser nowadays returns "" instead of NULL when it reads an empty
Timo Sirainen <tss@iki.fi>
parents:
4168
diff
changeset
|
324 *group->set->chroot != '\0' ? |
af61031c746f
Settings parser nowadays returns "" instead of NULL when it reads an empty
Timo Sirainen <tss@iki.fi>
parents:
4168
diff
changeset
|
325 group->set->chroot : |
3166
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3083
diff
changeset
|
326 group->set->parent->defaults->base_dir, |
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3083
diff
changeset
|
327 dec2str(pid)); |
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3083
diff
changeset
|
328 p->worker_listen_fd = |
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3083
diff
changeset
|
329 unix_socket_create(path, 0600, group->set->uid, |
8593
3cccf56e802a
Increase listen queues to handle high loads better.
Timo Sirainen <tss@iki.fi>
parents:
8590
diff
changeset
|
330 group->set->gid, 128); |
3166
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3083
diff
changeset
|
331 if (p->worker_listen_fd == -1) |
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3083
diff
changeset
|
332 i_fatal("Couldn't create auth worker listener"); |
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3083
diff
changeset
|
333 |
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3083
diff
changeset
|
334 net_set_nonblock(p->worker_listen_fd, TRUE); |
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3083
diff
changeset
|
335 fd_close_on_exec(p->worker_listen_fd, TRUE); |
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3083
diff
changeset
|
336 p->worker_io = io_add(p->worker_listen_fd, IO_READ, |
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3083
diff
changeset
|
337 auth_worker_input, p); |
3077
eb46a5dee02d
Changed the way multiple auth processes are handled. It no longer uses a pid
Timo Sirainen <tss@iki.fi>
parents:
3075
diff
changeset
|
338 |
2809
0b1bef51f207
Separate major/minor version with TAB instead of dot in VERSION.
Timo Sirainen <tss@iki.fi>
parents:
2798
diff
changeset
|
339 handshake = t_strdup_printf("VERSION\t%u\t%u\n", |
2778
b85e7c414f06
We didn't send VERSION handshake to auth process.
Timo Sirainen <tss@iki.fi>
parents:
2776
diff
changeset
|
340 AUTH_MASTER_PROTOCOL_MAJOR_VERSION, |
b85e7c414f06
We didn't send VERSION handshake to auth process.
Timo Sirainen <tss@iki.fi>
parents:
2776
diff
changeset
|
341 AUTH_MASTER_PROTOCOL_MINOR_VERSION); |
b85e7c414f06
We didn't send VERSION handshake to auth process.
Timo Sirainen <tss@iki.fi>
parents:
2776
diff
changeset
|
342 (void)o_stream_send_str(p->output, handshake); |
b85e7c414f06
We didn't send VERSION handshake to auth process.
Timo Sirainen <tss@iki.fi>
parents:
2776
diff
changeset
|
343 |
1144
6970c1d808ab
Creating more than one auth process per group didn't really work.
Timo Sirainen <tss@iki.fi>
parents:
1133
diff
changeset
|
344 p->next = group->processes; |
6970c1d808ab
Creating more than one auth process per group didn't really work.
Timo Sirainen <tss@iki.fi>
parents:
1133
diff
changeset
|
345 group->processes = p; |
0 | 346 return p; |
347 } | |
348 | |
903
fd8888f6f037
Naming style changes, finally got tired of most of the typedefs. Also the
Timo Sirainen <tss@iki.fi>
parents:
810
diff
changeset
|
349 static void auth_process_destroy(struct auth_process *p) |
0 | 350 { |
1897
1e6ed8045f2b
Changed hash_foreach() to iterator.
Timo Sirainen <tss@iki.fi>
parents:
1724
diff
changeset
|
351 struct hash_iterate_context *iter; |
1e6ed8045f2b
Changed hash_foreach() to iterator.
Timo Sirainen <tss@iki.fi>
parents:
1724
diff
changeset
|
352 void *key, *value; |
903
fd8888f6f037
Naming style changes, finally got tired of most of the typedefs. Also the
Timo Sirainen <tss@iki.fi>
parents:
810
diff
changeset
|
353 struct auth_process **pos; |
3166
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3083
diff
changeset
|
354 const char *path; |
0 | 355 |
2236
43b82a35888d
Dovecot can now connect to externally running dovecot-auth.
Timo Sirainen <tss@iki.fi>
parents:
2230
diff
changeset
|
356 if (!p->initialized && io_loop_is_running(ioloop) && !p->external) { |
7227
d64b898066a9
If auth process dies too early, kill ourself with i_fatal() so the log
Timo Sirainen <tss@iki.fi>
parents:
7226
diff
changeset
|
357 /* log the process exit and kill ourself */ |
8735
f8fdabb30c0a
master: Don't crash if auth process dies too early.
Timo Sirainen <tss@iki.fi>
parents:
8628
diff
changeset
|
358 child_processes_flush(); |
7471
e7e3d6ffb0c1
If auth process dies at startup, deinitialize logs properly so that any
Timo Sirainen <tss@iki.fi>
parents:
7341
diff
changeset
|
359 log_deinit(); |
7227
d64b898066a9
If auth process dies too early, kill ourself with i_fatal() so the log
Timo Sirainen <tss@iki.fi>
parents:
7226
diff
changeset
|
360 i_fatal("Auth process died too early - shutting down"); |
1000
0fbafade2d85
If auth/login process died unexpectedly, the exit status or killing signal
Timo Sirainen <tss@iki.fi>
parents:
998
diff
changeset
|
361 } |
925
2e649dec0f09
Auth and login processes send an "we're ok" reply at the end of
Timo Sirainen <tss@iki.fi>
parents:
907
diff
changeset
|
362 |
1144
6970c1d808ab
Creating more than one auth process per group didn't really work.
Timo Sirainen <tss@iki.fi>
parents:
1133
diff
changeset
|
363 for (pos = &p->group->processes; *pos != NULL; pos = &(*pos)->next) { |
0 | 364 if (*pos == p) { |
365 *pos = p->next; | |
366 break; | |
367 } | |
368 } | |
3166
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3083
diff
changeset
|
369 p->group->process_count--; |
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3083
diff
changeset
|
370 |
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3083
diff
changeset
|
371 path = t_strdup_printf("%s/auth-worker.%s", |
4388
af61031c746f
Settings parser nowadays returns "" instead of NULL when it reads an empty
Timo Sirainen <tss@iki.fi>
parents:
4168
diff
changeset
|
372 *p->group->set->chroot != '\0' ? |
3361
5cb55f703d9b
Make auth worker processes work with chroot enabled.
Timo Sirainen <tss@iki.fi>
parents:
3197
diff
changeset
|
373 p->group->set->chroot : |
3166
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3083
diff
changeset
|
374 p->group->set->parent->defaults->base_dir, |
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3083
diff
changeset
|
375 dec2str(p->pid)); |
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3083
diff
changeset
|
376 (void)unlink(path); |
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3083
diff
changeset
|
377 |
3960
aeb424e64f24
Call io_remove() before closing the fd. It's required by kqueue.
Timo Sirainen <tss@iki.fi>
parents:
3918
diff
changeset
|
378 io_remove(&p->worker_io); |
3166
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3083
diff
changeset
|
379 if (close(p->worker_listen_fd) < 0) |
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3083
diff
changeset
|
380 i_error("close(worker_listen) failed: %m"); |
2969
cad3a8913d4a
If login_process_per_connection=no, create a separate listener socket for
Timo Sirainen <tss@iki.fi>
parents:
2886
diff
changeset
|
381 |
8573
f9166a09423a
Renamed hash_*() to hash_table_*() to avoid conflicts with OSX's strhash.h
Timo Sirainen <tss@iki.fi>
parents:
8560
diff
changeset
|
382 iter = hash_table_iterate_init(p->requests); |
f9166a09423a
Renamed hash_*() to hash_table_*() to avoid conflicts with OSX's strhash.h
Timo Sirainen <tss@iki.fi>
parents:
8560
diff
changeset
|
383 while (hash_table_iterate(iter, &key, &value)) |
1897
1e6ed8045f2b
Changed hash_foreach() to iterator.
Timo Sirainen <tss@iki.fi>
parents:
1724
diff
changeset
|
384 auth_master_callback(NULL, NULL, value); |
8573
f9166a09423a
Renamed hash_*() to hash_table_*() to avoid conflicts with OSX's strhash.h
Timo Sirainen <tss@iki.fi>
parents:
8560
diff
changeset
|
385 hash_table_iterate_deinit(&iter); |
f9166a09423a
Renamed hash_*() to hash_table_*() to avoid conflicts with OSX's strhash.h
Timo Sirainen <tss@iki.fi>
parents:
8560
diff
changeset
|
386 hash_table_destroy(&p->requests); |
1035
fe49ece0f3ea
We have now separate "userdb" and "passdb". They aren't tied to each others
Timo Sirainen <tss@iki.fi>
parents:
1000
diff
changeset
|
387 |
4070
71b8faa84ec6
Added i_stream_destroy() and o_stream_destroy() and used them instead of
Timo Sirainen <tss@iki.fi>
parents:
4030
diff
changeset
|
388 i_stream_destroy(&p->input); |
71b8faa84ec6
Added i_stream_destroy() and o_stream_destroy() and used them instead of
Timo Sirainen <tss@iki.fi>
parents:
4030
diff
changeset
|
389 o_stream_destroy(&p->output); |
3879
928229f8b3e6
deinit, unref, destroy, close, free, etc. functions now take a pointer to
Timo Sirainen <tss@iki.fi>
parents:
3863
diff
changeset
|
390 io_remove(&p->io); |
805
5ac361acb316
Marked all non-trivial buffer modifications with @UNSAFE tag. Several
Timo Sirainen <tss@iki.fi>
parents:
801
diff
changeset
|
391 if (close(p->fd) < 0) |
5ac361acb316
Marked all non-trivial buffer modifications with @UNSAFE tag. Several
Timo Sirainen <tss@iki.fi>
parents:
801
diff
changeset
|
392 i_error("close(auth) failed: %m"); |
0 | 393 i_free(p); |
394 } | |
395 | |
2236
43b82a35888d
Dovecot can now connect to externally running dovecot-auth.
Timo Sirainen <tss@iki.fi>
parents:
2230
diff
changeset
|
396 static void |
7109
e6823d781317
Reverted "environment array" changes. It broke overriding imap/pop3 settings
Timo Sirainen <tss@iki.fi>
parents:
7095
diff
changeset
|
397 socket_settings_env_put(const char *env_base, struct socket_settings *set) |
2236
43b82a35888d
Dovecot can now connect to externally running dovecot-auth.
Timo Sirainen <tss@iki.fi>
parents:
2230
diff
changeset
|
398 { |
5706
afc4e8a7354a
Master and client sockets have default paths now. Section name only needs to
Timo Sirainen <tss@iki.fi>
parents:
5439
diff
changeset
|
399 if (!set->used) |
2236
43b82a35888d
Dovecot can now connect to externally running dovecot-auth.
Timo Sirainen <tss@iki.fi>
parents:
2230
diff
changeset
|
400 return; |
43b82a35888d
Dovecot can now connect to externally running dovecot-auth.
Timo Sirainen <tss@iki.fi>
parents:
2230
diff
changeset
|
401 |
7109
e6823d781317
Reverted "environment array" changes. It broke overriding imap/pop3 settings
Timo Sirainen <tss@iki.fi>
parents:
7095
diff
changeset
|
402 env_put(t_strdup_printf("%s=%s", env_base, set->path)); |
e6823d781317
Reverted "environment array" changes. It broke overriding imap/pop3 settings
Timo Sirainen <tss@iki.fi>
parents:
7095
diff
changeset
|
403 if (set->mode != 0) |
e6823d781317
Reverted "environment array" changes. It broke overriding imap/pop3 settings
Timo Sirainen <tss@iki.fi>
parents:
7095
diff
changeset
|
404 env_put(t_strdup_printf("%s_MODE=%o", env_base, set->mode)); |
e6823d781317
Reverted "environment array" changes. It broke overriding imap/pop3 settings
Timo Sirainen <tss@iki.fi>
parents:
7095
diff
changeset
|
405 if (*set->user != '\0') |
e6823d781317
Reverted "environment array" changes. It broke overriding imap/pop3 settings
Timo Sirainen <tss@iki.fi>
parents:
7095
diff
changeset
|
406 env_put(t_strdup_printf("%s_USER=%s", env_base, set->user)); |
e6823d781317
Reverted "environment array" changes. It broke overriding imap/pop3 settings
Timo Sirainen <tss@iki.fi>
parents:
7095
diff
changeset
|
407 if (*set->group != '\0') |
e6823d781317
Reverted "environment array" changes. It broke overriding imap/pop3 settings
Timo Sirainen <tss@iki.fi>
parents:
7095
diff
changeset
|
408 env_put(t_strdup_printf("%s_GROUP=%s", env_base, set->group)); |
2236
43b82a35888d
Dovecot can now connect to externally running dovecot-auth.
Timo Sirainen <tss@iki.fi>
parents:
2230
diff
changeset
|
409 } |
43b82a35888d
Dovecot can now connect to externally running dovecot-auth.
Timo Sirainen <tss@iki.fi>
parents:
2230
diff
changeset
|
410 |
43b82a35888d
Dovecot can now connect to externally running dovecot-auth.
Timo Sirainen <tss@iki.fi>
parents:
2230
diff
changeset
|
411 static int connect_auth_socket(struct auth_process_group *group, |
43b82a35888d
Dovecot can now connect to externally running dovecot-auth.
Timo Sirainen <tss@iki.fi>
parents:
2230
diff
changeset
|
412 const char *path) |
43b82a35888d
Dovecot can now connect to externally running dovecot-auth.
Timo Sirainen <tss@iki.fi>
parents:
2230
diff
changeset
|
413 { |
43b82a35888d
Dovecot can now connect to externally running dovecot-auth.
Timo Sirainen <tss@iki.fi>
parents:
2230
diff
changeset
|
414 struct auth_process *auth; |
43b82a35888d
Dovecot can now connect to externally running dovecot-auth.
Timo Sirainen <tss@iki.fi>
parents:
2230
diff
changeset
|
415 int fd; |
43b82a35888d
Dovecot can now connect to externally running dovecot-auth.
Timo Sirainen <tss@iki.fi>
parents:
2230
diff
changeset
|
416 |
43b82a35888d
Dovecot can now connect to externally running dovecot-auth.
Timo Sirainen <tss@iki.fi>
parents:
2230
diff
changeset
|
417 fd = net_connect_unix(path); |
43b82a35888d
Dovecot can now connect to externally running dovecot-auth.
Timo Sirainen <tss@iki.fi>
parents:
2230
diff
changeset
|
418 if (fd == -1) { |
43b82a35888d
Dovecot can now connect to externally running dovecot-auth.
Timo Sirainen <tss@iki.fi>
parents:
2230
diff
changeset
|
419 i_error("net_connect_unix(%s) failed: %m", path); |
43b82a35888d
Dovecot can now connect to externally running dovecot-auth.
Timo Sirainen <tss@iki.fi>
parents:
2230
diff
changeset
|
420 return -1; |
43b82a35888d
Dovecot can now connect to externally running dovecot-auth.
Timo Sirainen <tss@iki.fi>
parents:
2230
diff
changeset
|
421 } |
43b82a35888d
Dovecot can now connect to externally running dovecot-auth.
Timo Sirainen <tss@iki.fi>
parents:
2230
diff
changeset
|
422 |
43b82a35888d
Dovecot can now connect to externally running dovecot-auth.
Timo Sirainen <tss@iki.fi>
parents:
2230
diff
changeset
|
423 net_set_nonblock(fd, TRUE); |
43b82a35888d
Dovecot can now connect to externally running dovecot-auth.
Timo Sirainen <tss@iki.fi>
parents:
2230
diff
changeset
|
424 fd_close_on_exec(fd, TRUE); |
3166
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3083
diff
changeset
|
425 auth = auth_process_new(0, fd, group); |
2236
43b82a35888d
Dovecot can now connect to externally running dovecot-auth.
Timo Sirainen <tss@iki.fi>
parents:
2230
diff
changeset
|
426 auth->external = TRUE; |
43b82a35888d
Dovecot can now connect to externally running dovecot-auth.
Timo Sirainen <tss@iki.fi>
parents:
2230
diff
changeset
|
427 return 0; |
43b82a35888d
Dovecot can now connect to externally running dovecot-auth.
Timo Sirainen <tss@iki.fi>
parents:
2230
diff
changeset
|
428 } |
43b82a35888d
Dovecot can now connect to externally running dovecot-auth.
Timo Sirainen <tss@iki.fi>
parents:
2230
diff
changeset
|
429 |
7109
e6823d781317
Reverted "environment array" changes. It broke overriding imap/pop3 settings
Timo Sirainen <tss@iki.fi>
parents:
7095
diff
changeset
|
430 static void auth_set_environment(struct auth_settings *set) |
2969
cad3a8913d4a
If login_process_per_connection=no, create a separate listener socket for
Timo Sirainen <tss@iki.fi>
parents:
2886
diff
changeset
|
431 { |
3166
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3083
diff
changeset
|
432 struct auth_socket_settings *as; |
3183
16ea551957ed
Replaced userdb/passdb settings with blocks so it's possible to give
Timo Sirainen <tss@iki.fi>
parents:
3166
diff
changeset
|
433 struct auth_passdb_settings *ap; |
16ea551957ed
Replaced userdb/passdb settings with blocks so it's possible to give
Timo Sirainen <tss@iki.fi>
parents:
3166
diff
changeset
|
434 struct auth_userdb_settings *au; |
3166
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3083
diff
changeset
|
435 const char *str; |
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3083
diff
changeset
|
436 int i; |
2969
cad3a8913d4a
If login_process_per_connection=no, create a separate listener socket for
Timo Sirainen <tss@iki.fi>
parents:
2886
diff
changeset
|
437 |
3166
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3083
diff
changeset
|
438 /* setup access environment */ |
7341
af998ae4254b
Replaced mail_extra_groups setting with mail_privileged_group and
Timo Sirainen <tss@iki.fi>
parents:
7227
diff
changeset
|
439 restrict_access_set_env(set->user, set->uid, set->gid, |
af998ae4254b
Replaced mail_extra_groups setting with mail_privileged_group and
Timo Sirainen <tss@iki.fi>
parents:
7227
diff
changeset
|
440 (gid_t)-1, set->chroot, 0, 0, NULL); |
2969
cad3a8913d4a
If login_process_per_connection=no, create a separate listener socket for
Timo Sirainen <tss@iki.fi>
parents:
2886
diff
changeset
|
441 |
3166
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3083
diff
changeset
|
442 /* set other environment */ |
7109
e6823d781317
Reverted "environment array" changes. It broke overriding imap/pop3 settings
Timo Sirainen <tss@iki.fi>
parents:
7095
diff
changeset
|
443 env_put("DOVECOT_MASTER=1"); |
e6823d781317
Reverted "environment array" changes. It broke overriding imap/pop3 settings
Timo Sirainen <tss@iki.fi>
parents:
7095
diff
changeset
|
444 env_put(t_strconcat("AUTH_NAME=", set->name, NULL)); |
e6823d781317
Reverted "environment array" changes. It broke overriding imap/pop3 settings
Timo Sirainen <tss@iki.fi>
parents:
7095
diff
changeset
|
445 env_put(t_strconcat("MECHANISMS=", set->mechanisms, NULL)); |
e6823d781317
Reverted "environment array" changes. It broke overriding imap/pop3 settings
Timo Sirainen <tss@iki.fi>
parents:
7095
diff
changeset
|
446 env_put(t_strconcat("REALMS=", set->realms, NULL)); |
e6823d781317
Reverted "environment array" changes. It broke overriding imap/pop3 settings
Timo Sirainen <tss@iki.fi>
parents:
7095
diff
changeset
|
447 env_put(t_strconcat("DEFAULT_REALM=", set->default_realm, NULL)); |
e6823d781317
Reverted "environment array" changes. It broke overriding imap/pop3 settings
Timo Sirainen <tss@iki.fi>
parents:
7095
diff
changeset
|
448 env_put(t_strconcat("USERNAME_CHARS=", set->username_chars, NULL)); |
e6823d781317
Reverted "environment array" changes. It broke overriding imap/pop3 settings
Timo Sirainen <tss@iki.fi>
parents:
7095
diff
changeset
|
449 env_put(t_strconcat("ANONYMOUS_USERNAME=", |
e6823d781317
Reverted "environment array" changes. It broke overriding imap/pop3 settings
Timo Sirainen <tss@iki.fi>
parents:
7095
diff
changeset
|
450 set->anonymous_username, NULL)); |
e6823d781317
Reverted "environment array" changes. It broke overriding imap/pop3 settings
Timo Sirainen <tss@iki.fi>
parents:
7095
diff
changeset
|
451 env_put(t_strconcat("USERNAME_TRANSLATION=", |
e6823d781317
Reverted "environment array" changes. It broke overriding imap/pop3 settings
Timo Sirainen <tss@iki.fi>
parents:
7095
diff
changeset
|
452 set->username_translation, NULL)); |
e6823d781317
Reverted "environment array" changes. It broke overriding imap/pop3 settings
Timo Sirainen <tss@iki.fi>
parents:
7095
diff
changeset
|
453 env_put(t_strconcat("USERNAME_FORMAT=", set->username_format, NULL)); |
e6823d781317
Reverted "environment array" changes. It broke overriding imap/pop3 settings
Timo Sirainen <tss@iki.fi>
parents:
7095
diff
changeset
|
454 env_put(t_strconcat("MASTER_USER_SEPARATOR=", |
e6823d781317
Reverted "environment array" changes. It broke overriding imap/pop3 settings
Timo Sirainen <tss@iki.fi>
parents:
7095
diff
changeset
|
455 set->master_user_separator, NULL)); |
e6823d781317
Reverted "environment array" changes. It broke overriding imap/pop3 settings
Timo Sirainen <tss@iki.fi>
parents:
7095
diff
changeset
|
456 env_put(t_strdup_printf("CACHE_SIZE=%u", set->cache_size)); |
e6823d781317
Reverted "environment array" changes. It broke overriding imap/pop3 settings
Timo Sirainen <tss@iki.fi>
parents:
7095
diff
changeset
|
457 env_put(t_strdup_printf("CACHE_TTL=%u", set->cache_ttl)); |
e6823d781317
Reverted "environment array" changes. It broke overriding imap/pop3 settings
Timo Sirainen <tss@iki.fi>
parents:
7095
diff
changeset
|
458 env_put(t_strdup_printf("CACHE_NEGATIVE_TTL=%u", |
e6823d781317
Reverted "environment array" changes. It broke overriding imap/pop3 settings
Timo Sirainen <tss@iki.fi>
parents:
7095
diff
changeset
|
459 set->cache_negative_ttl)); |
2969
cad3a8913d4a
If login_process_per_connection=no, create a separate listener socket for
Timo Sirainen <tss@iki.fi>
parents:
2886
diff
changeset
|
460 |
3183
16ea551957ed
Replaced userdb/passdb settings with blocks so it's possible to give
Timo Sirainen <tss@iki.fi>
parents:
3166
diff
changeset
|
461 for (ap = set->passdbs, i = 1; ap != NULL; ap = ap->next, i++) { |
7109
e6823d781317
Reverted "environment array" changes. It broke overriding imap/pop3 settings
Timo Sirainen <tss@iki.fi>
parents:
7095
diff
changeset
|
462 env_put(t_strdup_printf("PASSDB_%u_DRIVER=%s", i, ap->driver)); |
3197
b6faacb023a0
Don't give NULL parameters to printf's %s format. Fixes crash with Solaris
Timo Sirainen <tss@iki.fi>
parents:
3183
diff
changeset
|
463 if (ap->args != NULL) { |
7109
e6823d781317
Reverted "environment array" changes. It broke overriding imap/pop3 settings
Timo Sirainen <tss@iki.fi>
parents:
7095
diff
changeset
|
464 env_put(t_strdup_printf("PASSDB_%u_ARGS=%s", |
e6823d781317
Reverted "environment array" changes. It broke overriding imap/pop3 settings
Timo Sirainen <tss@iki.fi>
parents:
7095
diff
changeset
|
465 i, ap->args)); |
3197
b6faacb023a0
Don't give NULL parameters to printf's %s format. Fixes crash with Solaris
Timo Sirainen <tss@iki.fi>
parents:
3183
diff
changeset
|
466 } |
3609 | 467 if (ap->deny) |
7109
e6823d781317
Reverted "environment array" changes. It broke overriding imap/pop3 settings
Timo Sirainen <tss@iki.fi>
parents:
7095
diff
changeset
|
468 env_put(t_strdup_printf("PASSDB_%u_DENY=1", i)); |
4104
77e10f1d2cb2
Removed master_no_passdb setting. Added pass setting which can be used to do
Timo Sirainen <tss@iki.fi>
parents:
4070
diff
changeset
|
469 if (ap->pass) |
7109
e6823d781317
Reverted "environment array" changes. It broke overriding imap/pop3 settings
Timo Sirainen <tss@iki.fi>
parents:
7095
diff
changeset
|
470 env_put(t_strdup_printf("PASSDB_%u_PASS=1", i)); |
e6823d781317
Reverted "environment array" changes. It broke overriding imap/pop3 settings
Timo Sirainen <tss@iki.fi>
parents:
7095
diff
changeset
|
471 if (ap->master) |
e6823d781317
Reverted "environment array" changes. It broke overriding imap/pop3 settings
Timo Sirainen <tss@iki.fi>
parents:
7095
diff
changeset
|
472 env_put(t_strdup_printf("PASSDB_%u_MASTER=1", i)); |
3183
16ea551957ed
Replaced userdb/passdb settings with blocks so it's possible to give
Timo Sirainen <tss@iki.fi>
parents:
3166
diff
changeset
|
473 } |
16ea551957ed
Replaced userdb/passdb settings with blocks so it's possible to give
Timo Sirainen <tss@iki.fi>
parents:
3166
diff
changeset
|
474 for (au = set->userdbs, i = 1; au != NULL; au = au->next, i++) { |
7109
e6823d781317
Reverted "environment array" changes. It broke overriding imap/pop3 settings
Timo Sirainen <tss@iki.fi>
parents:
7095
diff
changeset
|
475 env_put(t_strdup_printf("USERDB_%u_DRIVER=%s", i, au->driver)); |
3197
b6faacb023a0
Don't give NULL parameters to printf's %s format. Fixes crash with Solaris
Timo Sirainen <tss@iki.fi>
parents:
3183
diff
changeset
|
476 if (au->args != NULL) { |
7109
e6823d781317
Reverted "environment array" changes. It broke overriding imap/pop3 settings
Timo Sirainen <tss@iki.fi>
parents:
7095
diff
changeset
|
477 env_put(t_strdup_printf("USERDB_%u_ARGS=%s", |
e6823d781317
Reverted "environment array" changes. It broke overriding imap/pop3 settings
Timo Sirainen <tss@iki.fi>
parents:
7095
diff
changeset
|
478 i, au->args)); |
3197
b6faacb023a0
Don't give NULL parameters to printf's %s format. Fixes crash with Solaris
Timo Sirainen <tss@iki.fi>
parents:
3183
diff
changeset
|
479 } |
3183
16ea551957ed
Replaced userdb/passdb settings with blocks so it's possible to give
Timo Sirainen <tss@iki.fi>
parents:
3166
diff
changeset
|
480 } |
16ea551957ed
Replaced userdb/passdb settings with blocks so it's possible to give
Timo Sirainen <tss@iki.fi>
parents:
3166
diff
changeset
|
481 |
3166
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3083
diff
changeset
|
482 for (as = set->sockets, i = 1; as != NULL; as = as->next, i++) { |
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3083
diff
changeset
|
483 if (strcmp(as->type, "listen") != 0) |
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3083
diff
changeset
|
484 continue; |
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3083
diff
changeset
|
485 |
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3083
diff
changeset
|
486 str = t_strdup_printf("AUTH_%u", i); |
7109
e6823d781317
Reverted "environment array" changes. It broke overriding imap/pop3 settings
Timo Sirainen <tss@iki.fi>
parents:
7095
diff
changeset
|
487 socket_settings_env_put(str, &as->client); |
e6823d781317
Reverted "environment array" changes. It broke overriding imap/pop3 settings
Timo Sirainen <tss@iki.fi>
parents:
7095
diff
changeset
|
488 socket_settings_env_put(t_strconcat(str, "_MASTER", NULL), |
3166
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3083
diff
changeset
|
489 &as->master); |
2969
cad3a8913d4a
If login_process_per_connection=no, create a separate listener socket for
Timo Sirainen <tss@iki.fi>
parents:
2886
diff
changeset
|
490 } |
3166
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3083
diff
changeset
|
491 |
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3083
diff
changeset
|
492 if (set->verbose) |
7109
e6823d781317
Reverted "environment array" changes. It broke overriding imap/pop3 settings
Timo Sirainen <tss@iki.fi>
parents:
7095
diff
changeset
|
493 env_put("VERBOSE=1"); |
3166
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3083
diff
changeset
|
494 if (set->debug) |
7109
e6823d781317
Reverted "environment array" changes. It broke overriding imap/pop3 settings
Timo Sirainen <tss@iki.fi>
parents:
7095
diff
changeset
|
495 env_put("VERBOSE_DEBUG=1"); |
3918
40a461d554e6
Added auth_debug_passwords setting. If it's not enabled, hide all password
Timo Sirainen <tss@iki.fi>
parents:
3879
diff
changeset
|
496 if (set->debug_passwords) |
7109
e6823d781317
Reverted "environment array" changes. It broke overriding imap/pop3 settings
Timo Sirainen <tss@iki.fi>
parents:
7095
diff
changeset
|
497 env_put("VERBOSE_DEBUG_PASSWORDS=1"); |
3166
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3083
diff
changeset
|
498 if (set->ssl_require_client_cert) |
7109
e6823d781317
Reverted "environment array" changes. It broke overriding imap/pop3 settings
Timo Sirainen <tss@iki.fi>
parents:
7095
diff
changeset
|
499 env_put("SSL_REQUIRE_CLIENT_CERT=1"); |
3635
c12df370e1b2
Added ssl_username_from_cert setting. Not actually tested yet..
Timo Sirainen <tss@iki.fi>
parents:
3609
diff
changeset
|
500 if (set->ssl_username_from_cert) |
7109
e6823d781317
Reverted "environment array" changes. It broke overriding imap/pop3 settings
Timo Sirainen <tss@iki.fi>
parents:
7095
diff
changeset
|
501 env_put("SSL_USERNAME_FROM_CERT=1"); |
8095
1f948670f274
Renamed auth_ntlm_use_winbind to auth_use_winbind,
Timo Sirainen <tss@iki.fi>
parents:
8068
diff
changeset
|
502 if (set->use_winbind) |
1f948670f274
Renamed auth_ntlm_use_winbind to auth_use_winbind,
Timo Sirainen <tss@iki.fi>
parents:
8068
diff
changeset
|
503 env_put("USE_WINBIND=1"); |
4388
af61031c746f
Settings parser nowadays returns "" instead of NULL when it reads an empty
Timo Sirainen <tss@iki.fi>
parents:
4168
diff
changeset
|
504 if (*set->krb5_keytab != '\0') { |
8068
9569038e0816
gssapi: Make auth_krb5_keytab work by calling _register_acceptor_identity()
Timo Sirainen <tss@iki.fi>
parents:
7471
diff
changeset
|
505 /* Environment may be used by Kerberos 5 library directly, |
9569038e0816
gssapi: Make auth_krb5_keytab work by calling _register_acceptor_identity()
Timo Sirainen <tss@iki.fi>
parents:
7471
diff
changeset
|
506 although we also try to use it directly as well */ |
7109
e6823d781317
Reverted "environment array" changes. It broke overriding imap/pop3 settings
Timo Sirainen <tss@iki.fi>
parents:
7095
diff
changeset
|
507 env_put(t_strconcat("KRB5_KTNAME=", set->krb5_keytab, NULL)); |
3773 | 508 } |
7109
e6823d781317
Reverted "environment array" changes. It broke overriding imap/pop3 settings
Timo Sirainen <tss@iki.fi>
parents:
7095
diff
changeset
|
509 if (*set->gssapi_hostname != '\0') { |
e6823d781317
Reverted "environment array" changes. It broke overriding imap/pop3 settings
Timo Sirainen <tss@iki.fi>
parents:
7095
diff
changeset
|
510 env_put(t_strconcat("GSSAPI_HOSTNAME=", |
e6823d781317
Reverted "environment array" changes. It broke overriding imap/pop3 settings
Timo Sirainen <tss@iki.fi>
parents:
7095
diff
changeset
|
511 set->gssapi_hostname, NULL)); |
e6823d781317
Reverted "environment array" changes. It broke overriding imap/pop3 settings
Timo Sirainen <tss@iki.fi>
parents:
7095
diff
changeset
|
512 } |
e6823d781317
Reverted "environment array" changes. It broke overriding imap/pop3 settings
Timo Sirainen <tss@iki.fi>
parents:
7095
diff
changeset
|
513 env_put(t_strconcat("WINBIND_HELPER_PATH=", |
e6823d781317
Reverted "environment array" changes. It broke overriding imap/pop3 settings
Timo Sirainen <tss@iki.fi>
parents:
7095
diff
changeset
|
514 set->winbind_helper_path, NULL)); |
e6823d781317
Reverted "environment array" changes. It broke overriding imap/pop3 settings
Timo Sirainen <tss@iki.fi>
parents:
7095
diff
changeset
|
515 env_put(t_strdup_printf("FAILURE_DELAY=%u", set->failure_delay)); |
3166
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3083
diff
changeset
|
516 |
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3083
diff
changeset
|
517 restrict_process_size(set->process_size, (unsigned int)-1); |
2969
cad3a8913d4a
If login_process_per_connection=no, create a separate listener socket for
Timo Sirainen <tss@iki.fi>
parents:
2886
diff
changeset
|
518 } |
cad3a8913d4a
If login_process_per_connection=no, create a separate listener socket for
Timo Sirainen <tss@iki.fi>
parents:
2886
diff
changeset
|
519 |
3166
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3083
diff
changeset
|
520 static int create_auth_process(struct auth_process_group *group) |
0 | 521 { |
2236
43b82a35888d
Dovecot can now connect to externally running dovecot-auth.
Timo Sirainen <tss@iki.fi>
parents:
2230
diff
changeset
|
522 struct auth_socket_settings *as; |
3166
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3083
diff
changeset
|
523 const char *prefix, *executable; |
2046 | 524 struct log_io *log; |
0 | 525 pid_t pid; |
3166
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3083
diff
changeset
|
526 int fd[2], log_fd, i; |
0 | 527 |
2236
43b82a35888d
Dovecot can now connect to externally running dovecot-auth.
Timo Sirainen <tss@iki.fi>
parents:
2230
diff
changeset
|
528 /* see if this is a connect socket */ |
43b82a35888d
Dovecot can now connect to externally running dovecot-auth.
Timo Sirainen <tss@iki.fi>
parents:
2230
diff
changeset
|
529 as = group->set->sockets; |
43b82a35888d
Dovecot can now connect to externally running dovecot-auth.
Timo Sirainen <tss@iki.fi>
parents:
2230
diff
changeset
|
530 if (as != NULL && strcmp(as->type, "connect") == 0) |
43b82a35888d
Dovecot can now connect to externally running dovecot-auth.
Timo Sirainen <tss@iki.fi>
parents:
2230
diff
changeset
|
531 return connect_auth_socket(group, as->master.path); |
43b82a35888d
Dovecot can now connect to externally running dovecot-auth.
Timo Sirainen <tss@iki.fi>
parents:
2230
diff
changeset
|
532 |
727
8dd8ebe6bcac
We use close-on-exec flag now to make sure that master process closes the
Timo Sirainen <tss@iki.fi>
parents:
723
diff
changeset
|
533 /* create communication to process with a socket pair */ |
2000
c7c19f5071c3
Write all logging through master process. Fixes problems with log rotation,
Timo Sirainen <tss@iki.fi>
parents:
1897
diff
changeset
|
534 if (socketpair(AF_UNIX, SOCK_STREAM, 0, fd) < 0) { |
0 | 535 i_error("socketpair() failed: %m"); |
536 return -1; | |
537 } | |
538 | |
3083
a20882c4f092
Disable log throttlong for auth process, and for login processes if
Timo Sirainen <tss@iki.fi>
parents:
3079
diff
changeset
|
539 log_fd = log_create_pipe(&log, 0); |
2000
c7c19f5071c3
Write all logging through master process. Fixes problems with log rotation,
Timo Sirainen <tss@iki.fi>
parents:
1897
diff
changeset
|
540 if (log_fd < 0) |
c7c19f5071c3
Write all logging through master process. Fixes problems with log rotation,
Timo Sirainen <tss@iki.fi>
parents:
1897
diff
changeset
|
541 pid = -1; |
c7c19f5071c3
Write all logging through master process. Fixes problems with log rotation,
Timo Sirainen <tss@iki.fi>
parents:
1897
diff
changeset
|
542 else { |
c7c19f5071c3
Write all logging through master process. Fixes problems with log rotation,
Timo Sirainen <tss@iki.fi>
parents:
1897
diff
changeset
|
543 pid = fork(); |
c7c19f5071c3
Write all logging through master process. Fixes problems with log rotation,
Timo Sirainen <tss@iki.fi>
parents:
1897
diff
changeset
|
544 if (pid < 0) |
c7c19f5071c3
Write all logging through master process. Fixes problems with log rotation,
Timo Sirainen <tss@iki.fi>
parents:
1897
diff
changeset
|
545 i_error("fork() failed: %m"); |
c7c19f5071c3
Write all logging through master process. Fixes problems with log rotation,
Timo Sirainen <tss@iki.fi>
parents:
1897
diff
changeset
|
546 } |
c7c19f5071c3
Write all logging through master process. Fixes problems with log rotation,
Timo Sirainen <tss@iki.fi>
parents:
1897
diff
changeset
|
547 |
0 | 548 if (pid < 0) { |
549 (void)close(fd[0]); | |
550 (void)close(fd[1]); | |
2000
c7c19f5071c3
Write all logging through master process. Fixes problems with log rotation,
Timo Sirainen <tss@iki.fi>
parents:
1897
diff
changeset
|
551 (void)close(log_fd); |
0 | 552 return -1; |
553 } | |
554 | |
555 if (pid != 0) { | |
556 /* master */ | |
2046 | 557 prefix = t_strdup_printf("auth(%s): ", group->set->name); |
558 log_set_prefix(log, prefix); | |
6542
402d14b5ef8b
If child process logged a fatal failure, don't show "returned error 89"
Timo Sirainen <tss@iki.fi>
parents:
6429
diff
changeset
|
559 log_set_pid(log, pid); |
2046 | 560 |
1273
2cf2e08a6ee9
Somewhat working code to support loading Dovecot from inetd and such. It
Timo Sirainen <tss@iki.fi>
parents:
1268
diff
changeset
|
561 net_set_nonblock(fd[0], TRUE); |
727
8dd8ebe6bcac
We use close-on-exec flag now to make sure that master process closes the
Timo Sirainen <tss@iki.fi>
parents:
723
diff
changeset
|
562 fd_close_on_exec(fd[0], TRUE); |
3166
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3083
diff
changeset
|
563 auth_process_new(pid, fd[0], group); |
0 | 564 (void)close(fd[1]); |
2000
c7c19f5071c3
Write all logging through master process. Fixes problems with log rotation,
Timo Sirainen <tss@iki.fi>
parents:
1897
diff
changeset
|
565 (void)close(log_fd); |
2236
43b82a35888d
Dovecot can now connect to externally running dovecot-auth.
Timo Sirainen <tss@iki.fi>
parents:
2230
diff
changeset
|
566 return 0; |
0 | 567 } |
568 | |
2046 | 569 prefix = t_strdup_printf("master-auth(%s): ", group->set->name); |
570 log_set_prefix(log, prefix); | |
571 | |
0 | 572 /* move master communication handle to 0 */ |
573 if (dup2(fd[1], 0) < 0) | |
2046 | 574 i_fatal("dup2(stdin) failed: %m"); |
0 | 575 |
682
735d59fda607
Close old fds before dup2()ing to fd 3, so we don't close it accidentally.
Timo Sirainen <tss@iki.fi>
parents:
670
diff
changeset
|
576 (void)close(fd[0]); |
735d59fda607
Close old fds before dup2()ing to fd 3, so we don't close it accidentally.
Timo Sirainen <tss@iki.fi>
parents:
670
diff
changeset
|
577 (void)close(fd[1]); |
735d59fda607
Close old fds before dup2()ing to fd 3, so we don't close it accidentally.
Timo Sirainen <tss@iki.fi>
parents:
670
diff
changeset
|
578 |
8881
774b0e8138bd
Call closelog() before dup2()ing fds.
Timo Sirainen <tss@iki.fi>
parents:
8735
diff
changeset
|
579 /* make sure we don't leak syslog fd. try to do it as late as possible, |
774b0e8138bd
Call closelog() before dup2()ing fds.
Timo Sirainen <tss@iki.fi>
parents:
8735
diff
changeset
|
580 but also before dup2()s in case syslog fd is one of them. */ |
774b0e8138bd
Call closelog() before dup2()ing fds.
Timo Sirainen <tss@iki.fi>
parents:
8735
diff
changeset
|
581 closelog(); |
774b0e8138bd
Call closelog() before dup2()ing fds.
Timo Sirainen <tss@iki.fi>
parents:
8735
diff
changeset
|
582 |
2000
c7c19f5071c3
Write all logging through master process. Fixes problems with log rotation,
Timo Sirainen <tss@iki.fi>
parents:
1897
diff
changeset
|
583 /* set stdout to /dev/null, so anything written into it gets ignored. */ |
670
e5f32324af3c
Moved login listener handle to fd 3 from 1 (stdout), because vpopmail could
Timo Sirainen <tss@iki.fi>
parents:
635
diff
changeset
|
584 if (dup2(null_fd, 1) < 0) |
2046 | 585 i_fatal("dup2(stdout) failed: %m"); |
0 | 586 |
2000
c7c19f5071c3
Write all logging through master process. Fixes problems with log rotation,
Timo Sirainen <tss@iki.fi>
parents:
1897
diff
changeset
|
587 if (dup2(log_fd, 2) < 0) |
2046 | 588 i_fatal("dup2(stderr) failed: %m"); |
2000
c7c19f5071c3
Write all logging through master process. Fixes problems with log rotation,
Timo Sirainen <tss@iki.fi>
parents:
1897
diff
changeset
|
589 |
7109
e6823d781317
Reverted "environment array" changes. It broke overriding imap/pop3 settings
Timo Sirainen <tss@iki.fi>
parents:
7095
diff
changeset
|
590 child_process_init_env(); |
683
63acdd7a4f83
Still not correct order with dup2()ing.
Timo Sirainen <tss@iki.fi>
parents:
682
diff
changeset
|
591 |
3166
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3083
diff
changeset
|
592 if (group->listen_fd != 3) { |
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3083
diff
changeset
|
593 if (dup2(group->listen_fd, 3) < 0) |
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3083
diff
changeset
|
594 i_fatal("dup2() failed: %m"); |
683
63acdd7a4f83
Still not correct order with dup2()ing.
Timo Sirainen <tss@iki.fi>
parents:
682
diff
changeset
|
595 } |
3166
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3083
diff
changeset
|
596 fd_close_on_exec(3, FALSE); |
3077
eb46a5dee02d
Changed the way multiple auth processes are handled. It no longer uses a pid
Timo Sirainen <tss@iki.fi>
parents:
3075
diff
changeset
|
597 |
3079
b76fed3280be
Don't send balancer listener fd to auth workers.
Timo Sirainen <tss@iki.fi>
parents:
3077
diff
changeset
|
598 for (i = 0; i <= 2; i++) |
727
8dd8ebe6bcac
We use close-on-exec flag now to make sure that master process closes the
Timo Sirainen <tss@iki.fi>
parents:
723
diff
changeset
|
599 fd_close_on_exec(i, FALSE); |
8dd8ebe6bcac
We use close-on-exec flag now to make sure that master process closes the
Timo Sirainen <tss@iki.fi>
parents:
723
diff
changeset
|
600 |
7109
e6823d781317
Reverted "environment array" changes. It broke overriding imap/pop3 settings
Timo Sirainen <tss@iki.fi>
parents:
7095
diff
changeset
|
601 auth_set_environment(group->set); |
0 | 602 |
7109
e6823d781317
Reverted "environment array" changes. It broke overriding imap/pop3 settings
Timo Sirainen <tss@iki.fi>
parents:
7095
diff
changeset
|
603 env_put(t_strdup_printf("AUTH_WORKER_PATH=%s/auth-worker.%s", |
e6823d781317
Reverted "environment array" changes. It broke overriding imap/pop3 settings
Timo Sirainen <tss@iki.fi>
parents:
7095
diff
changeset
|
604 *group->set->chroot != '\0' ? "" : |
e6823d781317
Reverted "environment array" changes. It broke overriding imap/pop3 settings
Timo Sirainen <tss@iki.fi>
parents:
7095
diff
changeset
|
605 group->set->parent->defaults->base_dir, |
e6823d781317
Reverted "environment array" changes. It broke overriding imap/pop3 settings
Timo Sirainen <tss@iki.fi>
parents:
7095
diff
changeset
|
606 dec2str(getpid()))); |
e6823d781317
Reverted "environment array" changes. It broke overriding imap/pop3 settings
Timo Sirainen <tss@iki.fi>
parents:
7095
diff
changeset
|
607 env_put(t_strdup_printf("AUTH_WORKER_MAX_COUNT=%u", |
e6823d781317
Reverted "environment array" changes. It broke overriding imap/pop3 settings
Timo Sirainen <tss@iki.fi>
parents:
7095
diff
changeset
|
608 group->set->worker_max_count)); |
722
0438621d25ff
Added virtual memory size limits to processes. Default values are pretty
Timo Sirainen <tss@iki.fi>
parents:
713
diff
changeset
|
609 |
3077
eb46a5dee02d
Changed the way multiple auth processes are handled. It no longer uses a pid
Timo Sirainen <tss@iki.fi>
parents:
3075
diff
changeset
|
610 executable = group->set->executable; |
7109
e6823d781317
Reverted "environment array" changes. It broke overriding imap/pop3 settings
Timo Sirainen <tss@iki.fi>
parents:
7095
diff
changeset
|
611 client_process_exec(executable, ""); |
3166
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3083
diff
changeset
|
612 i_fatal_status(FATAL_EXEC, "execv(%s) failed: %m", executable); |
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3083
diff
changeset
|
613 return -1; |
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3083
diff
changeset
|
614 } |
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3083
diff
changeset
|
615 |
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3083
diff
changeset
|
616 static int create_auth_worker(struct auth_process *process, int fd) |
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3083
diff
changeset
|
617 { |
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3083
diff
changeset
|
618 struct log_io *log; |
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3083
diff
changeset
|
619 const char *prefix, *executable; |
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3083
diff
changeset
|
620 pid_t pid; |
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3083
diff
changeset
|
621 int log_fd, i; |
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3083
diff
changeset
|
622 |
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3083
diff
changeset
|
623 log_fd = log_create_pipe(&log, 0); |
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3083
diff
changeset
|
624 if (log_fd < 0) |
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3083
diff
changeset
|
625 pid = -1; |
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3083
diff
changeset
|
626 else { |
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3083
diff
changeset
|
627 pid = fork(); |
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3083
diff
changeset
|
628 if (pid < 0) |
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3083
diff
changeset
|
629 i_error("fork() failed: %m"); |
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3083
diff
changeset
|
630 } |
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3083
diff
changeset
|
631 |
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3083
diff
changeset
|
632 if (pid < 0) { |
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3083
diff
changeset
|
633 (void)close(log_fd); |
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3083
diff
changeset
|
634 return -1; |
3077
eb46a5dee02d
Changed the way multiple auth processes are handled. It no longer uses a pid
Timo Sirainen <tss@iki.fi>
parents:
3075
diff
changeset
|
635 } |
3166
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3083
diff
changeset
|
636 |
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3083
diff
changeset
|
637 if (pid != 0) { |
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3083
diff
changeset
|
638 /* master */ |
5843
f655c4d4a419
Moved child process handling to child-process.[ch]. The hash table now uses
Timo Sirainen <tss@iki.fi>
parents:
5706
diff
changeset
|
639 child_process_add(pid, &auth_worker_child_process); |
3166
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3083
diff
changeset
|
640 prefix = t_strdup_printf("auth-worker(%s): ", |
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3083
diff
changeset
|
641 process->group->set->name); |
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3083
diff
changeset
|
642 log_set_prefix(log, prefix); |
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3083
diff
changeset
|
643 (void)close(fd); |
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3083
diff
changeset
|
644 (void)close(log_fd); |
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3083
diff
changeset
|
645 return 0; |
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3083
diff
changeset
|
646 } |
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3083
diff
changeset
|
647 |
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3083
diff
changeset
|
648 prefix = t_strdup_printf("master-auth-worker(%s): ", |
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3083
diff
changeset
|
649 process->group->set->name); |
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3083
diff
changeset
|
650 log_set_prefix(log, prefix); |
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3083
diff
changeset
|
651 |
8881
774b0e8138bd
Call closelog() before dup2()ing fds.
Timo Sirainen <tss@iki.fi>
parents:
8735
diff
changeset
|
652 /* make sure we don't leak syslog fd. try to do it as late as possible, |
774b0e8138bd
Call closelog() before dup2()ing fds.
Timo Sirainen <tss@iki.fi>
parents:
8735
diff
changeset
|
653 but also before dup2()s in case syslog fd is one of them. */ |
774b0e8138bd
Call closelog() before dup2()ing fds.
Timo Sirainen <tss@iki.fi>
parents:
8735
diff
changeset
|
654 closelog(); |
774b0e8138bd
Call closelog() before dup2()ing fds.
Timo Sirainen <tss@iki.fi>
parents:
8735
diff
changeset
|
655 |
3166
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3083
diff
changeset
|
656 /* set stdin and stdout to /dev/null, so anything written into it |
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3083
diff
changeset
|
657 gets ignored. */ |
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3083
diff
changeset
|
658 if (dup2(null_fd, 0) < 0) |
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3083
diff
changeset
|
659 i_fatal("dup2(stdin) failed: %m"); |
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3083
diff
changeset
|
660 if (dup2(null_fd, 1) < 0) |
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3083
diff
changeset
|
661 i_fatal("dup2(stdout) failed: %m"); |
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3083
diff
changeset
|
662 |
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3083
diff
changeset
|
663 if (dup2(log_fd, 2) < 0) |
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3083
diff
changeset
|
664 i_fatal("dup2(stderr) failed: %m"); |
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3083
diff
changeset
|
665 |
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3083
diff
changeset
|
666 if (dup2(fd, 4) < 0) |
3853
b3e18b51c205
Start dict server automatically when a client tries to connect to it.
Timo Sirainen <tss@iki.fi>
parents:
3773
diff
changeset
|
667 i_fatal("dup2(4) failed: %m"); |
3166
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3083
diff
changeset
|
668 |
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3083
diff
changeset
|
669 for (i = 0; i <= 2; i++) |
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3083
diff
changeset
|
670 fd_close_on_exec(i, FALSE); |
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3083
diff
changeset
|
671 fd_close_on_exec(4, FALSE); |
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3083
diff
changeset
|
672 |
7109
e6823d781317
Reverted "environment array" changes. It broke overriding imap/pop3 settings
Timo Sirainen <tss@iki.fi>
parents:
7095
diff
changeset
|
673 child_process_init_env(); |
e6823d781317
Reverted "environment array" changes. It broke overriding imap/pop3 settings
Timo Sirainen <tss@iki.fi>
parents:
7095
diff
changeset
|
674 auth_set_environment(process->group->set); |
3166
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3083
diff
changeset
|
675 |
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3083
diff
changeset
|
676 executable = t_strconcat(process->group->set->executable, " -w", NULL); |
7109
e6823d781317
Reverted "environment array" changes. It broke overriding imap/pop3 settings
Timo Sirainen <tss@iki.fi>
parents:
7095
diff
changeset
|
677 client_process_exec(executable, ""); |
3077
eb46a5dee02d
Changed the way multiple auth processes are handled. It no longer uses a pid
Timo Sirainen <tss@iki.fi>
parents:
3075
diff
changeset
|
678 i_fatal_status(FATAL_EXEC, "execv(%s) failed: %m", executable); |
0 | 679 return -1; |
680 } | |
681 | |
1035
fe49ece0f3ea
We have now separate "userdb" and "passdb". They aren't tied to each others
Timo Sirainen <tss@iki.fi>
parents:
1000
diff
changeset
|
682 struct auth_process *auth_process_find(unsigned int pid) |
0 | 683 { |
1144
6970c1d808ab
Creating more than one auth process per group didn't really work.
Timo Sirainen <tss@iki.fi>
parents:
1133
diff
changeset
|
684 struct auth_process_group *group; |
903
fd8888f6f037
Naming style changes, finally got tired of most of the typedefs. Also the
Timo Sirainen <tss@iki.fi>
parents:
810
diff
changeset
|
685 struct auth_process *p; |
0 | 686 |
1144
6970c1d808ab
Creating more than one auth process per group didn't really work.
Timo Sirainen <tss@iki.fi>
parents:
1133
diff
changeset
|
687 for (group = process_groups; group != NULL; group = group->next) { |
6970c1d808ab
Creating more than one auth process per group didn't really work.
Timo Sirainen <tss@iki.fi>
parents:
1133
diff
changeset
|
688 for (p = group->processes; p != NULL; p = p->next) { |
6970c1d808ab
Creating more than one auth process per group didn't really work.
Timo Sirainen <tss@iki.fi>
parents:
1133
diff
changeset
|
689 if ((unsigned int)p->pid == pid) |
6970c1d808ab
Creating more than one auth process per group didn't really work.
Timo Sirainen <tss@iki.fi>
parents:
1133
diff
changeset
|
690 return p; |
6970c1d808ab
Creating more than one auth process per group didn't really work.
Timo Sirainen <tss@iki.fi>
parents:
1133
diff
changeset
|
691 } |
0 | 692 } |
693 | |
694 return NULL; | |
695 } | |
696 | |
1144
6970c1d808ab
Creating more than one auth process per group didn't really work.
Timo Sirainen <tss@iki.fi>
parents:
1133
diff
changeset
|
697 static void auth_process_group_create(struct auth_settings *auth_set) |
0 | 698 { |
1144
6970c1d808ab
Creating more than one auth process per group didn't really work.
Timo Sirainen <tss@iki.fi>
parents:
1133
diff
changeset
|
699 struct auth_process_group *group; |
3077
eb46a5dee02d
Changed the way multiple auth processes are handled. It no longer uses a pid
Timo Sirainen <tss@iki.fi>
parents:
3075
diff
changeset
|
700 const char *path; |
1144
6970c1d808ab
Creating more than one auth process per group didn't really work.
Timo Sirainen <tss@iki.fi>
parents:
1133
diff
changeset
|
701 |
6970c1d808ab
Creating more than one auth process per group didn't really work.
Timo Sirainen <tss@iki.fi>
parents:
1133
diff
changeset
|
702 group = i_new(struct auth_process_group, 1); |
6970c1d808ab
Creating more than one auth process per group didn't really work.
Timo Sirainen <tss@iki.fi>
parents:
1133
diff
changeset
|
703 group->set = auth_set; |
0 | 704 |
2236
43b82a35888d
Dovecot can now connect to externally running dovecot-auth.
Timo Sirainen <tss@iki.fi>
parents:
2230
diff
changeset
|
705 group->next = process_groups; |
43b82a35888d
Dovecot can now connect to externally running dovecot-auth.
Timo Sirainen <tss@iki.fi>
parents:
2230
diff
changeset
|
706 process_groups = group; |
43b82a35888d
Dovecot can now connect to externally running dovecot-auth.
Timo Sirainen <tss@iki.fi>
parents:
2230
diff
changeset
|
707 |
43b82a35888d
Dovecot can now connect to externally running dovecot-auth.
Timo Sirainen <tss@iki.fi>
parents:
2230
diff
changeset
|
708 if (auth_set->sockets != NULL && |
43b82a35888d
Dovecot can now connect to externally running dovecot-auth.
Timo Sirainen <tss@iki.fi>
parents:
2230
diff
changeset
|
709 strcmp(auth_set->sockets->type, "connect") == 0) |
43b82a35888d
Dovecot can now connect to externally running dovecot-auth.
Timo Sirainen <tss@iki.fi>
parents:
2230
diff
changeset
|
710 return; |
43b82a35888d
Dovecot can now connect to externally running dovecot-auth.
Timo Sirainen <tss@iki.fi>
parents:
2230
diff
changeset
|
711 |
3077
eb46a5dee02d
Changed the way multiple auth processes are handled. It no longer uses a pid
Timo Sirainen <tss@iki.fi>
parents:
3075
diff
changeset
|
712 path = t_strconcat(auth_set->parent->defaults->login_dir, "/", |
eb46a5dee02d
Changed the way multiple auth processes are handled. It no longer uses a pid
Timo Sirainen <tss@iki.fi>
parents:
3075
diff
changeset
|
713 auth_set->name, NULL); |
eb46a5dee02d
Changed the way multiple auth processes are handled. It no longer uses a pid
Timo Sirainen <tss@iki.fi>
parents:
3075
diff
changeset
|
714 group->listen_fd = unix_socket_create(path, 0660, master_uid, |
8593
3cccf56e802a
Increase listen queues to handle high loads better.
Timo Sirainen <tss@iki.fi>
parents:
8590
diff
changeset
|
715 auth_set->parent->login_gid, 128); |
3166
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3083
diff
changeset
|
716 if (group->listen_fd == -1) |
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3083
diff
changeset
|
717 i_fatal("Couldn't create auth process listener"); |
3077
eb46a5dee02d
Changed the way multiple auth processes are handled. It no longer uses a pid
Timo Sirainen <tss@iki.fi>
parents:
3075
diff
changeset
|
718 |
3166
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3083
diff
changeset
|
719 net_set_nonblock(group->listen_fd, TRUE); |
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3083
diff
changeset
|
720 fd_close_on_exec(group->listen_fd, TRUE); |
1144
6970c1d808ab
Creating more than one auth process per group didn't really work.
Timo Sirainen <tss@iki.fi>
parents:
1133
diff
changeset
|
721 } |
6970c1d808ab
Creating more than one auth process per group didn't really work.
Timo Sirainen <tss@iki.fi>
parents:
1133
diff
changeset
|
722 |
6970c1d808ab
Creating more than one auth process per group didn't really work.
Timo Sirainen <tss@iki.fi>
parents:
1133
diff
changeset
|
723 static void auth_process_group_destroy(struct auth_process_group *group) |
6970c1d808ab
Creating more than one auth process per group didn't really work.
Timo Sirainen <tss@iki.fi>
parents:
1133
diff
changeset
|
724 { |
6970c1d808ab
Creating more than one auth process per group didn't really work.
Timo Sirainen <tss@iki.fi>
parents:
1133
diff
changeset
|
725 struct auth_process *next; |
2969
cad3a8913d4a
If login_process_per_connection=no, create a separate listener socket for
Timo Sirainen <tss@iki.fi>
parents:
2886
diff
changeset
|
726 const char *path; |
1144
6970c1d808ab
Creating more than one auth process per group didn't really work.
Timo Sirainen <tss@iki.fi>
parents:
1133
diff
changeset
|
727 |
6970c1d808ab
Creating more than one auth process per group didn't really work.
Timo Sirainen <tss@iki.fi>
parents:
1133
diff
changeset
|
728 while (group->processes != NULL) { |
6970c1d808ab
Creating more than one auth process per group didn't really work.
Timo Sirainen <tss@iki.fi>
parents:
1133
diff
changeset
|
729 next = group->processes->next; |
6970c1d808ab
Creating more than one auth process per group didn't really work.
Timo Sirainen <tss@iki.fi>
parents:
1133
diff
changeset
|
730 auth_process_destroy(group->processes); |
6970c1d808ab
Creating more than one auth process per group didn't really work.
Timo Sirainen <tss@iki.fi>
parents:
1133
diff
changeset
|
731 group->processes = next; |
6970c1d808ab
Creating more than one auth process per group didn't really work.
Timo Sirainen <tss@iki.fi>
parents:
1133
diff
changeset
|
732 } |
6970c1d808ab
Creating more than one auth process per group didn't really work.
Timo Sirainen <tss@iki.fi>
parents:
1133
diff
changeset
|
733 |
3077
eb46a5dee02d
Changed the way multiple auth processes are handled. It no longer uses a pid
Timo Sirainen <tss@iki.fi>
parents:
3075
diff
changeset
|
734 path = t_strconcat(group->set->parent->defaults->login_dir, "/", |
eb46a5dee02d
Changed the way multiple auth processes are handled. It no longer uses a pid
Timo Sirainen <tss@iki.fi>
parents:
3075
diff
changeset
|
735 group->set->name, NULL); |
eb46a5dee02d
Changed the way multiple auth processes are handled. It no longer uses a pid
Timo Sirainen <tss@iki.fi>
parents:
3075
diff
changeset
|
736 (void)unlink(path); |
eb46a5dee02d
Changed the way multiple auth processes are handled. It no longer uses a pid
Timo Sirainen <tss@iki.fi>
parents:
3075
diff
changeset
|
737 |
eb46a5dee02d
Changed the way multiple auth processes are handled. It no longer uses a pid
Timo Sirainen <tss@iki.fi>
parents:
3075
diff
changeset
|
738 if (close(group->listen_fd) < 0) |
eb46a5dee02d
Changed the way multiple auth processes are handled. It no longer uses a pid
Timo Sirainen <tss@iki.fi>
parents:
3075
diff
changeset
|
739 i_error("close(%s) failed: %m", path); |
1144
6970c1d808ab
Creating more than one auth process per group didn't really work.
Timo Sirainen <tss@iki.fi>
parents:
1133
diff
changeset
|
740 i_free(group); |
0 | 741 } |
742 | |
635
90a65c017bf0
SIGHUP reloads now settings. Logged in clients are left untouched, but
Timo Sirainen <tss@iki.fi>
parents:
532
diff
changeset
|
743 void auth_processes_destroy_all(void) |
90a65c017bf0
SIGHUP reloads now settings. Logged in clients are left untouched, but
Timo Sirainen <tss@iki.fi>
parents:
532
diff
changeset
|
744 { |
1144
6970c1d808ab
Creating more than one auth process per group didn't really work.
Timo Sirainen <tss@iki.fi>
parents:
1133
diff
changeset
|
745 struct auth_process_group *next; |
635
90a65c017bf0
SIGHUP reloads now settings. Logged in clients are left untouched, but
Timo Sirainen <tss@iki.fi>
parents:
532
diff
changeset
|
746 |
1144
6970c1d808ab
Creating more than one auth process per group didn't really work.
Timo Sirainen <tss@iki.fi>
parents:
1133
diff
changeset
|
747 while (process_groups != NULL) { |
6970c1d808ab
Creating more than one auth process per group didn't really work.
Timo Sirainen <tss@iki.fi>
parents:
1133
diff
changeset
|
748 next = process_groups->next; |
6970c1d808ab
Creating more than one auth process per group didn't really work.
Timo Sirainen <tss@iki.fi>
parents:
1133
diff
changeset
|
749 auth_process_group_destroy(process_groups); |
6970c1d808ab
Creating more than one auth process per group didn't really work.
Timo Sirainen <tss@iki.fi>
parents:
1133
diff
changeset
|
750 process_groups = next; |
635
90a65c017bf0
SIGHUP reloads now settings. Logged in clients are left untouched, but
Timo Sirainen <tss@iki.fi>
parents:
532
diff
changeset
|
751 } |
5137
89aec9ce88bc
Do the delayed login process starting also after SIGHUPing.
Timo Sirainen <tss@iki.fi>
parents:
5136
diff
changeset
|
752 |
89aec9ce88bc
Do the delayed login process starting also after SIGHUPing.
Timo Sirainen <tss@iki.fi>
parents:
5136
diff
changeset
|
753 have_initialized_auth_processes = FALSE; |
635
90a65c017bf0
SIGHUP reloads now settings. Logged in clients are left untouched, but
Timo Sirainen <tss@iki.fi>
parents:
532
diff
changeset
|
754 } |
90a65c017bf0
SIGHUP reloads now settings. Logged in clients are left untouched, but
Timo Sirainen <tss@iki.fi>
parents:
532
diff
changeset
|
755 |
1610
6850142c4e25
New configuration file code. Some syntax changes, but tries to be somewhat
Timo Sirainen <tss@iki.fi>
parents:
1506
diff
changeset
|
756 static void auth_process_groups_create(struct server_settings *server) |
6850142c4e25
New configuration file code. Some syntax changes, but tries to be somewhat
Timo Sirainen <tss@iki.fi>
parents:
1506
diff
changeset
|
757 { |
6850142c4e25
New configuration file code. Some syntax changes, but tries to be somewhat
Timo Sirainen <tss@iki.fi>
parents:
1506
diff
changeset
|
758 struct auth_settings *auth_set; |
6850142c4e25
New configuration file code. Some syntax changes, but tries to be somewhat
Timo Sirainen <tss@iki.fi>
parents:
1506
diff
changeset
|
759 |
6850142c4e25
New configuration file code. Some syntax changes, but tries to be somewhat
Timo Sirainen <tss@iki.fi>
parents:
1506
diff
changeset
|
760 while (server != NULL) { |
6850142c4e25
New configuration file code. Some syntax changes, but tries to be somewhat
Timo Sirainen <tss@iki.fi>
parents:
1506
diff
changeset
|
761 auth_set = server->auths; |
6850142c4e25
New configuration file code. Some syntax changes, but tries to be somewhat
Timo Sirainen <tss@iki.fi>
parents:
1506
diff
changeset
|
762 for (; auth_set != NULL; auth_set = auth_set->next) |
6850142c4e25
New configuration file code. Some syntax changes, but tries to be somewhat
Timo Sirainen <tss@iki.fi>
parents:
1506
diff
changeset
|
763 auth_process_group_create(auth_set); |
6850142c4e25
New configuration file code. Some syntax changes, but tries to be somewhat
Timo Sirainen <tss@iki.fi>
parents:
1506
diff
changeset
|
764 |
6850142c4e25
New configuration file code. Some syntax changes, but tries to be somewhat
Timo Sirainen <tss@iki.fi>
parents:
1506
diff
changeset
|
765 server = server->next; |
6850142c4e25
New configuration file code. Some syntax changes, but tries to be somewhat
Timo Sirainen <tss@iki.fi>
parents:
1506
diff
changeset
|
766 } |
6850142c4e25
New configuration file code. Some syntax changes, but tries to be somewhat
Timo Sirainen <tss@iki.fi>
parents:
1506
diff
changeset
|
767 } |
6850142c4e25
New configuration file code. Some syntax changes, but tries to be somewhat
Timo Sirainen <tss@iki.fi>
parents:
1506
diff
changeset
|
768 |
4148
f60d73c96618
If master process runs out of file descriptors, try to handle it more nicely
Timo Sirainen <tss@iki.fi>
parents:
4108
diff
changeset
|
769 static void auth_processes_stall(void) |
f60d73c96618
If master process runs out of file descriptors, try to handle it more nicely
Timo Sirainen <tss@iki.fi>
parents:
4108
diff
changeset
|
770 { |
f60d73c96618
If master process runs out of file descriptors, try to handle it more nicely
Timo Sirainen <tss@iki.fi>
parents:
4108
diff
changeset
|
771 if (auth_stalled) |
f60d73c96618
If master process runs out of file descriptors, try to handle it more nicely
Timo Sirainen <tss@iki.fi>
parents:
4108
diff
changeset
|
772 return; |
f60d73c96618
If master process runs out of file descriptors, try to handle it more nicely
Timo Sirainen <tss@iki.fi>
parents:
4108
diff
changeset
|
773 |
f60d73c96618
If master process runs out of file descriptors, try to handle it more nicely
Timo Sirainen <tss@iki.fi>
parents:
4108
diff
changeset
|
774 i_error("Temporary failure in creating authentication processes, " |
f60d73c96618
If master process runs out of file descriptors, try to handle it more nicely
Timo Sirainen <tss@iki.fi>
parents:
4108
diff
changeset
|
775 "slowing down for now"); |
f60d73c96618
If master process runs out of file descriptors, try to handle it more nicely
Timo Sirainen <tss@iki.fi>
parents:
4108
diff
changeset
|
776 auth_stalled = TRUE; |
f60d73c96618
If master process runs out of file descriptors, try to handle it more nicely
Timo Sirainen <tss@iki.fi>
parents:
4108
diff
changeset
|
777 |
f60d73c96618
If master process runs out of file descriptors, try to handle it more nicely
Timo Sirainen <tss@iki.fi>
parents:
4108
diff
changeset
|
778 timeout_remove(&to); |
f60d73c96618
If master process runs out of file descriptors, try to handle it more nicely
Timo Sirainen <tss@iki.fi>
parents:
4108
diff
changeset
|
779 to = timeout_add(60*1000, auth_processes_start_missing, NULL); |
f60d73c96618
If master process runs out of file descriptors, try to handle it more nicely
Timo Sirainen <tss@iki.fi>
parents:
4108
diff
changeset
|
780 } |
f60d73c96618
If master process runs out of file descriptors, try to handle it more nicely
Timo Sirainen <tss@iki.fi>
parents:
4108
diff
changeset
|
781 |
903
fd8888f6f037
Naming style changes, finally got tired of most of the typedefs. Also the
Timo Sirainen <tss@iki.fi>
parents:
810
diff
changeset
|
782 static void |
6411
6a64e64fa3a3
Renamed __attr_*__ to ATTR_*. Renamed __attrs_used__ to ATTRS_DEFINED.
Timo Sirainen <tss@iki.fi>
parents:
6217
diff
changeset
|
783 auth_processes_start_missing(void *context ATTR_UNUSED) |
0 | 784 { |
1144
6970c1d808ab
Creating more than one auth process per group didn't really work.
Timo Sirainen <tss@iki.fi>
parents:
1133
diff
changeset
|
785 struct auth_process_group *group; |
810
30f6811f4952
Instead of just trusting randomness of authentication cookies between
Timo Sirainen <tss@iki.fi>
parents:
807
diff
changeset
|
786 unsigned int count; |
0 | 787 |
1144
6970c1d808ab
Creating more than one auth process per group didn't really work.
Timo Sirainen <tss@iki.fi>
parents:
1133
diff
changeset
|
788 if (process_groups == NULL) { |
6970c1d808ab
Creating more than one auth process per group didn't really work.
Timo Sirainen <tss@iki.fi>
parents:
1133
diff
changeset
|
789 /* first time here, create the groups */ |
1610
6850142c4e25
New configuration file code. Some syntax changes, but tries to be somewhat
Timo Sirainen <tss@iki.fi>
parents:
1506
diff
changeset
|
790 auth_process_groups_create(settings_root); |
1144
6970c1d808ab
Creating more than one auth process per group didn't really work.
Timo Sirainen <tss@iki.fi>
parents:
1133
diff
changeset
|
791 } |
6970c1d808ab
Creating more than one auth process per group didn't really work.
Timo Sirainen <tss@iki.fi>
parents:
1133
diff
changeset
|
792 |
6970c1d808ab
Creating more than one auth process per group didn't really work.
Timo Sirainen <tss@iki.fi>
parents:
1133
diff
changeset
|
793 for (group = process_groups; group != NULL; group = group->next) { |
6970c1d808ab
Creating more than one auth process per group didn't really work.
Timo Sirainen <tss@iki.fi>
parents:
1133
diff
changeset
|
794 count = group->process_count; |
4148
f60d73c96618
If master process runs out of file descriptors, try to handle it more nicely
Timo Sirainen <tss@iki.fi>
parents:
4108
diff
changeset
|
795 for (; count < group->set->count; count++) { |
f60d73c96618
If master process runs out of file descriptors, try to handle it more nicely
Timo Sirainen <tss@iki.fi>
parents:
4108
diff
changeset
|
796 if (create_auth_process(group) < 0) { |
f60d73c96618
If master process runs out of file descriptors, try to handle it more nicely
Timo Sirainen <tss@iki.fi>
parents:
4108
diff
changeset
|
797 auth_processes_stall(); |
f60d73c96618
If master process runs out of file descriptors, try to handle it more nicely
Timo Sirainen <tss@iki.fi>
parents:
4108
diff
changeset
|
798 return; |
f60d73c96618
If master process runs out of file descriptors, try to handle it more nicely
Timo Sirainen <tss@iki.fi>
parents:
4108
diff
changeset
|
799 } |
f60d73c96618
If master process runs out of file descriptors, try to handle it more nicely
Timo Sirainen <tss@iki.fi>
parents:
4108
diff
changeset
|
800 } |
f60d73c96618
If master process runs out of file descriptors, try to handle it more nicely
Timo Sirainen <tss@iki.fi>
parents:
4108
diff
changeset
|
801 } |
f60d73c96618
If master process runs out of file descriptors, try to handle it more nicely
Timo Sirainen <tss@iki.fi>
parents:
4108
diff
changeset
|
802 |
f60d73c96618
If master process runs out of file descriptors, try to handle it more nicely
Timo Sirainen <tss@iki.fi>
parents:
4108
diff
changeset
|
803 if (auth_stalled) { |
f60d73c96618
If master process runs out of file descriptors, try to handle it more nicely
Timo Sirainen <tss@iki.fi>
parents:
4108
diff
changeset
|
804 /* processes were created successfully */ |
f60d73c96618
If master process runs out of file descriptors, try to handle it more nicely
Timo Sirainen <tss@iki.fi>
parents:
4108
diff
changeset
|
805 i_info("Created authentication processes successfully, " |
f60d73c96618
If master process runs out of file descriptors, try to handle it more nicely
Timo Sirainen <tss@iki.fi>
parents:
4108
diff
changeset
|
806 "unstalling"); |
f60d73c96618
If master process runs out of file descriptors, try to handle it more nicely
Timo Sirainen <tss@iki.fi>
parents:
4108
diff
changeset
|
807 |
f60d73c96618
If master process runs out of file descriptors, try to handle it more nicely
Timo Sirainen <tss@iki.fi>
parents:
4108
diff
changeset
|
808 auth_stalled = FALSE; |
f60d73c96618
If master process runs out of file descriptors, try to handle it more nicely
Timo Sirainen <tss@iki.fi>
parents:
4108
diff
changeset
|
809 timeout_remove(&to); |
f60d73c96618
If master process runs out of file descriptors, try to handle it more nicely
Timo Sirainen <tss@iki.fi>
parents:
4108
diff
changeset
|
810 to = timeout_add(1000, auth_processes_start_missing, NULL); |
0 | 811 } |
812 } | |
813 | |
814 void auth_processes_init(void) | |
815 { | |
1144
6970c1d808ab
Creating more than one auth process per group didn't really work.
Timo Sirainen <tss@iki.fi>
parents:
1133
diff
changeset
|
816 process_groups = NULL; |
0 | 817 to = timeout_add(1000, auth_processes_start_missing, NULL); |
5136
86625faa49b5
Start auth processes immediately at startup, not after one second delay.
Timo Sirainen <tss@iki.fi>
parents:
4907
diff
changeset
|
818 |
86625faa49b5
Start auth processes immediately at startup, not after one second delay.
Timo Sirainen <tss@iki.fi>
parents:
4907
diff
changeset
|
819 auth_processes_start_missing(NULL); |
0 | 820 } |
821 | |
822 void auth_processes_deinit(void) | |
823 { | |
3879
928229f8b3e6
deinit, unref, destroy, close, free, etc. functions now take a pointer to
Timo Sirainen <tss@iki.fi>
parents:
3863
diff
changeset
|
824 timeout_remove(&to); |
635
90a65c017bf0
SIGHUP reloads now settings. Logged in clients are left untouched, but
Timo Sirainen <tss@iki.fi>
parents:
532
diff
changeset
|
825 auth_processes_destroy_all(); |
0 | 826 } |