Mercurial > dovecot > original-hg > dovecot-1.2
annotate src/auth/main.c @ 9608:f30e6a345d73 HEAD
Added tag 1.2.14 for changeset eb04e2b13e3d
| author | Timo Sirainen <tss@iki.fi> |
|---|---|
| date | Tue, 24 Aug 2010 18:10:29 +0100 |
| parents | 00cd9aacd03c |
| children |
| rev | line source |
|---|---|
|
9532
00cd9aacd03c
Updated copyright notices to include year 2010.
Timo Sirainen <tss@iki.fi>
parents:
8889
diff
changeset
|
1 /* Copyright (c) 2002-2010 Dovecot authors, see the included COPYING file */ |
| 0 | 2 |
| 3 #include "common.h" | |
|
2075
5138b14889a6
dovecot-auth can now be run by itself, it listens in UNIX sockets specified
Timo Sirainen <tss@iki.fi>
parents:
2000
diff
changeset
|
4 #include "buffer.h" |
| 0 | 5 #include "ioloop.h" |
| 6 #include "network.h" | |
| 7 #include "lib-signals.h" | |
| 8 #include "restrict-access.h" | |
|
727
8dd8ebe6bcac
We use close-on-exec flag now to make sure that master process closes the
Timo Sirainen <tss@iki.fi>
parents:
699
diff
changeset
|
9 #include "fd-close-on-exec.h" |
|
8317
62e134c25a5e
The new checkpassword code was still missing a bit to actually work.
Timo Sirainen <tss@iki.fi>
parents:
8219
diff
changeset
|
10 #include "child-wait.h" |
|
3943
cbe5c6772e0d
Added support for dynamically building SQL drivers.
Timo Sirainen <tss@iki.fi>
parents:
3879
diff
changeset
|
11 #include "sql-api.h" |
|
6189
968430741daf
Changed plugin handling. We'll just load and call _init() functions for all
Timo Sirainen <tss@iki.fi>
parents:
6187
diff
changeset
|
12 #include "module-dir.h" |
|
432
250a30e3cf70
Initialize random generator before chrooting so it can open /dev/urandom
Timo Sirainen <tss@iki.fi>
parents:
389
diff
changeset
|
13 #include "randgen.h" |
|
3065
29d83a8bb50d
Reorganized the code to have less global/static variables.
Timo Sirainen <tss@iki.fi>
parents:
3064
diff
changeset
|
14 #include "password-scheme.h" |
|
1035
fe49ece0f3ea
We have now separate "userdb" and "passdb". They aren't tied to each others
Timo Sirainen <tss@iki.fi>
parents:
998
diff
changeset
|
15 #include "mech.h" |
|
3065
29d83a8bb50d
Reorganized the code to have less global/static variables.
Timo Sirainen <tss@iki.fi>
parents:
3064
diff
changeset
|
16 #include "auth.h" |
| 3074 | 17 #include "auth-request-handler.h" |
|
3166
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3078
diff
changeset
|
18 #include "auth-worker-server.h" |
|
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3078
diff
changeset
|
19 #include "auth-worker-client.h" |
|
3077
eb46a5dee02d
Changed the way multiple auth processes are handled. It no longer uses a pid
Timo Sirainen <tss@iki.fi>
parents:
3075
diff
changeset
|
20 #include "auth-master-interface.h" |
|
3308
3f090bcaffcc
Allow multiple master connections for a single listener.
Timo Sirainen <tss@iki.fi>
parents:
3307
diff
changeset
|
21 #include "auth-master-listener.h" |
|
1702
43815588dd6b
Moved client side code for auth process handling to lib-auth. Some other login process cleanups.
Timo Sirainen <tss@iki.fi>
parents:
1499
diff
changeset
|
22 #include "auth-master-connection.h" |
|
43815588dd6b
Moved client side code for auth process handling to lib-auth. Some other login process cleanups.
Timo Sirainen <tss@iki.fi>
parents:
1499
diff
changeset
|
23 #include "auth-client-connection.h" |
| 0 | 24 |
|
2236
43b82a35888d
Dovecot can now connect to externally running dovecot-auth.
Timo Sirainen <tss@iki.fi>
parents:
2102
diff
changeset
|
25 #include <stdio.h> |
| 0 | 26 #include <stdlib.h> |
|
2075
5138b14889a6
dovecot-auth can now be run by itself, it listens in UNIX sockets specified
Timo Sirainen <tss@iki.fi>
parents:
2000
diff
changeset
|
27 #include <unistd.h> |
| 0 | 28 #include <syslog.h> |
|
2236
43b82a35888d
Dovecot can now connect to externally running dovecot-auth.
Timo Sirainen <tss@iki.fi>
parents:
2102
diff
changeset
|
29 #include <pwd.h> |
|
43b82a35888d
Dovecot can now connect to externally running dovecot-auth.
Timo Sirainen <tss@iki.fi>
parents:
2102
diff
changeset
|
30 #include <grp.h> |
|
43b82a35888d
Dovecot can now connect to externally running dovecot-auth.
Timo Sirainen <tss@iki.fi>
parents:
2102
diff
changeset
|
31 #include <sys/stat.h> |
| 0 | 32 |
|
903
fd8888f6f037
Naming style changes, finally got tired of most of the typedefs. Also the
Timo Sirainen <tss@iki.fi>
parents:
811
diff
changeset
|
33 struct ioloop *ioloop; |
|
8560
b6a7bc10c19a
Replaced auth_worker_max_request_count setting with passdb pam { args = max_requests=n }
Timo Sirainen <tss@iki.fi>
parents:
8317
diff
changeset
|
34 bool standalone = FALSE, worker = FALSE, shutdown_request = FALSE; |
|
3073
7e0caae73c59
Require a valid timestamp in APOP challenge.
Timo Sirainen <tss@iki.fi>
parents:
3069
diff
changeset
|
35 time_t process_start_time; |
|
998
d0845dca7eca
auth_verbose = yes logs now all authentication failures and some other
Timo Sirainen <tss@iki.fi>
parents:
925
diff
changeset
|
36 |
|
6189
968430741daf
Changed plugin handling. We'll just load and call _init() functions for all
Timo Sirainen <tss@iki.fi>
parents:
6187
diff
changeset
|
37 static struct module *modules = NULL; |
|
3065
29d83a8bb50d
Reorganized the code to have less global/static variables.
Timo Sirainen <tss@iki.fi>
parents:
3064
diff
changeset
|
38 static struct auth *auth; |
|
3166
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3078
diff
changeset
|
39 static struct auth_worker_client *worker_client; |
| 0 | 40 |
|
8882
9f3968f49ceb
lib-signals: Changed callback API to return siginfo_t.
Timo Sirainen <tss@iki.fi>
parents:
8830
diff
changeset
|
41 static void sig_die(const siginfo_t *si, void *context ATTR_UNUSED) |
| 0 | 42 { |
|
3620
3360cc019737
Implemented new signal handling framework, which makes handling signals much
Timo Sirainen <tss@iki.fi>
parents:
3597
diff
changeset
|
43 /* warn about being killed because of some signal, except SIGINT (^C) |
|
3360cc019737
Implemented new signal handling framework, which makes handling signals much
Timo Sirainen <tss@iki.fi>
parents:
3597
diff
changeset
|
44 which is too common at least while testing :) */ |
|
8883
5361cb6afe9e
When a process is killed, show the signal code and the sending process's pid and uid.
Timo Sirainen <tss@iki.fi>
parents:
8882
diff
changeset
|
45 if (si->si_signo != SIGINT) { |
|
5361cb6afe9e
When a process is killed, show the signal code and the sending process's pid and uid.
Timo Sirainen <tss@iki.fi>
parents:
8882
diff
changeset
|
46 i_warning("Killed with signal %d (by pid=%s uid=%s code=%s)", |
|
5361cb6afe9e
When a process is killed, show the signal code and the sending process's pid and uid.
Timo Sirainen <tss@iki.fi>
parents:
8882
diff
changeset
|
47 si->si_signo, dec2str(si->si_pid), |
|
5361cb6afe9e
When a process is killed, show the signal code and the sending process's pid and uid.
Timo Sirainen <tss@iki.fi>
parents:
8882
diff
changeset
|
48 dec2str(si->si_uid), |
|
5361cb6afe9e
When a process is killed, show the signal code and the sending process's pid and uid.
Timo Sirainen <tss@iki.fi>
parents:
8882
diff
changeset
|
49 lib_signal_code_to_str(si->si_signo, si->si_code)); |
|
5361cb6afe9e
When a process is killed, show the signal code and the sending process's pid and uid.
Timo Sirainen <tss@iki.fi>
parents:
8882
diff
changeset
|
50 } |
| 0 | 51 io_loop_stop(ioloop); |
| 52 } | |
| 53 | |
|
2075
5138b14889a6
dovecot-auth can now be run by itself, it listens in UNIX sockets specified
Timo Sirainen <tss@iki.fi>
parents:
2000
diff
changeset
|
54 static void open_logfile(void) |
| 0 | 55 { |
|
3724
d22c883021da
Added syslog_facility setting to config file.
Timo Sirainen <tss@iki.fi>
parents:
3689
diff
changeset
|
56 const char *env; |
|
d22c883021da
Added syslog_facility setting to config file.
Timo Sirainen <tss@iki.fi>
parents:
3689
diff
changeset
|
57 |
|
2075
5138b14889a6
dovecot-auth can now be run by itself, it listens in UNIX sockets specified
Timo Sirainen <tss@iki.fi>
parents:
2000
diff
changeset
|
58 if (getenv("LOG_TO_MASTER") != NULL) { |
|
5138b14889a6
dovecot-auth can now be run by itself, it listens in UNIX sockets specified
Timo Sirainen <tss@iki.fi>
parents:
2000
diff
changeset
|
59 i_set_failure_internal(); |
|
5138b14889a6
dovecot-auth can now be run by itself, it listens in UNIX sockets specified
Timo Sirainen <tss@iki.fi>
parents:
2000
diff
changeset
|
60 return; |
|
5138b14889a6
dovecot-auth can now be run by itself, it listens in UNIX sockets specified
Timo Sirainen <tss@iki.fi>
parents:
2000
diff
changeset
|
61 } |
| 0 | 62 |
|
3724
d22c883021da
Added syslog_facility setting to config file.
Timo Sirainen <tss@iki.fi>
parents:
3689
diff
changeset
|
63 if (getenv("USE_SYSLOG") != NULL) { |
|
d22c883021da
Added syslog_facility setting to config file.
Timo Sirainen <tss@iki.fi>
parents:
3689
diff
changeset
|
64 env = getenv("SYSLOG_FACILITY"); |
|
d22c883021da
Added syslog_facility setting to config file.
Timo Sirainen <tss@iki.fi>
parents:
3689
diff
changeset
|
65 i_set_failure_syslog("dovecot-auth", LOG_NDELAY, |
|
d22c883021da
Added syslog_facility setting to config file.
Timo Sirainen <tss@iki.fi>
parents:
3689
diff
changeset
|
66 env == NULL ? LOG_MAIL : atoi(env)); |
|
d22c883021da
Added syslog_facility setting to config file.
Timo Sirainen <tss@iki.fi>
parents:
3689
diff
changeset
|
67 } else { |
|
2075
5138b14889a6
dovecot-auth can now be run by itself, it listens in UNIX sockets specified
Timo Sirainen <tss@iki.fi>
parents:
2000
diff
changeset
|
68 /* log to file or stderr */ |
|
5333
55260092b094
Fixes to handling log prefixes. imap/pop3 processes now log the
Timo Sirainen <tss@iki.fi>
parents:
5249
diff
changeset
|
69 i_set_failure_file(getenv("LOGFILE"), "dovecot-auth: "); |
|
680
84e398270f7f
net_accept() returns now -2 for fatal failures.
Timo Sirainen <tss@iki.fi>
parents:
432
diff
changeset
|
70 } |
|
2075
5138b14889a6
dovecot-auth can now be run by itself, it listens in UNIX sockets specified
Timo Sirainen <tss@iki.fi>
parents:
2000
diff
changeset
|
71 |
|
5138b14889a6
dovecot-auth can now be run by itself, it listens in UNIX sockets specified
Timo Sirainen <tss@iki.fi>
parents:
2000
diff
changeset
|
72 if (getenv("INFOLOGFILE") != NULL) |
|
5138b14889a6
dovecot-auth can now be run by itself, it listens in UNIX sockets specified
Timo Sirainen <tss@iki.fi>
parents:
2000
diff
changeset
|
73 i_set_info_file(getenv("INFOLOGFILE")); |
|
5138b14889a6
dovecot-auth can now be run by itself, it listens in UNIX sockets specified
Timo Sirainen <tss@iki.fi>
parents:
2000
diff
changeset
|
74 |
|
5138b14889a6
dovecot-auth can now be run by itself, it listens in UNIX sockets specified
Timo Sirainen <tss@iki.fi>
parents:
2000
diff
changeset
|
75 i_set_failure_timestamp_format(getenv("LOGSTAMP")); |
| 0 | 76 } |
| 77 | |
|
2236
43b82a35888d
Dovecot can now connect to externally running dovecot-auth.
Timo Sirainen <tss@iki.fi>
parents:
2102
diff
changeset
|
78 static uid_t get_uid(const char *user) |
|
43b82a35888d
Dovecot can now connect to externally running dovecot-auth.
Timo Sirainen <tss@iki.fi>
parents:
2102
diff
changeset
|
79 { |
|
43b82a35888d
Dovecot can now connect to externally running dovecot-auth.
Timo Sirainen <tss@iki.fi>
parents:
2102
diff
changeset
|
80 struct passwd *pw; |
|
43b82a35888d
Dovecot can now connect to externally running dovecot-auth.
Timo Sirainen <tss@iki.fi>
parents:
2102
diff
changeset
|
81 |
|
43b82a35888d
Dovecot can now connect to externally running dovecot-auth.
Timo Sirainen <tss@iki.fi>
parents:
2102
diff
changeset
|
82 if (user == NULL) |
|
43b82a35888d
Dovecot can now connect to externally running dovecot-auth.
Timo Sirainen <tss@iki.fi>
parents:
2102
diff
changeset
|
83 return (uid_t)-1; |
|
8618
8bda844b1ee5
Auth sockets: Allow specifying user and group with numbers.
Timo Sirainen <tss@iki.fi>
parents:
8593
diff
changeset
|
84 if (is_numeric(user, '\0')) |
|
8bda844b1ee5
Auth sockets: Allow specifying user and group with numbers.
Timo Sirainen <tss@iki.fi>
parents:
8593
diff
changeset
|
85 return strtoul(user, NULL, 10); |
|
2236
43b82a35888d
Dovecot can now connect to externally running dovecot-auth.
Timo Sirainen <tss@iki.fi>
parents:
2102
diff
changeset
|
86 |
|
8830
d6acde4e9fe0
auth: Improved getpwnam() and getgrnam() error handling.
Timo Sirainen <tss@iki.fi>
parents:
8618
diff
changeset
|
87 errno = 0; |
|
d6acde4e9fe0
auth: Improved getpwnam() and getgrnam() error handling.
Timo Sirainen <tss@iki.fi>
parents:
8618
diff
changeset
|
88 if ((pw = getpwnam(user)) == NULL) { |
|
d6acde4e9fe0
auth: Improved getpwnam() and getgrnam() error handling.
Timo Sirainen <tss@iki.fi>
parents:
8618
diff
changeset
|
89 if (errno != 0) |
|
d6acde4e9fe0
auth: Improved getpwnam() and getgrnam() error handling.
Timo Sirainen <tss@iki.fi>
parents:
8618
diff
changeset
|
90 i_fatal("User '%s' lookup failed: %m", user); |
|
d6acde4e9fe0
auth: Improved getpwnam() and getgrnam() error handling.
Timo Sirainen <tss@iki.fi>
parents:
8618
diff
changeset
|
91 setpwent(); |
|
d6acde4e9fe0
auth: Improved getpwnam() and getgrnam() error handling.
Timo Sirainen <tss@iki.fi>
parents:
8618
diff
changeset
|
92 if (getpwent() == NULL) { |
|
d6acde4e9fe0
auth: Improved getpwnam() and getgrnam() error handling.
Timo Sirainen <tss@iki.fi>
parents:
8618
diff
changeset
|
93 if (errno != 0) |
|
d6acde4e9fe0
auth: Improved getpwnam() and getgrnam() error handling.
Timo Sirainen <tss@iki.fi>
parents:
8618
diff
changeset
|
94 i_fatal("getpwent() failed: %m"); |
|
d6acde4e9fe0
auth: Improved getpwnam() and getgrnam() error handling.
Timo Sirainen <tss@iki.fi>
parents:
8618
diff
changeset
|
95 i_fatal("getpwnam() failed for some reason. " |
|
d6acde4e9fe0
auth: Improved getpwnam() and getgrnam() error handling.
Timo Sirainen <tss@iki.fi>
parents:
8618
diff
changeset
|
96 "Is auth_process_size set to too low?"); |
|
d6acde4e9fe0
auth: Improved getpwnam() and getgrnam() error handling.
Timo Sirainen <tss@iki.fi>
parents:
8618
diff
changeset
|
97 } |
|
2236
43b82a35888d
Dovecot can now connect to externally running dovecot-auth.
Timo Sirainen <tss@iki.fi>
parents:
2102
diff
changeset
|
98 i_fatal("User doesn't exist: %s", user); |
|
8830
d6acde4e9fe0
auth: Improved getpwnam() and getgrnam() error handling.
Timo Sirainen <tss@iki.fi>
parents:
8618
diff
changeset
|
99 } |
|
2236
43b82a35888d
Dovecot can now connect to externally running dovecot-auth.
Timo Sirainen <tss@iki.fi>
parents:
2102
diff
changeset
|
100 return pw->pw_uid; |
|
43b82a35888d
Dovecot can now connect to externally running dovecot-auth.
Timo Sirainen <tss@iki.fi>
parents:
2102
diff
changeset
|
101 } |
|
43b82a35888d
Dovecot can now connect to externally running dovecot-auth.
Timo Sirainen <tss@iki.fi>
parents:
2102
diff
changeset
|
102 |
|
43b82a35888d
Dovecot can now connect to externally running dovecot-auth.
Timo Sirainen <tss@iki.fi>
parents:
2102
diff
changeset
|
103 static gid_t get_gid(const char *group) |
|
2075
5138b14889a6
dovecot-auth can now be run by itself, it listens in UNIX sockets specified
Timo Sirainen <tss@iki.fi>
parents:
2000
diff
changeset
|
104 { |
|
2236
43b82a35888d
Dovecot can now connect to externally running dovecot-auth.
Timo Sirainen <tss@iki.fi>
parents:
2102
diff
changeset
|
105 struct group *gr; |
|
43b82a35888d
Dovecot can now connect to externally running dovecot-auth.
Timo Sirainen <tss@iki.fi>
parents:
2102
diff
changeset
|
106 |
|
43b82a35888d
Dovecot can now connect to externally running dovecot-auth.
Timo Sirainen <tss@iki.fi>
parents:
2102
diff
changeset
|
107 if (group == NULL) |
|
43b82a35888d
Dovecot can now connect to externally running dovecot-auth.
Timo Sirainen <tss@iki.fi>
parents:
2102
diff
changeset
|
108 return (gid_t)-1; |
|
8618
8bda844b1ee5
Auth sockets: Allow specifying user and group with numbers.
Timo Sirainen <tss@iki.fi>
parents:
8593
diff
changeset
|
109 if (is_numeric(group, '\0')) |
|
8bda844b1ee5
Auth sockets: Allow specifying user and group with numbers.
Timo Sirainen <tss@iki.fi>
parents:
8593
diff
changeset
|
110 return strtoul(group, NULL, 10); |
|
2236
43b82a35888d
Dovecot can now connect to externally running dovecot-auth.
Timo Sirainen <tss@iki.fi>
parents:
2102
diff
changeset
|
111 |
|
8830
d6acde4e9fe0
auth: Improved getpwnam() and getgrnam() error handling.
Timo Sirainen <tss@iki.fi>
parents:
8618
diff
changeset
|
112 errno = 0; |
|
d6acde4e9fe0
auth: Improved getpwnam() and getgrnam() error handling.
Timo Sirainen <tss@iki.fi>
parents:
8618
diff
changeset
|
113 if ((gr = getgrnam(group)) == NULL) { |
|
d6acde4e9fe0
auth: Improved getpwnam() and getgrnam() error handling.
Timo Sirainen <tss@iki.fi>
parents:
8618
diff
changeset
|
114 if (errno != 0) |
|
d6acde4e9fe0
auth: Improved getpwnam() and getgrnam() error handling.
Timo Sirainen <tss@iki.fi>
parents:
8618
diff
changeset
|
115 i_fatal("Group '%s' lookup failed: %m", group); |
|
d6acde4e9fe0
auth: Improved getpwnam() and getgrnam() error handling.
Timo Sirainen <tss@iki.fi>
parents:
8618
diff
changeset
|
116 else |
|
d6acde4e9fe0
auth: Improved getpwnam() and getgrnam() error handling.
Timo Sirainen <tss@iki.fi>
parents:
8618
diff
changeset
|
117 i_fatal("Group doesn't exist: %s", group); |
|
d6acde4e9fe0
auth: Improved getpwnam() and getgrnam() error handling.
Timo Sirainen <tss@iki.fi>
parents:
8618
diff
changeset
|
118 } |
|
2236
43b82a35888d
Dovecot can now connect to externally running dovecot-auth.
Timo Sirainen <tss@iki.fi>
parents:
2102
diff
changeset
|
119 return gr->gr_gid; |
|
43b82a35888d
Dovecot can now connect to externally running dovecot-auth.
Timo Sirainen <tss@iki.fi>
parents:
2102
diff
changeset
|
120 } |
|
43b82a35888d
Dovecot can now connect to externally running dovecot-auth.
Timo Sirainen <tss@iki.fi>
parents:
2102
diff
changeset
|
121 |
|
3075
9cb91ed5a110
Added backlog parameter for net_listen*().
Timo Sirainen <tss@iki.fi>
parents:
3074
diff
changeset
|
122 static int create_unix_listener(const char *env, int backlog) |
|
2236
43b82a35888d
Dovecot can now connect to externally running dovecot-auth.
Timo Sirainen <tss@iki.fi>
parents:
2102
diff
changeset
|
123 { |
|
43b82a35888d
Dovecot can now connect to externally running dovecot-auth.
Timo Sirainen <tss@iki.fi>
parents:
2102
diff
changeset
|
124 const char *path, *mode, *user, *group; |
|
43b82a35888d
Dovecot can now connect to externally running dovecot-auth.
Timo Sirainen <tss@iki.fi>
parents:
2102
diff
changeset
|
125 mode_t old_umask; |
|
43b82a35888d
Dovecot can now connect to externally running dovecot-auth.
Timo Sirainen <tss@iki.fi>
parents:
2102
diff
changeset
|
126 unsigned int mask; |
|
43b82a35888d
Dovecot can now connect to externally running dovecot-auth.
Timo Sirainen <tss@iki.fi>
parents:
2102
diff
changeset
|
127 uid_t uid; |
|
43b82a35888d
Dovecot can now connect to externally running dovecot-auth.
Timo Sirainen <tss@iki.fi>
parents:
2102
diff
changeset
|
128 gid_t gid; |
|
8219
ec83f6dcb585
Added net_listen_unix_unlink_stale() and use it where needed to avoid code duplication.
Timo Sirainen <tss@iki.fi>
parents:
8069
diff
changeset
|
129 int fd; |
|
2236
43b82a35888d
Dovecot can now connect to externally running dovecot-auth.
Timo Sirainen <tss@iki.fi>
parents:
2102
diff
changeset
|
130 |
|
43b82a35888d
Dovecot can now connect to externally running dovecot-auth.
Timo Sirainen <tss@iki.fi>
parents:
2102
diff
changeset
|
131 path = getenv(env); |
|
43b82a35888d
Dovecot can now connect to externally running dovecot-auth.
Timo Sirainen <tss@iki.fi>
parents:
2102
diff
changeset
|
132 if (path == NULL) |
|
43b82a35888d
Dovecot can now connect to externally running dovecot-auth.
Timo Sirainen <tss@iki.fi>
parents:
2102
diff
changeset
|
133 return -1; |
|
43b82a35888d
Dovecot can now connect to externally running dovecot-auth.
Timo Sirainen <tss@iki.fi>
parents:
2102
diff
changeset
|
134 |
|
43b82a35888d
Dovecot can now connect to externally running dovecot-auth.
Timo Sirainen <tss@iki.fi>
parents:
2102
diff
changeset
|
135 mode = getenv(t_strdup_printf("%s_MODE", env)); |
|
43b82a35888d
Dovecot can now connect to externally running dovecot-auth.
Timo Sirainen <tss@iki.fi>
parents:
2102
diff
changeset
|
136 if (mode == NULL) |
|
43b82a35888d
Dovecot can now connect to externally running dovecot-auth.
Timo Sirainen <tss@iki.fi>
parents:
2102
diff
changeset
|
137 mask = 0177; /* default to 0600 */ |
|
43b82a35888d
Dovecot can now connect to externally running dovecot-auth.
Timo Sirainen <tss@iki.fi>
parents:
2102
diff
changeset
|
138 else { |
|
43b82a35888d
Dovecot can now connect to externally running dovecot-auth.
Timo Sirainen <tss@iki.fi>
parents:
2102
diff
changeset
|
139 if (sscanf(mode, "%o", &mask) != 1) |
|
43b82a35888d
Dovecot can now connect to externally running dovecot-auth.
Timo Sirainen <tss@iki.fi>
parents:
2102
diff
changeset
|
140 i_fatal("%s: Invalid mode %s", env, mode); |
|
43b82a35888d
Dovecot can now connect to externally running dovecot-auth.
Timo Sirainen <tss@iki.fi>
parents:
2102
diff
changeset
|
141 mask = (mask ^ 0777) & 0777; |
|
43b82a35888d
Dovecot can now connect to externally running dovecot-auth.
Timo Sirainen <tss@iki.fi>
parents:
2102
diff
changeset
|
142 } |
|
2075
5138b14889a6
dovecot-auth can now be run by itself, it listens in UNIX sockets specified
Timo Sirainen <tss@iki.fi>
parents:
2000
diff
changeset
|
143 |
|
2236
43b82a35888d
Dovecot can now connect to externally running dovecot-auth.
Timo Sirainen <tss@iki.fi>
parents:
2102
diff
changeset
|
144 old_umask = umask(mask); |
|
8219
ec83f6dcb585
Added net_listen_unix_unlink_stale() and use it where needed to avoid code duplication.
Timo Sirainen <tss@iki.fi>
parents:
8069
diff
changeset
|
145 fd = net_listen_unix_unlink_stale(path, backlog); |
|
ec83f6dcb585
Added net_listen_unix_unlink_stale() and use it where needed to avoid code duplication.
Timo Sirainen <tss@iki.fi>
parents:
8069
diff
changeset
|
146 umask(old_umask); |
|
ec83f6dcb585
Added net_listen_unix_unlink_stale() and use it where needed to avoid code duplication.
Timo Sirainen <tss@iki.fi>
parents:
8069
diff
changeset
|
147 if (fd == -1) { |
|
ec83f6dcb585
Added net_listen_unix_unlink_stale() and use it where needed to avoid code duplication.
Timo Sirainen <tss@iki.fi>
parents:
8069
diff
changeset
|
148 if (errno == EADDRINUSE) |
|
ec83f6dcb585
Added net_listen_unix_unlink_stale() and use it where needed to avoid code duplication.
Timo Sirainen <tss@iki.fi>
parents:
8069
diff
changeset
|
149 i_fatal("Socket already exists: %s", path); |
|
ec83f6dcb585
Added net_listen_unix_unlink_stale() and use it where needed to avoid code duplication.
Timo Sirainen <tss@iki.fi>
parents:
8069
diff
changeset
|
150 else |
|
2236
43b82a35888d
Dovecot can now connect to externally running dovecot-auth.
Timo Sirainen <tss@iki.fi>
parents:
2102
diff
changeset
|
151 i_fatal("net_listen_unix(%s) failed: %m", path); |
|
43b82a35888d
Dovecot can now connect to externally running dovecot-auth.
Timo Sirainen <tss@iki.fi>
parents:
2102
diff
changeset
|
152 } |
|
43b82a35888d
Dovecot can now connect to externally running dovecot-auth.
Timo Sirainen <tss@iki.fi>
parents:
2102
diff
changeset
|
153 |
|
43b82a35888d
Dovecot can now connect to externally running dovecot-auth.
Timo Sirainen <tss@iki.fi>
parents:
2102
diff
changeset
|
154 user = getenv(t_strdup_printf("%s_USER", env)); |
|
43b82a35888d
Dovecot can now connect to externally running dovecot-auth.
Timo Sirainen <tss@iki.fi>
parents:
2102
diff
changeset
|
155 group = getenv(t_strdup_printf("%s_GROUP", env)); |
|
43b82a35888d
Dovecot can now connect to externally running dovecot-auth.
Timo Sirainen <tss@iki.fi>
parents:
2102
diff
changeset
|
156 |
|
43b82a35888d
Dovecot can now connect to externally running dovecot-auth.
Timo Sirainen <tss@iki.fi>
parents:
2102
diff
changeset
|
157 uid = get_uid(user); gid = get_gid(group); |
|
43b82a35888d
Dovecot can now connect to externally running dovecot-auth.
Timo Sirainen <tss@iki.fi>
parents:
2102
diff
changeset
|
158 if (chown(path, uid, gid) < 0) { |
|
43b82a35888d
Dovecot can now connect to externally running dovecot-auth.
Timo Sirainen <tss@iki.fi>
parents:
2102
diff
changeset
|
159 i_fatal("chown(%s, %s, %s) failed: %m", |
|
43b82a35888d
Dovecot can now connect to externally running dovecot-auth.
Timo Sirainen <tss@iki.fi>
parents:
2102
diff
changeset
|
160 path, dec2str(uid), dec2str(gid)); |
|
43b82a35888d
Dovecot can now connect to externally running dovecot-auth.
Timo Sirainen <tss@iki.fi>
parents:
2102
diff
changeset
|
161 } |
|
43b82a35888d
Dovecot can now connect to externally running dovecot-auth.
Timo Sirainen <tss@iki.fi>
parents:
2102
diff
changeset
|
162 |
|
43b82a35888d
Dovecot can now connect to externally running dovecot-auth.
Timo Sirainen <tss@iki.fi>
parents:
2102
diff
changeset
|
163 return fd; |
|
43b82a35888d
Dovecot can now connect to externally running dovecot-auth.
Timo Sirainen <tss@iki.fi>
parents:
2102
diff
changeset
|
164 } |
|
43b82a35888d
Dovecot can now connect to externally running dovecot-auth.
Timo Sirainen <tss@iki.fi>
parents:
2102
diff
changeset
|
165 |
|
43b82a35888d
Dovecot can now connect to externally running dovecot-auth.
Timo Sirainen <tss@iki.fi>
parents:
2102
diff
changeset
|
166 static void add_extra_listeners(void) |
|
43b82a35888d
Dovecot can now connect to externally running dovecot-auth.
Timo Sirainen <tss@iki.fi>
parents:
2102
diff
changeset
|
167 { |
|
3308
3f090bcaffcc
Allow multiple master connections for a single listener.
Timo Sirainen <tss@iki.fi>
parents:
3307
diff
changeset
|
168 struct auth_master_listener *listener; |
|
2236
43b82a35888d
Dovecot can now connect to externally running dovecot-auth.
Timo Sirainen <tss@iki.fi>
parents:
2102
diff
changeset
|
169 const char *str, *client_path, *master_path; |
|
43b82a35888d
Dovecot can now connect to externally running dovecot-auth.
Timo Sirainen <tss@iki.fi>
parents:
2102
diff
changeset
|
170 int client_fd, master_fd; |
|
43b82a35888d
Dovecot can now connect to externally running dovecot-auth.
Timo Sirainen <tss@iki.fi>
parents:
2102
diff
changeset
|
171 unsigned int i; |
|
43b82a35888d
Dovecot can now connect to externally running dovecot-auth.
Timo Sirainen <tss@iki.fi>
parents:
2102
diff
changeset
|
172 |
|
43b82a35888d
Dovecot can now connect to externally running dovecot-auth.
Timo Sirainen <tss@iki.fi>
parents:
2102
diff
changeset
|
173 for (i = 1;; i++) { |
|
43b82a35888d
Dovecot can now connect to externally running dovecot-auth.
Timo Sirainen <tss@iki.fi>
parents:
2102
diff
changeset
|
174 client_path = getenv(t_strdup_printf("AUTH_%u", i)); |
|
43b82a35888d
Dovecot can now connect to externally running dovecot-auth.
Timo Sirainen <tss@iki.fi>
parents:
2102
diff
changeset
|
175 master_path = getenv(t_strdup_printf("AUTH_%u_MASTER", i)); |
|
6940
414c9d631a81
Replaced t_push/t_pop calls with T_FRAME*() macros.
Timo Sirainen <tss@iki.fi>
parents:
6429
diff
changeset
|
176 if (client_path == NULL && master_path == NULL) |
|
2236
43b82a35888d
Dovecot can now connect to externally running dovecot-auth.
Timo Sirainen <tss@iki.fi>
parents:
2102
diff
changeset
|
177 break; |
|
2075
5138b14889a6
dovecot-auth can now be run by itself, it listens in UNIX sockets specified
Timo Sirainen <tss@iki.fi>
parents:
2000
diff
changeset
|
178 |
|
2236
43b82a35888d
Dovecot can now connect to externally running dovecot-auth.
Timo Sirainen <tss@iki.fi>
parents:
2102
diff
changeset
|
179 str = t_strdup_printf("AUTH_%u", i); |
|
8593
3cccf56e802a
Increase listen queues to handle high loads better.
Timo Sirainen <tss@iki.fi>
parents:
8590
diff
changeset
|
180 client_fd = create_unix_listener(str, 128); |
|
2236
43b82a35888d
Dovecot can now connect to externally running dovecot-auth.
Timo Sirainen <tss@iki.fi>
parents:
2102
diff
changeset
|
181 str = t_strdup_printf("AUTH_%u_MASTER", i); |
|
8593
3cccf56e802a
Increase listen queues to handle high loads better.
Timo Sirainen <tss@iki.fi>
parents:
8590
diff
changeset
|
182 master_fd = create_unix_listener(str, 128); |
|
2236
43b82a35888d
Dovecot can now connect to externally running dovecot-auth.
Timo Sirainen <tss@iki.fi>
parents:
2102
diff
changeset
|
183 |
|
3308
3f090bcaffcc
Allow multiple master connections for a single listener.
Timo Sirainen <tss@iki.fi>
parents:
3307
diff
changeset
|
184 listener = auth_master_listener_create(auth); |
|
2236
43b82a35888d
Dovecot can now connect to externally running dovecot-auth.
Timo Sirainen <tss@iki.fi>
parents:
2102
diff
changeset
|
185 if (master_fd != -1) { |
|
3308
3f090bcaffcc
Allow multiple master connections for a single listener.
Timo Sirainen <tss@iki.fi>
parents:
3307
diff
changeset
|
186 auth_master_listener_add(listener, master_fd, |
|
3f090bcaffcc
Allow multiple master connections for a single listener.
Timo Sirainen <tss@iki.fi>
parents:
3307
diff
changeset
|
187 master_path, LISTENER_MASTER); |
|
2236
43b82a35888d
Dovecot can now connect to externally running dovecot-auth.
Timo Sirainen <tss@iki.fi>
parents:
2102
diff
changeset
|
188 } |
|
43b82a35888d
Dovecot can now connect to externally running dovecot-auth.
Timo Sirainen <tss@iki.fi>
parents:
2102
diff
changeset
|
189 if (client_fd != -1) { |
|
3308
3f090bcaffcc
Allow multiple master connections for a single listener.
Timo Sirainen <tss@iki.fi>
parents:
3307
diff
changeset
|
190 auth_master_listener_add(listener, client_fd, |
|
3f090bcaffcc
Allow multiple master connections for a single listener.
Timo Sirainen <tss@iki.fi>
parents:
3307
diff
changeset
|
191 client_path, LISTENER_CLIENT); |
|
2236
43b82a35888d
Dovecot can now connect to externally running dovecot-auth.
Timo Sirainen <tss@iki.fi>
parents:
2102
diff
changeset
|
192 } |
|
2075
5138b14889a6
dovecot-auth can now be run by itself, it listens in UNIX sockets specified
Timo Sirainen <tss@iki.fi>
parents:
2000
diff
changeset
|
193 } |
|
5138b14889a6
dovecot-auth can now be run by itself, it listens in UNIX sockets specified
Timo Sirainen <tss@iki.fi>
parents:
2000
diff
changeset
|
194 } |
|
5138b14889a6
dovecot-auth can now be run by itself, it listens in UNIX sockets specified
Timo Sirainen <tss@iki.fi>
parents:
2000
diff
changeset
|
195 |
|
3011
ea37520d92e3
Fixes for using socket listen { .. } in auth sections.
Timo Sirainen <tss@iki.fi>
parents:
2708
diff
changeset
|
196 static void drop_privileges(void) |
|
ea37520d92e3
Fixes for using socket listen { .. } in auth sections.
Timo Sirainen <tss@iki.fi>
parents:
2708
diff
changeset
|
197 { |
|
6190
141c3abcac56
If version_ignore=yes, ignore plugin versions also.
Timo Sirainen <tss@iki.fi>
parents:
6189
diff
changeset
|
198 const char *version; |
|
141c3abcac56
If version_ignore=yes, ignore plugin versions also.
Timo Sirainen <tss@iki.fi>
parents:
6189
diff
changeset
|
199 |
|
141c3abcac56
If version_ignore=yes, ignore plugin versions also.
Timo Sirainen <tss@iki.fi>
parents:
6189
diff
changeset
|
200 version = getenv("DOVECOT_VERSION"); |
|
141c3abcac56
If version_ignore=yes, ignore plugin versions also.
Timo Sirainen <tss@iki.fi>
parents:
6189
diff
changeset
|
201 if (version != NULL && strcmp(version, PACKAGE_VERSION) != 0) { |
|
141c3abcac56
If version_ignore=yes, ignore plugin versions also.
Timo Sirainen <tss@iki.fi>
parents:
6189
diff
changeset
|
202 i_fatal("Dovecot version mismatch: " |
|
141c3abcac56
If version_ignore=yes, ignore plugin versions also.
Timo Sirainen <tss@iki.fi>
parents:
6189
diff
changeset
|
203 "Master is v%s, dovecot-auth is v"PACKAGE_VERSION" " |
|
141c3abcac56
If version_ignore=yes, ignore plugin versions also.
Timo Sirainen <tss@iki.fi>
parents:
6189
diff
changeset
|
204 "(if you don't care, set version_ignore=yes)", version); |
|
141c3abcac56
If version_ignore=yes, ignore plugin versions also.
Timo Sirainen <tss@iki.fi>
parents:
6189
diff
changeset
|
205 } |
|
141c3abcac56
If version_ignore=yes, ignore plugin versions also.
Timo Sirainen <tss@iki.fi>
parents:
6189
diff
changeset
|
206 |
|
8069
6396a64b0fcb
dovecot-auth: Give a nice error message if you try to run it manually.
Timo Sirainen <tss@iki.fi>
parents:
7226
diff
changeset
|
207 standalone = getenv("DOVECOT_MASTER") == NULL; |
|
6396a64b0fcb
dovecot-auth: Give a nice error message if you try to run it manually.
Timo Sirainen <tss@iki.fi>
parents:
7226
diff
changeset
|
208 if (standalone && getenv("AUTH_1") == NULL) { |
|
6396a64b0fcb
dovecot-auth: Give a nice error message if you try to run it manually.
Timo Sirainen <tss@iki.fi>
parents:
7226
diff
changeset
|
209 i_fatal("dovecot-auth is usually started through " |
|
6396a64b0fcb
dovecot-auth: Give a nice error message if you try to run it manually.
Timo Sirainen <tss@iki.fi>
parents:
7226
diff
changeset
|
210 "dovecot master process. If you wish to run " |
|
6396a64b0fcb
dovecot-auth: Give a nice error message if you try to run it manually.
Timo Sirainen <tss@iki.fi>
parents:
7226
diff
changeset
|
211 "it standalone, you'll need to set AUTH_* " |
|
6396a64b0fcb
dovecot-auth: Give a nice error message if you try to run it manually.
Timo Sirainen <tss@iki.fi>
parents:
7226
diff
changeset
|
212 "environment variables (AUTH_1 isn't set)."); |
|
6396a64b0fcb
dovecot-auth: Give a nice error message if you try to run it manually.
Timo Sirainen <tss@iki.fi>
parents:
7226
diff
changeset
|
213 } |
|
6396a64b0fcb
dovecot-auth: Give a nice error message if you try to run it manually.
Timo Sirainen <tss@iki.fi>
parents:
7226
diff
changeset
|
214 |
|
3011
ea37520d92e3
Fixes for using socket listen { .. } in auth sections.
Timo Sirainen <tss@iki.fi>
parents:
2708
diff
changeset
|
215 open_logfile(); |
|
ea37520d92e3
Fixes for using socket listen { .. } in auth sections.
Timo Sirainen <tss@iki.fi>
parents:
2708
diff
changeset
|
216 |
|
ea37520d92e3
Fixes for using socket listen { .. } in auth sections.
Timo Sirainen <tss@iki.fi>
parents:
2708
diff
changeset
|
217 /* Open /dev/urandom before chrooting */ |
|
ea37520d92e3
Fixes for using socket listen { .. } in auth sections.
Timo Sirainen <tss@iki.fi>
parents:
2708
diff
changeset
|
218 random_init(); |
|
ea37520d92e3
Fixes for using socket listen { .. } in auth sections.
Timo Sirainen <tss@iki.fi>
parents:
2708
diff
changeset
|
219 |
|
3943
cbe5c6772e0d
Added support for dynamically building SQL drivers.
Timo Sirainen <tss@iki.fi>
parents:
3879
diff
changeset
|
220 /* Load built-in SQL drivers (if any) */ |
|
cbe5c6772e0d
Added support for dynamically building SQL drivers.
Timo Sirainen <tss@iki.fi>
parents:
3879
diff
changeset
|
221 sql_drivers_init(); |
|
cbe5c6772e0d
Added support for dynamically building SQL drivers.
Timo Sirainen <tss@iki.fi>
parents:
3879
diff
changeset
|
222 sql_drivers_register_all(); |
|
cbe5c6772e0d
Added support for dynamically building SQL drivers.
Timo Sirainen <tss@iki.fi>
parents:
3879
diff
changeset
|
223 |
|
3011
ea37520d92e3
Fixes for using socket listen { .. } in auth sections.
Timo Sirainen <tss@iki.fi>
parents:
2708
diff
changeset
|
224 /* Initialize databases so their configuration files can be readable |
|
ea37520d92e3
Fixes for using socket listen { .. } in auth sections.
Timo Sirainen <tss@iki.fi>
parents:
2708
diff
changeset
|
225 only by root. Also load all modules here. */ |
|
6187
7c81e6d848f6
Added pass/userdb_register_module() functions and used them to register the
Timo Sirainen <tss@iki.fi>
parents:
5333
diff
changeset
|
226 passdbs_init(); |
|
7c81e6d848f6
Added pass/userdb_register_module() functions and used them to register the
Timo Sirainen <tss@iki.fi>
parents:
5333
diff
changeset
|
227 userdbs_init(); |
|
6190
141c3abcac56
If version_ignore=yes, ignore plugin versions also.
Timo Sirainen <tss@iki.fi>
parents:
6189
diff
changeset
|
228 modules = module_dir_load(AUTH_MODULE_DIR, NULL, TRUE, version); |
| 6197 | 229 module_dir_init(modules); |
|
3065
29d83a8bb50d
Reorganized the code to have less global/static variables.
Timo Sirainen <tss@iki.fi>
parents:
3064
diff
changeset
|
230 auth = auth_preinit(); |
|
3308
3f090bcaffcc
Allow multiple master connections for a single listener.
Timo Sirainen <tss@iki.fi>
parents:
3307
diff
changeset
|
231 auth_master_listeners_init(); |
|
3166
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3078
diff
changeset
|
232 if (!worker) |
|
3077
eb46a5dee02d
Changed the way multiple auth processes are handled. It no longer uses a pid
Timo Sirainen <tss@iki.fi>
parents:
3075
diff
changeset
|
233 add_extra_listeners(); |
|
3011
ea37520d92e3
Fixes for using socket listen { .. } in auth sections.
Timo Sirainen <tss@iki.fi>
parents:
2708
diff
changeset
|
234 |
|
ea37520d92e3
Fixes for using socket listen { .. } in auth sections.
Timo Sirainen <tss@iki.fi>
parents:
2708
diff
changeset
|
235 /* Password lookups etc. may require roots, allow it. */ |
|
7109
e6823d781317
Reverted "environment array" changes. It broke overriding imap/pop3 settings
Timo Sirainen <tss@iki.fi>
parents:
7091
diff
changeset
|
236 restrict_access_by_env(FALSE); |
|
8889
c5cb1f27caea
Try to make sure auth process can dump core, and if it can't try to find why.
Timo Sirainen <tss@iki.fi>
parents:
8883
diff
changeset
|
237 restrict_access_allow_coredumps(TRUE); |
|
3011
ea37520d92e3
Fixes for using socket listen { .. } in auth sections.
Timo Sirainen <tss@iki.fi>
parents:
2708
diff
changeset
|
238 } |
|
ea37520d92e3
Fixes for using socket listen { .. } in auth sections.
Timo Sirainen <tss@iki.fi>
parents:
2708
diff
changeset
|
239 |
|
3863
55df57c028d4
Added "bool" type and changed all ints that were used as booleans to bool.
Timo Sirainen <tss@iki.fi>
parents:
3729
diff
changeset
|
240 static void main_init(bool nodaemon) |
| 0 | 241 { |
|
3308
3f090bcaffcc
Allow multiple master connections for a single listener.
Timo Sirainen <tss@iki.fi>
parents:
3307
diff
changeset
|
242 struct auth_master_listener *listener; |
| 3074 | 243 |
|
3077
eb46a5dee02d
Changed the way multiple auth processes are handled. It no longer uses a pid
Timo Sirainen <tss@iki.fi>
parents:
3075
diff
changeset
|
244 process_start_time = ioloop_time; |
|
3620
3360cc019737
Implemented new signal handling framework, which makes handling signals much
Timo Sirainen <tss@iki.fi>
parents:
3597
diff
changeset
|
245 |
|
3360cc019737
Implemented new signal handling framework, which makes handling signals much
Timo Sirainen <tss@iki.fi>
parents:
3597
diff
changeset
|
246 lib_signals_init(); |
|
3360cc019737
Implemented new signal handling framework, which makes handling signals much
Timo Sirainen <tss@iki.fi>
parents:
3597
diff
changeset
|
247 lib_signals_set_handler(SIGINT, TRUE, sig_die, NULL); |
|
3360cc019737
Implemented new signal handling framework, which makes handling signals much
Timo Sirainen <tss@iki.fi>
parents:
3597
diff
changeset
|
248 lib_signals_set_handler(SIGTERM, TRUE, sig_die, NULL); |
|
4903
204d7edc7cdc
Added context parameter type safety checks for most callback APIs.
Timo Sirainen <tss@iki.fi>
parents:
4553
diff
changeset
|
249 lib_signals_ignore(SIGPIPE, TRUE); |
|
204d7edc7cdc
Added context parameter type safety checks for most callback APIs.
Timo Sirainen <tss@iki.fi>
parents:
4553
diff
changeset
|
250 lib_signals_ignore(SIGALRM, FALSE); |
|
3073
7e0caae73c59
Require a valid timestamp in APOP challenge.
Timo Sirainen <tss@iki.fi>
parents:
3069
diff
changeset
|
251 |
|
3643
5207179e47de
Don't crash with SIGHUP/SIGUSR2 if auth_cache isn't used
Timo Sirainen <tss@iki.fi>
parents:
3620
diff
changeset
|
252 /* If auth caches aren't used, just ignore these signals */ |
|
4903
204d7edc7cdc
Added context parameter type safety checks for most callback APIs.
Timo Sirainen <tss@iki.fi>
parents:
4553
diff
changeset
|
253 lib_signals_ignore(SIGHUP, TRUE); |
|
204d7edc7cdc
Added context parameter type safety checks for most callback APIs.
Timo Sirainen <tss@iki.fi>
parents:
4553
diff
changeset
|
254 lib_signals_ignore(SIGUSR2, TRUE); |
|
3643
5207179e47de
Don't crash with SIGHUP/SIGUSR2 if auth_cache isn't used
Timo Sirainen <tss@iki.fi>
parents:
3620
diff
changeset
|
255 |
|
8317
62e134c25a5e
The new checkpassword code was still missing a bit to actually work.
Timo Sirainen <tss@iki.fi>
parents:
8219
diff
changeset
|
256 child_wait_init(); |
|
3065
29d83a8bb50d
Reorganized the code to have less global/static variables.
Timo Sirainen <tss@iki.fi>
parents:
3064
diff
changeset
|
257 mech_init(); |
|
6940
414c9d631a81
Replaced t_push/t_pop calls with T_FRAME*() macros.
Timo Sirainen <tss@iki.fi>
parents:
6429
diff
changeset
|
258 password_schemes_init(); |
|
3065
29d83a8bb50d
Reorganized the code to have less global/static variables.
Timo Sirainen <tss@iki.fi>
parents:
3064
diff
changeset
|
259 auth_init(auth); |
|
3166
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3078
diff
changeset
|
260 auth_request_handler_init(); |
| 2649 | 261 |
|
3166
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3078
diff
changeset
|
262 if (worker) { |
|
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3078
diff
changeset
|
263 worker_client = |
|
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3078
diff
changeset
|
264 auth_worker_client_create(auth, WORKER_SERVER_FD); |
|
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3078
diff
changeset
|
265 return; |
|
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3078
diff
changeset
|
266 } |
|
1035
fe49ece0f3ea
We have now separate "userdb" and "passdb". They aren't tied to each others
Timo Sirainen <tss@iki.fi>
parents:
998
diff
changeset
|
267 |
|
8069
6396a64b0fcb
dovecot-auth: Give a nice error message if you try to run it manually.
Timo Sirainen <tss@iki.fi>
parents:
7226
diff
changeset
|
268 if (getenv("DOVECOT_MASTER") == NULL) { |
|
2075
5138b14889a6
dovecot-auth can now be run by itself, it listens in UNIX sockets specified
Timo Sirainen <tss@iki.fi>
parents:
2000
diff
changeset
|
269 /* starting standalone */ |
|
2236
43b82a35888d
Dovecot can now connect to externally running dovecot-auth.
Timo Sirainen <tss@iki.fi>
parents:
2102
diff
changeset
|
270 if (!nodaemon) { |
|
43b82a35888d
Dovecot can now connect to externally running dovecot-auth.
Timo Sirainen <tss@iki.fi>
parents:
2102
diff
changeset
|
271 switch (fork()) { |
|
43b82a35888d
Dovecot can now connect to externally running dovecot-auth.
Timo Sirainen <tss@iki.fi>
parents:
2102
diff
changeset
|
272 case -1: |
|
43b82a35888d
Dovecot can now connect to externally running dovecot-auth.
Timo Sirainen <tss@iki.fi>
parents:
2102
diff
changeset
|
273 i_fatal("fork() failed: %m"); |
|
43b82a35888d
Dovecot can now connect to externally running dovecot-auth.
Timo Sirainen <tss@iki.fi>
parents:
2102
diff
changeset
|
274 case 0: |
|
43b82a35888d
Dovecot can now connect to externally running dovecot-auth.
Timo Sirainen <tss@iki.fi>
parents:
2102
diff
changeset
|
275 break; |
|
43b82a35888d
Dovecot can now connect to externally running dovecot-auth.
Timo Sirainen <tss@iki.fi>
parents:
2102
diff
changeset
|
276 default: |
|
43b82a35888d
Dovecot can now connect to externally running dovecot-auth.
Timo Sirainen <tss@iki.fi>
parents:
2102
diff
changeset
|
277 exit(0); |
|
43b82a35888d
Dovecot can now connect to externally running dovecot-auth.
Timo Sirainen <tss@iki.fi>
parents:
2102
diff
changeset
|
278 } |
|
925
2e649dec0f09
Auth and login processes send an "we're ok" reply at the end of
Timo Sirainen <tss@iki.fi>
parents:
903
diff
changeset
|
279 |
|
2236
43b82a35888d
Dovecot can now connect to externally running dovecot-auth.
Timo Sirainen <tss@iki.fi>
parents:
2102
diff
changeset
|
280 if (setsid() < 0) |
|
43b82a35888d
Dovecot can now connect to externally running dovecot-auth.
Timo Sirainen <tss@iki.fi>
parents:
2102
diff
changeset
|
281 i_fatal("setsid() failed: %m"); |
|
43b82a35888d
Dovecot can now connect to externally running dovecot-auth.
Timo Sirainen <tss@iki.fi>
parents:
2102
diff
changeset
|
282 |
|
43b82a35888d
Dovecot can now connect to externally running dovecot-auth.
Timo Sirainen <tss@iki.fi>
parents:
2102
diff
changeset
|
283 if (chdir("/") < 0) |
|
43b82a35888d
Dovecot can now connect to externally running dovecot-auth.
Timo Sirainen <tss@iki.fi>
parents:
2102
diff
changeset
|
284 i_fatal("chdir(/) failed: %m"); |
|
43b82a35888d
Dovecot can now connect to externally running dovecot-auth.
Timo Sirainen <tss@iki.fi>
parents:
2102
diff
changeset
|
285 } |
|
3166
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3078
diff
changeset
|
286 } else { |
|
3308
3f090bcaffcc
Allow multiple master connections for a single listener.
Timo Sirainen <tss@iki.fi>
parents:
3307
diff
changeset
|
287 listener = auth_master_listener_create(auth); |
|
3f090bcaffcc
Allow multiple master connections for a single listener.
Timo Sirainen <tss@iki.fi>
parents:
3307
diff
changeset
|
288 (void)auth_master_connection_create(listener, MASTER_SOCKET_FD); |
|
3f090bcaffcc
Allow multiple master connections for a single listener.
Timo Sirainen <tss@iki.fi>
parents:
3307
diff
changeset
|
289 auth_master_listener_add(listener, CLIENT_LISTEN_FD, |
|
3f090bcaffcc
Allow multiple master connections for a single listener.
Timo Sirainen <tss@iki.fi>
parents:
3307
diff
changeset
|
290 NULL, LISTENER_CLIENT); |
|
2075
5138b14889a6
dovecot-auth can now be run by itself, it listens in UNIX sockets specified
Timo Sirainen <tss@iki.fi>
parents:
2000
diff
changeset
|
291 } |
|
5138b14889a6
dovecot-auth can now be run by itself, it listens in UNIX sockets specified
Timo Sirainen <tss@iki.fi>
parents:
2000
diff
changeset
|
292 |
|
5138b14889a6
dovecot-auth can now be run by itself, it listens in UNIX sockets specified
Timo Sirainen <tss@iki.fi>
parents:
2000
diff
changeset
|
293 /* everything initialized, notify masters that all is well */ |
|
3308
3f090bcaffcc
Allow multiple master connections for a single listener.
Timo Sirainen <tss@iki.fi>
parents:
3307
diff
changeset
|
294 auth_master_listeners_send_handshake(); |
| 0 | 295 } |
| 296 | |
| 297 static void main_deinit(void) | |
| 298 { | |
|
3166
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3078
diff
changeset
|
299 if (worker_client != NULL) |
|
3879
928229f8b3e6
deinit, unref, destroy, close, free, etc. functions now take a pointer to
Timo Sirainen <tss@iki.fi>
parents:
3863
diff
changeset
|
300 auth_worker_client_unref(&worker_client); |
|
3307
38754475d3b6
Exit only if all master connections are lost, not only if one of them is.
Timo Sirainen <tss@iki.fi>
parents:
3183
diff
changeset
|
301 else |
|
7088
958500009336
Make sure failed auth requests stay in failure buffer for at least a second.
Timo Sirainen <tss@iki.fi>
parents:
7086
diff
changeset
|
302 auth_request_handler_flush_failures(TRUE); |
|
3077
eb46a5dee02d
Changed the way multiple auth processes are handled. It no longer uses a pid
Timo Sirainen <tss@iki.fi>
parents:
3075
diff
changeset
|
303 |
|
3414
c2497d4c60c9
Auth workers were leaking memory for each request. Fixed also a few invalid
Timo Sirainen <tss@iki.fi>
parents:
3308
diff
changeset
|
304 auth_worker_server_deinit(); |
|
3308
3f090bcaffcc
Allow multiple master connections for a single listener.
Timo Sirainen <tss@iki.fi>
parents:
3307
diff
changeset
|
305 auth_master_listeners_deinit(); |
|
6189
968430741daf
Changed plugin handling. We'll just load and call _init() functions for all
Timo Sirainen <tss@iki.fi>
parents:
6187
diff
changeset
|
306 |
| 6197 | 307 auth_deinit(&auth); |
|
6189
968430741daf
Changed plugin handling. We'll just load and call _init() functions for all
Timo Sirainen <tss@iki.fi>
parents:
6187
diff
changeset
|
308 module_dir_unload(&modules); |
|
6187
7c81e6d848f6
Added pass/userdb_register_module() functions and used them to register the
Timo Sirainen <tss@iki.fi>
parents:
5333
diff
changeset
|
309 userdbs_deinit(); |
|
7c81e6d848f6
Added pass/userdb_register_module() functions and used them to register the
Timo Sirainen <tss@iki.fi>
parents:
5333
diff
changeset
|
310 passdbs_deinit(); |
|
1035
fe49ece0f3ea
We have now separate "userdb" and "passdb". They aren't tied to each others
Timo Sirainen <tss@iki.fi>
parents:
998
diff
changeset
|
311 mech_deinit(); |
|
fe49ece0f3ea
We have now separate "userdb" and "passdb". They aren't tied to each others
Timo Sirainen <tss@iki.fi>
parents:
998
diff
changeset
|
312 |
|
3166
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3078
diff
changeset
|
313 password_schemes_deinit(); |
|
3943
cbe5c6772e0d
Added support for dynamically building SQL drivers.
Timo Sirainen <tss@iki.fi>
parents:
3879
diff
changeset
|
314 sql_drivers_deinit(); |
|
432
250a30e3cf70
Initialize random generator before chrooting so it can open /dev/urandom
Timo Sirainen <tss@iki.fi>
parents:
389
diff
changeset
|
315 random_deinit(); |
|
250a30e3cf70
Initialize random generator before chrooting so it can open /dev/urandom
Timo Sirainen <tss@iki.fi>
parents:
389
diff
changeset
|
316 |
|
8317
62e134c25a5e
The new checkpassword code was still missing a bit to actually work.
Timo Sirainen <tss@iki.fi>
parents:
8219
diff
changeset
|
317 child_wait_deinit(); |
|
3620
3360cc019737
Implemented new signal handling framework, which makes handling signals much
Timo Sirainen <tss@iki.fi>
parents:
3597
diff
changeset
|
318 lib_signals_deinit(); |
| 0 | 319 closelog(); |
| 320 } | |
| 321 | |
|
6411
6a64e64fa3a3
Renamed __attr_*__ to ATTR_*. Renamed __attrs_used__ to ATTRS_DEFINED.
Timo Sirainen <tss@iki.fi>
parents:
6197
diff
changeset
|
322 int main(int argc ATTR_UNUSED, char *argv[]) |
| 0 | 323 { |
|
3863
55df57c028d4
Added "bool" type and changed all ints that were used as booleans to bool.
Timo Sirainen <tss@iki.fi>
parents:
3729
diff
changeset
|
324 bool foreground = FALSE; |
|
3077
eb46a5dee02d
Changed the way multiple auth processes are handled. It no longer uses a pid
Timo Sirainen <tss@iki.fi>
parents:
3075
diff
changeset
|
325 |
|
727
8dd8ebe6bcac
We use close-on-exec flag now to make sure that master process closes the
Timo Sirainen <tss@iki.fi>
parents:
699
diff
changeset
|
326 #ifdef DEBUG |
|
2236
43b82a35888d
Dovecot can now connect to externally running dovecot-auth.
Timo Sirainen <tss@iki.fi>
parents:
2102
diff
changeset
|
327 if (getenv("GDB") == NULL) |
|
3166
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3078
diff
changeset
|
328 fd_debug_verify_leaks(WORKER_SERVER_FD + 1, 1024); |
|
727
8dd8ebe6bcac
We use close-on-exec flag now to make sure that master process closes the
Timo Sirainen <tss@iki.fi>
parents:
699
diff
changeset
|
329 #endif |
| 0 | 330 /* NOTE: we start rooted, so keep the code minimal until |
| 331 restrict_access_by_env() is called */ | |
| 332 lib_init(); | |
|
5249
784dc7224718
Removed pool parameter from io_loop_create()
Timo Sirainen <tss@iki.fi>
parents:
5038
diff
changeset
|
333 ioloop = io_loop_create(); |
|
801
86224ff16bf6
Drop root privileges earlier. Close syslog more later in imap-master when
Timo Sirainen <tss@iki.fi>
parents:
727
diff
changeset
|
334 |
|
3077
eb46a5dee02d
Changed the way multiple auth processes are handled. It no longer uses a pid
Timo Sirainen <tss@iki.fi>
parents:
3075
diff
changeset
|
335 while (argv[1] != NULL) { |
|
eb46a5dee02d
Changed the way multiple auth processes are handled. It no longer uses a pid
Timo Sirainen <tss@iki.fi>
parents:
3075
diff
changeset
|
336 if (strcmp(argv[1], "-F") == 0) |
|
eb46a5dee02d
Changed the way multiple auth processes are handled. It no longer uses a pid
Timo Sirainen <tss@iki.fi>
parents:
3075
diff
changeset
|
337 foreground = TRUE; |
|
3166
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3078
diff
changeset
|
338 else if (strcmp(argv[1], "-w") == 0) |
|
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3078
diff
changeset
|
339 worker = TRUE; |
|
3077
eb46a5dee02d
Changed the way multiple auth processes are handled. It no longer uses a pid
Timo Sirainen <tss@iki.fi>
parents:
3075
diff
changeset
|
340 argv++; |
|
eb46a5dee02d
Changed the way multiple auth processes are handled. It no longer uses a pid
Timo Sirainen <tss@iki.fi>
parents:
3075
diff
changeset
|
341 } |
|
eb46a5dee02d
Changed the way multiple auth processes are handled. It no longer uses a pid
Timo Sirainen <tss@iki.fi>
parents:
3075
diff
changeset
|
342 |
|
7226
e6693a0ec8e1
Renamed T_FRAME_BEGIN/END to T_BEGIN/END. Removed T_FRAME() macro and
Timo Sirainen <tss@iki.fi>
parents:
7109
diff
changeset
|
343 T_BEGIN { |
|
6940
414c9d631a81
Replaced t_push/t_pop calls with T_FRAME*() macros.
Timo Sirainen <tss@iki.fi>
parents:
6429
diff
changeset
|
344 drop_privileges(); |
|
414c9d631a81
Replaced t_push/t_pop calls with T_FRAME*() macros.
Timo Sirainen <tss@iki.fi>
parents:
6429
diff
changeset
|
345 main_init(foreground); |
|
7226
e6693a0ec8e1
Renamed T_FRAME_BEGIN/END to T_BEGIN/END. Removed T_FRAME() macro and
Timo Sirainen <tss@iki.fi>
parents:
7109
diff
changeset
|
346 } T_END; |
| 0 | 347 io_loop_run(ioloop); |
| 348 main_deinit(); | |
| 349 | |
|
3879
928229f8b3e6
deinit, unref, destroy, close, free, etc. functions now take a pointer to
Timo Sirainen <tss@iki.fi>
parents:
3863
diff
changeset
|
350 io_loop_destroy(&ioloop); |
| 0 | 351 lib_deinit(); |
| 352 | |
| 353 return 0; | |
| 354 } |