dovecot-2.0: config: local_name foo {} is now for TLS SNI. local...

dovecot at dovecot.org dovecot at dovecot.org
Wed Jun 9 18:16:46 EEST 2010 

details:   http://hg.dovecot.org/dovecot-2.0/rev/b7fadc4eac7a
changeset: 11503:b7fadc4eac7a
user:      Timo Sirainen <tss at iki.fi>
date:      Wed Jun 09 16:16:40 2010 +0100
description:
config: local_name foo {} is now for TLS SNI. local foo {} only resolves foo to its IP.

diffstat:

 src/config/config-connection.c                 |   6 +--
 src/config/config-filter.c                     |  41 ++++++++++----------
 src/config/config-filter.h                     |   4 ++
 src/config/config-parser.c                     |   9 ++++
 src/config/doveconf.c                          |  12 ++++--
 src/lib-master/master-service-settings-cache.c |  50 ++++++++++++------------
 src/lib-master/master-service-settings.c       |   6 +--
 src/lib-master/master-service-settings.h       |   2 +-
 src/lib/network.h                              |   1 +
 src/login-common/login-settings.c              |   4 +-
 src/login-common/login-settings.h              |   2 +-
 11 files changed, 75 insertions(+), 62 deletions(-)

diffs (truncated from 392 to 300 lines):

diff -r 1aaa4b51cb14 -r b7fadc4eac7a src/config/config-connection.c
--- a/src/config/config-connection.c	Tue Jun 08 21:00:11 2010 +0100
+++ b/src/config/config-connection.c	Wed Jun 09 16:16:40 2010 +0100
@@ -78,10 +78,8 @@
 			filter.service = *args + 8;
 		else if (strncmp(*args, "module=", 7) == 0)
 			module = *args + 7;
-		else if (strncmp(*args, "lhost=", 6) == 0)
-			filter.local_host = *args + 6;
-		else if (strncmp(*args, "rhost=", 6) == 0)
-			filter.remote_host = *args + 6;
+		else if (strncmp(*args, "lname=", 6) == 0)
+			filter.local_name = *args + 6;
 		else if (strncmp(*args, "lip=", 4) == 0) {
 			if (net_addr2ip(*args + 4, &filter.local_net) == 0) {
 				filter.local_bits =
diff -r 1aaa4b51cb14 -r b7fadc4eac7a src/config/config-filter.c
--- a/src/config/config-filter.c	Tue Jun 08 21:00:11 2010 +0100
+++ b/src/config/config-filter.c	Wed Jun 09 16:16:40 2010 +0100
@@ -33,27 +33,21 @@
 static bool config_filter_match_rest(const struct config_filter *mask,
 				     const struct config_filter *filter)
 {
-	if (mask->local_host != NULL) {
-		if (filter->local_host == NULL)
+	if (mask->local_name != NULL) {
+		if (filter->local_name == NULL)
 			return FALSE;
-		if (strcmp(filter->local_host, mask->local_host) != 0)
-			return FALSE;
-	}
-	if (mask->remote_host != NULL) {
-		if (filter->remote_host == NULL)
-			return FALSE;
-		if (strcmp(filter->remote_host, mask->remote_host) != 0)
+		if (strcmp(filter->local_name, mask->local_name) != 0)
 			return FALSE;
 	}
 	/* FIXME: it's not comparing full masks */
-	if (mask->remote_bits != 0 && mask->remote_host == NULL) {
+	if (mask->remote_bits != 0) {
 		if (filter->remote_bits == 0)
 			return FALSE;
 		if (!net_is_in_network(&filter->remote_net, &mask->remote_net,
 				       mask->remote_bits))
 			return FALSE;
 	}
-	if (mask->local_bits != 0 && mask->local_host == NULL) {
+	if (mask->local_bits != 0) {
 		if (filter->local_bits == 0)
 			return FALSE;
 		if (!net_is_in_network(&filter->local_net, &mask->local_net,
@@ -88,9 +82,7 @@
 	if (!net_ip_compare(&f1->local_net, &f2->local_net))
 		return FALSE;
 
-	if (null_strcmp(f1->remote_host, f2->remote_host) != 0)
-		return FALSE;
-	if (null_strcmp(f1->local_host, f2->local_host) != 0)
+	if (null_strcmp(f1->local_name, f2->local_name) != 0)
 		return FALSE;
 
 	return TRUE;
@@ -129,8 +121,13 @@
 {
 	const struct config_filter *f1 = &(*p1)->filter, *f2 = &(*p2)->filter;
 
-	/* remote and local are first, although it doesn't really
+	/* remote and locals are first, although it doesn't really
 	   matter which one comes first */
+	if (f1->local_name != NULL && f2->local_name == NULL)
+		return -1;
+	if (f1->local_name == NULL && f2->local_name != NULL)
+		return 1;
+
 	if (f1->local_bits > f2->local_bits)
 		return -1;
 	if (f1->local_bits < f2->local_bits)
@@ -211,12 +208,12 @@
 			continue;
 		}
 
-		if (mask->local_bits > 0)
+		if (mask->local_bits > 0 || mask->local_name != NULL)
 			output_r->service_uses_local = TRUE;
 		if (mask->remote_bits > 0)
 			output_r->service_uses_remote = TRUE;
 		if (config_filter_match_rest(mask, filter)) {
-			if (mask->local_bits > 0)
+			if (mask->local_bits > 0 || mask->local_name != NULL)
 				output_r->used_local = TRUE;
 			if (mask->remote_bits > 0)
 				output_r->used_remote = TRUE;
@@ -251,10 +248,8 @@
 		}
 
 		tmp_mask = *mask;
-		if (filter->local_host == NULL)
-			tmp_mask.local_host = NULL;
-		if (filter->remote_host == NULL)
-			tmp_mask.remote_host = NULL;
+		if (filter->local_name == NULL)
+			tmp_mask.local_name = NULL;
 		if (filter->local_bits == 0)
 			tmp_mask.local_bits = 0;
 		if (filter->remote_bits == 0)
@@ -278,6 +273,10 @@
 		return FALSE;
 	if (sup->remote_bits > filter->remote_bits)
 		return FALSE;
+	if (sup->local_name != NULL && filter->local_name == NULL) {
+		i_warning("%s", sup->local_name);
+		return FALSE;
+	}
 	if (sup->service != NULL && filter->service == NULL)
 		return FALSE;
 	return TRUE;
diff -r 1aaa4b51cb14 -r b7fadc4eac7a src/config/config-filter.h
--- a/src/config/config-filter.h	Tue Jun 08 21:00:11 2010 +0100
+++ b/src/config/config-filter.h	Wed Jun 09 16:16:40 2010 +0100
@@ -7,6 +7,10 @@
 
 struct config_filter {
 	const char *service;
+	/* local_name is for TLS SNI requests.
+	   both local_name and local_bits can't be set at the same time. */
+	const char *local_name;
+	/* the hosts are used only in doveconf output */
 	const char *local_host, *remote_host;
 	struct ip_addr local_net, remote_net;
 	unsigned int local_bits, remote_bits;
diff -r 1aaa4b51cb14 -r b7fadc4eac7a src/config/config-parser.c
--- a/src/config/config-parser.c	Tue Jun 08 21:00:11 2010 +0100
+++ b/src/config/config-parser.c	Wed Jun 09 16:16:40 2010 +0100
@@ -238,6 +238,8 @@
 			ctx->error = "local must not be under remote";
 		else if (parent->service != NULL)
 			ctx->error = "local must not be under protocol";
+		else if (parent->local_name != NULL)
+			ctx->error = "local must not be under local_name";
 		else if (config_parse_net(ctx, value, &filter->local_host,
 					  &filter->local_net,
 					  &filter->local_bits, &error) < 0)
@@ -248,6 +250,13 @@
 					     &parent->local_net,
 					     parent->local_bits)))
 			ctx->error = "local not a subset of parent local";
+	} else if (strcmp(key, "local_name") == 0) {
+		if (parent->remote_bits > 0)
+			ctx->error = "local_name must not be under remote";
+		else if (parent->service != NULL)
+			ctx->error = "local_name must not be under protocol";
+		else
+			filter->local_name = p_strdup(ctx->pool, value);
 	} else if (strcmp(key, "remote") == 0) {
 		if (parent->service != NULL)
 			ctx->error = "remote must not be under protocol";
diff -r 1aaa4b51cb14 -r b7fadc4eac7a src/config/doveconf.c
--- a/src/config/doveconf.c	Tue Jun 08 21:00:11 2010 +0100
+++ b/src/config/doveconf.c	Wed Jun 09 16:16:40 2010 +0100
@@ -302,6 +302,12 @@
 		indent++;
 	}
 
+	if (filter->local_name != NULL) {
+		str_append_n(str, indent_str, indent*2);
+		str_printfa(str, "local_name %s {\n", filter->local_name);
+		indent++;
+	}
+
 	if (filter->remote_bits > 0) {
 		str_append_n(str, indent_str, indent*2);
 		str_printfa(str, "remote %s",
@@ -458,10 +464,8 @@
 		filter->service = arg + 8;
 	else if (strncmp(arg, "protocol=", 9) == 0)
 		filter->service = arg + 9;
-	else if (strncmp(arg, "lhost=", 6) == 0)
-		filter->local_host = arg + 6;
-	else if (strncmp(arg, "rhost=", 6) == 0)
-		filter->remote_host = arg + 6;
+	else if (strncmp(arg, "lname=", 6) == 0)
+		filter->local_name = arg + 6;
 	else if (strncmp(arg, "lip=", 4) == 0) {
 		if (net_parse_range(arg + 4, &filter->local_net,
 				    &filter->local_bits) < 0)
diff -r 1aaa4b51cb14 -r b7fadc4eac7a src/lib-master/master-service-settings-cache.c
--- a/src/lib-master/master-service-settings-cache.c	Tue Jun 08 21:00:11 2010 +0100
+++ b/src/lib-master/master-service-settings-cache.c	Wed Jun 09 16:16:40 2010 +0100
@@ -16,7 +16,7 @@
 	struct settings_entry *prev, *next;
 
 	pool_t pool;
-	const char *local_host;
+	const char *local_name;
 	struct ip_addr local_ip;
 
 	struct setting_parser_context *parser;
@@ -33,12 +33,12 @@
 	/* global settings for this service (after they've been read) */
 	struct setting_parser_context *global_parser;
 
-	/* cache for other settings (local_ip/local_host set) */
+	/* cache for other settings (local_ip/local_name set) */
 	struct settings_entry *oldest, *newest;
 	/* separate list for entries whose parser=global_parser */
 	struct settings_entry *oldest_global, *newest_global;
-	/* local_host, local_ip => struct settings_entry */
-	struct hash_table *local_host_hash;
+	/* local_name, local_ip => struct settings_entry */
+	struct hash_table *local_name_hash;
 	struct hash_table *local_ip_hash;
 
 	/* Initial size for new settings entry pools */
@@ -85,8 +85,8 @@
 		settings_parser_deinit(&entry->parser);
 		pool_unref(&entry->pool);
 	}
-	if (cache->local_host_hash != NULL)
-		hash_table_destroy(&cache->local_host_hash);
+	if (cache->local_name_hash != NULL)
+		hash_table_destroy(&cache->local_name_hash);
 	if (cache->local_ip_hash != NULL)
 		hash_table_destroy(&cache->local_ip_hash);
 	if (cache->global_parser != NULL)
@@ -99,11 +99,11 @@
 			const struct master_service_settings_input *input)
 {
 	if (cache->service_uses_local) {
-		if (input->local_host != NULL || input->local_ip.family != 0)
+		if (input->local_name != NULL || input->local_ip.family != 0)
 			return FALSE;
 	}
 	if (cache->service_uses_remote) {
-		if (input->remote_host != NULL || input->remote_ip.family != 0)
+		if (input->remote_ip.family != 0)
 			return FALSE;
 	}
 	return TRUE;
@@ -130,13 +130,13 @@
 	if (cache->service_uses_remote)
 		return FALSE;
 
-	/* see if we have it already in cache. if local_host is specified,
+	/* see if we have it already in cache. if local_name is specified,
 	   don't even try to use local_ip (even though we have it), because
-	   there may be different settings specifically for local_host */
-	if (input->local_host != NULL) {
-		if (cache->local_host_hash != NULL) {
-			entry = hash_table_lookup(cache->local_host_hash,
-						  input->local_host);
+	   there may be different settings specifically for local_name */
+	if (input->local_name != NULL) {
+		if (cache->local_name_hash != NULL) {
+			entry = hash_table_lookup(cache->local_name_hash,
+						  input->local_name);
 		}
 	} else if (cache->local_ip_hash != NULL &&
 		   input->local_ip.family != 0) {
@@ -159,8 +159,8 @@
 	cache->cache_malloc_size -=
 		pool_alloconly_get_total_alloc_size(entry->pool);
 
-	if (entry->local_host != NULL)
-		hash_table_remove(cache->local_host_hash, entry->local_host);
+	if (entry->local_name != NULL)
+		hash_table_remove(cache->local_name_hash, entry->local_name);
 	if (entry->local_ip.family != 0)
 		hash_table_remove(cache->local_ip_hash, &entry->local_ip);
 	settings_parser_deinit(&entry->parser);
@@ -174,7 +174,7 @@
 	struct settings_entry *entry;
 	pool_t pool;
 	size_t pool_size;
-	char *entry_local_host;
+	char *entry_local_name;
 
 	if (!output->used_local && !output->used_remote) {
 		/* these are same as global settings */
@@ -188,7 +188,7 @@
 		return;
 	}
 
-	if (input->local_host == NULL && input->local_ip.family == 0)
+	if (input->local_name == NULL && input->local_ip.family == 0)
 		return;
 
 	if (!output->used_local) {
@@ -210,8 +210,8 @@
 		entry = p_new(pool, struct settings_entry, 1);
 	}
 	entry->pool = pool;
-	entry_local_host = p_strdup(pool, input->local_host);
-	entry->local_host = entry_local_host;
+	entry_local_name = p_strdup(pool, input->local_name);
+	entry->local_name = entry_local_name;
 	entry->local_ip = input->local_ip;
 	if (!output->used_local) {
 		entry->parser = cache->global_parser;
@@ -229,15 +229,15 @@

More information about the dovecot-cvs mailing list