dovecot-2.2: doveadm-server: Added support for ssl listeners.

Mon Feb 25 15:54:13 EET 2013

details:   http://hg.dovecot.org/dovecot-2.2/rev/9a7680fe65ce
changeset: 15933:9a7680fe65ce
user:      Timo Sirainen <tss at iki.fi>
date:      Mon Feb 25 15:54:01 2013 +0200
description:
doveadm-server: Added support for ssl listeners.

diffstat:

 src/doveadm/Makefile.am         |   1 +
 src/doveadm/client-connection.c |  65 +++++++++++++++++++++++++++++++---------
 src/doveadm/client-connection.h |   4 +-
 src/doveadm/main.c              |   3 +-
 4 files changed, 56 insertions(+), 17 deletions(-)

diffs (145 lines):

diff -r 5998396f0928 -r 9a7680fe65ce src/doveadm/Makefile.am

--- a/src/doveadm/Makefile.am	Mon Feb 25 15:52:00 2013 +0200
+++ b/src/doveadm/Makefile.am	Mon Feb 25 15:54:01 2013 +0200
@@ -13,6 +13,7 @@
 	-I$(top_srcdir)/src/lib-compression \
 	-I$(top_srcdir)/src/lib-dict \
 	-I$(top_srcdir)/src/lib-fs \
+	-I$(top_srcdir)/src/lib-ssl-iostream \
 	-I$(top_srcdir)/src/lib-master \
 	-I$(top_srcdir)/src/lib-mail \
 	-I$(top_srcdir)/src/lib-imap \
diff -r 5998396f0928 -r 9a7680fe65ce src/doveadm/client-connection.c
--- a/src/doveadm/client-connection.c	Mon Feb 25 15:52:00 2013 +0200
+++ b/src/doveadm/client-connection.c	Mon Feb 25 15:54:01 2013 +0200
@@ -7,7 +7,9 @@
 #include "ostream.h"
 #include "strescape.h"
 #include "settings-parser.h"
+#include "iostream-ssl.h"
 #include "master-service.h"
+#include "master-service-ssl.h"
 #include "master-service-settings.h"
 #include "mail-storage-service.h"
 #include "doveadm-util.h"
@@ -345,11 +347,44 @@
 	return 0;
 }
 
-struct client_connection *client_connection_create(int fd, int listen_fd)
+static int client_connection_init_ssl(struct client_connection *conn)
+{
+	if (master_service_ssl_init(master_service,
+				    &conn->input, &conn->output,
+				    &conn->ssl_iostream) < 0)
+		return -1;
+	if (ssl_iostream_handshake(conn->ssl_iostream) < 0) {
+		i_error("SSL handshake failed: %s",
+			ssl_iostream_get_last_error(conn->ssl_iostream));
+		return -1;
+	}
+	return 0;
+}
+
+static void
+client_connection_send_auth_handshake(struct client_connection *
+				      conn, int listen_fd)
+{
+	const char *listen_path;
+	struct stat st;
+
+	/* we'll have to do this with stat(), because at least in Linux
+	   fstat() always returns mode as 0777 */
+	if (net_getunixname(listen_fd, &listen_path) == 0 &&
+	    stat(listen_path, &st) == 0 && S_ISSOCK(st.st_mode) &&
+	    (st.st_mode & 0777) == 0600) {
+		/* no need for client to authenticate */
+		conn->authenticated = TRUE;
+		o_stream_nsend(conn->output, "+\n", 2);
+	} else {
+		o_stream_nsend(conn->output, "-\n", 2);
+	}
+}
+
+struct client_connection *
+client_connection_create(int fd, int listen_fd, bool ssl)
 {
 	struct client_connection *conn;
-	struct stat st;
-	const char *listen_path;
 	unsigned int port;
 	pool_t pool;
 
@@ -365,19 +400,17 @@
 	(void)net_getsockname(fd, &conn->local_ip, &port);
 	(void)net_getpeername(fd, &conn->remote_ip, &port);
 
-	/* we'll have to do this with stat(), because at least in Linux
-	   fstat() always returns mode as 0777 */
-	if (net_getunixname(listen_fd, &listen_path) == 0 &&
-	    stat(listen_path, &st) == 0 && S_ISSOCK(st.st_mode) &&
-	    (st.st_mode & 0777) == 0600) {
-		/* no need for client to authenticate */
-		conn->authenticated = TRUE;
-		o_stream_nsend(conn->output, "+\n", 2);
-	} else {
-		o_stream_nsend(conn->output, "-\n", 2);
+	if (client_connection_read_settings(conn) < 0) {
+		client_connection_destroy(&conn);
+		return NULL;
 	}
-	if (client_connection_read_settings(conn) < 0)
-		client_connection_destroy(&conn);
+	if (ssl) {
+		if (client_connection_init_ssl(conn) < 0) {
+			client_connection_destroy(&conn);
+			return NULL;
+		}
+	}
+	client_connection_send_auth_handshake(conn, listen_fd);
 	return conn;
 }
 
@@ -387,6 +420,8 @@
 
 	*_conn = NULL;
 
+	if (conn->ssl_iostream != NULL)
+		ssl_iostream_destroy(&conn->ssl_iostream);
 	i_stream_destroy(&conn->input);
 	o_stream_destroy(&conn->output);
 	io_remove(&conn->io);
diff -r 5998396f0928 -r 9a7680fe65ce src/doveadm/client-connection.h
--- a/src/doveadm/client-connection.h	Mon Feb 25 15:52:00 2013 +0200
+++ b/src/doveadm/client-connection.h	Mon Feb 25 15:54:01 2013 +0200
@@ -10,6 +10,7 @@
 	struct io *io;
 	struct istream *input;
 	struct ostream *output;
+	struct ssl_iostream *ssl_iostream;
 	struct ip_addr local_ip, remote_ip;
 	const struct doveadm_settings *set;
 
@@ -17,7 +18,8 @@
 	unsigned int authenticated:1;
 };
 
-struct client_connection *client_connection_create(int fd, int listen_fd);
+struct client_connection *
+client_connection_create(int fd, int listen_fd, bool ssl);
 void client_connection_destroy(struct client_connection **conn);
 
 struct ostream *client_connection_get_output(struct client_connection *conn);
diff -r 5998396f0928 -r 9a7680fe65ce src/doveadm/main.c
--- a/src/doveadm/main.c	Mon Feb 25 15:52:00 2013 +0200
+++ b/src/doveadm/main.c	Mon Feb 25 15:54:01 2013 +0200
@@ -32,7 +32,8 @@
 	}
 
 	master_service_client_connection_accept(conn);
-	doveadm_client = client_connection_create(conn->fd, conn->listen_fd);
+	doveadm_client = client_connection_create(conn->fd, conn->listen_fd,
+						  conn->ssl);
 }
 
 static void main_preinit(void)
