dovecot-2.2: doveadm-server: Added support for ssl listeners.
dovecot at dovecot.org
dovecot at dovecot.org
Mon Feb 25 15:54:13 EET 2013
details: http://hg.dovecot.org/dovecot-2.2/rev/9a7680fe65ce
changeset: 15933:9a7680fe65ce
user: Timo Sirainen <tss at iki.fi>
date: Mon Feb 25 15:54:01 2013 +0200
description:
doveadm-server: Added support for ssl listeners.
diffstat:
src/doveadm/Makefile.am | 1 +
src/doveadm/client-connection.c | 65 +++++++++++++++++++++++++++++++---------
src/doveadm/client-connection.h | 4 +-
src/doveadm/main.c | 3 +-
4 files changed, 56 insertions(+), 17 deletions(-)
diffs (145 lines):
diff -r 5998396f0928 -r 9a7680fe65ce src/doveadm/Makefile.am
--- a/src/doveadm/Makefile.am Mon Feb 25 15:52:00 2013 +0200
+++ b/src/doveadm/Makefile.am Mon Feb 25 15:54:01 2013 +0200
@@ -13,6 +13,7 @@
-I$(top_srcdir)/src/lib-compression \
-I$(top_srcdir)/src/lib-dict \
-I$(top_srcdir)/src/lib-fs \
+ -I$(top_srcdir)/src/lib-ssl-iostream \
-I$(top_srcdir)/src/lib-master \
-I$(top_srcdir)/src/lib-mail \
-I$(top_srcdir)/src/lib-imap \
diff -r 5998396f0928 -r 9a7680fe65ce src/doveadm/client-connection.c
--- a/src/doveadm/client-connection.c Mon Feb 25 15:52:00 2013 +0200
+++ b/src/doveadm/client-connection.c Mon Feb 25 15:54:01 2013 +0200
@@ -7,7 +7,9 @@
#include "ostream.h"
#include "strescape.h"
#include "settings-parser.h"
+#include "iostream-ssl.h"
#include "master-service.h"
+#include "master-service-ssl.h"
#include "master-service-settings.h"
#include "mail-storage-service.h"
#include "doveadm-util.h"
@@ -345,11 +347,44 @@
return 0;
}
-struct client_connection *client_connection_create(int fd, int listen_fd)
+static int client_connection_init_ssl(struct client_connection *conn)
+{
+ if (master_service_ssl_init(master_service,
+ &conn->input, &conn->output,
+ &conn->ssl_iostream) < 0)
+ return -1;
+ if (ssl_iostream_handshake(conn->ssl_iostream) < 0) {
+ i_error("SSL handshake failed: %s",
+ ssl_iostream_get_last_error(conn->ssl_iostream));
+ return -1;
+ }
+ return 0;
+}
+
+static void
+client_connection_send_auth_handshake(struct client_connection *
+ conn, int listen_fd)
+{
+ const char *listen_path;
+ struct stat st;
+
+ /* we'll have to do this with stat(), because at least in Linux
+ fstat() always returns mode as 0777 */
+ if (net_getunixname(listen_fd, &listen_path) == 0 &&
+ stat(listen_path, &st) == 0 && S_ISSOCK(st.st_mode) &&
+ (st.st_mode & 0777) == 0600) {
+ /* no need for client to authenticate */
+ conn->authenticated = TRUE;
+ o_stream_nsend(conn->output, "+\n", 2);
+ } else {
+ o_stream_nsend(conn->output, "-\n", 2);
+ }
+}
+
+struct client_connection *
+client_connection_create(int fd, int listen_fd, bool ssl)
{
struct client_connection *conn;
- struct stat st;
- const char *listen_path;
unsigned int port;
pool_t pool;
@@ -365,19 +400,17 @@
(void)net_getsockname(fd, &conn->local_ip, &port);
(void)net_getpeername(fd, &conn->remote_ip, &port);
- /* we'll have to do this with stat(), because at least in Linux
- fstat() always returns mode as 0777 */
- if (net_getunixname(listen_fd, &listen_path) == 0 &&
- stat(listen_path, &st) == 0 && S_ISSOCK(st.st_mode) &&
- (st.st_mode & 0777) == 0600) {
- /* no need for client to authenticate */
- conn->authenticated = TRUE;
- o_stream_nsend(conn->output, "+\n", 2);
- } else {
- o_stream_nsend(conn->output, "-\n", 2);
+ if (client_connection_read_settings(conn) < 0) {
+ client_connection_destroy(&conn);
+ return NULL;
}
- if (client_connection_read_settings(conn) < 0)
- client_connection_destroy(&conn);
+ if (ssl) {
+ if (client_connection_init_ssl(conn) < 0) {
+ client_connection_destroy(&conn);
+ return NULL;
+ }
+ }
+ client_connection_send_auth_handshake(conn, listen_fd);
return conn;
}
@@ -387,6 +420,8 @@
*_conn = NULL;
+ if (conn->ssl_iostream != NULL)
+ ssl_iostream_destroy(&conn->ssl_iostream);
i_stream_destroy(&conn->input);
o_stream_destroy(&conn->output);
io_remove(&conn->io);
diff -r 5998396f0928 -r 9a7680fe65ce src/doveadm/client-connection.h
--- a/src/doveadm/client-connection.h Mon Feb 25 15:52:00 2013 +0200
+++ b/src/doveadm/client-connection.h Mon Feb 25 15:54:01 2013 +0200
@@ -10,6 +10,7 @@
struct io *io;
struct istream *input;
struct ostream *output;
+ struct ssl_iostream *ssl_iostream;
struct ip_addr local_ip, remote_ip;
const struct doveadm_settings *set;
@@ -17,7 +18,8 @@
unsigned int authenticated:1;
};
-struct client_connection *client_connection_create(int fd, int listen_fd);
+struct client_connection *
+client_connection_create(int fd, int listen_fd, bool ssl);
void client_connection_destroy(struct client_connection **conn);
struct ostream *client_connection_get_output(struct client_connection *conn);
diff -r 5998396f0928 -r 9a7680fe65ce src/doveadm/main.c
--- a/src/doveadm/main.c Mon Feb 25 15:52:00 2013 +0200
+++ b/src/doveadm/main.c Mon Feb 25 15:54:01 2013 +0200
@@ -32,7 +32,8 @@
}
master_service_client_connection_accept(conn);
- doveadm_client = client_connection_create(conn->fd, conn->listen_fd);
+ doveadm_client = client_connection_create(conn->fd, conn->listen_fd,
+ conn->ssl);
}
static void main_preinit(void)
More information about the dovecot-cvs
mailing list