[dovecot-cvs] dovecot/src/master Makefile.am, 1.17, 1.18 common.h,
1.24, 1.25 login-process.c, 1.69, 1.70 main.c, 1.70,
1.71 master-settings.c, 1.100, 1.101 master-settings.h, 1.66, 1.67
cras at dovecot.org
cras at dovecot.org
Sun Jan 15 15:16:55 EET 2006
Update of /var/lib/cvs/dovecot/src/master
In directory talvi:/tmp/cvs-serv13625/src/master
Modified Files:
Makefile.am common.h login-process.c main.c master-settings.c
master-settings.h
Log Message:
Added support for password protected SSL private keys. The password can be
given in dovecot.conf, or when dovecot is started with -p parameter.
Index: Makefile.am
===================================================================
RCS file: /var/lib/cvs/dovecot/src/master/Makefile.am,v
retrieving revision 1.17
retrieving revision 1.18
diff -u -d -r1.17 -r1.18
--- Makefile.am 11 Jan 2006 23:47:03 -0000 1.17
+++ Makefile.am 15 Jan 2006 13:16:53 -0000 1.18
@@ -18,6 +18,7 @@
dovecot_SOURCES = \
auth-process.c \
+ askpass.c \
dict-process.c \
log.c \
login-process.c \
@@ -31,6 +32,7 @@
noinst_HEADERS = \
auth-process.h \
+ askpass.h \
dict-process.h \
common.h \
log.h \
Index: common.h
===================================================================
RCS file: /var/lib/cvs/dovecot/src/master/common.h,v
retrieving revision 1.24
retrieving revision 1.25
diff -u -d -r1.24 -r1.25
--- common.h 13 Jan 2006 20:26:40 -0000 1.24
+++ common.h 15 Jan 2006 13:16:53 -0000 1.25
@@ -25,6 +25,7 @@
extern int null_fd, inetd_login_fd;
extern uid_t master_uid;
extern const char *process_names[];
+extern char ssl_manual_key_password[];
#define IS_INETD() \
(inetd_login_fd != -1)
Index: login-process.c
===================================================================
RCS file: /var/lib/cvs/dovecot/src/master/login-process.c,v
retrieving revision 1.69
retrieving revision 1.70
diff -u -d -r1.69 -r1.70
--- login-process.c 14 Jan 2006 18:48:02 -0000 1.69
+++ login-process.c 15 Jan 2006 13:16:53 -0000 1.70
@@ -404,6 +404,11 @@
env_put("DOVECOT_MASTER=1");
if (!set->ssl_disable) {
+ const char *ssl_key_password = NULL;
+
+ ssl_key_password = set->ssl_key_password != NULL ?
+ set->ssl_key_password : ssl_manual_key_password;
+
if (set->ssl_ca_file != NULL) {
env_put(t_strconcat("SSL_CA_FILE=",
set->ssl_ca_file, NULL));
@@ -412,6 +417,8 @@
set->ssl_cert_file, NULL));
env_put(t_strconcat("SSL_KEY_FILE=",
set->ssl_key_file, NULL));
+ env_put(t_strconcat("SSL_KEY_PASSWORD=",
+ ssl_key_password, NULL));
env_put(t_strconcat("SSL_PARAM_FILE=",
set->ssl_parameters_file, NULL));
if (set->ssl_cipher_list != NULL) {
Index: main.c
===================================================================
RCS file: /var/lib/cvs/dovecot/src/master/main.c,v
retrieving revision 1.70
retrieving revision 1.71
diff -u -d -r1.70 -r1.71
--- main.c 14 Jan 2006 18:48:02 -0000 1.70
+++ main.c 15 Jan 2006 13:16:53 -0000 1.71
@@ -8,6 +8,7 @@
#include "fd-close-on-exec.h"
#include "write-full.h"
+#include "askpass.h"
#include "auth-process.h"
#include "dict-process.h"
#include "login-process.h"
@@ -42,6 +43,7 @@
struct hash_table *pids;
int null_fd, inetd_login_fd;
uid_t master_uid;
+char ssl_manual_key_password[100];
#ifdef DEBUG
static bool gdb;
#endif
@@ -697,7 +699,7 @@
{
/* parse arguments */
const char *exec_protocol = NULL, *exec_section = NULL;
- bool foreground = FALSE;
+ bool foreground = FALSE, ask_key_pass = FALSE;
int i;
#ifdef DEBUG
@@ -716,6 +718,9 @@
i++;
if (i == argc) i_fatal("Missing config file argument");
configfile = argv[i];
+ } else if (strcmp(argv[i], "-p") == 0) {
+ /* Ask SSL private key password */
+ ask_key_pass = TRUE;
} else if (strcmp(argv[i], "--exec-mail") == 0) {
/* <protocol> [<server section>]
read configuration and execute mail process */
@@ -750,6 +755,18 @@
if (!master_settings_read(configfile, exec_protocol != NULL))
exit(FATAL_DEFAULT);
+ if (ask_key_pass) {
+ const char *prompt;
+
+ t_push();
+ prompt = t_strdup_printf("Give the password for SSL key file "
+ "%s: ",
+ settings_root->defaults->ssl_key_file);
+ askpass(prompt, ssl_manual_key_password,
+ sizeof(ssl_manual_key_password));
+ t_pop();
+ }
+
if (exec_protocol != NULL)
mail_process_exec(exec_protocol, exec_section);
Index: master-settings.c
===================================================================
RCS file: /var/lib/cvs/dovecot/src/master/master-settings.c,v
retrieving revision 1.100
retrieving revision 1.101
diff -u -d -r1.100 -r1.101
--- master-settings.c 15 Jan 2006 12:35:03 -0000 1.100
+++ master-settings.c 15 Jan 2006 13:16:53 -0000 1.101
@@ -60,6 +60,7 @@
DEF(SET_STR, ssl_ca_file),
DEF(SET_STR, ssl_cert_file),
DEF(SET_STR, ssl_key_file),
+ DEF(SET_STR, ssl_key_password),
DEF(SET_STR, ssl_parameters_file),
DEF(SET_STR, ssl_parameters_regenerate),
DEF(SET_STR, ssl_cipher_list),
@@ -256,6 +257,7 @@
MEMBER(ssl_ca_file) NULL,
MEMBER(ssl_cert_file) SSLDIR"/certs/dovecot.pem",
MEMBER(ssl_key_file) SSLDIR"/private/dovecot.pem",
+ MEMBER(ssl_key_password) NULL,
MEMBER(ssl_parameters_file) "ssl-parameters.dat",
MEMBER(ssl_parameters_regenerate) 168,
MEMBER(ssl_cipher_list) NULL,
Index: master-settings.h
===================================================================
RCS file: /var/lib/cvs/dovecot/src/master/master-settings.h,v
retrieving revision 1.66
retrieving revision 1.67
diff -u -d -r1.66 -r1.67
--- master-settings.h 13 Jan 2006 20:26:40 -0000 1.66
+++ master-settings.h 15 Jan 2006 13:16:53 -0000 1.67
@@ -30,6 +30,7 @@
const char *ssl_ca_file;
const char *ssl_cert_file;
const char *ssl_key_file;
+ const char *ssl_key_password;
const char *ssl_parameters_file;
unsigned int ssl_parameters_regenerate;
const char *ssl_cipher_list;
More information about the dovecot-cvs
mailing list