[dovecot-cvs] dovecot/src/master Makefile.am, 1.17, 1.18 common.h, 1.24, 1.25 login-process.c, 1.69, 1.70 main.c, 1.70, 1.71 master-settings.c, 1.100, 1.101 master-settings.h, 1.66, 1.67

Sun Jan 15 15:16:55 EET 2006

Update of /var/lib/cvs/dovecot/src/master
In directory talvi:/tmp/cvs-serv13625/src/master

Modified Files:
	Makefile.am common.h login-process.c main.c master-settings.c 
	master-settings.h 
Log Message:
Added support for password protected SSL private keys. The password can be
given in dovecot.conf, or when dovecot is started with -p parameter.



Index: Makefile.am
===================================================================
RCS file: /var/lib/cvs/dovecot/src/master/Makefile.am,v
retrieving revision 1.17
retrieving revision 1.18
diff -u -d -r1.17 -r1.18

--- Makefile.am	11 Jan 2006 23:47:03 -0000	1.17
+++ Makefile.am	15 Jan 2006 13:16:53 -0000	1.18
@@ -18,6 +18,7 @@
 
 dovecot_SOURCES = \
 	auth-process.c \
+	askpass.c \
 	dict-process.c \
 	log.c \
 	login-process.c \
@@ -31,6 +32,7 @@
 
 noinst_HEADERS = \
 	auth-process.h \
+	askpass.h \
 	dict-process.h \
 	common.h \
 	log.h \

Index: common.h
===================================================================
RCS file: /var/lib/cvs/dovecot/src/master/common.h,v
retrieving revision 1.24
retrieving revision 1.25
diff -u -d -r1.24 -r1.25
--- common.h	13 Jan 2006 20:26:40 -0000	1.24
+++ common.h	15 Jan 2006 13:16:53 -0000	1.25
@@ -25,6 +25,7 @@
 extern int null_fd, inetd_login_fd;
 extern uid_t master_uid;
 extern const char *process_names[];
+extern char ssl_manual_key_password[];
 
 #define IS_INETD() \
 	(inetd_login_fd != -1)

Index: login-process.c
===================================================================
RCS file: /var/lib/cvs/dovecot/src/master/login-process.c,v
retrieving revision 1.69
retrieving revision 1.70
diff -u -d -r1.69 -r1.70
--- login-process.c	14 Jan 2006 18:48:02 -0000	1.69
+++ login-process.c	15 Jan 2006 13:16:53 -0000	1.70
@@ -404,6 +404,11 @@
 	env_put("DOVECOT_MASTER=1");
 
 	if (!set->ssl_disable) {
+		const char *ssl_key_password = NULL;
+
+		ssl_key_password = set->ssl_key_password != NULL ?
+			set->ssl_key_password : ssl_manual_key_password;
+
 		if (set->ssl_ca_file != NULL) {
 			env_put(t_strconcat("SSL_CA_FILE=",
 					    set->ssl_ca_file, NULL));
@@ -412,6 +417,8 @@
 				    set->ssl_cert_file, NULL));
 		env_put(t_strconcat("SSL_KEY_FILE=",
 				    set->ssl_key_file, NULL));
+		env_put(t_strconcat("SSL_KEY_PASSWORD=",
+				    ssl_key_password, NULL));
 		env_put(t_strconcat("SSL_PARAM_FILE=",
 				    set->ssl_parameters_file, NULL));
 		if (set->ssl_cipher_list != NULL) {

Index: main.c
===================================================================
RCS file: /var/lib/cvs/dovecot/src/master/main.c,v
retrieving revision 1.70
retrieving revision 1.71
diff -u -d -r1.70 -r1.71
--- main.c	14 Jan 2006 18:48:02 -0000	1.70
+++ main.c	15 Jan 2006 13:16:53 -0000	1.71
@@ -8,6 +8,7 @@
 #include "fd-close-on-exec.h"
 #include "write-full.h"
 
+#include "askpass.h"
 #include "auth-process.h"
 #include "dict-process.h"
 #include "login-process.h"
@@ -42,6 +43,7 @@
 struct hash_table *pids;
 int null_fd, inetd_login_fd;
 uid_t master_uid;
+char ssl_manual_key_password[100];
 #ifdef DEBUG
 static bool gdb;
 #endif
@@ -697,7 +699,7 @@
 {
 	/* parse arguments */
 	const char *exec_protocol = NULL, *exec_section = NULL;
-	bool foreground = FALSE;
+	bool foreground = FALSE, ask_key_pass = FALSE;
 	int i;
 
 #ifdef DEBUG
@@ -716,6 +718,9 @@
 			i++;
 			if (i == argc) i_fatal("Missing config file argument");
 			configfile = argv[i];
+		} else if (strcmp(argv[i], "-p") == 0) {
+			/* Ask SSL private key password */
+			ask_key_pass = TRUE;
 		} else if (strcmp(argv[i], "--exec-mail") == 0) {
 			/* <protocol> [<server section>]
 			   read configuration and execute mail process */
@@ -750,6 +755,18 @@
 	if (!master_settings_read(configfile, exec_protocol != NULL))
 		exit(FATAL_DEFAULT);
 
+	if (ask_key_pass) {
+		const char *prompt;
+
+		t_push();
+		prompt = t_strdup_printf("Give the password for SSL key file "
+					 "%s: ",
+					 settings_root->defaults->ssl_key_file);
+		askpass(prompt, ssl_manual_key_password,
+			sizeof(ssl_manual_key_password));
+		t_pop();
+	}
+
 	if (exec_protocol != NULL)
 		mail_process_exec(exec_protocol, exec_section);
 

Index: master-settings.c
===================================================================
RCS file: /var/lib/cvs/dovecot/src/master/master-settings.c,v
retrieving revision 1.100
retrieving revision 1.101
diff -u -d -r1.100 -r1.101
--- master-settings.c	15 Jan 2006 12:35:03 -0000	1.100
+++ master-settings.c	15 Jan 2006 13:16:53 -0000	1.101
@@ -60,6 +60,7 @@
 	DEF(SET_STR, ssl_ca_file),
 	DEF(SET_STR, ssl_cert_file),
 	DEF(SET_STR, ssl_key_file),
+	DEF(SET_STR, ssl_key_password),
 	DEF(SET_STR, ssl_parameters_file),
 	DEF(SET_STR, ssl_parameters_regenerate),
 	DEF(SET_STR, ssl_cipher_list),
@@ -256,6 +257,7 @@
 	MEMBER(ssl_ca_file) NULL,
 	MEMBER(ssl_cert_file) SSLDIR"/certs/dovecot.pem",
 	MEMBER(ssl_key_file) SSLDIR"/private/dovecot.pem",
+	MEMBER(ssl_key_password) NULL,
 	MEMBER(ssl_parameters_file) "ssl-parameters.dat",
 	MEMBER(ssl_parameters_regenerate) 168,
 	MEMBER(ssl_cipher_list) NULL,

Index: master-settings.h
===================================================================
RCS file: /var/lib/cvs/dovecot/src/master/master-settings.h,v
retrieving revision 1.66
retrieving revision 1.67
diff -u -d -r1.66 -r1.67
--- master-settings.h	13 Jan 2006 20:26:40 -0000	1.66
+++ master-settings.h	15 Jan 2006 13:16:53 -0000	1.67
@@ -30,6 +30,7 @@
 	const char *ssl_ca_file;
 	const char *ssl_cert_file;
 	const char *ssl_key_file;
+	const char *ssl_key_password;
 	const char *ssl_parameters_file;
 	unsigned int ssl_parameters_regenerate;
 	const char *ssl_cipher_list;

