[dovecot-cvs]
dovecot/src/master login-process.c, 1.70, 1.71 main.c,
1.72, 1.73 master-settings.c, 1.102, 1.103 master-settings.h,
1.68, 1.69 ssl-init.c, 1.18, 1.19 ssl-init.h, 1.2, 1.3
cras at dovecot.org
cras at dovecot.org
Sun Jan 15 23:52:48 EET 2006
Update of /var/lib/cvs/dovecot/src/master
In directory talvi:/tmp/cvs-serv16416/master
Modified Files:
login-process.c main.c master-settings.c master-settings.h
ssl-init.c ssl-init.h
Log Message:
Put ssl-parameters file into login directory so it still can be accessed
even if login process is chrooted.
Index: login-process.c
===================================================================
RCS file: /var/lib/cvs/dovecot/src/master/login-process.c,v
retrieving revision 1.70
retrieving revision 1.71
diff -u -d -r1.70 -r1.71
--- login-process.c 15 Jan 2006 13:16:53 -0000 1.70
+++ login-process.c 15 Jan 2006 21:52:44 -0000 1.71
@@ -14,6 +14,7 @@
#include "mail-process.h"
#include "master-login-interface.h"
#include "log.h"
+#include "ssl-init.h"
#include <unistd.h>
#include <syslog.h>
@@ -419,8 +420,7 @@
set->ssl_key_file, NULL));
env_put(t_strconcat("SSL_KEY_PASSWORD=",
ssl_key_password, NULL));
- env_put(t_strconcat("SSL_PARAM_FILE=",
- set->ssl_parameters_file, NULL));
+ env_put("SSL_PARAM_FILE="SSL_PARAMETERS_FILENAME);
if (set->ssl_cipher_list != NULL) {
env_put(t_strconcat("SSL_CIPHER_LIST=",
set->ssl_cipher_list, NULL));
Index: main.c
===================================================================
RCS file: /var/lib/cvs/dovecot/src/master/main.c,v
retrieving revision 1.72
retrieving revision 1.73
diff -u -d -r1.72 -r1.73
--- main.c 15 Jan 2006 19:02:19 -0000 1.72
+++ main.c 15 Jan 2006 21:52:44 -0000 1.73
@@ -751,9 +751,11 @@
}
/* read and verify settings before forking */
+ t_push();
master_settings_init();
if (!master_settings_read(configfile, exec_protocol != NULL))
exit(FATAL_DEFAULT);
+ t_pop();
if (ask_key_pass) {
const char *prompt;
Index: master-settings.c
===================================================================
RCS file: /var/lib/cvs/dovecot/src/master/master-settings.c,v
retrieving revision 1.102
retrieving revision 1.103
diff -u -d -r1.102 -r1.103
--- master-settings.c 15 Jan 2006 21:24:08 -0000 1.102
+++ master-settings.c 15 Jan 2006 21:52:44 -0000 1.103
@@ -1,6 +1,7 @@
/* Copyright (C) 2002 Timo Sirainen */
#include "common.h"
+#include "str.h"
#include "istream.h"
#include "safe-mkdir.h"
#include "mkdir-parents.h"
@@ -10,6 +11,7 @@
#include <stdio.h>
#include <stddef.h>
+#include <dirent.h>
#include <unistd.h>
#include <fcntl.h>
#include <sys/stat.h>
@@ -62,7 +64,6 @@
DEF(SET_STR, ssl_cert_file),
DEF(SET_STR, ssl_key_file),
DEF(SET_STR, ssl_key_password),
- DEF(SET_STR, ssl_parameters_file),
DEF(SET_STR, ssl_parameters_regenerate),
DEF(SET_STR, ssl_cipher_list),
DEF(SET_BOOL, ssl_verify_client_cert),
@@ -259,7 +260,6 @@
MEMBER(ssl_cert_file) SSLDIR"/certs/dovecot.pem",
MEMBER(ssl_key_file) SSLDIR"/private/dovecot.pem",
MEMBER(ssl_key_password) NULL,
- MEMBER(ssl_parameters_file) "ssl-parameters.dat",
MEMBER(ssl_parameters_regenerate) 168,
MEMBER(ssl_cipher_list) NULL,
MEMBER(ssl_verify_client_cert) FALSE,
@@ -521,6 +521,37 @@
return FALSE;
}
+static void unlink_auth_sockets(const char *path)
+{
+ DIR *dirp;
+ struct dirent *dp;
+ struct stat st;
+ string_t *str;
+
+ dirp = opendir(path);
+ if (dirp == NULL) {
+ i_error("opendir(%s) failed: %m", path);
+ return;
+ }
+
+ str = t_str_new(256);
+ while ((dp = readdir(dirp)) != NULL) {
+ if (dp->d_name[0] == '.')
+ continue;
+
+ str_truncate(str, 0);
+ str_printfa(str, "%s/%s", path, dp->d_name);
+ if (lstat(str_c(str), &st) < 0) {
+ if (errno != ENOENT)
+ i_error("lstat(%s) failed: %m", str_c(str));
+ } else if (S_ISSOCK(st.st_mode)) {
+ if (unlink(str_c(str)) < 0 && errno != ENOENT)
+ i_error("unlink(%s) failed: %m", str_c(str));
+ }
+ }
+ (void)closedir(dirp);
+}
+
static bool settings_verify(struct settings *set)
{
const char *dir;
@@ -601,7 +632,6 @@
#endif
/* fix relative paths */
- fix_base_path(set, &set->ssl_parameters_file);
fix_base_path(set, &set->login_dir);
/* since base dir is under /var/run by default, it may have been
@@ -631,17 +661,13 @@
empty. with external auth we wouldn't want to delete
existing sockets or break the permissions required by the
auth server. */
- if (unlink_directory(set->login_dir, FALSE) < 0) {
- i_error("unlink_directory() failed for %s: %m",
- set->login_dir);
- return FALSE;
- }
-
if (safe_mkdir(set->login_dir, 0750,
master_uid, set->server->login_gid) == 0) {
i_warning("Corrected permissions for login directory "
"%s", set->login_dir);
}
+
+ unlink_auth_sockets(set->login_dir);
}
if (set->max_mail_processes < 1) {
Index: master-settings.h
===================================================================
RCS file: /var/lib/cvs/dovecot/src/master/master-settings.h,v
retrieving revision 1.68
retrieving revision 1.69
diff -u -d -r1.68 -r1.69
--- master-settings.h 15 Jan 2006 21:14:10 -0000 1.68
+++ master-settings.h 15 Jan 2006 21:52:44 -0000 1.69
@@ -31,7 +31,6 @@
const char *ssl_cert_file;
const char *ssl_key_file;
const char *ssl_key_password;
- const char *ssl_parameters_file;
unsigned int ssl_parameters_regenerate;
const char *ssl_cipher_list;
bool ssl_verify_client_cert;
Index: ssl-init.c
===================================================================
RCS file: /var/lib/cvs/dovecot/src/master/ssl-init.c,v
retrieving revision 1.18
retrieving revision 1.19
diff -u -d -r1.18 -r1.19
--- ssl-init.c 15 Jan 2006 21:07:07 -0000 1.18
+++ ssl-init.c 15 Jan 2006 21:52:44 -0000 1.19
@@ -42,7 +42,7 @@
i_fatal("rename(%s, %s) failed: %m", temp_fname, fname);
}
-static void start_generate_process(struct settings *set)
+static void start_generate_process(const char *fname)
{
pid_t pid;
@@ -54,7 +54,7 @@
if (pid == 0) {
/* child */
- generate_parameters_file(set->ssl_parameters_file);
+ generate_parameters_file(fname);
exit(0);
} else {
/* parent */
@@ -70,16 +70,18 @@
static bool check_parameters_file_set(struct settings *set)
{
+ const char *path;
struct stat st;
time_t regen_time;
- if (set->ssl_parameters_file == NULL || set->ssl_disable)
+ if (set->ssl_disable)
return TRUE;
- if (lstat(set->ssl_parameters_file, &st) < 0) {
+ path = t_strconcat(set->login_dir, "/"SSL_PARAMETERS_FILENAME, NULL);
+ if (lstat(path, &st) < 0) {
if (errno != ENOENT) {
i_error("lstat() failed for SSL parameters file %s: %m",
- set->ssl_parameters_file);
+ path);
return TRUE;
}
@@ -87,7 +89,7 @@
} else if (st.st_size == 0) {
/* broken, delete it (mostly for backwards compatibility) */
st.st_mtime = 0;
- (void)unlink(set->ssl_parameters_file);
+ (void)unlink(path);
}
/* make sure it's new enough, it's not 0 sized, and the permissions
@@ -100,7 +102,7 @@
i_info("Generating Diffie-Hellman parameters "
"for the first time. This may take a while..");
}
- start_generate_process(set);
+ start_generate_process(path);
return FALSE;
}
Index: ssl-init.h
===================================================================
RCS file: /var/lib/cvs/dovecot/src/master/ssl-init.h,v
retrieving revision 1.2
retrieving revision 1.3
diff -u -d -r1.2 -r1.3
--- ssl-init.h 20 Nov 2002 14:05:14 -0000 1.2
+++ ssl-init.h 15 Jan 2006 21:52:44 -0000 1.3
@@ -1,6 +1,8 @@
#ifndef __SSL_INIT_H
#define __SSL_INIT_H
+#define SSL_PARAMETERS_FILENAME "ssl-parameters.dat"
+
void ssl_parameter_process_destroyed(pid_t pid);
void _ssl_generate_parameters(int fd, const char *fname);
More information about the dovecot-cvs
mailing list