[dovecot-cvs] dovecot/src/master login-process.c, 1.70, 1.71 main.c, 1.72, 1.73 master-settings.c, 1.102, 1.103 master-settings.h, 1.68, 1.69 ssl-init.c, 1.18, 1.19 ssl-init.h, 1.2, 1.3

cras at dovecot.org cras at dovecot.org
Sun Jan 15 23:52:48 EET 2006 

Update of /var/lib/cvs/dovecot/src/master
In directory talvi:/tmp/cvs-serv16416/master

Modified Files:
	login-process.c main.c master-settings.c master-settings.h 
	ssl-init.c ssl-init.h 
Log Message:
Put ssl-parameters file into login directory so it still can be accessed
even if login process is chrooted.



Index: login-process.c
===================================================================
RCS file: /var/lib/cvs/dovecot/src/master/login-process.c,v
retrieving revision 1.70
retrieving revision 1.71
diff -u -d -r1.70 -r1.71
--- login-process.c	15 Jan 2006 13:16:53 -0000	1.70
+++ login-process.c	15 Jan 2006 21:52:44 -0000	1.71
@@ -14,6 +14,7 @@
 #include "mail-process.h"
 #include "master-login-interface.h"
 #include "log.h"
+#include "ssl-init.h"
 
 #include <unistd.h>
 #include <syslog.h>
@@ -419,8 +420,7 @@
 				    set->ssl_key_file, NULL));
 		env_put(t_strconcat("SSL_KEY_PASSWORD=",
 				    ssl_key_password, NULL));
-		env_put(t_strconcat("SSL_PARAM_FILE=",
-				    set->ssl_parameters_file, NULL));
+		env_put("SSL_PARAM_FILE="SSL_PARAMETERS_FILENAME);
 		if (set->ssl_cipher_list != NULL) {
 			env_put(t_strconcat("SSL_CIPHER_LIST=",
 					    set->ssl_cipher_list, NULL));

Index: main.c
===================================================================
RCS file: /var/lib/cvs/dovecot/src/master/main.c,v
retrieving revision 1.72
retrieving revision 1.73
diff -u -d -r1.72 -r1.73
--- main.c	15 Jan 2006 19:02:19 -0000	1.72
+++ main.c	15 Jan 2006 21:52:44 -0000	1.73
@@ -751,9 +751,11 @@
 	}
 
 	/* read and verify settings before forking */
+	t_push();
 	master_settings_init();
 	if (!master_settings_read(configfile, exec_protocol != NULL))
 		exit(FATAL_DEFAULT);
+	t_pop();
 
 	if (ask_key_pass) {
 		const char *prompt;

Index: master-settings.c
===================================================================
RCS file: /var/lib/cvs/dovecot/src/master/master-settings.c,v
retrieving revision 1.102
retrieving revision 1.103
diff -u -d -r1.102 -r1.103
--- master-settings.c	15 Jan 2006 21:24:08 -0000	1.102
+++ master-settings.c	15 Jan 2006 21:52:44 -0000	1.103
@@ -1,6 +1,7 @@
 /* Copyright (C) 2002 Timo Sirainen */
 
 #include "common.h"
+#include "str.h"
 #include "istream.h"
 #include "safe-mkdir.h"
 #include "mkdir-parents.h"
@@ -10,6 +11,7 @@
 
 #include <stdio.h>
 #include <stddef.h>
+#include <dirent.h>
 #include <unistd.h>
 #include <fcntl.h>
 #include <sys/stat.h>
@@ -62,7 +64,6 @@
 	DEF(SET_STR, ssl_cert_file),
 	DEF(SET_STR, ssl_key_file),
 	DEF(SET_STR, ssl_key_password),
-	DEF(SET_STR, ssl_parameters_file),
 	DEF(SET_STR, ssl_parameters_regenerate),
 	DEF(SET_STR, ssl_cipher_list),
 	DEF(SET_BOOL, ssl_verify_client_cert),
@@ -259,7 +260,6 @@
 	MEMBER(ssl_cert_file) SSLDIR"/certs/dovecot.pem",
 	MEMBER(ssl_key_file) SSLDIR"/private/dovecot.pem",
 	MEMBER(ssl_key_password) NULL,
-	MEMBER(ssl_parameters_file) "ssl-parameters.dat",
 	MEMBER(ssl_parameters_regenerate) 168,
 	MEMBER(ssl_cipher_list) NULL,
 	MEMBER(ssl_verify_client_cert) FALSE,
@@ -521,6 +521,37 @@
 	return FALSE;
 }
 
+static void unlink_auth_sockets(const char *path)
+{
+	DIR *dirp;
+	struct dirent *dp;
+	struct stat st;
+	string_t *str;
+
+	dirp = opendir(path);
+	if (dirp == NULL) {
+		i_error("opendir(%s) failed: %m", path);
+		return;
+	}
+
+	str = t_str_new(256);
+	while ((dp = readdir(dirp)) != NULL) {
+		if (dp->d_name[0] == '.')
+			continue;
+
+		str_truncate(str, 0);
+		str_printfa(str, "%s/%s", path, dp->d_name);
+		if (lstat(str_c(str), &st) < 0) {
+			if (errno != ENOENT)
+				i_error("lstat(%s) failed: %m", str_c(str));
+		} else if (S_ISSOCK(st.st_mode)) {
+			if (unlink(str_c(str)) < 0 && errno != ENOENT)
+				i_error("unlink(%s) failed: %m", str_c(str));
+		}
+	}
+	(void)closedir(dirp);
+}
+
 static bool settings_verify(struct settings *set)
 {
 	const char *dir;
@@ -601,7 +632,6 @@
 #endif
 
 	/* fix relative paths */
-	fix_base_path(set, &set->ssl_parameters_file);
 	fix_base_path(set, &set->login_dir);
 
 	/* since base dir is under /var/run by default, it may have been
@@ -631,17 +661,13 @@
 		   empty. with external auth we wouldn't want to delete
 		   existing sockets or break the permissions required by the
 		   auth server. */
-		if (unlink_directory(set->login_dir, FALSE) < 0) {
-			i_error("unlink_directory() failed for %s: %m",
-				set->login_dir);
-			return FALSE;
-		}
-
 		if (safe_mkdir(set->login_dir, 0750,
 			       master_uid, set->server->login_gid) == 0) {
 			i_warning("Corrected permissions for login directory "
 				  "%s", set->login_dir);
 		}
+
+		unlink_auth_sockets(set->login_dir);
 	}
 
 	if (set->max_mail_processes < 1) {

Index: master-settings.h
===================================================================
RCS file: /var/lib/cvs/dovecot/src/master/master-settings.h,v
retrieving revision 1.68
retrieving revision 1.69
diff -u -d -r1.68 -r1.69
--- master-settings.h	15 Jan 2006 21:14:10 -0000	1.68
+++ master-settings.h	15 Jan 2006 21:52:44 -0000	1.69
@@ -31,7 +31,6 @@
 	const char *ssl_cert_file;
 	const char *ssl_key_file;
 	const char *ssl_key_password;
-	const char *ssl_parameters_file;
 	unsigned int ssl_parameters_regenerate;
 	const char *ssl_cipher_list;
 	bool ssl_verify_client_cert;

Index: ssl-init.c
===================================================================
RCS file: /var/lib/cvs/dovecot/src/master/ssl-init.c,v
retrieving revision 1.18
retrieving revision 1.19
diff -u -d -r1.18 -r1.19
--- ssl-init.c	15 Jan 2006 21:07:07 -0000	1.18
+++ ssl-init.c	15 Jan 2006 21:52:44 -0000	1.19
@@ -42,7 +42,7 @@
 		i_fatal("rename(%s, %s) failed: %m", temp_fname, fname);
 }
 
-static void start_generate_process(struct settings *set)
+static void start_generate_process(const char *fname)
 {
 	pid_t pid;
 
@@ -54,7 +54,7 @@
 
 	if (pid == 0) {
 		/* child */
-		generate_parameters_file(set->ssl_parameters_file);
+		generate_parameters_file(fname);
 		exit(0);
 	} else {
 		/* parent */
@@ -70,16 +70,18 @@
 
 static bool check_parameters_file_set(struct settings *set)
 {
+	const char *path;
 	struct stat st;
 	time_t regen_time;
 
-	if (set->ssl_parameters_file == NULL || set->ssl_disable)
+	if (set->ssl_disable)
 		return TRUE;
 
-	if (lstat(set->ssl_parameters_file, &st) < 0) {
+	path = t_strconcat(set->login_dir, "/"SSL_PARAMETERS_FILENAME, NULL);
+	if (lstat(path, &st) < 0) {
 		if (errno != ENOENT) {
 			i_error("lstat() failed for SSL parameters file %s: %m",
-				set->ssl_parameters_file);
+				path);
 			return TRUE;
 		}
 
@@ -87,7 +89,7 @@
 	} else if (st.st_size == 0) {
 		/* broken, delete it (mostly for backwards compatibility) */
 		st.st_mtime = 0;
-		(void)unlink(set->ssl_parameters_file);
+		(void)unlink(path);
 	}
 
 	/* make sure it's new enough, it's not 0 sized, and the permissions
@@ -100,7 +102,7 @@
 			i_info("Generating Diffie-Hellman parameters "
 			       "for the first time. This may take a while..");
 		}
-		start_generate_process(set);
+		start_generate_process(path);
 		return FALSE;
 	}
 

Index: ssl-init.h
===================================================================
RCS file: /var/lib/cvs/dovecot/src/master/ssl-init.h,v
retrieving revision 1.2
retrieving revision 1.3
diff -u -d -r1.2 -r1.3
--- ssl-init.h	20 Nov 2002 14:05:14 -0000	1.2
+++ ssl-init.h	15 Jan 2006 21:52:44 -0000	1.3
@@ -1,6 +1,8 @@
 #ifndef __SSL_INIT_H
 #define __SSL_INIT_H
 
+#define SSL_PARAMETERS_FILENAME "ssl-parameters.dat"
+
 void ssl_parameter_process_destroyed(pid_t pid);
 
 void _ssl_generate_parameters(int fd, const char *fname);

More information about the dovecot-cvs mailing list