dovecot-2.2: auth: Added auth_proxy_self setting to specify IPs ...

dovecot at dovecot.org dovecot at dovecot.org
Sat Feb 25 05:42:16 EET 2012 

details:   http://hg.dovecot.org/dovecot-2.2/rev/98d696965c91
changeset: 14159:98d696965c91
user:      Timo Sirainen <tss at iki.fi>
date:      Sat Feb 25 05:42:05 2012 +0200
description:
auth: Added auth_proxy_self setting to specify IPs that are considered as "self" for proxy_maybe.

diffstat:

 src/auth/auth-request.c    |  11 ++++++++++-
 src/auth/auth-settings.c   |  36 ++++++++++++++++++++++++++++++++++++
 src/auth/auth-settings.h   |   2 ++
 src/config/settings-get.pl |   1 +
 4 files changed, 49 insertions(+), 1 deletions(-)

diffs (118 lines):

diff -r fb972ad3213d -r 98d696965c91 src/auth/auth-request.c
--- a/src/auth/auth-request.c	Sat Feb 25 05:13:39 2012 +0200
+++ b/src/auth/auth-request.c	Sat Feb 25 05:42:05 2012 +0200
@@ -1440,7 +1440,16 @@
 auth_request_proxy_ip_is_self(struct auth_request *request,
 			      const struct ip_addr *ip)
 {
-	return net_ip_compare(ip, &request->local_ip);
+	unsigned int i;
+
+	if (net_ip_compare(ip, &request->local_ip))
+		return TRUE;
+
+	for (i = 0; request->set->proxy_self_ips[i].family != 0; i++) {
+		if (net_ip_compare(ip, &request->set->proxy_self_ips[i]))
+			return TRUE;
+	}
+	return FALSE;
 }
 
 static void auth_request_proxy_finish_ip(struct auth_request *request)
diff -r fb972ad3213d -r 98d696965c91 src/auth/auth-settings.c
--- a/src/auth/auth-settings.c	Sat Feb 25 05:13:39 2012 +0200
+++ b/src/auth/auth-settings.c	Sat Feb 25 05:42:05 2012 +0200
@@ -198,6 +198,7 @@
 	DEF(SET_STR, krb5_keytab),
 	DEF(SET_STR, gssapi_hostname),
 	DEF(SET_STR, winbind_helper_path),
+	DEF(SET_STR, proxy_self),
 	DEF(SET_TIME, failure_delay),
 	DEF(SET_UINT, first_valid_uid),
 	DEF(SET_UINT, last_valid_uid),
@@ -236,6 +237,7 @@
 	.krb5_keytab = "",
 	.gssapi_hostname = "",
 	.winbind_helper_path = "/usr/bin/ntlm_auth",
+	.proxy_self = "",
 	.failure_delay = 2,
 	.first_valid_uid = 500,
 	.last_valid_uid = 0,
@@ -271,6 +273,37 @@
 };
 
 /* <settings checks> */
+static bool
+auth_settings_set_self_ips(struct auth_settings *set, pool_t pool,
+			   const char **error_r)
+{
+	const char *const *tmp;
+	ARRAY_DEFINE(ips_array, struct ip_addr);
+	struct ip_addr *ips;
+	unsigned int ips_count;
+	int ret;
+
+	if (*set->proxy_self == '\0') {
+		set->proxy_self_ips = p_new(pool, struct ip_addr, 1);
+		return TRUE;
+	}
+
+	p_array_init(&ips_array, pool, 4);
+	tmp = t_strsplit_spaces(set->proxy_self, " ");
+	for (; *tmp != NULL; tmp++) {
+		ret = net_gethostbyname(*tmp, &ips, &ips_count);
+		if (ret != 0) {
+			*error_r = t_strdup_printf("auth_proxy_self_ips: "
+				"gethostbyname(%s) failed: %s",
+				*tmp, net_gethosterror(ret));
+		}
+		array_append(&ips_array, ips, ips_count);
+	}
+	(void)array_append_space(&ips_array);
+	set->proxy_self_ips = array_idx(&ips_array, 0);
+	return TRUE;
+}
+
 static bool auth_settings_check(void *_set, pool_t pool,
 				const char **error_r)
 {
@@ -312,6 +345,9 @@
 	}
 	set->realms_arr =
 		(const char *const *)p_strsplit_spaces(pool, set->realms, " ");
+
+	if (!auth_settings_set_self_ips(set, pool, error_r))
+		return FALSE;
 	return TRUE;
 }
 
diff -r fb972ad3213d -r 98d696965c91 src/auth/auth-settings.h
--- a/src/auth/auth-settings.h	Sat Feb 25 05:13:39 2012 +0200
+++ b/src/auth/auth-settings.h	Sat Feb 25 05:42:05 2012 +0200
@@ -36,6 +36,7 @@
 	const char *krb5_keytab;
 	const char *gssapi_hostname;
 	const char *winbind_helper_path;
+	const char *proxy_self;
 	unsigned int failure_delay;
 	unsigned int first_valid_uid;
 	unsigned int last_valid_uid;
@@ -58,6 +59,7 @@
 	char username_chars_map[256];
 	char username_translation_map[256];
 	const char *const *realms_arr;
+	const struct ip_addr *proxy_self_ips;
 };
 
 extern const struct setting_parser_info auth_setting_parser_info;
diff -r fb972ad3213d -r 98d696965c91 src/config/settings-get.pl
--- a/src/config/settings-get.pl	Sat Feb 25 05:13:39 2012 +0200
+++ b/src/config/settings-get.pl	Sat Feb 25 05:42:05 2012 +0200
@@ -8,6 +8,7 @@
 print '#include "file-lock.h"'."\n";
 print '#include "fsync-mode.h"'."\n";
 print '#include "hash-format.h"'."\n";
+print '#include "network.h"'."\n";
 print '#include "unichar.h"'."\n";
 print '#include "settings-parser.h"'."\n";
 print '#include "all-settings.h"'."\n";

More information about the dovecot-cvs mailing list