dovecot-2.2: Moved ssl_* settings from login-common to lib-master.
dovecot at dovecot.org
dovecot at dovecot.org
Sat Jul 28 17:56:05 EEST 2012
details: http://hg.dovecot.org/dovecot-2.2/rev/983c6ff12cc9
changeset: 14728:983c6ff12cc9
user: Timo Sirainen <tss at iki.fi>
date: Sat Jul 28 17:54:19 2012 +0300
description:
Moved ssl_* settings from login-common to lib-master.
This allows creating other SSL servers more easily.
diffstat:
src/config/config-parser.c | 4 +-
src/lib-master/Makefile.am | 2 +
src/lib-master/master-service-private.h | 5 +
src/lib-master/master-service-settings.c | 3 +
src/lib-master/master-service-settings.h | 2 +-
src/lib-master/master-service-ssl-settings.c | 101 ++++++++++++++++++++++++++
src/lib-master/master-service-ssl-settings.h | 26 ++++++
src/lib-master/master-service.c | 13 +++
src/login-common/client-common-auth.c | 3 +-
src/login-common/client-common.c | 8 +-
src/login-common/client-common.h | 5 +-
src/login-common/login-common.h | 1 +
src/login-common/login-proxy.c | 1 +
src/login-common/login-settings.c | 103 ++++++--------------------
src/login-common/login-settings.h | 14 +--
src/login-common/main.c | 18 +++-
src/login-common/ssl-proxy-openssl.c | 101 +++++++++++++++----------
src/login-common/ssl-proxy.c | 6 +-
src/login-common/ssl-proxy.h | 7 +-
src/master/service-process.c | 1 +
20 files changed, 279 insertions(+), 145 deletions(-)
diffs (truncated from 993 to 300 lines):
diff -r d4b95346c08a -r 983c6ff12cc9 src/config/config-parser.c
--- a/src/config/config-parser.c Sat Jul 28 17:47:34 2012 +0300
+++ b/src/config/config-parser.c Sat Jul 28 17:54:19 2012 +0300
@@ -11,6 +11,7 @@
#include "service-settings.h"
#include "master-service.h"
#include "master-service-settings.h"
+#include "master-service-ssl-settings.h"
#include "all-settings.h"
#include "old-set-parser.h"
#include "config-request.h"
@@ -1056,7 +1057,8 @@
if (strcmp(root->module_name, module) == 0)
return TRUE;
- if (root == &master_service_setting_parser_info) {
+ if (root == &master_service_setting_parser_info ||
+ root == &master_service_ssl_setting_parser_info) {
/* everyone wants master service settings */
return TRUE;
}
diff -r d4b95346c08a -r 983c6ff12cc9 src/lib-master/Makefile.am
--- a/src/lib-master/Makefile.am Sat Jul 28 17:47:34 2012 +0300
+++ b/src/lib-master/Makefile.am Sat Jul 28 17:54:19 2012 +0300
@@ -21,6 +21,7 @@
master-service.c \
master-service-settings.c \
master-service-settings-cache.c \
+ master-service-ssl-settings.c \
mountpoint-list.c \
syslog-util.c
@@ -37,6 +38,7 @@
master-service-private.h \
master-service-settings.h \
master-service-settings-cache.h \
+ master-service-ssl-settings.h \
service-settings.h \
mountpoint-list.h \
syslog-util.h
diff -r d4b95346c08a -r 983c6ff12cc9 src/lib-master/master-service-private.h
--- a/src/lib-master/master-service-private.h Sat Jul 28 17:47:34 2012 +0300
+++ b/src/lib-master/master-service-private.h Sat Jul 28 17:54:19 2012 +0300
@@ -59,6 +59,9 @@
const struct master_service_settings *set;
struct setting_parser_context *set_parser;
+ struct ssl_iostream_context *ssl_ctx;
+ time_t ssl_params_last_refresh;
+
unsigned int killed:1;
unsigned int stopping:1;
unsigned int keep_environment:1;
@@ -67,6 +70,7 @@
unsigned int die_with_master:1;
unsigned int call_avail_overflow:1;
unsigned int config_path_is_default:1;
+ unsigned int ssl_ctx_initialized:1;
};
void master_service_io_listeners_add(struct master_service *service);
@@ -74,5 +78,6 @@
void master_service_close_config_fd(struct master_service *service);
void master_service_io_listeners_remove(struct master_service *service);
+void master_service_ssl_io_listeners_remove(struct master_service *service);
#endif
diff -r d4b95346c08a -r 983c6ff12cc9 src/lib-master/master-service-settings.c
--- a/src/lib-master/master-service-settings.c Sat Jul 28 17:47:34 2012 +0300
+++ b/src/lib-master/master-service-settings.c Sat Jul 28 17:54:19 2012 +0300
@@ -11,6 +11,7 @@
#include "execv-const.h"
#include "settings-parser.h"
#include "master-service-private.h"
+#include "master-service-ssl-settings.h"
#include "master-service-settings.h"
#include <stddef.h>
@@ -368,6 +369,8 @@
p_array_init(&all_roots, service->set_pool, 8);
tmp_root = &master_service_setting_parser_info;
array_append(&all_roots, &tmp_root, 1);
+ tmp_root = &master_service_ssl_setting_parser_info;
+ array_append(&all_roots, &tmp_root, 1);
if (input->roots != NULL) {
for (i = 0; input->roots[i] != NULL; i++)
array_append(&all_roots, &input->roots[i], 1);
diff -r d4b95346c08a -r 983c6ff12cc9 src/lib-master/master-service-settings.h
--- a/src/lib-master/master-service-settings.h Sat Jul 28 17:47:34 2012 +0300
+++ b/src/lib-master/master-service-settings.h Sat Jul 28 17:54:19 2012 +0300
@@ -5,7 +5,7 @@
/* Number of settings roots used by lib-master internally. Typically you should
use master_service_settings_get_others() to avoid knowing about this. */
-#define MASTER_SERVICE_INTERNAL_SET_PARSERS 1
+#define MASTER_SERVICE_INTERNAL_SET_PARSERS 2
struct setting_parser_info;
struct master_service;
diff -r d4b95346c08a -r 983c6ff12cc9 src/lib-master/master-service-ssl-settings.c
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/src/lib-master/master-service-ssl-settings.c Sat Jul 28 17:54:19 2012 +0300
@@ -0,0 +1,101 @@
+/* Copyright (c) 2012 Dovecot authors, see the included COPYING file */
+
+#include "lib.h"
+#include "settings-parser.h"
+#include "master-service-private.h"
+#include "master-service-ssl-settings.h"
+
+#include <stddef.h>
+
+#undef DEF
+#define DEF(type, name) \
+ { type, #name, offsetof(struct master_service_ssl_settings, name), NULL }
+
+static bool
+master_service_ssl_settings_check(void *_set, pool_t pool, const char **error_r);
+
+static const struct setting_define master_service_ssl_setting_defines[] = {
+ DEF(SET_ENUM, ssl),
+ DEF(SET_STR, ssl_ca),
+ DEF(SET_STR, ssl_cert),
+ DEF(SET_STR, ssl_key),
+ DEF(SET_STR, ssl_key_password),
+ DEF(SET_STR, ssl_cipher_list),
+ DEF(SET_STR, ssl_protocols),
+ DEF(SET_STR, ssl_cert_username_field),
+ DEF(SET_STR, ssl_crypto_device),
+ DEF(SET_BOOL, ssl_verify_client_cert),
+ DEF(SET_BOOL, ssl_require_crl),
+ DEF(SET_BOOL, verbose_ssl),
+
+ SETTING_DEFINE_LIST_END
+};
+
+static const struct master_service_ssl_settings master_service_ssl_default_settings = {
+ .ssl = "yes:no:required",
+ .ssl_ca = "",
+ .ssl_cert = "",
+ .ssl_key = "",
+ .ssl_key_password = "",
+ .ssl_cipher_list = "ALL:!LOW:!SSLv2:!EXP:!aNULL",
+ .ssl_protocols = "!SSLv2",
+ .ssl_cert_username_field = "commonName",
+ .ssl_crypto_device = "",
+ .ssl_verify_client_cert = FALSE,
+ .ssl_require_crl = TRUE,
+ .verbose_ssl = FALSE
+};
+
+const struct setting_parser_info master_service_ssl_setting_parser_info = {
+ .module_name = "master",
+ .defines = master_service_ssl_setting_defines,
+ .defaults = &master_service_ssl_default_settings,
+
+ .type_offset = (size_t)-1,
+ .struct_size = sizeof(struct master_service_ssl_settings),
+
+ .parent_offset = (size_t)-1,
+ .check_func = master_service_ssl_settings_check
+};
+
+/* <settings checks> */
+static bool
+master_service_ssl_settings_check(void *_set, pool_t pool ATTR_UNUSED,
+ const char **error_r)
+{
+ struct master_service_ssl_settings *set = _set;
+
+ if (strcmp(set->ssl, "no") == 0) {
+ /* disabled */
+ return TRUE;
+ }
+#ifndef HAVE_SSL
+ *error_r = t_strdup_printf("SSL support not compiled in but ssl=%s",
+ set->ssl);
+ return FALSE;
+#else
+ if (*set->ssl_cert == '\0') {
+ *error_r = "ssl enabled, but ssl_cert not set";
+ return FALSE;
+ }
+ if (*set->ssl_key == '\0') {
+ *error_r = "ssl enabled, but ssl_key not set";
+ return FALSE;
+ }
+ if (set->ssl_verify_client_cert && *set->ssl_ca == '\0') {
+ *error_r = "ssl_verify_client_cert set, but ssl_ca not";
+ return FALSE;
+ }
+ return TRUE;
+#endif
+}
+/* </settings checks> */
+
+const struct master_service_ssl_settings *
+master_service_ssl_settings_get(struct master_service *service)
+{
+ void **sets;
+
+ sets = settings_parser_get_list(service->set_parser);
+ return sets[1];
+}
diff -r d4b95346c08a -r 983c6ff12cc9 src/lib-master/master-service-ssl-settings.h
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/src/lib-master/master-service-ssl-settings.h Sat Jul 28 17:54:19 2012 +0300
@@ -0,0 +1,26 @@
+#ifndef MASTER_SERVICE_SSL_SETTINGS_H
+#define MASTER_SERVICE_SSL_SETTINGS_H
+
+struct master_service;
+
+struct master_service_ssl_settings {
+ const char *ssl;
+ const char *ssl_ca;
+ const char *ssl_cert;
+ const char *ssl_key;
+ const char *ssl_key_password;
+ const char *ssl_cipher_list;
+ const char *ssl_protocols;
+ const char *ssl_cert_username_field;
+ const char *ssl_crypto_device;
+ bool ssl_verify_client_cert;
+ bool ssl_require_crl;
+ bool verbose_ssl;
+};
+
+extern const struct setting_parser_info master_service_ssl_setting_parser_info;
+
+const struct master_service_ssl_settings *
+master_service_ssl_settings_get(struct master_service *service);
+
+#endif
diff -r d4b95346c08a -r 983c6ff12cc9 src/lib-master/master-service.c
--- a/src/lib-master/master-service.c Sat Jul 28 17:47:34 2012 +0300
+++ b/src/lib-master/master-service.c Sat Jul 28 17:54:19 2012 +0300
@@ -869,6 +869,19 @@
}
}
+void master_service_ssl_io_listeners_remove(struct master_service *service)
+{
+ unsigned int i;
+
+ if (service->listeners != NULL) {
+ for (i = 0; i < service->socket_count; i++) {
+ if (service->listeners[i].io != NULL &&
+ service->listeners[i].ssl)
+ io_remove(&service->listeners[i].io);
+ }
+ }
+}
+
static void master_service_io_listeners_close(struct master_service *service)
{
unsigned int i;
diff -r d4b95346c08a -r 983c6ff12cc9 src/login-common/client-common-auth.c
--- a/src/login-common/client-common-auth.c Sat Jul 28 17:47:34 2012 +0300
+++ b/src/login-common/client-common-auth.c Sat Jul 28 17:54:19 2012 +0300
@@ -9,6 +9,7 @@
#include "time-util.h"
#include "login-proxy.h"
#include "auth-client.h"
+#include "master-service-ssl-settings.h"
#include "client-common.h"
#include <stdlib.h>
@@ -580,7 +581,7 @@
int client_auth_begin(struct client *client, const char *mech_name,
const char *init_resp)
{
- if (!client->secured && strcmp(client->set->ssl, "required") == 0) {
+ if (!client->secured && strcmp(client->ssl_set->ssl, "required") == 0) {
if (client->set->auth_verbose) {
client_log(client, "Login failed: "
"SSL required for authentication");
diff -r d4b95346c08a -r 983c6ff12cc9 src/login-common/client-common.c
--- a/src/login-common/client-common.c Sat Jul 28 17:47:34 2012 +0300
+++ b/src/login-common/client-common.c Sat Jul 28 17:54:19 2012 +0300
@@ -100,7 +100,9 @@
struct client *
client_create(int fd, bool ssl, pool_t pool,
- const struct login_settings *set, void **other_sets,
+ const struct login_settings *set,
+ const struct master_service_ssl_settings *ssl_set,
+ void **other_sets,
const struct ip_addr *local_ip, const struct ip_addr *remote_ip)
{
struct client *client;
@@ -119,6 +121,7 @@
client->pool = pool;
client->set = set;
+ client->ssl_set = ssl_set;
client->local_ip = *local_ip;
client->ip = *remote_ip;
client->fd = fd;
More information about the dovecot-cvs
mailing list