main.c revision 183bea41fa640dc8117f3eb45ff935cd81377a84
2454dfa32c93c20a8522c6ed42fe057baaac9f9aStephan Bosch/* Copyright (c) 2002-2011 Dovecot authors, see the included COPYING file */
24e5e4526d8f5cbc056ab97fd0d154d0936d7a5eTimo Sirainen#define AUTH_CLIENT_IDLE_TIMEOUT_MSECS (1000*60)
5948e3e120c5dcaf0aeb44405566381045fa82d6Timo Sirainenconst struct login_settings *global_login_settings;
24e5e4526d8f5cbc056ab97fd0d154d0936d7a5eTimo Sirainenstatic void login_access_lookup_next(struct login_access_lookup *lookup);
24e5e4526d8f5cbc056ab97fd0d154d0936d7a5eTimo Sirainen if (!global_login_settings->verbose_proctitle)
24e5e4526d8f5cbc056ab97fd0d154d0936d7a5eTimo Sirainen } else if (clients_get_count() > 1 || client == NULL) {
24e5e4526d8f5cbc056ab97fd0d154d0936d7a5eTimo Sirainen process_title_set(t_strdup_printf("[%u connections (%u TLS)]",
24e5e4526d8f5cbc056ab97fd0d154d0936d7a5eTimo Sirainen } else if ((addr = net_ip2addr(&client->ip)) != NULL) {
24e5e4526d8f5cbc056ab97fd0d154d0936d7a5eTimo Sirainen process_title_set(t_strdup_printf(client->tls ?
24e5e4526d8f5cbc056ab97fd0d154d0936d7a5eTimo Sirainen process_title_set(client->tls ? "[TLS]" : "");
24e5e4526d8f5cbc056ab97fd0d154d0936d7a5eTimo Sirainenstatic void auth_client_idle_timeout(struct auth_client *auth_client)
212e9e43a7d49242446331fd43ba519eda936d60Timo Sirainen if (clients == NULL && auth_client_to == NULL) {
212e9e43a7d49242446331fd43ba519eda936d60Timo Sirainen auth_client_to = timeout_add(AUTH_CLIENT_IDLE_TIMEOUT_MSECS,
24e5e4526d8f5cbc056ab97fd0d154d0936d7a5eTimo Sirainenstatic void login_die(void)
24e5e4526d8f5cbc056ab97fd0d154d0936d7a5eTimo Sirainen /* we don't have auth client, and we might never get one */
24e5e4526d8f5cbc056ab97fd0d154d0936d7a5eTimo Sirainenclient_connected_finish(const struct master_service_connection *conn)
24e5e4526d8f5cbc056ab97fd0d154d0936d7a5eTimo Sirainen if (net_getsockname(conn->fd, &local_ip, &local_port) < 0) {
dee43975a70bcdb9dc83d34d6a2b177d37bb7194Timo Sirainen pool = pool_alloconly_create("login client", 5*1024);
24e5e4526d8f5cbc056ab97fd0d154d0936d7a5eTimo Sirainen client = client_create(conn->fd, FALSE, pool, set, other_sets,
c9dea5c23355dea35c6fa423de69f6507852efe4Timo Sirainen fd_ssl = ssl_proxy_alloc(conn->fd, &conn->remote_ip, set,
7a24bdc1a5e2d5368c2569b4852192f2bdb5a31fTimo Sirainen master_service_client_connection_destroyed(master_service);
4ece61edd7c266a4b8f3b290a7f0a3cb3d13ca0fTimo Sirainen client = client_create(fd_ssl, TRUE, pool, set, other_sets,
8f90ef65db62946aabe1969755edcdefb4eb430aTimo Sirainenstatic void login_access_lookup_free(struct login_access_lookup *lookup)
4ece61edd7c266a4b8f3b290a7f0a3cb3d13ca0fTimo Sirainen master_service_client_connection_destroyed(master_service);
4ece61edd7c266a4b8f3b290a7f0a3cb3d13ca0fTimo Sirainen p_strsplit_free(default_pool, lookup->sockets);
4ece61edd7c266a4b8f3b290a7f0a3cb3d13ca0fTimo Sirainenstatic void login_access_callback(bool success, void *context)
4ece61edd7c266a4b8f3b290a7f0a3cb3d13ca0fTimo Sirainenstatic void login_access_lookup_next(struct login_access_lookup *lookup)
7e209b78ca757294dbbc15604c88673b3a6b0c39Timo Sirainen /* last one */
825b0e819a7c48a366ddca23ec78b87e8c30e9b4Aki Tuomi lookup->access = access_lookup(*lookup->next_socket, lookup->conn.fd,
4ece61edd7c266a4b8f3b290a7f0a3cb3d13ca0fTimo Sirainenstatic void client_input_error(struct login_access_lookup *lookup)
4ece61edd7c266a4b8f3b290a7f0a3cb3d13ca0fTimo Sirainen i_info("access(%s): Client disconnected during lookup (rip=%s)",
4ece61edd7c266a4b8f3b290a7f0a3cb3d13ca0fTimo Sirainen /* actual input. stop listening until lookup is done. */
4ece61edd7c266a4b8f3b290a7f0a3cb3d13ca0fTimo Sirainenstatic void client_connected(struct master_service_connection *conn)
4ece61edd7c266a4b8f3b290a7f0a3cb3d13ca0fTimo Sirainen master_service_client_connection_accept(conn);
939a0d82523538b2de38a02bc9f790a67b7ebf47Timo Sirainen /* make sure we're connected (or attempting to connect) to auth */
4ece61edd7c266a4b8f3b290a7f0a3cb3d13ca0fTimo Sirainen /* no access checks */
4ece61edd7c266a4b8f3b290a7f0a3cb3d13ca0fTimo Sirainen lookup = i_new(struct login_access_lookup, 1);
4ece61edd7c266a4b8f3b290a7f0a3cb3d13ca0fTimo Sirainen lookup->io = io_add(conn->fd, IO_READ, client_input_error, lookup);
4ece61edd7c266a4b8f3b290a7f0a3cb3d13ca0fTimo Sirainen lookup->sockets = p_strsplit_spaces(default_pool, access_sockets, " ");
4cf5f0934a25f1fd58f2780108f9d6498c455a1fTimo Sirainenstatic void auth_connect_notify(struct auth_client *client ATTR_UNUSED,
6d6c1517ef20e340a3aace406724fc8916f2d13fTimo Sirainen master_service_stop_new_connections(master_service);
4ece61edd7c266a4b8f3b290a7f0a3cb3d13ca0fTimo Sirainenstatic void main_preinit(bool allow_core_dumps)
4ece61edd7c266a4b8f3b290a7f0a3cb3d13ca0fTimo Sirainen unsigned int max_fds;
4cf5f0934a25f1fd58f2780108f9d6498c455a1fTimo Sirainen /* Initialize SSL proxy so it can read certificate and private
d85a1a9d9af4a36ded4d30cb277905c807de2ec5Timo Sirainen /* set the number of fds we want to use. it may get increased or
4ece61edd7c266a4b8f3b290a7f0a3cb3d13ca0fTimo Sirainen decreased. leave a couple of extra fds for auth sockets and such.
d85a1a9d9af4a36ded4d30cb277905c807de2ec5Timo Sirainen worst case each connection can use:
4ece61edd7c266a4b8f3b290a7f0a3cb3d13ca0fTimo Sirainen - 1 for client
d85a1a9d9af4a36ded4d30cb277905c807de2ec5Timo Sirainen - 1 for login proxy
4cf5f0934a25f1fd58f2780108f9d6498c455a1fTimo Sirainen - 2 for client-side ssl proxy
4ece61edd7c266a4b8f3b290a7f0a3cb3d13ca0fTimo Sirainen - 2 for server-side ssl proxy (with login proxy)
d85a1a9d9af4a36ded4d30cb277905c807de2ec5Timo Sirainen master_service_get_socket_count(master_service) +
4ece61edd7c266a4b8f3b290a7f0a3cb3d13ca0fTimo Sirainen master_service_get_client_limit(master_service)*6;
4ece61edd7c266a4b8f3b290a7f0a3cb3d13ca0fTimo Sirainen io_loop_set_max_fd_count(current_ioloop, max_fds);
4ece61edd7c266a4b8f3b290a7f0a3cb3d13ca0fTimo Sirainen i_assert(strcmp(global_login_settings->ssl, "no") == 0 ||
4ece61edd7c266a4b8f3b290a7f0a3cb3d13ca0fTimo Sirainen if (global_login_settings->mail_max_userip_connections > 0) {
4ece61edd7c266a4b8f3b290a7f0a3cb3d13ca0fTimo Sirainen anvil = anvil_client_init("anvil", anvil_reconnect_callback, 0);
efe78d3ba24fc866af1c79b9223dc0809ba26cadStephan Boschstatic void main_init(const char *login_socket)
4ece61edd7c266a4b8f3b290a7f0a3cb3d13ca0fTimo Sirainen /* make sure we can't fork() */
7e209b78ca757294dbbc15604c88673b3a6b0c39Timo Sirainen if (restrict_access_get_current_chroot() == NULL) {
4ece61edd7c266a4b8f3b290a7f0a3cb3d13ca0fTimo Sirainen master_service_set_avail_overflow_callback(master_service,
4ece61edd7c266a4b8f3b290a7f0a3cb3d13ca0fTimo Sirainen master_service_set_die_callback(master_service, login_die);
4ece61edd7c266a4b8f3b290a7f0a3cb3d13ca0fTimo Sirainen auth_client = auth_client_init(login_socket, (unsigned int)getpid(),
4ece61edd7c266a4b8f3b290a7f0a3cb3d13ca0fTimo Sirainen auth_client_set_connect_notify(auth_client, auth_connect_notify, NULL);
4ece61edd7c266a4b8f3b290a7f0a3cb3d13ca0fTimo Sirainen master_auth = master_auth_init(master_service, login_binary.protocol);
4ece61edd7c266a4b8f3b290a7f0a3cb3d13ca0fTimo Sirainenstatic void main_deinit(void)
4ece61edd7c266a4b8f3b290a7f0a3cb3d13ca0fTimo Sirainen const char *login_socket = DEFAULT_LOGIN_SOCKET;
4ece61edd7c266a4b8f3b290a7f0a3cb3d13ca0fTimo Sirainen master_service = master_service_init(login_binary.process_name,
4ece61edd7c266a4b8f3b290a7f0a3cb3d13ca0fTimo Sirainen master_service_init_log(master_service, t_strconcat(
a406615fbcef37b1d12f0be95a70abf23238c5efTimo Sirainen while ((c = master_getopt(master_service)) > 0) {
24e5e4526d8f5cbc056ab97fd0d154d0936d7a5eTimo Sirainen set_pool = pool_alloconly_create("global login settings", 4096);
24e5e4526d8f5cbc056ab97fd0d154d0936d7a5eTimo Sirainen login_settings_read(set_pool, NULL, NULL, NULL,
24e5e4526d8f5cbc056ab97fd0d154d0936d7a5eTimo Sirainen /* main_preinit() needs to know the client limit, which is set by
24e5e4526d8f5cbc056ab97fd0d154d0936d7a5eTimo Sirainen this. so call it first. */