* include/mailutils/server.h (mu_m_server_prefork_fp): New
function type. (mu_m_server_destroy, mu_m_server_set_prefork) (mu_m_server_configured_count, mu_m_server_end): New functions. * mailbox/msrv.c (struct _mu_m_server.prefork): New member. (mu_m_server_set_prefork): New function. (m_srv_conn): Use prefork to decide whether to proceed with a connection. * lib/tcpwrap.c, lib/tcpwrap.h (mu_tcp_wrapper_prefork): New function. * imap4d/imap4d.c, maidag/lmtp.c, maidag/maidag.c, pop3d/pop3d.c: Use m-server prefork to handle TCP wrappers. * po/POTFILES.in: Add more files.
Showing
9 changed files
with
46 additions
and
39 deletions
| ... | @@ -374,24 +374,6 @@ imap4d_mainloop (int fd, FILE *infile, FILE *outfile) | ... | @@ -374,24 +374,6 @@ imap4d_mainloop (int fd, FILE *infile, FILE *outfile) |
| 374 | struct sockaddr_in cs; | 374 | struct sockaddr_in cs; |
| 375 | int debug_mode = isatty (fd); | 375 | int debug_mode = isatty (fd); |
| 376 | 376 | ||
| 377 | mu_diag_output (MU_DIAG_INFO, _("Incoming connection opened")); | ||
| 378 | if (!debug_mode) | ||
| 379 | { | ||
| 380 | if (get_client_address (fd, &cs) == 0) | ||
| 381 | { | ||
| 382 | if (!mu_tcpwrapper_access (fd)) | ||
| 383 | { | ||
| 384 | mu_error (_("Access from %s blocked."), inet_ntoa (cs.sin_addr)); | ||
| 385 | return 1; | ||
| 386 | } | ||
| 387 | } | ||
| 388 | else if (mu_tcp_wrapper_enable) | ||
| 389 | { | ||
| 390 | mu_error (_("Rejecting connection from unknown address")); | ||
| 391 | return 1; | ||
| 392 | } | ||
| 393 | } | ||
| 394 | |||
| 395 | /* Reset hup to exit. */ | 377 | /* Reset hup to exit. */ |
| 396 | signal (SIGHUP, imap4d_signal); | 378 | signal (SIGHUP, imap4d_signal); |
| 397 | /* Timeout alarm. */ | 379 | /* Timeout alarm. */ |
| ... | @@ -502,6 +484,7 @@ main (int argc, char **argv) | ... | @@ -502,6 +484,7 @@ main (int argc, char **argv) |
| 502 | 484 | ||
| 503 | mu_m_server_create (&server, "GNU imap4d"); | 485 | mu_m_server_create (&server, "GNU imap4d"); |
| 504 | mu_m_server_set_conn (server, imap4d_connection); | 486 | mu_m_server_set_conn (server, imap4d_connection); |
| 487 | mu_m_server_set_prefork (server, mu_tcp_wrapper_prefork); | ||
| 505 | mu_m_server_set_mode (server, MODE_INTERACTIVE); | 488 | mu_m_server_set_mode (server, MODE_INTERACTIVE); |
| 506 | mu_m_server_set_max_children (server, 20); | 489 | mu_m_server_set_max_children (server, 20); |
| 507 | /* FIXME mu_m_server_set_pidfile (); */ | 490 | /* FIXME mu_m_server_set_pidfile (); */ | ... | ... |
| ... | @@ -75,10 +75,12 @@ int mu_tcp_server_get_sockaddr (mu_tcp_server_t srv, struct sockaddr *s, | ... | @@ -75,10 +75,12 @@ int mu_tcp_server_get_sockaddr (mu_tcp_server_t srv, struct sockaddr *s, |
| 75 | 75 | ||
| 76 | /* m-server */ | 76 | /* m-server */ |
| 77 | typedef int (*mu_m_server_conn_fp) (int, void *, time_t, int); | 77 | typedef int (*mu_m_server_conn_fp) (int, void *, time_t, int); |
| 78 | 78 | typedef int (*mu_m_server_prefork_fp) (int, struct sockaddr *s, int size); | |
| 79 | void mu_m_server_create (mu_m_server_t *psrv, const char *ident); | 79 | void mu_m_server_create (mu_m_server_t *psrv, const char *ident); |
| 80 | void mu_m_server_destroy (mu_m_server_t *pmsrv); | ||
| 80 | void mu_m_server_set_mode (mu_m_server_t srv, int mode); | 81 | void mu_m_server_set_mode (mu_m_server_t srv, int mode); |
| 81 | void mu_m_server_set_conn (mu_m_server_t srv, mu_m_server_conn_fp f); | 82 | void mu_m_server_set_conn (mu_m_server_t srv, mu_m_server_conn_fp f); |
| 83 | void mu_m_server_set_prefork (mu_m_server_t srv, mu_m_server_prefork_fp fun); | ||
| 82 | void mu_m_server_set_data (mu_m_server_t srv, void *data); | 84 | void mu_m_server_set_data (mu_m_server_t srv, void *data); |
| 83 | void mu_m_server_set_max_children (mu_m_server_t srv, size_t num); | 85 | void mu_m_server_set_max_children (mu_m_server_t srv, size_t num); |
| 84 | int mu_m_server_set_pidfile (mu_m_server_t srv, const char *pidfile); | 86 | int mu_m_server_set_pidfile (mu_m_server_t srv, const char *pidfile); |
| ... | @@ -91,8 +93,11 @@ int mu_m_server_mode (mu_m_server_t srv); | ... | @@ -91,8 +93,11 @@ int mu_m_server_mode (mu_m_server_t srv); |
| 91 | time_t mu_m_server_timeout (mu_m_server_t srv); | 93 | time_t mu_m_server_timeout (mu_m_server_t srv); |
| 92 | void mu_m_server_get_sigset (mu_m_server_t srv, sigset_t *sigset); | 94 | void mu_m_server_get_sigset (mu_m_server_t srv, sigset_t *sigset); |
| 93 | 95 | ||
| 96 | void mu_m_server_configured_count (mu_m_server_t msrv, size_t count); | ||
| 97 | |||
| 94 | void mu_m_server_begin (mu_m_server_t msrv); | 98 | void mu_m_server_begin (mu_m_server_t msrv); |
| 95 | int mu_m_server_run (mu_m_server_t msrv); | 99 | int mu_m_server_run (mu_m_server_t msrv); |
| 100 | void mu_m_server_end (mu_m_server_t msrv); | ||
| 96 | 101 | ||
| 97 | void mu_m_server_cfg_init (void); | 102 | void mu_m_server_cfg_init (void); |
| 98 | 103 | ... | ... |
| 1 | /* GNU Mailutils -- a suite of utilities for electronic mail | 1 | /* GNU Mailutils -- a suite of utilities for electronic mail |
| 2 | Copyright (C) 1999, 2001, 2002, 2003, 2004, | 2 | Copyright (C) 1999, 2001, 2002, 2003, 2004, |
| 3 | 2005, 2006, 2007 Free Software Foundation, Inc. | 3 | 2005, 2006, 2007, 2008 Free Software Foundation, Inc. |
| 4 | 4 | ||
| 5 | GNU Mailutils is free software; you can redistribute it and/or modify | 5 | GNU Mailutils is free software; you can redistribute it and/or modify |
| 6 | it under the terms of the GNU General Public License as published by | 6 | it under the terms of the GNU General Public License as published by |
| ... | @@ -20,6 +20,7 @@ | ... | @@ -20,6 +20,7 @@ |
| 20 | #ifdef HAVE_CONFIG_H | 20 | #ifdef HAVE_CONFIG_H |
| 21 | # include <config.h> | 21 | # include <config.h> |
| 22 | #endif | 22 | #endif |
| 23 | #include <stdlib.h> | ||
| 23 | #include <syslog.h> | 24 | #include <syslog.h> |
| 24 | #include <string.h> | 25 | #include <string.h> |
| 25 | #include <mailutils/debug.h> | 26 | #include <mailutils/debug.h> |
| ... | @@ -27,6 +28,7 @@ | ... | @@ -27,6 +28,7 @@ |
| 27 | #include <mailutils/syslog.h> | 28 | #include <mailutils/syslog.h> |
| 28 | #include <mailutils/cfg.h> | 29 | #include <mailutils/cfg.h> |
| 29 | #include <mailutils/diag.h> | 30 | #include <mailutils/diag.h> |
| 31 | #include <mailutils/error.h> | ||
| 30 | 32 | ||
| 31 | int mu_tcp_wrapper_enable = 1; | 33 | int mu_tcp_wrapper_enable = 1; |
| 32 | char *mu_tcp_wrapper_daemon; | 34 | char *mu_tcp_wrapper_daemon; |
| ... | @@ -138,3 +140,17 @@ mu_tcpwrapper_access (int fd) | ... | @@ -138,3 +140,17 @@ mu_tcpwrapper_access (int fd) |
| 138 | } | 140 | } |
| 139 | 141 | ||
| 140 | #endif | 142 | #endif |
| 143 | |||
| 144 | int | ||
| 145 | mu_tcp_wrapper_prefork (int fd, struct sockaddr *sa, int salen) | ||
| 146 | { | ||
| 147 | if (mu_tcp_wrapper_enable && !mu_tcpwrapper_access (fd)) | ||
| 148 | { | ||
| 149 | char *p = mu_sockaddr_to_astr (sa, salen); | ||
| 150 | mu_error (_("Access from %s blocked by TCP wrappers."), p); | ||
| 151 | free (p); | ||
| 152 | return 1; | ||
| 153 | } | ||
| 154 | return 0; | ||
| 155 | } | ||
| 156 | ... | ... |
| 1 | /* GNU Mailutils -- a suite of utilities for electronic mail | 1 | /* GNU Mailutils -- a suite of utilities for electronic mail |
| 2 | Copyright (C) 1999, 2001, 2002, 2003, 2004, | 2 | Copyright (C) 1999, 2001, 2002, 2003, 2004, |
| 3 | 2005, 2006, 2007 Free Software Foundation, Inc. | 3 | 2005, 2006, 2007, 2008 Free Software Foundation, Inc. |
| 4 | 4 | ||
| 5 | GNU Mailutils is free software; you can redistribute it and/or modify | 5 | GNU Mailutils is free software; you can redistribute it and/or modify |
| 6 | it under the terms of the GNU General Public License as published by | 6 | it under the terms of the GNU General Public License as published by |
| ... | @@ -30,8 +30,8 @@ extern int mu_tcp_wrapper_cb_hosts_allow_syslog (mu_debug_t debug, void *data, | ... | @@ -30,8 +30,8 @@ extern int mu_tcp_wrapper_cb_hosts_allow_syslog (mu_debug_t debug, void *data, |
| 30 | extern int mu_tcp_wrapper_cb_hosts_deny_syslog (mu_debug_t debug, void *data, | 30 | extern int mu_tcp_wrapper_cb_hosts_deny_syslog (mu_debug_t debug, void *data, |
| 31 | char *arg); | 31 | char *arg); |
| 32 | extern int mu_tcpwrapper_access (int fd); | 32 | extern int mu_tcpwrapper_access (int fd); |
| 33 | |||
| 34 | extern void mu_tcpwrapper_cfg_init (void); | 33 | extern void mu_tcpwrapper_cfg_init (void); |
| 34 | extern int mu_tcp_wrapper_prefork (int fd, struct sockaddr *sa, int salen); | ||
| 35 | 35 | ||
| 36 | #ifdef WITH_LIBWRAP | 36 | #ifdef WITH_LIBWRAP |
| 37 | # define TCP_WRAPPERS_CONFIG { "tcp-wrappers", mu_cfg_section }, | 37 | # define TCP_WRAPPERS_CONFIG { "tcp-wrappers", mu_cfg_section }, | ... | ... |
| ... | @@ -556,10 +556,16 @@ lmtp_loop (FILE *in, FILE *out, unsigned int timeout) | ... | @@ -556,10 +556,16 @@ lmtp_loop (FILE *in, FILE *out, unsigned int timeout) |
| 556 | return 0; | 556 | return 0; |
| 557 | } | 557 | } |
| 558 | 558 | ||
| 559 | typedef union | ||
| 560 | { | ||
| 561 | struct sockaddr sa; | ||
| 562 | struct sockaddr_in s_in; | ||
| 563 | struct sockaddr_un s_un; | ||
| 564 | } all_addr_t; | ||
| 565 | |||
| 559 | int | 566 | int |
| 560 | lmtp_connection (int fd, void *data, time_t timeout, int transcript) | 567 | lmtp_connection (int fd, void *data, time_t timeout, int transcript) |
| 561 | { | 568 | { |
| 562 | /* FIXME: TCP wrappers */ | ||
| 563 | lmtp_transcript = transcript; | 569 | lmtp_transcript = transcript; |
| 564 | lmtp_loop (fdopen (fd, "r"), fdopen (fd, "w"), timeout); | 570 | lmtp_loop (fdopen (fd, "r"), fdopen (fd, "w"), timeout); |
| 565 | return 0; | 571 | return 0; | ... | ... |
| ... | @@ -478,6 +478,7 @@ main (int argc, char *argv[]) | ... | @@ -478,6 +478,7 @@ main (int argc, char *argv[]) |
| 478 | 478 | ||
| 479 | mu_m_server_create (&server, "GNU maidag"); | 479 | mu_m_server_create (&server, "GNU maidag"); |
| 480 | mu_m_server_set_conn (server, lmtp_connection); | 480 | mu_m_server_set_conn (server, lmtp_connection); |
| 481 | mu_m_server_set_prefork (server, mu_tcp_wrapper_prefork); | ||
| 481 | mu_m_server_set_mode (server, MODE_INTERACTIVE); | 482 | mu_m_server_set_mode (server, MODE_INTERACTIVE); |
| 482 | mu_m_server_set_max_children (server, 20); | 483 | mu_m_server_set_max_children (server, 20); |
| 483 | mu_m_server_set_timeout (server, 600); | 484 | mu_m_server_set_timeout (server, 600); | ... | ... |
| ... | @@ -66,6 +66,7 @@ struct _mu_m_server | ... | @@ -66,6 +66,7 @@ struct _mu_m_server |
| 66 | mu_server_t server; | 66 | mu_server_t server; |
| 67 | mu_list_t srvlist; | 67 | mu_list_t srvlist; |
| 68 | mu_m_server_conn_fp conn; | 68 | mu_m_server_conn_fp conn; |
| 69 | mu_m_server_prefork_fp prefork; | ||
| 69 | void *data; | 70 | void *data; |
| 70 | int mode; | 71 | int mode; |
| 71 | int foreground; | 72 | int foreground; |
| ... | @@ -192,6 +193,12 @@ mu_m_server_set_conn (mu_m_server_t srv, mu_m_server_conn_fp conn) | ... | @@ -192,6 +193,12 @@ mu_m_server_set_conn (mu_m_server_t srv, mu_m_server_conn_fp conn) |
| 192 | } | 193 | } |
| 193 | 194 | ||
| 194 | void | 195 | void |
| 196 | mu_m_server_set_prefork (mu_m_server_t srv, mu_m_server_prefork_fp fun) | ||
| 197 | { | ||
| 198 | srv->prefork = fun; | ||
| 199 | } | ||
| 200 | |||
| 201 | void | ||
| 195 | mu_m_server_set_data (mu_m_server_t srv, void *data) | 202 | mu_m_server_set_data (mu_m_server_t srv, void *data) |
| 196 | { | 203 | { |
| 197 | srv->data = data; | 204 | srv->data = data; |
| ... | @@ -502,7 +509,9 @@ m_srv_conn (int fd, struct sockaddr *sa, int salen, | ... | @@ -502,7 +509,9 @@ m_srv_conn (int fd, struct sockaddr *sa, int salen, |
| 502 | pause (); | 509 | pause (); |
| 503 | return 0; | 510 | return 0; |
| 504 | } | 511 | } |
| 505 | 512 | if (pconf->msrv->prefork && pconf->msrv->prefork (fd, sa, salen)) | |
| 513 | return 0; | ||
| 514 | |||
| 506 | pid = fork (); | 515 | pid = fork (); |
| 507 | if (pid == -1) | 516 | if (pid == -1) |
| 508 | mu_diag_output (MU_DIAG_ERROR, "fork: %s", strerror (errno)); | 517 | mu_diag_output (MU_DIAG_ERROR, "fork: %s", strerror (errno)); | ... | ... |
| ... | @@ -31,6 +31,7 @@ lib/argp-help.c | ... | @@ -31,6 +31,7 @@ lib/argp-help.c |
| 31 | lib/argp-parse.c | 31 | lib/argp-parse.c |
| 32 | lib/getopt.c | 32 | lib/getopt.c |
| 33 | lib/mailcap.c | 33 | lib/mailcap.c |
| 34 | lib/tcpwrap.c | ||
| 34 | lib/xmalloc.c | 35 | lib/xmalloc.c |
| 35 | libargp/auth.c | 36 | libargp/auth.c |
| 36 | libargp/cmdline.c | 37 | libargp/cmdline.c | ... | ... |
| ... | @@ -291,21 +291,6 @@ pop3d_mainloop (int fd, FILE *infile, FILE *outfile) | ... | @@ -291,21 +291,6 @@ pop3d_mainloop (int fd, FILE *infile, FILE *outfile) |
| 291 | { | 291 | { |
| 292 | int status = OK; | 292 | int status = OK; |
| 293 | char buffer[512]; | 293 | char buffer[512]; |
| 294 | struct sockaddr_in cs; | ||
| 295 | |||
| 296 | if (pop3d_get_client_address (fd, &cs) == 0) | ||
| 297 | { | ||
| 298 | if (!mu_tcpwrapper_access (fd)) | ||
| 299 | { | ||
| 300 | mu_error (_("Access from %s blocked."), inet_ntoa (cs.sin_addr)); | ||
| 301 | return 1; | ||
| 302 | } | ||
| 303 | } | ||
| 304 | else if (!debug_mode && mu_tcp_wrapper_enable) | ||
| 305 | { | ||
| 306 | mu_error (_("Rejecting connection from unknown address")); | ||
| 307 | return 1; | ||
| 308 | } | ||
| 309 | 294 | ||
| 310 | /* Reset hup to exit. */ | 295 | /* Reset hup to exit. */ |
| 311 | signal (SIGHUP, pop3d_signal); | 296 | signal (SIGHUP, pop3d_signal); |
| ... | @@ -494,6 +479,7 @@ main (int argc, char **argv) | ... | @@ -494,6 +479,7 @@ main (int argc, char **argv) |
| 494 | 479 | ||
| 495 | mu_m_server_create (&server, "GNU pop3d"); | 480 | mu_m_server_create (&server, "GNU pop3d"); |
| 496 | mu_m_server_set_conn (server, pop3d_connection); | 481 | mu_m_server_set_conn (server, pop3d_connection); |
| 482 | mu_m_server_set_prefork (server, mu_tcp_wrapper_prefork); | ||
| 497 | mu_m_server_set_mode (server, MODE_INTERACTIVE); | 483 | mu_m_server_set_mode (server, MODE_INTERACTIVE); |
| 498 | mu_m_server_set_max_children (server, 20); | 484 | mu_m_server_set_max_children (server, 20); |
| 499 | /* FIXME mu_m_server_set_pidfile (); */ | 485 | /* FIXME mu_m_server_set_pidfile (); */ | ... | ... |
-
Please register or sign in to post a comment