[prev in list] [next in list] [prev in thread] [next in thread]
List: squirrelmail-cvs
Subject: [SM-CVS] SF.net SVN: squirrelmail:[14573] trunk/imap_proxy
From: pdontthink () users ! sourceforge ! net
Date: 2016-09-14 2:55:23
Message-ID: E1bk0MA-0001LQ-Ik () sfs-ml-2 ! v29 ! ch3 ! sourceforge ! com
[Download RAW message or body]
Revision: 14573
http://sourceforge.net/p/squirrelmail/code/14573
Author: pdontthink
Date: 2016-09-14 02:55:23 +0000 (Wed, 14 Sep 2016)
Log Message:
-----------
Add support for DNS RR and ability to restrict DNS lookups to IPv4 or IPv6 only \
(thanks to Wolfgang Breyha)
Modified Paths:
--------------
trunk/imap_proxy/ChangeLog
trunk/imap_proxy/include/imapproxy.h
trunk/imap_proxy/scripts/imapproxy.conf
trunk/imap_proxy/src/config.c
trunk/imap_proxy/src/imapcommon.c
trunk/imap_proxy/src/main.c
Modified: trunk/imap_proxy/ChangeLog
===================================================================
--- trunk/imap_proxy/ChangeLog 2016-09-14 02:23:57 UTC (rev 14572)
+++ trunk/imap_proxy/ChangeLog 2016-09-14 02:55:23 UTC (rev 14573)
@@ -1,12 +1,16 @@
2016-09-12 Paul Lesniewski <paul@squirrelmail.org>
* Added support for systemd startup
* Added support for accepting pre-auth ID commands (RFC 2971)
- * Retain compatibility with older OpenSSL versions (thanks to
- Wolfgang Breyha)
+ * Added support for DNS RR to cycle through multiple IMAP
+ server backends (thanks to Wolfgang Breyha)
+ * Added ability to restrict DNS lookups to IPv4 or IPv6
+ only (thanks to Wolfgang Breyha)
* Make EGD support conditional, provide compatibility with
LibreSSL, other small fixes provided by the BSD team
* Fixed anomalous crashes recycling used connections (thanks
to Emmanuel Dreyfus)
+ * Retain compatibility with older OpenSSL versions (thanks to
+ Wolfgang Breyha)
* Make use of the no_new_privs flag (Linux only) when becoming
non-root (thanks to Shawn Landden)
Modified: trunk/imap_proxy/include/imapproxy.h
===================================================================
--- trunk/imap_proxy/include/imapproxy.h 2016-09-14 02:23:57 UTC (rev 14572)
+++ trunk/imap_proxy/include/imapproxy.h 2016-09-14 02:55:23 UTC (rev 14573)
@@ -314,6 +314,8 @@
char *auth_sasl_plain_username; /* authentication username under SASL \
PLAIN */
char *auth_sasl_plain_password; /* authentication password under SASL \
PLAIN */
char *auth_shared_secret; /* REQUIRED shared secret in leiu of a \
user password when using LOGIN command with SASL PLAIN authentication */ + \
unsigned int ipversion; /* limit DNS requests to AF_INET or \
AF_INET6 */ + unsigned int dnsrr; /* cycle through all DNS \
entries we got */ };
Modified: trunk/imap_proxy/scripts/imapproxy.conf
===================================================================
--- trunk/imap_proxy/scripts/imapproxy.conf 2016-09-14 02:23:57 UTC (rev 14572)
+++ trunk/imap_proxy/scripts/imapproxy.conf 2016-09-14 02:55:23 UTC (rev 14573)
@@ -249,3 +249,23 @@
#auth_shared_secret
+#
+## Use DNS RR
+#
+## Use DNS round robin to cycle through all returned RRs we
+## got when looking up the IMAP server with getaddrinfo().
+## Default is no.
+##
+#
+#dns_rr yes
+
+
+#
+## Limit DNS requests to AF_INET or AF_INET6
+##
+## Set ipversion_only to 4 or 6 accordingly.
+## Default if unset is AF_UNSPEC for both A and AAAA.
+#
+#ipversion_only 6
+
+
Modified: trunk/imap_proxy/src/config.c
===================================================================
--- trunk/imap_proxy/src/config.c 2016-09-14 02:23:57 UTC (rev 14572)
+++ trunk/imap_proxy/src/config.c 2016-09-14 02:55:23 UTC (rev 14573)
@@ -328,6 +328,8 @@
{
PC_Struct->server_connect_retries = DEFAULT_SERVER_CONNECT_RETRIES;
PC_Struct->server_connect_delay = DEFAULT_SERVER_CONNECT_DELAY;
+ PC_Struct->ipversion = 0;
+ PC_Struct->dnsrr = 0;
return;
}
@@ -468,6 +470,12 @@
ADD_TO_TABLE( "enable_admin_commands", SetBooleanValue,
&PC_Struct.enable_admin_commands, index );
+ ADD_TO_TABLE( "ipversion_only", SetNumericValue,
+ &PC_Struct.ipversion, index );
+
+ ADD_TO_TABLE( "dns_rr", SetBooleanValue,
+ &PC_Struct.dnsrr, index );
+
ConfigTable[index].Keyword[0] = '\0';
FP = fopen( ConfigFile, "r" );
Modified: trunk/imap_proxy/src/imapcommon.c
===================================================================
--- trunk/imap_proxy/src/imapcommon.c 2016-09-14 02:23:57 UTC (rev 14572)
+++ trunk/imap_proxy/src/imapcommon.c 2016-09-14 02:55:23 UTC (rev 14573)
@@ -159,6 +159,7 @@
extern ISD_Struct ISD;
extern pthread_mutex_t mp;
extern pthread_mutex_t trace;
+extern pthread_mutex_t aimtx;
extern IMAPCounter_Struct *IMAPCount;
extern ProxyConfig_Struct PC_Struct;
@@ -551,6 +552,7 @@
ITD_Struct Server;
int rc;
unsigned int Expiration;
+ struct addrinfo *useai;
EVP_MD_CTX mdctx;
int md_len;
@@ -704,8 +706,23 @@
/* As a new connection, the ICD is not 'reused' */
Server.conn->reused = 0;
- Server.conn->sd = socket( ISD.srv->ai_family, ISD.srv->ai_socktype,
- ISD.srv->ai_protocol );
+ if (PC_Struct.dnsrr)
+ {
+ LockMutex( &aimtx );
+ /* cycle through returned hosts */
+ if ( ISD.srv->ai_next )
+ ISD.srv = ISD.srv->ai_next;
+ else
+ ISD.srv = ISD.airesults;
+
+ useai = ISD.srv;
+ UnLockMutex( &aimtx );
+ }
+ else
+ useai = ISD.srv;
+
+ Server.conn->sd = socket( useai->ai_family, useai->ai_socktype,
+ useai->ai_protocol );
if ( Server.conn->sd == -1 )
{
syslog( LOG_INFO,
@@ -720,8 +737,8 @@
setsockopt( Server.conn->sd, SOL_SOCKET, SO_KEEPALIVE, &onoff, sizeof onoff );
}
- if ( connect( Server.conn->sd, (struct sockaddr *)ISD.srv->ai_addr,
- ISD.srv->ai_addrlen ) == -1 )
+ if ( connect( Server.conn->sd, (struct sockaddr *)useai->ai_addr,
+ useai->ai_addrlen ) == -1 )
{
syslog( LOG_INFO,
"LOGIN: '%s' (%s:%s) failed: Unable to connect to IMAP server: %s",
Modified: trunk/imap_proxy/src/main.c
===================================================================
--- trunk/imap_proxy/src/main.c 2016-09-14 02:23:57 UTC (rev 14572)
+++ trunk/imap_proxy/src/main.c 2016-09-14 02:55:23 UTC (rev 14573)
@@ -246,6 +246,7 @@
IMAPCounter_Struct *IMAPCount; /* global IMAP counter struct */
pthread_mutex_t mp; /* "main" mutex used for ICC sync */
pthread_mutex_t trace; /* mutex used for username tracing */
+pthread_mutex_t aimtx; /* mutex used for DNS RR */
char TraceUser[MAXUSERNAMELEN]; /* username we want to trace */
int Tracefd; /* fd of our trace file (always open) */
ProxyConfig_Struct PC_Struct; /* Global configuration data */
@@ -411,6 +412,13 @@
exit( 1 );
}
+ rc = pthread_mutex_init(&aimtx, NULL);
+ if ( rc )
+ {
+ syslog(LOG_ERR, "%s: pthread_mutex_init() returned error [%d] initializing aimtx \
mutex. Exiting.", fn, rc ); + exit( 1 );
+ }
+
TraceUser[0] = '\0';
syslog( LOG_INFO, "%s: Allocating %d IMAP connection structures.",
@@ -692,8 +700,8 @@
/* launch a recycle thread before we loop */
pthread_create( &RecycleThread, &attr, (void *)ICC_Recycle_Loop, NULL );
- syslog(LOG_INFO, "%s: Launched ICC recycle thread with id %d",
- fn, (int)RecycleThread );
+ syslog(LOG_INFO, "%s: Launched ICC recycle thread with id %lu",
+ fn, (unsigned long int)RecycleThread );
/*
* Now start listening and accepting connections.
@@ -863,7 +871,16 @@
PC_Struct.server_hostname );
memset( &aihints, 0, sizeof aihints );
- aihints.ai_family = AF_UNSPEC;
+ switch ( PC_Struct.ipversion )
+ {
+ case 4: aihints.ai_family = AF_INET;
+ syslog( LOG_INFO, "%s: limiting to IPv4 only", fn);
+ break;
+ case 6: aihints.ai_family = AF_INET6;
+ syslog( LOG_INFO, "%s: limiting to IPv6 only", fn);
+ break;
+ default: aihints.ai_family = AF_UNSPEC;
+ }
aihints.ai_socktype = SOCK_STREAM;
for( ;; )
@@ -894,6 +911,14 @@
if (strcmp(PC_Struct.server_port, "993") == 0)
syslog(LOG_ERR, "WARNING: IMAP Proxy uses STARTTLS to encrypt a \"normal\" \
IMAP connection and does not support direct TLS/SSL connections that are typically \
served on port 993 (but there is a way around this if the server is only available on \
that port - see README.ssl). Chances are you have misconfigured the server_port \
setting, and that it should be something more like port 143. If the server at '%s' \
supports STARTTLS from an unencrypted connection on port 993, then you can ignore \
this (but, again, chances are that this is NOT the case).", \
PC_Struct.server_hostname);
+ /*
+ * check for DNS RR
+ */
+ if ( ai->ai_next && PC_Struct.dnsrr ) /* at least a second RR was returned */
+ syslog(LOG_INFO, "%s: Using DNS RR", fn);
+ else
+ PC_Struct.dnsrr = 0;
+
/*
* fill in the address family, the host address, and the
* service port of our global socket address structure
This was sent by the SourceForge.net collaborative development platform, the world's \
largest Open Source development site.
------------------------------------------------------------------------------
-----
squirrelmail-cvs mailing list
List address: squirrelmail-cvs@lists.sourceforge.net
List info (subscribe/unsubscribe/change options): \
https://lists.sourceforge.net/lists/listinfo/squirrelmail-cvs
Repository: http://squirrelmail.org/svn
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic