Hi all,

Because I need it, I add the unix socket support to Mail Auth Module.
Now if nginx mail auth module receives Auth-Server containing a sock
path e.g :

HTTP/1.0 200 OK
Auth-Status: OK
Auth-Server: /tmp/cyrus.sock
Auth-Port: [SomethingOrNot]
Auth-User: user@domain.tld
Auth-Pass: password

Nginx will be able to connect to the socket (e.g /tmp/cyrus.sock)

I'm writting the tests set for prove.

Patch in this mail (nginx-0.8.35)

For people who wonder why :
Unix sockets allow me to restrict rights and permissions on cyrus.
By chrooting a lot of services, bad local users could contact cyrus from
localhost with tcp connections.
With unix sockets, the problem is now solved.

Best regards,
Simon LECAILLE.

--
(Logo EmisFr)
*Simon LECAILLE*
EmisFR
/Infogérance totale ou partagée, sur site ou distante, Développements
sur mesure web 2.0/
10 rue Mazagran, 54000 NANCY, France
http://www.emisfr.com
Tel/Fax.: +33.3 83 32 25 75
--- ./src/mail/ngx_mail_auth_http_module.c 2009-12-25 16:43:40.000000000 +0100
+++ ./src/mail/ngx_mail_auth_http_module.c 2010-04-06 14:55:05.000000000 +0200
@@ -458,7 +458,6 @@
size_t len, size;
ngx_int_t rc, port, n;
ngx_addr_t *peer;
- struct sockaddr_in *sin;

ngx_log_debug0(NGX_LOG_DEBUG_MAIL, s->connection->log, 0,
"mail auth http process headers");
@@ -744,7 +743,7 @@
return;
}

- if (ctx->addr.len == 0 || ctx->port.len == 0) {
+ if ((ctx->addr.len == 0 && ctx->port.len == 0) || (ctx->port.len == 0 && ngx_strncmp(ctx->addr.data,"/",1)!=0)) {
ngx_log_error(NGX_LOG_ERR, s->connection->log, 0,
"auth http server %V did not send server or port",
ctx->peer.name);
@@ -770,9 +769,38 @@
ngx_mail_session_internal_server_error(s);
return;
}
+ /* AF_UNIX or AF_INET*/
+ if(ngx_strncmp(ctx->addr.data,"/",1)==0){
+
+ /* AF_UNIX */
+ port = 0;
+ struct sockaddr_un *sun;
+ sun = ngx_pcalloc(s->connection->pool, sizeof(struct sockaddr_un));
+ if (sun == NULL) {
+ ngx_destroy_pool(ctx->pool);
+ ngx_mail_session_internal_server_error(s);
+ return;
+ }

- /* AF_INET only */
+ sun->sun_family = AF_UNIX;
+ ngx_memcpy(sun->sun_path, ctx->addr.data, ctx->addr.len);
+ peer->sockaddr = (struct sockaddr *) sun;
+ peer->socklen = sizeof(struct sockaddr_un);
+ len = ctx->addr.len;
+ peer->name.len = len;
+ peer->name.data = ngx_pnalloc(s->connection->pool, len);
+ if (peer->name.data == NULL) {
+ ngx_destroy_pool(ctx->pool);
+ ngx_mail_session_internal_server_error(s);
+ return;
+ }

+ len = ctx->addr.len;
+ ngx_memcpy(peer->name.data, ctx->addr.data, len);
+ }
+ else{
+ /* AF_INET */
+ struct sockaddr_in *sin;
sin = ngx_pcalloc(s->connection->pool, sizeof(struct sockaddr_in));
if (sin == NULL) {
ngx_destroy_pool(ctx->pool);
@@ -823,10 +850,9 @@
len = ctx->addr.len;

ngx_memcpy(peer->name.data, ctx->addr.data, len);
-
peer->name.data[len++] = ':';
-
ngx_memcpy(peer->name.data + len, ctx->port.data, ctx->port.len);
+ }

ngx_destroy_pool(ctx->pool);
ngx_mail_proxy_init(s, peer);
_______________________________________________
nginx-devel mailing list
nginx-devel@nginx.org
http://nginx.org/mailman/listinfo/nginx-devel