Browse Source

dovecot: update upstream fixes for version 2.2.2

Note:

The patch now includes all fixes and improvements for dovecot 2.2.2 from the
dovecot 2.2 branch up to http://hg.dovecot.org/dovecot-2.2/rev/af9947e1e5f7.
user/chris/wip/linux37
Christian Wiese 12 years ago committed by Christian Wiese
parent
commit
376885db3c
  1. 770
      mail/dovecot/dovecot-2.2.2-0000-upstream-fixes.patch

770
mail/dovecot/dovecot-2.2.2-0000-upstream-fixes.patch

@ -371,3 +371,773 @@ index 955e2e6..c61af85 100644
-- --
1.7.10.2 1.7.10.2
From adc71ee1cfc1eaa18b88c15c3eac475bac740076 Mon Sep 17 00:00:00 2001
From: Stephan Bosch <stephan@rename-it.nl>
Date: Tue, 21 May 2013 22:55:12 +0300
Subject: [PATCH] lib-imap-urlauth: Fixed local URLAUTH fetches that didn't
immediately finish handling content. Local requests are now
also properly counted.
diff --git a/src/lib-imap-urlauth/imap-urlauth-fetch.c b/src/lib-imap-urlauth/imap-urlauth-fetch.c
index 9801822..eb438a7 100644
--- a/src/lib-imap-urlauth/imap-urlauth-fetch.c
+++ b/src/lib-imap-urlauth/imap-urlauth-fetch.c
@@ -55,8 +55,10 @@ static void imap_urlauth_fetch_abort_local(struct imap_urlauth_fetch *ufetch)
{
struct imap_urlauth_fetch_url *url, *url_next;
- if (ufetch->local_url != NULL)
+ if (ufetch->local_url != NULL) {
+ ufetch->pending_requests--;
imap_msgpart_url_free(&ufetch->local_url);
+ }
i_free_and_null(ufetch->pending_reply.url);
i_free_and_null(ufetch->pending_reply.bodypartstruct);
@@ -153,7 +155,6 @@ imap_urlauth_fetch_local(struct imap_urlauth_fetch *ufetch, const char *url,
struct imap_msgpart_url *mpurl = NULL;
int ret;
- ufetch->pending_requests--;
success = TRUE;
if (debug)
@@ -226,6 +227,7 @@ imap_urlauth_fetch_local(struct imap_urlauth_fetch *ufetch, const char *url,
}
if (!success && ret < 0) {
+ ufetch->pending_requests--;
(void)ufetch->callback(NULL, TRUE, ufetch->context);
imap_urlauth_fetch_fail(ufetch);
return;
@@ -242,12 +244,14 @@ imap_urlauth_fetch_local(struct imap_urlauth_fetch *ufetch, const char *url,
reply.size = mpresult.size;
reply.input = mpresult.input;
- ret = ufetch->callback(&reply, ufetch->pending_requests == 0,
+ ret = ufetch->callback(&reply, ufetch->pending_requests == 1,
ufetch->context);
if (ret == 0) {
ufetch->local_url = mpurl;
ufetch->waiting = TRUE;
} else {
+ ufetch->pending_requests--;
+
if (mpurl != NULL)
imap_msgpart_url_free(&mpurl);
if (ret < 0)
@@ -302,26 +306,30 @@ imap_urlauth_fetch_request_callback(struct imap_urlauth_fetch_reply *reply,
int imap_urlauth_fetch_url(struct imap_urlauth_fetch *ufetch, const char *url,
enum imap_urlauth_fetch_flags url_flags)
{
+ struct imap_urlauth_context *uctx = ufetch->uctx;
enum imap_url_parse_flags url_parse_flags =
IMAP_URL_PARSE_ALLOW_URLAUTH;
- struct imap_urlauth_context *uctx = ufetch->uctx;
struct mail_user *mail_user = uctx->user;
- struct imap_url *imap_url = NULL;
+ struct imap_url *imap_url;
const char *error, *errormsg;
- ufetch->failed = FALSE;
- ufetch->pending_requests++;
-
/* parse the url */
if (imap_url_parse(url, NULL, url_parse_flags, &imap_url, &error) < 0) {
errormsg = t_strdup_printf(
"Failed to fetch URLAUTH \"%s\": %s", url, error);
if (mail_user->mail_debug)
i_debug("%s", errormsg);
+ ufetch->pending_requests++;
imap_urlauth_fetch_error(ufetch, url, url_flags, errormsg);
-
+ return 1;
+ }
+
+ ufetch->failed = FALSE;
+ ufetch->pending_requests++;
+
/* if access user and target user match, handle fetch request locally */
- } else if (strcmp(mail_user->username, imap_url->userid) == 0) {
+ if (imap_url->userid != NULL &&
+ strcmp(mail_user->username, imap_url->userid) == 0) {
if (ufetch->waiting) {
struct imap_urlauth_fetch_url *url_local;
@@ -352,15 +360,11 @@ int imap_urlauth_fetch_url(struct imap_urlauth_fetch *ufetch, const char *url,
(void)imap_urlauth_request_new(uctx->conn, imap_url->userid,
url, url_flags,
imap_urlauth_fetch_request_callback, ufetch);
- }
-
- if (ufetch->pending_requests > 0) {
i_assert(uctx->conn != NULL);
if (imap_urlauth_connection_connect(uctx->conn) < 0)
return -1;
- return 0;
}
- return 1;
+ return (ufetch->pending_requests > 0 ? 0 : 1);
}
bool imap_urlauth_fetch_continue(struct imap_urlauth_fetch *ufetch)
@@ -377,8 +381,10 @@ bool imap_urlauth_fetch_continue(struct imap_urlauth_fetch *ufetch)
return ufetch->pending_requests > 0;
}
- if (ufetch->local_url != NULL)
+ if (ufetch->local_url != NULL) {
+ ufetch->pending_requests--;
imap_msgpart_url_free(&ufetch->local_url);
+ }
ufetch->waiting = FALSE;
/* handle pending remote reply */
diff --git a/src/lib-imap-urlauth/imap-urlauth-fetch.h b/src/lib-imap-urlauth/imap-urlauth-fetch.h
index 27a96f2..3c5275c 100644
--- a/src/lib-imap-urlauth/imap-urlauth-fetch.h
+++ b/src/lib-imap-urlauth/imap-urlauth-fetch.h
@@ -31,7 +31,7 @@ struct imap_urlauth_fetch_reply {
/* Callback to handle fetch reply. Returns 1 if handled completely and ready
for next reply, 0 if not all data was processed, and -1 for error. If a
- callback returns 0, imap_urlauth_connection_continue() must be called once
+ callback returns 0, imap_urlauth_fetch_continue() must be called once
new replies may be processed. If this is the last request to yield a reply,
argument last is TRUE. The callback must not call
imap_urlauth_fetch_deinit(). */
@@ -45,7 +45,7 @@ imap_urlauth_fetch_init(struct imap_urlauth_context *uctx,
void imap_urlauth_fetch_deinit(struct imap_urlauth_fetch **_ufetch);
int imap_urlauth_fetch_url(struct imap_urlauth_fetch *ufetch, const char *url,
- enum imap_urlauth_fetch_flags flags);
+ enum imap_urlauth_fetch_flags url_flags);
bool imap_urlauth_fetch_continue(struct imap_urlauth_fetch *ufetch);
#endif
--
1.7.10.2
From b65589285715ab3ecbde9053948e96d6d0b0daa5 Mon Sep 17 00:00:00 2001
From: Stephan Bosch <stephan@rename-it.nl>
Date: Tue, 21 May 2013 22:55:17 +0300
Subject: [PATCH] lib-imap-urlauth: Fixed resuming in URLAUTH fetch handler.
Fixed URLAUTH fetch handler to properly resume the URLAUTH
connection, even when it is deinitialized.
diff --git a/src/lib-imap-urlauth/imap-urlauth-fetch.c b/src/lib-imap-urlauth/imap-urlauth-fetch.c
index eb438a7..18cd342 100644
--- a/src/lib-imap-urlauth/imap-urlauth-fetch.c
+++ b/src/lib-imap-urlauth/imap-urlauth-fetch.c
@@ -48,7 +48,8 @@ struct imap_urlauth_fetch {
} pending_reply;
unsigned int failed:1;
- unsigned int waiting:1;
+ unsigned int waiting_local:1;
+ unsigned int waiting_service:1;
};
static void imap_urlauth_fetch_abort_local(struct imap_urlauth_fetch *ufetch)
@@ -112,6 +113,10 @@ void imap_urlauth_fetch_deinit(struct imap_urlauth_fetch **_ufetch)
*_ufetch = NULL;
imap_urlauth_fetch_abort(ufetch);
+
+ /* dont leave the connection in limbo; make sure resume is called */
+ if (ufetch->waiting_service)
+ imap_urlauth_connection_continue(ufetch->uctx->conn);
i_free(ufetch);
}
@@ -137,7 +142,7 @@ imap_urlauth_fetch_error(struct imap_urlauth_fetch *ufetch, const char *url,
} T_END;
if (ret == 0)
- ufetch->waiting = TRUE;
+ ufetch->waiting_local = TRUE;
else if (ret < 0)
imap_urlauth_fetch_fail(ufetch);
}
@@ -248,7 +253,7 @@ imap_urlauth_fetch_local(struct imap_urlauth_fetch *ufetch, const char *url,
ufetch->context);
if (ret == 0) {
ufetch->local_url = mpurl;
- ufetch->waiting = TRUE;
+ ufetch->waiting_local = TRUE;
} else {
ufetch->pending_requests--;
@@ -267,7 +272,7 @@ imap_urlauth_fetch_request_callback(struct imap_urlauth_fetch_reply *reply,
(struct imap_urlauth_fetch *)context;
int ret = 1;
- if (ufetch->waiting && reply != NULL) {
+ if (ufetch->waiting_local && reply != NULL) {
i_assert(ufetch->pending_reply.url == NULL);
ufetch->pending_reply.url = i_strdup(reply->url);
ufetch->pending_reply.flags = reply->flags;
@@ -284,7 +289,7 @@ imap_urlauth_fetch_request_callback(struct imap_urlauth_fetch_reply *reply,
return 0;
}
- ufetch->waiting = FALSE;
+ ufetch->waiting_local = FALSE;
ufetch->pending_requests--;
if (!ufetch->failed) {
@@ -297,6 +302,8 @@ imap_urlauth_fetch_request_callback(struct imap_urlauth_fetch_reply *reply,
if (!ufetch->failed)
imap_urlauth_fetch_abort_local(ufetch);
ufetch->failed = TRUE;
+ } else if (ret == 0) {
+ ufetch->waiting_service = TRUE;
}
if (ret != 0)
imap_urlauth_fetch_deinit(&ufetch);
@@ -331,7 +338,7 @@ int imap_urlauth_fetch_url(struct imap_urlauth_fetch *ufetch, const char *url,
if (imap_url->userid != NULL &&
strcmp(mail_user->username, imap_url->userid) == 0) {
- if (ufetch->waiting) {
+ if (ufetch->waiting_local) {
struct imap_urlauth_fetch_url *url_local;
url_local = i_new(struct imap_urlauth_fetch_url, 1);
@@ -375,17 +382,22 @@ bool imap_urlauth_fetch_continue(struct imap_urlauth_fetch *ufetch)
if (ufetch->failed)
return FALSE;
- if (!ufetch->waiting) {
+ if (!ufetch->waiting_local && !ufetch->waiting_service)
+ return ufetch->pending_requests > 0;
+
+ if (!ufetch->waiting_local) {
/* not waiting for local request handling */
+ ufetch->waiting_service = FALSE;
imap_urlauth_connection_continue(ufetch->uctx->conn);
return ufetch->pending_requests > 0;
}
+ /* finished local request */
if (ufetch->local_url != NULL) {
ufetch->pending_requests--;
imap_msgpart_url_free(&ufetch->local_url);
}
- ufetch->waiting = FALSE;
+ ufetch->waiting_local = FALSE;
/* handle pending remote reply */
if (ufetch->pending_reply.url != NULL) {
@@ -419,11 +431,9 @@ bool imap_urlauth_fetch_continue(struct imap_urlauth_fetch *ufetch)
imap_urlauth_fetch_fail(ufetch);
return FALSE;
}
-
- imap_urlauth_connection_continue(ufetch->uctx->conn);
if (ret == 0) {
- ufetch->waiting = TRUE;
+ ufetch->waiting_service = TRUE;
return TRUE;
}
}
@@ -440,7 +450,7 @@ bool imap_urlauth_fetch_continue(struct imap_urlauth_fetch *ufetch)
&ufetch->local_urls_tail, url);
i_free(url->url);
i_free(url);
- if (ufetch->waiting)
+ if (ufetch->waiting_local)
return TRUE;
url = url_next;
}
--
1.7.10.2
From 421ec8d0a4072b5f0d2aa63c5aef354a7a1dd659 Mon Sep 17 00:00:00 2001
From: Stephan Bosch <stephan@rename-it.nl>
Date: Tue, 21 May 2013 22:55:23 +0300
Subject: [PATCH] lib-imap-urlauth: Fixed deinitialization of the URLAUTH
fetch handler. Added reference counting to make sure
callbacks will not deinitialize the handler prematurely.
diff --git a/src/imap/cmd-urlfetch.c b/src/imap/cmd-urlfetch.c
index 2826cb0..c3fac61 100644
--- a/src/imap/cmd-urlfetch.c
+++ b/src/imap/cmd-urlfetch.c
@@ -284,7 +284,6 @@ cmd_urlfetch_url_callback(struct imap_urlauth_fetch_reply *reply,
if ((last && cmd->state == CLIENT_COMMAND_STATE_WAIT_EXTERNAL) ||
ret < 0) {
- ctx->ufetch = NULL;
cmd_urlfetch_finish(cmd);
client_command_free(&cmd);
}
diff --git a/src/lib-imap-urlauth/imap-urlauth-fetch.c b/src/lib-imap-urlauth/imap-urlauth-fetch.c
index 18cd342..0ba4dfa 100644
--- a/src/lib-imap-urlauth/imap-urlauth-fetch.c
+++ b/src/lib-imap-urlauth/imap-urlauth-fetch.c
@@ -22,6 +22,7 @@ struct imap_urlauth_fetch_url {
};
struct imap_urlauth_fetch {
+ unsigned int refcount;
struct imap_urlauth_context *uctx;
imap_urlauth_fetch_callback_t *callback;
@@ -100,17 +101,28 @@ imap_urlauth_fetch_init(struct imap_urlauth_context *uctx,
struct imap_urlauth_fetch *ufetch;
ufetch = i_new(struct imap_urlauth_fetch, 1);
+ ufetch->refcount = 1;
ufetch->uctx = uctx;
ufetch->callback = callback;
ufetch->context = context;
return ufetch;
}
-void imap_urlauth_fetch_deinit(struct imap_urlauth_fetch **_ufetch)
+static void imap_urlauth_fetch_ref(struct imap_urlauth_fetch *ufetch)
+{
+ i_assert(ufetch->refcount > 0);
+ ufetch->refcount++;
+}
+
+static void imap_urlauth_fetch_unref(struct imap_urlauth_fetch **_ufetch)
{
struct imap_urlauth_fetch *ufetch = *_ufetch;
+ i_assert(ufetch->refcount > 0);
+
*_ufetch = NULL;
+ if (--ufetch->refcount > 0)
+ return;
imap_urlauth_fetch_abort(ufetch);
@@ -120,6 +132,11 @@ void imap_urlauth_fetch_deinit(struct imap_urlauth_fetch **_ufetch)
i_free(ufetch);
}
+void imap_urlauth_fetch_deinit(struct imap_urlauth_fetch **_ufetch)
+{
+ imap_urlauth_fetch_unref(_ufetch);
+}
+
static void
imap_urlauth_fetch_error(struct imap_urlauth_fetch *ufetch, const char *url,
enum imap_urlauth_fetch_flags url_flags,
@@ -232,6 +249,8 @@ imap_urlauth_fetch_local(struct imap_urlauth_fetch *ufetch, const char *url,
}
if (!success && ret < 0) {
+ if (mpurl != NULL)
+ imap_msgpart_url_free(&mpurl);
ufetch->pending_requests--;
(void)ufetch->callback(NULL, TRUE, ufetch->context);
imap_urlauth_fetch_fail(ufetch);
@@ -292,6 +311,8 @@ imap_urlauth_fetch_request_callback(struct imap_urlauth_fetch_reply *reply,
ufetch->waiting_local = FALSE;
ufetch->pending_requests--;
+ imap_urlauth_fetch_ref(ufetch);
+
if (!ufetch->failed) {
bool last = ufetch->pending_requests == 0 || reply == NULL;
ret = ufetch->callback(reply, last, ufetch->context);
@@ -305,8 +326,8 @@ imap_urlauth_fetch_request_callback(struct imap_urlauth_fetch_reply *reply,
} else if (ret == 0) {
ufetch->waiting_service = TRUE;
}
- if (ret != 0)
- imap_urlauth_fetch_deinit(&ufetch);
+
+ imap_urlauth_fetch_unref(&ufetch);
return ret;
}
@@ -319,6 +340,7 @@ int imap_urlauth_fetch_url(struct imap_urlauth_fetch *ufetch, const char *url,
struct mail_user *mail_user = uctx->user;
struct imap_url *imap_url;
const char *error, *errormsg;
+ int ret = 0;
/* parse the url */
if (imap_url_parse(url, NULL, url_parse_flags, &imap_url, &error) < 0) {
@@ -327,13 +349,17 @@ int imap_urlauth_fetch_url(struct imap_urlauth_fetch *ufetch, const char *url,
if (mail_user->mail_debug)
i_debug("%s", errormsg);
ufetch->pending_requests++;
+ imap_urlauth_fetch_ref(ufetch);
imap_urlauth_fetch_error(ufetch, url, url_flags, errormsg);
+ imap_urlauth_fetch_unref(&ufetch);
return 1;
}
ufetch->failed = FALSE;
ufetch->pending_requests++;
+ imap_urlauth_fetch_ref(ufetch);
+
/* if access user and target user match, handle fetch request locally */
if (imap_url->userid != NULL &&
strcmp(mail_user->username, imap_url->userid) == 0) {
@@ -364,17 +390,22 @@ int imap_urlauth_fetch_url(struct imap_urlauth_fetch *ufetch, const char *url,
/* create request for url */
if (imap_url != NULL && imap_url->userid != NULL) {
+ i_assert(uctx->conn != NULL);
(void)imap_urlauth_request_new(uctx->conn, imap_url->userid,
url, url_flags,
imap_urlauth_fetch_request_callback, ufetch);
i_assert(uctx->conn != NULL);
if (imap_urlauth_connection_connect(uctx->conn) < 0)
- return -1;
+ ret = -1;
}
- return (ufetch->pending_requests > 0 ? 0 : 1);
+ if (ret >= 0)
+ ret = (ufetch->pending_requests > 0 ? 0 : 1);
+
+ imap_urlauth_fetch_unref(&ufetch);
+ return ret;
}
-bool imap_urlauth_fetch_continue(struct imap_urlauth_fetch *ufetch)
+static bool imap_urlauth_fetch_do_continue(struct imap_urlauth_fetch *ufetch)
{
struct imap_urlauth_fetch_url *url, *url_next;
int ret;
@@ -390,7 +421,7 @@ bool imap_urlauth_fetch_continue(struct imap_urlauth_fetch *ufetch)
ufetch->waiting_service = FALSE;
imap_urlauth_connection_continue(ufetch->uctx->conn);
return ufetch->pending_requests > 0;
- }
+ }
/* finished local request */
if (ufetch->local_url != NULL) {
@@ -457,3 +488,15 @@ bool imap_urlauth_fetch_continue(struct imap_urlauth_fetch *ufetch)
return ufetch->pending_requests > 0;
}
+
+bool imap_urlauth_fetch_continue(struct imap_urlauth_fetch *ufetch)
+{
+ bool pending;
+
+ imap_urlauth_fetch_ref(ufetch);
+ pending = imap_urlauth_fetch_do_continue(ufetch);
+ imap_urlauth_fetch_unref(&ufetch);
+
+ return pending;
+}
+
diff --git a/src/lib-imap-urlauth/imap-urlauth-fetch.h b/src/lib-imap-urlauth/imap-urlauth-fetch.h
index 3c5275c..55398af 100644
--- a/src/lib-imap-urlauth/imap-urlauth-fetch.h
+++ b/src/lib-imap-urlauth/imap-urlauth-fetch.h
@@ -33,8 +33,7 @@ struct imap_urlauth_fetch_reply {
for next reply, 0 if not all data was processed, and -1 for error. If a
callback returns 0, imap_urlauth_fetch_continue() must be called once
new replies may be processed. If this is the last request to yield a reply,
- argument last is TRUE. The callback must not call
- imap_urlauth_fetch_deinit(). */
+ argument last is TRUE. */
typedef int
imap_urlauth_fetch_callback_t(struct imap_urlauth_fetch_reply *reply,
bool last, void *context);
@@ -42,7 +41,7 @@ imap_urlauth_fetch_callback_t(struct imap_urlauth_fetch_reply *reply,
struct imap_urlauth_fetch *
imap_urlauth_fetch_init(struct imap_urlauth_context *uctx,
imap_urlauth_fetch_callback_t *callback, void *context);
-void imap_urlauth_fetch_deinit(struct imap_urlauth_fetch **_ufetch);
+void imap_urlauth_fetch_deinit(struct imap_urlauth_fetch **ufetch);
int imap_urlauth_fetch_url(struct imap_urlauth_fetch *ufetch, const char *url,
enum imap_urlauth_fetch_flags url_flags);
--
1.7.10.2
From 6547c94d39f42d25dc07f50d52f4e6cd8b57d91c Mon Sep 17 00:00:00 2001
From: Timo Sirainen <tss@iki.fi>
Date: Tue, 21 May 2013 22:57:06 +0300
Subject: [PATCH] *-login: If auth failed with a specified reason, the reason
wasn't actually shown to client.
diff --git a/src/login-common/client-common-auth.c b/src/login-common/client-common-auth.c
index 356d1c4..485a7d3 100644
--- a/src/login-common/client-common-auth.c
+++ b/src/login-common/client-common-auth.c
@@ -538,7 +538,7 @@ sasl_callback(struct client *client, enum sasl_server_reply sasl_reply,
} else {
client_auth_result(client,
CLIENT_AUTH_RESULT_AUTHFAILED_REASON, NULL,
- AUTH_FAILED_MSG);
+ data);
}
if (!client->destroyed)
--
1.7.10.2
From e5c91a786027aef441b2d63ec25835bb3b664be7 Mon Sep 17 00:00:00 2001
From: Timo Sirainen <tss@iki.fi>
Date: Wed, 22 May 2013 14:56:41 +0300
Subject: [PATCH] dsync: Don't notify replicator process about successful
dsync if the dsync failed.
diff --git a/src/doveadm/dsync/doveadm-dsync.c b/src/doveadm/dsync/doveadm-dsync.c
index 1568302..73cfe60 100644
--- a/src/doveadm/dsync/doveadm-dsync.c
+++ b/src/doveadm/dsync/doveadm-dsync.c
@@ -949,7 +949,7 @@ cmd_dsync_server_run(struct doveadm_mail_cmd_context *_ctx,
o_stream_close(_ctx->conn->output);
}
- if (ctx->replicator_notify)
+ if (ctx->replicator_notify && _ctx->exit_code == 0)
dsync_replicator_notify(ctx, sync_type, str_c(state_str));
return _ctx->exit_code == 0 ? 0 : -1;
}
--
1.7.10.2
From 711b2555ff0257b17f155d783ac3053e21b7ecd7 Mon Sep 17 00:00:00 2001
From: Timo Sirainen <tss@iki.fi>
Date: Wed, 22 May 2013 15:16:22 +0300
Subject: [PATCH] dsync: Fixed unsubscribing from mailbox within same session
as the mailbox's deletion.
diff --git a/src/doveadm/dsync/dsync-brain-mailbox-tree.c b/src/doveadm/dsync/dsync-brain-mailbox-tree.c
index 6354038..fb13444 100644
--- a/src/doveadm/dsync/dsync-brain-mailbox-tree.c
+++ b/src/doveadm/dsync/dsync-brain-mailbox-tree.c
@@ -395,8 +395,8 @@ dsync_brain_mailbox_tree_add_delete(struct dsync_mailbox_tree *tree,
name = dsync_mailbox_node_get_full_name(tree, node);
other_node = dsync_mailbox_tree_get(other_tree, name);
- if (!guid_128_is_empty(other_node->mailbox_guid) ||
- (other_node->existence == DSYNC_MAILBOX_NODE_EXISTS &&
+ if (other_node->existence == DSYNC_MAILBOX_NODE_EXISTS &&
+ (!guid_128_is_empty(other_node->mailbox_guid) ||
other_del->type != DSYNC_MAILBOX_DELETE_TYPE_MAILBOX)) {
/* other side has already created a new mailbox or
directory with this name, we can't delete it */
--
1.7.10.2
From 9eeaa264e047900b8f3ce836c95e2256cf35de76 Mon Sep 17 00:00:00 2001
From: Timo Sirainen <tss@iki.fi>
Date: Wed, 22 May 2013 15:44:05 +0300
Subject: [PATCH] lib-storage: Optimize SEARCH_MODSEQ query if it's higher
than HIGHESTMODSEQ.
diff --git a/src/lib-storage/index/index-search.c b/src/lib-storage/index/index-search.c
index 9278b6d..0f10a04 100644
--- a/src/lib-storage/index/index-search.c
+++ b/src/lib-storage/index/index-search.c
@@ -904,12 +904,13 @@ static void search_limit_lowwater(struct index_search_context *ctx,
*first_seq = seq1;
}
-static bool search_limit_by_flags(struct index_search_context *ctx,
- struct mail_search_arg *args,
- uint32_t *seq1, uint32_t *seq2)
+static bool search_limit_by_hdr(struct index_search_context *ctx,
+ struct mail_search_arg *args,
+ uint32_t *seq1, uint32_t *seq2)
{
const struct mail_index_header *hdr;
enum mail_flags pvt_flags_mask;
+ uint64_t highest_modseq;
hdr = mail_index_get_header(ctx->view);
/* we can't trust that private view's header is fully up to date,
@@ -918,12 +919,23 @@ static bool search_limit_by_flags(struct index_search_context *ctx,
mailbox_get_private_flags_mask(ctx->box);
for (; args != NULL; args = args->next) {
- if (args->type != SEARCH_FLAGS) {
- if (args->type == SEARCH_ALL) {
- if (args->match_not)
- return FALSE;
+ switch (args->type) {
+ case SEARCH_ALL:
+ if (args->match_not) {
+ /* NOT ALL - pointless noop query */
+ return FALSE;
}
continue;
+ case SEARCH_MODSEQ:
+ /* MODSEQ higher than current HIGHESTMODSEQ? */
+ highest_modseq = mail_index_modseq_get_highest(ctx->view);
+ if (args->value.modseq->modseq > highest_modseq)
+ return FALSE;
+ continue;
+ default:
+ continue;
+ case SEARCH_FLAGS:
+ break;
}
if ((args->value.flags & MAIL_SEEN) != 0 &&
(pvt_flags_mask & MAIL_SEEN) == 0) {
@@ -995,8 +1007,10 @@ static void search_get_seqset(struct index_search_context *ctx,
return;
}
- /* UNSEEN and DELETED in root search level may limit the range */
- if (!search_limit_by_flags(ctx, args, &ctx->seq1, &ctx->seq2)) {
+ /* See if this search query can never match based on data in index's
+ header. We'll scan only the root level args, which is usually
+ enough. */
+ if (!search_limit_by_hdr(ctx, args, &ctx->seq1, &ctx->seq2)) {
/* no matches */
ctx->seq1 = 1;
ctx->seq2 = 0;
--
1.7.10.2
From fd553002dbc884a1c38fadde0c5aa2a62dc0cbf5 Mon Sep 17 00:00:00 2001
From: Timo Sirainen <tss@iki.fi>
Date: Wed, 22 May 2013 15:57:13 +0300
Subject: [PATCH] *-login: ssl=required should imply
disable_plaintext_auth=yes
diff --git a/src/imap-login/client.c b/src/imap-login/client.c
index 55f38fd..c5d7097 100644
--- a/src/imap-login/client.c
+++ b/src/imap-login/client.c
@@ -12,6 +12,7 @@
#include "imap-id.h"
#include "imap-resp-code.h"
#include "master-service.h"
+#include "master-service-ssl-settings.h"
#include "master-auth.h"
#include "client.h"
#include "client-authenticate.h"
@@ -64,7 +65,8 @@ static const char *get_capability(struct client *client)
if (client_is_tls_enabled(client) && !client->tls)
str_append(cap_str, " STARTTLS");
- if (client->set->disable_plaintext_auth && !client->secured)
+ if (!client->secured & (client->set->disable_plaintext_auth ||
+ strcmp(client->ssl_set->ssl, "required") == 0))
str_append(cap_str, " LOGINDISABLED");
client_authenticate_get_capabilities(client, cap_str);
diff --git a/src/login-common/client-common-auth.c b/src/login-common/client-common-auth.c
index 485a7d3..99c7f34 100644
--- a/src/login-common/client-common-auth.c
+++ b/src/login-common/client-common-auth.c
@@ -615,7 +615,8 @@ int client_auth_begin(struct client *client, const char *mech_name,
bool client_check_plaintext_auth(struct client *client, bool pass_sent)
{
- if (client->secured || !client->set->disable_plaintext_auth)
+ if (client->secured || (!client->set->disable_plaintext_auth &&
+ strcmp(client->ssl_set->ssl, "required") != 0))
return TRUE;
if (client->set->auth_verbose) {
--
1.7.10.2
From 2918910f33939a19322897061ebfb4b0865aa801 Mon Sep 17 00:00:00 2001
From: Timo Sirainen <tss@iki.fi>
Date: Wed, 22 May 2013 15:59:38 +0300
Subject: [PATCH] *-login: If ssl=required, don't list any SASL mechanisms
before STARTTLS.
diff --git a/src/login-common/sasl-server.c b/src/login-common/sasl-server.c
index 78735a6..3fbc560 100644
--- a/src/login-common/sasl-server.c
+++ b/src/login-common/sasl-server.c
@@ -13,6 +13,7 @@
#include "auth-client.h"
#include "ssl-proxy.h"
#include "master-service.h"
+#include "master-service-ssl-settings.h"
#include "master-interface.h"
#include "master-auth.h"
#include "client-common.h"
@@ -38,7 +39,8 @@ sasl_server_get_advertised_mechs(struct client *client, unsigned int *count_r)
unsigned int i, j, count;
mech = auth_client_get_available_mechs(auth_client, &count);
- if (count == 0) {
+ if (count == 0 || (!client->secured &&
+ strcmp(client->ssl_set->ssl, "required") == 0)) {
*count_r = 0;
return NULL;
}
--
1.7.10.2
From 43eeeb4d96640c49ad342e050f7590aca7ad21d6 Mon Sep 17 00:00:00 2001
From: Timo Sirainen <tss@iki.fi>
Date: Thu, 23 May 2013 17:36:54 +0300
Subject: [PATCH] lib-http: Added ssl_cert|key|key_password settings to be
passed to ssl-iostream. These are used for sending client's
SSL certificate.
diff --git a/src/lib-http/http-client.c b/src/lib-http/http-client.c
index b6846f0..f153b51 100644
--- a/src/lib-http/http-client.c
+++ b/src/lib-http/http-client.c
@@ -86,6 +86,9 @@ struct http_client *http_client_init(const struct http_client_settings *set)
client->set.ssl_ca = p_strdup(pool, set->ssl_ca);
client->set.ssl_crypto_device = p_strdup(pool, set->ssl_crypto_device);
client->set.ssl_allow_invalid_cert = set->ssl_allow_invalid_cert;
+ client->set.ssl_cert = p_strdup(pool, set->ssl_cert);
+ client->set.ssl_key = p_strdup(pool, set->ssl_key);
+ client->set.ssl_key_password = p_strdup(pool, set->ssl_key_password);
client->set.max_idle_time_msecs = set->max_idle_time_msecs;
client->set.max_parallel_connections =
(set->max_parallel_connections > 0 ? set->max_parallel_connections : 1);
@@ -197,6 +200,9 @@ int http_client_init_ssl_ctx(struct http_client *client, const char **error_r)
ssl_set.ca = client->set.ssl_ca;
ssl_set.verify_remote_cert = TRUE;
ssl_set.crypto_device = client->set.ssl_crypto_device;
+ ssl_set.cert = client->set.ssl_cert;
+ ssl_set.key = client->set.ssl_key;
+ ssl_set.key_password = client->set.ssl_key_password;
ssl_set.verbose = client->set.debug;
ssl_set.verbose_invalid_cert = client->set.debug;
diff --git a/src/lib-http/http-client.h b/src/lib-http/http-client.h
index 69cb448..9c8d131 100644
--- a/src/lib-http/http-client.h
+++ b/src/lib-http/http-client.h
@@ -36,6 +36,8 @@ struct http_client_settings {
const char *ssl_ca_dir, *ssl_ca_file, *ssl_ca;
const char *ssl_crypto_device;
bool ssl_allow_invalid_cert;
+ /* user cert */
+ const char *ssl_cert, *ssl_key, *ssl_key_password;
const char *rawlog_dir;
--
1.7.10.2

Loading…
Cancel
Save