close systemd extra sockets that are not configured

This commit is contained in:
Michal Hlavinka 2012-04-24 09:43:54 +02:00
parent 43bd98bb09
commit 999846d56f
2 changed files with 108 additions and 1 deletions

View File

@ -0,0 +1,102 @@
diff -up dovecot-2.0.20/src/master/service-listen.c.systemdfix dovecot-2.0.20/src/master/service-listen.c
--- dovecot-2.0.20/src/master/service-listen.c.systemdfix 2011-12-13 12:38:27.000000000 +0100
+++ dovecot-2.0.20/src/master/service-listen.c 2012-04-13 18:29:37.724290656 +0200
@@ -14,6 +14,7 @@
#include <unistd.h>
#include <fcntl.h>
#include <sys/stat.h>
+#include <sys/socket.h>
#define MIN_BACKLOG 4
#define MAX_BACKLOG 511
@@ -231,16 +232,90 @@ static int service_listen(struct service
return ret;
}
+static int get_socket_info(int fd, unsigned int *family, unsigned int *port)
+{
+ union sockaddr_union {
+ struct sockaddr sa;
+ struct sockaddr_in in4;
+ struct sockaddr_in6 in6;
+ } sockaddr;
+ socklen_t l;
+
+ if (port) *port = -1;
+ if (family) *family = -1;
+
+ memset(&sockaddr, 0, sizeof(sockaddr));
+ l = sizeof(sockaddr);
+
+ if (getsockname(fd, &sockaddr.sa, &l) < 0)
+ return -errno;
+
+ if (family) *family = sockaddr.sa.sa_family;
+ if (port) {
+ if (sockaddr.sa.sa_family == AF_INET) {
+ if (l < sizeof(struct sockaddr_in))
+ return -EINVAL;
+
+ *port = ntohs(sockaddr.in4.sin_port);
+ } else {
+ if (l < sizeof(struct sockaddr_in6))
+ return -EINVAL;
+
+ *port = ntohs(sockaddr.in6.sin6_port);
+ }
+ }
+ return 0;
+}
+
int services_listen(struct service_list *service_list)
{
struct service *const *services;
int ret = 1, ret2;
array_foreach(&service_list->services, services) {
ret2 = service_listen(*services);
if (ret2 < ret)
ret = ret2;
}
+
+ static int sd_fds = -1;
+ int fd, fd_max;
+
+ if (sd_fds < 0) {
+ sd_fds = sd_listen_fds(0);
+ if (sd_fds == -1) {
+ i_error("sd_listen_fds() failed: %m");
+ return -1;
+ }
+ }
+
+ fd_max = SD_LISTEN_FDS_START + sd_fds - 1;
+ for (fd = SD_LISTEN_FDS_START; fd <= fd_max; fd++) {
+ if (sd_is_socket_inet(fd, 0, SOCK_STREAM, 1, 0) > 0) {
+ int found = FALSE;
+ unsigned int port, family;
+ get_socket_info(fd, &family, &port);
+
+ array_foreach(&service_list->services, services) {
+ struct service_listener *const *listeners;
+ array_foreach(&(*services)->listeners, listeners) {
+ struct service_listener *l = *listeners;
+ if (l->type != SERVICE_LISTENER_INET) continue;
+ if (l->set.inetset.set->port == port && l->set.inetset.ip.family == family) {
+ found = TRUE;
+ break;
+ }
+ }
+ if (found) break;
+ }
+ if (!found) {
+ i_error("we've got socket that listens on port %d, but it's not configured. Closing.",port);
+ if (shutdown(fd,SHUT_RDWR) < 0 && errno != ENOTCONN) i_error("shutdown() failed: %m");
+ close(fd);
+ }
+ }
+ }
+
return ret;
}

View File

@ -3,7 +3,7 @@ Name: dovecot
Epoch: 1 Epoch: 1
Version: 2.1.4 Version: 2.1.4
#global prever .rc6 #global prever .rc6
Release: 1%{?dist} Release: 2%{?dist}
#dovecot itself is MIT, a few sources are PD, pigeonhole is LGPLv2 #dovecot itself is MIT, a few sources are PD, pigeonhole is LGPLv2
License: MIT and LGPLv2 License: MIT and LGPLv2
Group: System Environment/Daemons Group: System Environment/Daemons
@ -28,6 +28,7 @@ Patch2: dovecot-1.0.beta2-mkcert-permissions.patch
Patch3: dovecot-1.0.rc7-mkcert-paths.patch Patch3: dovecot-1.0.rc7-mkcert-paths.patch
Patch4: dovecot-2.1-privatetmp.patch Patch4: dovecot-2.1-privatetmp.patch
Patch5: dovecot-2.1.4-postreleasefix.patch Patch5: dovecot-2.1.4-postreleasefix.patch
Patch6: dovecot-2.0.19-systemdfix.patch
Buildroot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) Buildroot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
BuildRequires: openssl-devel, pam-devel, zlib-devel, bzip2-devel, libcap-devel BuildRequires: openssl-devel, pam-devel, zlib-devel, bzip2-devel, libcap-devel
@ -113,6 +114,7 @@ This package provides the development files for dovecot.
%patch3 -p1 -b .mkcert-paths %patch3 -p1 -b .mkcert-paths
%patch4 -p1 -b .privatetmp %patch4 -p1 -b .privatetmp
%patch5 -p1 -b .postreleasefix %patch5 -p1 -b .postreleasefix
%patch6 -p1 -b .systemdfix
sed -i '/DEFAULT_INCLUDES *=/s|$| '"$(pkg-config --cflags libclucene-core)|" src/plugins/fts-lucene/Makefile.in sed -i '/DEFAULT_INCLUDES *=/s|$| '"$(pkg-config --cflags libclucene-core)|" src/plugins/fts-lucene/Makefile.in
%build %build
@ -429,6 +431,9 @@ make check
%{_libdir}/%{name}/dict/libdriver_pgsql.so %{_libdir}/%{name}/dict/libdriver_pgsql.so
%changelog %changelog
* Tue Apr 24 2012 Michal Hlavinka <mhlavink@redhat.com> - 1:2.1.4-2
- close systemd extra sockets that are not configured
* Tue Apr 10 2012 Michal Hlavinka <mhlavink@redhat.com> - 1:2.1.4-1 * Tue Apr 10 2012 Michal Hlavinka <mhlavink@redhat.com> - 1:2.1.4-1
- dovecot updated to 2.1.4 - dovecot updated to 2.1.4
- Proxying SSL connections crashed in v2.1.[23] - Proxying SSL connections crashed in v2.1.[23]