[exim-cvs] Proxy negotiation saves socket timeout values.

Top Page
Delete this message
Reply to this message
Author: Exim Git Commits Mailing List
Date:  
To: exim-cvs
Subject: [exim-cvs] Proxy negotiation saves socket timeout values.
Gitweb: http://git.exim.org/exim.git/commitdiff/a3bddaa8058346a11835f0d9947f3f60bb029fef
Commit:     a3bddaa8058346a11835f0d9947f3f60bb029fef
Parent:     aa26e1378803587c24924ad0055318959d597802
Author:     Todd Lyons <tlyons@???>
AuthorDate: Mon Dec 30 15:02:21 2013 -0800
Committer:  Todd Lyons <tlyons@???>
CommitDate: Mon Dec 30 15:56:37 2013 -0800


    Proxy negotiation saves socket timeout values.


    Rename proxy expansions conforming to Exim standards.
    Update documentation to reflect rename.
    Seperate restore socket function
---
 doc/doc-txt/experimental-spec.txt | 16 ++++++++--------
 src/src/expand.c                  |  4 ++--
 src/src/globals.c                 |  4 ++--
 src/src/globals.h                 |  4 ++--
 src/src/receive.c                 |  2 +-
 src/src/smtp_in.c                 | 40 +++++++++++++++++++++++++++++++++++----
 6 files changed, 51 insertions(+), 19 deletions(-)


diff --git a/doc/doc-txt/experimental-spec.txt b/doc/doc-txt/experimental-spec.txt
index 92790ae..b80e02b 100644
--- a/doc/doc-txt/experimental-spec.txt
+++ b/doc/doc-txt/experimental-spec.txt
@@ -1066,28 +1066,28 @@ Proxy Protocol server at 192.168.1.2 will look like this:

3. In the ACL's the following expansion variables are available.

-proxy_host     The src IP of the proxy server making the connection
-proxy_port     The src port the proxy server is using
-proxy_session  Boolean, yes/no, the connected host is required to use
-               Proxy Protocol.
+proxy_host_address  The src IP of the proxy server making the connection
+proxy_host_port     The src port the proxy server is using
+proxy_session       Boolean, yes/no, the connected host is required to use
+                    Proxy Protocol.


There is no expansion for a failed proxy session, however you can detect
it by checking if $proxy_session is true but $proxy_host is empty. As
an example, in my connect ACL, I have:

   warn    condition      = ${if and{ {bool{$proxy_session}} \
-                                     {eq{$proxy_host}{}} } }
+                                     {eq{$proxy_host_address}{}} } }
           log_message    = Failed required proxy protocol negotiation \
                            from $sender_host_name [$sender_host_address]


   warn    condition      = ${if and{ {bool{$proxy_session}} \
-                                     {!eq{$proxy_host}{}} } }
+                                     {!eq{$proxy_host_address}{}} } }
           # But don't log health probes from the proxy itself
-          condition      = ${if eq{$proxy_host}{$sender_host_address} \
+          condition      = ${if eq{$proxy_host_address}{$sender_host_address} \
                                 {false}{true}}
           log_message    = Successfully proxied from $sender_host_name \
                            [$sender_host_address] through proxy protocol \
-                           host $proxy_host
+                           host $proxy_host_address


 4. Runtime issues to be aware of:
    - Since the real connections are all coming from your proxy, and the
diff --git a/src/src/expand.c b/src/src/expand.c
index 325b051..de52e60 100644
--- a/src/src/expand.c
+++ b/src/src/expand.c
@@ -559,8 +559,8 @@ static var_entry var_table[] = {
   { "pid",                 vtype_pid,         NULL },
   { "primary_hostname",    vtype_stringptr,   &primary_hostname },
 #ifdef EXPERIMENTAL_PROXY
-  { "proxy_host",          vtype_stringptr,   &proxy_host },
-  { "proxy_port",          vtype_int,         &proxy_port },
+  { "proxy_host_address",  vtype_stringptr,   &proxy_host_address },
+  { "proxy_host_port",     vtype_int,         &proxy_host_port },
   { "proxy_session",       vtype_bool,        &proxy_session },
 #endif
   { "prvscheck_address",   vtype_stringptr,   &prvscheck_address },
diff --git a/src/src/globals.c b/src/src/globals.c
index ec6700d..1572461 100644
--- a/src/src/globals.c
+++ b/src/src/globals.c
@@ -919,8 +919,8 @@ uschar *process_log_path       = NULL;
 BOOL    prod_requires_admin    = TRUE;


 #ifdef EXPERIMENTAL_PROXY
-uschar *proxy_host             = US"";
-int     proxy_port             = 0;
+uschar *proxy_host_address     = US"";
+int     proxy_host_port        = 0;
 uschar *proxy_required_hosts   = US"";
 BOOL    proxy_session          = FALSE;
 BOOL    proxy_session_failed   = FALSE;
diff --git a/src/src/globals.h b/src/src/globals.h
index 5661489..bf54fb4 100644
--- a/src/src/globals.h
+++ b/src/src/globals.h
@@ -594,8 +594,8 @@ extern uschar *process_log_path;       /* Alternate path */
 extern BOOL    prod_requires_admin;    /* TRUE if prodding requires admin */


 #ifdef EXPERIMENTAL_PROXY
-extern uschar *proxy_host;             /* IP of proxy server */
-extern int     proxy_port;             /* Port of proxy server */
+extern uschar *proxy_host_address;     /* IP of proxy server */
+extern int     proxy_host_port;        /* Port of proxy server */
 extern uschar *proxy_required_hosts;   /* Hostlist which (require) use proxy protocol */
 extern BOOL    proxy_session;          /* TRUE if receiving mail from valid proxy  */
 extern BOOL    proxy_session_failed;   /* TRUE if required proxy negotiation failed */
diff --git a/src/src/receive.c b/src/src/receive.c
index 02db23f..0295b7e 100644
--- a/src/src/receive.c
+++ b/src/src/receive.c
@@ -3759,7 +3759,7 @@ if (prdr_requested)
 if (proxy_session &&
     (log_extra_selector & LX_proxy) != 0)
   {
-  s = string_append(s, &size, &sptr, 2, US" PRX=", proxy_host);
+  s = string_append(s, &size, &sptr, 2, US" PRX=", proxy_host_address);
   }
 #endif


diff --git a/src/src/smtp_in.c b/src/src/smtp_in.c
index 144ad28..95c615e 100644
--- a/src/src/smtp_in.c
+++ b/src/src/smtp_in.c
@@ -555,6 +555,25 @@ exim_exit(EXIT_FAILURE);

 #ifdef EXPERIMENTAL_PROXY
 /*************************************************
+*     Restore socket timeout to previous value   *
+*************************************************/
+/* If the previous value was successfully retrieved, restore
+it before returning control to the non-proxy routines
+
+Arguments: fd     - File descriptor for input
+           get_ok - Successfully retrieved previous values
+           tvtmp  - Time struct with previous values
+           vslen  - Length of time struct
+Returns:   none
+*/
+static void
+restore_socket_timeout(int fd, int get_ok, struct timeval tvtmp, socklen_t vslen)
+{
+if (get_ok == 0)
+  setsockopt(fd, SOL_SOCKET, SO_RCVTIMEO, (char *)&tvtmp, vslen);
+}
+
+/*************************************************
 *       Check if host is required proxy host     *
 *************************************************/
 /* The function determines if inbound host will be a regular smtp host
@@ -650,15 +669,25 @@ uschar *tmpip;
 const char v2sig[13] = "\x0D\x0A\x0D\x0A\x00\x0D\x0A\x51\x55\x49\x54\x0A\x02";
 uschar *iptype;  /* To display debug info */
 struct timeval tv;
+int get_ok = 0;
+socklen_t vslen = 0;
+struct timeval tvtmp;
+
+vslen = sizeof(struct timeval);


fd = fileno(smtp_in);

+/* Save current socket timeout values */
+get_ok = getsockopt(fd, SOL_SOCKET, SO_RCVTIMEO, (char *)&tvtmp,
+                    &vslen);
+
 /* Proxy Protocol host must send header within a short time
 (default 3 seconds) or it's considered invalid */
 tv.tv_sec  = PROXY_NEGOTIATION_TIMEOUT_SEC;
 tv.tv_usec = PROXY_NEGOTIATION_TIMEOUT_USEC;
 setsockopt(fd, SOL_SOCKET, SO_RCVTIMEO, (char *)&tv,
            sizeof(struct timeval));
+
 do
   {
   ret = recv(fd, &hdr, sizeof(hdr), MSG_PEEK);
@@ -666,7 +695,10 @@ do
   while (ret == -1 && errno == EINTR);


if (ret == -1)
+ {
+ restore_socket_timeout(fd, get_ok, tvtmp, vslen);
return (errno == EAGAIN) ? 0 : ERRNO_PROXYFAIL;
+ }

 if (ret >= 16 &&
     memcmp(&hdr.v2, v2sig, 13) == 0)
@@ -768,7 +800,7 @@ else if (ret >= 8 &&
       debug_printf("Proxied src arg is not an %s address\n", iptype);
     goto proxyfail;
     }
-  proxy_host = sender_host_address;
+  proxy_host_address = sender_host_address;
   sender_host_address = p;
   p = sp + 1;
   if ((sp = Ustrchr(p, ' ')) == NULL)
@@ -799,7 +831,7 @@ else if (ret >= 8 &&
       debug_printf("Proxied src port '%s' not an integer\n", p);
     goto proxyfail;
     }
-  proxy_port = sender_host_port;
+  proxy_host_port = sender_host_port;
   sender_host_port = tmp_port;
   p = sp + 1;
   if ((sp = Ustrchr(p, '\0')) == NULL)
@@ -826,11 +858,13 @@ else
   }


proxyfail:
+restore_socket_timeout(fd, get_ok, tvtmp, vslen);
/* Don't flush any potential buffer contents. Any input should cause a
synchronization failure or we just don't want to speak SMTP to them */
return FALSE;

done:
+restore_socket_timeout(fd, get_ok, tvtmp, vslen);
flush_input();
DEBUG(D_receive)
debug_printf("Valid %s sender from Proxy Protocol header\n",
@@ -839,8 +873,6 @@ return proxy_session;
}
#endif

-
-
 /*************************************************
 *           Read one command line                *
 *************************************************/