Merge pull request #5 from kevinoid/improve-connect-handling

Improve connect handling
bmanojlovic · Jul 17, 2018 · f0c4ea4 · f0c4ea4
2 parents f059c3a + b12df24
commit f0c4ea4
Showing 1 changed file with 19 additions and 4 deletions.
diff --git a/mod_authn_dovecot.c b/mod_authn_dovecot.c
@@ -25,8 +25,10 @@
 #include "http_request.h"
 #include "mod_auth.h"
 
+#include <errno.h>
 #include <unistd.h>
 #include <stdio.h>
+#include <string.h>
 
 #include "apr_base64.h"		// base64 encode
 
@@ -131,6 +133,19 @@ static authn_status check_password(request_rec * r, const char *user, const char
 	struct timeval tv;
 	struct connection_state cs;
 
+	size_t authsocklen = strlen(conf->dovecotauthsocket);
+	if (authsocklen >= sizeof address.sun_path) {
+		// Note: Some OS support longer sun_path via the "struct hack".
+		// Not Linux.  See:
+		// https://mail-index.netbsd.org/tech-net/2006/10/11/0008.html
+		ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, "Dovecot Authentication: dovecot socket path %s is too long.", conf->dovecotauthsocket);
+		if (conf->authoritative == 0) {
+			return DECLINED;
+		} else {
+			return AUTH_USER_NOT_FOUND;
+		}
+	}
+
 	apr_pool_create(&p, r->pool);	// create subpool for local functions, variables...
 
 	// setting default values for connection state 
@@ -154,10 +169,10 @@ static authn_status check_password(request_rec * r, const char *user, const char
 		perror("fcntl(F_SETFL)");
 	}
 	address.sun_family = AF_UNIX;
-	strncpy(address.sun_path,conf->dovecotauthsocket, strlen(conf->dovecotauthsocket));
+	memcpy(address.sun_path, conf->dovecotauthsocket, authsocklen + 1);
 	result = connect(auths, (struct sockaddr *)&address, sizeof address);
-	if (result) {
-		ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, "Dovecot Authentication: could not connect to dovecot socket");
+	if (result && errno != EINPROGRESS) {
+		ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, "Dovecot Authentication: could not connect to dovecot socket %s: %s", address.sun_path, strerror(errno));
 		if (conf->authoritative == 0) {
 			return DECLINED;
 		} else {
@@ -186,7 +201,7 @@ static authn_status check_password(request_rec * r, const char *user, const char
 
 		readsocks = select(fdmax + 1, &socks_r, &socks_w, NULL, &tv);
 		if (readsocks < 0) {
-			ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, "Dovecot Authentication: socket select");
+			ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, "Dovecot Authentication: socket select: %s", strerror(errno));
 			return DECLINED;
 		}