Mail Auth Module - Auth-Server local unix socket support
mdounin at mdounin.ru
Tue Apr 6 23:33:49 MSD 2010
On Tue, Apr 06, 2010 at 10:13:10PM +0400, Igor Sysoev wrote:
> On Tue, Apr 06, 2010 at 03:23:07PM +0200, Simon Lécaille wrote:
> > Hi all,
> > Because I need it, I add the unix socket support to Mail Auth Module.
> > Now if nginx mail auth module receives Auth-Server containing a sock
> > path e.g :
> > HTTP/1.0 200 OK
> > Auth-Status: OK
> > Auth-Server: /tmp/cyrus.sock
> > Auth-Port: [SomethingOrNot]
> > Auth-User: user at domain.tld
> > Auth-Pass: password
> > Nginx will be able to connect to the socket (e.g /tmp/cyrus.sock)
> > I'm writting the tests set for prove.
> > Patch in this mail (nginx-0.8.35)
> > For people who wonder why :
> > Unix sockets allow me to restrict rights and permissions on cyrus.
> > By chrooting a lot of services, bad local users could contact cyrus from
> > localhost with tcp connections.
> > With unix sockets, the problem is now solved.
> Thank you for the patch, I will include it in the next release.
We've talked with Simon on irc and he promised to try to plug
ngx_parse_url() instead. Keeping in mind that this will change
syntax for unix sockets ("unix:/path" instead of "/path") - it's
probably good idea to wait for updated patch.
Or your "I will include it" as usual means "I'll rewrite it from
scratch and include rewritten version instead"? ;)
More information about the nginx-devel