Mail Auth Module - Auth-Server local unix socket support

Igor Sysoev igor at sysoev.ru
Tue Apr 6 23:36:06 MSD 2010


On Tue, Apr 06, 2010 at 11:33:49PM +0400, Maxim Dounin wrote:

> Hello!
> 
> On Tue, Apr 06, 2010 at 10:13:10PM +0400, Igor Sysoev wrote:
> 
> > On Tue, Apr 06, 2010 at 03:23:07PM +0200, Simon Lécaille wrote:
> > 
> > > Hi all,
> > > 
> > > Because I need it, I add the unix socket support to Mail Auth Module.
> > > Now if nginx mail auth module receives Auth-Server containing a sock 
> > > path e.g :
> > > 
> > > HTTP/1.0 200 OK
> > > Auth-Status: OK
> > > Auth-Server: /tmp/cyrus.sock
> > > Auth-Port: [SomethingOrNot]
> > > Auth-User: user at domain.tld
> > > Auth-Pass: password
> > > 
> > > Nginx will be able to connect to the socket (e.g /tmp/cyrus.sock)
> > > 
> > > I'm writting the tests set for prove.
> > > 
> > > Patch in this mail (nginx-0.8.35)
> > > 
> > > For people who wonder why :
> > > Unix sockets allow me to restrict rights and permissions on cyrus.
> > > By chrooting a lot of services, bad local users could contact cyrus from 
> > > localhost with tcp connections.
> > > With unix sockets, the problem is now solved.
> > 
> > Thank you for the patch, I will include it in the next release.
> 
> We've talked with Simon on irc and he promised to try to plug 
> ngx_parse_url() instead.  Keeping in mind that this will change 
> syntax for unix sockets ("unix:/path" instead of "/path") - it's 
> probably good idea to wait for updated patch.
> 
> Or your "I will include it" as usual means "I'll rewrite it from 
> scratch and include rewritten version instead"?  ;)

The second case :)


-- 
Igor Sysoev
http://sysoev.ru/en/



More information about the nginx-devel mailing list