Mail Auth Module - Auth-Server local unix socket support
Igor Sysoev
igor at sysoev.ru
Tue Apr 6 23:36:06 MSD 2010
On Tue, Apr 06, 2010 at 11:33:49PM +0400, Maxim Dounin wrote:
> Hello!
>
> On Tue, Apr 06, 2010 at 10:13:10PM +0400, Igor Sysoev wrote:
>
> > On Tue, Apr 06, 2010 at 03:23:07PM +0200, Simon Lécaille wrote:
> >
> > > Hi all,
> > >
> > > Because I need it, I add the unix socket support to Mail Auth Module.
> > > Now if nginx mail auth module receives Auth-Server containing a sock
> > > path e.g :
> > >
> > > HTTP/1.0 200 OK
> > > Auth-Status: OK
> > > Auth-Server: /tmp/cyrus.sock
> > > Auth-Port: [SomethingOrNot]
> > > Auth-User: user at domain.tld
> > > Auth-Pass: password
> > >
> > > Nginx will be able to connect to the socket (e.g /tmp/cyrus.sock)
> > >
> > > I'm writting the tests set for prove.
> > >
> > > Patch in this mail (nginx-0.8.35)
> > >
> > > For people who wonder why :
> > > Unix sockets allow me to restrict rights and permissions on cyrus.
> > > By chrooting a lot of services, bad local users could contact cyrus from
> > > localhost with tcp connections.
> > > With unix sockets, the problem is now solved.
> >
> > Thank you for the patch, I will include it in the next release.
>
> We've talked with Simon on irc and he promised to try to plug
> ngx_parse_url() instead. Keeping in mind that this will change
> syntax for unix sockets ("unix:/path" instead of "/path") - it's
> probably good idea to wait for updated patch.
>
> Or your "I will include it" as usual means "I'll rewrite it from
> scratch and include rewritten version instead"? ;)
The second case :)
--
Igor Sysoev
http://sysoev.ru/en/
More information about the nginx-devel
mailing list