Add IPv6 support to smtp auth in nginx.

67a75785 · Cédric de Saint Martin · 05d88c50 · 67a75785 · 67a75785
Commit 67a75785 authored Mar 25, 2013 by Cédric de Saint Martin
Hide whitespace changes
Inline Side-by-side

Showing with 91 additions and 8 deletions

component/nginx/buildout.cfg component/nginx/buildout.cfg +13 -8

component/nginx/mail_auth_ipv6.patch component/nginx/mail_auth_ipv6.patch +78 -0

No files found.
--- a/component/nginx/buildout.cfg
+++ b/component/nginx/buildout.cfg
@@ -11,20 +11,25 @@ md5sum = d252f5c689a14a668e241c744ccf5f06
 configure-options=
  --with-ipv6
  --with-http_ssl_module
+  --with-mail
+  --with-mail_ssl_module
  --with-ld-opt="-L ${zlib:location}/lib -L ${openssl:location}/lib -L ${pcre:location}/lib  -Wl,-rpath=${pcre:location}/lib -Wl,-rpath=${zlib:location}/lib -Wl,-rpath=${openssl:location}/lib"
  --with-cc-opt="-I ${pcre:location}/include -I ${openssl:location}/include -I ${zlib:location}/include"

+[mail_auth_ipv6.patch]
+recipe = hexagonit.recipe.download
+url = ${:_profile_base_location_}/${:_buildout_section_name_}
+filename = ${:_buildout_section_name_}
+download-only = true
+md5sum = 4f074f035d3b37f3f3e71cd9616440f3
+
 [nginx-unstable]
-recipe = hexagonit.recipe.cmmi
+<= nginx
 url = http://nginx.org/download/nginx-1.3.14.tar.gz
 md5sum = 9b13753c88ea682fddd1495cb36e5d39
-configure-options=
-  --with-ipv6
-  --with-http_ssl_module
-  --with-ld-opt="-L ${zlib:location}/lib -L ${openssl:location}/lib -L ${pcre:location}/lib  -Wl,-rpath=${pcre:location}/lib -Wl,-rpath=${zlib:location}/lib -Wl,-rpath=${openssl:location}/lib"
-  --with-cc-opt="-I ${pcre:location}/include -I ${openssl:location}/include -I ${zlib:location}/include"
-
-
+patch-options = -p1
+patches =
+  ${mail_auth_ipv6.patch:location}/${mail_auth_ipv6.patch:filename}

 [hexaglobe-nginx-module]
 recipe = hexagonit.recipe.download

--- a/component/nginx/mail_auth_ipv6.patch
+++ b/component/nginx/mail_auth_ipv6.patch
+# HG changeset patch
+# User Ruslan Ermilov <ru@nginx.com>
+# Date 1363982097 -14400
+# Node ID 8c56f8fe477f21fb7e0c339bb4e583d077cd1356
+# Parent  b78cf2414fdaf9645ff2e697147f45b610e43904
+Mail: auth_http can redirect to IPv6 backends.
+
+diff --git a/src/mail/ngx_mail_auth_http_module.c b/src/mail/ngx_mail_auth_http_module.c
+--- a/src/mail/ngx_mail_auth_http_module.c
+++ b/src/mail/ngx_mail_auth_http_module.c
+@@ -772,17 +772,26 @@ ngx_mail_auth_http_process_headers(ngx_m
+                 return;
+             }
+ 
+-            /* AF_INET only */
+            rc = ngx_parse_addr(s->connection->pool, peer,
+                                ctx->addr.data, ctx->addr.len);
+ 
+-            sin = ngx_pcalloc(s->connection->pool, sizeof(struct sockaddr_in));
+-            if (sin == NULL) {
+            switch (rc) {
+            case NGX_OK:
+                break;
+
+            case NGX_DECLINED:
+                ngx_log_error(NGX_LOG_ERR, s->connection->log, 0,
+                              "auth http server %V sent invalid server "
+                              "address:\"%V\"",
+                              ctx->peer.name, &ctx->addr);
+                /* fall through */
+
+            default:
+                 ngx_destroy_pool(ctx->pool);
+                 ngx_mail_session_internal_server_error(s);
+                 return;
+             }
+ 
+-            sin->sin_family = AF_INET;
+-
+             port = ngx_atoi(ctx->port.data, ctx->port.len);
+             if (port == NGX_ERROR || port < 1 || port > 65535) {
+                 ngx_log_error(NGX_LOG_ERR, s->connection->log, 0,
+@@ -794,21 +803,23 @@ ngx_mail_auth_http_process_headers(ngx_m
+                 return;
+             }
+ 
+-            sin->sin_port = htons((in_port_t) port);
+            switch (peer->sockaddr->sa_family) {
+ 
+-            sin->sin_addr.s_addr = ngx_inet_addr(ctx->addr.data, ctx->addr.len);
+-            if (sin->sin_addr.s_addr == INADDR_NONE) {
+-                ngx_log_error(NGX_LOG_ERR, s->connection->log, 0,
+-                              "auth http server %V sent invalid server "
+-                              "address:\"%V\"",
+-                              ctx->peer.name, &ctx->addr);
+-                ngx_destroy_pool(ctx->pool);
+-                ngx_mail_session_internal_server_error(s);
+-                return;
+#if (NGX_HAVE_INET6)
+            case AF_INET6:
+            {
+                struct sockaddr_in6  *sin6;
+                sin6 = (struct sockaddr_in6 *) peer->sockaddr;
+                sin6->sin6_port = htons((in_port_t) port);
+                break;
+             }
+#endif
+ 
+-            peer->sockaddr = (struct sockaddr *) sin;
+-            peer->socklen = sizeof(struct sockaddr_in);
+            default: /* AF_INET */
+                sin = (struct sockaddr_in *) peer->sockaddr;
+                sin->sin_port = htons((in_port_t) port);
+                break;
+            }
+ 
+             len = ctx->addr.len + 1 + ctx->port.len;
+