src/lib-master/master-service-ssl-settings.c

	master-service-ssl-settings.c revision b244040178025c901c47be4fef3fa3bbc4c1e75a
462db32918a05097652f8232cd6c8d78a826e63cLukas Slebodnik/* Copyright (c) 2012 Dovecot authors, see the included COPYING file */
462db32918a05097652f8232cd6c8d78a826e63cLukas Slebodnik
462db32918a05097652f8232cd6c8d78a826e63cLukas Slebodnik#include "lib.h"
462db32918a05097652f8232cd6c8d78a826e63cLukas Slebodnik#include "settings-parser.h"
462db32918a05097652f8232cd6c8d78a826e63cLukas Slebodnik#include "master-service-private.h"
462db32918a05097652f8232cd6c8d78a826e63cLukas Slebodnik#include "master-service-ssl-settings.h"
462db32918a05097652f8232cd6c8d78a826e63cLukas Slebodnik
462db32918a05097652f8232cd6c8d78a826e63cLukas Slebodnik#include <stddef.h>
462db32918a05097652f8232cd6c8d78a826e63cLukas Slebodnik
462db32918a05097652f8232cd6c8d78a826e63cLukas Slebodnik#undef DEF
462db32918a05097652f8232cd6c8d78a826e63cLukas Slebodnik#define DEF(type, name) \
462db32918a05097652f8232cd6c8d78a826e63cLukas Slebodnik    { type, #name, offsetof(struct master_service_ssl_settings, name), NULL }
462db32918a05097652f8232cd6c8d78a826e63cLukas Slebodnik
462db32918a05097652f8232cd6c8d78a826e63cLukas Slebodnikstatic bool
462db32918a05097652f8232cd6c8d78a826e63cLukas Slebodnikmaster_service_ssl_settings_check(void *_set, pool_t pool, const char **error_r);
462db32918a05097652f8232cd6c8d78a826e63cLukas Slebodnik
462db32918a05097652f8232cd6c8d78a826e63cLukas Slebodnikstatic const struct setting_define master_service_ssl_setting_defines[] = {
462db32918a05097652f8232cd6c8d78a826e63cLukas Slebodnik    DEF(SET_ENUM, ssl),
462db32918a05097652f8232cd6c8d78a826e63cLukas Slebodnik    DEF(SET_STR, ssl_ca),
462db32918a05097652f8232cd6c8d78a826e63cLukas Slebodnik    DEF(SET_STR, ssl_cert),
462db32918a05097652f8232cd6c8d78a826e63cLukas Slebodnik    DEF(SET_STR, ssl_key),
462db32918a05097652f8232cd6c8d78a826e63cLukas Slebodnik    DEF(SET_STR, ssl_key_password),
462db32918a05097652f8232cd6c8d78a826e63cLukas Slebodnik    DEF(SET_STR, ssl_cipher_list),
462db32918a05097652f8232cd6c8d78a826e63cLukas Slebodnik    DEF(SET_STR, ssl_protocols),
462db32918a05097652f8232cd6c8d78a826e63cLukas Slebodnik    DEF(SET_STR, ssl_cert_username_field),
462db32918a05097652f8232cd6c8d78a826e63cLukas Slebodnik    DEF(SET_STR, ssl_crypto_device),
462db32918a05097652f8232cd6c8d78a826e63cLukas Slebodnik    DEF(SET_BOOL, ssl_verify_client_cert),
462db32918a05097652f8232cd6c8d78a826e63cLukas Slebodnik    DEF(SET_BOOL, ssl_require_crl),
022c6b90bb37851c0e8704c0e5388ebc113c6470Lukas Slebodnik    DEF(SET_BOOL, verbose_ssl),
022c6b90bb37851c0e8704c0e5388ebc113c6470Lukas Slebodnik
022c6b90bb37851c0e8704c0e5388ebc113c6470Lukas Slebodnik    SETTING_DEFINE_LIST_END
022c6b90bb37851c0e8704c0e5388ebc113c6470Lukas Slebodnik};
462db32918a05097652f8232cd6c8d78a826e63cLukas Slebodnik
static const struct master_service_ssl_settings master_service_ssl_default_settings = {
#ifdef HAVE_SSL
    .ssl = "yes:no:required",
#else
    .ssl = "no:yes:required",
#endif
    .ssl_ca = "",
    .ssl_cert = "",
    .ssl_key = "",
    .ssl_key_password = "",
    .ssl_cipher_list = "ALL:!LOW:!SSLv2:!EXP:!aNULL",
    .ssl_protocols = "!SSLv2",
    .ssl_cert_username_field = "commonName",
    .ssl_crypto_device = "",
    .ssl_verify_client_cert = FALSE,
    .ssl_require_crl = TRUE,
    .verbose_ssl = FALSE
};

const struct setting_parser_info master_service_ssl_setting_parser_info = {
    .module_name = "master",
    .defines = master_service_ssl_setting_defines,
    .defaults = &master_service_ssl_default_settings,

    .type_offset = (size_t)-1,
    .struct_size = sizeof(struct master_service_ssl_settings),

    .parent_offset = (size_t)-1,
    .check_func = master_service_ssl_settings_check
};

/* <settings checks> */
static bool
master_service_ssl_settings_check(void *_set, pool_t pool ATTR_UNUSED,
                  const char **error_r)
{
    struct master_service_ssl_settings *set = _set;

    if (strcmp(set->ssl, "no") == 0) {
        /* disabled */
        return TRUE;
    }
#ifndef HAVE_SSL
    *error_r = t_strdup_printf("SSL support not compiled in but ssl=%s",
                   set->ssl);
    return FALSE;
#else
    /* we get called from many different tools, possibly with -O parameter,
       and few of those tools care about SSL settings. so don't check
       ssl_cert/ssl_key/etc validity here except in doveconf, because it
       usually is just an extra annoyance. */
#ifdef CONFIG
    if (*set->ssl_cert == '\0') {
        *error_r = "ssl enabled, but ssl_cert not set";
        return FALSE;
    }
    if (*set->ssl_key == '\0') {
        *error_r = "ssl enabled, but ssl_key not set";
        return FALSE;
    }
#endif
    if (set->ssl_verify_client_cert && *set->ssl_ca == '\0') {
        *error_r = "ssl_verify_client_cert set, but ssl_ca not";
        return FALSE;
    }
    return TRUE;
#endif
}
/* </settings checks> */

const struct master_service_ssl_settings *
master_service_ssl_settings_get(struct master_service *service)
{
    void **sets;

    sets = settings_parser_get_list(service->set_parser);
    return sets[1];
}