login-settings.c revision 383d0e8c24451468d6bea17e4b55d74de744abe6
e59faf65ce864fe95dc00f5d52b8323cdbd0608aTimo Sirainen/* Copyright (c) 2005-2009 Dovecot authors, see the included COPYING file */
dd3ccdbb29dad006f7781ea138a5ba39727963c4Timo Sirainenstatic bool login_settings_check(void *_set, pool_t pool, const char **error_r);
eed03830015b7138b9d4522e72bef650aa24b45fTimo Sirainen { type, #name, offsetof(struct login_settings, name), NULL }
c2ebc8f28b5504f280cd5d4adfe57ed70f9a7d83Timo Sirainenstatic struct setting_define login_setting_defines[] = {
eed03830015b7138b9d4522e72bef650aa24b45fTimo Sirainenstatic struct login_settings login_default_settings = {
eed03830015b7138b9d4522e72bef650aa24b45fTimo Sirainen MEMBER(login_log_format_elements) "user=<%u> method=%m rip=%r lip=%l %c",
eed03830015b7138b9d4522e72bef650aa24b45fTimo Sirainen MEMBER(ssl_parameters_file) "ssl-parameters.dat",
eed03830015b7138b9d4522e72bef650aa24b45fTimo Sirainenstruct setting_parser_info login_setting_parser_info = {
315ce5be539bfe8bc7777ab0654499c49583cea2Timo Sirainen MEMBER(struct_size) sizeof(struct login_settings),
315ce5be539bfe8bc7777ab0654499c49583cea2Timo Sirainenconst struct setting_parser_info *login_set_roots[] = {
315ce5be539bfe8bc7777ab0654499c49583cea2Timo Sirainen/* <settings checks> */
315ce5be539bfe8bc7777ab0654499c49583cea2Timo Sirainenstatic int ssl_settings_check(void *_set ATTR_UNUSED, const char **error_r)
c2ebc8f28b5504f280cd5d4adfe57ed70f9a7d83Timo Sirainen *error_r = t_strdup_printf("SSL support not compiled in but ssl=%s",
65514ab6ccc1889e1667211fddb0cca4b51017dfTimo Sirainen *error_r = "ssl enabled, but ssl_cert not set";
315ce5be539bfe8bc7777ab0654499c49583cea2Timo Sirainen *error_r = "ssl enabled, but ssl_key not set";
315ce5be539bfe8bc7777ab0654499c49583cea2Timo Sirainen if (set->ssl_verify_client_cert && *set->ssl_ca_file == '\0') {
315ce5be539bfe8bc7777ab0654499c49583cea2Timo Sirainen *error_r = "ssl_verify_client_cert set, but ssl_ca_file not";
c2ebc8f28b5504f280cd5d4adfe57ed70f9a7d83Timo Sirainen if (*set->ssl_ca_file != '\0' && access(set->ssl_ca_file, R_OK) < 0) {
c2ebc8f28b5504f280cd5d4adfe57ed70f9a7d83Timo Sirainen *error_r = t_strdup_printf("ssl_ca_file: access(%s) failed: %m",
c2ebc8f28b5504f280cd5d4adfe57ed70f9a7d83Timo Sirainenstatic bool login_settings_check(void *_set, pool_t pool, const char **error_r)
c2ebc8f28b5504f280cd5d4adfe57ed70f9a7d83Timo Sirainen p_strsplit(pool, set->login_log_format_elements, " ");
c2ebc8f28b5504f280cd5d4adfe57ed70f9a7d83Timo Sirainen if (set->ssl_require_client_cert || set->ssl_username_from_cert) {
c2ebc8f28b5504f280cd5d4adfe57ed70f9a7d83Timo Sirainen /* if we require valid cert, make sure we also ask for it */
eed0a07ecb946ec9d021f5b413fb33eb36e135fdTimo Sirainen /* disabled */
eed0a07ecb946ec9d021f5b413fb33eb36e135fdTimo Sirainen } else if (strcmp(set->ssl, "required") == 0) {
eed0a07ecb946ec9d021f5b413fb33eb36e135fdTimo Sirainen *error_r = t_strdup_printf("Unknown ssl setting value: %s",
c2ebc8f28b5504f280cd5d4adfe57ed70f9a7d83Timo Sirainen/* </settings checks> */
c2ebc8f28b5504f280cd5d4adfe57ed70f9a7d83Timo Sirainenlogin_settings_read(struct master_service *service, pool_t pool,
c2ebc8f28b5504f280cd5d4adfe57ed70f9a7d83Timo Sirainen /* this function always clears the previous settings pool. since we're
c2ebc8f28b5504f280cd5d4adfe57ed70f9a7d83Timo Sirainen doing per-connection lookups, we always need to duplicate the
c2ebc8f28b5504f280cd5d4adfe57ed70f9a7d83Timo Sirainen settings using another pool. */
c2ebc8f28b5504f280cd5d4adfe57ed70f9a7d83Timo Sirainen if (master_service_settings_read(service, &input, &error) < 0)
c2ebc8f28b5504f280cd5d4adfe57ed70f9a7d83Timo Sirainen i_fatal("Error reading configuration: %s", error);
c2ebc8f28b5504f280cd5d4adfe57ed70f9a7d83Timo Sirainen sets = master_service_settings_get_others(service);
9a935c34e98ba7a9cc90784ceb63b2fbdab4105fTimo Sirainen set = settings_dup(&login_setting_parser_info, sets[0], pool);
c2ebc8f28b5504f280cd5d4adfe57ed70f9a7d83Timo Sirainen i_fatal("login_settings_check() failed: %s", error);