login-settings.c revision ed4cdfe5847a6063d5a4684a6a47b17e943922b5
b9f30617c2c96d54acbc4f85ed17b939c4f28916Timo Sirainen/* Copyright (c) 2005-2009 Dovecot authors, see the included COPYING file */
d63b4241643b6014d49ff356f14e0f3ee43068a8Timo Sirainenstatic bool login_settings_check(void *_set, pool_t pool, const char **error_r);
a64adf62fa33f2463a86f990217b0c9078531a40Timo Sirainen { type, #name, offsetof(struct login_settings, name), NULL }
a64adf62fa33f2463a86f990217b0c9078531a40Timo Sirainenstatic struct setting_define login_setting_defines[] = {
a64adf62fa33f2463a86f990217b0c9078531a40Timo Sirainenstatic struct login_settings login_default_settings = {
a64adf62fa33f2463a86f990217b0c9078531a40Timo Sirainen MEMBER(login_log_format_elements) "user=<%u> method=%m rip=%r lip=%l %c",
a64adf62fa33f2463a86f990217b0c9078531a40Timo Sirainen MEMBER(ssl_parameters_file) "ssl-parameters.dat",
9990cf6923b648420e9bd102e38ebfc2b9322dccTimo Sirainen MEMBER(ssl_cipher_list) "ALL:!LOW:!SSLv2:!EXP:!aNULL",
a64adf62fa33f2463a86f990217b0c9078531a40Timo Sirainenstruct setting_parser_info login_setting_parser_info = {
b215a8a123623782554a83f3025ef4e771bd8f01Timo Sirainen MEMBER(struct_size) sizeof(struct login_settings),
f059a046515f4b2b15a6c2a10a6f12f6166e39a5Timo Sirainenstatic const struct setting_parser_info *default_login_set_roots[] = {
f059a046515f4b2b15a6c2a10a6f12f6166e39a5Timo Sirainenconst struct setting_parser_info **login_set_roots = default_login_set_roots;
b215a8a123623782554a83f3025ef4e771bd8f01Timo Sirainen/* <settings checks> */
b215a8a123623782554a83f3025ef4e771bd8f01Timo Sirainenstatic int ssl_settings_check(void *_set ATTR_UNUSED, const char **error_r)
ce8a6f53ea3ce91b759a54b771e1779564de19a1Timo Sirainen *error_r = t_strdup_printf("SSL support not compiled in but ssl=%s",
02a0492affdff138f43903c19ca366363923044dTimo Sirainen *error_r = "ssl enabled, but ssl_cert not set";
02a0492affdff138f43903c19ca366363923044dTimo Sirainen *error_r = "ssl enabled, but ssl_key not set";
1cbc0c6372d24168962698c5f4d3e15df8943ebfTimo Sirainen if (set->ssl_verify_client_cert && *set->ssl_ca_file == '\0') {
1cbc0c6372d24168962698c5f4d3e15df8943ebfTimo Sirainen *error_r = "ssl_verify_client_cert set, but ssl_ca_file not";
b215a8a123623782554a83f3025ef4e771bd8f01Timo Sirainen if (*set->ssl_ca_file != '\0' && access(set->ssl_ca_file, R_OK) < 0) {
b215a8a123623782554a83f3025ef4e771bd8f01Timo Sirainen *error_r = t_strdup_printf("ssl_ca_file: access(%s) failed: %m",
97db4761382024093f441e4bc78ba8b6a056504dTimo Sirainenstatic bool login_settings_check(void *_set, pool_t pool, const char **error_r)
97db4761382024093f441e4bc78ba8b6a056504dTimo Sirainen p_strsplit(pool, set->login_log_format_elements, " ");
a64adf62fa33f2463a86f990217b0c9078531a40Timo Sirainen if (set->ssl_require_client_cert || set->ssl_username_from_cert) {
a64adf62fa33f2463a86f990217b0c9078531a40Timo Sirainen /* if we require valid cert, make sure we also ask for it */
b215a8a123623782554a83f3025ef4e771bd8f01Timo Sirainen /* disabled */
b215a8a123623782554a83f3025ef4e771bd8f01Timo Sirainen } else if (strcmp(set->ssl, "required") == 0) {
b215a8a123623782554a83f3025ef4e771bd8f01Timo Sirainen *error_r = t_strdup_printf("Unknown ssl setting value: %s",
b215a8a123623782554a83f3025ef4e771bd8f01Timo Sirainen/* </settings checks> */
ed4cdfe5847a6063d5a4684a6a47b17e943922b5Timo Sirainenstatic const struct var_expand_table *
ed4cdfe5847a6063d5a4684a6a47b17e943922b5Timo Sirainenlogin_set_var_expand_table(const struct master_service_settings_input *input)
ed4cdfe5847a6063d5a4684a6a47b17e943922b5Timo Sirainen static struct var_expand_table static_tab[] = {
ed4cdfe5847a6063d5a4684a6a47b17e943922b5Timo Sirainen tab[1].value = net_ip2addr(&input->remote_ip);
97db4761382024093f441e4bc78ba8b6a056504dTimo Sirainenlogin_settings_read(struct master_service *service, pool_t pool,
f059a046515f4b2b15a6c2a10a6f12f6166e39a5Timo Sirainen unsigned int i;
97db4761382024093f441e4bc78ba8b6a056504dTimo Sirainen /* this function always clears the previous settings pool. since we're
97db4761382024093f441e4bc78ba8b6a056504dTimo Sirainen doing per-connection lookups, we always need to duplicate the
97db4761382024093f441e4bc78ba8b6a056504dTimo Sirainen settings using another pool. */
1358e2c58ce29231485a5cfa454756d429ad3d2cTimo Sirainen if (master_service_settings_read(service, &input, &error) < 0)
d176f84ce5ca2073f4dfbafb457b9c74f6bf0d76Timo Sirainen i_fatal("Error reading configuration: %s", error);
d176f84ce5ca2073f4dfbafb457b9c74f6bf0d76Timo Sirainen sets = master_service_settings_get_others(service);
f059a046515f4b2b15a6c2a10a6f12f6166e39a5Timo Sirainen sets[i] = settings_dup(input.roots[i], sets[i], pool);
f059a046515f4b2b15a6c2a10a6f12f6166e39a5Timo Sirainen if (!settings_check(input.roots[i], pool, sets[i], &error)) {
f059a046515f4b2b15a6c2a10a6f12f6166e39a5Timo Sirainen const char *name = input.roots[i]->module_name;