src/login-common/login-settings.c

	login-settings.c revision 5a580c3a38ced62d4bcc95b8ac7c4f2935b5d294
5f5870385cff47efd2f58e7892f251cf13761528Timo Sirainen/* Copyright (c) 2005-2013 Dovecot authors, see the included COPYING file */
0c17af9d3f9323136a94e66605776ed4462a172dTimo Sirainen
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen#include "login-common.h"
0c17af9d3f9323136a94e66605776ed4462a172dTimo Sirainen#include "hostpid.h"
0c17af9d3f9323136a94e66605776ed4462a172dTimo Sirainen#include "var-expand.h"
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen#include "settings-parser.h"
0c17af9d3f9323136a94e66605776ed4462a172dTimo Sirainen#include "master-service.h"
137ea7ca34005345aa2304a940149b7f3774d727Timo Sirainen#include "master-service-settings.h"
0c17af9d3f9323136a94e66605776ed4462a172dTimo Sirainen#include "master-service-ssl-settings.h"
0c17af9d3f9323136a94e66605776ed4462a172dTimo Sirainen#include "master-service-settings-cache.h"
0c17af9d3f9323136a94e66605776ed4462a172dTimo Sirainen#include "login-settings.h"
0c17af9d3f9323136a94e66605776ed4462a172dTimo Sirainen
0c17af9d3f9323136a94e66605776ed4462a172dTimo Sirainen#include <stddef.h>
0c17af9d3f9323136a94e66605776ed4462a172dTimo Sirainen#include <unistd.h>
137ea7ca34005345aa2304a940149b7f3774d727Timo Sirainen
0c17af9d3f9323136a94e66605776ed4462a172dTimo Sirainenstatic bool login_settings_check(void *_set, pool_t pool, const char **error_r);
0c17af9d3f9323136a94e66605776ed4462a172dTimo Sirainen
0c17af9d3f9323136a94e66605776ed4462a172dTimo Sirainen#undef DEF
0c17af9d3f9323136a94e66605776ed4462a172dTimo Sirainen#define DEF(type, name) \
0c17af9d3f9323136a94e66605776ed4462a172dTimo Sirainen    { type, #name, offsetof(struct login_settings, name), NULL }
0c17af9d3f9323136a94e66605776ed4462a172dTimo Sirainen
0c17af9d3f9323136a94e66605776ed4462a172dTimo Sirainenstatic const struct setting_define login_setting_defines[] = {
0c17af9d3f9323136a94e66605776ed4462a172dTimo Sirainen    DEF(SET_STR, login_trusted_networks),
0c17af9d3f9323136a94e66605776ed4462a172dTimo Sirainen    DEF(SET_STR_VARS, login_greeting),
0c17af9d3f9323136a94e66605776ed4462a172dTimo Sirainen    DEF(SET_STR, login_log_format_elements),
0c17af9d3f9323136a94e66605776ed4462a172dTimo Sirainen    DEF(SET_STR, login_log_format),
0c17af9d3f9323136a94e66605776ed4462a172dTimo Sirainen    DEF(SET_STR, login_access_sockets),
0c17af9d3f9323136a94e66605776ed4462a172dTimo Sirainen    DEF(SET_STR, director_username_hash),
0c17af9d3f9323136a94e66605776ed4462a172dTimo Sirainen
0c17af9d3f9323136a94e66605776ed4462a172dTimo Sirainen    DEF(SET_STR, ssl_client_cert),
0c17af9d3f9323136a94e66605776ed4462a172dTimo Sirainen    DEF(SET_STR, ssl_client_key),
0c17af9d3f9323136a94e66605776ed4462a172dTimo Sirainen    DEF(SET_BOOL, ssl_require_crl),
0c17af9d3f9323136a94e66605776ed4462a172dTimo Sirainen    DEF(SET_BOOL, auth_ssl_require_client_cert),
0c17af9d3f9323136a94e66605776ed4462a172dTimo Sirainen    DEF(SET_BOOL, auth_ssl_username_from_cert),
0c17af9d3f9323136a94e66605776ed4462a172dTimo Sirainen
0c17af9d3f9323136a94e66605776ed4462a172dTimo Sirainen    DEF(SET_BOOL, disable_plaintext_auth),
0c17af9d3f9323136a94e66605776ed4462a172dTimo Sirainen    DEF(SET_BOOL, auth_verbose),
0c17af9d3f9323136a94e66605776ed4462a172dTimo Sirainen    DEF(SET_BOOL, auth_debug),
0c17af9d3f9323136a94e66605776ed4462a172dTimo Sirainen    DEF(SET_BOOL, verbose_proctitle),
0c17af9d3f9323136a94e66605776ed4462a172dTimo Sirainen
0c17af9d3f9323136a94e66605776ed4462a172dTimo Sirainen    DEF(SET_UINT, mail_max_userip_connections),
0c17af9d3f9323136a94e66605776ed4462a172dTimo Sirainen
0c17af9d3f9323136a94e66605776ed4462a172dTimo Sirainen    SETTING_DEFINE_LIST_END
0c17af9d3f9323136a94e66605776ed4462a172dTimo Sirainen};
0c17af9d3f9323136a94e66605776ed4462a172dTimo Sirainen
0c17af9d3f9323136a94e66605776ed4462a172dTimo Sirainenstatic const struct login_settings login_default_settings = {
0c17af9d3f9323136a94e66605776ed4462a172dTimo Sirainen    .login_trusted_networks = "",
0c17af9d3f9323136a94e66605776ed4462a172dTimo Sirainen    .login_greeting = PACKAGE_NAME" ready.",
0c17af9d3f9323136a94e66605776ed4462a172dTimo Sirainen    .login_log_format_elements = "user=<%u> method=%m rip=%r lip=%l mpid=%e %c session=<%{session}>",
0c17af9d3f9323136a94e66605776ed4462a172dTimo Sirainen    .login_log_format = "%$: %s",
0c17af9d3f9323136a94e66605776ed4462a172dTimo Sirainen    .login_access_sockets = "",
0c17af9d3f9323136a94e66605776ed4462a172dTimo Sirainen    .director_username_hash = "%u",
0c17af9d3f9323136a94e66605776ed4462a172dTimo Sirainen
0c17af9d3f9323136a94e66605776ed4462a172dTimo Sirainen    .ssl_client_cert = "",
0c17af9d3f9323136a94e66605776ed4462a172dTimo Sirainen    .ssl_client_key = "",
0c17af9d3f9323136a94e66605776ed4462a172dTimo Sirainen    .ssl_require_crl = TRUE,
0c17af9d3f9323136a94e66605776ed4462a172dTimo Sirainen    .auth_ssl_require_client_cert = FALSE,
0c17af9d3f9323136a94e66605776ed4462a172dTimo Sirainen    .auth_ssl_username_from_cert = FALSE,
0c17af9d3f9323136a94e66605776ed4462a172dTimo Sirainen
0c17af9d3f9323136a94e66605776ed4462a172dTimo Sirainen    .disable_plaintext_auth = TRUE,
0c17af9d3f9323136a94e66605776ed4462a172dTimo Sirainen    .auth_verbose = FALSE,
0c17af9d3f9323136a94e66605776ed4462a172dTimo Sirainen    .auth_debug = FALSE,
0c17af9d3f9323136a94e66605776ed4462a172dTimo Sirainen    .verbose_proctitle = FALSE,
0c17af9d3f9323136a94e66605776ed4462a172dTimo Sirainen
0c17af9d3f9323136a94e66605776ed4462a172dTimo Sirainen    .mail_max_userip_connections = 10
0c17af9d3f9323136a94e66605776ed4462a172dTimo Sirainen};
0c17af9d3f9323136a94e66605776ed4462a172dTimo Sirainen
0c17af9d3f9323136a94e66605776ed4462a172dTimo Sirainenconst struct setting_parser_info login_setting_parser_info = {
0c17af9d3f9323136a94e66605776ed4462a172dTimo Sirainen    .module_name = "login",
0c17af9d3f9323136a94e66605776ed4462a172dTimo Sirainen    .defines = login_setting_defines,
0c17af9d3f9323136a94e66605776ed4462a172dTimo Sirainen    .defaults = &login_default_settings,
0c17af9d3f9323136a94e66605776ed4462a172dTimo Sirainen
0c17af9d3f9323136a94e66605776ed4462a172dTimo Sirainen    .type_offset = (size_t)-1,
0c17af9d3f9323136a94e66605776ed4462a172dTimo Sirainen    .struct_size = sizeof(struct login_settings),
0c17af9d3f9323136a94e66605776ed4462a172dTimo Sirainen
0c17af9d3f9323136a94e66605776ed4462a172dTimo Sirainen    .parent_offset = (size_t)-1,
0c17af9d3f9323136a94e66605776ed4462a172dTimo Sirainen
0c17af9d3f9323136a94e66605776ed4462a172dTimo Sirainen    .check_func = login_settings_check
0c17af9d3f9323136a94e66605776ed4462a172dTimo Sirainen};
0c17af9d3f9323136a94e66605776ed4462a172dTimo Sirainen
0c17af9d3f9323136a94e66605776ed4462a172dTimo Sirainenstatic const struct setting_parser_info *default_login_set_roots[] = {
0c17af9d3f9323136a94e66605776ed4462a172dTimo Sirainen    &login_setting_parser_info,
0c17af9d3f9323136a94e66605776ed4462a172dTimo Sirainen    NULL
0c17af9d3f9323136a94e66605776ed4462a172dTimo Sirainen};
0c17af9d3f9323136a94e66605776ed4462a172dTimo Sirainen
0c17af9d3f9323136a94e66605776ed4462a172dTimo Sirainenconst struct setting_parser_info **login_set_roots = default_login_set_roots;
0c17af9d3f9323136a94e66605776ed4462a172dTimo Sirainen
0c17af9d3f9323136a94e66605776ed4462a172dTimo Sirainenstatic struct master_service_settings_cache *set_cache;
0c17af9d3f9323136a94e66605776ed4462a172dTimo Sirainen
0c17af9d3f9323136a94e66605776ed4462a172dTimo Sirainen/* <settings checks> */
0c17af9d3f9323136a94e66605776ed4462a172dTimo Sirainenstatic bool login_settings_check(void *_set, pool_t pool,
0c17af9d3f9323136a94e66605776ed4462a172dTimo Sirainen                 const char **error_r ATTR_UNUSED)
0c17af9d3f9323136a94e66605776ed4462a172dTimo Sirainen{
0c17af9d3f9323136a94e66605776ed4462a172dTimo Sirainen    struct login_settings *set = _set;
0c17af9d3f9323136a94e66605776ed4462a172dTimo Sirainen
0c17af9d3f9323136a94e66605776ed4462a172dTimo Sirainen    set->log_format_elements_split =
0c17af9d3f9323136a94e66605776ed4462a172dTimo Sirainen        p_strsplit(pool, set->login_log_format_elements, " ");
0c17af9d3f9323136a94e66605776ed4462a172dTimo Sirainen
0c17af9d3f9323136a94e66605776ed4462a172dTimo Sirainen    if (set->auth_debug_passwords)
0c17af9d3f9323136a94e66605776ed4462a172dTimo Sirainen        set->auth_debug = TRUE;
0c17af9d3f9323136a94e66605776ed4462a172dTimo Sirainen    if (set->auth_debug)
0c17af9d3f9323136a94e66605776ed4462a172dTimo Sirainen        set->auth_verbose = TRUE;
0c17af9d3f9323136a94e66605776ed4462a172dTimo Sirainen    return TRUE;
0c17af9d3f9323136a94e66605776ed4462a172dTimo Sirainen}
0c17af9d3f9323136a94e66605776ed4462a172dTimo Sirainen/* </settings checks> */
0c17af9d3f9323136a94e66605776ed4462a172dTimo Sirainen
0c17af9d3f9323136a94e66605776ed4462a172dTimo Sirainenstatic const struct var_expand_table *
0c17af9d3f9323136a94e66605776ed4462a172dTimo Sirainenlogin_set_var_expand_table(const struct master_service_settings_input *input)
0c17af9d3f9323136a94e66605776ed4462a172dTimo Sirainen{
0c17af9d3f9323136a94e66605776ed4462a172dTimo Sirainen    static struct var_expand_table static_tab[] = {
0c17af9d3f9323136a94e66605776ed4462a172dTimo Sirainen        { 'l', NULL, "lip" },
0c17af9d3f9323136a94e66605776ed4462a172dTimo Sirainen        { 'r', NULL, "rip" },
0c17af9d3f9323136a94e66605776ed4462a172dTimo Sirainen        { 'p', NULL, "pid" },
0c17af9d3f9323136a94e66605776ed4462a172dTimo Sirainen        { 's', NULL, "service" },
0c17af9d3f9323136a94e66605776ed4462a172dTimo Sirainen        { '\0', NULL, NULL }
0c17af9d3f9323136a94e66605776ed4462a172dTimo Sirainen    };
0c17af9d3f9323136a94e66605776ed4462a172dTimo Sirainen    struct var_expand_table *tab;
0c17af9d3f9323136a94e66605776ed4462a172dTimo Sirainen
0c17af9d3f9323136a94e66605776ed4462a172dTimo Sirainen    tab = t_malloc(sizeof(static_tab));
0c17af9d3f9323136a94e66605776ed4462a172dTimo Sirainen    memcpy(tab, static_tab, sizeof(static_tab));
0c17af9d3f9323136a94e66605776ed4462a172dTimo Sirainen
0c17af9d3f9323136a94e66605776ed4462a172dTimo Sirainen    tab[0].value = net_ip2addr(&input->local_ip);
0c17af9d3f9323136a94e66605776ed4462a172dTimo Sirainen    tab[1].value = net_ip2addr(&input->remote_ip);
0c17af9d3f9323136a94e66605776ed4462a172dTimo Sirainen    tab[2].value = my_pid;
0c17af9d3f9323136a94e66605776ed4462a172dTimo Sirainen    tab[3].value = input->service;
0c17af9d3f9323136a94e66605776ed4462a172dTimo Sirainen    return tab;
0c17af9d3f9323136a94e66605776ed4462a172dTimo Sirainen}
0c17af9d3f9323136a94e66605776ed4462a172dTimo Sirainen
0c17af9d3f9323136a94e66605776ed4462a172dTimo Sirainenstatic void *
0c17af9d3f9323136a94e66605776ed4462a172dTimo Sirainenlogin_setting_dup(pool_t pool, const struct setting_parser_info *info,
0c17af9d3f9323136a94e66605776ed4462a172dTimo Sirainen          const void *src_set)
0c17af9d3f9323136a94e66605776ed4462a172dTimo Sirainen{
0c17af9d3f9323136a94e66605776ed4462a172dTimo Sirainen    const char *error;
0c17af9d3f9323136a94e66605776ed4462a172dTimo Sirainen    void *dest;
0c17af9d3f9323136a94e66605776ed4462a172dTimo Sirainen
0c17af9d3f9323136a94e66605776ed4462a172dTimo Sirainen    dest = settings_dup(info, src_set, pool);
0c17af9d3f9323136a94e66605776ed4462a172dTimo Sirainen    if (!settings_check(info, pool, dest, &error)) {
0c17af9d3f9323136a94e66605776ed4462a172dTimo Sirainen        const char *name = info->module_name;
0c17af9d3f9323136a94e66605776ed4462a172dTimo Sirainen
0c17af9d3f9323136a94e66605776ed4462a172dTimo Sirainen        i_fatal("settings_check(%s) failed: %s",
0c17af9d3f9323136a94e66605776ed4462a172dTimo Sirainen            name != NULL ? name : "unknown", error);
0c17af9d3f9323136a94e66605776ed4462a172dTimo Sirainen    }
0c17af9d3f9323136a94e66605776ed4462a172dTimo Sirainen    return dest;
0c17af9d3f9323136a94e66605776ed4462a172dTimo Sirainen}
0c17af9d3f9323136a94e66605776ed4462a172dTimo Sirainen
0c17af9d3f9323136a94e66605776ed4462a172dTimo Sirainenstruct login_settings *
0c17af9d3f9323136a94e66605776ed4462a172dTimo Sirainenlogin_settings_read(pool_t pool,
0c17af9d3f9323136a94e66605776ed4462a172dTimo Sirainen            const struct ip_addr *local_ip,
0c17af9d3f9323136a94e66605776ed4462a172dTimo Sirainen            const struct ip_addr *remote_ip,
0c17af9d3f9323136a94e66605776ed4462a172dTimo Sirainen            const char *local_name,
0c17af9d3f9323136a94e66605776ed4462a172dTimo Sirainen            const struct master_service_ssl_settings **ssl_set_r,
0c17af9d3f9323136a94e66605776ed4462a172dTimo Sirainen            void ***other_settings_r)
0c17af9d3f9323136a94e66605776ed4462a172dTimo Sirainen{
0c17af9d3f9323136a94e66605776ed4462a172dTimo Sirainen    struct master_service_settings_input input;
0c17af9d3f9323136a94e66605776ed4462a172dTimo Sirainen    const char *error;
0c17af9d3f9323136a94e66605776ed4462a172dTimo Sirainen    const struct setting_parser_context *parser;
0c17af9d3f9323136a94e66605776ed4462a172dTimo Sirainen    void *const *cache_sets;
0c17af9d3f9323136a94e66605776ed4462a172dTimo Sirainen    void **sets;
0c17af9d3f9323136a94e66605776ed4462a172dTimo Sirainen    unsigned int i, count;
0c17af9d3f9323136a94e66605776ed4462a172dTimo Sirainen
0c17af9d3f9323136a94e66605776ed4462a172dTimo Sirainen    memset(&input, 0, sizeof(input));
0c17af9d3f9323136a94e66605776ed4462a172dTimo Sirainen    input.roots = login_set_roots;
0c17af9d3f9323136a94e66605776ed4462a172dTimo Sirainen    input.module = login_binary->process_name;
0c17af9d3f9323136a94e66605776ed4462a172dTimo Sirainen    input.service = login_binary->protocol;
0c17af9d3f9323136a94e66605776ed4462a172dTimo Sirainen    input.local_name = local_name;
0c17af9d3f9323136a94e66605776ed4462a172dTimo Sirainen
0c17af9d3f9323136a94e66605776ed4462a172dTimo Sirainen    if (local_ip != NULL)
0c17af9d3f9323136a94e66605776ed4462a172dTimo Sirainen        input.local_ip = *local_ip;
0c17af9d3f9323136a94e66605776ed4462a172dTimo Sirainen    if (remote_ip != NULL)
0c17af9d3f9323136a94e66605776ed4462a172dTimo Sirainen        input.remote_ip = *remote_ip;
0c17af9d3f9323136a94e66605776ed4462a172dTimo Sirainen
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen    if (set_cache == NULL) {
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen        set_cache = master_service_settings_cache_init(master_service,
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen                                   input.module,
16f816d3f3c32ae3351834253f52ddd0212bcbf3Timo Sirainen                                   input.service);
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen    }
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen    if (master_service_settings_cache_read(set_cache, &input, NULL,
4dc8837ab37c1a606add1067e21ed868754db4e3Timo Sirainen                           &parser, &error) < 0)
8e5fedd9ada47735be8ac0f8af2a66e8528bd776Timo Sirainen        i_fatal("Error reading configuration: %s", error);
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen    cache_sets = master_service_settings_parser_get_others(master_service, parser);
e8bdf1be00aec45d0c6dd72ad9c8be02a3dfc778Timo Sirainen    for (count = 0; input.roots[count] != NULL; count++) ;
5fb3bff645380804c9db2510940c41db6b8fdb01Timo Sirainen    i_assert(cache_sets[count] == NULL);
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen    sets = p_new(pool, void *, count + 1);
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen    for (i = 0; i < count; i++)
e06c0b65c16ccce69bbee009ead14d7d3d17a256Timo Sirainen        sets[i] = login_setting_dup(pool, input.roots[i], cache_sets[i]);
2abfef71398a61e5ed97c23a1ceb71461933ccb8Timo Sirainen
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen    settings_var_expand(&login_setting_parser_info, sets[0], pool,
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen                login_set_var_expand_table(&input));
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen    *ssl_set_r =
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen        login_setting_dup(pool, &master_service_ssl_setting_parser_info,
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen                  settings_parser_get_list(parser)[1]);
b66a7b7ab0db2c9ad425912d3f21a36fcf76d876Timo Sirainen    *other_settings_r = sets + 1;
b66a7b7ab0db2c9ad425912d3f21a36fcf76d876Timo Sirainen    return sets[0];
b66a7b7ab0db2c9ad425912d3f21a36fcf76d876Timo Sirainen}
b66a7b7ab0db2c9ad425912d3f21a36fcf76d876Timo Sirainen
b66a7b7ab0db2c9ad425912d3f21a36fcf76d876Timo Sirainenvoid login_settings_deinit(void)
b66a7b7ab0db2c9ad425912d3f21a36fcf76d876Timo Sirainen{
b66a7b7ab0db2c9ad425912d3f21a36fcf76d876Timo Sirainen    if (set_cache != NULL)
b66a7b7ab0db2c9ad425912d3f21a36fcf76d876Timo Sirainen        master_service_settings_cache_deinit(&set_cache);
cbf7138b49d32fce0645dc6523fbb42cc07cb2faTimo Sirainen}
cbf7138b49d32fce0645dc6523fbb42cc07cb2faTimo Sirainen