login-settings.c revision 7bafda1813454621e03615e83d55bccfa7cc56bd
5f5870385cff47efd2f58e7892f251cf13761528Timo Sirainen/* Copyright (c) 2005-2009 Dovecot authors, see the included COPYING file */
b6b9c99fefbbc662bd9a0006566133c4480bf0e8Timo Sirainenstatic bool login_settings_check(void *_set, pool_t pool, const char **error_r);
2670cd577aa57eb9f915a4f4220ae48c9b4fc5fbTimo Sirainen { type, #name, offsetof(struct login_settings, name), NULL }
2670cd577aa57eb9f915a4f4220ae48c9b4fc5fbTimo Sirainenstatic const struct setting_define login_setting_defines[] = {
447bf65ddb82ec279e7386828748ef47e199a6afTimo Sirainenstatic const struct login_settings login_default_settings = {
2670cd577aa57eb9f915a4f4220ae48c9b4fc5fbTimo Sirainen .login_log_format_elements = "user=<%u> method=%m rip=%r lip=%l %c",
2670cd577aa57eb9f915a4f4220ae48c9b4fc5fbTimo Sirainen .ssl_cipher_list = "ALL:!LOW:!SSLv2:!EXP:!aNULL",
2670cd577aa57eb9f915a4f4220ae48c9b4fc5fbTimo Sirainenconst struct setting_parser_info login_setting_parser_info = {
447bf65ddb82ec279e7386828748ef47e199a6afTimo Sirainenstatic const struct setting_parser_info *default_login_set_roots[] = {
447bf65ddb82ec279e7386828748ef47e199a6afTimo Sirainenconst struct setting_parser_info **login_set_roots = default_login_set_roots;
447bf65ddb82ec279e7386828748ef47e199a6afTimo Sirainen/* <settings checks> */
447bf65ddb82ec279e7386828748ef47e199a6afTimo Sirainenstatic int ssl_settings_check(void *_set ATTR_UNUSED, const char **error_r)
447bf65ddb82ec279e7386828748ef47e199a6afTimo Sirainen *error_r = t_strdup_printf("SSL support not compiled in but ssl=%s",
447bf65ddb82ec279e7386828748ef47e199a6afTimo Sirainen *error_r = "ssl enabled, but ssl_cert not set";
447bf65ddb82ec279e7386828748ef47e199a6afTimo Sirainen *error_r = "ssl enabled, but ssl_key not set";
447bf65ddb82ec279e7386828748ef47e199a6afTimo Sirainen if (set->ssl_verify_client_cert && *set->ssl_ca_file == '\0') {
447bf65ddb82ec279e7386828748ef47e199a6afTimo Sirainen *error_r = "ssl_verify_client_cert set, but ssl_ca_file not";
447bf65ddb82ec279e7386828748ef47e199a6afTimo Sirainen if (*set->ssl_ca_file != '\0' && access(set->ssl_ca_file, R_OK) < 0) {
447bf65ddb82ec279e7386828748ef47e199a6afTimo Sirainen *error_r = t_strdup_printf("ssl_ca_file: access(%s) failed: %m",
2670cd577aa57eb9f915a4f4220ae48c9b4fc5fbTimo Sirainenstatic bool login_settings_check(void *_set, pool_t pool, const char **error_r)
447bf65ddb82ec279e7386828748ef47e199a6afTimo Sirainen p_strsplit(pool, set->login_log_format_elements, " ");
447bf65ddb82ec279e7386828748ef47e199a6afTimo Sirainen if (set->ssl_require_client_cert || set->ssl_username_from_cert) {
447bf65ddb82ec279e7386828748ef47e199a6afTimo Sirainen /* if we require valid cert, make sure we also ask for it */
2670cd577aa57eb9f915a4f4220ae48c9b4fc5fbTimo Sirainen /* disabled */
2670cd577aa57eb9f915a4f4220ae48c9b4fc5fbTimo Sirainen } else if (strcmp(set->ssl, "required") == 0) {
447bf65ddb82ec279e7386828748ef47e199a6afTimo Sirainen *error_r = t_strdup_printf("Unknown ssl setting value: %s",
447bf65ddb82ec279e7386828748ef47e199a6afTimo Sirainen/* </settings checks> */
447bf65ddb82ec279e7386828748ef47e199a6afTimo Sirainenstatic const struct var_expand_table *
447bf65ddb82ec279e7386828748ef47e199a6afTimo Sirainenlogin_set_var_expand_table(const struct master_service_settings_input *input)
447bf65ddb82ec279e7386828748ef47e199a6afTimo Sirainen static struct var_expand_table static_tab[] = {
2670cd577aa57eb9f915a4f4220ae48c9b4fc5fbTimo Sirainen tab[1].value = net_ip2addr(&input->remote_ip);
2670cd577aa57eb9f915a4f4220ae48c9b4fc5fbTimo Sirainenlogin_settings_read(struct master_service *service, pool_t pool,
2670cd577aa57eb9f915a4f4220ae48c9b4fc5fbTimo Sirainen unsigned int i;
b6b9c99fefbbc662bd9a0006566133c4480bf0e8Timo Sirainen /* this function always clears the previous settings pool. since we're
b6b9c99fefbbc662bd9a0006566133c4480bf0e8Timo Sirainen doing per-connection lookups, we always need to duplicate the
b6b9c99fefbbc662bd9a0006566133c4480bf0e8Timo Sirainen settings using another pool. */
b6b9c99fefbbc662bd9a0006566133c4480bf0e8Timo Sirainen if (master_service_settings_read(service, &input, &error) < 0)
b6b9c99fefbbc662bd9a0006566133c4480bf0e8Timo Sirainen i_fatal("Error reading configuration: %s", error);
b6b9c99fefbbc662bd9a0006566133c4480bf0e8Timo Sirainen sets = master_service_settings_get_others(service);
b6b9c99fefbbc662bd9a0006566133c4480bf0e8Timo Sirainen sets[i] = settings_dup(input.roots[i], sets[i], pool);
2670cd577aa57eb9f915a4f4220ae48c9b4fc5fbTimo Sirainen if (!settings_check(input.roots[i], pool, sets[i], &error)) {
2670cd577aa57eb9f915a4f4220ae48c9b4fc5fbTimo Sirainen const char *name = input.roots[i]->module_name;