src/login-common/login-settings.c

	login-settings.c revision f29756821a4c6b12b73e4a2a3e1c230117a43773
56dd928c164ec5c0d1158a1760154b58c5f1f6e7Stephan Bosch/* Copyright (c) 2005-2012 Dovecot authors, see the included COPYING file */
56dd928c164ec5c0d1158a1760154b58c5f1f6e7Stephan Bosch
56dd928c164ec5c0d1158a1760154b58c5f1f6e7Stephan Bosch#include "login-common.h"
56dd928c164ec5c0d1158a1760154b58c5f1f6e7Stephan Bosch#include "hostpid.h"
56dd928c164ec5c0d1158a1760154b58c5f1f6e7Stephan Bosch#include "var-expand.h"
56dd928c164ec5c0d1158a1760154b58c5f1f6e7Stephan Bosch#include "settings-parser.h"
56dd928c164ec5c0d1158a1760154b58c5f1f6e7Stephan Bosch#include "master-service.h"
56dd928c164ec5c0d1158a1760154b58c5f1f6e7Stephan Bosch#include "master-service-settings.h"
56dd928c164ec5c0d1158a1760154b58c5f1f6e7Stephan Bosch#include "master-service-ssl-settings.h"
56dd928c164ec5c0d1158a1760154b58c5f1f6e7Stephan Bosch#include "master-service-settings-cache.h"
56dd928c164ec5c0d1158a1760154b58c5f1f6e7Stephan Bosch#include "login-settings.h"
56dd928c164ec5c0d1158a1760154b58c5f1f6e7Stephan Bosch
56dd928c164ec5c0d1158a1760154b58c5f1f6e7Stephan Bosch#include <stddef.h>
56dd928c164ec5c0d1158a1760154b58c5f1f6e7Stephan Bosch#include <unistd.h>
56dd928c164ec5c0d1158a1760154b58c5f1f6e7Stephan Bosch
56dd928c164ec5c0d1158a1760154b58c5f1f6e7Stephan Boschstatic bool login_settings_check(void *_set, pool_t pool, const char **error_r);
56dd928c164ec5c0d1158a1760154b58c5f1f6e7Stephan Bosch
56dd928c164ec5c0d1158a1760154b58c5f1f6e7Stephan Bosch#undef DEF
56dd928c164ec5c0d1158a1760154b58c5f1f6e7Stephan Bosch#define DEF(type, name) \
56dd928c164ec5c0d1158a1760154b58c5f1f6e7Stephan Bosch    { type, #name, offsetof(struct login_settings, name), NULL }
56dd928c164ec5c0d1158a1760154b58c5f1f6e7Stephan Bosch
56dd928c164ec5c0d1158a1760154b58c5f1f6e7Stephan Boschstatic const struct setting_define login_setting_defines[] = {
56dd928c164ec5c0d1158a1760154b58c5f1f6e7Stephan Bosch    DEF(SET_STR, login_trusted_networks),
56dd928c164ec5c0d1158a1760154b58c5f1f6e7Stephan Bosch    DEF(SET_STR_VARS, login_greeting),
56dd928c164ec5c0d1158a1760154b58c5f1f6e7Stephan Bosch    DEF(SET_STR, login_log_format_elements),
56dd928c164ec5c0d1158a1760154b58c5f1f6e7Stephan Bosch    DEF(SET_STR, login_log_format),
56dd928c164ec5c0d1158a1760154b58c5f1f6e7Stephan Bosch    DEF(SET_STR, login_access_sockets),
56dd928c164ec5c0d1158a1760154b58c5f1f6e7Stephan Bosch    DEF(SET_STR, director_username_hash),
56dd928c164ec5c0d1158a1760154b58c5f1f6e7Stephan Bosch
56dd928c164ec5c0d1158a1760154b58c5f1f6e7Stephan Bosch    DEF(SET_STR, ssl_client_cert),
56dd928c164ec5c0d1158a1760154b58c5f1f6e7Stephan Bosch    DEF(SET_STR, ssl_client_key),
56dd928c164ec5c0d1158a1760154b58c5f1f6e7Stephan Bosch    DEF(SET_BOOL, ssl_require_crl),
56dd928c164ec5c0d1158a1760154b58c5f1f6e7Stephan Bosch    DEF(SET_BOOL, auth_ssl_require_client_cert),
56dd928c164ec5c0d1158a1760154b58c5f1f6e7Stephan Bosch    DEF(SET_BOOL, auth_ssl_username_from_cert),
56dd928c164ec5c0d1158a1760154b58c5f1f6e7Stephan Bosch
56dd928c164ec5c0d1158a1760154b58c5f1f6e7Stephan Bosch    DEF(SET_BOOL, disable_plaintext_auth),
56dd928c164ec5c0d1158a1760154b58c5f1f6e7Stephan Bosch    DEF(SET_BOOL, auth_verbose),
56dd928c164ec5c0d1158a1760154b58c5f1f6e7Stephan Bosch    DEF(SET_BOOL, auth_debug),
56dd928c164ec5c0d1158a1760154b58c5f1f6e7Stephan Bosch    DEF(SET_BOOL, verbose_proctitle),
56dd928c164ec5c0d1158a1760154b58c5f1f6e7Stephan Bosch
56dd928c164ec5c0d1158a1760154b58c5f1f6e7Stephan Bosch    DEF(SET_UINT, mail_max_userip_connections),
56dd928c164ec5c0d1158a1760154b58c5f1f6e7Stephan Bosch
56dd928c164ec5c0d1158a1760154b58c5f1f6e7Stephan Bosch    SETTING_DEFINE_LIST_END
56dd928c164ec5c0d1158a1760154b58c5f1f6e7Stephan Bosch};
56dd928c164ec5c0d1158a1760154b58c5f1f6e7Stephan Bosch
1d4c4128808d04cf4b8396ce04ce524da9194782Stephan Boschstatic const struct login_settings login_default_settings = {
56dd928c164ec5c0d1158a1760154b58c5f1f6e7Stephan Bosch    .login_trusted_networks = "",
56dd928c164ec5c0d1158a1760154b58c5f1f6e7Stephan Bosch    .login_greeting = PACKAGE_NAME" ready.",
56dd928c164ec5c0d1158a1760154b58c5f1f6e7Stephan Bosch    .login_log_format_elements = "user=<%u> method=%m rip=%r lip=%l mpid=%e %c session=<%{session}>",
56dd928c164ec5c0d1158a1760154b58c5f1f6e7Stephan Bosch    .login_log_format = "%$: %s",
56dd928c164ec5c0d1158a1760154b58c5f1f6e7Stephan Bosch    .login_access_sockets = "",
1d4c4128808d04cf4b8396ce04ce524da9194782Stephan Bosch    .director_username_hash = "%u",
1d4c4128808d04cf4b8396ce04ce524da9194782Stephan Bosch
1d4c4128808d04cf4b8396ce04ce524da9194782Stephan Bosch    .ssl_client_cert = "",
1d4c4128808d04cf4b8396ce04ce524da9194782Stephan Bosch    .ssl_client_key = "",
1d4c4128808d04cf4b8396ce04ce524da9194782Stephan Bosch    .ssl_require_crl = TRUE,
1d4c4128808d04cf4b8396ce04ce524da9194782Stephan Bosch    .auth_ssl_require_client_cert = FALSE,
1d4c4128808d04cf4b8396ce04ce524da9194782Stephan Bosch    .auth_ssl_username_from_cert = FALSE,
1d4c4128808d04cf4b8396ce04ce524da9194782Stephan Bosch
56dd928c164ec5c0d1158a1760154b58c5f1f6e7Stephan Bosch    .disable_plaintext_auth = TRUE,
56dd928c164ec5c0d1158a1760154b58c5f1f6e7Stephan Bosch    .auth_verbose = FALSE,
56dd928c164ec5c0d1158a1760154b58c5f1f6e7Stephan Bosch    .auth_debug = FALSE,
56dd928c164ec5c0d1158a1760154b58c5f1f6e7Stephan Bosch    .verbose_proctitle = FALSE,
56dd928c164ec5c0d1158a1760154b58c5f1f6e7Stephan Bosch
56dd928c164ec5c0d1158a1760154b58c5f1f6e7Stephan Bosch    .mail_max_userip_connections = 10
56dd928c164ec5c0d1158a1760154b58c5f1f6e7Stephan Bosch};
56dd928c164ec5c0d1158a1760154b58c5f1f6e7Stephan Bosch
56dd928c164ec5c0d1158a1760154b58c5f1f6e7Stephan Boschconst struct setting_parser_info login_setting_parser_info = {
56dd928c164ec5c0d1158a1760154b58c5f1f6e7Stephan Bosch    .module_name = "login",
56dd928c164ec5c0d1158a1760154b58c5f1f6e7Stephan Bosch    .defines = login_setting_defines,
56dd928c164ec5c0d1158a1760154b58c5f1f6e7Stephan Bosch    .defaults = &login_default_settings,
56dd928c164ec5c0d1158a1760154b58c5f1f6e7Stephan Bosch
56dd928c164ec5c0d1158a1760154b58c5f1f6e7Stephan Bosch    .type_offset = (size_t)-1,
56dd928c164ec5c0d1158a1760154b58c5f1f6e7Stephan Bosch    .struct_size = sizeof(struct login_settings),
56dd928c164ec5c0d1158a1760154b58c5f1f6e7Stephan Bosch
56dd928c164ec5c0d1158a1760154b58c5f1f6e7Stephan Bosch    .parent_offset = (size_t)-1,
56dd928c164ec5c0d1158a1760154b58c5f1f6e7Stephan Bosch
56dd928c164ec5c0d1158a1760154b58c5f1f6e7Stephan Bosch    .check_func = login_settings_check
56dd928c164ec5c0d1158a1760154b58c5f1f6e7Stephan Bosch};
56dd928c164ec5c0d1158a1760154b58c5f1f6e7Stephan Bosch
56dd928c164ec5c0d1158a1760154b58c5f1f6e7Stephan Boschstatic const struct setting_parser_info *default_login_set_roots[] = {
56dd928c164ec5c0d1158a1760154b58c5f1f6e7Stephan Bosch    &login_setting_parser_info,
56dd928c164ec5c0d1158a1760154b58c5f1f6e7Stephan Bosch    NULL
56dd928c164ec5c0d1158a1760154b58c5f1f6e7Stephan Bosch};
56dd928c164ec5c0d1158a1760154b58c5f1f6e7Stephan Bosch
56dd928c164ec5c0d1158a1760154b58c5f1f6e7Stephan Boschconst struct setting_parser_info **login_set_roots = default_login_set_roots;
56dd928c164ec5c0d1158a1760154b58c5f1f6e7Stephan Bosch
56dd928c164ec5c0d1158a1760154b58c5f1f6e7Stephan Boschstatic struct master_service_settings_cache *set_cache;
56dd928c164ec5c0d1158a1760154b58c5f1f6e7Stephan Bosch
56dd928c164ec5c0d1158a1760154b58c5f1f6e7Stephan Bosch/* <settings checks> */
56dd928c164ec5c0d1158a1760154b58c5f1f6e7Stephan Boschstatic bool login_settings_check(void *_set, pool_t pool,
56dd928c164ec5c0d1158a1760154b58c5f1f6e7Stephan Bosch                 const char **error_r ATTR_UNUSED)
56dd928c164ec5c0d1158a1760154b58c5f1f6e7Stephan Bosch{
56dd928c164ec5c0d1158a1760154b58c5f1f6e7Stephan Bosch    struct login_settings *set = _set;
56dd928c164ec5c0d1158a1760154b58c5f1f6e7Stephan Bosch
56dd928c164ec5c0d1158a1760154b58c5f1f6e7Stephan Bosch    set->log_format_elements_split =
56dd928c164ec5c0d1158a1760154b58c5f1f6e7Stephan Bosch        p_strsplit(pool, set->login_log_format_elements, " ");
56dd928c164ec5c0d1158a1760154b58c5f1f6e7Stephan Bosch
56dd928c164ec5c0d1158a1760154b58c5f1f6e7Stephan Bosch    if (set->auth_debug_passwords)
56dd928c164ec5c0d1158a1760154b58c5f1f6e7Stephan Bosch        set->auth_debug = TRUE;
56dd928c164ec5c0d1158a1760154b58c5f1f6e7Stephan Bosch    if (set->auth_debug)
56dd928c164ec5c0d1158a1760154b58c5f1f6e7Stephan Bosch        set->auth_verbose = TRUE;
56dd928c164ec5c0d1158a1760154b58c5f1f6e7Stephan Bosch    return TRUE;
56dd928c164ec5c0d1158a1760154b58c5f1f6e7Stephan Bosch}
56dd928c164ec5c0d1158a1760154b58c5f1f6e7Stephan Bosch/* </settings checks> */
56dd928c164ec5c0d1158a1760154b58c5f1f6e7Stephan Bosch
56dd928c164ec5c0d1158a1760154b58c5f1f6e7Stephan Boschstatic const struct var_expand_table *
56dd928c164ec5c0d1158a1760154b58c5f1f6e7Stephan Boschlogin_set_var_expand_table(const struct master_service_settings_input *input)
56dd928c164ec5c0d1158a1760154b58c5f1f6e7Stephan Bosch{
56dd928c164ec5c0d1158a1760154b58c5f1f6e7Stephan Bosch    static struct var_expand_table static_tab[] = {
56dd928c164ec5c0d1158a1760154b58c5f1f6e7Stephan Bosch        { 'l', NULL, "lip" },
56dd928c164ec5c0d1158a1760154b58c5f1f6e7Stephan Bosch        { 'r', NULL, "rip" },
56dd928c164ec5c0d1158a1760154b58c5f1f6e7Stephan Bosch        { 'p', NULL, "pid" },
56dd928c164ec5c0d1158a1760154b58c5f1f6e7Stephan Bosch        { 's', NULL, "service" },
56dd928c164ec5c0d1158a1760154b58c5f1f6e7Stephan Bosch        { '\0', NULL, NULL }
56dd928c164ec5c0d1158a1760154b58c5f1f6e7Stephan Bosch    };
56dd928c164ec5c0d1158a1760154b58c5f1f6e7Stephan Bosch    struct var_expand_table *tab;
56dd928c164ec5c0d1158a1760154b58c5f1f6e7Stephan Bosch
56dd928c164ec5c0d1158a1760154b58c5f1f6e7Stephan Bosch    tab = t_malloc(sizeof(static_tab));
56dd928c164ec5c0d1158a1760154b58c5f1f6e7Stephan Bosch    memcpy(tab, static_tab, sizeof(static_tab));
56dd928c164ec5c0d1158a1760154b58c5f1f6e7Stephan Bosch
56dd928c164ec5c0d1158a1760154b58c5f1f6e7Stephan Bosch    tab[0].value = net_ip2addr(&input->local_ip);
56dd928c164ec5c0d1158a1760154b58c5f1f6e7Stephan Bosch    tab[1].value = net_ip2addr(&input->remote_ip);
56dd928c164ec5c0d1158a1760154b58c5f1f6e7Stephan Bosch    tab[2].value = my_pid;
56dd928c164ec5c0d1158a1760154b58c5f1f6e7Stephan Bosch    tab[3].value = input->service;
56dd928c164ec5c0d1158a1760154b58c5f1f6e7Stephan Bosch    return tab;
56dd928c164ec5c0d1158a1760154b58c5f1f6e7Stephan Bosch}
56dd928c164ec5c0d1158a1760154b58c5f1f6e7Stephan Bosch
56dd928c164ec5c0d1158a1760154b58c5f1f6e7Stephan Boschstatic void *
56dd928c164ec5c0d1158a1760154b58c5f1f6e7Stephan Boschlogin_setting_dup(pool_t pool, const struct setting_parser_info *info,
56dd928c164ec5c0d1158a1760154b58c5f1f6e7Stephan Bosch          const void *src_set)
56dd928c164ec5c0d1158a1760154b58c5f1f6e7Stephan Bosch{
56dd928c164ec5c0d1158a1760154b58c5f1f6e7Stephan Bosch    const char *error;
56dd928c164ec5c0d1158a1760154b58c5f1f6e7Stephan Bosch    void *dest;
56dd928c164ec5c0d1158a1760154b58c5f1f6e7Stephan Bosch
56dd928c164ec5c0d1158a1760154b58c5f1f6e7Stephan Bosch    dest = settings_dup(info, src_set, pool);
56dd928c164ec5c0d1158a1760154b58c5f1f6e7Stephan Bosch    if (!settings_check(info, pool, dest, &error)) {
56dd928c164ec5c0d1158a1760154b58c5f1f6e7Stephan Bosch        const char *name = info->module_name;
56dd928c164ec5c0d1158a1760154b58c5f1f6e7Stephan Bosch
56dd928c164ec5c0d1158a1760154b58c5f1f6e7Stephan Bosch        i_fatal("settings_check(%s) failed: %s",
56dd928c164ec5c0d1158a1760154b58c5f1f6e7Stephan Bosch            name != NULL ? name : "unknown", error);
56dd928c164ec5c0d1158a1760154b58c5f1f6e7Stephan Bosch    }
56dd928c164ec5c0d1158a1760154b58c5f1f6e7Stephan Bosch    return dest;
56dd928c164ec5c0d1158a1760154b58c5f1f6e7Stephan Bosch}
56dd928c164ec5c0d1158a1760154b58c5f1f6e7Stephan Bosch
56dd928c164ec5c0d1158a1760154b58c5f1f6e7Stephan Boschstruct login_settings *
56dd928c164ec5c0d1158a1760154b58c5f1f6e7Stephan Boschlogin_settings_read(pool_t pool,
56dd928c164ec5c0d1158a1760154b58c5f1f6e7Stephan Bosch            const struct ip_addr *local_ip,
56dd928c164ec5c0d1158a1760154b58c5f1f6e7Stephan Bosch            const struct ip_addr *remote_ip,
56dd928c164ec5c0d1158a1760154b58c5f1f6e7Stephan Bosch            const char *local_name,
56dd928c164ec5c0d1158a1760154b58c5f1f6e7Stephan Bosch            const struct master_service_ssl_settings **ssl_set_r,
56dd928c164ec5c0d1158a1760154b58c5f1f6e7Stephan Bosch            void ***other_settings_r)
56dd928c164ec5c0d1158a1760154b58c5f1f6e7Stephan Bosch{
56dd928c164ec5c0d1158a1760154b58c5f1f6e7Stephan Bosch    struct master_service_settings_input input;
56dd928c164ec5c0d1158a1760154b58c5f1f6e7Stephan Bosch    const char *error;
56dd928c164ec5c0d1158a1760154b58c5f1f6e7Stephan Bosch    const struct setting_parser_context *parser;
f091dd12d19df22e5403855f93dedee437bd7d87Stephan Bosch    void *const *cache_sets;
912e87d5be9dd8895e8cb7c6cb51d8a752edbe8cStephan Bosch    void **sets;
56dd928c164ec5c0d1158a1760154b58c5f1f6e7Stephan Bosch    unsigned int i, count;
56dd928c164ec5c0d1158a1760154b58c5f1f6e7Stephan Bosch
56dd928c164ec5c0d1158a1760154b58c5f1f6e7Stephan Bosch    memset(&input, 0, sizeof(input));
56dd928c164ec5c0d1158a1760154b58c5f1f6e7Stephan Bosch    input.roots = login_set_roots;
56dd928c164ec5c0d1158a1760154b58c5f1f6e7Stephan Bosch    input.module = login_binary->process_name;
56dd928c164ec5c0d1158a1760154b58c5f1f6e7Stephan Bosch    input.service = login_binary->protocol;
56dd928c164ec5c0d1158a1760154b58c5f1f6e7Stephan Bosch    input.local_name = local_name;
56dd928c164ec5c0d1158a1760154b58c5f1f6e7Stephan Bosch
56dd928c164ec5c0d1158a1760154b58c5f1f6e7Stephan Bosch    if (local_ip != NULL)
56dd928c164ec5c0d1158a1760154b58c5f1f6e7Stephan Bosch        input.local_ip = *local_ip;
56dd928c164ec5c0d1158a1760154b58c5f1f6e7Stephan Bosch    if (remote_ip != NULL)
56dd928c164ec5c0d1158a1760154b58c5f1f6e7Stephan Bosch        input.remote_ip = *remote_ip;
56dd928c164ec5c0d1158a1760154b58c5f1f6e7Stephan Bosch
56dd928c164ec5c0d1158a1760154b58c5f1f6e7Stephan Bosch    if (set_cache == NULL) {
56dd928c164ec5c0d1158a1760154b58c5f1f6e7Stephan Bosch        set_cache = master_service_settings_cache_init(master_service,
56dd928c164ec5c0d1158a1760154b58c5f1f6e7Stephan Bosch                                   input.module,
56dd928c164ec5c0d1158a1760154b58c5f1f6e7Stephan Bosch                                   input.service);
56dd928c164ec5c0d1158a1760154b58c5f1f6e7Stephan Bosch    }
56dd928c164ec5c0d1158a1760154b58c5f1f6e7Stephan Bosch
56dd928c164ec5c0d1158a1760154b58c5f1f6e7Stephan Bosch    if (master_service_settings_cache_read(set_cache, &input, NULL,
56dd928c164ec5c0d1158a1760154b58c5f1f6e7Stephan Bosch                           &parser, &error) < 0)
56dd928c164ec5c0d1158a1760154b58c5f1f6e7Stephan Bosch        i_fatal("Error reading configuration: %s", error);
56dd928c164ec5c0d1158a1760154b58c5f1f6e7Stephan Bosch
56dd928c164ec5c0d1158a1760154b58c5f1f6e7Stephan Bosch    cache_sets = settings_parser_get_list(parser) +
56dd928c164ec5c0d1158a1760154b58c5f1f6e7Stephan Bosch        MASTER_SERVICE_INTERNAL_SET_PARSERS;
56dd928c164ec5c0d1158a1760154b58c5f1f6e7Stephan Bosch    for (count = 0; input.roots[count] != NULL; count++) ;
56dd928c164ec5c0d1158a1760154b58c5f1f6e7Stephan Bosch    i_assert(cache_sets[count] == NULL);
56dd928c164ec5c0d1158a1760154b58c5f1f6e7Stephan Bosch    sets = p_new(pool, void *, count + 1);
56dd928c164ec5c0d1158a1760154b58c5f1f6e7Stephan Bosch    for (i = 0; i < count; i++)
56dd928c164ec5c0d1158a1760154b58c5f1f6e7Stephan Bosch        sets[i] = login_setting_dup(pool, input.roots[i], cache_sets[i]);
56dd928c164ec5c0d1158a1760154b58c5f1f6e7Stephan Bosch
56dd928c164ec5c0d1158a1760154b58c5f1f6e7Stephan Bosch    settings_var_expand(&login_setting_parser_info, sets[0], pool,
56dd928c164ec5c0d1158a1760154b58c5f1f6e7Stephan Bosch                login_set_var_expand_table(&input));
56dd928c164ec5c0d1158a1760154b58c5f1f6e7Stephan Bosch
56dd928c164ec5c0d1158a1760154b58c5f1f6e7Stephan Bosch    *ssl_set_r =
56dd928c164ec5c0d1158a1760154b58c5f1f6e7Stephan Bosch        login_setting_dup(pool, &master_service_ssl_setting_parser_info,
56dd928c164ec5c0d1158a1760154b58c5f1f6e7Stephan Bosch                  settings_parser_get_list(parser)[1]);
56dd928c164ec5c0d1158a1760154b58c5f1f6e7Stephan Bosch    *other_settings_r = sets + 1;
56dd928c164ec5c0d1158a1760154b58c5f1f6e7Stephan Bosch    return sets[0];
56dd928c164ec5c0d1158a1760154b58c5f1f6e7Stephan Bosch}
56dd928c164ec5c0d1158a1760154b58c5f1f6e7Stephan Bosch
56dd928c164ec5c0d1158a1760154b58c5f1f6e7Stephan Boschvoid login_settings_deinit(void)
56dd928c164ec5c0d1158a1760154b58c5f1f6e7Stephan Bosch{
56dd928c164ec5c0d1158a1760154b58c5f1f6e7Stephan Bosch    if (set_cache != NULL)
56dd928c164ec5c0d1158a1760154b58c5f1f6e7Stephan Bosch        master_service_settings_cache_deinit(&set_cache);
56dd928c164ec5c0d1158a1760154b58c5f1f6e7Stephan Bosch}
56dd928c164ec5c0d1158a1760154b58c5f1f6e7Stephan Bosch