master-settings.c revision aef6f8c49e4286e970bf2f37dc502e7239e3766e
02c335c23bf5fa225a467c19f2c063fb0dc7b8c3Timo Sirainen/* Copyright (C) 2002 Timo Sirainen */
2670cd577aa57eb9f915a4f4220ae48c9b4fc5fbTimo Sirainen
2670cd577aa57eb9f915a4f4220ae48c9b4fc5fbTimo Sirainen#include "common.h"
2670cd577aa57eb9f915a4f4220ae48c9b4fc5fbTimo Sirainen#include "istream.h"
2670cd577aa57eb9f915a4f4220ae48c9b4fc5fbTimo Sirainen#include "safe-mkdir.h"
ece0a20249ce26208db3415ba2e79423678856f8Timo Sirainen#include "unlink-directory.h"
2670cd577aa57eb9f915a4f4220ae48c9b4fc5fbTimo Sirainen#include "settings.h"
ece0a20249ce26208db3415ba2e79423678856f8Timo Sirainen
2670cd577aa57eb9f915a4f4220ae48c9b4fc5fbTimo Sirainen#include <stdio.h>
2670cd577aa57eb9f915a4f4220ae48c9b4fc5fbTimo Sirainen#include <stddef.h>
2670cd577aa57eb9f915a4f4220ae48c9b4fc5fbTimo Sirainen#include <unistd.h>
2670cd577aa57eb9f915a4f4220ae48c9b4fc5fbTimo Sirainen#include <fcntl.h>
2670cd577aa57eb9f915a4f4220ae48c9b4fc5fbTimo Sirainen#include <pwd.h>
2670cd577aa57eb9f915a4f4220ae48c9b4fc5fbTimo Sirainen
300e4e43ed1ca46d0614459161ca2fb460ef661aTimo Sirainen#define DEF(type, name) \
ece0a20249ce26208db3415ba2e79423678856f8Timo Sirainen { type, #name, offsetof(struct settings, name) }
2670cd577aa57eb9f915a4f4220ae48c9b4fc5fbTimo Sirainen
2670cd577aa57eb9f915a4f4220ae48c9b4fc5fbTimo Sirainenstatic struct setting_def setting_defs[] = {
2670cd577aa57eb9f915a4f4220ae48c9b4fc5fbTimo Sirainen /* common */
2670cd577aa57eb9f915a4f4220ae48c9b4fc5fbTimo Sirainen DEF(SET_STR, base_dir),
2670cd577aa57eb9f915a4f4220ae48c9b4fc5fbTimo Sirainen DEF(SET_STR, log_path),
2670cd577aa57eb9f915a4f4220ae48c9b4fc5fbTimo Sirainen DEF(SET_STR, info_log_path),
ae46f6ba5bb9eee8900254d3042e89d490023be0Timo Sirainen DEF(SET_STR, log_timestamp),
2670cd577aa57eb9f915a4f4220ae48c9b4fc5fbTimo Sirainen
2670cd577aa57eb9f915a4f4220ae48c9b4fc5fbTimo Sirainen /* general */
3f3ad16ff74d694796d22501250a9a29997c0729Timo Sirainen DEF(SET_STR, protocols),
b4ddb5b3c3722620a8fef387dd8c47bb411a5643Timo Sirainen DEF(SET_STR, imap_listen),
2670cd577aa57eb9f915a4f4220ae48c9b4fc5fbTimo Sirainen DEF(SET_STR, imaps_listen),
6468191d64827a2d1481c091ec499874583c834eTimo Sirainen DEF(SET_STR, pop3_listen),
6468191d64827a2d1481c091ec499874583c834eTimo Sirainen DEF(SET_STR, pop3s_listen),
6468191d64827a2d1481c091ec499874583c834eTimo Sirainen
6468191d64827a2d1481c091ec499874583c834eTimo Sirainen DEF(SET_BOOL, ssl_disable),
db3b95d5a33ddce552d41136ae68d7331f8bf5feTimo Sirainen DEF(SET_STR, ssl_cert_file),
6468191d64827a2d1481c091ec499874583c834eTimo Sirainen DEF(SET_STR, ssl_key_file),
6468191d64827a2d1481c091ec499874583c834eTimo Sirainen DEF(SET_STR, ssl_parameters_file),
6468191d64827a2d1481c091ec499874583c834eTimo Sirainen DEF(SET_STR, ssl_parameters_regenerate),
6468191d64827a2d1481c091ec499874583c834eTimo Sirainen DEF(SET_BOOL, disable_plaintext_auth),
2670cd577aa57eb9f915a4f4220ae48c9b4fc5fbTimo Sirainen
300e4e43ed1ca46d0614459161ca2fb460ef661aTimo Sirainen /* login */
ece0a20249ce26208db3415ba2e79423678856f8Timo Sirainen DEF(SET_STR, login_dir),
6468191d64827a2d1481c091ec499874583c834eTimo Sirainen DEF(SET_BOOL, login_chroot),
ece0a20249ce26208db3415ba2e79423678856f8Timo Sirainen
ece0a20249ce26208db3415ba2e79423678856f8Timo Sirainen /* mail */
ece0a20249ce26208db3415ba2e79423678856f8Timo Sirainen DEF(SET_STR, valid_chroot_dirs),
ece0a20249ce26208db3415ba2e79423678856f8Timo Sirainen DEF(SET_INT, max_mail_processes),
ece0a20249ce26208db3415ba2e79423678856f8Timo Sirainen DEF(SET_BOOL, verbose_proctitle),
ece0a20249ce26208db3415ba2e79423678856f8Timo Sirainen
ece0a20249ce26208db3415ba2e79423678856f8Timo Sirainen DEF(SET_INT, first_valid_uid),
ece0a20249ce26208db3415ba2e79423678856f8Timo Sirainen DEF(SET_INT, last_valid_uid),
ece0a20249ce26208db3415ba2e79423678856f8Timo Sirainen DEF(SET_INT, first_valid_gid),
ece0a20249ce26208db3415ba2e79423678856f8Timo Sirainen DEF(SET_INT, last_valid_gid),
ece0a20249ce26208db3415ba2e79423678856f8Timo Sirainen
ece0a20249ce26208db3415ba2e79423678856f8Timo Sirainen DEF(SET_STR, default_mail_env),
ece0a20249ce26208db3415ba2e79423678856f8Timo Sirainen DEF(SET_STR, mail_cache_fields),
ece0a20249ce26208db3415ba2e79423678856f8Timo Sirainen DEF(SET_STR, mail_never_cache_fields),
ece0a20249ce26208db3415ba2e79423678856f8Timo Sirainen DEF(SET_STR, mailbox_check_interval),
ece0a20249ce26208db3415ba2e79423678856f8Timo Sirainen DEF(SET_STR, mail_save_crlf),
ece0a20249ce26208db3415ba2e79423678856f8Timo Sirainen DEF(SET_STR, mail_read_mmaped),
ece0a20249ce26208db3415ba2e79423678856f8Timo Sirainen DEF(SET_STR, maildir_copy_with_hardlinks),
ece0a20249ce26208db3415ba2e79423678856f8Timo Sirainen DEF(SET_STR, maildir_check_content_changes),
ece0a20249ce26208db3415ba2e79423678856f8Timo Sirainen DEF(SET_STR, mbox_locks),
ece0a20249ce26208db3415ba2e79423678856f8Timo Sirainen DEF(SET_STR, mbox_read_dotlock),
2670cd577aa57eb9f915a4f4220ae48c9b4fc5fbTimo Sirainen DEF(SET_STR, mbox_lock_timeout),
6468191d64827a2d1481c091ec499874583c834eTimo Sirainen DEF(SET_STR, mbox_dotlock_change_timeout),
6468191d64827a2d1481c091ec499874583c834eTimo Sirainen DEF(SET_STR, overwrite_incompatible_index),
6468191d64827a2d1481c091ec499874583c834eTimo Sirainen DEF(SET_STR, umask),
6468191d64827a2d1481c091ec499874583c834eTimo Sirainen
6468191d64827a2d1481c091ec499874583c834eTimo Sirainen /* imap */
6468191d64827a2d1481c091ec499874583c834eTimo Sirainen DEF(SET_STR, imap_executable),
6468191d64827a2d1481c091ec499874583c834eTimo Sirainen DEF(SET_INT, imap_process_size),
6468191d64827a2d1481c091ec499874583c834eTimo Sirainen
6468191d64827a2d1481c091ec499874583c834eTimo Sirainen /* pop3 */
6468191d64827a2d1481c091ec499874583c834eTimo Sirainen DEF(SET_STR, pop3_executable),
6468191d64827a2d1481c091ec499874583c834eTimo Sirainen DEF(SET_INT, pop3_process_size),
6468191d64827a2d1481c091ec499874583c834eTimo Sirainen
6468191d64827a2d1481c091ec499874583c834eTimo Sirainen { 0, NULL, 0 }
6468191d64827a2d1481c091ec499874583c834eTimo Sirainen};
6468191d64827a2d1481c091ec499874583c834eTimo Sirainen
6468191d64827a2d1481c091ec499874583c834eTimo Sirainen#undef DEF
6468191d64827a2d1481c091ec499874583c834eTimo Sirainen#define DEF(type, name) \
6468191d64827a2d1481c091ec499874583c834eTimo Sirainen { type, #name, offsetof(struct login_settings, name) }
6468191d64827a2d1481c091ec499874583c834eTimo Sirainen
6468191d64827a2d1481c091ec499874583c834eTimo Sirainenstatic struct setting_def login_setting_defs[] = {
6468191d64827a2d1481c091ec499874583c834eTimo Sirainen DEF(SET_STR, executable),
db3b95d5a33ddce552d41136ae68d7331f8bf5feTimo Sirainen DEF(SET_STR, user),
db3b95d5a33ddce552d41136ae68d7331f8bf5feTimo Sirainen
6468191d64827a2d1481c091ec499874583c834eTimo Sirainen DEF(SET_BOOL, process_per_connection),
6468191d64827a2d1481c091ec499874583c834eTimo Sirainen
6468191d64827a2d1481c091ec499874583c834eTimo Sirainen DEF(SET_INT, process_size),
6468191d64827a2d1481c091ec499874583c834eTimo Sirainen DEF(SET_INT, processes_count),
6468191d64827a2d1481c091ec499874583c834eTimo Sirainen DEF(SET_INT, max_processes_count),
6468191d64827a2d1481c091ec499874583c834eTimo Sirainen DEF(SET_INT, max_logging_users),
6468191d64827a2d1481c091ec499874583c834eTimo Sirainen
6468191d64827a2d1481c091ec499874583c834eTimo Sirainen { 0, NULL, 0 }
6468191d64827a2d1481c091ec499874583c834eTimo Sirainen};
6468191d64827a2d1481c091ec499874583c834eTimo Sirainen
5545acdd3aa90a6e0cca2b665f909ec4c2fb2513Baofeng#undef DEF
6468191d64827a2d1481c091ec499874583c834eTimo Sirainen#define DEF(type, name) \
009217abb57a24a4076092e8e4e165545747839eStephan Bosch { type, #name, offsetof(struct auth_settings, name) }
6468191d64827a2d1481c091ec499874583c834eTimo Sirainen
973c8fc1d7e9f982f7caf6385adb78dfacd9fb80Timo Sirainenstatic struct setting_def auth_setting_defs[] = {
973c8fc1d7e9f982f7caf6385adb78dfacd9fb80Timo Sirainen DEF(SET_STR, mechanisms),
6468191d64827a2d1481c091ec499874583c834eTimo Sirainen DEF(SET_STR, realms),
5545acdd3aa90a6e0cca2b665f909ec4c2fb2513Baofeng DEF(SET_STR, userdb),
6468191d64827a2d1481c091ec499874583c834eTimo Sirainen DEF(SET_STR, passdb),
6468191d64827a2d1481c091ec499874583c834eTimo Sirainen DEF(SET_STR, executable),
6468191d64827a2d1481c091ec499874583c834eTimo Sirainen DEF(SET_STR, user),
6468191d64827a2d1481c091ec499874583c834eTimo Sirainen DEF(SET_STR, chroot),
c1d01419ffbeb0e00f86a653db70bfd47110e7fcTimo Sirainen
009217abb57a24a4076092e8e4e165545747839eStephan Bosch DEF(SET_BOOL, use_cyrus_sasl),
6468191d64827a2d1481c091ec499874583c834eTimo Sirainen DEF(SET_BOOL, verbose),
6468191d64827a2d1481c091ec499874583c834eTimo Sirainen
009217abb57a24a4076092e8e4e165545747839eStephan Bosch DEF(SET_INT, count),
6468191d64827a2d1481c091ec499874583c834eTimo Sirainen DEF(SET_INT, process_size),
009217abb57a24a4076092e8e4e165545747839eStephan Bosch
6468191d64827a2d1481c091ec499874583c834eTimo Sirainen { 0, NULL, 0 }
6468191d64827a2d1481c091ec499874583c834eTimo Sirainen};
6468191d64827a2d1481c091ec499874583c834eTimo Sirainen
6468191d64827a2d1481c091ec499874583c834eTimo Sirainenstruct settings default_settings = {
6468191d64827a2d1481c091ec499874583c834eTimo Sirainen /* common */
6468191d64827a2d1481c091ec499874583c834eTimo Sirainen MEMBER(base_dir) PKG_RUNDIR,
6468191d64827a2d1481c091ec499874583c834eTimo Sirainen MEMBER(log_path) NULL,
6468191d64827a2d1481c091ec499874583c834eTimo Sirainen MEMBER(info_log_path) NULL,
6468191d64827a2d1481c091ec499874583c834eTimo Sirainen MEMBER(log_timestamp) DEFAULT_FAILURE_STAMP_FORMAT,
6468191d64827a2d1481c091ec499874583c834eTimo Sirainen
6468191d64827a2d1481c091ec499874583c834eTimo Sirainen /* general */
6468191d64827a2d1481c091ec499874583c834eTimo Sirainen MEMBER(protocols) "imap imaps",
6468191d64827a2d1481c091ec499874583c834eTimo Sirainen MEMBER(imap_listen) "*",
5545acdd3aa90a6e0cca2b665f909ec4c2fb2513Baofeng MEMBER(imaps_listen) NULL,
6468191d64827a2d1481c091ec499874583c834eTimo Sirainen MEMBER(pop3_listen) "*",
6468191d64827a2d1481c091ec499874583c834eTimo Sirainen MEMBER(pop3s_listen) NULL,
6468191d64827a2d1481c091ec499874583c834eTimo Sirainen
6468191d64827a2d1481c091ec499874583c834eTimo Sirainen MEMBER(ssl_disable) FALSE,
6468191d64827a2d1481c091ec499874583c834eTimo Sirainen MEMBER(ssl_cert_file) SSLDIR"/certs/dovecot.pem",
6468191d64827a2d1481c091ec499874583c834eTimo Sirainen MEMBER(ssl_key_file) SSLDIR"/private/dovecot.pem",
6468191d64827a2d1481c091ec499874583c834eTimo Sirainen MEMBER(ssl_parameters_file) "ssl-parameters.dat",
6468191d64827a2d1481c091ec499874583c834eTimo Sirainen MEMBER(ssl_parameters_regenerate) 24,
6468191d64827a2d1481c091ec499874583c834eTimo Sirainen MEMBER(disable_plaintext_auth) FALSE,
6468191d64827a2d1481c091ec499874583c834eTimo Sirainen
2670cd577aa57eb9f915a4f4220ae48c9b4fc5fbTimo Sirainen /* login */
2670cd577aa57eb9f915a4f4220ae48c9b4fc5fbTimo Sirainen MEMBER(login_dir) "login",
e4194f4703eeec32b432371ae30fc8f25ab720d8Timo Sirainen MEMBER(login_chroot) TRUE,
e4194f4703eeec32b432371ae30fc8f25ab720d8Timo Sirainen
e4194f4703eeec32b432371ae30fc8f25ab720d8Timo Sirainen /* mail */
e4194f4703eeec32b432371ae30fc8f25ab720d8Timo Sirainen MEMBER(valid_chroot_dirs) NULL,
2670cd577aa57eb9f915a4f4220ae48c9b4fc5fbTimo Sirainen MEMBER(max_mail_processes) 1024,
2670cd577aa57eb9f915a4f4220ae48c9b4fc5fbTimo Sirainen MEMBER(verbose_proctitle) FALSE,
2670cd577aa57eb9f915a4f4220ae48c9b4fc5fbTimo Sirainen
2670cd577aa57eb9f915a4f4220ae48c9b4fc5fbTimo Sirainen MEMBER(first_valid_uid) 500,
2670cd577aa57eb9f915a4f4220ae48c9b4fc5fbTimo Sirainen MEMBER(last_valid_uid) 0,
e34d170f8f0e084bd94bfbc1a7085ece67e508dfTimo Sirainen MEMBER(first_valid_gid) 1,
2670cd577aa57eb9f915a4f4220ae48c9b4fc5fbTimo Sirainen MEMBER(last_valid_gid) 0,
2670cd577aa57eb9f915a4f4220ae48c9b4fc5fbTimo Sirainen
2670cd577aa57eb9f915a4f4220ae48c9b4fc5fbTimo Sirainen MEMBER(default_mail_env) NULL,
db693bf6fcae96d834567f1782257517b7207655Timo Sirainen MEMBER(mail_cache_fields) "MessagePart",
2670cd577aa57eb9f915a4f4220ae48c9b4fc5fbTimo Sirainen MEMBER(mail_never_cache_fields) NULL,
2670cd577aa57eb9f915a4f4220ae48c9b4fc5fbTimo Sirainen MEMBER(mailbox_check_interval) 0,
faec0abfd648c647030027e86de2ce8911df683bTimo Sirainen MEMBER(mail_save_crlf) FALSE,
6468191d64827a2d1481c091ec499874583c834eTimo Sirainen MEMBER(mail_read_mmaped) FALSE,
b4ddb5b3c3722620a8fef387dd8c47bb411a5643Timo Sirainen MEMBER(maildir_copy_with_hardlinks) FALSE,
2670cd577aa57eb9f915a4f4220ae48c9b4fc5fbTimo Sirainen MEMBER(maildir_check_content_changes) FALSE,
300e4e43ed1ca46d0614459161ca2fb460ef661aTimo Sirainen MEMBER(mbox_locks) "dotlock fcntl flock",
300e4e43ed1ca46d0614459161ca2fb460ef661aTimo Sirainen MEMBER(mbox_read_dotlock) FALSE,
300e4e43ed1ca46d0614459161ca2fb460ef661aTimo Sirainen MEMBER(mbox_lock_timeout) 300,
300e4e43ed1ca46d0614459161ca2fb460ef661aTimo Sirainen MEMBER(mbox_dotlock_change_timeout) 30,
300e4e43ed1ca46d0614459161ca2fb460ef661aTimo Sirainen MEMBER(overwrite_incompatible_index) FALSE,
db693bf6fcae96d834567f1782257517b7207655Timo Sirainen MEMBER(umask) 0077,
300e4e43ed1ca46d0614459161ca2fb460ef661aTimo Sirainen
300e4e43ed1ca46d0614459161ca2fb460ef661aTimo Sirainen /* imap */
300e4e43ed1ca46d0614459161ca2fb460ef661aTimo Sirainen MEMBER(imap_executable) PKG_LIBEXECDIR"/imap",
300e4e43ed1ca46d0614459161ca2fb460ef661aTimo Sirainen MEMBER(imap_process_size) 256,
6468191d64827a2d1481c091ec499874583c834eTimo Sirainen
6468191d64827a2d1481c091ec499874583c834eTimo Sirainen /* pop3 */
6468191d64827a2d1481c091ec499874583c834eTimo Sirainen MEMBER(pop3_executable) PKG_LIBEXECDIR"/pop3",
6468191d64827a2d1481c091ec499874583c834eTimo Sirainen MEMBER(pop3_process_size) 256,
6468191d64827a2d1481c091ec499874583c834eTimo Sirainen
6468191d64827a2d1481c091ec499874583c834eTimo Sirainen MEMBER(login_gid) 0,
6468191d64827a2d1481c091ec499874583c834eTimo Sirainen MEMBER(auths) NULL,
6468191d64827a2d1481c091ec499874583c834eTimo Sirainen MEMBER(logins) NULL
6468191d64827a2d1481c091ec499874583c834eTimo Sirainen};
6468191d64827a2d1481c091ec499874583c834eTimo Sirainen
6468191d64827a2d1481c091ec499874583c834eTimo Sirainenstruct login_settings default_login_settings = {
6468191d64827a2d1481c091ec499874583c834eTimo Sirainen MEMBER(next) NULL,
6468191d64827a2d1481c091ec499874583c834eTimo Sirainen MEMBER(name) NULL,
6468191d64827a2d1481c091ec499874583c834eTimo Sirainen
6468191d64827a2d1481c091ec499874583c834eTimo Sirainen MEMBER(executable) NULL,
6468191d64827a2d1481c091ec499874583c834eTimo Sirainen MEMBER(user) "dovecot",
6468191d64827a2d1481c091ec499874583c834eTimo Sirainen
861f53be0cc2fa5665f3c107a7576e2a53bb2eb0Timo Sirainen MEMBER(process_per_connection) TRUE,
b4ddb5b3c3722620a8fef387dd8c47bb411a5643Timo Sirainen
db3b95d5a33ddce552d41136ae68d7331f8bf5feTimo Sirainen MEMBER(process_size) 16,
db3b95d5a33ddce552d41136ae68d7331f8bf5feTimo Sirainen MEMBER(processes_count) 3,
db3b95d5a33ddce552d41136ae68d7331f8bf5feTimo Sirainen MEMBER(max_processes_count) 128,
db3b95d5a33ddce552d41136ae68d7331f8bf5feTimo Sirainen MEMBER(max_logging_users) 256,
db3b95d5a33ddce552d41136ae68d7331f8bf5feTimo Sirainen
db3b95d5a33ddce552d41136ae68d7331f8bf5feTimo Sirainen MEMBER(uid) 0 /* generated */
db3b95d5a33ddce552d41136ae68d7331f8bf5feTimo Sirainen};
db3b95d5a33ddce552d41136ae68d7331f8bf5feTimo Sirainen
6468191d64827a2d1481c091ec499874583c834eTimo Sirainenstatic pool_t settings_pool;
6468191d64827a2d1481c091ec499874583c834eTimo Sirainenstruct settings *set = NULL;
6468191d64827a2d1481c091ec499874583c834eTimo Sirainen
6468191d64827a2d1481c091ec499874583c834eTimo Sirainenstatic void fix_base_path(struct settings *set, const char **str)
6468191d64827a2d1481c091ec499874583c834eTimo Sirainen{
6468191d64827a2d1481c091ec499874583c834eTimo Sirainen if (*str != NULL && **str != '\0' && **str != '/') {
6468191d64827a2d1481c091ec499874583c834eTimo Sirainen *str = p_strconcat(settings_pool,
6468191d64827a2d1481c091ec499874583c834eTimo Sirainen set->base_dir, "/", *str, NULL);
6468191d64827a2d1481c091ec499874583c834eTimo Sirainen }
2670cd577aa57eb9f915a4f4220ae48c9b4fc5fbTimo Sirainen}
2670cd577aa57eb9f915a4f4220ae48c9b4fc5fbTimo Sirainen
2670cd577aa57eb9f915a4f4220ae48c9b4fc5fbTimo Sirainenstatic void get_login_uid(struct settings *set,
2670cd577aa57eb9f915a4f4220ae48c9b4fc5fbTimo Sirainen struct login_settings *login_set)
2670cd577aa57eb9f915a4f4220ae48c9b4fc5fbTimo Sirainen{
2670cd577aa57eb9f915a4f4220ae48c9b4fc5fbTimo Sirainen struct passwd *pw;
4ee00532a265bdfb38539d811fcd12d51210ac35Timo Sirainen
2670cd577aa57eb9f915a4f4220ae48c9b4fc5fbTimo Sirainen if ((pw = getpwnam(login_set->user)) == NULL)
2670cd577aa57eb9f915a4f4220ae48c9b4fc5fbTimo Sirainen i_fatal("Login user doesn't exist: %s", login_set->user);
09060303d565e15d54e42b4ef722f9d3c26f5336Timo Sirainen
2670cd577aa57eb9f915a4f4220ae48c9b4fc5fbTimo Sirainen if (set->login_gid == 0)
2670cd577aa57eb9f915a4f4220ae48c9b4fc5fbTimo Sirainen set->login_gid = pw->pw_gid;
2670cd577aa57eb9f915a4f4220ae48c9b4fc5fbTimo Sirainen else if (set->login_gid != pw->pw_gid) {
2efe19d9045768d985a3bd549cff12f65ba40cc8Timo Sirainen i_fatal("All login process users must belong to same group "
2670cd577aa57eb9f915a4f4220ae48c9b4fc5fbTimo Sirainen "(%s vs %s)", dec2str(set->login_gid),
2670cd577aa57eb9f915a4f4220ae48c9b4fc5fbTimo Sirainen dec2str(pw->pw_gid));
2efe19d9045768d985a3bd549cff12f65ba40cc8Timo Sirainen }
b6b9c99fefbbc662bd9a0006566133c4480bf0e8Timo Sirainen
b6b9c99fefbbc662bd9a0006566133c4480bf0e8Timo Sirainen login_set->uid = pw->pw_uid;
2efe19d9045768d985a3bd549cff12f65ba40cc8Timo Sirainen}
2efe19d9045768d985a3bd549cff12f65ba40cc8Timo Sirainen
2670cd577aa57eb9f915a4f4220ae48c9b4fc5fbTimo Sirainenstatic void auth_settings_verify(struct auth_settings *auth)
2670cd577aa57eb9f915a4f4220ae48c9b4fc5fbTimo Sirainen{
2efe19d9045768d985a3bd549cff12f65ba40cc8Timo Sirainen if (access(auth->executable, X_OK) < 0)
2670cd577aa57eb9f915a4f4220ae48c9b4fc5fbTimo Sirainen i_fatal("Can't use auth executable %s: %m", auth->executable);
5b4d189a01d248458496068f838128f1bafdcf2eTimo Sirainen
2670cd577aa57eb9f915a4f4220ae48c9b4fc5fbTimo Sirainen fix_base_path(set, &auth->chroot);
2670cd577aa57eb9f915a4f4220ae48c9b4fc5fbTimo Sirainen if (auth->chroot != NULL && access(auth->chroot, X_OK) < 0) {
2670cd577aa57eb9f915a4f4220ae48c9b4fc5fbTimo Sirainen i_fatal("Can't access auth chroot directory %s: %m",
7ee226c2a66aa4dce7f13e8b17687db285c981bdTimo Sirainen auth->chroot);
2670cd577aa57eb9f915a4f4220ae48c9b4fc5fbTimo Sirainen }
2670cd577aa57eb9f915a4f4220ae48c9b4fc5fbTimo Sirainen}
2670cd577aa57eb9f915a4f4220ae48c9b4fc5fbTimo Sirainen
009217abb57a24a4076092e8e4e165545747839eStephan Boschstatic void login_settings_verify(struct login_settings *login)
2670cd577aa57eb9f915a4f4220ae48c9b4fc5fbTimo Sirainen{
958e5ae51a755558b6d022a39b194614726b4225Timo Sirainen if (strstr(set->protocols, login->name) != NULL) {
958e5ae51a755558b6d022a39b194614726b4225Timo Sirainen if (access(login->executable, X_OK) < 0)
958e5ae51a755558b6d022a39b194614726b4225Timo Sirainen i_fatal("Can't use login executable %s: %m",
958e5ae51a755558b6d022a39b194614726b4225Timo Sirainen login->executable);
958e5ae51a755558b6d022a39b194614726b4225Timo Sirainen }
ece0a20249ce26208db3415ba2e79423678856f8Timo Sirainen
ece0a20249ce26208db3415ba2e79423678856f8Timo Sirainen if (login->processes_count < 1)
ece0a20249ce26208db3415ba2e79423678856f8Timo Sirainen i_fatal("login_processes_count must be at least 1");
ece0a20249ce26208db3415ba2e79423678856f8Timo Sirainen if (login->max_logging_users < 1)
ece0a20249ce26208db3415ba2e79423678856f8Timo Sirainen i_fatal("max_logging_users must be at least 1");
2670cd577aa57eb9f915a4f4220ae48c9b4fc5fbTimo Sirainen}
2670cd577aa57eb9f915a4f4220ae48c9b4fc5fbTimo Sirainen
c1d01419ffbeb0e00f86a653db70bfd47110e7fcTimo Sirainenstatic const char *get_directory(const char *path)
2670cd577aa57eb9f915a4f4220ae48c9b4fc5fbTimo Sirainen{
2670cd577aa57eb9f915a4f4220ae48c9b4fc5fbTimo Sirainen char *str, *p;
2670cd577aa57eb9f915a4f4220ae48c9b4fc5fbTimo Sirainen
2670cd577aa57eb9f915a4f4220ae48c9b4fc5fbTimo Sirainen str = t_strdup_noconst(path);
2670cd577aa57eb9f915a4f4220ae48c9b4fc5fbTimo Sirainen p = strrchr(str, '/');
c3a2a487e23a282e59254b82deb9344ed0306bb2Timo Sirainen if (p == NULL)
2670cd577aa57eb9f915a4f4220ae48c9b4fc5fbTimo Sirainen return ".";
2670cd577aa57eb9f915a4f4220ae48c9b4fc5fbTimo Sirainen else {
2670cd577aa57eb9f915a4f4220ae48c9b4fc5fbTimo Sirainen *p = '\0';
c4900d31385344bfadaee53a897daeafdb3063d8Timo Sirainen return str;
cf9d67e4a9bfee31cf3be05244555d51a3d1b9feTimo Sirainen }
cf9d67e4a9bfee31cf3be05244555d51a3d1b9feTimo Sirainen}
cf9d67e4a9bfee31cf3be05244555d51a3d1b9feTimo Sirainen
edd318d5866ac3fbc6e8df28fb24a4dfef93c884Timo Sirainenstatic void settings_verify(struct settings *set)
69b22a0c0c84087e5bdeec71faae7ea77295240fTimo Sirainen{
69b22a0c0c84087e5bdeec71faae7ea77295240fTimo Sirainen struct login_settings *login;
69b22a0c0c84087e5bdeec71faae7ea77295240fTimo Sirainen struct auth_settings *auth;
2670cd577aa57eb9f915a4f4220ae48c9b4fc5fbTimo Sirainen const char *const *str;
2670cd577aa57eb9f915a4f4220ae48c9b4fc5fbTimo Sirainen const char *dir;
2670cd577aa57eb9f915a4f4220ae48c9b4fc5fbTimo Sirainen int dotlock_got, fcntl_got, flock_got;
2670cd577aa57eb9f915a4f4220ae48c9b4fc5fbTimo Sirainen
ece0a20249ce26208db3415ba2e79423678856f8Timo Sirainen for (login = set->logins; login != NULL; login = login->next) {
ece0a20249ce26208db3415ba2e79423678856f8Timo Sirainen get_login_uid(set, login);
8dd76854cc680053986142d5f5e823f637447929Timo Sirainen login_settings_verify(login);
8dd76854cc680053986142d5f5e823f637447929Timo Sirainen }
2670cd577aa57eb9f915a4f4220ae48c9b4fc5fbTimo Sirainen
c3a2a487e23a282e59254b82deb9344ed0306bb2Timo Sirainen if (strstr(set->protocols, "imap") != NULL) {
2670cd577aa57eb9f915a4f4220ae48c9b4fc5fbTimo Sirainen if (access(set->imap_executable, X_OK) < 0) {
2670cd577aa57eb9f915a4f4220ae48c9b4fc5fbTimo Sirainen i_fatal("Can't use imap executable %s: %m",
2670cd577aa57eb9f915a4f4220ae48c9b4fc5fbTimo Sirainen set->imap_executable);
6468191d64827a2d1481c091ec499874583c834eTimo Sirainen }
2670cd577aa57eb9f915a4f4220ae48c9b4fc5fbTimo Sirainen }
2670cd577aa57eb9f915a4f4220ae48c9b4fc5fbTimo Sirainen
2670cd577aa57eb9f915a4f4220ae48c9b4fc5fbTimo Sirainen if (strstr(set->protocols, "pop3") != NULL) {
2670cd577aa57eb9f915a4f4220ae48c9b4fc5fbTimo Sirainen if (access(set->pop3_executable, X_OK) < 0) {
2670cd577aa57eb9f915a4f4220ae48c9b4fc5fbTimo Sirainen i_fatal("Can't use pop3 executable %s: %m",
2670cd577aa57eb9f915a4f4220ae48c9b4fc5fbTimo Sirainen set->pop3_executable);
2670cd577aa57eb9f915a4f4220ae48c9b4fc5fbTimo Sirainen }
2670cd577aa57eb9f915a4f4220ae48c9b4fc5fbTimo Sirainen }
412b772c337428b72149605c1410524c2353e5d4Timo Sirainen
ece0a20249ce26208db3415ba2e79423678856f8Timo Sirainen if (set->log_path != NULL) {
009217abb57a24a4076092e8e4e165545747839eStephan Bosch dir = get_directory(set->log_path);
2670cd577aa57eb9f915a4f4220ae48c9b4fc5fbTimo Sirainen if (access(dir, W_OK) < 0)
00e7c3010f7da4a49881a7feb05e413af353af0aTimo Sirainen i_fatal("Can't access log directory %s: %m", dir);
00e7c3010f7da4a49881a7feb05e413af353af0aTimo Sirainen }
00e7c3010f7da4a49881a7feb05e413af353af0aTimo Sirainen
412b772c337428b72149605c1410524c2353e5d4Timo Sirainen if (set->info_log_path != NULL) {
f9f77e06a148fd0816004e0e1b0f585307148a7dTimo Sirainen dir = get_directory(set->info_log_path);
00e7c3010f7da4a49881a7feb05e413af353af0aTimo Sirainen if (access(dir, W_OK) < 0)
00e7c3010f7da4a49881a7feb05e413af353af0aTimo Sirainen i_fatal("Can't access info log directory %s: %m", dir);
00e7c3010f7da4a49881a7feb05e413af353af0aTimo Sirainen }
00e7c3010f7da4a49881a7feb05e413af353af0aTimo Sirainen
00e7c3010f7da4a49881a7feb05e413af353af0aTimo Sirainen#ifdef HAVE_SSL
00e7c3010f7da4a49881a7feb05e413af353af0aTimo Sirainen if (!set->ssl_disable) {
009217abb57a24a4076092e8e4e165545747839eStephan Bosch if (access(set->ssl_cert_file, R_OK) < 0) {
009217abb57a24a4076092e8e4e165545747839eStephan Bosch i_fatal("Can't use SSL certificate %s: %m",
00e7c3010f7da4a49881a7feb05e413af353af0aTimo Sirainen set->ssl_cert_file);
00e7c3010f7da4a49881a7feb05e413af353af0aTimo Sirainen }
00e7c3010f7da4a49881a7feb05e413af353af0aTimo Sirainen
00e7c3010f7da4a49881a7feb05e413af353af0aTimo Sirainen if (access(set->ssl_key_file, R_OK) < 0) {
00e7c3010f7da4a49881a7feb05e413af353af0aTimo Sirainen i_fatal("Can't use SSL key file %s: %m",
2670cd577aa57eb9f915a4f4220ae48c9b4fc5fbTimo Sirainen set->ssl_key_file);
2670cd577aa57eb9f915a4f4220ae48c9b4fc5fbTimo Sirainen }
2670cd577aa57eb9f915a4f4220ae48c9b4fc5fbTimo Sirainen }
2670cd577aa57eb9f915a4f4220ae48c9b4fc5fbTimo Sirainen#endif
2670cd577aa57eb9f915a4f4220ae48c9b4fc5fbTimo Sirainen
2670cd577aa57eb9f915a4f4220ae48c9b4fc5fbTimo Sirainen /* fix relative paths */
7ee226c2a66aa4dce7f13e8b17687db285c981bdTimo Sirainen fix_base_path(set, &set->ssl_parameters_file);
00e7c3010f7da4a49881a7feb05e413af353af0aTimo Sirainen fix_base_path(set, &set->login_dir);
1df39b899804fd1dbc560f75382364822935c857Timo Sirainen
00e7c3010f7da4a49881a7feb05e413af353af0aTimo Sirainen /* since they're under /var/run by default, they may have been
00e7c3010f7da4a49881a7feb05e413af353af0aTimo Sirainen deleted. */
00e7c3010f7da4a49881a7feb05e413af353af0aTimo Sirainen if (safe_mkdir(set->base_dir, 0700, geteuid(), getegid()) == 0) {
00e7c3010f7da4a49881a7feb05e413af353af0aTimo Sirainen i_warning("Corrected permissions for base directory %s",
00e7c3010f7da4a49881a7feb05e413af353af0aTimo Sirainen PKG_RUNDIR);
00e7c3010f7da4a49881a7feb05e413af353af0aTimo Sirainen }
00e7c3010f7da4a49881a7feb05e413af353af0aTimo Sirainen
00e7c3010f7da4a49881a7feb05e413af353af0aTimo Sirainen /* wipe out contents of login directory, if it exists */
00e7c3010f7da4a49881a7feb05e413af353af0aTimo Sirainen if (unlink_directory(set->login_dir, FALSE) < 0)
d6b3cfd855c0eebed68be50d3111de1b5a6afeb0Timo Sirainen i_fatal("unlink_directory() failed for %s: %m", set->login_dir);
00e7c3010f7da4a49881a7feb05e413af353af0aTimo Sirainen
2670cd577aa57eb9f915a4f4220ae48c9b4fc5fbTimo Sirainen if (safe_mkdir(set->login_dir, 0750, geteuid(), set->login_gid) == 0) {
2670cd577aa57eb9f915a4f4220ae48c9b4fc5fbTimo Sirainen i_warning("Corrected permissions for login directory %s",
2670cd577aa57eb9f915a4f4220ae48c9b4fc5fbTimo Sirainen set->login_dir);
2670cd577aa57eb9f915a4f4220ae48c9b4fc5fbTimo Sirainen }
2670cd577aa57eb9f915a4f4220ae48c9b4fc5fbTimo Sirainen
2670cd577aa57eb9f915a4f4220ae48c9b4fc5fbTimo Sirainen if (set->max_mail_processes < 1)
i_fatal("max_mail_processes must be at least 1");
if (set->last_valid_uid != 0 &&
set->first_valid_uid > set->last_valid_uid)
i_fatal("first_valid_uid can't be larger than last_valid_uid");
if (set->last_valid_gid != 0 &&
set->first_valid_gid > set->last_valid_gid)
i_fatal("first_valid_gid can't be larger than last_valid_gid");
dotlock_got = fcntl_got = flock_got = FALSE;
for (str = t_strsplit(set->mbox_locks, " "); *str != NULL; str++) {
if (strcasecmp(*str, "dotlock") == 0)
dotlock_got = TRUE;
else if (strcasecmp(*str, "fcntl") == 0)
fcntl_got = TRUE;
else if (strcasecmp(*str, "flock") == 0)
flock_got = TRUE;
else
i_fatal("mbox_locks: Invalid value %s", *str);
}
#ifndef HAVE_FLOCK
if (fcntl_got && !dotlock_got && !flock_got) {
i_fatal("mbox_locks: Only flock selected, "
"and flock() isn't supported in this system");
}
flock_got = FALSE;
#endif
if (!dotlock_got && !fcntl_got && !flock_got)
i_fatal("mbox_locks: No mbox locking methods selected");
if (dotlock_got && !set->mbox_read_dotlock &&
!fcntl_got && !flock_got) {
i_warning("mbox_locks: Only dotlock selected, forcing "
"mbox_read_dotlock = yes to avoid corruption.");
set->mbox_read_dotlock = TRUE;
}
for (auth = set->auths; auth != NULL; auth = auth->next)
auth_settings_verify(auth);
}
static void auth_settings_new(struct settings *set, const char *name)
{
struct auth_settings *auth;
auth = p_new(settings_pool, struct auth_settings, 1);
auth->name = p_strdup(settings_pool, name);
auth->executable = p_strdup(settings_pool,
PKG_LIBEXECDIR"/dovecot-auth");
auth->count = 1;
auth->next = set->auths;
set->auths = auth;
}
static const char *parse_new_auth(struct settings *set, const char *name)
{
struct auth_settings *auth;
if (strchr(name, '/') != NULL)
return "Authentication process name must not contain '/'";
for (auth = set->auths; auth != NULL; auth = auth->next) {
if (strcmp(auth->name, name) == 0) {
return "Authentication process already exists "
"with the same name";
}
}
auth_settings_new(set, name);
return NULL;
}
static void login_settings_new(struct settings *set, const char *name)
{
struct login_settings *login;
login = p_new(settings_pool, struct login_settings, 1);
/* copy defaults */
*login = set->logins != NULL ? *set->logins :
default_login_settings;
if (strcasecmp(name, "imap") == 0) {
login->name = "imap";
login->executable = PKG_LIBEXECDIR"/imap-login";
} else if (strcasecmp(name, "pop3") == 0) {
login->name = "pop3";
login->executable = PKG_LIBEXECDIR"/pop3-login";
} else {
i_fatal("Unknown login process type '%s'", name);
}
login->next = set->logins;
set->logins = login;
}
static const char *parse_new_login(struct settings *set, const char *name)
{
struct login_settings *login;
for (login = set->logins; login != NULL; login = login->next) {
if (strcmp(login->name, name) == 0) {
return "Login process already exists "
"with the same name";
}
}
login_settings_new(set, name);
return NULL;
}
static const char *parse_setting(const char *key, const char *value,
void *context)
{
struct settings *set = context;
const char *error;
/* check defaults first, there's a few login_ settings defined in it
which need to be checked before trying to feed it to login
handler.. */
error = parse_setting_from_defs(settings_pool, setting_defs,
set, key, value);
if (error == NULL)
return NULL;
if (strcmp(key, "auth") == 0)
return parse_new_auth(set, value);
if (strncmp(key, "auth_", 5) == 0) {
if (set->auths == NULL)
return "Authentication process name not defined yet";
return parse_setting_from_defs(settings_pool, auth_setting_defs,
set->auths, key + 5, value);
}
if (strcmp(key, "login") == 0)
return parse_new_login(set, value);
if (strncmp(key, "login_", 6) == 0) {
if (set->logins == NULL)
return "Login process name not defined yet";
return parse_setting_from_defs(settings_pool,
login_setting_defs,
set->logins, key + 6, value);
}
return error;
}
void master_settings_read(const char *path)
{
p_clear(settings_pool);
set = p_new(settings_pool, struct settings, 1);
*set = default_settings;
settings_read(path, parse_setting, set);
settings_verify(set);
}
void master_settings_init(void)
{
settings_pool = pool_alloconly_create("settings", 1024);
}
void master_settings_deinit(void)
{
pool_unref(settings_pool);
}