void smtp_tls_list_init(void)
{
if (*var_smtp_tls_policy) {
tls_policy = maps_create(SMTP_X(TLS_POLICY), var_smtp_tls_policy,
DICT_FLAG_LOCK | DICT_FLAG_FOLD_FIX);
if (*var_smtp_tls_per_site)
msg_warn("%s ignored when %s is not empty.",
SMTP_X(TLS_PER_SITE), SMTP_X(TLS_POLICY));
return;
}
if (*var_smtp_tls_per_site) {
tls_per_site = maps_create(SMTP_X(TLS_PER_SITE), var_smtp_tls_per_site,
DICT_FLAG_LOCK | DICT_FLAG_FOLD_FIX);
}
}
void smtp_sasl_initialize(void)
{
/*
* Sanity check.
*/
if (smtp_sasl_passwd_map || smtp_sasl_impl)
msg_panic("smtp_sasl_initialize: repeated call");
if (*var_smtp_sasl_passwd == 0)
msg_fatal("specify a password table via the `%s' configuration parameter",
SMTP_X(SASL_PASSWD));
/*
* Open the per-host password table and initialize the SASL library. Use
* shared locks for reading, just in case someone updates the table.
*/
smtp_sasl_passwd_map = maps_create("smtp_sasl_passwd",
var_smtp_sasl_passwd,
DICT_FLAG_LOCK | DICT_FLAG_FOLD_FIX);
if ((smtp_sasl_impl = xsasl_client_init(var_smtp_sasl_type,
var_smtp_sasl_path)) == 0)
msg_fatal("SASL library initialization");
/*
* Initialize optional supported mechanism matchlist
*/
if (*var_smtp_sasl_mechs)
smtp_sasl_mechs = string_list_init(MATCH_FLAG_NONE,
var_smtp_sasl_mechs);
/*
* Initialize the 535 SASL authentication failure cache.
*/
if (*var_smtp_sasl_auth_cache_name) {
#ifdef HAVE_SASL_AUTH_CACHE
smtp_sasl_auth_cache =
smtp_sasl_auth_cache_init(var_smtp_sasl_auth_cache_name,
var_smtp_sasl_auth_cache_time);
#else
msg_warn("not compiled with TLS support -- "
"ignoring the %s setting", SMTP_X(SASL_AUTH_CACHE_NAME));
#endif
}
}
static void post_init(char *unused_name, char **unused_argv)
{
static const NAME_MASK lookup_masks[] = {
SMTP_HOST_LOOKUP_DNS, SMTP_HOST_FLAG_DNS,
SMTP_HOST_LOOKUP_NATIVE, SMTP_HOST_FLAG_NATIVE,
0,
};
static const NAME_MASK dns_res_opt_masks[] = {
SMTP_DNS_RES_OPT_DEFNAMES, RES_DEFNAMES,
SMTP_DNS_RES_OPT_DNSRCH, RES_DNSRCH,
0,
};
static const NAME_CODE dns_support[] = {
SMTP_DNS_SUPPORT_DISABLED, SMTP_DNS_DISABLED,
SMTP_DNS_SUPPORT_ENABLED, SMTP_DNS_ENABLED,
#if (RES_USE_DNSSEC != 0) && (RES_USE_EDNS0 != 0)
SMTP_DNS_SUPPORT_DNSSEC, SMTP_DNS_DNSSEC,
#endif
0, SMTP_DNS_INVALID,
};
if (*var_smtp_dns_support == 0) {
/* Backwards compatible empty setting */
smtp_dns_support =
var_disable_dns ? SMTP_DNS_DISABLED : SMTP_DNS_ENABLED;
} else {
smtp_dns_support =
name_code(dns_support, NAME_CODE_FLAG_NONE, var_smtp_dns_support);
if (smtp_dns_support == SMTP_DNS_INVALID)
msg_fatal("invalid %s: \"%s\"", SMTP_X(DNS_SUPPORT),
var_smtp_dns_support);
var_disable_dns = (smtp_dns_support == SMTP_DNS_DISABLED);
}
/*
* Select hostname lookup mechanisms.
*/
if (smtp_dns_support == SMTP_DNS_DISABLED)
smtp_host_lookup_mask = SMTP_HOST_FLAG_NATIVE;
else
smtp_host_lookup_mask =
name_mask(SMTP_X(HOST_LOOKUP), lookup_masks, var_smtp_host_lookup);
if (msg_verbose)
msg_info("host name lookup methods: %s",
str_name_mask(SMTP_X(HOST_LOOKUP), lookup_masks,
smtp_host_lookup_mask));
/*
* Session cache instance.
*/
if (*var_smtp_cache_dest || var_smtp_cache_demand)
#if 0
smtp_scache = scache_multi_create();
#else
smtp_scache = scache_clnt_create(var_scache_service,
var_scache_proto_tmout,
var_ipc_idle_limit,
var_ipc_ttl_limit);
#endif
/*
* Select DNS query flags.
*/
smtp_dns_res_opt = name_mask(SMTP_X(DNS_RES_OPT), dns_res_opt_masks,
var_smtp_dns_res_opt);
}
static void pre_init(char *unused_name, char **unused_argv)
{
int use_tls;
static const NAME_CODE addr_pref_map[] = {
INET_PROTO_NAME_IPV6, SMTP_MISC_FLAG_PREF_IPV6,
INET_PROTO_NAME_IPV4, SMTP_MISC_FLAG_PREF_IPV4,
INET_PROTO_NAME_ANY, 0,
0, -1,
};
/*
* Turn on per-peer debugging.
*/
debug_peer_init();
/*
* SASL initialization.
*/
if (var_smtp_sasl_enable)
#ifdef USE_SASL_AUTH
smtp_sasl_initialize();
#else
msg_warn("%s is true, but SASL support is not compiled in",
SMTP_X(SASL_ENABLE));
#endif
if (*var_smtp_tls_level != 0)
#ifdef USE_TLS
switch (tls_level_lookup(var_smtp_tls_level)) {
case TLS_LEV_SECURE:
case TLS_LEV_VERIFY:
case TLS_LEV_DANE_ONLY:
case TLS_LEV_FPRINT:
case TLS_LEV_ENCRYPT:
var_smtp_use_tls = var_smtp_enforce_tls = 1;
break;
case TLS_LEV_DANE:
case TLS_LEV_MAY:
var_smtp_use_tls = 1;
var_smtp_enforce_tls = 0;
break;
case TLS_LEV_NONE:
var_smtp_use_tls = var_smtp_enforce_tls = 0;
break;
default:
/* tls_level_lookup() logs no warning. */
/* session_tls_init() assumes that var_smtp_tls_level is sane. */
msg_fatal("Invalid TLS level \"%s\"", var_smtp_tls_level);
}
#endif
use_tls = (var_smtp_use_tls || var_smtp_enforce_tls);
/*
* Initialize the TLS data before entering the chroot jail
*/
if (use_tls || var_smtp_tls_per_site[0] || var_smtp_tls_policy[0]) {
#ifdef USE_TLS
TLS_CLIENT_INIT_PROPS props;
/*
* We get stronger type safety and a cleaner interface by combining
* the various parameters into a single tls_client_props structure.
*
* Large parameter lists are error-prone, so we emulate a language
* feature that C does not have natively: named parameter lists.
*/
smtp_tls_ctx =
TLS_CLIENT_INIT(&props,
log_param = SMTP_X(TLS_LOGLEVEL),
log_level = var_smtp_tls_loglevel,
verifydepth = var_smtp_tls_scert_vd,
cache_type = X_SMTP(TLS_MGR_SCACHE),
cert_file = var_smtp_tls_cert_file,
key_file = var_smtp_tls_key_file,
dcert_file = var_smtp_tls_dcert_file,
dkey_file = var_smtp_tls_dkey_file,
eccert_file = var_smtp_tls_eccert_file,
eckey_file = var_smtp_tls_eckey_file,
CAfile = var_smtp_tls_CAfile,
CApath = var_smtp_tls_CApath,
mdalg = var_smtp_tls_fpt_dgst);
smtp_tls_list_init();
#else
msg_warn("TLS has been selected, but TLS support is not compiled in");
#endif
}
/*
* Flush client.
*/
flush_init();
/*
* Session cache domain list.
*/
if (*var_smtp_cache_dest)
smtp_cache_dest = string_list_init(MATCH_FLAG_RETURN, var_smtp_cache_dest);
/*
* EHLO keyword filter.
*/
if (*var_smtp_ehlo_dis_maps)
smtp_ehlo_dis_maps = maps_create(SMTP_X(EHLO_DIS_MAPS),
var_smtp_ehlo_dis_maps,
DICT_FLAG_LOCK);
/*
* PIX bug workarounds.
*/
if (*var_smtp_pix_bug_maps)
smtp_pix_bug_maps = maps_create(SMTP_X(PIX_BUG_MAPS),
var_smtp_pix_bug_maps,
DICT_FLAG_LOCK);
/*
* Generic maps.
*/
if (*var_prop_extension)
smtp_ext_prop_mask =
ext_prop_mask(VAR_PROP_EXTENSION, var_prop_extension);
if (*var_smtp_generic_maps)
smtp_generic_maps =
maps_create(SMTP_X(GENERIC_MAPS), var_smtp_generic_maps,
DICT_FLAG_LOCK | DICT_FLAG_FOLD_FIX);
/*
* Header/body checks.
*/
smtp_header_checks = hbc_header_checks_create(
SMTP_X(HEAD_CHKS), var_smtp_head_chks,
SMTP_X(MIME_CHKS), var_smtp_mime_chks,
SMTP_X(NEST_CHKS), var_smtp_nest_chks,
smtp_hbc_callbacks);
smtp_body_checks = hbc_body_checks_create(
SMTP_X(BODY_CHKS), var_smtp_body_chks,
smtp_hbc_callbacks);
/*
* Server reply filter.
*/
if (*var_smtp_resp_filter)
smtp_chat_resp_filter =
dict_open(var_smtp_resp_filter, O_RDONLY,
DICT_FLAG_LOCK | DICT_FLAG_FOLD_FIX);
/*
* Address family preference.
*/
if (*var_smtp_addr_pref) {
smtp_addr_pref = name_code(addr_pref_map, NAME_CODE_FLAG_NONE,
var_smtp_addr_pref);
if (smtp_addr_pref < 0)
msg_fatal("bad %s value: %s", SMTP_X(ADDR_PREF), var_smtp_addr_pref);
}
}
