1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
|
/* Copyright (c) 2015-2018 Dovecot authors, see the included COPYING file */
#include "lib.h"
#include "str.h"
#include "array.h"
#include "settings-parser.h"
#include "master-service.h"
#include "master-service-settings.h"
#include "mail-crypt-common.h"
#include "mail-crypt-key.h"
#include "fs-crypt-settings.h"
static const struct fs_crypt_settings *
fs_crypt_load_settings(void)
{
static const struct setting_parser_info *set_roots[] = {
&fs_crypt_setting_parser_info,
NULL
};
struct master_service_settings_input input;
struct master_service_settings_output output;
const char *error;
i_zero(&input);
input.roots = set_roots;
input.module = "fs-crypt";
input.service = "fs-crypt";
if (master_service_settings_read(master_service, &input,
&output, &error) < 0)
i_fatal("Error reading configuration: %s", error);
return master_service_settings_get_others(master_service)[0];
}
static
const char *mail_crypt_plugin_getenv(const struct fs_crypt_settings *set,
const char *name)
{
const char *const *envs;
unsigned int i, count;
if (set == NULL)
return NULL;
if (!array_is_created(&set->plugin_envs))
return NULL;
envs = array_get(&set->plugin_envs, &count);
for (i = 0; i < count; i += 2) {
if (strcmp(envs[i], name) == 0)
return envs[i+1];
}
return NULL;
}
static int
mail_crypt_load_global_private_keys(const struct fs_crypt_settings *set,
const char *set_prefix,
struct mail_crypt_global_keys *global_keys,
const char **error_r)
{
string_t *set_key = t_str_new(64);
str_append(set_key, set_prefix);
str_append(set_key, "_private_key");
size_t prefix_len = str_len(set_key);
unsigned int i = 1;
const char *key_data;
while ((key_data = mail_crypt_plugin_getenv(set, str_c(set_key))) != NULL) {
const char *set_pw = t_strconcat(str_c(set_key), "_password", NULL);
const char *password = mail_crypt_plugin_getenv(set, set_pw);
if (mail_crypt_load_global_private_key(str_c(set_key), key_data,
set_pw, password,
global_keys, error_r) < 0)
return -1;
str_truncate(set_key, prefix_len);
str_printfa(set_key, "%u", ++i);
}
return 0;
}
int mail_crypt_global_keys_load_pluginenv(const char *set_prefix,
struct mail_crypt_global_keys *global_keys_r,
const char **error_r)
{
const struct fs_crypt_settings *set = fs_crypt_load_settings();
const char *set_key = t_strconcat(set_prefix, "_public_key", NULL);
const char *key_data = mail_crypt_plugin_getenv(set, set_key);
int ret = 0;
mail_crypt_global_keys_init(global_keys_r);
if (key_data != NULL) {
if (mail_crypt_load_global_public_key(set_key, key_data,
global_keys_r, error_r) < 0)
ret = -1;
}
if (ret == 0 &&
mail_crypt_load_global_private_keys(set, set_prefix, global_keys_r,
error_r) < 0)
ret = -1;
if (ret != 0)
mail_crypt_global_keys_free(global_keys_r);
return ret;
}
|
