-/*************************************************
-* Drop privs for checking TLS config *
-*************************************************/
-
-/* We want to validate TLS options during readconf, but do not want to be
-root when we call into the TLS library, in case of library linkage errors
-which cause segfaults; before this check, those were always done as the Exim
-runtime user and it makes sense to continue with that.
-
-Assumes: tls_require_ciphers has been set, if it will be
- exim_user has been set, if it will be
- exim_group has been set, if it will be
-
-Returns: bool for "okay"; false will cause caller to immediately exit.
-*/
-
-#ifdef SUPPORT_TLS
-static BOOL
-tls_dropprivs_validate_require_cipher(BOOL nowarn)
-{
-const uschar *errmsg;
-pid_t pid;
-int rc, status;
-void (*oldsignal)(int);
-
-/* If TLS will never be used, no point checking ciphers */
-
-if ( !tls_advertise_hosts
- || !*tls_advertise_hosts
- || Ustrcmp(tls_advertise_hosts, ":") == 0
- )
- return TRUE;
-else if (!nowarn && !tls_certificate)
- log_write(0, LOG_MAIN,
- "Warning: No server certificate defined; will use a selfsigned one.\n"
- " Suggested action: either install a certificate or change tls_advertise_hosts option");
-
-oldsignal = signal(SIGCHLD, SIG_DFL);
-
-fflush(NULL);
-if ((pid = fork()) < 0)
- log_write(0, LOG_MAIN|LOG_PANIC_DIE, "fork failed for TLS check");
-
-if (pid == 0)
- {
- /* in some modes, will have dropped privilege already */
- if (!geteuid())
- exim_setugid(exim_uid, exim_gid, FALSE,
- US"calling tls_validate_require_cipher");
-
- errmsg = tls_validate_require_cipher();
- if (errmsg)
- {
- log_write(0, LOG_PANIC_DIE|LOG_CONFIG,
- "tls_require_ciphers invalid: %s", errmsg);
- }
- fflush(NULL);
- _exit(0);
- }
-
-do {
- rc = waitpid(pid, &status, 0);
-} while (rc < 0 && errno == EINTR);
-
-DEBUG(D_tls)
- debug_printf("tls_validate_require_cipher child %d ended: status=0x%x\n",
- (int)pid, status);
-
-signal(SIGCHLD, oldsignal);
-
-return status == 0;
-}
-#endif /* SUPPORT_TLS */
-
-
-
-
-/*************************************************/
-/* Create compile-time feature macros */
-void
-readconf_features(void)
-{
-/* Probably we could work out a static initialiser for wherever
-macros are stored, but this will do for now. Some names are awkward
-due to conflicts with other common macros. */
-
-#ifdef SUPPORT_CRYPTEQ
- macro_create(US"_HAVE_CRYPTEQ", US"y", FALSE);
-#endif
-#if HAVE_ICONV
- macro_create(US"_HAVE_ICONV", US"y", FALSE);
-#endif
-#if HAVE_IPV6
- macro_create(US"_HAVE_IPV6", US"y", FALSE);
-#endif
-#ifdef HAVE_SETCLASSRESOURCES
- macro_create(US"_HAVE_SETCLASSRESOURCES", US"y", FALSE);
-#endif
-#ifdef SUPPORT_PAM
- macro_create(US"_HAVE_PAM", US"y", FALSE);
-#endif
-#ifdef EXIM_PERL
- macro_create(US"_HAVE_PERL", US"y", FALSE);
-#endif
-#ifdef EXPAND_DLFUNC
- macro_create(US"_HAVE_DLFUNC", US"y", FALSE);
-#endif
-#ifdef USE_TCP_WRAPPERS
- macro_create(US"_HAVE_TCPWRAPPERS", US"y", FALSE);
-#endif
-#ifdef SUPPORT_TLS
- macro_create(US"_HAVE_TLS", US"y", FALSE);
-# ifdef USE_GNUTLS
- macro_create(US"_HAVE_GNUTLS", US"y", FALSE);
-# else
- macro_create(US"_HAVE_OPENSSL", US"y", FALSE);
-# endif
-#endif
-#ifdef SUPPORT_TRANSLATE_IP_ADDRESS
- macro_create(US"_HAVE_TRANSLATE_IP_ADDRESS", US"y", FALSE);
-#endif
-#ifdef SUPPORT_MOVE_FROZEN_MESSAGES
- macro_create(US"_HAVE_MOVE_FROZEN_MESSAGES", US"y", FALSE);
-#endif
-#ifdef WITH_CONTENT_SCAN
- macro_create(US"_HAVE_CONTENT_SCANNING", US"y", FALSE);
-#endif
-#ifndef DISABLE_DKIM
- macro_create(US"_HAVE_DKIM", US"y", FALSE);
-#endif
-#ifndef DISABLE_DNSSEC
- macro_create(US"_HAVE_DNSSEC", US"y", FALSE);
-#endif
-#ifndef DISABLE_EVENT
- macro_create(US"_HAVE_EVENT", US"y", FALSE);
-#endif
-#ifdef SUPPORT_I18N
- macro_create(US"_HAVE_I18N", US"y", FALSE);
-#endif
-#ifndef DISABLE_OCSP
- macro_create(US"_HAVE_OCSP", US"y", FALSE);
-#endif
-#ifndef DISABLE_PRDR
- macro_create(US"_HAVE_PRDR", US"y", FALSE);
-#endif
-#ifdef SUPPORT_PROXY
- macro_create(US"_HAVE_PROXY", US"y", FALSE);
-#endif
-#ifdef SUPPORT_SOCKS
- macro_create(US"_HAVE_SOCKS", US"y", FALSE);
-#endif
-#ifdef EXPERIMENTAL_LMDB
- macro_create(US"_HAVE_LMDB", US"y", FALSE);
-#endif
-#ifdef EXPERIMENTAL_SPF
- macro_create(US"_HAVE_SPF", US"y", FALSE);
-#endif
-#ifdef EXPERIMENTAL_SRS
- macro_create(US"_HAVE_SRS", US"y", FALSE);
-#endif
-#ifdef EXPERIMENTAL_BRIGHTMAIL
- macro_create(US"_HAVE_BRIGHTMAIL", US"y", FALSE);
-#endif
-#ifdef EXPERIMENTAL_DANE
- macro_create(US"_HAVE_DANE", US"y", FALSE);
-#endif
-#ifdef EXPERIMENTAL_DCC
- macro_create(US"_HAVE_DCC", US"y", FALSE);
-#endif
-#ifdef EXPERIMENTAL_DMARC
- macro_create(US"_HAVE_DMARC", US"y", FALSE);
-#endif
-#ifdef EXPERIMENTAL_DSN_INFO
- macro_create(US"_HAVE_DSN_INFO", US"y", FALSE);
-#endif
-
-#ifdef LOOKUP_LSEARCH
- macro_create(US"_HAVE_LKUP_LSEARCH", US"y", FALSE);
-#endif
-#ifdef LOOKUP_CDB
- macro_create(US"_HAVE_LKUP_CDB", US"y", FALSE);
-#endif
-#ifdef LOOKUP_DBM
- macro_create(US"_HAVE_LKUP_DBM", US"y", FALSE);
-#endif
-#ifdef LOOKUP_DNSDB
- macro_create(US"_HAVE_LKUP_DNSDB", US"y", FALSE);
-#endif
-#ifdef LOOKUP_DSEARCH
- macro_create(US"_HAVE_LKUP_DSEARCH", US"y", FALSE);
-#endif
-#ifdef LOOKUP_IBASE
- macro_create(US"_HAVE_LKUP_IBASE", US"y", FALSE);
-#endif
-#ifdef LOOKUP_LDAP
- macro_create(US"_HAVE_LKUP_LDAP", US"y", FALSE);
-#endif
-#ifdef EXPERIMENTAL_LMDB
- macro_create(US"_HAVE_LKUP_LMDB", US"y", FALSE);
-#endif
-#ifdef LOOKUP_MYSQL
- macro_create(US"_HAVE_LKUP_MYSQL", US"y", FALSE);
-#endif
-#ifdef LOOKUP_NIS
- macro_create(US"_HAVE_LKUP_NIS", US"y", FALSE);
-#endif
-#ifdef LOOKUP_NISPLUS
- macro_create(US"_HAVE_LKUP_NISPLUS", US"y", FALSE);
-#endif
-#ifdef LOOKUP_ORACLE
- macro_create(US"_HAVE_LKUP_ORACLE", US"y", FALSE);
-#endif
-#ifdef LOOKUP_PASSWD
- macro_create(US"_HAVE_LKUP_PASSWD", US"y", FALSE);
-#endif
-#ifdef LOOKUP_PGSQL
- macro_create(US"_HAVE_LKUP_PGSQL", US"y", FALSE);
-#endif
-#ifdef LOOKUP_REDIS
- macro_create(US"_HAVE_LKUP_REDIS", US"y", FALSE);
-#endif
-#ifdef LOOKUP_SQLITE
- macro_create(US"_HAVE_LKUP_SQLITE", US"y", FALSE);
-#endif
-#ifdef LOOKUP_TESTDB
- macro_create(US"_HAVE_LKUP_TESTDB", US"y", FALSE);
-#endif
-#ifdef LOOKUP_WHOSON
- macro_create(US"_HAVE_LKUP_WHOSON", US"y", FALSE);
-#endif
-
-#ifdef TRANSPORT_APPENDFILE
-# ifdef SUPPORT_MAILDIR
- macro_create(US"_HAVE_TPT_APPEND_MAILDR", US"y", FALSE);
-# endif
-# ifdef SUPPORT_MAILSTORE
- macro_create(US"_HAVE_TPT_APPEND_MAILSTORE", US"y", FALSE);
-# endif
-# ifdef SUPPORT_MBX
- macro_create(US"_HAVE_TPT_APPEND_MBX", US"y", FALSE);
-# endif
-#endif
-}
-
-
-void
-readconf_options_from_list(optionlist * opts, unsigned nopt, uschar * group)
-{
-int i;
-const uschar * s;
-
-/* Walk the array backwards to get substring-conflict names */
-for (i = nopt-1; i >= 0; i--) if (*(s = opts[i].name) && *s != '*')
- macro_create(string_sprintf("_OPT_%T_%T", group, s), US"y", FALSE);
-}
-
-
-void
-readconf_options(void)
-{
-readconf_options_from_list(optionlist_config, nelem(optionlist_config), US"MAIN");
-readconf_options_routers();
-readconf_options_transports();
-readconf_options_auths();
-}
-
-