From: Timo Sirainen <timo.sirainen@open-xchange.com>
Date: Mon, 9 Jan 2023 14:29:38 +0000 (+0200)
Subject: lib-master, config: Ignore SSL server settings when executing doveconf via doveadm
X-Git-Tag: 2.4.0~3049
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=310f9fac3abe5e9889262bd679af67343c8b4af0;p=thirdparty%2Fdovecot%2Fcore.git

lib-master, config: Ignore SSL server settings when executing doveconf via doveadm

This is just a temporary kludge to allow running doveadm (as non-root) when
SSL cert/key files aren't readable. Changes later on fix this properly.
---

diff --git a/src/config/config-parser-private.h b/src/config/config-parser-private.h
index ec16b04050..8791404080 100644
--- a/src/config/config-parser-private.h
+++ b/src/config/config-parser-private.h
@@ -59,6 +59,7 @@ struct config_parser_context {
 	struct config_filter_context *filter;
 	bool expand_values:1;
 	bool hide_errors:1;
+	bool skip_ssl_server_settings:1; /* FIXME: temporary kludge - remove later */
 };
 
 extern void (*hook_config_parser_begin)(struct config_parser_context *ctx);
diff --git a/src/config/config-parser.c b/src/config/config-parser.c
index dc0ac0977b..eb8ed181fe 100644
--- a/src/config/config-parser.c
+++ b/src/config/config-parser.c
@@ -768,6 +768,20 @@ config_get_value(struct config_section_stack *section, const char *key,
 	return NULL;
 }
 
+static bool
+config_skip_key(struct config_parser_context *ctx, const char *key)
+{
+	if (ctx->skip_ssl_server_settings &&
+	    (strcmp(key, "ssl_cert") == 0 ||
+	     strcmp(key, "ssl_key") == 0 ||
+	     strcmp(key, "ssl_ca") == 0 ||
+	     strcmp(key, "ssl_verify_client_cert") == 0)) {
+		/* FIXME: temporary kludge - remove later */
+		return TRUE;
+	}
+	return FALSE;
+}
+
 static int config_write_keyvariable(struct config_parser_context *ctx,
 				    const char *key, const char *value,
 				    string_t *str)
@@ -915,6 +929,8 @@ void config_parser_apply_line(struct config_parser_context *ctx,
 	case CONFIG_LINE_TYPE_KEYVALUE:
 	case CONFIG_LINE_TYPE_KEYFILE:
 	case CONFIG_LINE_TYPE_KEYVARIABLE:
+		if (config_skip_key(ctx, key))
+			break;
 		str_append(ctx->str, key);
 		config_parser_check_warnings(ctx, key);
 		str_append_c(ctx->str, '=');
@@ -1000,6 +1016,8 @@ int config_parse_file(const char *path, enum config_parse_flags flags,
 	ctx.path = path;
 	ctx.hide_errors = fd == -1 ||
 		(flags & CONFIG_PARSE_FLAG_HIDE_ERRORS) != 0;
+	ctx.skip_ssl_server_settings =
+		(flags & CONFIG_PARSE_FLAG_SKIP_SSL_SERVER) != 0;
 
 	for (count = 0; all_roots[count] != NULL; count++) ;
 	ctx.root_parsers =
diff --git a/src/config/config-parser.h b/src/config/config-parser.h
index 819c65fce2..95984b0e60 100644
--- a/src/config/config-parser.h
+++ b/src/config/config-parser.h
@@ -8,6 +8,7 @@
 enum config_parse_flags {
 	CONFIG_PARSE_FLAG_EXPAND_VALUES	= BIT(0),
 	CONFIG_PARSE_FLAG_HIDE_ERRORS	= BIT(1),
+	CONFIG_PARSE_FLAG_SKIP_SSL_SERVER = BIT(2), /* FIXME: temporary kludge - remove later */
 };
 
 struct config_module_parser {
diff --git a/src/config/doveconf.c b/src/config/doveconf.c
index 6d78bd2e10..62f507f1a4 100644
--- a/src/config/doveconf.c
+++ b/src/config/doveconf.c
@@ -974,6 +974,10 @@ int main(int argc, char *argv[])
 		flags |= CONFIG_PARSE_FLAG_EXPAND_VALUES;
 	if (disable_check_settings)
 		flags |= CONFIG_PARSE_FLAG_HIDE_ERRORS;
+	if (null_strcmp(getenv("DOVECONF_SERVICE"), "doveadm") == 0) {
+		/* FIXME: temporary kludge - remove later */
+		flags |= CONFIG_PARSE_FLAG_SKIP_SSL_SERVER;
+	}
 	if ((ret = config_parse_file(dump_defaults ? NULL : config_path,
 				     flags, &error)) == 0 &&
 	    access(EXAMPLE_CONFIG_DIR, X_OK) == 0) {