#!/bin/sh
#
# $NetBSD: bincimapd.sh,v 1.2 2024/02/28 04:14:16 schmonz Exp $
#

# PROVIDE: bincimapd mail

name="bincimapd"

# User-settable rc.conf variables and their default values:
: ${bincimapd_postenv:="VERBOSE_GREETING=yes"}
: ${bincimapd_datalimit:="180000000"}
: ${bincimapd_pretcpserver:=""}
: ${bincimapd_tcpserver:="/usr/pkg/bin/sslserver"}
: ${bincimapd_tcpflags:="-ne -vRl0"}
: ${bincimapd_tcphost:=":0"}
: ${bincimapd_tcpport:="993"}
: ${bincimapd_precheckpassword:="/usr/pkg/bin/bincimap-up --"}
: ${bincimapd_checkpassword:="/usr/pkg/bin/nbcheckpassword"}
: ${bincimapd_preimapd:="/usr/pkg/bin/checknotroot"}
: ${bincimapd_imapdcmd:="/usr/pkg/bin/bincimapd"}
: ${bincimapd_postimapd:="Maildir"}
: ${bincimapd_log:="YES"}
: ${bincimapd_logcmd:="logger -t bincimap -p mail.info"}
: ${bincimapd_nologcmd:="/usr/pkg/bin/multilog -*"}
: ${bincimapd_tls:="YES"}
: ${bincimapd_tls_dhparams:="/usr/pkg/etc/bincimap/certs/dh2048.pem"}
: ${bincimapd_tls_cert:="/usr/pkg/etc/bincimap/certs/servercert.pem"}
: ${bincimapd_tls_key:="/usr/pkg/etc/bincimap/certs/serverkey.pem"}

if [ -f /etc/rc.subr ]; then
	. /etc/rc.subr
fi

rcvar=${name}
command="${bincimapd_tcpserver}"
procname=nb${name}
start_precmd="bincimapd_precmd"

bincimapd_configure_tls() {
	if [ "auto" = "${bincimapd_tls}" ]; then
		if [ -f "${bincimapd_tls_cert}" ]; then
			bincimapd_enable_tls
		else
			bincimapd_disable_tls
		fi
	elif [ -f /etc/rc.subr ] && checkyesno bincimapd_tls; then
		bincimapd_enable_tls
	else
		bincimapd_disable_tls
	fi
}

bincimapd_disable_tls() {
	bincimapd_postenv="ALLOW_NONSSL_PLAINTEXT_LOGINS=yes ${bincimapd_postenv}"
}

bincimapd_enable_tls() {
	bincimapd_postenv="CADIR=/etc/openssl/certs ${bincimapd_postenv}"
	bincimapd_postenv="SSL_UID=$(/usr/bin/id -u ucspissl) ${bincimapd_postenv}"
	bincimapd_postenv="SSL_GID=$(/usr/bin/id -g ucspissl) ${bincimapd_postenv}"
	bincimapd_postenv="DHFILE=${bincimapd_tls_dhparams} ${bincimapd_postenv}"
	bincimapd_postenv="CERTFILE=${bincimapd_tls_cert} ${bincimapd_postenv}"
	if [ -n "${bincimapd_tls_key}" -a ! -f "${bincimapd_tls_key}" ]; then
		/usr/bin/openssl rsa -in ${bincimapd_tls_cert} -out ${bincimapd_tls_key}
		/bin/chmod 640 ${bincimapd_tls_key}
	fi
	bincimapd_postenv="KEYFILE=${bincimapd_tls_key} ${bincimapd_postenv}"
}


bincimapd_precmd() {
	if [ -f /etc/rc.subr ] && ! checkyesno bincimapd_log; then
		bincimapd_logcmd=${bincimapd_nologcmd}
	fi
	bincimapd_configure_tls
	# tcpserver(1) is akin to inetd(8), but runs one service per process.
	# We want to signal only the tcpserver process responsible for this
	# service. Use argv0(1) to set procname to "nbbincimapd".
	command="/usr/pkg/bin/pgrphack /usr/bin/env - ${bincimapd_postenv} \
/usr/pkg/bin/softlimit -m ${bincimapd_datalimit} ${bincimapd_pretcpserver} \
/usr/pkg/bin/argv0 ${bincimapd_tcpserver} ${procname} \
${bincimapd_tcpflags} \
-u bincimap -g bincimap \
${bincimapd_tcphost} ${bincimapd_tcpport} \
${bincimapd_precheckpassword} ${bincimapd_checkpassword} \
${bincimapd_preimapd} ${bincimapd_imapdcmd} ${bincimapd_postimapd} \
2>&1 | \
/usr/pkg/bin/pgrphack /usr/pkg/bin/setuidgid binclog ${bincimapd_logcmd}"
	command_args="&"
	rc_flags=""
}

if [ -f /etc/rc.subr ]; then
	load_rc_config $name
	run_rc_command "$1"
else
	echo -n " ${name}"
	bincimapd_precmd
	eval ${command} ${bincimapd_flags} ${command_args}
fi
