#!/bin/sh
#
# $NetBSD: qmailofmipd.sh,v 1.27 2021/01/14 15:42:36 schmonz Exp $
#
# qmail-run-20240206 script to control ofmipd (SMTP submission service).
#

# PROVIDE: qmailofmipd mail
# REQUIRE: qmailsend

name="qmailofmipd"

# User-settable rc.conf variables and their default values:
: ${qmailofmipd_postenv:=""}
: ${qmailofmipd_datalimit:="360000000"}
: ${qmailofmipd_pretcpserver:=""}
: ${qmailofmipd_tcpserver:="/usr/pkg/bin/sslserver"}
: ${qmailofmipd_tcpflags:="-ne -vRl0"}
: ${qmailofmipd_tcphost:=":0"}
: ${qmailofmipd_tcpport:="587"}
: ${qmailofmipd_tcprules:="/usr/pkg/etc/qmail/control/tcprules/ofmip"}
: ${qmailofmipd_autocdb:="YES"}
: ${qmailofmipd_precheckpassword:="/usr/pkg/bin/authup smtp"}
: ${qmailofmipd_checkpassword:="/usr/pkg/bin/nbcheckpassword"}
: ${qmailofmipd_preofmipd:="/usr/pkg/bin/checknotroot /usr/pkg/bin/fixsmtpio"}
: ${qmailofmipd_ofmipdcmd:="/usr/pkg/bin/ofmipd-with-user-cdb"}
: ${qmailofmipd_postofmipd:=""}
: ${qmailofmipd_log:="YES"}
: ${qmailofmipd_logcmd:="logger -t nbqmail/ofmipd -p mail.info"}
: ${qmailofmipd_nologcmd:="/usr/pkg/bin/multilog -*"}
: ${qmailofmipd_tls:="auto"}
: ${qmailofmipd_tls_dhparams:="/usr/pkg/etc/qmail/control/dh2048.pem"}
: ${qmailofmipd_tls_cert:="/usr/pkg/etc/qmail/control/servercert.pem"}
: ${qmailofmipd_tls_key:="/usr/pkg/etc/qmail/control/serverkey.pem"}

if [ -f /etc/rc.subr ]; then
	. /etc/rc.subr
fi

rcvar=${name}
required_files="/usr/pkg/etc/qmail/control/me"
required_files="${required_files} /usr/pkg/etc/qmail/control/concurrencysubmission"
required_files="${required_files} /usr/pkg/etc/qmail/control/rcpthosts"
required_files="${required_files} /usr/pkg/etc/qmail/control/smtpcapabilities"
required_files="${required_files} /usr/pkg/etc/qmail/control/fixsmtpio"
required_files="${required_files} ${qmailofmipd_tcprules}"
command="${qmailofmipd_tcpserver}"
procname=nb${name}
start_precmd="qmailofmipd_precmd"
extra_commands="stat pause cont cdb reload"
stat_cmd="qmailofmipd_stat"
pause_cmd="qmailofmipd_pause"
cont_cmd="qmailofmipd_cont"
cdb_cmd="qmailofmipd_cdb"
reload_cmd=${cdb_cmd}

qmailofmipd_configure_tls() {
	if [ "auto" = "${qmailofmipd_tls}" ]; then
		if [ -f "${qmailofmipd_tls_cert}" ]; then
			qmailofmipd_enable_tls
		else
			qmailofmipd_disable_tls
		fi
	elif [ -f /etc/rc.subr ] && checkyesno qmailofmipd_tls; then
		qmailofmipd_enable_tls
	else
		qmailofmipd_disable_tls
	fi
}

qmailofmipd_disable_tls() {
	qmailofmipd_postenv="DISABLETLS=1 ${qmailofmipd_postenv}"
}

qmailofmipd_enable_tls() {
	qmailofmipd_postenv="CADIR=@SSLDIR@/certs ${qmailofmipd_postenv}"
	qmailofmipd_postenv="SSL_UID=$(/usr/bin/id -u ucspissl) ${qmailofmipd_postenv}"
	qmailofmipd_postenv="SSL_GID=$(/usr/bin/id -g ucspissl) ${qmailofmipd_postenv}"
	qmailofmipd_postenv="DHFILE=${qmailofmipd_tls_dhparams} ${qmailofmipd_postenv}"
	qmailofmipd_postenv="CERTFILE=${qmailofmipd_tls_cert} ${qmailofmipd_postenv}"
	if [ -n "${qmailofmipd_tls_key}" -a ! -f "${qmailofmipd_tls_key}" ]; then
		openssl rsa -in ${qmailofmipd_tls_cert} -out ${qmailofmipd_tls_key}
		/bin/chmod 640 ${qmailofmipd_tls_key}
	fi
	qmailofmipd_postenv="KEYFILE=${qmailofmipd_tls_key} ${qmailofmipd_postenv}"
}

qmailofmipd_precmd() {
	if [ -f /etc/rc.subr ] && ! checkyesno qmailofmipd_log; then
		qmailofmipd_logcmd=${qmailofmipd_nologcmd}
	fi
	qmailofmipd_configure_tls
	if [ -f /etc/rc.subr ] && checkyesno qmailofmipd_autocdb; then
		qmailofmipd_needcdb && qmailofmipd_cdb
	fi
	# tcpserver(1) is akin to inetd(8), but runs one service per process.
	# We want to signal only the tcpserver process responsible for this
	# service. Use argv0(1) to set procname to "nbqmailofmipd".
	command="/usr/pkg/bin/pgrphack /usr/bin/env - ${qmailofmipd_postenv} \
/usr/pkg/bin/softlimit -m ${qmailofmipd_datalimit} ${qmailofmipd_pretcpserver} \
/usr/pkg/bin/argv0 ${qmailofmipd_tcpserver} ${procname} \
${qmailofmipd_tcpflags} -x ${qmailofmipd_tcprules}.cdb \
-c `/usr/bin/head -1 /usr/pkg/etc/qmail/control/concurrencysubmission` \
${qmailofmipd_tcphost} ${qmailofmipd_tcpport} \
${qmailofmipd_precheckpassword} ${qmailofmipd_checkpassword} \
${qmailofmipd_preofmipd} ${qmailofmipd_ofmipdcmd} ${qmailofmipd_postofmipd} \
2>&1 | \
/usr/pkg/bin/pgrphack /usr/pkg/bin/setuidgid qmaill ${qmailofmipd_logcmd}"
	command_args="&"
	rc_flags=""
}

qmailofmipd_stat() {
	run_rc_command status
}

qmailofmipd_pause() {
	if ! statusmsg=`run_rc_command status`; then
		echo $statusmsg
		return 1
	fi
	echo "Pausing ${name}."
	kill -STOP $rc_pid
}

qmailofmipd_cont() {
	if ! statusmsg=`run_rc_command status`; then
		echo $statusmsg
		return 1
	fi
	echo "Continuing ${name}."
	kill -CONT $rc_pid
}

qmailofmipd_needcdb() {
	_src=${qmailofmipd_tcprules}
	_dst=${qmailofmipd_tcprules}.cdb
	[ -f "${_src}" -a "${_src}" -nt "${_dst}" ] || [ ! -f "${_dst}" ]
}

qmailofmipd_cdb() {
	echo "Reloading ${qmailofmipd_tcprules}."
	/usr/pkg/bin/tcprules ${qmailofmipd_tcprules}.cdb ${qmailofmipd_tcprules}.tmp < ${qmailofmipd_tcprules}
	/bin/chmod 644 ${qmailofmipd_tcprules}.cdb
}

if [ -f /etc/rc.subr ]; then
	load_rc_config $name
	run_rc_command "$1"
else
	echo -n " ${name}"
	qmailofmipd_precmd
	eval ${command} ${qmailofmipd_flags} ${command_args}
fi
