* libcfg/acl.c (getword): Bugfix.

* maidag/lmtp.c, maidag/maidag.c, maidag/maidag.h: Use ACLs.
* pop3d/pop3d.c (pop3d_cfg_param): Add acl section.

+2007-12-15  Sergey Poznyakoff  <gray@gnu.org.ua>
+
+	* libcfg/acl.c (getword): Bugfix.
+	* maidag/lmtp.c, maidag/maidag.c, maidag/maidag.h: Use ACLs.
+	* pop3d/pop3d.c (pop3d_cfg_param): Add acl section.
+
 2007-12-13  Sergey Poznyakoff  <gray@gnu.org.ua>
 
 	* examples/aclck.c, examples/addr.c, examples/base64.c,

@@ -47,7 +47,8 @@ getword (char **parg)
     {
       while (*arg && !ISSPACE (*arg))
 	arg++;
-      *arg++ = 0;
+      if (*arg)
+	*arg++ = 0;
     }
   *parg = arg;
   return word;

@@ -771,14 +771,41 @@ check_connection (int fd, all_addr_t *addr, socklen_t addrlen)
       break;
       
     case PF_INET:
+      if (maidag_acl)
+	{
+	  mu_acl_result_t res;
+	  int rc = mu_acl_check_sockaddr (maidag_acl, &addr->sa, addrlen,
+					  &res);
+	  if (rc)
+	    {
+	      mu_error (_("Access from %s blocked: cannot check ACLs: %s"),
+			inet_ntoa (addr->s_in.sin_addr), mu_strerror (rc));
+	      return 1;
+	    }
+	  switch (res)
+	    {
+	    case mu_acl_result_undefined:
+	      mu_diag_output (MU_DIAG_INFO,
+			      _("%s: undefined ACL result; access allowed"),
+			      inet_ntoa (addr->s_in.sin_addr));
+	      break;
+	  
+	    case mu_acl_result_accept:
+	      break;
+	      
+	    case mu_acl_result_deny:
+	      mu_error (_("Access from %s blocked."),
+			inet_ntoa (addr->s_in.sin_addr));
+	      return 1;
+	    }
+	}
+  
       if (!mu_tcpwrapper_access (fd))
 	{
-	  mu_error (_("Access from %s blocked."),
+	  mu_error (_("Access from %s blocked by tcp wrappers."),
 		    inet_ntoa (addr->s_in.sin_addr));
 	  return 1;
 	}
-      mu_diag_output (MU_DIAG_INFO, _("connect from %s"),
-		      inet_ntoa (addr->s_in.sin_addr));
     }
   return 0;
 }

@@ -47,6 +47,7 @@ int lmtp_mode;
 char *lmtp_url_string;
 int reuse_lmtp_address = 1;
 char *lmtp_group = "mail";
+mu_acl_t maidag_acl; /* ACLs for LMTP mode */
 
 struct mu_gocs_daemon daemon_param = {
   MODE_INTERACTIVE,     /* Start in interactive (inetd) mode */
@@ -290,6 +291,7 @@ struct mu_cfg_param maidag_cfg_param[] = {
     N_("url") },
   { "reuse-address", mu_cfg_bool, &reuse_lmtp_address, 0, NULL,
     N_("Reuse existing address (LMTP mode).  Default is \"yes\".") },
+  { "acl", mu_cfg_section, },
   TCP_WRAPPERS_CONFIG
   { NULL }
 };
@@ -459,11 +461,12 @@ main (int argc, char *argv[])
   mu_gocs_daemon = daemon_param;
     
   mu_tcpwrapper_cfg_init ();
+  mu_acl_cfg_init ();
 
   /* Parse command line */
   mu_argp_init (program_version, NULL);
   if (mu_app_init (&argp, maidag_argp_capa, maidag_cfg_param, 
-		   argc, argv, 0, &arg_index, NULL))
+		   argc, argv, 0, &arg_index, &maidag_acl))
     exit (EX_CONFIG);
 
   current_uid = getuid ();
@@ -478,6 +481,12 @@ main (int argc, char *argv[])
       openlog ("maidag", LOG_PID, log_facility);
       mu_diag_get_debug (&debug);
       mu_debug_set_print (debug, mu_diag_syslog_printer, NULL);
+      /* FIXME: this should be done automatically by cfg */
+      if (maidag_acl)
+	{
+	  mu_acl_get_debug (maidag_acl, &debug);
+	  mu_debug_set_print (debug, mu_debug_syslog_printer, NULL);
+	}
     }
   
   argc -= arg_index;

@@ -83,6 +83,7 @@
 #include <mailutils/libsieve.h>
 #include <mailutils/nls.h>
 #include <mailutils/daemon.h>
+#include <mailutils/acl.h>
 
 #include <mu_dbm.h>
 #include <mu_asprintf.h>
@@ -123,6 +124,7 @@ extern int lmtp_mode;
 extern char *lmtp_url_string;
 extern int reuse_lmtp_address;
 extern char *lmtp_group;
+extern mu_acl_t maidag_acl;
 
 void close_fds (void);
 int switch_user_id (struct mu_auth_data *auth, int user);

@@ -161,6 +161,7 @@ static struct mu_cfg_param pop3d_cfg_param[] = {
     N_("Set the bulletin database file name."),
     N_("file") },
 #endif
+  { "acl", mu_cfg_section, },
   TCP_WRAPPERS_CONFIG
   { NULL }
 };